Message ID | 20220615121336.3995470-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | MMIO Stale Data mitigations | expand |
Looks good. Acked-by: Kamal Mostafa <kamal@canonical.com> -Kamal On Wed, Jun 15, 2022 at 09:13:25AM -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > MMIO operations may lead to stale data to be present in processor buffers, > which may be used for information disclosure. > > [Mitigation] > Flush processor buffers before VMENTER for guests that have a device assigned. > > Josh Poimboeuf (1): > x86/speculation/mmio: Print SMT warning > > Pawan Gupta (10): > Documentation: Add documentation for Processor MMIO Stale Data > x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug > x86/speculation: Add a common function for MD_CLEAR mitigation update > x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data > x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations > x86/speculation/mmio: Enable CPU Fill buffer clearing on idle > x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale > Data > x86/speculation/srbds: Update SRBDS mitigation selection > x86/speculation/mmio: Reuse SRBDS mitigation for SBDS > KVM: x86/speculation: Disable Fill buffer clear within guests > > .../ABI/testing/sysfs-devices-system-cpu | 1 + > Documentation/admin-guide/hw-vuln/index.rst | 1 + > .../hw-vuln/processor_mmio_stale_data.rst | 246 ++++++++++++++++++ > .../admin-guide/kernel-parameters.txt | 36 +++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 25 ++ > arch/x86/include/asm/nospec-branch.h | 2 + > arch/x86/kernel/cpu/bugs.c | 235 ++++++++++++++--- > arch/x86/kernel/cpu/common.c | 52 +++- > arch/x86/kvm/vmx/vmx.c | 72 +++++ > arch/x86/kvm/vmx/vmx.h | 2 + > arch/x86/kvm/x86.c | 3 + > drivers/base/cpu.c | 8 + > include/linux/cpu.h | 3 + > tools/arch/x86/include/asm/cpufeatures.h | 1 + > tools/arch/x86/include/asm/msr-index.h | 25 ++ > 16 files changed, 674 insertions(+), 39 deletions(-) > create mode 100644 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
LGTM Acked-by: Ian May <ian.may@canonical.com> On 2022-06-15 09:13:25 , Thadeu Lima de Souza Cascardo wrote: > [Impact] > MMIO operations may lead to stale data to be present in processor buffers, > which may be used for information disclosure. > > [Mitigation] > Flush processor buffers before VMENTER for guests that have a device assigned. > > Josh Poimboeuf (1): > x86/speculation/mmio: Print SMT warning > > Pawan Gupta (10): > Documentation: Add documentation for Processor MMIO Stale Data > x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug > x86/speculation: Add a common function for MD_CLEAR mitigation update > x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data > x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations > x86/speculation/mmio: Enable CPU Fill buffer clearing on idle > x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale > Data > x86/speculation/srbds: Update SRBDS mitigation selection > x86/speculation/mmio: Reuse SRBDS mitigation for SBDS > KVM: x86/speculation: Disable Fill buffer clear within guests > > .../ABI/testing/sysfs-devices-system-cpu | 1 + > Documentation/admin-guide/hw-vuln/index.rst | 1 + > .../hw-vuln/processor_mmio_stale_data.rst | 246 ++++++++++++++++++ > .../admin-guide/kernel-parameters.txt | 36 +++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 25 ++ > arch/x86/include/asm/nospec-branch.h | 2 + > arch/x86/kernel/cpu/bugs.c | 235 ++++++++++++++--- > arch/x86/kernel/cpu/common.c | 52 +++- > arch/x86/kvm/vmx/vmx.c | 72 +++++ > arch/x86/kvm/vmx/vmx.h | 2 + > arch/x86/kvm/x86.c | 3 + > drivers/base/cpu.c | 8 + > include/linux/cpu.h | 3 + > tools/arch/x86/include/asm/cpufeatures.h | 1 + > tools/arch/x86/include/asm/msr-index.h | 25 ++ > 16 files changed, 674 insertions(+), 39 deletions(-) > create mode 100644 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 15.6.2022 15.13, Thadeu Lima de Souza Cascardo wrote: > [Impact] > MMIO operations may lead to stale data to be present in processor buffers, > which may be used for information disclosure. > > [Mitigation] > Flush processor buffers before VMENTER for guests that have a device assigned. > > Josh Poimboeuf (1): > x86/speculation/mmio: Print SMT warning > > Pawan Gupta (10): > Documentation: Add documentation for Processor MMIO Stale Data > x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug > x86/speculation: Add a common function for MD_CLEAR mitigation update > x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data > x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations > x86/speculation/mmio: Enable CPU Fill buffer clearing on idle > x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale > Data > x86/speculation/srbds: Update SRBDS mitigation selection > x86/speculation/mmio: Reuse SRBDS mitigation for SBDS > KVM: x86/speculation: Disable Fill buffer clear within guests > > .../ABI/testing/sysfs-devices-system-cpu | 1 + > Documentation/admin-guide/hw-vuln/index.rst | 1 + > .../hw-vuln/processor_mmio_stale_data.rst | 246 ++++++++++++++++++ > .../admin-guide/kernel-parameters.txt | 36 +++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 25 ++ > arch/x86/include/asm/nospec-branch.h | 2 + > arch/x86/kernel/cpu/bugs.c | 235 ++++++++++++++--- > arch/x86/kernel/cpu/common.c | 52 +++- > arch/x86/kvm/vmx/vmx.c | 72 +++++ > arch/x86/kvm/vmx/vmx.h | 2 + > arch/x86/kvm/x86.c | 3 + > drivers/base/cpu.c | 8 + > include/linux/cpu.h | 3 + > tools/arch/x86/include/asm/cpufeatures.h | 1 + > tools/arch/x86/include/asm/msr-index.h | 25 ++ > 16 files changed, 674 insertions(+), 39 deletions(-) > create mode 100644 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst > applied to oem-5.17, thanks