From: Salvatore Bonaccorso <carnil@debian.org>
To: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 5.15 v3 00/16] ITS mitigation
Date: Sat, 7 Jun 2025 11:34:10 +0200 [thread overview]
Message-ID: <aEQHkmGXOel3BcOF@eldamar.lan> (raw)
In-Reply-To: <20250516-its-5-15-v3-0-16fcdaaea544@linux.intel.com>
Hi Pawan,
On Fri, May 16, 2025 at 04:59:28PM -0700, Pawan Gupta wrote:
> v3:
> - Added patches:
> x86/its: Fix build errors when CONFIG_MODULES=n
> x86/its: FineIBT-paranoid vs ITS
>
> v2:
> - Added missing patch to 6.1 backport.
>
> This is a backport of mitigation for Indirect Target Selection (ITS).
>
> ITS is a bug in some Intel CPUs that affects indirect branches including
> RETs in the first half of a cacheline. Mitigation is to relocate the
> affected branches to an ITS-safe thunk.
>
> Below additional upstream commits are required to cover some of the special
> cases like indirects in asm and returns in static calls:
>
> cfceff8526a4 ("x86/speculation: Simplify and make CALL_NOSPEC consistent")
> 052040e34c08 ("x86/speculation: Add a conditional CS prefix to CALL_NOSPEC")
> c8c81458863a ("x86/speculation: Remove the extra #ifdef around CALL_NOSPEC")
> d2408e043e72 ("x86/alternative: Optimize returns patching")
> 4ba89dd6ddec ("x86/alternatives: Remove faulty optimization")
>
> [1] https://github.com/torvalds/linux/commit/6f5bf947bab06f37ff931c359fd5770c4d9cbf87
AFAICS there are no backports yet for as well older stable series than
5.15, in particular 5.10.y (which is used in Debian bullseye yet). Are
you planning to make as well backports for the 5.10.y stable series?
Regards,
Salvatore
next prev parent reply other threads:[~2025-06-07 9:34 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-16 23:59 [PATCH 5.15 v3 00/16] ITS mitigation Pawan Gupta
2025-05-16 23:59 ` [PATCH 5.15 v3 01/16] x86,nospec: Simplify {JMP,CALL}_NOSPEC Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-16 23:59 ` [PATCH 5.15 v3 02/16] x86/speculation: Simplify and make CALL_NOSPEC consistent Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:00 ` [PATCH 5.15 v3 03/16] x86/speculation: Add a conditional CS prefix to CALL_NOSPEC Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:00 ` [PATCH 5.15 v3 04/16] x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:00 ` [PATCH 5.15 v3 05/16] Documentation: x86/bugs/its: Add ITS documentation Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:01 ` [PATCH 5.15 v3 06/16] x86/its: Enumerate Indirect Target Selection (ITS) bug Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:01 ` [PATCH 5.15 v3 07/16] x86/its: Add support for ITS-safe indirect thunk Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:01 ` [PATCH 5.15 v3 08/16] x86/alternative: Optimize returns patching Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:01 ` [PATCH 5.15 v3 09/16] x86/alternatives: Remove faulty optimization Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:02 ` [PATCH 5.15 v3 10/16] x86/its: Add support for ITS-safe return thunk Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:02 ` [PATCH 5.15 v3 11/16] x86/its: Enable Indirect Target Selection mitigation Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:02 ` [PATCH 5.15 v3 12/16] x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:02 ` [PATCH 5.15 v3 13/16] x86/its: Align RETs in BHB clear sequence to avoid thunking Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:03 ` [PATCH 5.15 v3 14/16] x86/its: Use dynamic thunks for indirect branches Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:03 ` [PATCH 5.15 v3 15/16] x86/its: Fix build errors when CONFIG_MODULES=n Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-05-17 0:03 ` [PATCH 5.15 v3 16/16] x86/its: FineIBT-paranoid vs ITS Pawan Gupta
2025-05-17 13:08 ` Sasha Levin
2025-06-07 9:34 ` Salvatore Bonaccorso [this message]
2025-06-09 13:31 ` [PATCH 5.15 v3 00/16] ITS mitigation Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aEQHkmGXOel3BcOF@eldamar.lan \
--to=carnil@debian.org \
--cc=gregkh@linuxfoundation.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox