On Wed, Mar 21, 2018 at 12:11:10PM +0100, 王金浦 wrote:
2018-03-21 0:19 GMT+01:00 Ben Hutchings ben.hutchings@codethink.co.uk:
On Sun, 2018-03-18 at 11:14 +0100, Greg Kroah-Hartman wrote:
On Fri, Mar 16, 2018 at 04:55:37PM -0600, Jerry Hoemann wrote:
Greg,
Sorry, if I'm missing something, but I see 3 patches for hpwdt queued up for 4.4:
queue-4.4/watchdog-hpwdt-fix-unused-variable-warning.patch queue-4.4/watchdog-hpwdt-smbios-check.patch queue-4.4/watchdog-hpwdt-check-source-of-nmi.patchShouldn't there also be a 4.4 patch for
commit 2b3d89b402b085b08498e896c65267a145bed486 watchdog: hpwdt: Remove legacy NMI sourcing.As there was for 4.15, 4.14, and 4.9?
It does not apply to the 4.4.y kernel branch. If you feel it should be there, please provide a working backport.
commit 2b3d89b40 is the Spectre related patch.
If you look closely, not many Spectre-related patches are merged into 4.4.y as no one has taken the time to do the backporting. I thought someone was working on this, but odds are they just moved to 4.9.y or 4.14.y as everyone really should if they care about these issues with their platforms.
So if you care about Spectre, I strongly recommend using 4.14.y or newer.
I think you have most of the Spectre stuff aside from microcode supported fixes. These are still missing on the 4.4 branch though:
8fa80c503b48 nospec: Move array_index_nospec() parameter checking into separate macro 1d91c1d2c80c nospec: Kill array_index_nospec_mask_check()
I think there may also be some extra uaccess functions that didn't get the nospec treatment.
I'll probably look into backporting the microcode stuff to the older branches (4.4, then 3.16 and 3.2) at some point.
Ben.
-- Ben Hutchings Software Developer, Codethink Ltd.
Hi, Ben,
It will be great, if you can backport spectre fixes into 4.4, I'm happy to test your port. The patch list I gathered when I did porting to 4.4:
If you completed the port to v4.4 already, can you make it available for others ?
Thanks, Guenter
d3eba77440 x86/cpufeatures: Add CPUID_7_EDX CPUID leaf 40532f65cc x86/cpufeatures: Add Intel feature bits for Speculatio c26a6bea26 x86/cpufeatures: Add AMD feature bits for Speculation Control af57d43c908 x86/msr: Add definitions for new speculation control a8799fd14d x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown 6c5e49150a x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes 31fd9eda7f6 x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support 77b3b3ee238 x86/cpufeatures: Clean up Spectre v2 related CPUID flags 77d1424d2fb x86/retpoline: Simplify vmexit_fill_RSB() d7f8d17406d x86/entry/64: Remove the SYSCALL64 fast path 572e509178 x86/entry/64: Push extra regs right away e06d7bfb223 x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec ae75f83e79 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} 065eae4be83 x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec cda6b6074cc6f9 x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel 4b234a253e52 x86/pti: Mark constant arrays as __initconst b7649e1776706 KVM: nVMX: mark vmcs12 pages dirty on L2 exit 46e24dfc2df KVM: nVMX: Eliminate vmcs02 pool ff546f9d83d3 KVM: VMX: introduce alloc_loaded_vmcs 6236b782eba37 KVM: VMX: make MSR bitmaps per-VCPU 7013129a403 KVM/x86: Add IBPB support 755502f810c6 KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES e5a83419c957 KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL fc00dde96099a1 KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
commit id is from linux-4.9.y
Might be more due to dependency.
Thanks, Jack Wang