From: Suraj Jitindar Singh <surajjs@amazon.com>
To: <stable@vger.kernel.org>
Cc: <surajjs@amazon.com>, <sjitindarsingh@gmail.com>,
<cascardo@canonical.com>, <kvm@vger.kernel.org>,
<pbonzini@redhat.com>, <jpoimboe@kernel.org>,
<peterz@infradead.org>, <x86@kernel.org>
Subject: [PATCH 4.14 00/34] Retbleed & PBRSB Mitigations
Date: Thu, 27 Oct 2022 13:48:01 -0700 [thread overview]
Message-ID: <20221027204801.13146-1-surajjs@amazon.com> (raw)
This backport adds support for Retbleed and PBRSB mitigations for Intel parts.
Some AMD parts are added to simplify context however support for IBPB or UNRET
is not included in this series. The reporting of whether a cpu is affected
should be correct however.
Most patches applied cleanly or required only context changes, the major
difference between this series and upstream is the fact that the kvm entry
path is in inline asm in the 4.14 tree and so this had to be accommodated
in patches:
- x86/speculation: Fill RSB on vmexit for IBRS
- x86/speculation: Add RSB VM Exit protections
This series is unsurprisingly very similar to that for the 5.4 backport [1].
Boot tested on a variety of Intel and AMD systems.
Tested correct reporting of vulnerabilities and mitigation selection on Skylake,
Cascade Lake, Ice Lake and Zen3 parts.
[1] https://lore.kernel.org/stable/20221003131038.12645-1-cascardo@canonical.com/
Alexandre Chartre (2):
x86/bugs: Report AMD retbleed vulnerability
x86/bugs: Add AMD retbleed= boot parameter
Andrew Cooper (1):
x86/cpu/amd: Enumerate BTC_NO
Daniel Sneddon (1):
x86/speculation: Add RSB VM Exit protections
Ingo Molnar (1):
x86/cpufeature: Fix various quality problems in the
<asm/cpu_device_hd.h> header
Josh Poimboeuf (8):
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Remove x86_spec_ctrl_mask
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
KVM: VMX: Fix IBRS handling after vmexit
x86/speculation: Fill RSB on vmexit for IBRS
Kan Liang (1):
x86/cpufeature: Add facility to check for min microcode revisions
Mark Gross (1):
x86/cpu: Add a steppings field to struct x86_cpu_id
Nathan Chancellor (1):
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
Pawan Gupta (5):
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/speculation: Add LFENCE to RSB fill sequence
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/speculation: Disable RRSBA behavior
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS
parts
Peter Zijlstra (9):
x86/entry: Remove skip_r11rcx
x86/cpufeatures: Move RETPOLINE flags to word 11
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation()
x86/bugs: Report Intel retbleed vulnerability
entel_idle: Disable IBRS during long idle
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
x86/common: Stamp out the stepping madness
Suraj Jitindar Singh (1):
Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
Thadeu Lima de Souza Cascardo (1):
x86/entry: Add kernel IBRS implementation
Thomas Gleixner (2):
x86/devicetable: Move x86 specific macro out of generic code
x86/cpu: Add consistent CPU match macros
Documentation/admin-guide/hw-vuln/spectre.rst | 8 +
.../admin-guide/kernel-parameters.txt | 13 +
arch/x86/entry/calling.h | 68 ++-
arch/x86/entry/entry_32.S | 2 -
arch/x86/entry/entry_64.S | 38 +-
arch/x86/entry/entry_64_compat.S | 12 +-
arch/x86/include/asm/cpu_device_id.h | 168 ++++++-
arch/x86/include/asm/cpufeatures.h | 16 +-
arch/x86/include/asm/intel-family.h | 6 +
arch/x86/include/asm/msr-index.h | 14 +
arch/x86/include/asm/nospec-branch.h | 48 +-
arch/x86/kernel/cpu/amd.c | 21 +-
arch/x86/kernel/cpu/bugs.c | 415 +++++++++++++++---
arch/x86/kernel/cpu/common.c | 68 ++-
arch/x86/kernel/cpu/match.c | 44 +-
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kernel/process.c | 2 +-
arch/x86/kvm/svm.c | 1 +
arch/x86/kvm/vmx.c | 51 ++-
drivers/base/cpu.c | 8 +
drivers/cpufreq/acpi-cpufreq.c | 1 +
drivers/cpufreq/amd_freq_sensitivity.c | 1 +
drivers/idle/intel_idle.c | 45 +-
include/linux/cpu.h | 2 +
include/linux/mod_devicetable.h | 4 +-
tools/arch/x86/include/asm/cpufeatures.h | 1 +
26 files changed, 897 insertions(+), 161 deletions(-)
--
2.17.1
next reply other threads:[~2022-10-27 20:56 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 20:48 Suraj Jitindar Singh [this message]
2022-10-27 20:54 ` [PATCH 4.14 01/34] Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 02/34] x86/cpufeature: Add facility to check for min microcode revisions Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 03/34] x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 04/34] x86/devicetable: Move x86 specific macro out of generic code Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 05/34] x86/cpu: Add consistent CPU match macros Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 06/34] x86/cpu: Add a steppings field to struct x86_cpu_id Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 07/34] x86/entry: Remove skip_r11rcx Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 08/34] x86/cpufeatures: Move RETPOLINE flags to word 11 Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 09/34] x86/bugs: Report AMD retbleed vulnerability Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 10/34] x86/bugs: Add AMD retbleed= boot parameter Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 11/34] x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 12/34] x86/entry: Add kernel IBRS implementation Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 13/34] x86/bugs: Optimize SPEC_CTRL MSR writes Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 14/34] x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 15/34] x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 16/34] x86/bugs: Report Intel retbleed vulnerability Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 17/34] entel_idle: Disable IBRS during long idle Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 18/34] x86/speculation: Change FILL_RETURN_BUFFER to work with objtool Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 19/34] x86/speculation: Add LFENCE to RSB fill sequence Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 20/34] x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 21/34] x86/speculation: Fix firmware entry SPEC_CTRL handling Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 22/34] x86/speculation: Fix SPEC_CTRL write on SMT state change Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 23/34] x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 24/34] x86/speculation: Remove x86_spec_ctrl_mask Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 25/34] KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 26/34] KVM: VMX: Fix IBRS handling after vmexit Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 27/34] x86/speculation: Fill RSB on vmexit for IBRS Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 28/34] x86/common: Stamp out the stepping madness Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 29/34] x86/cpu/amd: Enumerate BTC_NO Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 30/34] x86/bugs: Add Cannon lake to RETBleed affected CPU list Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 31/34] x86/speculation: Disable RRSBA behavior Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 32/34] x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current Suraj Jitindar Singh
2022-10-27 20:56 ` [PATCH 4.14 33/34] x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts Suraj Jitindar Singh
2022-10-27 20:56 ` [PATCH 4.14 34/34] x86/speculation: Add RSB VM Exit protections Suraj Jitindar Singh
2022-10-31 7:00 ` [PATCH 4.14 00/34] Retbleed & PBRSB Mitigations Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221027204801.13146-1-surajjs@amazon.com \
--to=surajjs@amazon.com \
--cc=cascardo@canonical.com \
--cc=jpoimboe@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sjitindarsingh@gmail.com \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.