* [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
@ 2018-07-14 9:25 Srivatsa S. Bhat
2018-07-14 9:31 ` [PATCH 4.4.y 040/101] x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend Srivatsa S. Bhat
` (3 more replies)
0 siblings, 4 replies; 17+ messages in thread
From: Srivatsa S. Bhat @ 2018-07-14 9:25 UTC (permalink / raw)
To: gregkh, stable
Cc: Dave Hansen, srivatsa, Wanpeng Li, Andi Kleen, linux-tip-commits,
Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel,
Alexander Sergeyev, Brian Gerst, luto, MickaëlSalaün,
Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry,
Jiri Kosina, linux-kernel, Jia Zhang, Andrew Morton,
Linus Torvalds, David Woodhouse, KarimAllah Ahmed
Hi Greg,
This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS)
and patches for the Speculative Store Bypass vulnerability to 4.4.y
(they apply cleanly on top of 4.4.140).
I used 4.9.y as my reference when backporting to 4.4.y (as I thought
that would minimize the amount of fixing up necessary). Unfortunately
I had to skip the KVM fixes for these vulnerabilities, as the KVM
codebase is drastically different in 4.4 as compared to 4.9. (I tried
my best to backport them initially, but wasn't confident that they
were correct, so I decided to drop them from this series).
You'll notice that the initial few patches in this series include
cleanups etc., that are non-critical to IBPB/IBRS/SSBD. Most of these
patches are aimed at getting the cpufeature.h vs cpufeatures.h split
into 4.4, since a lot of the subsequent patches update these headers.
On my first attempt to backport these patches to 4.4.y, I had actually
tried to do all the updates on the cpufeature.h file itself, but it
started getting very cumbersome, so I resorted to backporting the
cpufeature.h vs cpufeatures.h split and their dependencies as well. I
think apart from these initial patches, the rest of the patchset
doesn't have all that much noise.
This patchset has been tested on both Intel and AMD machines (Intel
Xeon CPU E5-2660 v4 and AMD EPYC 7281 16-Core Processor, respectively)
with updated microcode. All the patch backports have been
independently reviewed by Matt Helsley, Alexey Makhalov and Bo Gan.
I would appreciate if you could kindly consider these patches for
review and inclusion in a future 4.4.y release.
Thank you very much!
Regards,
Srivatsa
VMware Photon OS
P.S. This patchset is also available in the following repo if anyone
is interested in giving it a try:
https://github.com/srivatsabhat/linux-stable spectre-v2-fixes-nokvm-4.4.140
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH 4.4.y 040/101] x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend 2018-07-14 9:25 [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Srivatsa S. Bhat @ 2018-07-14 9:31 ` Srivatsa S. Bhat 2018-07-15 11:26 ` [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Greg KH ` (2 subsequent siblings) 3 siblings, 0 replies; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-07-14 9:31 UTC (permalink / raw) To: gregkh, stable Cc: Juergen Gross, srivatsa, rostedt, matt.helsley, ganb, Jan Beulich, amakhalov, xen-devel, Thomas Gleixner, boris.ostrovsky, srivatsab From: Juergen Gross <jgross@suse.com> commit 71c208dd54ab971036d83ff6d9837bae4976e623 upstream. Older Xen versions (4.5 and before) might have problems migrating pv guests with MSR_IA32_SPEC_CTRL having a non-zero value. So before suspending zero that MSR and restore it after being resumed. Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Jan Beulich <jbeulich@suse.com> Cc: stable@vger.kernel.org Cc: xen-devel@lists.xenproject.org Cc: boris.ostrovsky@oracle.com Link: https://lkml.kernel.org/r/20180226140818.4849-1-jgross@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com> Reviewed-by: Alexey Makhalov <amakhalov@vmware.com> Reviewed-by: Bo Gan <ganb@vmware.com> --- arch/x86/xen/suspend.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/x86/xen/suspend.c b/arch/x86/xen/suspend.c index 7f664c4..4ecd0de 100644 --- a/arch/x86/xen/suspend.c +++ b/arch/x86/xen/suspend.c @@ -1,11 +1,14 @@ #include <linux/types.h> #include <linux/tick.h> +#include <linux/percpu-defs.h> #include <xen/xen.h> #include <xen/interface/xen.h> #include <xen/grant_table.h> #include <xen/events.h> +#include <asm/cpufeatures.h> +#include <asm/msr-index.h> #include <asm/xen/hypercall.h> #include <asm/xen/page.h> #include <asm/fixmap.h> @@ -68,6 +71,8 @@ static void xen_pv_post_suspend(int suspend_cancelled) xen_mm_unpin_all(); } +static DEFINE_PER_CPU(u64, spec_ctrl); + void xen_arch_pre_suspend(void) { if (xen_pv_domain()) @@ -84,6 +89,9 @@ void xen_arch_post_suspend(int cancelled) static void xen_vcpu_notify_restore(void *data) { + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) + wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl)); + /* Boot processor notified via generic timekeeping_resume() */ if (smp_processor_id() == 0) return; @@ -93,7 +101,15 @@ static void xen_vcpu_notify_restore(void *data) static void xen_vcpu_notify_suspend(void *data) { + u64 tmp; + tick_suspend_local(); + + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) { + rdmsrl(MSR_IA32_SPEC_CTRL, tmp); + this_cpu_write(spec_ctrl, tmp); + wrmsrl(MSR_IA32_SPEC_CTRL, 0); + } } void xen_arch_resume(void) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-14 9:25 [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Srivatsa S. Bhat 2018-07-14 9:31 ` [PATCH 4.4.y 040/101] x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend Srivatsa S. Bhat @ 2018-07-15 11:26 ` Greg KH 2018-07-16 8:02 ` Srivatsa S. Bhat 2018-07-23 11:26 ` Greg KH 2018-07-23 22:06 ` Jiri Kosina 3 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2018-07-15 11:26 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, Wanpeng Li, ak, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Jiri Kosina, linux-kernel, Jia Zhang, Andrew Morton, torvalds, dwmw, karahmed, dave.hansen, linux, Bo Gan On Sat, Jul 14, 2018 at 02:25:43AM -0700, Srivatsa S. Bhat wrote: > Hi Greg, > > This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS) > and patches for the Speculative Store Bypass vulnerability to 4.4.y > (they apply cleanly on top of 4.4.140). > > I used 4.9.y as my reference when backporting to 4.4.y (as I thought > that would minimize the amount of fixing up necessary). Unfortunately > I had to skip the KVM fixes for these vulnerabilities, as the KVM > codebase is drastically different in 4.4 as compared to 4.9. (I tried > my best to backport them initially, but wasn't confident that they > were correct, so I decided to drop them from this series). > > You'll notice that the initial few patches in this series include > cleanups etc., that are non-critical to IBPB/IBRS/SSBD. Most of these > patches are aimed at getting the cpufeature.h vs cpufeatures.h split > into 4.4, since a lot of the subsequent patches update these headers. > On my first attempt to backport these patches to 4.4.y, I had actually > tried to do all the updates on the cpufeature.h file itself, but it > started getting very cumbersome, so I resorted to backporting the > cpufeature.h vs cpufeatures.h split and their dependencies as well. I > think apart from these initial patches, the rest of the patchset > doesn't have all that much noise. I've applied the "initial" patches to the 4.4-stable queue right now, as those were all just "housekeeping" stuff. I'll let others review the rest of the series this week and see if anyone objects before throwing them at the test-bots. Many thanks for doing all of this work. greg k-h _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-15 11:26 ` [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Greg KH @ 2018-07-16 8:02 ` Srivatsa S. Bhat 0 siblings, 0 replies; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-07-16 8:02 UTC (permalink / raw) To: Greg KH Cc: Dave Hansen, Wanpeng Li, ak, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Jiri Kosina, linux-kernel, Jia Zhang, Andrew Morton, torvalds, dwmw, karahmed, dave.hansen, linux, Bo Gan On 7/15/18 4:26 AM, Greg KH wrote: > On Sat, Jul 14, 2018 at 02:25:43AM -0700, Srivatsa S. Bhat wrote: >> Hi Greg, >> >> This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS) >> and patches for the Speculative Store Bypass vulnerability to 4.4.y >> (they apply cleanly on top of 4.4.140). >> >> I used 4.9.y as my reference when backporting to 4.4.y (as I thought >> that would minimize the amount of fixing up necessary). Unfortunately >> I had to skip the KVM fixes for these vulnerabilities, as the KVM >> codebase is drastically different in 4.4 as compared to 4.9. (I tried >> my best to backport them initially, but wasn't confident that they >> were correct, so I decided to drop them from this series). >> >> You'll notice that the initial few patches in this series include >> cleanups etc., that are non-critical to IBPB/IBRS/SSBD. Most of these >> patches are aimed at getting the cpufeature.h vs cpufeatures.h split >> into 4.4, since a lot of the subsequent patches update these headers. >> On my first attempt to backport these patches to 4.4.y, I had actually >> tried to do all the updates on the cpufeature.h file itself, but it >> started getting very cumbersome, so I resorted to backporting the >> cpufeature.h vs cpufeatures.h split and their dependencies as well. I >> think apart from these initial patches, the rest of the patchset >> doesn't have all that much noise. > > I've applied the "initial" patches to the 4.4-stable queue right now, as > those were all just "housekeeping" stuff. I'll let others review the > rest of the series this week and see if anyone objects before throwing > them at the test-bots. > Sounds great! Thanks a lot! > Many thanks for doing all of this work. > Thank you Greg! Regards, Srivatsa VMware Photon OS _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-14 9:25 [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Srivatsa S. Bhat 2018-07-14 9:31 ` [PATCH 4.4.y 040/101] x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend Srivatsa S. Bhat 2018-07-15 11:26 ` [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Greg KH @ 2018-07-23 11:26 ` Greg KH 2018-07-23 17:27 ` Srivatsa S. Bhat 2018-07-23 22:06 ` Jiri Kosina 3 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2018-07-23 11:26 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, Wanpeng Li, ak, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Jiri Kosina, linux-kernel, Jia Zhang, Andrew Morton, torvalds, dwmw, karahmed, dave.hansen, linux, Bo Gan On Sat, Jul 14, 2018 at 02:25:43AM -0700, Srivatsa S. Bhat wrote: > Hi Greg, > > This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS) > and patches for the Speculative Store Bypass vulnerability to 4.4.y > (they apply cleanly on top of 4.4.140). > > I used 4.9.y as my reference when backporting to 4.4.y (as I thought > that would minimize the amount of fixing up necessary). Unfortunately > I had to skip the KVM fixes for these vulnerabilities, as the KVM > codebase is drastically different in 4.4 as compared to 4.9. (I tried > my best to backport them initially, but wasn't confident that they > were correct, so I decided to drop them from this series). > > You'll notice that the initial few patches in this series include > cleanups etc., that are non-critical to IBPB/IBRS/SSBD. Most of these > patches are aimed at getting the cpufeature.h vs cpufeatures.h split > into 4.4, since a lot of the subsequent patches update these headers. > On my first attempt to backport these patches to 4.4.y, I had actually > tried to do all the updates on the cpufeature.h file itself, but it > started getting very cumbersome, so I resorted to backporting the > cpufeature.h vs cpufeatures.h split and their dependencies as well. I > think apart from these initial patches, the rest of the patchset > doesn't have all that much noise. > > This patchset has been tested on both Intel and AMD machines (Intel > Xeon CPU E5-2660 v4 and AMD EPYC 7281 16-Core Processor, respectively) > with updated microcode. All the patch backports have been > independently reviewed by Matt Helsley, Alexey Makhalov and Bo Gan. > > I would appreciate if