| Message ID | 20220615121725.3995677-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | MMIO Stale Data mitigations | expand |
Looks good. Acked-by: Kamal Mostafa <kamal@canonical.com> -Kamal On Wed, Jun 15, 2022 at 09:17:14AM -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > MMIO operations may lead to stale data to be present in processor buffers, > which may be used for information disclosure. > > [Mitigation] > Flush processor buffers before VMENTER for guests that have a device assigned. > > [Backport] > L1D flush mitigation is not present, so required some context fixups. Also, > some small context fixups for the FB_CLEAR patch on vmx.c > > Josh Poimboeuf (1): > x86/speculation/mmio: Print SMT warning > > Pawan Gupta (10): > Documentation: Add documentation for Processor MMIO Stale Data > x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug > x86/speculation: Add a common function for MD_CLEAR mitigation update > x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data > x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations > x86/speculation/mmio: Enable CPU Fill buffer clearing on idle > x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale > Data > x86/speculation/srbds: Update SRBDS mitigation selection > x86/speculation/mmio: Reuse SRBDS mitigation for SBDS > KVM: x86/speculation: Disable Fill buffer clear within guests > > .../ABI/testing/sysfs-devices-system-cpu | 1 + > Documentation/admin-guide/hw-vuln/index.rst | 1 + > .../hw-vuln/processor_mmio_stale_data.rst | 246 ++++++++++++++++++ > .../admin-guide/kernel-parameters.txt | 36 +++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 25 ++ > arch/x86/include/asm/nospec-branch.h | 2 + > arch/x86/kernel/cpu/bugs.c | 235 ++++++++++++++--- > arch/x86/kernel/cpu/common.c | 52 +++- > arch/x86/kvm/vmx/vmx.c | 72 +++++ > arch/x86/kvm/vmx/vmx.h | 2 + > arch/x86/kvm/x86.c | 3 + > drivers/base/cpu.c | 8 + > include/linux/cpu.h | 3 + > tools/arch/x86/include/asm/cpufeatures.h | 1 + > tools/arch/x86/include/asm/msr-index.h | 25 ++ > 16 files changed, 674 insertions(+), 39 deletions(-) > create mode 100644 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
LGTM Acked-by: Ian May <ian.may@canonical.com> On 2022-06-15 09:17:14 , Thadeu Lima de Souza Cascardo wrote: > [Impact] > MMIO operations may lead to stale data to be present in processor buffers, > which may be used for information disclosure. > > [Mitigation] > Flush processor buffers before VMENTER for guests that have a device assigned. > > [Backport] > L1D flush mitigation is not present, so required some context fixups. Also, > some small context fixups for the FB_CLEAR patch on vmx.c > > Josh Poimboeuf (1): > x86/speculation/mmio: Print SMT warning > > Pawan Gupta (10): > Documentation: Add documentation for Processor MMIO Stale Data > x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug > x86/speculation: Add a common function for MD_CLEAR mitigation update > x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data > x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations > x86/speculation/mmio: Enable CPU Fill buffer clearing on idle > x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale > Data > x86/speculation/srbds: Update SRBDS mitigation selection > x86/speculation/mmio: Reuse SRBDS mitigation for SBDS > KVM: x86/speculation: Disable Fill buffer clear within guests > > .../ABI/testing/sysfs-devices-system-cpu | 1 + > Documentation/admin-guide/hw-vuln/index.rst | 1 + > .../hw-vuln/processor_mmio_stale_data.rst | 246 ++++++++++++++++++ > .../admin-guide/kernel-parameters.txt | 36 +++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 25 ++ > arch/x86/include/asm/nospec-branch.h | 2 + > arch/x86/kernel/cpu/bugs.c | 235 ++++++++++++++--- > arch/x86/kernel/cpu/common.c | 52 +++- > arch/x86/kvm/vmx/vmx.c | 72 +++++ > arch/x86/kvm/vmx/vmx.h | 2 + > arch/x86/kvm/x86.c | 3 + > drivers/base/cpu.c | 8 + > include/linux/cpu.h | 3 + > tools/arch/x86/include/asm/cpufeatures.h | 1 + > tools/arch/x86/include/asm/msr-index.h | 25 ++ > 16 files changed, 674 insertions(+), 39 deletions(-) > create mode 100644 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
applied to oem-5.14, thanks
[Impact] MMIO operations may lead to stale data to be present in processor buffers, which may be used for information disclosure. [Mitigation] Flush processor buffers before VMENTER for guests that have a device assigned. [Backport] L1D flush mitigation is not present, so required some context fixups. Also, some small context fixups for the FB_CLEAR patch on vmx.c Josh Poimboeuf (1): x86/speculation/mmio: Print SMT warning Pawan Gupta (10): Documentation: Add documentation for Processor MMIO Stale Data x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug x86/speculation: Add a common function for MD_CLEAR mitigation update x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations x86/speculation/mmio: Enable CPU Fill buffer clearing on idle x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data x86/speculation/srbds: Update SRBDS mitigation selection x86/speculation/mmio: Reuse SRBDS mitigation for SBDS KVM: x86/speculation: Disable Fill buffer clear within guests .../ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/processor_mmio_stale_data.rst | 246 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 36 +++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 25 ++ arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/kernel/cpu/bugs.c | 235 ++++++++++++++--- arch/x86/kernel/cpu/common.c | 52 +++- arch/x86/kvm/vmx/vmx.c | 72 +++++ arch/x86/kvm/vmx/vmx.h | 2 + arch/x86/kvm/x86.c | 3 + drivers/base/cpu.c | 8 + include/linux/cpu.h | 3 + tools/arch/x86/include/asm/cpufeatures.h | 1 + tools/arch/x86/include/asm/msr-index.h | 25 ++ 16 files changed, 674 insertions(+), 39 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst