* 4.4 backports -- x86 speculation [not found] ` <1772872442.3583605.1654764609414@webmail.strato.com> @ 2022-06-13 10:30 ` Pavel Machek [not found] ` <16F8276E2E3F8D91.11238@lists.cip-project.org> 1 sibling, 0 replies; 4+ messages in thread From: Pavel Machek @ 2022-06-13 10:30 UTC (permalink / raw) To: Ulrich Hecht, cip-dev; +Cc: Pavel Machek [-- Attachment #1: Type: text/plain, Size: 3458 bytes --] Hi! (I put mailing list in the cc). > > > And possibly these? > > > > > > 4.9.306: speculation fixes, mostly x86 + 7833a9b54 > > > > > > ** !M | 890fb470c 0cbb76 o | x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC vari$ > > > ** !M | 3dd518cb6 4cd24d o | x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support... > > > ** !M | 376afe749 ef014a o | x86/retpoline: Remove minimal retpoline support... > > > ** | e6291bd93 6e8855 . | Documentation: Add section about CPU vulnerabilities for Spectre... > > > ** | 8e08ef80a 4c9205 . | Documentation: Add swapgs description to the Spectre v1 documentation... > > > ** | cdba32608 82ca67 .+ | Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomi$ > > > ** a | 71d79539a a5ce9f o | x86/speculation: Merge one test in spectre_v2_user_select_mitigation() > > > ** a | a90155024 f8a66d o | x86,bugs: Unconditionally allow spectre_v2=retpoline,amd > > > ** | a771511ca d45476 o | x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE... > > > ** | d0ba50275 1e19da o | x86/speculation: Add eIBRS + Retpoline options > > > ** | f9238d337 5ad3eb . | Documentation/hw-vuln: Update spectre doc > > > ** | 6481835a9 44a391 o | x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation rep$ > > > ** | b6a1aec08 244d00 o | x86/speculation: Use generic retpoline by default on AMD > > > ** | 0db1c4307 e9b601 . | x86/speculation: Update link to AMD speculation whitepaper > > > ** | 8edabefdc eafd98 o | x86/speculation: Warn about Spectre v2 LFENCE mitigation > > > ** | 075376018 0de05d o | x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT > > > ** !!a | 10b908aab 541625 o | arm/arm64: Provide a wrapper for SMCCC 1.1 calls... > > I have backported all of these; see the attached > tarball. Compile-tested only. Thanks for the tarball. 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch I already had these from the last round. 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch I'll take this, but I'll need to recheck the context. 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch 0007-x86-retpoline-Remove-minimal-retpoline-support.patch 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch 0013-Documentation-hw-vuln-Update-spectre-doc.patch 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch Applied to -st-rc branch. Let me attempt to do some basic testing. Thanks and best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <16F8276E2E3F8D91.11238@lists.cip-project.org>]
* Re: [cip-dev] 4.4 backports -- x86 speculation [not found] ` <16F8276E2E3F8D91.11238@lists.cip-project.org> @ 2022-06-14 10:13 ` Pavel Machek [not found] ` <16F8751F2AB1EA42.18003@lists.cip-project.org> 1 sibling, 0 replies; 4+ messages in thread From: Pavel Machek @ 2022-06-14 10:13 UTC (permalink / raw) To: cip-dev; +Cc: Ulrich Hecht, Pavel Machek [-- Attachment #1: Type: text/plain, Size: 5109 bytes --] Hi! > > > > And possibly these? > > > > > > > > 4.9.306: speculation fixes, mostly x86 + 7833a9b54 > > > > > > > > ** !M | 890fb470c 0cbb76 o | x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC vari$ > > > > ** !M | 3dd518cb6 4cd24d o | x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support... > > > > ** !M | 376afe749 ef014a o | x86/retpoline: Remove minimal retpoline support... > > > > ** | e6291bd93 6e8855 . | Documentation: Add section about CPU vulnerabilities for Spectre... > > > > ** | 8e08ef80a 4c9205 . | Documentation: Add swapgs description to the Spectre v1 documentation... > > > > ** | cdba32608 82ca67 .+ | Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomi$ > > > > ** a | 71d79539a a5ce9f o | x86/speculation: Merge one test in spectre_v2_user_select_mitigation() > > > > ** a | a90155024 f8a66d o | x86,bugs: Unconditionally allow spectre_v2=retpoline,amd > > > > ** | a771511ca d45476 o | x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE... > > > > ** | d0ba50275 1e19da o | x86/speculation: Add eIBRS + Retpoline options > > > > ** | f9238d337 5ad3eb . | Documentation/hw-vuln: Update spectre doc > > > > ** | 6481835a9 44a391 o | x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation rep$ > > > > ** | b6a1aec08 244d00 o | x86/speculation: Use generic retpoline by default on AMD > > > > ** | 0db1c4307 e9b601 . | x86/speculation: Update link to AMD speculation whitepaper > > > > ** | 8edabefdc eafd98 o | x86/speculation: Warn about Spectre v2 LFENCE mitigation > > > > ** | 075376018 0de05d o | x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT > > > > ** !!a | 10b908aab 541625 o | arm/arm64: Provide a wrapper for SMCCC 1.1 calls... > > > > I have backported all of these; see the attached > > tarball. Compile-tested only. > > Thanks for the tarball. > > 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch > 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch > 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch > > I already had these from the last round. > > 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch > > I'll take this, but I'll need to recheck the context. > > 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch > 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch > 0007-x86-retpoline-Remove-minimal-retpoline-support.patch > 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch > 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch > 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch > 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch > 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch > 0013-Documentation-hw-vuln-Update-spectre-doc.patch > 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch > 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch > 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch > 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch > 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch > > Applied to -st-rc branch. Let me attempt to do some basic testing. With all the patches applied, I get this: https://gitlab.com/cip-project/cip-kernel/linux-cip/-/jobs/2581576742 LD arch/x86/platform/intel-mid/built-in.o 1704 CC arch/x86/platform/efi/efi.o 1705 CC kernel/cpu.o 1706 CC mm/mempool.o 1707In file included from ./arch/x86/include/asm/bitops.h:16, 1708 from include/linux/bitops.h:18, 1709 from include/linux/kernel.h:10, 1710 from include/linux/list.h:8, 1711 from include/linux/module.h:9, 1712 from arch/x86/kernel/irq_32.c:11: 1713arch/x86/kernel/irq_32.c: In function 'call_on_stack': 1714./arch/x86/include/asm/nospec-branch.h:154:9: error: expected ':' or ')' before 'ANNOTATE_RETPOLINE_SAFE' 1715 154 | ANNOTATE_RETPOLINE_SAFE \ 1716 | ^~~~~~~~~~~~~~~~~~~~~~~ 1717./arch/x86/include/asm/alternative.h:119:20: note: in definition of macro 'OLDINSTR_2' 1718 119 | "661:\n\t" oldinstr "\n662:\n" \ 1719 | ^~~~~~~~ 1720./arch/x86/include/asm/nospec-branch.h:153:9: note: in expansion of macro 'ALTERNATIVE_2' 1721 153 | ALTERNATIVE_2( \ 1722 | ^~~~~~~~~~~~~ 1723arch/x86/kernel/irq_32.c:59:22: note: in expansion of macro 'CALL_NOSPEC' 1724 59 | CALL_NOSPEC 1725 | ^~~~~~~~~~~ 1726 Let me try to reorder patches and see which one introduces it. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <16F8751F2AB1EA42.18003@lists.cip-project.org>]
* Re: [cip-dev] 4.4 backports -- x86 speculation [not found] ` <16F8751F2AB1EA42.18003@lists.cip-project.org> @ 2022-06-14 10:58 ` Pavel Machek [not found] ` <16F8778C49247DE6.18003@lists.cip-project.org> 1 sibling, 0 replies; 4+ messages in thread From: Pavel Machek @ 2022-06-14 10:58 UTC (permalink / raw) To: cip-dev; +Cc: Ulrich Hecht, Pavel Machek [-- Attachment #1: Type: text/plain, Size: 3136 bytes --] Hi! > > > I have backported all of these; see the attached > > > tarball. Compile-tested only. > > > > Thanks for the tarball. > > > > 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch > > 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch > > 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch > > > > I already had these from the last round. > > > > 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch > > > > I'll take this, but I'll need to recheck the context. > > > > 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch > > 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch > > 0007-x86-retpoline-Remove-minimal-retpoline-support.patch > > 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch > > 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch > > 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch > > 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch > > 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch > > 0013-Documentation-hw-vuln-Update-spectre-doc.patch > > 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch > > 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch > > 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch > > 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch > > 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch > > > > Applied to -st-rc branch. Let me attempt to do some basic testing. > > With all the patches applied, I get this: My tree currently looks like this: 882867c873bbf048cd3574a3fda18742726839b8 x86/retpoline: Remove minimal retpoline support 5a5cafcebb8d249808b0bd63ca75642e5e1ec821 x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support 64bdd7860d908641beb8c2aceeb34b4ddd773024 x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant 41f63e3d55265f90c76a00412252a34cd3f0142e arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() b45151ba21854b8b38897696e163b04a7b09e204 x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE 728dc418dd6a8f3ce99f306ef52e6286aa6e13d9 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status 10e10492a0474d9b57558f67cae41d2d7d7d11cf ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE 67f46bb7179f10425f9fbf81faa81c05c1d810f4 add needed testing 5cd6adc62818c613bef3fdcf48d5c1473e617e9f (origin/linux-4.4.y-st, linux-4.4.y-st) Merge changes from 4.9.314. Testing 64bdd786, that one fails, testing 41f63e3d5: that one does not fail in the same way. https://gitlab.com/cip-project/cip-kernel/linux-cip/-/pipelines/563276264. So it looks like 64bdd7860d908641beb8c2aceeb34b4ddd773024 x86/speculation: Add RETPOLINE_AMD support to the inline asm causes the build problem. I have reproduced problem locally, let me try to debug it. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <16F8778C49247DE6.18003@lists.cip-project.org>]
* Re: [cip-dev] 4.4 backports -- x86 speculation [not found] ` <16F8778C49247DE6.18003@lists.cip-project.org> @ 2022-06-14 11:10 ` Pavel Machek 0 siblings, 0 replies; 4+ messages in thread From: Pavel Machek @ 2022-06-14 11:10 UTC (permalink / raw) To: cip-dev; +Cc: Ulrich Hecht, Pavel Machek [-- Attachment #1: Type: text/plain, Size: 3207 bytes --] Hi! > > > 0001-ptrace-Check-PTRACE_O_SUSPEND_SECCOMP-permission-on-.patch > > > 0002-xen-blkfront-don-t-use-gnttab_query_foreign_access-f.patch > > > 0003-x86-modpost-Replace-last-remnants-of-RETPOLINE-with-.patch > > > > > > I already had these from the last round. > > > > > > 0004-arm-arm64-smccc-psci-add-arm_smccc_1_1_get_conduit.patch > > > > > > I'll take this, but I'll need to recheck the context. > > > > > > 0005-x86-speculation-Add-RETPOLINE_AMD-support-to-the-inl.patch > > > 0006-x86-retpoline-Make-CONFIG_RETPOLINE-depend-on-compil.patch > > > 0007-x86-retpoline-Remove-minimal-retpoline-support.patch > > > 0008-Documentation-Add-section-about-CPU-vulnerabilities-.patch > > > 0009-Documentation-Add-swapgs-description-to-the-Spectre-.patch > > > 0010-Documentation-refer-to-config-RANDOMIZE_BASE-for-ker.patch > > > 0011-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch > > > 0012-x86-speculation-Add-eIBRS-Retpoline-options.patch > > > 0013-Documentation-hw-vuln-Update-spectre-doc.patch > > > 0014-x86-speculation-Include-unprivileged-eBPF-status-in-.patch > > > 0015-x86-speculation-Use-generic-retpoline-by-default-on-.patch > > > 0016-x86-speculation-Update-link-to-AMD-speculation-white.patch > > > 0017-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch > > > 0018-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch > > > > > > Applied to -st-rc branch. Let me attempt to do some basic testing. > > > > With all the patches applied, I get this: > > My tree currently looks like this: > > 882867c873bbf048cd3574a3fda18742726839b8 x86/retpoline: Remove minimal retpoline support > 5a5cafcebb8d249808b0bd63ca75642e5e1ec821 x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support > 64bdd7860d908641beb8c2aceeb34b4ddd773024 x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant > 41f63e3d55265f90c76a00412252a34cd3f0142e arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() > b45151ba21854b8b38897696e163b04a7b09e204 x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE > 728dc418dd6a8f3ce99f306ef52e6286aa6e13d9 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status > 10e10492a0474d9b57558f67cae41d2d7d7d11cf ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE > 67f46bb7179f10425f9fbf81faa81c05c1d810f4 add needed testing > 5cd6adc62818c613bef3fdcf48d5c1473e617e9f (origin/linux-4.4.y-st, linux-4.4.y-st) Merge changes from 4.9.314. > > Testing 64bdd786, that one fails, testing 41f63e3d5: that one does not > fail in the same > way. https://gitlab.com/cip-project/cip-kernel/linux-cip/-/pipelines/563276264. > > So it looks like 64bdd7860d908641beb8c2aceeb34b4ddd773024 > x86/speculation: Add RETPOLINE_AMD support to the inline asm causes > the build problem. > > I have reproduced problem locally, let me try to debug it. It seems this patch depends on a65655d40c8235. I have backported it an am proceeding with testing. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-14 11:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20220328091116.GA26815@amd>
[not found] ` <1346806064.1124697.1649068981110@webmail.strato.com>
[not found] ` <20220404112733.GA9863@duo.ucw.cz>
[not found] ` <971433328.1146259.1649072970767@webmail.strato.com>
[not found] ` <86774150.3004766.1651578900027@webmail.strato.com>
[not found] ` <20220503130137.GA12566@duo.ucw.cz>
[not found] ` <1032096920.483689.1652714463015@webmail.strato.com>
[not found] ` <20220517091848.GA29900@duo.ucw.cz>
[not found] ` <1414117524.1401631.1654239722410@webmail.strato.com>
[not found] ` <1772872442.3583605.1654764609414@webmail.strato.com>
2022-06-13 10:30 ` 4.4 backports -- x86 speculation Pavel Machek
[not found] ` <16F8276E2E3F8D91.11238@lists.cip-project.org>
2022-06-14 10:13 ` [cip-dev] " Pavel Machek
[not found] ` <16F8751F2AB1EA42.18003@lists.cip-project.org>
2022-06-14 10:58 ` Pavel Machek
[not found] ` <16F8778C49247DE6.18003@lists.cip-project.org>
2022-06-14 11:10 ` Pavel Machek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox