ACK/Cmt: [SRU][Focal][PATCH 00/15] CVE-2024-2201

Mon May 27 13:13:34 UTC 2024

On 17/05/2024 09:57, Yuxuan Luo wrote:
> [Impact]
> Native BHI have shown that Linux on Intel CPUs is still vulnerable to
> Spectre v2 attack even with eIBRS enabled, making it possible for
> malicious userspace programs to leak kernel memory.
>
> [Backport]
> This patchset consist of 4 parts:
> 1. Native BHI patchset
> 2. Config update
> 3. Native BHI follow up fix round 1
> 4. Native BHI follow up fix round 2
>
> [Test]
> Boot tested with confirmation that the VMexit SW loop is called.
>
> [Where things could go wrong]
> Kernel crashes on affected CPUs, likely at boot. VMexit is also patched
> so booting a VM on an affected host could cause host kernel crashes as
> well.
>
>
> Daniel Sneddon (1):
>    x86/bhi: Define SPEC_CTRL_BHI_DIS_S
>
> Ingo Molnar (1):
>    x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
>
> Josh Poimboeuf (6):
>    x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
>    x86/bugs: Fix BHI documentation
>    x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
>    x86/bugs: Fix BHI handling of RRSBA
>    x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
>    x86/bugs: Fix BHI retpoline check
>
> Pawan Gupta (4):
>    x86/bhi: Add support for clearing branch history at syscall entry
>    x86/bhi: Enumerate Branch History Injection (BHI) bug
>    x86/bhi: Add BHI mitigation knob
>    x86/bhi: Mitigate KVM by default
>
> Sandipan Das (1):
>    x86/cpufeatures: Add new word for scattered features
>
> Sean Christopherson (1):
>    x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
>      word
>
> Yuxuan Luo (1):
>    UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|ON|OFF}
>
>   Documentation/admin-guide/hw-vuln/spectre.rst |  44 ++++-
>   .../admin-guide/kernel-parameters.txt         |  13 ++
>   arch/x86/Kconfig                              |  25 +++
>   arch/x86/entry/entry_64.S                     |  58 ++++++
>   arch/x86/entry/entry_64_compat.S              |   3 +
>   arch/x86/include/asm/cpufeature.h             |   8 +-
>   arch/x86/include/asm/cpufeatures.h            |  14 +-
>   arch/x86/include/asm/disabled-features.h      |   3 +-
>   arch/x86/include/asm/msr-index.h              |   9 +-
>   arch/x86/include/asm/nospec-branch.h          |  17 ++
>   arch/x86/include/asm/required-features.h      |   3 +-
>   arch/x86/kernel/cpu/bugs.c                    | 176 ++++++++++++++----
>   arch/x86/kernel/cpu/common.c                  |  62 +++---
>   arch/x86/kernel/cpu/scattered.c               |   1 +
>   arch/x86/kvm/cpuid.h                          |   2 +
>   arch/x86/kvm/vmx/vmenter.S                    |   2 +
>   debian.master/config/annotations              |   3 +
>   17 files changed, 365 insertions(+), 78 deletions(-)
>
For noble and jammy this is enabled by default by having one option 
`CONFIG_MITIGATION_SPECTRE_BHI = y`.
II wonder if we should follow a similar approach here too.
Nevertheless, the patchset looks good and we can also change it to 
default later.

Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>