Re: FAILED: patch "[PATCH] x86/nospec: Fix i386 RSB stuffing" failed to apply to 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2022-09-06 at 14:07 +0200, Greg KH wrote:
> On Fri, Sep 02, 2022 at 04:26:57PM +0200, Ben Hutchings wrote:
> > On Thu, 2022-09-01 at 11:43 +0200, Greg KH wrote:
> > > On Mon, Aug 29, 2022 at 04:04:58PM +0200, Ben Hutchings wrote:
> > > > On Mon, 2022-08-29 at 10:30 +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> > > > > The patch below does not apply to the 5.10-stable tree.
> > > > > If someone wants it applied there, or to any other stable or longterm
> > > > > tree, then please email the backport, including the original git commit
> > > > > id to <stable@xxxxxxxxxxxxxxx>.
> > > > > 
> > > > 
> > > > You need commit 4e3aa9238277 "x86/nospec: Unwreck the RSB stuffing"
> > > > before this one.  I've attached the backport of that for 5.10.  I
> > > > haven't checked the older branches.
> > > 
> > > Great, thanks, this worked.  But the backport did not apply to 4.19, so
> > > I will need that in order to take this one as well.
> > 
> > I've had a look at 5.4, and it's sufficiently different from upstream
> > that I don't see how to move forward.
> > 
> > However, I also found that the PBRSB mitigation seems broken, as commit
> > fc02735b14ff "KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS"
> > was not backported (and would be hard to add).
> > 
> > So, perhaps it would be best to revert the backports of:
> > 
> > 2b1299322016 x86/speculation: Add RSB VM Exit protections
> > ba6e31af2be9 x86/speculation: Add LFENCE to RSB fill sequence
> > 
> > in stable branches older than 5.10.
> 
> Why?  Is it because they do not work at all there, or are they causing
> problems?

- They both add unconditional LFENCE instructions, which are not
implemented on older 32-bit CPUs and will therefore result in a crash.

- The added mitigation, for PBRSB, requires removing any RET
instructions executed between VM exit and the RSB filling.  In these
older branches that hasn't been done, so the mitigation doesn't work.

Ben.

-- 
Ben Hutchings
friends: People who know you well, but like you anyway.

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux