From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Srivatsa S. Bhat" Subject: Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Date: Tue, 7 Aug 2018 12:08:07 -0700 Message-ID: <824c77d3-93d8-fb90-6eb0-afa4aeef6644@csail.mit.edu> References: <153156030832.10043.13438231886571087086.stgit@srivatsa-ubuntu> <8a87a705-97c0-eb3d-8878-8ffe052f065d@csail.mit.edu> <20180807134934.GA16837@kroah.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------8D3BCDF7813D9258CC70DFBD" Return-path: Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fn7ME-0007C5-Ho for xen-devel@lists.xenproject.org; Tue, 07 Aug 2018 19:09:26 +0000 In-Reply-To: <20180807134934.GA16837@kroah.com> Content-Language: en-US List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: Greg KH Cc: Dave Hansen , catalin.marinas@arm.com, Wanpeng Li , Andi Kleen , linux-tip-commits@vger.kernel.org, Piotr Luc , Mel Gorman , "Van De Ven, Arjan" , xen-devel , Alexander Sergeyev , Brian Gerst , Andy Lutomirski , =?UTF-8?B?TWlja2HDq2xTYWxhw7xu?= , Thomas Gleixner , Joe Konno , Laura Abbott , Will Drewry , LKML , Jia Zhang , Andrew Morton , Linus Torvalds , David Woodhouse , srinidhir@vmware.com, KarimAllah Ahmed List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------8D3BCDF7813D9258CC70DFBD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 8/7/18 6:49 AM, Greg KH wrote: > On Fri, Aug 03, 2018 at 04:20:31PM -0700, Srivatsa S. Bhat wrote: >> On 8/2/18 3:22 PM, Kees Cook wrote: >>> On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat >>> wrote: >>>> On 7/26/18 4:09 PM, Kees Cook wrote: >>>>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina wrote: >>>>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>>>>> >>>>>>> However, if you are proposing that you'd like to contribute the enhanced >>>>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >>>>>>> have them merged instead of this patch series, then I would certainly >>>>>>> welcome it! >>>>>> >>>>>> I'd in principle love us to push everything back to 4.4, but there are a >>>>>> few reasons (*) why that's not happening shortly. >>>>>> >>>>>> Anyway, to point out explicitly what's really needed for those folks >>>>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's >>>>>> either a 4.4-stable port of >>>>>> >>>>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 >>>>>> >>>>>> or making THREADINFO_GFP imply __GFP_ZERO. >>>>> >>>>> This is true in Linus's tree now. Should be trivial to backport: >>>>> https://git.kernel.org/linus/e01e80634ecdd >>>>> >>>> >>>> Hi Jiri, Kees, >>>> >>>> Thank you for suggesting the patch! I have attached the (locally >>>> tested) 4.4 and 4.9 backports of that patch with this mail. (The >>>> mainline commit applies cleanly on 4.14). >>>> >>>> Greg, could you please consider including them in stable 4.4, 4.9 >>>> and 4.14? >>> >>> I don't think your v4.9 is sufficient: it leaves the vmapped stack >>> uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers >>> from task stacks") included in the backport (really, just adding the >>> memset()). >>> >> >> Ah, I see, thank you! I have attached the updated patchset for 4.9 >> with this mail. >> >>> Otherwise, yup, looks good. >>> >> Thank you for reviewing the patches! >> >> Regards, >> Srivatsa >> VMware Photon OS > > These work for 4.9, do you also have a set for 4.4? > Thank you for considering these patches for 4.9! The (single) patch for 4.4 did not need any more changes, and hence is the same as the one I attached in my previous mail. I'll attach it again here for your reference. Also, upstream commit e01e80634ecdde1 (fork: unconditionally clear stack on fork) applies cleanly on 4.14 stable, so it would be great to cherry-pick it to 4.14 stable as well. Thank you! Regards, Srivatsa VMware Photon OS --------------8D3BCDF7813D9258CC70DFBD Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="4.4-fork-unconditionally-clear-stack-on-fork.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="4.4-fork-unconditionally-clear-stack-on-fork.patch" RnJvbSA3ZTM5ZDhjY2JiMDg4OWMwM2NlNmRjMGRlZTBlNjNkNzhmMzdkMGE5IE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLZWVzIENvb2sgPGtlZXNjb29rQGNocm9taXVtLm9y Zz4KRGF0ZTogRnJpLCAyMCBBcHIgMjAxOCAxNDo1NTozMSAtMDcwMApTdWJqZWN0OiBbUEFU Q0hdIGZvcms6IHVuY29uZGl0aW9uYWxseSBjbGVhciBzdGFjayBvbiBmb3JrCgpjb21taXQg ZTAxZTgwNjM0ZWNkZGUxZGQxMTNhYzQzYjNhZGFkMjFiNDdmMzk1NyB1cHN0cmVhbS4KCk9u ZSBvZiB0aGUgY2xhc3NlcyBvZiBrZXJuZWwgc3RhY2sgY29udGVudCBsZWFrc1sxXSBpcyBl eHBvc2luZyB0aGUKY29udGVudHMgb2YgcHJpb3IgaGVhcCBvciBzdGFjayBjb250ZW50cyB3 aGVuIGEgbmV3IHByb2Nlc3Mgc3RhY2sgaXMKYWxsb2NhdGVkLiAgTm9ybWFsbHksIHRob3Nl IHN0YWNrcyBhcmUgbm90IHplcm9lZCwgYW5kIHRoZSBvbGQgY29udGVudHMKcmVtYWluIGlu IHBsYWNlLiAgSW4gdGhlIGZhY2Ugb2Ygc3RhY2sgY29udGVudCBleHBvc3VyZSBmbGF3cywg dGhvc2UKY29udGVudHMgY2FuIGxlYWsgdG8gdXNlcnNwYWNlLgoKRml4aW5nIHRoaXMgd2ls bCBtYWtlIHRoZSBrZXJuZWwgbm8gbG9uZ2VyIHZ1bG5lcmFibGUgdG8gdGhlc2UgZmxhd3Ms IGFzCnRoZSBzdGFjayB3aWxsIGJlIHdpcGVkIGVhY2ggdGltZSBhIHN0YWNrIGlzIGFzc2ln bmVkIHRvIGEgbmV3IHByb2Nlc3MuClRoZXJlJ3Mgbm90IGEgbWVhbmluZ2Z1bCBjaGFuZ2Ug aW4gcnVudGltZSBwZXJmb3JtYW5jZTsgaXQgYWxtb3N0IGxvb2tzCmxpa2UgaXQgcHJvdmlk ZXMgYSBiZW5lZml0LgoKUGVyZm9ybWluZyBiYWNrLXRvLWJhY2sga2VybmVsIGJ1aWxkcyBi ZWZvcmU6CglSdW4gdGltZXM6IDE1Ny44NiAxNTcuMDkgMTU4LjkwIDE2MC45NCAxNjAuODAK CU1lYW46IDE1OS4xMgoJU3RkIERldjogMS41NAoKYW5kIGFmdGVyOgoJUnVuIHRpbWVzOiAx NTkuMzEgMTU3LjM0IDE1Ni43MSAxNTguMTUgMTYwLjgxCglNZWFuOiAxNTguNDYKCVN0ZCBE ZXY6IDEuNDYKCkluc3RlYWQgb2YgbWFraW5nIHRoaXMgYSBidWlsZCBvciBydW50aW1lIGNv bmZpZywgQW5keSBMdXRvbWlyc2tpCnJlY29tbWVuZGVkIHRoaXMganVzdCBiZSBlbmFibGVk IGJ5IGRlZmF1bHQuCgpbMV0gQSBub2lzeSBzZWFyY2ggZm9yIG1hbnkga2luZHMgb2Ygc3Rh Y2sgY29udGVudCBsZWFrcyBjYW4gYmUgc2VlbiBoZXJlOgpodHRwczovL2N2ZS5taXRyZS5v cmcvY2dpLWJpbi9jdmVrZXkuY2dpP2tleXdvcmQ9bGludXgra2VybmVsK3N0YWNrK2xlYWsK CkkgZGlkIHNvbWUgbW9yZSB3aXRoIHBlcmYgYW5kIGN5Y2xlIGNvdW50cyBvbiBydW5uaW5n IDEwMCwwMDAgZXhlY3Mgb2YKL2Jpbi90cnVlLgoKYmVmb3JlOgpDeWNsZXM6IDIxODg1ODg2 MTU1MSAyMTg4NTMwMzYxMzAgMjE0NzI3NjEwOTY5IDIyNzY1Njg0NDEyMiAyMjQ5ODA1NDI4 NDEKTWVhbjogIDIyMTAxNTM3OTEyMi42MApTdGQgRGV2OiA0NjYyNDg2NTUyLjQ3CgphZnRl cjoKQ3ljbGVzOiAyMTM4Njg5NDUwNjAgMjEzMTE5Mjc1MjA0IDIxMTgyMDE2OTQ1NiAyMjQ0 MjY2NzMyNTkgMjI1NDg5OTg2MzQ4Ck1lYW46ICAyMTc3NDUwMDk4NjUuNDAKU3RkIERldjog NTkzNTU1OTI3OS45OQoKSXQgY29udGludWVzIHRvIGxvb2sgbGlrZSBpdCdzIGZhc3Rlciwg dGhvdWdoIHRoZSBkZXZpYXRpb24gaXMgcmF0aGVyCndpZGUsIGJ1dCBJJ20gbm90IHN1cmUg d2hhdCBJIGNvdWxkIGRvIHRoYXQgd291bGQgYmUgbGVzcyBub2lzeS4gIEknbQpvcGVuIHRv IGlkZWFzIQoKTGluazogaHR0cDovL2xrbWwua2VybmVsLm9yZy9yLzIwMTgwMjIxMDIxNjU5 LkdBMzcwNzNAYmVhc3QKU2lnbmVkLW9mZi1ieTogS2VlcyBDb29rIDxrZWVzY29va0BjaHJv bWl1bS5vcmc+CkFja2VkLWJ5OiBNaWNoYWwgSG9ja28gPG1ob2Nrb0BzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IEFuZHJldyBNb3J0b24gPGFrcG1AbGludXgtZm91bmRhdGlvbi5vcmc+CkNj OiBBbmR5IEx1dG9taXJza2kgPGx1dG9Aa2VybmVsLm9yZz4KQ2M6IExhdXJhIEFiYm90dCA8 bGFiYm90dEByZWRoYXQuY29tPgpDYzogUmFzbXVzIFZpbGxlbW9lcyA8cmFzbXVzLnZpbGxl bW9lc0BwcmV2YXMuZGs+CkNjOiBNZWwgR29ybWFuIDxtZ29ybWFuQHRlY2hzaW5ndWxhcml0 eS5uZXQ+ClNpZ25lZC1vZmYtYnk6IEFuZHJldyBNb3J0b24gPGFrcG1AbGludXgtZm91bmRh dGlvbi5vcmc+ClNpZ25lZC1vZmYtYnk6IExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BsaW51 eC1mb3VuZGF0aW9uLm9yZz4KWyBTcml2YXRzYTogQmFja3BvcnRlZCB0byA0LjQueSBdClNp Z25lZC1vZmYtYnk6IFNyaXZhdHNhIFMuIEJoYXQgPHNyaXZhdHNhQGNzYWlsLm1pdC5lZHU+ ClJldmlld2VkLWJ5OiBTcmluaWRoaSBSYW8gPHNyaW5pZGhpckB2bXdhcmUuY29tPgotLS0K IGluY2x1ZGUvbGludXgvdGhyZWFkX2luZm8uaCB8IDYgKy0tLS0tCiAxIGZpbGUgY2hhbmdl ZCwgMSBpbnNlcnRpb24oKyksIDUgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvaW5jbHVk ZS9saW51eC90aHJlYWRfaW5mby5oIGIvaW5jbHVkZS9saW51eC90aHJlYWRfaW5mby5oCmlu ZGV4IGZmMzA3YjUuLjY0Njg5MWYgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgvdGhyZWFk X2luZm8uaAorKysgYi9pbmNsdWRlL2xpbnV4L3RocmVhZF9pbmZvLmgKQEAgLTU1LDExICs1 NSw3IEBAIGV4dGVybiBsb25nIGRvX25vX3Jlc3RhcnRfc3lzY2FsbChzdHJ1Y3QgcmVzdGFy dF9ibG9jayAqcGFybSk7CiAKICNpZmRlZiBfX0tFUk5FTF9fCiAKLSNpZmRlZiBDT05GSUdf REVCVUdfU1RBQ0tfVVNBR0UKLSMgZGVmaW5lIFRIUkVBRElORk9fR0ZQCQkoR0ZQX0tFUk5F TCB8IF9fR0ZQX05PVFJBQ0sgfCBfX0dGUF9aRVJPKQotI2Vsc2UKLSMgZGVmaW5lIFRIUkVB RElORk9fR0ZQCQkoR0ZQX0tFUk5FTCB8IF9fR0ZQX05PVFJBQ0spCi0jZW5kaWYKKyNkZWZp bmUgVEhSRUFESU5GT19HRlAJCShHRlBfS0VSTkVMIHwgX19HRlBfTk9UUkFDSyB8IF9fR0ZQ X1pFUk8pCiAKIC8qCiAgKiBmbGFnIHNldC9jbGVhci90ZXN0IHdyYXBwZXJzCi0tIAoyLjcu NAoK --------------8D3BCDF7813D9258CC70DFBD Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6Ly9saXN0 cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1kZXZlbA== --------------8D3BCDF7813D9258CC70DFBD--