Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp87363lqp; Fri, 12 Apr 2024 11:10:47 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXDxDVQX6zSOfbGFM7HohMH55KotAUm7lULwJcZ31qOhSr/8Fdyzh5NQuqEMoPy+Jczvty0TBqIEwra4/WvZa/hA6ZN3U4CWR7o7Xb4eA== X-Google-Smtp-Source: AGHT+IFCT7NTPpE1sBmxof9IjHSBmwLt8UzNi1/sUVBnktJFl7gBhKgaaNU5QrifK1Y+KjZPewWT X-Received: by 2002:a19:f714:0:b0:516:d8df:2e0 with SMTP id z20-20020a19f714000000b00516d8df02e0mr2683848lfe.45.1712945447219; Fri, 12 Apr 2024 11:10:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712945447; cv=pass; d=google.com; s=arc-20160816; b=t+qDrlwXseuld311ueDJUe5QYxDecZBddwLHTDtppnK8kWXBe4vDkC0/vS6e9l45Rl kAS70QiUKv203d+Wl0JAB2HSEIR/dwBoVVrapLkr9IxacL5JO8vrKaXAyvNeQVCidhjD bnHyMCjpAcQ1oeLGJepQsADKb/kHq81HVgUM9CQj1Y6vOxaYdjjHtHSQHRYaGNO7s4Eq 8RgH+c0BW1UFNJ1P9c2kp3wjnj/roTgr5QWr4l38WW7JVhSCDy+D2rgpO+oHxORqivum VoCU2M0SakkiBfCZmtoRCSRAtmhA5i/k9+h1fXu6TIxT3jfnSz7Rcy5jiOqk7WQrlvhv OGAQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=gPJGUIQkMXS0U+Whq6N/un2G/PZOW1j353Qh6ZDCpo0=; fh=D1drUkjhd6cQ461FGcgjExl1O+jZ7EhaGJAtOyxVAPQ=; b=LUHOTKLdmF4hxgcfZ5c4PkZ2XynqQBf1mgkyM4q2V8VEdT5298rQEIefTimCbkyPrI OkcnzDyUjeTkI5L96+qRLjLvAxsUvb4bxLjAeWeI7INzuba+06MS2/UPotB72uNlF8L+ 1fKq09FBAtnXxvn1AgBQHOzK1/hSP1aUPjEOAAxuYxKb/2oUWCy9Hj37zjGn8YF2cRQp 2GLAOb0YdgC1IFLzKX2CF8CkigWG9x8WkYdyGTUUSI4EXVWTXhEmVF8NIMN9/IV2Ro6F xriIYDeiX+vCXIbK2vmosISwHBBuIwV1EUQ7eEGL0xeQDfAo1HiIM63tdHYcbgfq/h8c TCoA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=O8tIr7YP; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-143176-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143176-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id z8-20020a170906714800b00a46b2c3db39si1946990ejj.923.2024.04.12.11.10.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 11:10:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-143176-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=O8tIr7YP; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-143176-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143176-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E84981F21CE7 for ; Fri, 12 Apr 2024 18:10:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5695F14EC48; Fri, 12 Apr 2024 18:10:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="O8tIr7YP" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71D1114E2ED for ; Fri, 12 Apr 2024 18:10:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712945439; cv=none; b=joyN5Vc5/8pyGyvP79GpxvCJagJs3mYfIwBbMltYJ9Ff8teeAiueJceRDxNE4fTlQJyufAxHCGq9++Qc0cikUPw10S1/92R1LRJxyamz3wJU34b1nkuzdeXM1Ie9O3yOvNOrMyj2ba5SqcEGbYg2w+BWAfr2HnnkzrrNgGBGiW4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712945439; c=relaxed/simple; bh=OVzb40MuAf19OLIDKMX2DbaQqyFY7kzh0AQPb96onAk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=QntMOGjrppEn1BcajL3/BQjPZpB+6x7PFYcI4jM8bxQxATd6sfgq8F7er9W0SnYIHwGT8iXv9INKx3CsAmqBTW3mf0J4aV/yR/byqbucPl+BHWPy0nqpMz5Evi8P7h2a7aHlvt/dEMFZ2TXdCy/PNwoZzQLXCUmK55xS7f/tQYM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=O8tIr7YP; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56D00C113CC; Fri, 12 Apr 2024 18:10:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712945439; bh=OVzb40MuAf19OLIDKMX2DbaQqyFY7kzh0AQPb96onAk=; h=From:To:Cc:Subject:Date:From; b=O8tIr7YPF8a9IwVX1NB0QZGx/kqwLhiYVOOcg2emiECUjM2qdWj1EQTtGBX+o4eES xYRp5Gcz7OUOvEUT0t4a9nHlJZJB83+RejkhxEkeJAy+w77RI3Nr1PIYo12hX8KBOT BY1gkplUC91nC9tA6vJFsUZWQdNQxt3B9nchgBnxssdvFMzZzHVvy5xcCwkUk6EDOv wVle4eD9JsCz9LZduNzQoSCzjC+DzX+pigigCbVYCch86uxra1SHRrR1u53wexKqS+ uV/CUuTPl5b8oT3T1DRYPVW5dnHNgFe4192JM5+l3BjFBb/o9wwuzP4OGv+y44/5Ko LHYQ9s8LREOkA== From: Josh Poimboeuf To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Pawan Gupta , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Andrew Cooper , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov , Ingo Molnar Subject: [PATCH 0/3] x86/bugs: BHI fixes / improvements - round 2 Date: Fri, 12 Apr 2024 11:10:31 -0700 Message-ID: X-Mailer: git-send-email 2.44.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit BHI fixes round 2: - An updated version of "Only harden syscalls when needed" with review comments addressed - A BHI retpoline check fix - Remove the obsolete LFENCE "retpolines" Josh Poimboeuf (3): x86/bugs: Only harden syscalls when needed x86/bugs: Fix BHI retpoline check x86/bugs: Remove support for Spectre v2 LFENCE "retpolines" arch/x86/Makefile | 1 - arch/x86/entry/common.c | 15 +++- arch/x86/entry/syscall_32.c | 11 +-- arch/x86/entry/syscall_64.c | 6 -- arch/x86/entry/syscall_x32.c | 7 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/nospec-branch.h | 18 +--- arch/x86/include/asm/syscall.h | 8 +- arch/x86/kernel/alternative.c | 17 +--- arch/x86/kernel/cpu/bugs.c | 88 +++++++------------ arch/x86/kernel/cpu/cpu.h | 3 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/net/bpf_jit_comp.c | 5 +- tools/arch/x86/include/asm/cpufeatures.h | 1 - .../arch/x86/include/asm/disabled-features.h | 3 +- 16 files changed, 69 insertions(+), 124 deletions(-) -- 2.44.0