[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y



On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat
<srivatsa@xxxxxxxxxxxxx> wrote:
> On 7/26/18 4:09 PM, Kees Cook wrote:
>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote:
>>>
>>>> However, if you are proposing that you'd like to contribute the enhanced
>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and
>>>> have them merged instead of this patch series, then I would certainly
>>>> welcome it!
>>>
>>> I'd in principle love us to push everything back to 4.4, but there are a
>>> few reasons (*) why that's not happening shortly.
>>>
>>> Anyway, to point out explicitly what's really needed for those folks
>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's
>>> either a 4.4-stable port of
>>>
>>>         
>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7
>>>
>>> or making THREADINFO_GFP imply __GFP_ZERO.
>>
>> This is true in Linus's tree now. Should be trivial to backport:
>> https://git.kernel.org/linus/e01e80634ecdd
>>
>
> Hi Jiri, Kees,
>
> Thank you for suggesting the patch! I have attached the (locally
> tested) 4.4 and 4.9 backports of that patch with this mail. (The
> mainline commit applies cleanly on 4.14).
>
> Greg, could you please consider including them in stable 4.4, 4.9
> and 4.14?

I don't think your v4.9 is sufficient: it leaves the vmapped stack
uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers
from task stacks") included in the backport (really, just adding the
memset()).

Otherwise, yup, looks good.

-Kees

-- 
Kees Cook
Pixel Security

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.