proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-31 19:12:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0de05d056a
mirror_ubuntu-kernels/arch/x86
History
Josh Poimboeuf 0de05d056a x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT 
The commit

   44a3918c82 ("x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting")

added a warning for the "eIBRS + unprivileged eBPF" combination, which
has been shown to be vulnerable against Spectre v2 BHB-based attacks.

However, there's no warning about the "eIBRS + LFENCE retpoline +
unprivileged eBPF" combo. The LFENCE adds more protection by shortening
the speculation window after a mispredicted branch. That makes an attack
significantly more difficult, even with unprivileged eBPF. So at least
for now the logic doesn't warn about that combination.

But if you then add SMT into the mix, the SMT attack angle weakens the
effectiveness of the LFENCE considerably.

So extend the "eIBRS + unprivileged eBPF" warning to also include the
"eIBRS + LFENCE + unprivileged eBPF + SMT" case.

  [ bp: Massage commit message. ]

Suggested-by: Alyssa Milburn <alyssa.milburn@linux.intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
2022-03-05 09:30:47 +01:00
..
boot Kbuild updates for v5.17 2022-01-19 11:15:19 +02:00
configs x86/kbuild: Enable CONFIG_KALLSYMS_ALL=y in the defconfigs 2022-01-08 22:55:29 +01:00
crypto lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI 2022-02-04 19:22:32 +01:00
entry Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2022-01-17 05:49:30 +02:00
events perf/x86/intel/pt: Fix crash with stop filters in single-range mode 2022-02-02 13:11:40 +01:00
hyperv hyperv-next for 5.17 2022-01-16 15:53:00 +02:00
ia32 audit/stable-5.16 PR 20211101 2021-11-01 21:17:39 -07:00
include x86/speculation: Add eIBRS + Retpoline options 2022-02-21 10:21:35 +01:00
kernel x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT 2022-03-05 09:30:47 +01:00
kvm KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW 2022-02-14 07:44:51 -05:00
lib x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE 2022-02-21 10:21:28 +01:00
math-emu x86: Prepare asm files for straight-line-speculation 2021-12-08 12:25:37 +01:00
mm Merge branch 'akpm' (patches from Andrew) 2022-01-15 20:37:06 +02:00
net x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE 2022-02-21 10:21:28 +01:00
pci PCI/sysfs: Find shadow ROM before static attribute initialization 2022-01-26 10:41:21 -06:00
platform - Get rid of all the .fixup sections because this generates 2022-01-12 16:31:19 -08:00
power x86: Prepare asm files for straight-line-speculation 2021-12-08 12:25:37 +01:00
purgatory x86/purgatory: Remove -nostdlib compiler flag 2021-12-30 14:13:06 +01:00
ras
realmode - Flush *all* mappings from the TLB after switching to the trampoline 2022-01-10 09:51:38 -08:00
tools x86/build: Use the proper name CONFIG_FW_LOADER 2021-12-29 22:20:38 +01:00
um bitmap patches for 5.17-rc1 2022-01-23 06:20:44 +02:00
video
xen xen/x2apic: Fix inconsistent indenting 2022-02-10 11:10:20 +01:00
.gitignore
Kbuild kbuild: use more subdir- for visiting subdirectories while cleaning 2021-10-24 13:49:46 +09:00
Kconfig ftrace: Have architectures opt-in for mcount build time sorting 2022-01-27 19:15:44 -05:00
Kconfig.assembler
Kconfig.cpu x86/mmx_32: Remove X86_USE_3DNOW 2021-12-11 09:09:45 +01:00
Kconfig.debug tracing: Refactor TRACE_IRQFLAGS_SUPPORT in Kconfig 2021-08-16 11:37:21 -04:00
Makefile x86: Add straight-line-speculation mitigation 2021-12-09 13:32:25 +01:00
Makefile_32.cpu x86/build: Do not add -falign flags unconditionally for clang 2021-09-19 10:35:53 +09:00
Makefile.um um: allow not setting extra rpaths in the linux binary 2021-06-17 21:54:15 +02:00