2018-03-21 0:19 GMT+01:00 Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx>: > On Sun, 2018-03-18 at 11:14 +0100, Greg Kroah-Hartman wrote: >> On Fri, Mar 16, 2018 at 04:55:37PM -0600, Jerry Hoemann wrote: >> > >> > Greg, >> > >> > Sorry, if I'm missing something, but I see 3 patches for >> > hpwdt queued up for 4.4: >> > >> > queue-4.4/watchdog-hpwdt-fix-unused-variable-warning.patch >> > queue-4.4/watchdog-hpwdt-smbios-check.patch >> > queue-4.4/watchdog-hpwdt-check-source-of-nmi.patch >> > >> > >> > Shouldn't there also be a 4.4 patch for >> > >> > commit 2b3d89b402b085b08498e896c65267a145bed486 >> > watchdog: hpwdt: Remove legacy NMI sourcing. >> > >> > As there was for 4.15, 4.14, and 4.9? >> >> It does not apply to the 4.4.y kernel branch. If you feel it should be >> there, please provide a working backport. >> >> > commit 2b3d89b40 is the Spectre related patch. >> >> If you look closely, not many Spectre-related patches are merged into >> 4.4.y as no one has taken the time to do the backporting. I thought >> someone was working on this, but odds are they just moved to 4.9.y or >> 4.14.y as everyone really should if they care about these issues with >> their platforms. >> >> So if you care about Spectre, I strongly recommend using 4.14.y or >> newer. > > I think you have most of the Spectre stuff aside from microcode > supported fixes. These are still missing on the 4.4 branch though: > > 8fa80c503b48 nospec: Move array_index_nospec() parameter checking into separate macro > 1d91c1d2c80c nospec: Kill array_index_nospec_mask_check() > > I think there may also be some extra uaccess functions that didn't get > the nospec treatment. > > I'll probably look into backporting the microcode stuff to the older > branches (4.4, then 3.16 and 3.2) at some point. > > Ben. > > -- > Ben Hutchings > Software Developer, Codethink Ltd. > Hi, Ben, It will be great, if you can backport spectre fixes into 4.4, I'm happy to test your port. The patch list I gathered when I did porting to 4.4: d3eba77440 x86/cpufeatures: Add CPUID_7_EDX CPUID leaf 40532f65cc x86/cpufeatures: Add Intel feature bits for Speculatio c26a6bea26 x86/cpufeatures: Add AMD feature bits for Speculation Control af57d43c908 x86/msr: Add definitions for new speculation control a8799fd14d x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown 6c5e49150a x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes 31fd9eda7f6 x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support 77b3b3ee238 x86/cpufeatures: Clean up Spectre v2 related CPUID flags 77d1424d2fb x86/retpoline: Simplify vmexit_fill_RSB() d7f8d17406d x86/entry/64: Remove the SYSCALL64 fast path 572e509178 x86/entry/64: Push extra regs right away e06d7bfb223 x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec ae75f83e79 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} 065eae4be83 x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec cda6b6074cc6f9 x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel 4b234a253e52 x86/pti: Mark constant arrays as __initconst b7649e1776706 KVM: nVMX: mark vmcs12 pages dirty on L2 exit 46e24dfc2df KVM: nVMX: Eliminate vmcs02 pool ff546f9d83d3 KVM: VMX: introduce alloc_loaded_vmcs 6236b782eba37 KVM: VMX: make MSR bitmaps per-VCPU 7013129a403 KVM/x86: Add IBPB support 755502f810c6 KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES e5a83419c957 KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL fc00dde96099a1 KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL commit id is from linux-4.9.y Might be more due to dependency. Thanks, Jack Wang