you could kindly consider these patches for > review and inclusion in a future 4.4.y release. Given no one has complained about these yet, I've queued them all up, including the 2 extra ones you sent afterward. Let's see what breaks :) thanks, greg k-h _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-23 11:26 ` Greg KH @ 2018-07-23 17:27 ` Srivatsa S. Bhat 0 siblings, 0 replies; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-07-23 17:27 UTC (permalink / raw) To: Greg KH Cc: Dave Hansen, Wanpeng Li, ak, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Jiri Kosina, linux-kernel, Jia Zhang, Andrew Morton, torvalds, dwmw, karahmed, dave.hansen, linux, Bo Gan On 7/23/18 4:26 AM, Greg KH wrote: > On Sat, Jul 14, 2018 at 02:25:43AM -0700, Srivatsa S. Bhat wrote: >> Hi Greg, >> >> This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS) >> and patches for the Speculative Store Bypass vulnerability to 4.4.y >> (they apply cleanly on top of 4.4.140). >> >> I used 4.9.y as my reference when backporting to 4.4.y (as I thought >> that would minimize the amount of fixing up necessary). Unfortunately >> I had to skip the KVM fixes for these vulnerabilities, as the KVM >> codebase is drastically different in 4.4 as compared to 4.9. (I tried >> my best to backport them initially, but wasn't confident that they >> were correct, so I decided to drop them from this series). >> >> You'll notice that the initial few patches in this series include >> cleanups etc., that are non-critical to IBPB/IBRS/SSBD. Most of these >> patches are aimed at getting the cpufeature.h vs cpufeatures.h split >> into 4.4, since a lot of the subsequent patches update these headers. >> On my first attempt to backport these patches to 4.4.y, I had actually >> tried to do all the updates on the cpufeature.h file itself, but it >> started getting very cumbersome, so I resorted to backporting the >> cpufeature.h vs cpufeatures.h split and their dependencies as well. I >> think apart from these initial patches, the rest of the patchset >> doesn't have all that much noise. >> >> This patchset has been tested on both Intel and AMD machines (Intel >> Xeon CPU E5-2660 v4 and AMD EPYC 7281 16-Core Processor, respectively) >> with updated microcode. All the patch backports have been >> independently reviewed by Matt Helsley, Alexey Makhalov and Bo Gan. >> >> I would appreciate if you could kindly consider these patches for >> review and inclusion in a future 4.4.y release. > > Given no one has complained about these yet, I've queued them all up, > including the 2 extra ones you sent afterward. > Great! Thank you very much! > Let's see what breaks :) > Hehe :) Regards, Srivatsa VMware Photon OS _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-14 9:25 [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Srivatsa S. Bhat ` (2 preceding siblings ...) 2018-07-23 11:26 ` Greg KH @ 2018-07-23 22:06 ` Jiri Kosina 2018-07-24 20:13 ` Srivatsa S. Bhat 3 siblings, 1 reply; 17+ messages in thread From: Jiri Kosina @ 2018-07-23 22:06 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, gregkh, linux-kernel, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, KarimAllah Ahmed, Dave Hansen On Sat, 14 Jul 2018, Srivatsa S. Bhat wrote: > This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS) > and patches for the Speculative Store Bypass vulnerability to 4.4.y > (they apply cleanly on top of 4.4.140). FWIW -- not sure how much inspiration you took from our SLE 4.4-based tree, but most of the stuff is already there for quite some time (including the non-upstream IBRS on kernel boundary on SKL+, trampoline stack for PTI (which the original port didn't have), etc). The IBRS SKL+ stuff has not been picked up by Greg, as it's non-upstream, and the trampoline stack I believe was pointed out to stable@, but noone really sat down and did the port (our codebase is different than 4.4.x stable base), but it definitely should be done if someone has to put 100% trust into the PTI port (either that, or at least zeroing out the kernel thread thread stack ... we used to have temporarily that before we switched over to proper entry trampoline in this version as well). Thanks, -- Jiri Kosina SUSE Labs _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-23 22:06 ` Jiri Kosina @ 2018-07-24 20:13 ` Srivatsa S. Bhat 2018-07-24 22:02 ` Jiri Kosina 0 siblings, 1 reply; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-07-24 20:13 UTC (permalink / raw) To: Jiri Kosina Cc: Dave Hansen, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, gregkh, linux-kernel, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, KarimAllah Ahmed, Dave Hansen On 7/23/18 3:06 PM, Jiri Kosina wrote: > On Sat, 14 Jul 2018, Srivatsa S. Bhat wrote: > >> This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS) >> and patches for the Speculative Store Bypass vulnerability to 4.4.y >> (they apply cleanly on top of 4.4.140). > > FWIW -- not sure how much inspiration you took from our SLE 4.4-based > tree, but most of the stuff is already there for quite some time > (including the non-upstream IBRS on kernel boundary on SKL+, trampoline > stack for PTI (which the original port didn't have), etc). > > The IBRS SKL+ stuff has not been picked up by Greg, as it's non-upstream, > and the trampoline stack I believe was pointed out to stable@, but noone > really sat down and did the port (our codebase is different than 4.4.x > stable base), but it definitely should be done if someone has to put 100% > trust into the PTI port (either that, or at least zeroing out the kernel > thread thread stack ... we used to have temporarily that before we > switched over to proper entry trampoline in this version as well). > I did glance at the SLES 4.4 kernel sometime ago, but there seemed to be way too many custom patches and I wasn't sure in what ways your PTI/Spectre fixes depended on the other (x86) patches in your tree. So I decided to backport entirely from the 4.9 stable tree instead. My reasoning was that, since the 4.9 stable patches were trusted to work well, their 4.4 backports should work well too, as long as they are backported correctly. However, if you are proposing that you'd like to contribute the enhanced PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and have them merged instead of this patch series, then I would certainly welcome it! Regards, Srivatsa VMware Photon OS _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-24 20:13 ` Srivatsa S. Bhat @ 2018-07-24 22:02 ` Jiri Kosina 2018-07-26 23:09 ` Kees Cook 0 siblings, 1 reply; 17+ messages in thread From: Jiri Kosina @ 2018-07-24 22:02 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, arjan.van.de.ven, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, gregkh, linux-kernel, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, KarimAllah Ahmed, Dave Hansen On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: > However, if you are proposing that you'd like to contribute the enhanced > PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and > have them merged instead of this patch series, then I would certainly > welcome it! I'd in principle love us to push everything back to 4.4, but there are a few reasons (*) why that's not happening shortly. Anyway, to point out explicitly what's really needed for those folks running 4.4-stable and relying on PTI providing The Real Thing(TM), it's either a 4.4-stable port of http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 or making THREADINFO_GFP imply __GFP_ZERO. (*) IBRS is not upstream, we historically have had very different x86 codebase compared to either 4.4, 4.4-stable or current Linus' tree, and there are simply too many things happening right now to give this high enough priority, sadly. We're not fully-dependent downstream consumer of -stable any more, so this is one of the expected outcomes, unfortunately; we don't immediately benefit from pushing our downstream changes to stable, as we have to carry those over forward ourselves anyway. Thanks, -- Jiri Kosina SUSE Labs _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-24 22:02 ` Jiri Kosina @ 2018-07-26 23:09 ` Kees Cook 2018-08-02 19:22 ` Srivatsa S. Bhat 0 siblings, 1 reply; 17+ messages in thread From: Kees Cook @ 2018-07-26 23:09 UTC (permalink / raw) To: Jiri Kosina Cc: Dave Hansen, Srivatsa S. Bhat, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Greg KH, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@kernel.org> wrote: > On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: > >> However, if you are proposing that you'd like to contribute the enhanced >> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >> have them merged instead of this patch series, then I would certainly >> welcome it! > > I'd in principle love us to push everything back to 4.4, but there are a > few reasons (*) why that's not happening shortly. > > Anyway, to point out explicitly what's really needed for those folks > running 4.4-stable and relying on PTI providing The Real Thing(TM), it's > either a 4.4-stable port of > > http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 > > or making THREADINFO_GFP imply __GFP_ZERO. This is true in Linus's tree now. Should be trivial to backport: https://git.kernel.org/linus/e01e80634ecdd -Kees -- Kees Cook Pixel Security _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-07-26 23:09 ` Kees Cook @ 2018-08-02 19:22 ` Srivatsa S. Bhat 2018-08-02 22:22 ` Kees Cook 0 siblings, 1 reply; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-08-02 19:22 UTC (permalink / raw) To: Kees Cook, Jiri Kosina Cc: Dave Hansen, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Greg KH, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir [-- Attachment #1: Type: text/plain, Size: 1379 bytes --] On 7/26/18 4:09 PM, Kees Cook wrote: > On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@kernel.org> wrote: >> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >> >>> However, if you are proposing that you'd like to contribute the enhanced >>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >>> have them merged instead of this patch series, then I would certainly >>> welcome it! >> >> I'd in principle love us to push everything back to 4.4, but there are a >> few reasons (*) why that's not happening shortly. >> >> Anyway, to point out explicitly what's really needed for those folks >> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's >> either a 4.4-stable port of >> >> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 >> >> or making THREADINFO_GFP imply __GFP_ZERO. > > This is true in Linus's tree now. Should be trivial to backport: > https://git.kernel.org/linus/e01e80634ecdd > Hi Jiri, Kees, Thank you for suggesting the patch! I have attached the (locally tested) 4.4 and 4.9 backports of that patch with this mail. (The mainline commit applies cleanly on 4.14). Greg, could you please consider including them in stable 4.4, 4.9 and 4.14? Thank you very much! Regards, Srivatsa VMware Photon OS [-- Attachment #2: 4.4-fork-unconditionally-clear-stack-on-fork.patch --] [-- Type: text/plain, Size: 3081 bytes --] From 7e39d8ccbb0889c03ce6dc0dee0e63d78f37d0a9 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@chromium.org> Date: Fri, 20 Apr 2018 14:55:31 -0700 Subject: [PATCH] fork: unconditionally clear stack on fork commit e01e80634ecdde1dd113ac43b3adad21b47f3957 upstream. One of the classes of kernel stack content leaks[1] is exposing the contents of prior heap or stack contents when a new process stack is allocated. Normally, those stacks are not zeroed, and the old contents remain in place. In the face of stack content exposure flaws, those contents can leak to userspace. Fixing this will make the kernel no longer vulnerable to these flaws, as the stack will be wiped each time a stack is assigned to a new process. There's not a meaningful change in runtime performance; it almost looks like it provides a benefit. Performing back-to-back kernel builds before: Run times: 157.86 157.09 158.90 160.94 160.80 Mean: 159.12 Std Dev: 1.54 and after: Run times: 159.31 157.34 156.71 158.15 160.81 Mean: 158.46 Std Dev: 1.46 Instead of making this a build or runtime config, Andy Lutomirski recommended this just be enabled by default. [1] A noisy search for many kinds of stack content leaks can be seen here: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel+stack+leak I did some more with perf and cycle counts on running 100,000 execs of /bin/true. before: Cycles: 218858861551 218853036130 214727610969 227656844122 224980542841 Mean: 221015379122.60 Std Dev: 4662486552.47 after: Cycles: 213868945060 213119275204 211820169456 224426673259 225489986348 Mean: 217745009865.40 Std Dev: 5935559279.99 It continues to look like it's faster, though the deviation is rather wide, but I'm not sure what I could do that would be less noisy. I'm open to ideas! Link: http://lkml.kernel.org/r/20180221021659.GA37073@beast Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Laura Abbott <labbott@redhat.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Cc: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [ Srivatsa: Backported to 4.4.y ] Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Srinidhi Rao <srinidhir@vmware.com> --- include/linux/thread_info.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index ff307b5..646891f 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -55,11 +55,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); #ifdef __KERNEL__ -#ifdef CONFIG_DEBUG_STACK_USAGE -# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) -#else -# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK) -#endif +#define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) /* * flag set/clear/test wrappers -- 2.7.4 [-- Attachment #3: 4.9-fork-unconditionally-clear-stack-on-fork.patch --] [-- Type: text/plain, Size: 3113 bytes --] From 7debcc6438b4a0bdc9a7b509a751350dad883328 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@chromium.org> Date: Fri, 20 Apr 2018 14:55:31 -0700 Subject: [PATCH] fork: unconditionally clear stack on fork commit e01e80634ecdde1dd113ac43b3adad21b47f3957 upstream. One of the classes of kernel stack content leaks[1] is exposing the contents of prior heap or stack contents when a new process stack is allocated. Normally, those stacks are not zeroed, and the old contents remain in place. In the face of stack content exposure flaws, those contents can leak to userspace. Fixing this will make the kernel no longer vulnerable to these flaws, as the stack will be wiped each time a stack is assigned to a new process. There's not a meaningful change in runtime performance; it almost looks like it provides a benefit. Performing back-to-back kernel builds before: Run times: 157.86 157.09 158.90 160.94 160.80 Mean: 159.12 Std Dev: 1.54 and after: Run times: 159.31 157.34 156.71 158.15 160.81 Mean: 158.46 Std Dev: 1.46 Instead of making this a build or runtime config, Andy Lutomirski recommended this just be enabled by default. [1] A noisy search for many kinds of stack content leaks can be seen here: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel+stack+leak I did some more with perf and cycle counts on running 100,000 execs of /bin/true. before: Cycles: 218858861551 218853036130 214727610969 227656844122 224980542841 Mean: 221015379122.60 Std Dev: 4662486552.47 after: Cycles: 213868945060 213119275204 211820169456 224426673259 225489986348 Mean: 217745009865.40 Std Dev: 5935559279.99 It continues to look like it's faster, though the deviation is rather wide, but I'm not sure what I could do that would be less noisy. I'm open to ideas! Link: http://lkml.kernel.org/r/20180221021659.GA37073@beast Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Laura Abbott <labbott@redhat.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Cc: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [ Srivatsa: Backported to 4.9.y ] Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Srinidhi Rao <srinidhir@vmware.com> --- include/linux/thread_info.h | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index 2873baf..5e64367 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -59,12 +59,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); #ifdef __KERNEL__ -#ifdef CONFIG_DEBUG_STACK_USAGE -# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | \ - __GFP_ZERO) -#else -# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK) -#endif +#define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | __GFP_ZERO) /* * flag set/clear/test wrappers -- 2.7.4 [-- Attachment #4: Type: text/plain, Size: 157 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-08-02 19:22 ` Srivatsa S. Bhat @ 2018-08-02 22:22 ` Kees Cook 2018-08-03 23:20 ` Srivatsa S. Bhat 0 siblings, 1 reply; 17+ messages in thread From: Kees Cook @ 2018-08-02 22:22 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Greg KH, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat <srivatsa@csail.mit.edu> wrote: > On 7/26/18 4:09 PM, Kees Cook wrote: >> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@kernel.org> wrote: >>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>> >>>> However, if you are proposing that you'd like to contribute the enhanced >>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >>>> have them merged instead of this patch series, then I would certainly >>>> welcome it! >>> >>> I'd in principle love us to push everything back to 4.4, but there are a >>> few reasons (*) why that's not happening shortly. >>> >>> Anyway, to point out explicitly what's really needed for those folks >>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's >>> either a 4.4-stable port of >>> >>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 >>> >>> or making THREADINFO_GFP imply __GFP_ZERO. >> >> This is true in Linus's tree now. Should be trivial to backport: >> https://git.kernel.org/linus/e01e80634ecdd >> > > Hi Jiri, Kees, > > Thank you for suggesting the patch! I have attached the (locally > tested) 4.4 and 4.9 backports of that patch with this mail. (The > mainline commit applies cleanly on 4.14). > > Greg, could you please consider including them in stable 4.4, 4.9 > and 4.14? I don't think