From: "Woodhouse, David" <dwmw@amazon.co.uk>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Jim Mattson" <jmattson@google.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
"KarimAllah Ahmed" <karahmed@amazon.de>,
gregkh@linuxfoundation.org, stable@vger.kernel.org
Subject: Re: [STABLE 4.9.y PATCH 0/9] Backport of KVM Speculation Control support
Date: Tue, 6 Feb 2018 21:05:46 +0000 [thread overview]
Message-ID: <1517951146.3677.34.camel@amazon.co.uk> (raw)
In-Reply-To: <9ea4d52a-7ae6-a179-2f86-1e7b77255387@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 8131 bytes --]
On Tue, 2018-02-06 at 19:01 +0100, Paolo Bonzini wrote:
> On 06/02/2018 18:29, David Woodhouse wrote:
> > I've put together a linux-4.9.y branch at
> > http://git.infradead.org/retpoline-stable.git/shortlog/refs/heads/linux-4.9.y
> >
> > Most of it is fairly straightforward, apart from the IBPB on context
> > switch for which Tim has already posted a candidate. I wanted some more
> > review on my backports of the KVM bits though, including some extra
> > historical patches I pulled in.
>
> Looks good! Thanks for the work,
>
> Paolo
Thanks. In that case, Greg, the full set is lined up in
http://git.infradead.org/retpoline-stable.git/shortlog/refs/heads/linux-4.9.y
or git://git.infradead.org/retpoline-stable linux-4.9.y
This matches what Linus just pulled in from tip/x86-pti-for-linus,
except that it's missing the IBPB on context switch (qv).
----------------------------------------------------------------
Andi Kleen (1):
module/retpoline: Warn about missing retpoline in module
Andy Lutomirski (3):
x86/entry/64: Remove the SYSCALL64 fast path
x86/entry/64: Push extra regs right away
x86/asm: Move 'status' from thread_struct to thread_info
Arnd Bergmann (1):
x86/pti: Mark constant arrays as __initconst
Ashok Raj (1):
KVM/x86: Add IBPB support
Borislav Petkov (4):
x86/alternative: Print unadorned pointers
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/retpoline: Simplify vmexit_fill_RSB()
Colin Ian King (1):
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
Dan Williams (12):
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_mask_nospec
x86: Introduce barrier_nospec
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/kvm: Update spectre-v1 mitigation
Darren Kenny (1):
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
David Hildenbrand (1):
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
David Matlack (1):
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
David Woodhouse (10):
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/msr: Add definitions for new speculation control MSRs
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/retpoline: Avoid retpolines for built-in __init functions
Dou Liyang (1):
x86/spectre: Check CONFIG_RETPOLINE in command line parser
Jim Mattson (1):
KVM: nVMX: Eliminate vmcs02 pool
Josh Poimboeuf (1):
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
KarimAllah Ahmed (4):
x86/spectre: Simplify spectre_v2 command line parsing
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
Mark Rutland (1):
Documentation: Document array_index_nospec
Paolo Bonzini (2):
KVM: VMX: introduce alloc_loaded_vmcs
KVM: VMX: make MSR bitmaps per-VCPU
Peter Zijlstra (2):
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
Thomas Gleixner (1):
x86/cpu/bugs: Make retpoline module warning conditional
Waiman Long (1):
x86/retpoline: Remove the esp/rsp thunk
Documentation/kernel-parameters.txt | 2 -
Documentation/speculation.txt | 90 +++++++++++++
arch/x86/entry/common.c | 9 +-
arch/x86/entry/entry_32.S | 3 +-
arch/x86/entry/entry_64.S | 134 ++----------------
arch/x86/entry/syscall_64.c | 7 +-
arch/x86/include/asm/asm-prototypes.h | 4 +-
