diff options
| author | egnappahz | 2023-08-03 10:52:09 +0200 |
|---|---|---|
| committer | egnappahz | 2023-08-03 10:52:09 +0200 |
| commit | cac346b64dff16be7e79546242c48c7f89e3e7b1 (patch) | |
| tree | 4a70e20a83481e51aa002a99a138d831218cbc37 | |
| parent | 0a1c9b2c0f51654d5d1204a20b59543788305c07 (diff) | |
| download | aur-cac346b64dff16be7e79546242c48c7f89e3e7b1.tar.gz | |
clean it up
Signed-off-by: egnappahz <egnappah@gmail.com>
| -rw-r--r-- | disable-CONFIG_PER_VMA_LOCK.patch | 26 | ||||
| -rw-r--r-- | enable_STIBP.patch | 93 |
2 files changed, 0 insertions, 119 deletions
diff --git a/disable-CONFIG_PER_VMA_LOCK.patch b/disable-CONFIG_PER_VMA_LOCK.patch deleted file mode 100644 index 340aecb2d444..000000000000 --- a/disable-CONFIG_PER_VMA_LOCK.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d1ede67eef06f1f064cf61e519881528359e37c7 Mon Sep 17 00:00:00 2001 -From: egnappahz <egnappah@gmail.com> -Date: Fri, 7 Jul 2023 15:52:26 +0200 -Subject: [PATCH] disable CONFIG_PER_VMA_LOCK by default until its fixed - -Signed-off-by: egnappahz <egnappah@gmail.com> ---- - mm/Kconfig | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mm/Kconfig b/mm/Kconfig -index e3454087fd31..3507251a5528 100644 ---- a/mm/Kconfig -+++ b/mm/Kconfig -@@ -1198,7 +1198,7 @@ config ARCH_SUPPORTS_PER_VMA_LOCK - def_bool n - - config PER_VMA_LOCK -- def_bool y -+ bool "Enable per-vma locking during page fault handling." - depends on ARCH_SUPPORTS_PER_VMA_LOCK && MMU && SMP - help - Allow per-vma locking during page fault handling. --- -2.41.0 - diff --git a/enable_STIBP.patch b/enable_STIBP.patch deleted file mode 100644 index 5eb32008a139..000000000000 --- a/enable_STIBP.patch +++ /dev/null @@ -1,93 +0,0 @@ -From fd470a8beed88440b160d690344fbae05a0b9b1b Mon Sep 17 00:00:00 2001 -From: Kim Phillips <kim.phillips@amd.com> -Date: Thu, 20 Jul 2023 14:47:27 -0500 -Subject: x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled - -Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not -provide protection to processes running at CPL3/user mode, see section -"Extended Feature Enable Register (EFER)" in the APM v2 at -https://bugzilla.kernel.org/attachment.cgi?id=304652 - -Explicitly enable STIBP to protect against cross-thread CPL3 -branch target injections on systems with Automatic IBRS enabled. - -Also update the relevant documentation. - -Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS") -Reported-by: Tom Lendacky <thomas.lendacky@amd.com> -Signed-off-by: Kim Phillips <kim.phillips@amd.com> -Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> -Cc: stable@vger.kernel.org -Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com ---- - Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++++---- - arch/x86/kernel/cpu/bugs.c | 15 +++++++++------ - 2 files changed, 16 insertions(+), 10 deletions(-) - -diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst -index 4d186f599d90f..32a8893e56177 100644 ---- a/Documentation/admin-guide/hw-vuln/spectre.rst -+++ b/Documentation/admin-guide/hw-vuln/spectre.rst -@@ -484,11 +484,14 @@ Spectre variant 2 - - Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at - boot, by setting the IBRS bit, and they're automatically protected against -- Spectre v2 variant attacks, including cross-thread branch target injections -- on SMT systems (STIBP). In other words, eIBRS enables STIBP too. -+ Spectre v2 variant attacks. - -- Legacy IBRS systems clear the IBRS bit on exit to userspace and -- therefore explicitly enable STIBP for that -+ On Intel's enhanced IBRS systems, this includes cross-thread branch target -+ injections on SMT systems (STIBP). In other words, Intel eIBRS enables -+ STIBP, too. -+ -+ AMD Automatic IBRS does not protect userspace, and Legacy IBRS systems clear -+ the IBRS bit on exit to userspace, therefore both explicitly enable STIBP. - - The retpoline mitigation is turned on by default on vulnerable - CPUs. It can be forced on or off by the administrator -diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c -index 9e2a91830f728..95507448e7814 100644 ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -1150,19 +1150,21 @@ spectre_v2_user_select_mitigation(void) - } - - /* -- * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP -+ * If no STIBP, Intel enhanced IBRS is enabled, or SMT impossible, STIBP - * is not required. - * -- * Enhanced IBRS also protects against cross-thread branch target -+ * Intel's Enhanced IBRS also protects against cross-thread branch target - * injection in user-mode as the IBRS bit remains always set which - * implicitly enables cross-thread protections. However, in legacy IBRS - * mode, the IBRS bit is set only on kernel entry and cleared on return -- * to userspace. This disables the implicit cross-thread protection, -- * so allow for STIBP to be selected in that case. -+ * to userspace. AMD Automatic IBRS also does not protect userspace. -+ * These modes therefore disable the implicit cross-thread protection, -+ * so allow for STIBP to be selected in those cases. - */ - if (!boot_cpu_has(X86_FEATURE_STIBP) || - !smt_possible || -- spectre_v2_in_eibrs_mode(spectre_v2_enabled)) -+ (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && -+ !boot_cpu_has(X86_FEATURE_AUTOIBRS))) - return; - - /* -@@ -2294,7 +2296,8 @@ static ssize_t mmio_stale_data_show_state(char *buf) - - static char *stibp_state(void) - { -- if (spectre_v2_in_eibrs_mode(spectre_v2_enabled)) -+ if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && -+ !boot_cpu_has(X86_FEATURE_AUTOIBRS)) - return ""; - - switch (spectre_v2_user_stibp) { --- -cgit - |