I'm announcing the release of the 5.1.2 kernel. All users of the 5.1 kernel series must upgrade. Well, kind of, let me rephrase that... All users of Intel processors made since 2011 must upgrade. Note, this release, and the other stable releases that are all being released right now at the same time, just went out all contain patches that have only seen the "public eye" for about 5 minutes. So be forwarned, they might break things, they might not build, but hopefully they fix things. Odds are we will be fixing a number of small things in this area for the next few weeks as things shake out on real hardware and workloads. So don't think you are done updating your kernel, you never are done with that :) As for what specifically these changes fix, I'll let the tech news sites fill you in on the details. Or go read the excellently written Xen Security Advisory 297: https://xenbits.xen.org/xsa/advisory-297.html That should give you a good idea of what a number of people have been dealing with for many many many months now. Many thanks goes out to Thomas Gleixner for going above and beyond to do the backports to the 5.1, 5.0, 4.19, and 4.14 kernel trees, and to Ben Hutchings for doing the 4.9 work. And of course to all of the developers who have been working on this in secret and doing reviews of the many different proposals and versions of the patches. As I said before just over a year ago, Intel once again owes a bunch of people a lot of drinks for fixing their hardware bugs, in our software... Anyway, as usual, the updated 5.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 4 Documentation/admin-guide/hw-vuln/index.rst | 13 Documentation/admin-guide/hw-vuln/l1tf.rst | 615 +++++++++++++++++++++ Documentation/admin-guide/hw-vuln/mds.rst | 308 ++++++++++ Documentation/admin-guide/index.rst | 6 Documentation/admin-guide/kernel-parameters.txt | 62 ++ Documentation/admin-guide/l1tf.rst | 614 -------------------- Documentation/index.rst | 1 Documentation/x86/conf.py | 10 Documentation/x86/index.rst | 8 Documentation/x86/mds.rst | 225 +++++++ Makefile | 2 arch/powerpc/kernel/security.c | 6 arch/powerpc/kernel/setup_64.c | 2 arch/s390/kernel/nospec-branch.c | 3 arch/x86/entry/common.c | 3 arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/msr-index.h | 39 - arch/x86/include/asm/mwait.h | 7 arch/x86/include/asm/nospec-branch.h | 50 + arch/x86/include/asm/processor.h | 6 arch/x86/kernel/cpu/bugs.c | 146 ++++ arch/x86/kernel/cpu/common.c | 121 ++-- arch/x86/kernel/nmi.c | 4 arch/x86/kernel/traps.c | 8 arch/x86/kvm/cpuid.c | 3 arch/x86/kvm/vmx/vmx.c | 7 arch/x86/mm/pti.c | 4 drivers/base/cpu.c | 8 include/linux/cpu.h | 26 kernel/cpu.c | 15 tools/power/x86/turbostat/Makefile | 2 tools/power/x86/x86_energy_perf_policy/Makefile | 2 34 files changed, 1632 insertions(+), 705 deletions(-) Andi Kleen (2): x86/speculation/mds: Add basic bug infrastructure for MDS x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests Boris Ostrovsky (1): x86/speculation/mds: Fix comment Greg Kroah-Hartman (1): Linux 5.1.2 Josh Poimboeuf (9): x86/speculation/mds: Add mds=full,nosmt cmdline option x86/speculation: Move arch_smt_update() call to after mitigation decisions x86/speculation/mds: Add SMT warning message cpu/speculation: Add 'mitigations=' cmdline option x86/speculation: Support 'mitigations=' cmdline option powerpc/speculation: Support 'mitigations=' cmdline option s390/speculation: Support 'mitigations=' cmdline option x86/speculation/mds: Add 'mitigations=' support for MDS x86/speculation/mds: Fix documentation typo Konrad Rzeszutek Wilk (1): x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off Thomas Gleixner (12): x86/msr-index: Cleanup bit defines x86/speculation: Consolidate CPU whitelists x86/speculation/mds: Add BUG_MSBDS_ONLY x86/speculation/mds: Add mds_clear_cpu_buffers() x86/speculation/mds: Clear CPU buffers on exit to user x86/kvm/vmx: Add MDS protection when L1D Flush is not active x86/speculation/mds: Conditionally clear CPU buffers on idle entry x86/speculation/mds: Add mitigation control for MDS x86/speculation/mds: Add sysfs reporting for MDS x86/speculation/mds: Add mitigation mode VMWERV Documentation: Move L1TF to separate directory Documentation: Add MDS vulnerability documentation Tyler Hicks (1): Documentation: Correct the possible MDS sysfs values speck for Pawan Gupta (1): x86/mds: Add MDSUM variant to the MDS documentation
Attachment:
signature.asc
Description: PGP signature