From: Greg KH <gregkh@linuxfoundation.org>
To: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: Ben Hutchings <ben@decadent.org.uk>,
peterz@infradead.org, stable@vger.kernel.org,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Borislav Petkov <bp@suse.de>
Subject: Re: FAILED: patch "[PATCH] x86/nospec: Fix i386 RSB stuffing" failed to apply to 5.10-stable tree
Date: Tue, 13 Sep 2022 13:27:30 +0200 [thread overview]
Message-ID: <YyBpImj1iKsVveDC@kroah.com> (raw)
In-Reply-To: <20220912215616.wbnfp4m6lizsvwi5@desk>
On Mon, Sep 12, 2022 at 02:56:16PM -0700, Pawan Gupta wrote:
> On Sun, Sep 11, 2022 at 07:47:25AM +0200, Greg KH wrote:
> > On Thu, Sep 08, 2022 at 02:44:33PM +0200, Ben Hutchings wrote:
> > > On Wed, 2022-09-07 at 23:09 -0700, Pawan Gupta wrote:
> > > > On Wed, Sep 07, 2022 at 02:23:58AM +0200, Ben Hutchings wrote:
> > > > > > > - The added mitigation, for PBRSB, requires removing any RET
> > > > > > > instructions executed between VM exit and the RSB filling. In these
> > > > > > > older branches that hasn't been done, so the mitigation doesn't work.
> > > > > >
> > > > > > I checked 4.19 and 5.4, I don't see any RET between VM-exit and RSB
> > > > > > filling. Could you please point me to any specific instance you are
> > > > > > seeing?
> > > > >
> > > > > Yes, you're right. The backported versions avoid this problem. They
> > > > > are quite different from the upstream commit - and I would have
> > > > > appreciated some explanation of this in their commit messages.
> > > >
> > > > Ahh right, I will keep in mind next time.
> > > >
> > > > > So, let's try again to move forward. I've attached a backport for 4.19
> > > > > and 5.4 (only tested with the latter so far).
> > > >
> > > > I am not understanding why lfence in single-entry-fill sequence is okay
> > > > on 32-bit kernels?
> > > >
> > > > #define __FILL_ONE_RETURN \
> > > > __FILL_RETURN_SLOT \
> > > > add $(BITS_PER_LONG/8), %_ASM_SP; \
> > > > lfence;
> > >
> > > This isn't exactly about whether the kernel is 32-bit vs 64-bit, it's
> > > about whether the code may run on a processor that lacks support for
> > > LFENCE (part of SSE2).
> > >
> > > - SSE2 is architectural on x86_64, so 64-bit kernels can use LFENCE
> > > unconditionally.
> > > - PBRSB doesn't affect any of those old processors, so its mitigation
> > > can use LFENCE unconditionally. (Those procesors don't support VMX
> > > either.)
> >
> > Ok, it seems that I need to take Ben's patch to resolve this. Pawan, if
> > you object, please let us know.
>
> I don't see any issue taking Ben's patch to resolve this.
>
> Backport for 5.4 didn't apply cleanly on 4.19 and needed a minor change.
>
> Attaching the patch for 4.19. It built fine with CONFIG_64BIT=n.
We already had a 4.19 patch, but I'll add your signed-off-by to it :)
thanks,
greg k-h
next prev parent reply other threads:[~2022-09-13 11:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-29 8:30 FAILED: patch "[PATCH] x86/nospec: Fix i386 RSB stuffing" failed to apply to 5.10-stable tree gregkh
2022-08-29 14:04 ` Ben Hutchings
2022-09-01 9:43 ` Greg KH
2022-09-02 14:26 ` Ben Hutchings
2022-09-06 12:07 ` Greg KH
2022-09-06 17:07 ` Ben Hutchings
2022-09-06 21:20 ` Pawan Gupta
2022-09-07 0:23 ` Ben Hutchings
2022-09-08 6:09 ` Pawan Gupta
2022-09-08 12:44 ` Ben Hutchings
2022-09-11 5:47 ` Greg KH
2022-09-12 21:56 ` Pawan Gupta
2022-09-13 11:27 ` Greg KH [this message]
2022-09-13 0:53 ` Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YyBpImj1iKsVveDC@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ben@decadent.org.uk \
--cc=bp@suse.de \
--cc=daniel.sneddon@linux.intel.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox