This is a note to let you know that I've just added the patch titled
x86/l1tf: Show actual SMT state
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86l1tf_Show_actual_SMT_state.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
Subject: x86/l1tf: Show actual SMT state
From: Thomas Gleixner tglx@xxxxxxxxxxxxx
Date: Sun Nov 25 19:33:40 2018 +0100
From: Thomas Gleixner tglx@xxxxxxxxxxxxx
commit 130d6f946f6f2a972ee3ec8540b7243ab99abe97 upstream
Use the now exposed real SMT state, not the SMT sysfs control knob
state. This reflects the state of the system when the mitigation status is
queried.
This does not change the warning in the VMX launch code. There the
dependency on the control knob makes sense because siblings could be
brought online anytime after launching the VM.
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Reviewed-by: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
Cc: David Woodhouse <dwmw@xxxxxxxxxxxx>
Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Cc: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Casey Schaufler <casey.schaufler@xxxxxxxxx>
Cc: Asit Mallick <asit.k.mallick@xxxxxxxxx>
Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Cc: Jon Masters <jcm@xxxxxxxxxx>
Cc: Waiman Long <longman9394@xxxxxxxxx>
Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Dave Stewart <david.c.stewart@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lkml.kernel.org/r/20181125185004.613357354@xxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -829,13 +829,14 @@ static ssize_t l1tf_show_state(char *buf
if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED ||
(l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER &&
- cpu_smt_control == CPU_SMT_ENABLED))
+ sched_smt_active())) {
return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG,
l1tf_vmx_states[l1tf_vmx_mitigation]);
+ }
return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG,
l1tf_vmx_states[l1tf_vmx_mitigation],
- cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled");
+ sched_smt_active() ? "vulnerable" : "disabled");
}
#else
static ssize_t l1tf_show_state(char *buf)
Patches currently in stable-queue which might be from tglx@xxxxxxxxxxxxx are
queue-4.14/x86speculation_Prepare_for_conditional_IBPB_in_switch_mm.patch
queue-4.14/x86speculation_Rework_SMT_state_change.patch
queue-4.14/x86bugs_Switch_the_selection_of_mitigation_from_CPU_vendor_to_CPU_features.patch
queue-4.14/x86Kconfig_Select_SCHED_SMT_if_SMP_enabled.patch
queue-4.14/x86speculation_Move_STIPBIBPB_string_conditionals_out_of_cpu_show_common().patch
queue-4.14/x86speculation_Propagate_information_about_RSB_filling_mitigation_to_sysfs.patch
queue-4.14/x86speculation_Prepare_arch_smt_update_for_PRCTL_mode.patch
queue-4.14/x86speculation_Enable_cross-hyperthread_spectre_v2_STIBP_mitigation.patch
queue-4.14/bpf-prevent-memory-disambiguation-attack.patch
queue-4.14/x86speculation_Prevent_stale_SPEC_CTRL_msr_content.patch
queue-4.14/ptrace_Remove_unused_ptrace_may_access_sched_and_MODE_IBRS.patch
queue-4.14/x86speculation_Mark_string_arrays_const_correctly.patch
queue-4.14/x86process_Consolidate_and_simplify_switch_to_xtra_code.patch
queue-4.14/x86speculation_Apply_IBPB_more_strictly_to_avoid_cross-process_data_leak.patch
queue-4.14/x86speculation_Enable_prctl_mode_for_spectre_v2_user.patch
queue-4.14/x86speculation_Rename_SSBD_update_functions.patch
queue-4.14/x86speculation_Add_command_line_control_for_indirect_branch_speculation.patch
queue-4.14/x86l1tf_Show_actual_SMT_state.patch
queue-4.14/x86speculation_Split_out_TIF_update.patch
queue-4.14/schedsmt_Make_sched_smt_present_track_topology.patch
queue-4.14/x86retpoline_Make_CONFIG_RETPOLINE_depend_on_compiler_support.patch
queue-4.14/schedsmt_Expose_sched_smt_present_static_key.patch
queue-4.14/x86speculation_Reorder_the_spec_v2_code.patch
queue-4.14/x86speculation_Add_prctl()_control_for_indirect_branch_speculation.patch
queue-4.14/x86bugs_Update_when_to_check_for_the_LS_CFG_SSBD_mitigation.patch
queue-4.14/x86speculation_Provide_IBPB_always_command_line_options.patch
queue-4.14/x86speculation_Prepare_for_per_task_indirect_branch_speculation_control.patch
queue-4.14/x86speculataion_Mark_command_line_parser_data___initdata.patch
queue-4.14/x86speculation_Disable_STIBP_when_enhanced_IBRS_is_in_use.patch
queue-4.14/x86speculation_Reorganize_speculation_control_MSRs_update.patch
queue-4.14/x86bugs_Add_AMDs_SPEC_CTRL_MSR_usage.patch
queue-4.14/x86speculation_Clean_up_spectre_v2_parse_cmdline().patch
queue-4.14/x86speculation_Update_the_TIF_SSBD_comment.patch
queue-4.14/x86speculation_Add_seccomp_Spectre_v2_user_space_protection_mode.patch
queue-4.14/x86bugs_Add_AMDs_variant_of_SSB_NO.patch
queue-4.14/schedcore_Fix_cpu.max_vs._cpuhotplug_deadlock.patch
queue-4.14/x86speculation_Unify_conditional_spectre_v2_print_functions.patch
queue-4.14/x86speculation_Avoid___switch_to_xtra_calls.patch
queue-4.14/x86speculation_Remove_unnecessary_ret_variable_in_cpu_show_common().patch
queue-4.14/x86bugs_Fix_the_AMD_SSBD_usage_of_the_SPEC_CTRL_MSR.patch
queue-4.14/x86retpoline_Remove_minimal_retpoline_support.patch
queue-4.14/x86speculation_Add_RETPOLINE_AMD_support_to_the_inline_asm_CALL_NOSPEC_variant.patch
