[SRU][Bionic][PATCH 0/6] Bionic: Sync to Xenial (Spectre) (LP: #1822760)

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 0/6] Bionic: Sync to Xenial (Spectre) (LP: #1822760)

Juerg Haefliger
BugLink: https://bugs.launchpad.net/bugs/1822760

== SRU Justification ==

There are a couple of Spectre related commits in Xenial that never landed in Bionic. Fix that to prevent a regression when upgrading from Xenial to Bionic.

== Regression Potential ==

Low. These are not very intrusive commits that have been in upstream for quite a while.

== Fix ==

Backport the relevant commits from upstream.

== Test Case ==

TBD.

Compile-tested all architectures.

Signed-off-by: Juerg Haefliger <[hidden email]>


Juerg Haefliger (2):
  UBUNTU: SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
  UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip
    L1D flush on vmentry

Paolo Bonzini (1):
  KVM: VMX: fixes for vmentry_l1d_flush module parameter

Tom Lendacky (1):
  KVM: SVM: Add MSR-based feature support for serializing LFENCE

Vlastimil Babka (1):
  x86/speculation/l1tf: Suggest what to do on systems with too much RAM

Wanpeng Li (1):
  KVM: X86: Allow userspace to define the microcode version

 arch/x86/include/asm/kvm_host.h |  1 +
 arch/x86/kernel/cpu/bugs.c      |  4 +++
 arch/x86/kvm/svm.c              | 40 +++++++++++++++++++++++++++---
 arch/x86/kvm/vmx.c              | 43 +++++++++++++++++++--------------
 arch/x86/kvm/x86.c              | 18 ++++++++++----
 5 files changed, 79 insertions(+), 27 deletions(-)

--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 1/6] x86/speculation/l1tf: Suggest what to do on systems with too much RAM

Juerg Haefliger
From: Vlastimil Babka <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1822760

Two users have reported [1] that they have an "extremely unlikely" system
with more than MAX_PA/2 memory and L1TF mitigation is not effective.

Make the warning more helpful by suggesting the proper mem=X kernel boot
parameter to make it effective and a link to the L1TF document to help
decide if the mitigation is worth the unusable RAM.

[1] https://bugzilla.suse.com/show_bug.cgi?id=1105536

Suggested-by: Michal Hocko <[hidden email]>
Signed-off-by: Vlastimil Babka <[hidden email]>
Acked-by: Michal Hocko <[hidden email]>
Cc: "H . Peter Anvin" <[hidden email]>
Cc: Linus Torvalds <[hidden email]>
Cc: Andi Kleen <[hidden email]>
Cc: Dave Hansen <[hidden email]>
Cc: [hidden email]
Link: https://lkml.kernel.org/r/966571f0-9d7f-43dc-92c6-a10eec7a1254@...

(cherry picked from commit 6a012288d6906fee1dbc244050ade1dafe4a9c8d)
Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/kernel/cpu/bugs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index f95eccf27771..0101bfa0876c 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1016,6 +1016,10 @@ static void __init l1tf_select_mitigation(void)
  half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT;
  if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) {
  pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n");
+ pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n",
+ half_pa);
+ pr_info("However, doing so will make a part of your RAM unusable.\n");
+ pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html might help you decide.\n");
  return;
  }
 
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 2/6] KVM: SVM: Add MSR-based feature support for serializing LFENCE

Juerg Haefliger
In reply to this post by Juerg Haefliger
From: Tom Lendacky <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1822760

In order to determine if LFENCE is a serializing instruction on AMD
processors, MSR 0xc0011029 (MSR_F10H_DECFG) must be read and the state
of bit 1 checked.  This patch will add support to allow a guest to
properly make this determination.

Add the MSR feature callback operation to svm.c and add MSR 0xc0011029
to the list of MSR-based features.  If LFENCE is serializing, then the
feature is supported, allowing the hypervisor to set the value of the
MSR that guest will see.  Support is also added to write (hypervisor only)
and read the MSR value for the guest.  A write by the guest will result in
a #GP.  A read by the guest will return the value as set by the host.  In
this way, the support to expose the feature to the guest is controlled by
the hypervisor.

Reviewed-by: Paolo Bonzini <[hidden email]>
Signed-off-by: Tom Lendacky <[hidden email]>
Signed-off-by: Paolo Bonzini <[hidden email]>
Signed-off-by: Radim Krčmář <[hidden email]>

(backported from commit d1d93fa90f1afa926cb060b7f78ab01a65705b4d)
[juergh: Adjusted context.]
Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/kvm/svm.c | 36 +++++++++++++++++++++++++++++++++++-
 arch/x86/kvm/x86.c |  1 +
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 6c115ad577a2..ddca0a1175ab 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -175,6 +175,8 @@ struct vcpu_svm {
  uint64_t sysenter_eip;
  uint64_t tsc_aux;
 
+ u64 msr_decfg;
+
  u64 next_rip;
 
  u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
@@ -3597,7 +3599,18 @@ static int cr8_write_interception(struct vcpu_svm *svm)
 
 static int svm_get_msr_feature(struct kvm_msr_entry *msr)
 {
- return 1;
+ msr->data = 0;
+
+ switch (msr->index) {
+ case MSR_F10H_DECFG:
+ if (boot_cpu_has(X86_FEATURE_LFENCE_RDTSC))
+ msr->data |= MSR_F10H_DECFG_LFENCE_SERIALIZE;
+ break;
+ default:
+ return 1;
+ }
+
+ return 0;
 }
 
 static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
@@ -3697,6 +3710,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
  msr_info->data = 0x1E;
  }
  break;
+ case MSR_F10H_DECFG:
+ msr_info->data = svm->msr_decfg;
+ break;
  default:
  return kvm_get_msr_common(vcpu, msr_info);
  }
@@ -3883,6 +3899,24 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
  case MSR_VM_IGNNE:
  vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
  break;
+ case MSR_F10H_DECFG: {
+ struct kvm_msr_entry msr_entry;
+
+ msr_entry.index = msr->index;
+ if (svm_get_msr_feature(&msr_entry))
+ return 1;
+
+ /* Check the supported bits */
+ if (data & ~msr_entry.data)
+ return 1;
+
+ /* Don't allow the guest to change a bit, #GP */
+ if (!msr->host_initiated && (data ^ msr_entry.data))
+ return 1;
+
+ svm->msr_decfg = data;
+ break;
+ }
  case MSR_IA32_APICBASE:
  if (kvm_vcpu_apicv_active(vcpu))
  avic_update_vapic_bar(to_svm(vcpu), data);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 13804929adce..a7e18f678bc5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1053,6 +1053,7 @@ static unsigned num_emulated_msrs;
  * can be used by a hypervisor to validate requested CPU features.
  */
 static u32 msr_based_features[] = {
+ MSR_F10H_DECFG,
  MSR_IA32_ARCH_CAPABILITIES,
 };
 
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 3/6] KVM: VMX: fixes for vmentry_l1d_flush module parameter

Juerg Haefliger
In reply to this post by Juerg Haefliger
From: Paolo Bonzini <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1822760

Two bug fixes:

1) missing entries in the l1d_param array; this can cause a host crash
if an access attempts to reach the missing entry. Future-proof the get
function against any overflows as well.  However, the two entries
VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must
not be accepted by the parse function, so disable them there.

2) invalid values must be rejected even if the CPU does not have the
bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF)

... and a small refactoring, since the .cmd field is redundant with
the index in the array.

Reported-by: Bandan Das <[hidden email]>
Cc: [hidden email]
Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7
Signed-off-by: Paolo Bonzini <[hidden email]>

(cherry picked from commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950)
Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/kvm/vmx.c | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 37b095e7f00a..1b135b6232cc 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -203,12 +203,14 @@ static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_
 
 static const struct {
  const char *option;
- enum vmx_l1d_flush_state cmd;
+ bool for_parse;
 } vmentry_l1d_param[] = {
- {"auto", VMENTER_L1D_FLUSH_AUTO},
- {"never", VMENTER_L1D_FLUSH_NEVER},
- {"cond", VMENTER_L1D_FLUSH_COND},
- {"always", VMENTER_L1D_FLUSH_ALWAYS},
+ [VMENTER_L1D_FLUSH_AUTO] = {"auto", true},
+ [VMENTER_L1D_FLUSH_NEVER] = {"never", true},
+ [VMENTER_L1D_FLUSH_COND] = {"cond", true},
+ [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true},
+ [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false},
+ [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false},
 };
 
 #define L1D_CACHE_ORDER 4
@@ -292,8 +294,9 @@ static int vmentry_l1d_flush_parse(const char *s)
 
  if (s) {
  for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) {
- if (sysfs_streq(s, vmentry_l1d_param[i].option))
- return vmentry_l1d_param[i].cmd;
+ if (vmentry_l1d_param[i].for_parse &&
+    sysfs_streq(s, vmentry_l1d_param[i].option))
+ return i;
  }
  }
  return -EINVAL;
@@ -303,13 +306,13 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
 {
  int l1tf, ret;
 
- if (!boot_cpu_has(X86_BUG_L1TF))
- return 0;
-
  l1tf = vmentry_l1d_flush_parse(s);
  if (l1tf < 0)
  return l1tf;
 
+ if (!boot_cpu_has(X86_BUG_L1TF))
+ return 0;
+
  /*
  * Has vmx_init() run already? If not then this is the pre init
  * parameter parsing. In that case just store the value and let
@@ -329,6 +332,9 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
 
 static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
 {
+ if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param)))
+ return sprintf(s, "???\n");
+
  return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option);
 }
 
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 4/6] KVM: X86: Allow userspace to define the microcode version

Juerg Haefliger
In reply to this post by Juerg Haefliger
From: Wanpeng Li <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1822760

Linux (among the others) has checks to make sure that certain features
aren't enabled on a certain family/model/stepping if the microcode version
isn't greater than or equal to a known good version.

By exposing the real microcode version, we're preventing buggy guests that
don't check that they are running virtualized (i.e., they should trust the
hypervisor) from disabling features that are effectively not buggy.

Suggested-by: Filippo Sironi <[hidden email]>
Cc: Paolo Bonzini <[hidden email]>
Cc: Radim Krčmář <[hidden email]>
Cc: Liran Alon <[hidden email]>
Cc: Nadav Amit <[hidden email]>
Cc: Borislav Petkov <[hidden email]>
Cc: Tom Lendacky <[hidden email]>
Signed-off-by: Wanpeng Li <[hidden email]>
Reviewed-by: Paolo Bonzini <[hidden email]>
Signed-off-by: Radim Krčmář <[hidden email]>

(backported from commit 518e7b94817abed94becfe6a44f1ece0d4745afe)
[juergh:
 - Adjusted context.
 - rdmsrl -> rdmsrl_safe (to match final upstream).]
Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/include/asm/kvm_host.h |  1 +
 arch/x86/kvm/svm.c              |  4 +---
 arch/x86/kvm/vmx.c              |  1 +
 arch/x86/kvm/x86.c              | 11 +++++++++--
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 1a2309aeda6e..e76012ca0ddc 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -507,6 +507,7 @@ struct kvm_vcpu_arch {
  u64 smbase;
  bool tpr_access_reporting;
  u64 ia32_xss;
+ u64 microcode_version;
 
  /*
  * Paging state of the vcpu
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index ddca0a1175ab..4f9bd710bf5c 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1626,6 +1626,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
  u32 dummy;
  u32 eax = 1;
 
+ vcpu->arch.microcode_version = 0x01000065;
  svm->spec_ctrl = 0;
  svm->virt_spec_ctrl = 0;
 
@@ -3683,9 +3684,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 
  msr_info->data = svm->spec_ctrl;
  break;
- case MSR_IA32_UCODE_REV:
- msr_info->data = 0x01000065;
- break;
  case MSR_AMD64_VIRT_SPEC_CTRL:
  if (!msr_info->host_initiated &&
     !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 1b135b6232cc..18c11b66acd5 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5937,6 +5937,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
  vmx->rmode.vm86_active = 0;
  vmx->spec_ctrl = 0;
 
+ vcpu->arch.microcode_version = 0x100000000ULL;
  vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val();
  kvm_set_cr8(vcpu, 0);
 
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a7e18f678bc5..058415af8de1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1054,6 +1054,7 @@ static unsigned num_emulated_msrs;
  */
 static u32 msr_based_features[] = {
  MSR_F10H_DECFG,
+ MSR_IA32_UCODE_REV,
  MSR_IA32_ARCH_CAPABILITIES,
 };
 
@@ -1087,6 +1088,9 @@ static int kvm_get_msr_feature(struct kvm_msr_entry *msr)
  case MSR_IA32_ARCH_CAPABILITIES:
  msr->data = kvm_get_arch_capabilities();
  break;
+ case MSR_IA32_UCODE_REV:
+ rdmsrl_safe(msr->index, &msr->data);
+ break;
  default:
  if (kvm_x86_ops->get_msr_feature(msr))
  return 1;
@@ -2231,7 +2235,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 
  switch (msr) {
  case MSR_AMD64_NB_CFG:
- case MSR_IA32_UCODE_REV:
  case MSR_IA32_UCODE_WRITE:
  case MSR_VM_HSAVE_PA:
  case MSR_AMD64_PATCH_LOADER:
@@ -2239,6 +2242,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
  case MSR_AMD64_DC_CFG:
  break;
 
+ case MSR_IA32_UCODE_REV:
+ if (msr_info->host_initiated)
+ vcpu->arch.microcode_version = data;
+ break;
  case MSR_EFER:
  return set_efer(vcpu, data);
  case MSR_K7_HWCR:
@@ -2532,7 +2539,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
  msr_info->data = 0;
  break;
  case MSR_IA32_UCODE_REV:
- msr_info->data = 0x100000000ULL;
+ msr_info->data = vcpu->arch.microcode_version;
  break;
  case MSR_IA32_TSC:
  msr_info->data = kvm_scale_tsc(vcpu, rdtsc()) + vcpu->arch.tsc_offset;
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 5/6] UBUNTU: SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic

Juerg Haefliger
In reply to this post by Juerg Haefliger
BugLink: https://bugs.launchpad.net/bugs/1822760

The backport of upstream commit c595ceee4570 ("x86/KVM/VMX: Add L1D flush
logic") incorrectly put the enabling of L1D flushing in
kvm_write_guest_virt_helper() instead of kvm_write_guest_virt_system().

Fixes: f0ace387064d ("x86/KVM/VMX: Add L1D flush logic")
Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/kvm/x86.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 058415af8de1..ac17f53812af 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4681,9 +4681,6 @@ static int kvm_write_guest_virt_helper(gva_t addr, void *val, unsigned int bytes
  void *data = val;
  int r = X86EMUL_CONTINUE;
 
- /* kvm_write_guest_virt_system can pull in tons of pages. */
- vcpu->arch.l1tf_flush_l1d = true;
-
  while (bytes) {
  gpa_t gpa =  vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr,
      access,
@@ -4725,6 +4722,9 @@ static int emulator_write_std(struct x86_emulate_ctxt *ctxt, gva_t addr, void *v
 int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val,
  unsigned int bytes, struct x86_exception *exception)
 {
+ /* kvm_write_guest_virt_system can pull in tons of pages. */
+ vcpu->arch.l1tf_flush_l1d = true;
+
  return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
    PFERR_WRITE_MASK, exception);
 }
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PATCH 6/6] UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry

Juerg Haefliger
In reply to this post by Juerg Haefliger
BugLink: https://bugs.launchpad.net/bugs/1822760

Replace whitespaces with tabs to match upstream.

Fixes: 364a4311f8c6 ("x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry")
Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/kvm/vmx.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 18c11b66acd5..fdce59385cdf 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -226,15 +226,15 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
  return 0;
  }
 
-       if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) {
-       u64 msr;
-
-       rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);
-       if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {
-       l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
-       return 0;
-       }
-       }
+ if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) {
+ u64 msr;
+
+ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);
+ if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {
+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
+ return 0;
+ }
+ }
 
  /* If set to auto use the default l1tf mitigation method */
  if (l1tf == VMENTER_L1D_FLUSH_AUTO) {
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Bionic][PATCH 0/6] Bionic: Sync to Xenial (Spectre) (LP: #1822760)

Stefan Bader-2
In reply to this post by Juerg Haefliger
On 10.04.19 12:10, Juerg Haefliger wrote:

> BugLink: https://bugs.launchpad.net/bugs/1822760
>
> == SRU Justification ==
>
> There are a couple of Spectre related commits in Xenial that never landed in Bionic. Fix that to prevent a regression when upgrading from Xenial to Bionic.
>
> == Regression Potential ==
>
> Low. These are not very intrusive commits that have been in upstream for quite a while.
>
> == Fix ==
>
> Backport the relevant commits from upstream.
>
> == Test Case ==
>
> TBD.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (2):
>   UBUNTU: SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip
>     L1D flush on vmentry
>
> Paolo Bonzini (1):
>   KVM: VMX: fixes for vmentry_l1d_flush module parameter
>
> Tom Lendacky (1):
>   KVM: SVM: Add MSR-based feature support for serializing LFENCE
>
> Vlastimil Babka (1):
>   x86/speculation/l1tf: Suggest what to do on systems with too much RAM
>
> Wanpeng Li (1):
>   KVM: X86: Allow userspace to define the microcode version
>
>  arch/x86/include/asm/kvm_host.h |  1 +
>  arch/x86/kernel/cpu/bugs.c      |  4 +++
>  arch/x86/kvm/svm.c              | 40 +++++++++++++++++++++++++++---
>  arch/x86/kvm/vmx.c              | 43 +++++++++++++++++++--------------
>  arch/x86/kvm/x86.c              | 18 ++++++++++----
>  5 files changed, 79 insertions(+), 27 deletions(-)
>
Acked-by: Stefan Bader <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Bionic][PATCH 0/6] Bionic: Sync to Xenial (Spectre) (LP: #1822760)

Kleber Souza
In reply to this post by Juerg Haefliger
On 4/10/19 12:10 PM, Juerg Haefliger wrote:

> BugLink: https://bugs.launchpad.net/bugs/1822760
>
> == SRU Justification ==
>
> There are a couple of Spectre related commits in Xenial that never landed in Bionic. Fix that to prevent a regression when upgrading from Xenial to Bionic.
>
> == Regression Potential ==
>
> Low. These are not very intrusive commits that have been in upstream for quite a while.
>
> == Fix ==
>
> Backport the relevant commits from upstream.
>
> == Test Case ==
>
> TBD.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (2):
>   UBUNTU: SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip
>     L1D flush on vmentry
>
> Paolo Bonzini (1):
>   KVM: VMX: fixes for vmentry_l1d_flush module parameter
>
> Tom Lendacky (1):
>   KVM: SVM: Add MSR-based feature support for serializing LFENCE
>
> Vlastimil Babka (1):
>   x86/speculation/l1tf: Suggest what to do on systems with too much RAM
>
> Wanpeng Li (1):
>   KVM: X86: Allow userspace to define the microcode version
>
>  arch/x86/include/asm/kvm_host.h |  1 +
>  arch/x86/kernel/cpu/bugs.c      |  4 +++
>  arch/x86/kvm/svm.c              | 40 +++++++++++++++++++++++++++---
>  arch/x86/kvm/vmx.c              | 43 +++++++++++++++++++--------------
>  arch/x86/kvm/x86.c              | 18 ++++++++++----
>  5 files changed, 79 insertions(+), 27 deletions(-)
>

Acked-by: Kleber Sacilotto de Souza <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED: [SRU][Bionic][PATCH 0/6] Bionic: Sync to Xenial (Spectre) (LP: #1822760)

Stefan Bader-2
In reply to this post by Juerg Haefliger
On 10.04.19 12:10, Juerg Haefliger wrote:

> BugLink: https://bugs.launchpad.net/bugs/1822760
>
> == SRU Justification ==
>
> There are a couple of Spectre related commits in Xenial that never landed in Bionic. Fix that to prevent a regression when upgrading from Xenial to Bionic.
>
> == Regression Potential ==
>
> Low. These are not very intrusive commits that have been in upstream for quite a while.
>
> == Fix ==
>
> Backport the relevant commits from upstream.
>
> == Test Case ==
>
> TBD.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (2):
>   UBUNTU: SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip
>     L1D flush on vmentry
>
> Paolo Bonzini (1):
>   KVM: VMX: fixes for vmentry_l1d_flush module parameter
>
> Tom Lendacky (1):
>   KVM: SVM: Add MSR-based feature support for serializing LFENCE
>
> Vlastimil Babka (1):
>   x86/speculation/l1tf: Suggest what to do on systems with too much RAM
>
> Wanpeng Li (1):
>   KVM: X86: Allow userspace to define the microcode version
>
>  arch/x86/include/asm/kvm_host.h |  1 +
>  arch/x86/kernel/cpu/bugs.c      |  4 +++
>  arch/x86/kvm/svm.c              | 40 +++++++++++++++++++++++++++---
>  arch/x86/kvm/vmx.c              | 43 +++++++++++++++++++--------------
>  arch/x86/kvm/x86.c              | 18 ++++++++++----
>  5 files changed, 79 insertions(+), 27 deletions(-)
>
Applied to bionic/master-next. Thanks.

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment