[Acked] [SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

[Andy Whitcroft]

On Wed, Nov 21, 2018 at 06:31:10PM +0100, Juerg Haefliger wrote:
> This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
> With this, Trusty matches Xenial. The introduced fuctional changes are:
>  - Write every IBPB and IBRS state change to the kernel log.
>  - Return an error if the user tries to enable IBRS or IBPB on HW that
>    doesn't support it.
>  - Expose the IBRS state through sysfs.
> 
> Compile-tested all architectures.
> 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> 
> 
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
> 
>  arch/x86/include/asm/nospec-branch.h | 12 +++--
>  arch/x86/include/asm/spec_ctrl.h     |  3 ++
>  arch/x86/kernel/acpi/cstate.c        |  4 +-
>  arch/x86/kernel/cpu/bugs.c           | 69 ++++++++++++++--------------
>  arch/x86/kernel/process.c            |  6 +--
>  arch/x86/kernel/smpboot.c            |  4 +-
>  kernel/sysctl.c                      | 61 ++++++++++++++----------
>  7 files changed, 88 insertions(+), 71 deletions(-)

Again I assume we can test this for semantic correctness once applied.
What we are trying to do is sane.

Acked-by: Andy Whitcroft <apw at canonical.com>

I assume we are not going to livepatch this.

-apw