[GIT PULL] x86/urgent for v6.5-rc7

From: Borislav Petkov
Date: Sat Aug 19 2023 - 04:27:57 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH 6/8] phy: exynos5-usbdrd: Add Exynos850 support"
Previous message: Conor Dooley: "Re: [PATCH v4 1/2] dt-bindings: iio: adc: adding MCP3564 ADC"
Next in thread: pr-tracker-bot: "Re: [GIT PULL] x86/urgent for v6.5-rc7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

extraordinary embargoed times call for extraordinary measures. That's
why this week's x86/urgent branch is larger than usual, containing all
the known fallout fixes after the SRSO mitigation got merged.

I know, it is a bit late in the game but everyone who has reported a bug
stemming from the SRSO pile, has tested that branch and has confirmed
that it fixes their bug.

Also, I've run it on every possible hardware I have and it is looking
good. It is running on this very machine while I'm typing, for 2 days
now without an issue. Famous last words...

So please pull,
thx!

---

The following changes since commit 2ccdd1b13c591d306f0401d98dedc4bdcd02b421:

Linux 6.5-rc6 (2023-08-13 11:29:55 -0700)

are available in the Git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_urgent_for_v6.5_rc7

for you to fetch changes up to 6405b72e8d17bd1875a56ae52d23ec3cd51b9d66:

x86/srso: Correct the mitigation status when SMT is disabled (2023-08-18 12:43:10 +0200)

----------------------------------------------------------------
- Use LEA ...%rsp instead of ADD %rsp in the Zen1/2 SRSO return sequence
as latter clobbers flags which interferes with fastop emulation in
KVM, leading to guests freezing during boot

- A fix for the DIV(0) quotient data leak on Zen1 to clear the divider
buffers at the right time

- Disable the SRSO mitigation on unaffected configurations as it got
enabled there unnecessarily

- Change .text section name to fix CONFIG_LTO_CLANG builds

- Improve the optprobe indirect jmp check so that certain configurations
can still be able to use optprobes at all

- A serious and good scrubbing of the untraining routines by PeterZ:
- Add proper speculation stopping traps so that objtool is happy
- Adjust objtool to handle the new thunks
- Make the thunk pointer assignable to the different untraining
sequences at runtime, thus avoiding the alternative at the return
thunk. It simplifies the code a bit too.
- Add a entry_untrain_ret() main entry point which selects the
respective untraining sequence
- Rename things so that they're more clear
- Fix stack validation with FRAME_POINTER=y builds

- Fix static call patching to handle when a JMP to the return thunk is
the last insn on the very last module memory page

- Add more documentation about what each untraining routine does and
why

----------------------------------------------------------------
Borislav Petkov (AMD) (4):
x86/CPU/AMD: Fix the DIV(0) initial fix attempt
x86/srso: Disable the mitigation on unaffected configurations
x86/srso: Explain the untraining sequences a bit more
x86/srso: Correct the mitigation status when SMT is disabled

Peter Zijlstra (11):
x86/cpu: Fix __x86_return_thunk symbol type
x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
objtool/x86: Fix SRSO mess
x86/alternative: Make custom return thunk unconditional
x86/cpu: Clean up SRSO return thunk mess
x86/cpu: Rename original retbleed methods
x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
x86/cpu: Cleanup the untrain mess
x86/cpu/kvm: Provide UNTRAIN_RET_VM
objtool/x86: Fixup frame-pointer vs rethunk
x86/static_call: Fix __static_call_fixup()

Petr Pavlu (2):
x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT

Sean Christopherson (1):
x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()

Documentation/admin-guide/hw-vuln/srso.rst | 4 +-
arch/x86/include/asm/entry-common.h | 1 +
arch/x86/include/asm/nospec-branch.h | 49 ++++++-----
arch/x86/kernel/alternative.c | 4 -
arch/x86/kernel/cpu/amd.c | 1 +
arch/x86/kernel/cpu/bugs.c | 27 +++++-
arch/x86/kernel/kprobes/opt.c | 40 ++++-----
arch/x86/kernel/static_call.c | 13 +++
arch/x86/kernel/traps.c | 2 -
arch/x86/kernel/vmlinux.lds.S | 20 ++---
arch/x86/kvm/svm/svm.c | 2 +
arch/x86/kvm/svm/vmenter.S | 7 +-
arch/x86/lib/retpoline.S | 137 ++++++++++++++++++++---------
tools/objtool/arch/x86/decode.c | 11 ++-
tools/objtool/check.c | 45 +++++++---
tools/objtool/include/objtool/arch.h | 1 +
tools/objtool/include/objtool/elf.h | 1 +
tools/perf/util/thread-stack.c | 4 +-
18 files changed, 236 insertions(+), 133 deletions(-)

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Krzysztof Kozlowski: "Re: [PATCH 6/8] phy: exynos5-usbdrd: Add Exynos850 support"
Previous message: Conor Dooley: "Re: [PATCH v4 1/2] dt-bindings: iio: adc: adding MCP3564 ADC"
Next in thread: pr-tracker-bot: "Re: [GIT PULL] x86/urgent for v6.5-rc7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]