Re: FAILED: patch "[PATCH] x86/nospec: Fix i386 RSB stuffing" failed to apply to 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Ben,

On Tue, Sep 06, 2022 at 07:07:57PM +0200, Ben Hutchings wrote:
> On Tue, 2022-09-06 at 14:07 +0200, Greg KH wrote:
> > On Fri, Sep 02, 2022 at 04:26:57PM +0200, Ben Hutchings wrote:
> > > On Thu, 2022-09-01 at 11:43 +0200, Greg KH wrote:
> > > > On Mon, Aug 29, 2022 at 04:04:58PM +0200, Ben Hutchings wrote:
> > > > > On Mon, 2022-08-29 at 10:30 +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> > > > > > The patch below does not apply to the 5.10-stable tree.
> > > > > > If someone wants it applied there, or to any other stable or longterm
> > > > > > tree, then please email the backport, including the original git commit
> > > > > > id to <stable@xxxxxxxxxxxxxxx>.
> > > > > > 
> > > > > 
> > > > > You need commit 4e3aa9238277 "x86/nospec: Unwreck the RSB stuffing"
> > > > > before this one.  I've attached the backport of that for 5.10.  I
> > > > > haven't checked the older branches.
> > > > 
> > > > Great, thanks, this worked.  But the backport did not apply to 4.19, so
> > > > I will need that in order to take this one as well.
> > > 
> > > I've had a look at 5.4, and it's sufficiently different from upstream
> > > that I don't see how to move forward.
> > > 
> > > However, I also found that the PBRSB mitigation seems broken, as commit
> > > fc02735b14ff "KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS"
> > > was not backported (and would be hard to add).
> > > 
> > > So, perhaps it would be best to revert the backports of:
> > > 
> > > 2b1299322016 x86/speculation: Add RSB VM Exit protections
> > > ba6e31af2be9 x86/speculation: Add LFENCE to RSB fill sequence
> > > 
> > > in stable branches older than 5.10.
> > 
> > Why?  Is it because they do not work at all there, or are they causing
> > problems?
> 
> - They both add unconditional LFENCE instructions, which are not
> implemented on older 32-bit CPUs and will therefore result in a crash.

Backporting commit 332924973725 ("x86/nospec: Fix i386 RSB stuffing") should
fix this?

  https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=332924973725e8cdcc783c175f68cf7e162cb9e5

> - The added mitigation, for PBRSB, requires removing any RET
> instructions executed between VM exit and the RSB filling.  In these
> older branches that hasn't been done, so the mitigation doesn't work.

I checked 4.19 and 5.4, I don't see any RET between VM-exit and RSB
filling. Could you please point me to any specific instance you are
seeing?

Thanks,
Pawan

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux