Grand Schemozzle, 4.9 backport

Grand Schemozzle, 4.9 backport

[Ben Hutchings]

[-- Attachment #1.1: Type: text/plain, Size: 184 bytes --]

Here's a lightly tested backport of the Spectre v1 swapgs mitigation,
for 4.9.

Ben.

-- 
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.



[-- Attachment #1.2: gs-4.9.mbox --]
[-- Type: application/mbox, Size: 27190 bytes --]

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Grand Schemozzle, 4.9 backport

[Greg Kroah-Hartman]

On Fri, Aug 09, 2019 at 01:05:28AM +0100, Ben Hutchings wrote:
> Here's a lightly tested backport of the Spectre v1 swapgs mitigation,
> for 4.9.

Hm, you backported 64dbc122b20f ("x86/entry/64: Use JMP instead of
JMPQ") which is not in 4.14.y, yet you did not backport 4c92057661a3
("Documentation: Add swapgs description to the Spectre v1
documentation") which should go to this kernel too, right?

thanks,

greg k-h

Re: Grand Schemozzle, 4.9 backport

[Greg Kroah-Hartman]

On Fri, Aug 09, 2019 at 10:44:44AM +0200, Greg Kroah-Hartman wrote:
> On Fri, Aug 09, 2019 at 01:05:28AM +0100, Ben Hutchings wrote:
> > Here's a lightly tested backport of the Spectre v1 swapgs mitigation,
> > for 4.9.
> 
> Hm, you backported 64dbc122b20f ("x86/entry/64: Use JMP instead of
> JMPQ") which is not in 4.14.y, yet you did not backport 4c92057661a3
> ("Documentation: Add swapgs description to the Spectre v1
> documentation") which should go to this kernel too, right?

Same questions on your 4.4 backport.

thanks,

greg k-h

Re: Grand Schemozzle, 4.9 backport

[Ben Hutchings]

[-- Attachment #1: Type: text/plain, Size: 895 bytes --]

On Fri, 2019-08-09 at 10:44 +0200, Greg Kroah-Hartman wrote:
> On Fri, Aug 09, 2019 at 01:05:28AM +0100, Ben Hutchings wrote:
> > Here's a lightly tested backport of the Spectre v1 swapgs
> > mitigation,
> > for 4.9.
> 
> Hm, you backported 64dbc122b20f ("x86/entry/64: Use JMP instead of
> JMPQ") which is not in 4.14.y,

For 4.14, it was apparently folded into the backport of
"x86/speculation: Prepare entry code for Spectre v1 swapgs
mitigations".

> yet you did not backport 4c92057661a3
> ("Documentation: Add swapgs description to the Spectre v1
> documentation") which should go to this kernel too, right?

That touches a file that doesn't exist.  We'd first need a backport of
commit 6e88559470f5 "Documentation: Add section about CPU
vulnerabilities for Spectre".

Ben.

-- 
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Grand Schemozzle, 4.9 backport

[Greg Kroah-Hartman]

On Fri, Aug 09, 2019 at 12:46:37PM +0100, Ben Hutchings wrote:
> On Fri, 2019-08-09 at 10:44 +0200, Greg Kroah-Hartman wrote:
> > On Fri, Aug 09, 2019 at 01:05:28AM +0100, Ben Hutchings wrote:
> > > Here's a lightly tested backport of the Spectre v1 swapgs
> > > mitigation,
> > > for 4.9.
> > 
> > Hm, you backported 64dbc122b20f ("x86/entry/64: Use JMP instead of
> > JMPQ") which is not in 4.14.y,
> 
> For 4.14, it was apparently folded into the backport of
> "x86/speculation: Prepare entry code for Spectre v1 swapgs
> mitigations".

Ah, sneaky :(

> > yet you did not backport 4c92057661a3
> > ("Documentation: Add swapgs description to the Spectre v1
> > documentation") which should go to this kernel too, right?
> 
> That touches a file that doesn't exist.  We'd first need a backport of
> commit 6e88559470f5 "Documentation: Add section about CPU
> vulnerabilities for Spectre".

Ok, that makes sense.

Let me go queue both of these series now, thank you so much for these.

Also, I would like to formally apologize that you had to do this work on
no notice at all.  I, and others, have been asking Intel to allow you to
be involved in this type of thing for many many many months.  Despite
their assurance of "we got this", the obviously did not follow through
at all, and you and all Debian users suffered as a result.

thanks,

greg k-h

Re: Grand Schemozzle, 4.9 backport

[Ben Hutchings]

[-- Attachment #1: Type: text/plain, Size: 727 bytes --]

On Fri, 2019-08-09 at 14:36 +0200, Greg Kroah-Hartman wrote:
[...]
> Also, I would like to formally apologize that you had to do this work on
> no notice at all.  I, and others, have been asking Intel to allow you to
> be involved in this type of thing for many many many months.  Despite
> their assurance of "we got this", the obviously did not follow through
> at all, and you and all Debian users suffered as a result.

No apology needed.  Salvatore and I are now in regular contact with
Intel and did get a few weeks' notice from them.  We just didn't find
the time to get this ready for the end of embargo.

Ben.

-- 
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]