| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250728145504.GAaIePSCpIIIRnc0U-@fat_crate.local>
Date: Mon, 28 Jul 2025 16:55:04 +0200
From: Borislav Petkov <bp@...en8.de>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: x86-ml <x86@...nel.org>, lkml <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] x86/bugs for v6.17-rc1
Hi Linus,
please pull the x86/bugs lineup for v6.17-rc1.
Thx.
---
The following changes since commit 8e786a85c0a3c0fffae6244733fb576eeabd9dec:
x86/process: Move the buffer clearing before MONITOR (2025-06-17 17:17:12 +0200)
are available in the Git repository at:
ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/tip/tip tags/x86_bugs_for_v6.17_rc1
for you to fetch changes up to a026dc61cffd98541e048f3c88d3280bcd105bd4:
x86/bugs: Print enabled attack vectors (2025-07-11 17:56:41 +0200)
----------------------------------------------------------------
- Untangle the Retbleed from the ITS mitigation on Intel. Allow for ITS
to enable stuffing independently from Retbleed, do some cleanups to
simplify and streamline the code
- Simplify SRSO and make mitigation types selection more versatile
depending on the Retbleed mitigation selection. Simplify code some
- Add the second part of the attack vector controls which provide a lot
friendlier user interface to the speculation mitigations than
selecting each one by one as it is now.
Instead, the selection of whole attack vectors which are relevant to
the system in use can be done and protection against only those
vectors is enabled, thus giving back some performance to the users
----------------------------------------------------------------
Borislav Petkov (AMD) (1):
Merge tag 'tsa_x86_bugs_for_6.16' into tip-x86-bugs
David Kaplan (24):
x86/bugs: Add SRSO_MITIGATION_NOSMT
x86/bugs: Use IBPB for retbleed if used by SRSO
x86/bugs: Clean up SRSO microcode handling
Documentation/x86: Document new attack vector controls
cpu: Define attack vectors
x86/Kconfig: Add arch attack vector support
x86/bugs: Define attack vectors relevant for each bug
x86/bugs: Add attack vector controls for MDS
x86/bugs: Add attack vector controls for TAA
x86/bugs: Add attack vector controls for MMIO
x86/bugs: Add attack vector controls for RFDS
x86/bugs: Add attack vector controls for SRBDS
x86/bugs: Add attack vector controls for GDS
x86/bugs: Add attack vector controls for spectre_v1
x86/bugs: Add attack vector controls for retbleed
x86/bugs: Add attack vector controls for spectre_v2_user
x86/bugs: Add attack vector controls for BHI
x86/bugs: Add attack vector controls for spectre_v2
x86/bugs: Add attack vector controls for L1TF
x86/bugs: Add attack vector controls for SRSO
x86/bugs: Add attack vector controls for ITS
x86/pti: Add attack vector controls for PTI
x86/bugs: Add attack vector controls for TSA
x86/bugs: Print enabled attack vectors
Pawan Gupta (7):
x86/bugs: Avoid AUTO after the select step in the retbleed mitigation
x86/bugs: Simplify the retbleed=stuff checks
x86/bugs: Avoid warning when overriding return thunk
x86/bugs: Use switch/case in its_apply_mitigation()
x86/bugs: Introduce cdt_possible()
x86/bugs: Remove its=stuff dependency on retbleed
x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also
.../admin-guide/hw-vuln/attack_vector_controls.rst | 238 +++++++++++
Documentation/admin-guide/hw-vuln/index.rst | 1 +
Documentation/admin-guide/kernel-parameters.txt | 4 +
arch/Kconfig | 3 +
arch/x86/Kconfig | 1 +
arch/x86/kernel/cpu/bugs.c | 465 ++++++++++++++-------
arch/x86/mm/pti.c | 4 +-
include/linux/cpu.h | 21 +
kernel/cpu.c | 130 +++++-
9 files changed, 713 insertions(+), 154 deletions(-)
create mode 100644 Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists