From: Greg KH <gregkh@linuxfoundation.org>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
peterz@infradead.org, stable@vger.kernel.org,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Borislav Petkov <bp@suse.de>
Subject: Re: FAILED: patch "[PATCH] x86/nospec: Fix i386 RSB stuffing" failed to apply to 5.10-stable tree
Date: Sun, 11 Sep 2022 07:47:25 +0200 [thread overview]
Message-ID: <Yx12bQVdycfVQkp0@kroah.com> (raw)
In-Reply-To: <61fd8fab49c19340656b2b5fbad5bc1e9f73d955.camel@decadent.org.uk>
On Thu, Sep 08, 2022 at 02:44:33PM +0200, Ben Hutchings wrote:
> On Wed, 2022-09-07 at 23:09 -0700, Pawan Gupta wrote:
> > On Wed, Sep 07, 2022 at 02:23:58AM +0200, Ben Hutchings wrote:
> > > > > - The added mitigation, for PBRSB, requires removing any RET
> > > > > instructions executed between VM exit and the RSB filling. In these
> > > > > older branches that hasn't been done, so the mitigation doesn't work.
> > > >
> > > > I checked 4.19 and 5.4, I don't see any RET between VM-exit and RSB
> > > > filling. Could you please point me to any specific instance you are
> > > > seeing?
> > >
> > > Yes, you're right. The backported versions avoid this problem. They
> > > are quite different from the upstream commit - and I would have
> > > appreciated some explanation of this in their commit messages.
> >
> > Ahh right, I will keep in mind next time.
> >
> > > So, let's try again to move forward. I've attached a backport for 4.19
> > > and 5.4 (only tested with the latter so far).
> >
> > I am not understanding why lfence in single-entry-fill sequence is okay
> > on 32-bit kernels?
> >
> > #define __FILL_ONE_RETURN \
> > __FILL_RETURN_SLOT \
> > add $(BITS_PER_LONG/8), %_ASM_SP; \
> > lfence;
>
> This isn't exactly about whether the kernel is 32-bit vs 64-bit, it's
> about whether the code may run on a processor that lacks support for
> LFENCE (part of SSE2).
>
> - SSE2 is architectural on x86_64, so 64-bit kernels can use LFENCE
> unconditionally.
> - PBRSB doesn't affect any of those old processors, so its mitigation
> can use LFENCE unconditionally. (Those procesors don't support VMX
> either.)
Ok, it seems that I need to take Ben's patch to resolve this. Pawan, if
you object, please let us know.
thanks,
greg k-h
next prev parent reply other threads:[~2022-09-11 5:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-29 8:30 FAILED: patch "[PATCH] x86/nospec: Fix i386 RSB stuffing" failed to apply to 5.10-stable tree gregkh
2022-08-29 14:04 ` Ben Hutchings
2022-09-01 9:43 ` Greg KH
2022-09-02 14:26 ` Ben Hutchings
2022-09-06 12:07 ` Greg KH
2022-09-06 17:07 ` Ben Hutchings
2022-09-06 21:20 ` Pawan Gupta
2022-09-07 0:23 ` Ben Hutchings
2022-09-08 6:09 ` Pawan Gupta
2022-09-08 12:44 ` Ben Hutchings
2022-09-11 5:47 ` Greg KH [this message]
2022-09-12 21:56 ` Pawan Gupta
2022-09-13 11:27 ` Greg KH
2022-09-13 0:53 ` Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yx12bQVdycfVQkp0@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ben@decadent.org.uk \
--cc=bp@suse.de \
--cc=daniel.sneddon@linux.intel.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox