- 05 Feb, 2018 40 commits
-
-
Thomas Gleixner authored
CVE-2017-5715 (Spectre v2 retpoline) commit 6cbd2171 upstream. There is currently no way to force CPU bug bits like CPU feature bits. That makes it impossible to set a bug bit once at boot and have it stick for all upcoming CPUs. Extend the force set/clear arrays to handle bug bits as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bp@suse.de> Cc: Andy Lutomirski <luto@kernel.org> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bpetkov@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Eduardo Valentin <eduval@amazon.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Juergen Gross <jgross@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Will Deacon <will.deacon@arm.com> Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Link: https://lkml.kernel.org/r/20171204150606.992156574@linutronix.deSigned-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 65b28590) Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Lutomirski authored
CVE-2017-5715 (Spectre v2 retpoline) commit 8bf1ebca upstream. There are multiple call sites that apply forced CPU caps. Factor them into a helper. Signed-off-by: Andy Lutomirski <luto@kernel.org> Reviewed-by: Borislav Petkov <bp@suse.de> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Matthew Whitehead <tedheadster@gmail.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Yu-cheng Yu <yu-cheng.yu@intel.com> Link: http://lkml.kernel.org/r/623ff7555488122143e4417de09b18be2085ad06.1484705016.git.luto@kernel.orgSigned-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 18b849b1) Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
He Chen authored
CVE-2017-5715 (Spectre v2 retpoline) Sparse populated CPUID leafs are collected in a software provided leaf to avoid bloat of the x86_capability array, but there is no way to rebuild the real leafs (e.g. for KVM CPUID enumeration) other than rereading the CPUID leaf from the CPU. While this is possible it is problematic as it does not take software disabled features into account. If a feature is disabled on the host it should not be exposed to a guest either. Add get_scattered_cpuid_leaf() which rebuilds the leaf from the scattered cpuid table information and the active CPU features. [ tglx: Rewrote changelog ] Signed-off-by: He Chen <he.chen@linux.intel.com> Reviewed-by: Borislav Petkov <bp@suse.de> Cc: Luwei Kang <luwei.kang@intel.com> Cc: kvm@vger.kernel.org Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Piotr Luc <Piotr.Luc@intel.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Paolo Bonzini <pbonzini@redhat.com> Link: http://lkml.kernel.org/r/1478856336-9388-3-git-send-email-he.chen@linux.intel.comSigned-off-by: Thomas Gleixner <tglx@linutronix.de> (backported from commit 47bdf337) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> (backported from commit 36c867e8) Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit ac92d827. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 87f0ff16. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit ffafbf6a. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 5f922fcb. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit fa24f391. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 1c050491. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 9c852c53. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 904c6712. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 905b2bac. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 021a73b4. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit eccbd5ac. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 6d289c83. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 7de295e2. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit f011884a. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 0e2f6c3e. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit e231ae74. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 92e0b0d6. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 49bb7a3c. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit b0c3e8bd. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 47a07600. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 70be2dd8. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 30907f82. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit e233ec08. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit ba5013cf. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 5e7fa023. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit ff2699c9. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 0f76330e. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 70df98e2. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit f3fd3c0a. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 44c314e1. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 0c42069d. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 88b00371. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 750beb6c. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit d3d0f0a2. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 8c36ea34. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 8339cae2. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Andy Whitcroft authored
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit b554560f. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-