Hi Greg, I have backported Spectre-v2 fixes and patches for the Speculative Store Bypass vulnerability to 4.4.y (they apply cleanly on top of 4.4.136). I would appreciate if you could kindly consider them for review and inclusion in a future 4.4.y release. Thank you very much! Regards, Srivatsa VMware Photon OS The following changes since commit dc45cafe612ec6960fe728f3260a0b751c73f4aa: Linux 4.4.136 (2018-06-06 16:46:24 +0200) are available in the git repository at: https://github.com/srivatsabhat/linux-stable spectre-v2-fixes-4.4.136 for you to fetch changes up to 9b8faf91ba22460785968e013763d9a5be869228: x86/bugs: Rename SSBD_NO to SSB_NO (2018-06-11 13:58:43 -0700) ---------------------------------------------------------------- Alexander Kuleshov (1): x86/boot: Simplify kernel load address alignment check Alexander Sergeyev (1): x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist Andi Kleen (1): x86/headers: Don't include asm/processor.h in asm/atomic.h Andrey Smetanin (1): kvm/x86: per-vcpu apicv deactivation support Andy Lutomirski (2): x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 x86/mm: Give each mm TLB flush generation a unique ID Andy Shevchenko (1): x86/cpu: Rename Merrifield2 to Moorefield Arnd Bergmann (1): x86/pti: Mark constant arrays as __initconst Ashok Raj (1): KVM/x86: Add IBPB support Borislav Petkov (16): x86/cpufeature: Move some of the scattered feature bits to x86_capability x86/cpufeature: Cleanup get_cpu_cap() x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros x86/cpu: Provide a config option to disable static_cpu_has x86/fpu: Add an XSTATE_OP() macro x86/fpu: Get rid of xstate_fault() x86/cpufeature: Carve out X86_FEATURE_* x86/cpufeature: Replace the old static_cpu_has() with safe variant x86/cpufeature: Get rid of the non-asm goto variant x86/alternatives: Add an auxilary section x86/vdso: Use static_cpu_has() x86/cpufeature: Speed up cpu_feature_enabled() Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/cpu/AMD: Fix erratum 1076 (CPB bit) x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Brian Gerst (1): x86/alternatives: Discard dynamic check after init Dan Williams (2): x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface x86/speculation: Fix up array_index_nospec_mask() asm constraint Dave Hansen (7): x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions x86/mm/pkeys: Fix mismerge of protection keys CPUID bits x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys x86/cpufeature: Update cpufeaure macros x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated x86/cpufeature: Add helper macro for mask check macros x86/mm: Factor out LDT init from context init David Matlack (2): kvm: x86: nVMX: maintain internal copy of current VMCS KVM: nVMX: mark vmcs12 pages dirty on L2 exit David Woodhouse (14): x86/cpufeatures: Add CPUID_7_EDX CPUID leaf x86/cpufeatures: Add Intel feature bits for Speculation Control x86/cpufeatures: Add AMD feature bits for Speculation Control x86/msr: Add definitions for new speculation control MSRs x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support x86/cpufeatures: Clean up Spectre v2 related CPUID flags x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel x86/speculation: Update Speculation Control microcode blacklist x86/speculation: Correct Speculation Control microcode blacklist again x86/speculation: Use IBRS if available before calling into firmware x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Denys Vlasenko (1): x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs Huaitong Han (1): KVM: x86: remove magic number with enum cpuid_leafs Ingo Molnar (2): x86/speculation: Clean up various Spectre related details x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP Jim Mattson (4): KVM: VMX: Add VMCS to CPU's loaded VMCSs before VMPTRLD kvm: nVMX: VMCLEAR an active shadow VMCS after last use KVM: nVMX: Eliminate vmcs02 pool x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (2): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static Juergen Gross (3): x86: Remove unused function cpu_has_ht_siblings() x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend xen: set cpu capabilities from xen_start_kernel() KarimAllah Ahmed (4): KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs Kees Cook (5): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Konrad Rzeszutek Wilk (15): x86/spectre_v2: Don't check microcode versions when running under hypervisors x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO Kyle Huey (2): x86/process: Optimize TIF checks in __switch_to_xtra() x86/process: Correct and optimize TIF_BLOCKSTEP switch Linus Torvalds (1): x86/nospec: Simplify alternative_msr_write() Mickaël Salaün (2): selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC selftest/seccomp: Fix the seccomp(2) signature Paolo Bonzini (4): KVM: VMX: introduce alloc_loaded_vmcs KVM: VMX: make MSR bitmaps per-VCPU KVM/x86: Remove indirect MSR op calls from SPEC_CTRL KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() Peter Zijlstra (1): x86/speculation: Add <asm/msr-index.h> dependency Piotr Luc (1): x86/cpu/intel: Add Knights Mill to Intel family Radim Krčmář (1): KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC Thomas Gleixner (19): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Optimize TIF_NOTSC switch x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Tim Chen (1): x86/speculation: Use Indirect Branch Prediction Barrier in context switch Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Wanpeng Li (1): KVM: VMX: Enable MSR-BASED TPR shadow even if APICv is inactive Yang Zhang (1): kvm: vmx: check apicv is active before using VT-d posted interrupt Yazen Ghannam (1): x86/cpu: Add detection of AMD RAS Capabilities Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/kernel-parameters.txt | 47 +- Documentation/spec_ctrl.txt | 94 +++ arch/x86/Kconfig | 11 + arch/x86/Kconfig.debug | 10 - arch/x86/boot/cpuflags.h | 2 +- arch/x86/boot/mkcpustr.c | 2 +- arch/x86/crypto/chacha20_glue.c | 2 +- arch/x86/crypto/crc32-pclmul_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 4 +- arch/x86/crypto/crct10dif-pclmul_glue.c | 2 +- arch/x86/entry/common.c | 1 + arch/x86/entry/entry_32.S | 2 +- arch/x86/entry/entry_64_compat.S | 75 +- arch/x86/entry/vdso/vdso32-setup.c | 1 - arch/x86/entry/vdso/vdso32/system_call.S | 2 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 6 - arch/x86/include/asm/apic.h | 1 - arch/x86/include/asm/apm.h | 6 + arch/x86/include/asm/arch_hweight.h | 2 + arch/x86/include/asm/atomic.h | 1 - arch/x86/include/asm/atomic64_32.h | 1 - arch/x86/include/asm/barrier.h | 2 +- arch/x86/include/asm/cmpxchg.h | 1 + arch/x86/include/asm/cmpxchg_32.h | 2 +- arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/cpufeature.h | 584 +++----------- arch/x86/include/asm/cpufeatures.h | 335 ++++++++ arch/x86/include/asm/disabled-features.h | 18 + arch/x86/include/asm/fpu/internal.h | 184 +++-- arch/x86/include/asm/intel-family.h | 10 +- arch/x86/include/asm/irq_work.h | 2 +- arch/x86/include/asm/kvm_host.h | 8 +- arch/x86/include/asm/mmu.h | 15 +- arch/x86/include/asm/mmu_context.h | 25 +- arch/x86/include/asm/msr-index.h | 22 + arch/x86/include/asm/mwait.h | 2 + arch/x86/include/asm/nospec-branch.h | 56 +- arch/x86/include/asm/processor.h | 3 +- arch/x86/include/asm/required-features.h | 10 + arch/x86/include/asm/smap.h | 2 +- arch/x86/include/asm/smp.h | 10 - arch/x86/include/asm/spec-ctrl.h | 80 ++ arch/x86/include/asm/thread_info.h | 8 +- arch/x86/include/asm/tlbflush.h | 13 + arch/x86/include/asm/uaccess_64.h | 2 +- arch/x86/include/asm/xor_32.h | 2 +- arch/x86/kernel/apic/apic_numachip.c | 4 +- arch/x86/kernel/cpu/Makefile | 2 +- arch/x86/kernel/cpu/amd.c | 42 +- arch/x86/kernel/cpu/bugs.c | 427 +++++++++- arch/x86/kernel/cpu/centaur.c | 4 +- arch/x86/kernel/cpu/common.c | 193 +++-- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/cyrix.c | 1 + arch/x86/kernel/cpu/intel.c | 78 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 8 +- arch/x86/kernel/cpu/match.c | 2 +- arch/x86/kernel/cpu/mkcapflags.sh | 6 +- arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/cpu/mtrr/main.c | 4 +- arch/x86/kernel/cpu/perf_event_amd.c | 4 +- arch/x86/kernel/cpu/perf_event_amd_uncore.c | 11 +- arch/x86/kernel/cpu/scattered.c | 20 - arch/x86/kernel/cpu/transmeta.c | 6 +- arch/x86/kernel/e820.c | 1 + arch/x86/kernel/fpu/init.c | 4 +- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 4 +- arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/hw_breakpoint.c | 6 +- arch/x86/kernel/ldt.c | 4 +- arch/x86/kernel/msr.c | 2 +- arch/x86/kernel/process.c | 224 +++++- arch/x86/kernel/smpboot.c | 7 +- arch/x86/kernel/verify_cpu.S | 2 +- arch/x86/kernel/vm86_32.c | 4 +- arch/x86/kernel/vmlinux.lds.S | 11 + arch/x86/kvm/cpuid.c | 73 +- arch/x86/kvm/cpuid.h | 40 + arch/x86/kvm/irq.c | 2 +- arch/x86/kvm/lapic.c | 23 +- arch/x86/kvm/lapic.h | 4 +- arch/x86/kvm/svm.c | 157 +++- arch/x86/kvm/vmx.c | 884 ++++++++++++--------- arch/x86/kvm/x86.c | 33 +- arch/x86/lib/clear_page_64.S | 2 +- arch/x86/lib/copy_page_64.S | 2 +- arch/x86/lib/copy_user_64.S | 2 +- arch/x86/lib/memcpy_64.S | 2 +- arch/x86/lib/memmove_64.S | 2 +- arch/x86/lib/memset_64.S | 2 +- arch/x86/lib/retpoline.S | 2 +- arch/x86/mm/setup_nx.c | 5 +- arch/x86/mm/tlb.c | 33 + arch/x86/oprofile/op_model_amd.c | 1 - arch/x86/platform/efi/efi_64.c | 5 + arch/x86/um/asm/barrier.h | 2 +- arch/x86/xen/enlighten.c | 16 +- arch/x86/xen/suspend.c | 16 + drivers/base/cpu.c | 8 + drivers/char/hw_random/via-rng.c | 5 +- drivers/crypto/padlock-aes.c | 2 +- drivers/crypto/padlock-sha.c | 2 +- drivers/iommu/intel_irq_remapping.c | 2 +- fs/btrfs/disk-io.c | 2 +- fs/proc/array.c | 26 + include/linux/compiler.h | 4 + include/linux/cpu.h | 2 + include/linux/nospec.h | 10 + include/linux/sched.h | 9 + include/linux/seccomp.h | 3 +- include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 4 +- kernel/seccomp.c | 21 +- kernel/sys.c | 21 + lib/atomic64_test.c | 4 + tools/testing/selftests/seccomp/seccomp_bpf.c | 98 ++- 119 files changed, 2983 insertions(+), 1325 deletions(-) create mode 100644 Documentation/spec_ctrl.txt create mode 100644 arch/x86/include/asm/cpufeatures.h create mode 100644 arch/x86/include/asm/spec-ctrl.h
