On Thu, 2022-09-01 at 11:43 +0200, Greg KH wrote:
> On Mon, Aug 29, 2022 at 04:04:58PM +0200, Ben Hutchings wrote:
> > On Mon, 2022-08-29 at 10:30 +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> > > The patch below does not apply to the 5.10-stable tree.
> > > If someone wants it applied there, or to any other stable or longterm
> > > tree, then please email the backport, including the original git commit
> > > id to <stable@xxxxxxxxxxxxxxx>.
> > >
> >
> > You need commit 4e3aa9238277 "x86/nospec: Unwreck the RSB stuffing"
> > before this one. I've attached the backport of that for 5.10. I
> > haven't checked the older branches.
>
> Great, thanks, this worked. But the backport did not apply to 4.19, so
> I will need that in order to take this one as well.
I've had a look at 5.4, and it's sufficiently different from upstream
that I don't see how to move forward.
However, I also found that the PBRSB mitigation seems broken, as commit
fc02735b14ff "KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS"
was not backported (and would be hard to add).
So, perhaps it would be best to revert the backports of:
2b1299322016 x86/speculation: Add RSB VM Exit protections
ba6e31af2be9 x86/speculation: Add LFENCE to RSB fill sequence
in stable branches older than 5.10.
Ben.
--
Ben Hutchings
Lowery's Law:
If it jams, force it. If it breaks, it needed replacing anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part
