From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 5.10 v2 01/16] Documentation: x86/bugs/its: Add ITS documentation
Date: Thu, 19 Jun 2025 05:03:14 -0400 [thread overview]
Message-ID: <20250618164838-2a579fef32195669@stable.kernel.org> (raw)
In-Reply-To: <20250617-its-5-10-v2-1-3e925a1512a1@linux.intel.com>
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected.
No action required from the submitter.
The upstream commit SHA1 provided is correct: 1ac116ce6468670eeda39345a5585df308243dca
Status in newer kernel trees:
6.15.y | Present (exact SHA1)
6.12.y | Present (different SHA1: 76f847655bcb)
6.6.y | Present (different SHA1: c6c1319d19fc)
6.1.y | Present (different SHA1: ed2e894a7645)
5.15.y | Present (different SHA1: da8db23e3c8d)
Note: The patch differs from the upstream commit:
---
1: 1ac116ce64686 ! 1: 2a07a25354435 Documentation: x86/bugs/its: Add ITS documentation
@@ Metadata
## Commit message ##
Documentation: x86/bugs/its: Add ITS documentation
+ commit 1ac116ce6468670eeda39345a5585df308243dca upstream.
+
Add the admin-guide for Indirect Target Selection (ITS).
- Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
+ Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
## Documentation/admin-guide/hw-vuln/index.rst ##
@@ Documentation/admin-guide/hw-vuln/index.rst: are configurable at compile, boot or run time.
- gather_data_sampling
+ gather_data_sampling.rst
+ srso
reg-file-data-sampling
- rsb
+ indirect-target-selection
## Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new) ##
@@ Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new)
+reason, when retpoline is enabled, ITS mitigation only relocates the RETs to
+safe thunks. Unless user requested the RSB-stuffing mitigation.
+
-+RSB Stuffing
-+~~~~~~~~~~~~
-+RSB-stuffing via Call Depth Tracking is a mitigation for Retbleed RSB-underflow
-+attacks. And it also mitigates RETs that are vulnerable to ITS.
-+
+Mitigation in guests
+^^^^^^^^^^^^^^^^^^^^
+All guests deploy ITS mitigation by default, irrespective of eIBRS enumeration
@@ Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new)
+ useful when host userspace is not in the threat model, and only
+ attacks from guest to host are considered.
+
-+ stuff Deploy RSB-fill mitigation when retpoline is also deployed.
-+ Otherwise, deploy the default mitigation. When retpoline mitigation
-+ is enabled, RSB-stuffing via Call-Depth-Tracking also mitigates
-+ ITS.
-+
+ force Force the ITS bug and deploy the default mitigation.
+ ======== ===================================================================
+
@@ Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new)
+ * - Mitigation: Aligned branch/return thunks
+ - The mitigation is enabled, affected indirect branches and RETs are
+ relocated to safe thunks.
-+ * - Mitigation: Retpolines, Stuffing RSB
-+ - The mitigation is enabled using retpoline and RSB stuffing.
+
+References
+----------
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-5.10.y | Success | Success |
next prev parent reply other threads:[~2025-06-19 9:03 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-18 0:44 [PATCH 5.10 v2 00/16] ITS mitigation for 5.10 Pawan Gupta
2025-06-18 0:44 ` [PATCH 5.10 v2 01/16] Documentation: x86/bugs/its: Add ITS documentation Pawan Gupta
2025-06-19 9:03 ` Sasha Levin [this message]
2025-06-18 0:44 ` [PATCH 5.10 v2 02/16] x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta
2025-06-19 9:04 ` Sasha Levin
2025-06-18 0:44 ` [PATCH 5.10 v2 03/16] x86/its: Enumerate Indirect Target Selection (ITS) bug Pawan Gupta
2025-06-19 9:04 ` Sasha Levin
2025-06-18 0:45 ` [PATCH 5.10 v2 04/16] x86/alternatives: Introduce int3_emulate_jcc() Pawan Gupta
2025-06-19 9:04 ` Sasha Levin
2025-06-18 0:45 ` [PATCH 5.10 v2 05/16] x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Pawan Gupta
2025-06-19 9:03 ` Sasha Levin
2025-06-18 0:45 ` [PATCH 5.10 v2 06/16] x86/its: Add support for ITS-safe indirect thunk Pawan Gupta
2025-06-19 9:03 ` Sasha Levin
2025-06-18 0:45 ` [PATCH 5.10 v2 07/16] x86/alternative: Optimize returns patching Pawan Gupta
2025-06-19 9:04 ` Sasha Levin
2025-06-23 19:10 ` Pawan Gupta
2025-06-18 0:46 ` [PATCH 5.10 v2 08/16] x86/alternatives: Remove faulty optimization Pawan Gupta
2025-06-19 9:03 ` Sasha Levin
2025-06-18 0:46 ` [PATCH 5.10 v2 09/16] x86/its: Add support for ITS-safe return thunk Pawan Gupta
2025-06-19 9:02 ` Sasha Levin
2025-06-18 0:46 ` [PATCH 5.10 v2 10/16] x86/its: Fix undefined reference to cpu_wants_rethunk_at() Pawan Gupta
2025-06-19 9:03 ` Sasha Levin
2025-06-23 19:17 ` Pawan Gupta
2025-06-18 0:46 ` [PATCH 5.10 v2 11/16] x86/its: Enable Indirect Target Selection mitigation Pawan Gupta
2025-06-19 9:04 ` Sasha Levin
2025-06-18 0:47 ` [PATCH 5.10 v2 12/16] x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta
2025-06-19 9:02 ` Sasha Levin
2025-06-18 0:47 ` [PATCH 5.10 v2 13/16] x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Pawan Gupta
2025-06-19 9:02 ` Sasha Levin
2025-06-18 0:47 ` [PATCH 5.10 v2 14/16] x86/its: Use dynamic thunks for indirect branches Pawan Gupta
2025-06-19 9:03 ` Sasha Levin
2025-06-23 19:33 ` Pawan Gupta
2025-06-18 0:47 ` [PATCH 5.10 v2 15/16] x86/its: Fix build errors when CONFIG_MODULES=n Pawan Gupta
2025-06-19 9:02 ` Sasha Levin
2025-06-18 0:48 ` [PATCH 5.10 v2 16/16] x86/its: FineIBT-paranoid vs ITS Pawan Gupta
2025-06-19 9:02 ` Sasha Levin
2025-07-12 13:50 ` [PATCH 5.10 v2 00/16] ITS mitigation for 5.10 Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250618164838-2a579fef32195669@stable.kernel.org \
--to=sashal@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.