[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

To: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
From: "Srivatsa S. Bhat" <srivatsa@xxxxxxxxxxxxx>
Date: Tue, 7 Aug 2018 12:08:07 -0700
Cc: Dave Hansen <dave@xxxxxxxx>, catalin.marinas@xxxxxxx, Wanpeng Li <kernellwp@xxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, linux-tip-commits@xxxxxxxxxxxxxxx, Piotr Luc <piotr.luc@xxxxxxxxx>, Mel Gorman <mgorman@xxxxxxx>, "Van De Ven, Arjan" <arjan.van.de.ven@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Alexander Sergeyev <sergeev917@xxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, MickaëlSalaün <mic@xxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Joe Konno <joe.konno@xxxxxxxxxxxxxxx>, Laura Abbott <labbott@xxxxxxxxxxxxxxxxx>, Will Drewry <wad@xxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Jia Zhang <qianyue.zj@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, srinidhir@xxxxxxxxxx, KarimAllah Ahmed <karahmed@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>, Bo Gan <ganb@xxxxxxxxxx>, Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>, Kristen Carlson Accardi <kristen@xxxxxxxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Prarit Bhargava <prarit@xxxxxxxxxx>, Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>, Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Denys Vlasenko <dvlasenk@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>, Tony Luck <tony.luck@xxxxxxxxx>, Vince Weaver <vincent.weaver@xxxxxxxxx>, Mike Galbraith <efault@xxxxxx>, Yazen Ghannam <Yazen.Ghannam@xxxxxxx>, Kyle Huey <me@xxxxxxxxxxxx>, Sherry Hurwitz <sherry.hurwitz@xxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>, Thomas Garnier <thgarnie@xxxxxxxxxx>, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>, Frederic Weisbecker <fweisbec@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, srivatsab@xxxxxxxxxx, ashok.raj@xxxxxxxxx, khlebnikov@xxxxxxxxxxxxxx, Jörg Otte <jrg.otte@xxxxxxxxx>, Jim Mattson <jmattson@xxxxxxxxxx>, Alexander Popov <alpopov@xxxxxxxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>, Jiri Kosina <jikos@xxxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Quentin Casasnovas <quentin.casasnovas@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Stephane Eranian <eranian@xxxxxxxxxx>, Dan Williams <dan.j.williams@xxxxxxxxx>, Kyle Huey <khuey@xxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, kvm <kvm@xxxxxxxxxxxxxxx>, Krčmář <rkrcmar@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Alexey Makhalov <amakhalov@xxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Alexander Kuleshov <kuleshovmail@xxxxxxxxx>, sironi@xxxxxxxxx, Joerg Roedel <joro@xxxxxxxxxx>, Jon Masters <jcm@xxxxxxxxxx>, Dave Young <dyoung@xxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, "Matt Helsley \(VMware\)" <matt.helsley@xxxxxxxxx>, linux-edac <linux-edac@xxxxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "# 3.4.x" <stable@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Delivery-date: Tue, 07 Aug 2018 19:09:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 8/7/18 6:49 AM, Greg KH wrote:
> On Fri, Aug 03, 2018 at 04:20:31PM -0700, Srivatsa S. Bhat wrote:
>> On 8/2/18 3:22 PM, Kees Cook wrote:
>>> On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat
>>> <srivatsa@xxxxxxxxxxxxx> wrote:
>>>> On 7/26/18 4:09 PM, Kees Cook wrote:
>>>>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>>>>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote:
>>>>>>
>>>>>>> However, if you are proposing that you'd like to contribute the enhanced
>>>>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and
>>>>>>> have them merged instead of this patch series, then I would certainly
>>>>>>> welcome it!
>>>>>>
>>>>>> I'd in principle love us to push everything back to 4.4, but there are a
>>>>>> few reasons (*) why that's not happening shortly.
>>>>>>
>>>>>> Anyway, to point out explicitly what's really needed for those folks
>>>>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's
>>>>>> either a 4.4-stable port of
>>>>>>
>>>>>>         
>>>>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7
>>>>>>
>>>>>> or making THREADINFO_GFP imply __GFP_ZERO.
>>>>>
>>>>> This is true in Linus's tree now. Should be trivial to backport:
>>>>> https://git.kernel.org/linus/e01e80634ecdd
>>>>>
>>>>
>>>> Hi Jiri, Kees,
>>>>
>>>> Thank you for suggesting the patch! I have attached the (locally
>>>> tested) 4.4 and 4.9 backports of that patch with this mail. (The
>>>> mainline commit applies cleanly on 4.14).
>>>>
>>>> Greg, could you please consider including them in stable 4.4, 4.9
>>>> and 4.14?
>>>
>>> I don't think your v4.9 is sufficient: it leaves the vmapped stack
>>> uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers
>>> from task stacks") included in the backport (really, just adding the
>>> memset()).
>>>
>>
>> Ah, I see, thank you! I have attached the updated patchset for 4.9
>> with this mail.
>>
>>> Otherwise, yup, looks good.
>>>
>> Thank you for reviewing the patches!
>>  
>> Regards,
>> Srivatsa
>> VMware Photon OS
> 
> These work for 4.9, do you also have a set for 4.4?
> 

Thank you for considering these patches for 4.9!

The (single) patch for 4.4 did not need any more changes, and hence is
the same as the one I attached in my previous mail. I'll attach it
again here for your reference.

Also, upstream commit e01e80634ecdde1 (fork: unconditionally clear
stack on fork) applies cleanly on 4.14 stable, so it would be great to
cherry-pick it to 4.14 stable as well.

Thank you!

Regards,
Srivatsa
VMware Photon OS

Attachment: 4.4-fork-unconditionally-clear-stack-on-fork.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
  - From: Greg KH

References:
- Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
  - From: Srivatsa S. Bhat
- Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
  - From: Kees Cook
- Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
  - From: Srivatsa S. Bhat
- Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
  - From: Greg KH

Prev by Date: [Xen-devel] [libvirt test] 125779: regressions - trouble: blocked/broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH v1 4/4] xen/arm: Reuse R-Car Gen2 platform code for Stout board
Previous by thread: Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
Next by thread: Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.