arch/x86/include/asm/barrier.h | 28 ++++
arch/x86/include/asm/cpufeature.h | 7 +-
arch/x86/include/asm/cpufeatures.h | 22 ++-
arch/x86/include/asm/disabled-features.h | 3 +-
arch/x86/include/asm/intel-family.h | 7 +-
arch/x86/include/asm/msr-index.h | 12 ++
arch/x86/include/asm/msr.h | 3 +-
arch/x86/include/asm/nospec-branch.h | 91 ++++---------
arch/x86/include/asm/processor.h | 2 -
arch/x86/include/asm/required-features.h | 3 +-
arch/x86/include/asm/syscall.h | 6 +-
arch/x86/include/asm/thread_info.h | 3 +-
arch/x86/include/asm/uaccess.h | 15 ++-
arch/x86/include/asm/uaccess_32.h | 12 +-
arch/x86/include/asm/uaccess_64.h | 12 +-
arch/x86/kernel/alternative.c | 28 +---
arch/x86/kernel/cpu/bugs.c | 128 +++++++++++++-----
arch/x86/kernel/cpu/common.c | 70 +++++++++-
arch/x86/kernel/cpu/intel.c | 66 +++++++++
arch/x86/kernel/cpu/scattered.c | 2 -
arch/x86/kernel/process_64.c | 4 +-
arch/x86/kernel/ptrace.c | 2 +-
arch/x86/kernel/signal.c | 2 +-
arch/x86/kvm/cpuid.c | 21 ++-
arch/x86/kvm/cpuid.h | 31 +++++
arch/x86/kvm/emulate.c | 10 +-
arch/x86/kvm/svm.c | 116 ++++++++++++++++
arch/x86/kvm/vmx.c | 754 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
arch/x86/kvm/x86.c | 1 +
arch/x86/lib/Makefile | 1 +
arch/x86/lib/getuser.S | 10 ++
arch/x86/lib/retpoline.S | 57 +++++++-
arch/x86/lib/usercopy_32.c | 8 +-
include/linux/fdtable.h | 5 +-
include/linux/init.h | 9 +-
include/linux/module.h | 9 ++
include/linux/nospec.h | 72 ++++++++++
kernel/module.c | 11 ++
net/wireless/nl80211.c | 9 +-
scripts/mod/modpost.c | 9 ++
47 files changed, 1230 insertions(+), 680 deletions(-)
create mode 100644 Documentation/speculation.txt
create mode 100644 include/linux/nospec.h
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5210 bytes --]
next prev parent reply other threads:[~2018-02-06 21:05 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-06 17:29 [STABLE 4.9.y PATCH 0/9] Backport of KVM Speculation Control support David Woodhouse
2018-02-06 17:29 ` [PATCH 1/9] KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail David Woodhouse
2018-02-06 17:29 ` [PATCH 2/9] KVM: nVMX: mark vmcs12 pages dirty on L2 exit David Woodhouse
2018-02-06 17:29 ` [PATCH 3/9] KVM: nVMX: Eliminate vmcs02 pool David Woodhouse
2018-02-06 17:29 ` [PATCH 4/9] KVM: VMX: introduce alloc_loaded_vmcs David Woodhouse
2018-02-06 17:29 ` [PATCH 5/9] KVM: VMX: make MSR bitmaps per-VCPU David Woodhouse
2018-02-06 17:29 ` [PATCH 6/9] KVM/x86: Add IBPB support David Woodhouse
2018-02-06 17:29 ` [PATCH 7/9] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES David Woodhouse
2018-02-16 14:18 ` Paolo Bonzini
2018-02-16 16:29 ` Jim Mattson
2018-02-16 16:33 ` David Woodhouse
2018-02-19 13:10 ` Paolo Bonzini
2018-02-19 13:35 ` David Woodhouse
2018-02-19 14:07 ` Paolo Bonzini
2018-02-06 17:29 ` [PATCH 8/9] KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL David Woodhouse
2018-02-16 4:02 ` Jim Mattson
2018-02-16 4:16 ` Jim Mattson
2018-02-06 17:29 ` [PATCH 9/9] KVM/SVM: " David Woodhouse
2018-02-06 18:01 ` [STABLE 4.9.y PATCH 0/9] Backport of KVM Speculation Control support Paolo Bonzini
2018-02-06 21:05 ` Woodhouse, David [this message]
2018-02-08 2:49 ` Greg KH
2018-02-08 2:49 ` Greg KH
2018-02-08 17:14 ` Greg KH
2018-02-08 17:14 ` Greg KH
2018-02-08 17:42 ` Paolo Bonzini
2018-02-08 17:57 ` Greg KH
2018-02-08 17:57 ` Greg KH
2018-02-09 7:58 ` Greg KH
2018-02-09 7:58 ` Greg KH
2018-02-15 10:15 ` Thomas Voegtle
2018-02-15 10:23 ` Greg KH
2018-02-15 10:49 ` Thomas Voegtle
2018-02-15 13:57 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517951146.3677.34.camel@amazon.co.uk \
--to=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jmattson@google.com \
--cc=karahmed@amazon.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.