Re: [RESEND][PATCH 5.15.y 0/7] Delay VERW 5.15.y backport

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Mar 11, 2024 at 11:35:38AM -0700, Pawan Gupta wrote:
> On Mon, Mar 04, 2024 at 09:01:52PM -0800, Pawan Gupta wrote:
> > This is the backport of recently upstreamed series that moves VERW
> > execution to a later point in exit-to-user path. This is needed because
> > in some cases it may be possible for data accessed after VERW executions
> > may end into MDS affected CPU buffers. Moving VERW closer to ring
> > transition reduces the attack surface.
> > 
> > - The series includes a dependency commit f87bc8dc7a7c ("x86/asm: Add
> >   _ASM_RIP() macro for x86-64 (%rip) suffix").
> > 
> > - Patch 2 includes a change that adds runtime patching for jmp (instead
> >   of verw in original series) due to lack of rip-relative relocation
> >   support in kernels <v6.5.
> > 
> > - Fixed warning:
> >   arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction.
> > 
> > - Resolved merge conflicts in:
> > 	swapgs_restore_regs_and_return_to_usermode in entry_64.S.
> > 	__vmx_vcpu_run in vmenter.S.
> > 	vmx_update_fb_clear_dis in vmx.c.
> > 
> > - Boot tested with KASLR and KPTI enabled.
> > 
> > - Verified VERW being executed with mitigation ON, and not being
> >   executed with mitigation turned OFF.
> > 
> > To: stable@xxxxxxxxxxxxxxx
> > 
> > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> > ---
> > H. Peter Anvin (Intel) (1):
> >       x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
> > 
> > Pawan Gupta (5):
> >       x86/bugs: Add asm helpers for executing VERW
> >       x86/entry_64: Add VERW just before userspace transition
> >       x86/entry_32: Add VERW just before userspace transition
> >       x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
> >       KVM/VMX: Move VERW closer to VMentry for MDS mitigation
> > 
> > Sean Christopherson (1):
> >       KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH

[Resending this. Sorry, last time my mutt aliases didn't resolve
correctly for some reason.]

Could this and below backports be queue up?

5.10.y https://lore.kernel.org/stable/20240305-delay-verw-backport-5-10-y-v1-0-50bf452e96ba@xxxxxxxxxxxxxxx/
5.4.y  https://lore.kernel.org/stable/20240226122237.198921-1-nik.borisov@xxxxxxxx/

Just FYI.. this series is already in stable trees for 6.1, 6.6, 6.7.
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux