Hi Ben,
On Tue, Sep 06, 2022 at 07:07:57PM +0200, Ben Hutchings wrote:
On Tue, 2022-09-06 at 14:07 +0200, Greg KH wrote:
On Fri, Sep 02, 2022 at 04:26:57PM +0200, Ben Hutchings wrote:
On Thu, 2022-09-01 at 11:43 +0200, Greg KH wrote:
On Mon, Aug 29, 2022 at 04:04:58PM +0200, Ben Hutchings wrote:
On Mon, 2022-08-29 at 10:30 +0200, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
You need commit 4e3aa9238277 "x86/nospec: Unwreck the RSB stuffing" before this one. I've attached the backport of that for 5.10. I haven't checked the older branches.
Great, thanks, this worked. But the backport did not apply to 4.19, so I will need that in order to take this one as well.
I've had a look at 5.4, and it's sufficiently different from upstream that I don't see how to move forward.
However, I also found that the PBRSB mitigation seems broken, as commit fc02735b14ff "KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS" was not backported (and would be hard to add).
So, perhaps it would be best to revert the backports of:
2b1299322016 x86/speculation: Add RSB VM Exit protections ba6e31af2be9 x86/speculation: Add LFENCE to RSB fill sequence
in stable branches older than 5.10.
Why? Is it because they do not work at all there, or are they causing problems?
- They both add unconditional LFENCE instructions, which are not
implemented on older 32-bit CPUs and will therefore result in a crash.
Backporting commit 332924973725 ("x86/nospec: Fix i386 RSB stuffing") should fix this?
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=33292...
- The added mitigation, for PBRSB, requires removing any RET
instructions executed between VM exit and the RSB filling. In these older branches that hasn't been done, so the mitigation doesn't work.
I checked 4.19 and 5.4, I don't see any RET between VM-exit and RSB filling. Could you please point me to any specific instance you are seeing?
Thanks, Pawan