* 4.4 backports -- x86 speculation
[not found] ` <1772872442.3583605.1654764609414@webmail.strato.com>
@ 2022-06-13 10:30 ` Pavel Machek
[not found] ` <16F8276E2E3F8D91.11238@lists.cip-project.org>
1 sibling, 0 replies; 4+ messages in thread
From: Pavel Machek @ 2022-06-13 10:30 UTC (permalink / raw)
To: Ulrich Hecht, cip-dev; +Cc: Pavel Machek
[-- Attachment #1: Type: text/plain, Size: 3458 bytes --]
Hi!
(I put mailing list in the cc).
> > > And possibly these?
> > >
> > > 4.9.306: speculation fixes, mostly x86 + 7833a9b54
> > >
> > > ** !M | 890fb470c 0cbb76 o | x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC vari$
> > > ** !M | 3dd518cb6 4cd24d o | x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support...
> > > ** !M | 376afe749 ef014a o | x86/retpoline: Remove minimal retpoline support...
> > > ** | e6291bd93 6e8855 . | Documentation: Add section about CPU vulnerabilities for Spectre...
> > > ** | 8e08ef80a 4c9205 . | Documentation: Add swapgs description to the Spectre v1 documentation...
> > > ** | cdba32608 82ca67 .+ | Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomi$
> > > ** a | 71d79539a a5ce9f o | x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
> > > ** a | a90155024 f8a66d o | x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
> > > ** | a771511ca d45476 o | x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE...
> > > ** | d0ba50275 1e19da o | x86/speculation: Add eIBRS + Retpoline options
> > > ** | f9238d337 5ad3eb . | Documentation/hw-vuln: Update spectre doc
> > > ** | 6481835a9 44a391 o | x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation rep$
> > > ** | b6a1aec08 244d00 o | x86/speculation: Use generic retpoline by default on AMD
> > > ** | 0db1c4307 e9b601 . | x86/speculation: Update link to AMD speculation whitepaper
> > > ** | 8edabefdc eafd98 o | x86/speculation: Warn about Spectre v2 LFENCE mitigation
> > > ** | 075376018 0de05d o | x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
> > > ** !!a | 10b908aab 541625 o | arm/arm64: Provide a wrapper for SMCCC 1.1 calls...
>
> I have backported all of these; see the attached
> tarball. Compile-tested only.
Thanks for the tarball.
0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch
0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch
0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch
I already had these from the last round.
0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch
I'll take this, but I'll need to recheck the context.
0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch
0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch
0007-x86-retpoline-Remove-minimal-retpoline-support.patch
0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch
0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch
0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch
0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch
0012-x86-speculation-Add-eIBRS-Retpoline-options.patch
0013-Documentation-hw-vuln-Update-spectre-doc.patch
0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch
0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch
0016-x86-speculation-Update-link-to-AMD-speculation-white.patch
0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch
0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch
Applied to -st-rc branch. Let me attempt to do some basic testing.
Thanks and best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [cip-dev] 4.4 backports -- x86 speculation
[not found] ` <16F8276E2E3F8D91.11238@lists.cip-project.org>
@ 2022-06-14 10:13 ` Pavel Machek
[not found] ` <16F8751F2AB1EA42.18003@lists.cip-project.org>
1 sibling, 0 replies; 4+ messages in thread
From: Pavel Machek @ 2022-06-14 10:13 UTC (permalink / raw)
To: cip-dev; +Cc: Ulrich Hecht, Pavel Machek
[-- Attachment #1: Type: text/plain, Size: 5109 bytes --]
Hi!
> > > > And possibly these?
> > > >
> > > > 4.9.306: speculation fixes, mostly x86 + 7833a9b54
> > > >
> > > > ** !M | 890fb470c 0cbb76 o | x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC vari$
> > > > ** !M | 3dd518cb6 4cd24d o | x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support...
> > > > ** !M | 376afe749 ef014a o | x86/retpoline: Remove minimal retpoline support...
> > > > ** | e6291bd93 6e8855 . | Documentation: Add section about CPU vulnerabilities for Spectre...
> > > > ** | 8e08ef80a 4c9205 . | Documentation: Add swapgs description to the Spectre v1 documentation...
> > > > ** | cdba32608 82ca67 .+ | Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomi$
> > > > ** a | 71d79539a a5ce9f o | x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
> > > > ** a | a90155024 f8a66d o | x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
> > > > ** | a771511ca d45476 o | x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE...
> > > > ** | d0ba50275 1e19da o | x86/speculation: Add eIBRS + Retpoline options
> > > > ** | f9238d337 5ad3eb . | Documentation/hw-vuln: Update spectre doc
> > > > ** | 6481835a9 44a391 o | x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation rep$
> > > > ** | b6a1aec08 244d00 o | x86/speculation: Use generic retpoline by default on AMD
> > > > ** | 0db1c4307 e9b601 . | x86/speculation: Update link to AMD speculation whitepaper
> > > > ** | 8edabefdc eafd98 o | x86/speculation: Warn about Spectre v2 LFENCE mitigation
> > > > ** | 075376018 0de05d o | x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
> > > > ** !!a | 10b908aab 541625 o | arm/arm64: Provide a wrapper for SMCCC 1.1 calls...
> >
> > I have backported all of these; see the attached
> > tarball. Compile-tested only.
>
> Thanks for the tarball.
>
> 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch
> 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch
> 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch
>
> I already had these from the last round.
>
> 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch
>
> I'll take this, but I'll need to recheck the context.
>
> 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch
> 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch
> 0007-x86-retpoline-Remove-minimal-retpoline-support.patch
> 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch
> 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch
> 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch
> 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch
> 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch
> 0013-Documentation-hw-vuln-Update-spectre-doc.patch
> 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch
> 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch
> 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch
> 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch
> 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch
>
> Applied to -st-rc branch. Let me attempt to do some basic testing.
With all the patches applied, I get this:
https://gitlab.com/cip-project/cip-kernel/linux-cip/-/jobs/2581576742
LD arch/x86/platform/intel-mid/built-in.o
1704 CC arch/x86/platform/efi/efi.o
1705 CC kernel/cpu.o
1706 CC mm/mempool.o
1707In file included from ./arch/x86/include/asm/bitops.h:16,
1708 from include/linux/bitops.h:18,
1709 from include/linux/kernel.h:10,
1710 from include/linux/list.h:8,
1711 from include/linux/module.h:9,
1712 from arch/x86/kernel/irq_32.c:11:
1713arch/x86/kernel/irq_32.c: In function 'call_on_stack':
1714./arch/x86/include/asm/nospec-branch.h:154:9: error: expected ':' or ')' before 'ANNOTATE_RETPOLINE_SAFE'
1715 154 | ANNOTATE_RETPOLINE_SAFE \
1716 | ^~~~~~~~~~~~~~~~~~~~~~~
1717./arch/x86/include/asm/alternative.h:119:20: note: in definition of macro 'OLDINSTR_2'
1718 119 | "661:\n\t" oldinstr "\n662:\n" \
1719 | ^~~~~~~~
1720./arch/x86/include/asm/nospec-branch.h:153:9: note: in expansion of macro 'ALTERNATIVE_2'
1721 153 | ALTERNATIVE_2( \
1722 | ^~~~~~~~~~~~~
1723arch/x86/kernel/irq_32.c:59:22: note: in expansion of macro 'CALL_NOSPEC'
1724 59 | CALL_NOSPEC
1725 | ^~~~~~~~~~~
1726
Let me try to reorder patches and see which one introduces it.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [cip-dev] 4.4 backports -- x86 speculation
[not found] ` <16F8751F2AB1EA42.18003@lists.cip-project.org>
@ 2022-06-14 10:58 ` Pavel Machek
[not found] ` <16F8778C49247DE6.18003@lists.cip-project.org>
1 sibling, 0 replies; 4+ messages in thread
From: Pavel Machek @ 2022-06-14 10:58 UTC (permalink / raw)
To: cip-dev; +Cc: Ulrich Hecht, Pavel Machek
[-- Attachment #1: Type: text/plain, Size: 3136 bytes --]
Hi!
> > > I have backported all of these; see the attached
> > > tarball. Compile-tested only.
> >
> > Thanks for the tarball.
> >
> > 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch
> > 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch
> > 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch
> >
> > I already had these from the last round.
> >
> > 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch
> >
> > I'll take this, but I'll need to recheck the context.
> >
> > 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch
> > 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch
> > 0007-x86-retpoline-Remove-minimal-retpoline-support.patch
> > 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch
> > 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch
> > 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch
> > 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch
> > 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch
> > 0013-Documentation-hw-vuln-Update-spectre-doc.patch
> > 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch
> > 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch
> > 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch
> > 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch
> > 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch
> >
> > Applied to -st-rc branch. Let me attempt to do some basic testing.
>
> With all the patches applied, I get this:
My tree currently looks like this:
882867c873bbf048cd3574a3fda18742726839b8 x86/retpoline: Remove minimal retpoline support
5a5cafcebb8d249808b0bd63ca75642e5e1ec821 x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
64bdd7860d908641beb8c2aceeb34b4ddd773024 x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
41f63e3d55265f90c76a00412252a34cd3f0142e arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
b45151ba21854b8b38897696e163b04a7b09e204 x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
728dc418dd6a8f3ce99f306ef52e6286aa6e13d9 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
10e10492a0474d9b57558f67cae41d2d7d7d11cf ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
67f46bb7179f10425f9fbf81faa81c05c1d810f4 add needed testing
5cd6adc62818c613bef3fdcf48d5c1473e617e9f (origin/linux-4.4.y-st, linux-4.4.y-st) Merge changes from 4.9.314.
Testing 64bdd786, that one fails, testing 41f63e3d5: that one does not
fail in the same
way. https://gitlab.com/cip-project/cip-kernel/linux-cip/-/pipelines/563276264.
So it looks like 64bdd7860d908641beb8c2aceeb34b4ddd773024
x86/speculation: Add RETPOLINE_AMD support to the inline asm causes
the build problem.
I have reproduced problem locally, let me try to debug it.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [cip-dev] 4.4 backports -- x86 speculation
[not found] ` <16F8778C49247DE6.18003@lists.cip-project.org>
@ 2022-06-14 11:10 ` Pavel Machek
0 siblings, 0 replies; 4+ messages in thread
From: Pavel Machek @ 2022-06-14 11:10 UTC (permalink / raw)
To: cip-dev; +Cc: Ulrich Hecht, Pavel Machek
[-- Attachment #1: Type: text/plain, Size: 3207 bytes --]
Hi!
> > > 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch
> > > 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch
> > > 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch
> > >
> > > I already had these from the last round.
> > >
> > > 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch
> > >
> > > I'll take this, but I'll need to recheck the context.
> > >
> > > 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch
> > > 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch
> > > 0007-x86-retpoline-Remove-minimal-retpoline-support.patch
> > > 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch
> > > 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch
> > > 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch
> > > 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch
> > > 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch
> > > 0013-Documentation-hw-vuln-Update-spectre-doc.patch
> > > 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch
> > > 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch
> > > 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch
> > > 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch
> > > 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch
> > >
> > > Applied to -st-rc branch. Let me attempt to do some basic testing.
> >
> > With all the patches applied, I get this:
>
> My tree currently looks like this:
>
> 882867c873bbf048cd3574a3fda18742726839b8 x86/retpoline: Remove minimal retpoline support
> 5a5cafcebb8d249808b0bd63ca75642e5e1ec821 x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
> 64bdd7860d908641beb8c2aceeb34b4ddd773024 x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
> 41f63e3d55265f90c76a00412252a34cd3f0142e arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
> b45151ba21854b8b38897696e163b04a7b09e204 x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
> 728dc418dd6a8f3ce99f306ef52e6286aa6e13d9 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
> 10e10492a0474d9b57558f67cae41d2d7d7d11cf ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
> 67f46bb7179f10425f9fbf81faa81c05c1d810f4 add needed testing
> 5cd6adc62818c613bef3fdcf48d5c1473e617e9f (origin/linux-4.4.y-st, linux-4.4.y-st) Merge changes from 4.9.314.
>
> Testing 64bdd786, that one fails, testing 41f63e3d5: that one does not
> fail in the same
> way. https://gitlab.com/cip-project/cip-kernel/linux-cip/-/pipelines/563276264.
>
> So it looks like 64bdd7860d908641beb8c2aceeb34b4ddd773024
> x86/speculation: Add RETPOLINE_AMD support to the inline asm causes
> the build problem.
>
> I have reproduced problem locally, let me try to debug it.
It seems this patch depends on a65655d40c8235. I have backported it an
am proceeding with testing.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-14 11:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20220328091116.GA26815@amd>
[not found] ` <1346806064.1124697.1649068981110@webmail.strato.com>
[not found] ` <20220404112733.GA9863@duo.ucw.cz>
[not found] ` <971433328.1146259.1649072970767@webmail.strato.com>
[not found] ` <86774150.3004766.1651578900027@webmail.strato.com>
[not found] ` <20220503130137.GA12566@duo.ucw.cz>
[not found] ` <1032096920.483689.1652714463015@webmail.strato.com>
[not found] ` <20220517091848.GA29900@duo.ucw.cz>
[not found] ` <1414117524.1401631.1654239722410@webmail.strato.com>
[not found] ` <1772872442.3583605.1654764609414@webmail.strato.com>
2022-06-13 10:30 ` 4.4 backports -- x86 speculation Pavel Machek
[not found] ` <16F8276E2E3F8D91.11238@lists.cip-project.org>
2022-06-14 10:13 ` [cip-dev] " Pavel Machek
[not found] ` <16F8751F2AB1EA42.18003@lists.cip-project.org>
2022-06-14 10:58 ` Pavel Machek
[not found] ` <16F8778C49247DE6.18003@lists.cip-project.org>
2022-06-14 11:10 ` Pavel Machek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox