[SRU][J][PATCH v3 0/8] CVE-2024-25744

Yuxuan Luo yuxuan.luo at canonical.com
Mon Aug 26 15:01:17 UTC 2024 

v2: The v1 patch would make Jammy vulnerable to CVE-2024-2201 Native BHI
again, this v2 patch solves this issue.

v3: Solved some errors for [8/8]: duplicated parts of re-backporting
7390db8aea0d ("x86/bhi: Add support for clearing branch history at
syscall entry") and conflicts with ac8b270b61d4 ("x86/bhi: Avoid warning
in #DB handler due to BHI mitigation").

[Impact]
In x86 environment, untrusted virtual machines are able to send
interrupt that will be mistakenly interpretted by host as INT80
interrupt sent from host userspace programs, posessing threat to
the host's confidentiality.

[Backport]
For Jammy, a prerequisite, 1da5c9bc119d (“x86: Introduce
ia32_enabled()”), for the patch set is needed as denoted in the fix
commit message. And a follow-up fix, 32f5f73b79ff (“x86/fred: Fix INT80
emulation for FRED”), can be ignored because it is FRED specific and
FRED is yet to be introduced by 14619d912b65 (“x86/fred: FRED entry/exit
and dispatch code”).

Since this fix also touches the same code base where the Native BHI fix
modified, 7390db8aea0d ("x86/bhi: Add support for clearing branch
history at syscall entry") needs to be backported again to adjust
certain context, which requires f34f0d3c10eb (“x86/entry: Add
do_SYSENTER_32() prototype“) as a prerequisite.

[Test]
Compile and boot tested in a VM.

[Where things could go wrong]
It affects users running x32 operating system VMs on confidential
computing VMMs.

Arnd Bergmann (1):
  x86/entry: Add do_SYSENTER_32() prototype

Kirill A. Shutemov (1):
  x86/coco: Disable 32-bit emulation by default on TDX and SEV

Kuppuswamy Sathyanarayanan (1):
  x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c

Lukas Bulwahn (1):
  x86: Fix misspelled Kconfig symbols

Nikolay Borisov (1):
  x86: Introduce ia32_enabled()

Pawan Gupta (1):
  x86/bhi: Add support for clearing branch history at syscall entry

Thomas Gleixner (2):
  x86/entry: Convert INT 0x80 emulation to IDTENTRY
  x86/entry: Do not allow external 0x80 interrupts

 arch/x86/entry/common.c                       |  97 ++++++++++++++-
 arch/x86/entry/entry_64_compat.S              | 114 ++----------------
 arch/x86/include/asm/ia32.h                   |  23 +++-
 arch/x86/include/asm/idtentry.h               |   4 +
 arch/x86/include/asm/irq_stack.h              |   2 +-
 arch/x86/include/asm/nospec-branch.h          |   4 +
 arch/x86/include/asm/page_32.h                |   2 +-
 arch/x86/include/asm/proto.h                  |   4 -
 arch/x86/include/asm/syscall.h                |   7 +-
 arch/x86/include/asm/uaccess.h                |   2 +-
 arch/x86/kernel/idt.c                         |   2 +-
 arch/x86/mm/Makefile                          |   8 +-
 .../mm/{mem_encrypt.c => mem_encrypt_amd.c}   |  11 ++
 arch/x86/xen/enlighten_pv.c                   |   2 +-
 arch/x86/xen/xen-asm.S                        |   2 +-
 15 files changed, 164 insertions(+), 120 deletions(-)
 rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (97%)

-- 
2.34.1

More information about the kernel-team mailing list