| Message ID | 20181121173113.13474-1-juergh@canonical.com |
|---|---|
| Headers | show |
| Series | Cleanups for CVE-2017-5715 (Spectre v2) | expand |
On 11/21/18 6:31 PM, Juerg Haefliger wrote: > This is the second round of IBPB/IBRS runtime control cleanups for Trusty. > With this, Trusty matches Xenial. The introduced fuctional changes are: > - Write every IBPB and IBRS state change to the kernel log. > - Return an error if the user tries to enable IBRS or IBPB on HW that > doesn't support it. > - Expose the IBRS state through sysfs. > > Compile-tested all architectures. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > > > Juerg Haefliger (3): > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > (v2) > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > (v2) > UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk > > arch/x86/include/asm/nospec-branch.h | 12 +++-- > arch/x86/include/asm/spec_ctrl.h | 3 ++ > arch/x86/kernel/acpi/cstate.c | 4 +- > arch/x86/kernel/cpu/bugs.c | 69 ++++++++++++++-------------- > arch/x86/kernel/process.c | 6 +-- > arch/x86/kernel/smpboot.c | 4 +- > kernel/sysctl.c | 61 ++++++++++++++---------- > 7 files changed, 88 insertions(+), 71 deletions(-) > With the fixed CVE reference fixed on the last patch: Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 2018-11-21 18:31:10, Juerg Haefliger wrote: > This is the second round of IBPB/IBRS runtime control cleanups for Trusty. > With this, Trusty matches Xenial. The introduced fuctional changes are: > - Write every IBPB and IBRS state change to the kernel log. > - Return an error if the user tries to enable IBRS or IBPB on HW that > doesn't support it. > - Expose the IBRS state through sysfs. > > Compile-tested all architectures. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > > > Juerg Haefliger (3): > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > (v2) > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > (v2) > UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk > > arch/x86/include/asm/nospec-branch.h | 12 +++-- > arch/x86/include/asm/spec_ctrl.h | 3 ++ > arch/x86/kernel/acpi/cstate.c | 4 +- > arch/x86/kernel/cpu/bugs.c | 69 ++++++++++++++-------------- > arch/x86/kernel/process.c | 6 +-- > arch/x86/kernel/smpboot.c | 4 +- > kernel/sysctl.c | 61 ++++++++++++++---------- > 7 files changed, 88 insertions(+), 71 deletions(-) > > -- With the same log message adjustment that I asked for in the Xenial patch set, this gets my ack. This set was a lot more straightforward than the Xenial set... Acked-by: Tyler Hicks <tyhicks@canonical.com> Tyler
This needs more work. ...Juerg On Wed, 21 Nov 2018 18:31:10 +0100 Juerg Haefliger <juerg.haefliger@canonical.com> wrote: > This is the second round of IBPB/IBRS runtime control cleanups for Trusty. > With this, Trusty matches Xenial. The introduced fuctional changes are: > - Write every IBPB and IBRS state change to the kernel log. > - Return an error if the user tries to enable IBRS or IBPB on HW that > doesn't support it. > - Expose the IBRS state through sysfs. > > Compile-tested all architectures. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > > > Juerg Haefliger (3): > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > (v2) > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > (v2) > UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk > > arch/x86/include/asm/nospec-branch.h | 12 +++-- > arch/x86/include/asm/spec_ctrl.h | 3 ++ > arch/x86/kernel/acpi/cstate.c | 4 +- > arch/x86/kernel/cpu/bugs.c | 69 ++++++++++++++-------------- > arch/x86/kernel/process.c | 6 +-- > arch/x86/kernel/smpboot.c | 4 +- > kernel/sysctl.c | 61 ++++++++++++++---------- > 7 files changed, 88 insertions(+), 71 deletions(-) >
This is the second round of IBPB/IBRS runtime control cleanups for Trusty. With this, Trusty matches Xenial. The introduced fuctional changes are: - Write every IBPB and IBRS state change to the kernel log. - Return an error if the user tries to enable IBRS or IBPB on HW that doesn't support it. - Expose the IBRS state through sysfs. Compile-tested all architectures. Signed-off-by: Juerg Haefliger <juergh@canonical.com> Juerg Haefliger (3): UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling (v2) UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (v2) UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk arch/x86/include/asm/nospec-branch.h | 12 +++-- arch/x86/include/asm/spec_ctrl.h | 3 ++ arch/x86/kernel/acpi/cstate.c | 4 +- arch/x86/kernel/cpu/bugs.c | 69 ++++++++++++++-------------- arch/x86/kernel/process.c | 6 +-- arch/x86/kernel/smpboot.c | 4 +- kernel/sysctl.c | 61 ++++++++++++++---------- 7 files changed, 88 insertions(+), 71 deletions(-)