]> git.proxmox.com Git - pve-kernel.git/commit
projects / pve-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 59d5af6) | patch
KPTI/Spectre: add more fixes
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Mon, 15 Jan 2018 11:34:50 +0000 (12:34 +0100)
committerFabian Grünbichler <f.gruenbichler@proxmox.com>
Mon, 15 Jan 2018 11:34:50 +0000 (12:34 +0100)
commit035dbe6708606578b2b3fc669423c0f1cea61e66
treeb2c6fb0f4bb22b349344e6ab7f9556683edeaf38tree
parent59d5af6732f32e3029ba715c0c230bdb1befa8dacommit | diff
KPTI/Spectre: add more fixes

* initial IBRS/IBPB/SPEC_CTRL support
* regression fixes for KPTI
* additional hardening against Spectre

based on Ubuntu-4.13.0-29.32 and mainline 4.14
59 files changed:
patches/kernel/0243-x86-pti-Make-sure-the-user-kernel-PTEs-match.patch [new file with mode: 0644] blob
patches/kernel/0244-x86-dumpstack-Fix-partial-register-dumps.patch [new file with mode: 0644] blob
patches/kernel/0245-x86-dumpstack-Print-registers-for-first-stack-frame.patch [new file with mode: 0644] blob
patches/kernel/0246-x86-process-Define-cpu_tss_rw-in-same-section-as-dec.patch [new file with mode: 0644] blob
patches/kernel/0247-x86-pti-Rename-BUG_CPU_INSECURE-to-BUG_CPU_MELTDOWN.patch [new file with mode: 0644] blob
patches/kernel/0248-x86-pti-Unbreak-EFI-old_memmap.patch [new file with mode: 0644] blob
patches/kernel/0249-x86-Documentation-Add-PTI-description.patch [new file with mode: 0644] blob
patches/kernel/0250-x86-cpufeatures-Add-X86_BUG_SPECTRE_V-12.patch [new file with mode: 0644] blob
patches/kernel/0251-x86-tboot-Unbreak-tboot-with-PTI-enabled.patch [new file with mode: 0644] blob
patches/kernel/0252-x86-mm-pti-Remove-dead-logic-in-pti_user_pagetable_w.patch [new file with mode: 0644] blob
patches/kernel/0253-x86-cpu-AMD-Make-LFENCE-a-serializing-instruction.patch [new file with mode: 0644] blob
patches/kernel/0254-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to-MFENCE.patch [new file with mode: 0644] blob
patches/kernel/0255-x86-alternatives-Fix-optimize_nops-checking.patch [new file with mode: 0644] blob
patches/kernel/0256-x86-pti-Make-unpoison-of-pgd-for-trusted-boot-work-f.patch [new file with mode: 0644] blob
patches/kernel/0257-locking-barriers-introduce-new-memory-barrier-gmb.patch [new file with mode: 0644] blob
patches/kernel/0258-bpf-prevent-speculative-execution-in-eBPF-interprete.patch [new file with mode: 0644] blob
patches/kernel/0259-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch [new file with mode: 0644] blob
patches/kernel/0260-uvcvideo-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0261-carl9170-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0262-p54-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0263-qla2xxx-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0264-cw1200-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0265-Thermal-int340x-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0266-userns-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0267-ipv6-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0268-fs-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0269-net-mpls-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0270-udf-prevent-speculative-execution.patch [new file with mode: 0644] blob
patches/kernel/0271-x86-feature-Enable-the-x86-feature-to-control-Specul.patch [new file with mode: 0644] blob
patches/kernel/0272-x86-feature-Report-presence-of-IBPB-and-IBRS-control.patch [new file with mode: 0644] blob
patches/kernel/0273-x86-enter-MACROS-to-set-clear-IBRS-and-set-IBPB.patch [new file with mode: 0644] blob
patches/kernel/0274-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch [new file with mode: 0644] blob
patches/kernel/0275-x86-idle-Disable-IBRS-entering-idle-and-enable-it-on.patch [new file with mode: 0644] blob
patches/kernel/0276-x86-idle-Disable-IBRS-when-offlining-cpu-and-re-enab.patch [new file with mode: 0644] blob
patches/kernel/0277-x86-mm-Set-IBPB-upon-context-switch.patch [new file with mode: 0644] blob
patches/kernel/0278-x86-mm-Only-set-IBPB-when-the-new-thread-cannot-ptra.patch [new file with mode: 0644] blob
patches/kernel/0279-x86-entry-Stuff-RSB-for-entry-to-kernel-for-non-SMEP.patch [new file with mode: 0644] blob
patches/kernel/0280-x86-kvm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch [new file with mode: 0644] blob
patches/kernel/0281-x86-kvm-Set-IBPB-when-switching-VM.patch [new file with mode: 0644] blob
patches/kernel/0282-x86-kvm-Toggle-IBRS-on-VM-entry-and-exit.patch [new file with mode: 0644] blob
patches/kernel/0283-x86-kvm-Pad-RSB-on-VM-transition.patch [new file with mode: 0644] blob
patches/kernel/0284-x86-spec_ctrl-Add-sysctl-knobs-to-enable-disable-SPE.patch [new file with mode: 0644] blob
patches/kernel/0285-x86-spec_ctrl-Add-lock-to-serialize-changes-to-ibrs-.patch [new file with mode: 0644] blob
patches/kernel/0286-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch [new file with mode: 0644] blob
patches/kernel/0287-x86-syscall-Clear-unused-extra-registers-on-32-bit-c.patch [new file with mode: 0644] blob
patches/kernel/0288-x86-entry-Use-retpoline-for-syscall-s-indirect-calls.patch [new file with mode: 0644] blob
patches/kernel/0289-x86-cpu-AMD-Add-speculative-control-support-for-AMD.patch [new file with mode: 0644] blob
patches/kernel/0290-x86-microcode-Extend-post-microcode-reload-to-suppor.patch [new file with mode: 0644] blob
patches/kernel/0291-KVM-SVM-Do-not-intercept-new-speculative-control-MSR.patch [new file with mode: 0644] blob
patches/kernel/0292-x86-svm-Set-IBRS-value-on-VM-entry-and-exit.patch [new file with mode: 0644] blob
patches/kernel/0293-x86-svm-Set-IBPB-when-running-a-different-VCPU.patch [new file with mode: 0644] blob
patches/kernel/0294-KVM-x86-Add-speculative-control-CPUID-support-for-gu.patch [new file with mode: 0644] blob
patches/kernel/0295-x86-svm-Add-code-to-clobber-the-RSB-on-VM-exit.patch [new file with mode: 0644] blob
patches/kernel/0296-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch [new file with mode: 0644] blob
patches/kernel/0297-UBUNTU-SAUCE-x86-kvm-Fix-stuff_RSB-for-32-bit.patch [new file with mode: 0644] blob
patches/kernel/0298-x86-pti-Enable-PTI-by-default.patch [new file with mode: 0644] blob
patches/kernel/0299-KVM-x86-Add-memory-barrier-on-vmcs-field-lookup.patch [new file with mode: 0644] blob
patches/kernel/0300-x86-tboot-Unbreak-tboot-with-PTI-enabled.patch [new file with mode: 0644] blob
patches/kernel/0301-x86-perf-Disable-intel_bts-when-PTI.patch [new file with mode: 0644] blob
Linux Kernel for Proxmox projects