[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
- To: "Srivatsa S. Bhat" <srivatsa@xxxxxxxxxxxxx>
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Date: Thu, 2 Aug 2018 15:22:01 -0700
- Cc: Dave Hansen <dave@xxxxxxxx>, Wanpeng Li <kernellwp@xxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, linux-tip-commits@xxxxxxxxxxxxxxx, Piotr Luc <piotr.luc@xxxxxxxxx>, Mel Gorman <mgorman@xxxxxxx>, "Van De Ven, Arjan" <arjan.van.de.ven@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Alexander Sergeyev <sergeev917@xxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, MickaëlSalaün <mic@xxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Joe Konno <joe.konno@xxxxxxxxxxxxxxx>, Laura Abbott <labbott@xxxxxxxxxxxxxxxxx>, Will Drewry <wad@xxxxxxxxxxxx>, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Jia Zhang <qianyue.zj@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, srinidhir@xxxxxxxxxx, KarimAllah Ahmed <karahmed@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>, Bo Gan <ganb@xxxxxxxxxx>, Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>, Kristen Carlson Accardi <kristen@xxxxxxxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Prarit Bhargava <prarit@xxxxxxxxxx>, Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>, Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Denys Vlasenko <dvlasenk@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>, Tony Luck <tony.luck@xxxxxxxxx>, Vince Weaver <vincent.weaver@xxxxxxxxx>, Mike Galbraith <efault@xxxxxx>, Yazen Ghannam <Yazen.Ghannam@xxxxxxx>, Kyle Huey <me@xxxxxxxxxxxx>, Sherry Hurwitz <sherry.hurwitz@xxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>, Thomas Garnier <thgarnie@xxxxxxxxxx>, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>, Frederic Weisbecker <fweisbec@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, srivatsab@xxxxxxxxxx, ashok.raj@xxxxxxxxx, Jörg Otte <jrg.otte@xxxxxxxxx>, Jim Mattson <jmattson@xxxxxxxxxx>, Alexander Popov <alpopov@xxxxxxxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>, Jiri Kosina <jikos@xxxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Quentin Casasnovas <quentin.casasnovas@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Stephane Eranian <eranian@xxxxxxxxxx>, Dan Williams <dan.j.williams@xxxxxxxxx>, Greg Kroah-Hartmann <gregkh@xxxxxxxxxxxxxxxxxxxx>, Kyle Huey <khuey@xxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, kvm <kvm@xxxxxxxxxxxxxxx>, Krčmář <rkrcmar@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Alexey Makhalov <amakhalov@xxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Alexander Kuleshov <kuleshovmail@xxxxxxxxx>, sironi@xxxxxxxxx, Joerg Roedel <joro@xxxxxxxxxx>, Jon Masters <jcm@xxxxxxxxxx>, Dave Young <dyoung@xxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, "Matt Helsley \(VMware\)" <matt.helsley@xxxxxxxxx>, linux-edac <linux-edac@xxxxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "# 3.4.x" <stable@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>
- Delivery-date: Thu, 02 Aug 2018 22:22:19 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat
<srivatsa@xxxxxxxxxxxxx> wrote:
> On 7/26/18 4:09 PM, Kees Cook wrote:
>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote:
>>>
>>>> However, if you are proposing that you'd like to contribute the enhanced
>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and
>>>> have them merged instead of this patch series, then I would certainly
>>>> welcome it!
>>>
>>> I'd in principle love us to push everything back to 4.4, but there are a
>>> few reasons (*) why that's not happening shortly.
>>>
>>> Anyway, to point out explicitly what's really needed for those folks
>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's
>>> either a 4.4-stable port of
>>>
>>>
>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7
>>>
>>> or making THREADINFO_GFP imply __GFP_ZERO.
>>
>> This is true in Linus's tree now. Should be trivial to backport:
>> https://git.kernel.org/linus/e01e80634ecdd
>>
>
> Hi Jiri, Kees,
>
> Thank you for suggesting the patch! I have attached the (locally
> tested) 4.4 and 4.9 backports of that patch with this mail. (The
> mainline commit applies cleanly on 4.14).
>
> Greg, could you please consider including them in stable 4.4, 4.9
> and 4.14?
I don't think your v4.9 is sufficient: it leaves the vmapped stack
uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers
from task stacks") included in the backport (really, just adding the
memset()).
Otherwise, yup, looks good.
-Kees
--
Kees Cook
Pixel Security
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
