[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: 1ac116ce6468670eeda39345a5585df308243dca
Status in newer kernel trees: 6.14.y | Present (different SHA1: d94999d36def) 6.12.y | Present (different SHA1: 13a7b7b4c7a7) 6.6.y | Present (different SHA1: aef0566edca8) 6.1.y | Present (different SHA1: 145182f52b93)
Note: The patch differs from the upstream commit: --- 1: 1ac116ce64686 ! 1: e24360a0c5e89 Documentation: x86/bugs/its: Add ITS documentation @@ Metadata ## Commit message ## Documentation: x86/bugs/its: Add ITS documentation
+ commit 1ac116ce6468670eeda39345a5585df308243dca upstream. + Add the admin-guide for Indirect Target Selection (ITS).
Signed-off-by: Pawan Gupta pawan.kumar.gupta@linux.intel.com @@ Commit message
## Documentation/admin-guide/hw-vuln/index.rst ## @@ Documentation/admin-guide/hw-vuln/index.rst: are configurable at compile, boot or run time. - gather_data_sampling + gather_data_sampling.rst + srso reg-file-data-sampling - rsb + indirect-target-selection
## Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new) ## @@ Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new) +reason, when retpoline is enabled, ITS mitigation only relocates the RETs to +safe thunks. Unless user requested the RSB-stuffing mitigation. + -+RSB Stuffing -+~~~~~~~~~~~~ -+RSB-stuffing via Call Depth Tracking is a mitigation for Retbleed RSB-underflow -+attacks. And it also mitigates RETs that are vulnerable to ITS. -+ +Mitigation in guests +^^^^^^^^^^^^^^^^^^^^ +All guests deploy ITS mitigation by default, irrespective of eIBRS enumeration @@ Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new) + useful when host userspace is not in the threat model, and only + attacks from guest to host are considered. + -+ stuff Deploy RSB-fill mitigation when retpoline is also deployed. -+ Otherwise, deploy the default mitigation. When retpoline mitigation -+ is enabled, RSB-stuffing via Call-Depth-Tracking also mitigates -+ ITS. -+ + force Force the ITS bug and deploy the default mitigation. + ======== =================================================================== + @@ Documentation/admin-guide/hw-vuln/indirect-target-selection.rst (new) + * - Mitigation: Aligned branch/return thunks + - The mitigation is enabled, affected indirect branches and RETs are + relocated to safe thunks. -+ * - Mitigation: Retpolines, Stuffing RSB -+ - The mitigation is enabled using retpoline and RSB stuffing. + +References +---------- ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |