[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

On Sat, 14 Jul 2018, Srivatsa S. Bhat wrote:

> This patch series is a backport of the Spectre-v2 fixes (IBPB/IBRS)
> and patches for the Speculative Store Bypass vulnerability to 4.4.y
> (they apply cleanly on top of 4.4.140).

FWIW -- not sure how much inspiration you took from our SLE 4.4-based 
tree, but most of the stuff is already there for quite some time 
(including the non-upstream IBRS on kernel boundary on SKL+, trampoline 
stack for PTI (which the original port didn't have), etc).

The IBRS SKL+ stuff has not been picked up by Greg, as it's non-upstream, 
and the trampoline stack I believe was pointed out to stable@, but noone 
really sat down and did the port (our codebase is different than 4.4.x 
stable base), but it definitely should be done if someone has to put 100% 
trust into the PTI port (either that, or at least zeroing out the kernel 
thread thread stack ... we used to have temporarily that before we 
switched over to proper entry trampoline in this version as well).


Jiri Kosina

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.