your v4.9 is sufficient: it leaves the vmapped stack uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers from task stacks") included in the backport (really, just adding the memset()). Otherwise, yup, looks good. -Kees -- Kees Cook Pixel Security _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-08-02 22:22 ` Kees Cook @ 2018-08-03 23:20 ` Srivatsa S. Bhat 2018-08-07 13:49 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-08-03 23:20 UTC (permalink / raw) To: Kees Cook Cc: Dave Hansen, catalin.marinas, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, Greg KH, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir [-- Attachment #1: Type: text/plain, Size: 1932 bytes --] On 8/2/18 3:22 PM, Kees Cook wrote: > On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat > <srivatsa@csail.mit.edu> wrote: >> On 7/26/18 4:09 PM, Kees Cook wrote: >>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@kernel.org> wrote: >>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>>> >>>>> However, if you are proposing that you'd like to contribute the enhanced >>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >>>>> have them merged instead of this patch series, then I would certainly >>>>> welcome it! >>>> >>>> I'd in principle love us to push everything back to 4.4, but there are a >>>> few reasons (*) why that's not happening shortly. >>>> >>>> Anyway, to point out explicitly what's really needed for those folks >>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's >>>> either a 4.4-stable port of >>>> >>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 >>>> >>>> or making THREADINFO_GFP imply __GFP_ZERO. >>> >>> This is true in Linus's tree now. Should be trivial to backport: >>> https://git.kernel.org/linus/e01e80634ecdd >>> >> >> Hi Jiri, Kees, >> >> Thank you for suggesting the patch! I have attached the (locally >> tested) 4.4 and 4.9 backports of that patch with this mail. (The >> mainline commit applies cleanly on 4.14). >> >> Greg, could you please consider including them in stable 4.4, 4.9 >> and 4.14? > > I don't think your v4.9 is sufficient: it leaves the vmapped stack > uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers > from task stacks") included in the backport (really, just adding the > memset()). > Ah, I see, thank you! I have attached the updated patchset for 4.9 with this mail. > Otherwise, yup, looks good. > Thank you for reviewing the patches! Regards, Srivatsa VMware Photon OS [-- Attachment #2: 4.9-0001-kmemleak-clear-stale-pointers-from-task-stacks.patch --] [-- Type: text/plain, Size: 1906 bytes --] From edf835d8b6bac08bc5e69efb3e1cc321e2457f61 Mon Sep 17 00:00:00 2001 From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Date: Fri, 13 Oct 2017 15:58:22 -0700 Subject: [PATCH 1/2] kmemleak: clear stale pointers from task stacks commit ca182551857cc2c1e6a2b7f1e72090a137a15008 upstream. Kmemleak considers any pointers on task stacks as references. This patch clears newly allocated and reused vmap stacks. Link: http://lkml.kernel.org/r/150728990124.744199.8403409836394318684.stgit@buzz Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [ Srivatsa: Backported to 4.9.y ] Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> --- include/linux/thread_info.h | 2 +- kernel/fork.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index 2873baf..cf87c16 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -59,7 +59,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); #ifdef __KERNEL__ -#ifdef CONFIG_DEBUG_STACK_USAGE +#if IS_ENABLED(CONFIG_DEBUG_STACK_USAGE) || IS_ENABLED(CONFIG_DEBUG_KMEMLEAK) # define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | \ __GFP_ZERO) #else diff --git a/kernel/fork.c b/kernel/fork.c index 70e10cb..c19e6d4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -184,6 +184,10 @@ static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node) continue; this_cpu_write(cached_stacks[i], NULL); +#ifdef CONFIG_DEBUG_KMEMLEAK + /* Clear stale pointers from reused stack. */ + memset(s->addr, 0, THREAD_SIZE); +#endif tsk->stack_vm_area = s; local_irq_enable(); return s->addr; -- 2.7.4 [-- Attachment #3: 4.9-0002-fork-unconditionally-clear-stack-on-fork.patch --] [-- Type: text/plain, Size: 3670 bytes --] From 5371cd0bb1e2ca8d1603845c764e1524f7e729ad Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@chromium.org> Date: Fri, 20 Apr 2018 14:55:31 -0700 Subject: [PATCH 2/2] fork: unconditionally clear stack on fork commit e01e80634ecdde1dd113ac43b3adad21b47f3957 upstream. One of the classes of kernel stack content leaks[1] is exposing the contents of prior heap or stack contents when a new process stack is allocated. Normally, those stacks are not zeroed, and the old contents remain in place. In the face of stack content exposure flaws, those contents can leak to userspace. Fixing this will make the kernel no longer vulnerable to these flaws, as the stack will be wiped each time a stack is assigned to a new process. There's not a meaningful change in runtime performance; it almost looks like it provides a benefit. Performing back-to-back kernel builds before: Run times: 157.86 157.09 158.90 160.94 160.80 Mean: 159.12 Std Dev: 1.54 and after: Run times: 159.31 157.34 156.71 158.15 160.81 Mean: 158.46 Std Dev: 1.46 Instead of making this a build or runtime config, Andy Lutomirski recommended this just be enabled by default. [1] A noisy search for many kinds of stack content leaks can be seen here: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel+stack+leak I did some more with perf and cycle counts on running 100,000 execs of /bin/true. before: Cycles: 218858861551 218853036130 214727610969 227656844122 224980542841 Mean: 221015379122.60 Std Dev: 4662486552.47 after: Cycles: 213868945060 213119275204 211820169456 224426673259 225489986348 Mean: 217745009865.40 Std Dev: 5935559279.99 It continues to look like it's faster, though the deviation is rather wide, but I'm not sure what I could do that would be less noisy. I'm open to ideas! Link: http://lkml.kernel.org/r/20180221021659.GA37073@beast Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Laura Abbott <labbott@redhat.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Cc: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [ Srivatsa: Backported to 4.9.y ] Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Srinidhi Rao <srinidhir@vmware.com> --- include/linux/thread_info.h | 7 +------ kernel/fork.c | 3 +-- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index cf87c16..5e64367 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -59,12 +59,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); #ifdef __KERNEL__ -#if IS_ENABLED(CONFIG_DEBUG_STACK_USAGE) || IS_ENABLED(CONFIG_DEBUG_KMEMLEAK) -# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | \ - __GFP_ZERO) -#else -# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK) -#endif +#define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | __GFP_ZERO) /* * flag set/clear/test wrappers diff --git a/kernel/fork.c b/kernel/fork.c index c19e6d4..2c98b98 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -184,10 +184,9 @@ static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node) continue; this_cpu_write(cached_stacks[i], NULL); -#ifdef CONFIG_DEBUG_KMEMLEAK /* Clear stale pointers from reused stack. */ memset(s->addr, 0, THREAD_SIZE); -#endif + tsk->stack_vm_area = s; local_irq_enable(); return s->addr; -- 2.7.4 [-- Attachment #4: Type: text/plain, Size: 157 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-08-03 23:20 ` Srivatsa S. Bhat @ 2018-08-07 13:49 ` Greg KH 2018-08-07 19:08 ` Srivatsa S. Bhat 0 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2018-08-07 13:49 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, catalin.marinas, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir On Fri, Aug 03, 2018 at 04:20:31PM -0700, Srivatsa S. Bhat wrote: > On 8/2/18 3:22 PM, Kees Cook wrote: > > On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat > > <srivatsa@csail.mit.edu> wrote: > >> On 7/26/18 4:09 PM, Kees Cook wrote: > >>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@kernel.org> wrote: > >>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: > >>>> > >>>>> However, if you are proposing that you'd like to contribute the enhanced > >>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and > >>>>> have them merged instead of this patch series, then I would certainly > >>>>> welcome it! > >>>> > >>>> I'd in principle love us to push everything back to 4.4, but there are a > >>>> few reasons (*) why that's not happening shortly. > >>>> > >>>> Anyway, to point out explicitly what's really needed for those folks > >>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's > >>>> either a 4.4-stable port of > >>>> > >>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 > >>>> > >>>> or making THREADINFO_GFP imply __GFP_ZERO. > >>> > >>> This is true in Linus's tree now. Should be trivial to backport: > >>> https://git.kernel.org/linus/e01e80634ecdd > >>> > >> > >> Hi Jiri, Kees, > >> > >> Thank you for suggesting the patch! I have attached the (locally > >> tested) 4.4 and 4.9 backports of that patch with this mail. (The > >> mainline commit applies cleanly on 4.14). > >> > >> Greg, could you please consider including them in stable 4.4, 4.9 > >> and 4.14? > > > > I don't think your v4.9 is sufficient: it leaves the vmapped stack > > uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers > > from task stacks") included in the backport (really, just adding the > > memset()). > > > > Ah, I see, thank you! I have attached the updated patchset for 4.9 > with this mail. > > > Otherwise, yup, looks good. > > > Thank you for reviewing the patches! > > Regards, > Srivatsa > VMware Photon OS These work for 4.9, do you also have a set for 4.4? thanks, greg k-h _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-08-07 13:49 ` Greg KH @ 2018-08-07 19:08 ` Srivatsa S. Bhat 2018-08-07 19:15 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-08-07 19:08 UTC (permalink / raw) To: Greg KH Cc: Dave Hansen, catalin.marinas, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir, KarimAllah Ahmed [-- Attachment #1: Type: text/plain, Size: 2649 bytes --] On 8/7/18 6:49 AM, Greg KH wrote: > On Fri, Aug 03, 2018 at 04:20:31PM -0700, Srivatsa S. Bhat wrote: >> On 8/2/18 3:22 PM, Kees Cook wrote: >>> On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat >>> <srivatsa@csail.mit.edu> wrote: >>>> On 7/26/18 4:09 PM, Kees Cook wrote: >>>>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@kernel.org> wrote: >>>>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>>>>> >>>>>>> However, if you are proposing that you'd like to contribute the enhanced >>>>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >>>>>>> have them merged instead of this patch series, then I would certainly >>>>>>> welcome it! >>>>>> >>>>>> I'd in principle love us to push everything back to 4.4, but there are a >>>>>> few reasons (*) why that's not happening shortly. >>>>>> >>>>>> Anyway, to point out explicitly what's really needed for those folks >>>>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's >>>>>> either a 4.4-stable port of >>>>>> >>>>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 >>>>>> >>>>>> or making THREADINFO_GFP imply __GFP_ZERO. >>>>> >>>>> This is true in Linus's tree now. Should be trivial to backport: >>>>> https://git.kernel.org/linus/e01e80634ecdd >>>>> >>>> >>>> Hi Jiri, Kees, >>>> >>>> Thank you for suggesting the patch! I have attached the (locally >>>> tested) 4.4 and 4.9 backports of that patch with this mail. (The >>>> mainline commit applies cleanly on 4.14). >>>> >>>> Greg, could you please consider including them in stable 4.4, 4.9 >>>> and 4.14? >>> >>> I don't think your v4.9 is sufficient: it leaves the vmapped stack >>> uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers >>> from task stacks") included in the backport (really, just adding the >>> memset()). >>> >> >> Ah, I see, thank you! I have attached the updated patchset for 4.9 >> with this mail. >> >>> Otherwise, yup, looks good. >>> >> Thank you for reviewing the patches! >> >> Regards, >> Srivatsa >> VMware Photon OS > > These work for 4.9, do you also have a set for 4.4? > Thank you for considering these patches for 4.9! The (single) patch for 4.4 did not need any more changes, and hence is the same as the one I attached in my previous mail. I'll attach it again here for your reference. Also, upstream commit e01e80634ecdde1 (fork: unconditionally clear stack on fork) applies cleanly on 4.14 stable, so it would be great to cherry-pick it to 4.14 stable as well. Thank you! Regards, Srivatsa VMware Photon OS [-- Attachment #2: 4.4-fork-unconditionally-clear-stack-on-fork.patch --] [-- Type: text/plain, Size: 3081 bytes --] From 7e39d8ccbb0889c03ce6dc0dee0e63d78f37d0a9 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@chromium.org> Date: Fri, 20 Apr 2018 14:55:31 -0700 Subject: [PATCH] fork: unconditionally clear stack on fork commit e01e80634ecdde1dd113ac43b3adad21b47f3957 upstream. One of the classes of kernel stack content leaks[1] is exposing the contents of prior heap or stack contents when a new process stack is allocated. Normally, those stacks are not zeroed, and the old contents remain in place. In the face of stack content exposure flaws, those contents can leak to userspace. Fixing this will make the kernel no longer vulnerable to these flaws, as the stack will be wiped each time a stack is assigned to a new process. There's not a meaningful change in runtime performance; it almost looks like it provides a benefit. Performing back-to-back kernel builds before: Run times: 157.86 157.09 158.90 160.94 160.80 Mean: 159.12 Std Dev: 1.54 and after: Run times: 159.31 157.34 156.71 158.15 160.81 Mean: 158.46 Std Dev: 1.46 Instead of making this a build or runtime config, Andy Lutomirski recommended this just be enabled by default. [1] A noisy search for many kinds of stack content leaks can be seen here: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel+stack+leak I did some more with perf and cycle counts on running 100,000 execs of /bin/true. before: Cycles: 218858861551 218853036130 214727610969 227656844122 224980542841 Mean: 221015379122.60 Std Dev: 4662486552.47 after: Cycles: 213868945060 213119275204 211820169456 224426673259 225489986348 Mean: 217745009865.40 Std Dev: 5935559279.99 It continues to look like it's faster, though the deviation is rather wide, but I'm not sure what I could do that would be less noisy. I'm open to ideas! Link: http://lkml.kernel.org/r/20180221021659.GA37073@beast Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Laura Abbott <labbott@redhat.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Cc: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [ Srivatsa: Backported to 4.4.y ] Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Srinidhi Rao <srinidhir@vmware.com> --- include/linux/thread_info.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index ff307b5..646891f 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -55,11 +55,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); #ifdef __KERNEL__ -#ifdef CONFIG_DEBUG_STACK_USAGE -# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) -#else -# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK) -#endif +#define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) /* * flag set/clear/test wrappers -- 2.7.4 [-- Attachment #3: Type: text/plain, Size: 157 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-08-07 19:08 ` Srivatsa S. Bhat @ 2018-08-07 19:15 ` Greg KH 2018-08-07 19:19 ` Srivatsa S. Bhat 0 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2018-08-07 19:15 UTC (permalink / raw) To: Srivatsa S. Bhat Cc: Dave Hansen, catalin.marinas, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir On Tue, Aug 07, 2018 at 12:08:07PM -0700, Srivatsa S. Bhat wrote: > Also, upstream commit e01e80634ecdde1 (fork: unconditionally clear > stack on fork) applies cleanly on 4.14 stable, so it would be great to > cherry-pick it to 4.14 stable as well. It is already in the 4.14.60 release, did I somehow mess up the backport? thanks, greg k-h _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y 2018-08-07 19:15 ` Greg KH @ 2018-08-07 19:19 ` Srivatsa S. Bhat 0 siblings, 0 replies; 17+ messages in thread From: Srivatsa S. Bhat @ 2018-08-07 19:19 UTC (permalink / raw) To: Greg KH Cc: Dave Hansen, catalin.marinas, Wanpeng Li, Andi Kleen, linux-tip-commits, Piotr Luc, Mel Gorman, Van De Ven, Arjan, xen-devel, Alexander Sergeyev, Brian Gerst, Andy Lutomirski, MickaëlSalaün, Thomas Gleixner, Joe Konno, Laura Abbott, Will Drewry, LKML, Jia Zhang, Andrew Morton, Linus Torvalds, David Woodhouse, srinidhir, KarimAllah Ahmed On 8/7/18 12:15 PM, Greg KH wrote: > On Tue, Aug 07, 2018 at 12:08:07PM -0700, Srivatsa S. Bhat wrote: >> Also, upstream commit e01e80634ecdde1 (fork: unconditionally clear >> stack on fork) applies cleanly on 4.14 stable, so it would be great to >> cherry-pick it to 4.14 stable as well. > > It is already in the 4.14.60 release, did I somehow mess up the > backport? > Sorry, my bad! The backport in 4.14.60 looks fine. Thank you! Regards, Srivatsa VMware Photon OS _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2018-08-07 19:20 UTC | newest] Thread overview: 17+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-07-14 9:25 [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Srivatsa S. Bhat 2018-07-14 9:31 ` [PATCH 4.4.y 040/101] x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend Srivatsa S. Bhat 2018-07-15 11:26 ` [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y Greg KH 2018-07-16 8:02 ` Srivatsa S. Bhat 2018-07-23 11:26 ` Greg KH 2018-07-23 17:27 ` Srivatsa S. Bhat 2018-07-23 22:06 ` Jiri Kosina 2018-07-24 20:13 ` Srivatsa S. Bhat 2018-07-24 22:02 ` Jiri Kosina 2018-07-26 23:09 ` Kees Cook 2018-08-02 19:22 ` Srivatsa S. Bhat 2018-08-02 22:22 ` Kees Cook 2018-08-03 23:20 ` Srivatsa S. Bhat 2018-08-07 13:49 ` Greg KH 2018-08-07 19:08 ` Srivatsa S. Bhat 2018-08-07 19:15 ` Greg KH 2018-08-07 19:19 ` Srivatsa S. Bhat
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).