[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

To: Kees Cook <keescook@xxxxxxxxxxxx>, Jiri Kosina <jikos@xxxxxxxxxx>
From: "Srivatsa S. Bhat" <srivatsa@xxxxxxxxxxxxx>
Date: Thu, 2 Aug 2018 12:22:00 -0700
Cc: Dave Hansen <dave@xxxxxxxx>, Wanpeng Li <kernellwp@xxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, linux-tip-commits@xxxxxxxxxxxxxxx, Piotr Luc <piotr.luc@xxxxxxxxx>, Mel Gorman <mgorman@xxxxxxx>, "Van De Ven, Arjan" <arjan.van.de.ven@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Alexander Sergeyev <sergeev917@xxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, MickaëlSalaün <mic@xxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Joe Konno <joe.konno@xxxxxxxxxxxxxxx>, Laura Abbott <labbott@xxxxxxxxxxxxxxxxx>, Will Drewry <wad@xxxxxxxxxxxx>, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Jia Zhang <qianyue.zj@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, srinidhir@xxxxxxxxxx, KarimAllah Ahmed <karahmed@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>, Bo Gan <ganb@xxxxxxxxxx>, Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>, Kristen Carlson Accardi <kristen@xxxxxxxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Prarit Bhargava <prarit@xxxxxxxxxx>, Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>, Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Denys Vlasenko <dvlasenk@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>, Tony Luck <tony.luck@xxxxxxxxx>, Vince Weaver <vincent.weaver@xxxxxxxxx>, Mike Galbraith <efault@xxxxxx>, Yazen Ghannam <Yazen.Ghannam@xxxxxxx>, Kyle Huey <me@xxxxxxxxxxxx>, Sherry Hurwitz <sherry.hurwitz@xxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>, Thomas Garnier <thgarnie@xxxxxxxxxx>, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>, Frederic Weisbecker <fweisbec@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, srivatsab@xxxxxxxxxx, ashok.raj@xxxxxxxxx, Jörg Otte <jrg.otte@xxxxxxxxx>, Jim Mattson <jmattson@xxxxxxxxxx>, Alexander Popov <alpopov@xxxxxxxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Quentin Casasnovas <quentin.casasnovas@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Stephane Eranian <eranian@xxxxxxxxxx>, Dan Williams <dan.j.williams@xxxxxxxxx>, Greg Kroah-Hartmann <gregkh@xxxxxxxxxxxxxxxxxxxx>, Kyle Huey <khuey@xxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, kvm <kvm@xxxxxxxxxxxxxxx>, Krčmář <rkrcmar@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Alexey Makhalov <amakhalov@xxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Alexander Kuleshov <kuleshovmail@xxxxxxxxx>, sironi@xxxxxxxxx, Joerg Roedel <joro@xxxxxxxxxx>, Jon Masters <jcm@xxxxxxxxxx>, Dave Young <dyoung@xxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, "Matt Helsley \(VMware\)" <matt.helsley@xxxxxxxxx>, linux-edac <linux-edac@xxxxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "# 3.4.x" <stable@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Delivery-date: Thu, 02 Aug 2018 19:23:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 7/26/18 4:09 PM, Kees Cook wrote:
> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote:
>>
>>> However, if you are proposing that you'd like to contribute the enhanced
>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and
>>> have them merged instead of this patch series, then I would certainly
>>> welcome it!
>>
>> I'd in principle love us to push everything back to 4.4, but there are a
>> few reasons (*) why that's not happening shortly.
>>
>> Anyway, to point out explicitly what's really needed for those folks
>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's
>> either a 4.4-stable port of
>>
>>         
>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7
>>
>> or making THREADINFO_GFP imply __GFP_ZERO.
> 
> This is true in Linus's tree now. Should be trivial to backport:
> https://git.kernel.org/linus/e01e80634ecdd
> 

Hi Jiri, Kees,

Thank you for suggesting the patch! I have attached the (locally
tested) 4.4 and 4.9 backports of that patch with this mail. (The
mainline commit applies cleanly on 4.14).

Greg, could you please consider including them in stable 4.4, 4.9
and 4.14?

Thank you very much!

Regards,
Srivatsa
VMware Photon OS

Attachment: 4.4-fork-unconditionally-clear-stack-on-fork.patch
Description: Text document

Attachment: 4.9-fork-unconditionally-clear-stack-on-fork.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
  - From: Kees Cook

Prev by Date: Re: [Xen-devel] Routing physical interrupts to EL1
Next by Date: Re: [Xen-devel] Routing physical interrupts to EL1
Previous by thread: Re: [Xen-devel] Routing physical interrupts to EL1
Next by thread: Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.