Commit ccdbf33c authored by Ingo Molnar's avatar Ingo Molnar
Browse files

Merge tag 'v5.17-rc8' into sched/core, to pick up fixes 



Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parents ccacfe56 09688c01

.mailmap

+6 −0
Original line number Diff line number Diff line
@@ -187,6 +187,8 @@ Jiri Slaby <jirislaby@kernel.org> <jslaby@novell.com> 
Jiri Slaby <jirislaby@kernel.org> <jslaby@suse.com>

Jiri Slaby <jirislaby@kernel.org> <jslaby@suse.cz>

Jiri Slaby <jirislaby@kernel.org> <xslaby@fi.muni.cz>

Jisheng Zhang <jszhang@kernel.org> <jszhang@marvell.com>

Jisheng Zhang <jszhang@kernel.org> <Jisheng.Zhang@synaptics.com>

Johan Hovold <johan@kernel.org> <jhovold@gmail.com>

Johan Hovold <johan@kernel.org> <johan@hovoldconsulting.com>

John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
@@ -216,6 +218,7 @@ Koushik <raghavendra.koushik@neterion.com> 
Krishna Manikandan <quic_mkrishn@quicinc.com> <mkrishn@codeaurora.org>

Krzysztof Kozlowski <krzk@kernel.org> <k.kozlowski.k@gmail.com>

Krzysztof Kozlowski <krzk@kernel.org> <k.kozlowski@samsung.com>

Krzysztof Kozlowski <krzk@kernel.org> <krzysztof.kozlowski@canonical.com>

Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>

Kuogee Hsieh <quic_khsieh@quicinc.com> <khsieh@codeaurora.org>

Leonardo Bras <leobras.c@gmail.com> <leonardo@linux.ibm.com>
@@ -333,6 +336,9 @@ Rémi Denis-Courmont <rdenis@simphalempin.com> 
Ricardo Ribalda <ribalda@kernel.org> <ricardo@ribalda.com>

Ricardo Ribalda <ribalda@kernel.org> Ricardo Ribalda Delgado <ribalda@kernel.org>

Ricardo Ribalda <ribalda@kernel.org> <ricardo.ribalda@gmail.com>

Roman Gushchin <roman.gushchin@linux.dev> <guro@fb.com>

Roman Gushchin <roman.gushchin@linux.dev> <guroan@gmail.com>

Roman Gushchin <roman.gushchin@linux.dev> <klamm@yandex-team.ru>

Ross Zwisler <zwisler@kernel.org> <ross.zwisler@linux.intel.com>

Rudolf Marek <R.Marek@sh.cvut.cz>

Rui Saraiva <rmps@joel.ist.utl.pt>

CREDITS

+6 −0
Original line number Diff line number Diff line
@@ -895,6 +895,12 @@ S: 3000 FORE Drive 
S: Warrendale, Pennsylvania 15086

S: USA



N: Ludovic Desroches

E: ludovic.desroches@microchip.com

D: Maintainer for ARM/Microchip (AT91) SoC support

D: Author of ADC, pinctrl, XDMA and SDHCI drivers for this platform

S: France



N: Martin Devera

E: devik@cdi.cz

W: http://luxik.cdi.cz/~devik/qos/

Documentation/admin-guide/hw-vuln/spectre.rst

+33 −17
Original line number Diff line number Diff line
@@ -60,8 +60,8 @@ privileged data touched during the speculative execution. 
Spectre variant 1 attacks take advantage of speculative execution of

conditional branches, while Spectre variant 2 attacks use speculative

execution of indirect branches to leak privileged memory.

See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[7] <spec_ref7>`

:ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.

See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[6] <spec_ref6>`

:ref:`[7] <spec_ref7>` :ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.



Spectre variant 1 (Bounds Check Bypass)

---------------------------------------
@@ -131,6 +131,19 @@ steer its indirect branch speculations to gadget code, and measure the 
speculative execution's side effects left in level 1 cache to infer the

victim's data.



Yet another variant 2 attack vector is for the attacker to poison the

Branch History Buffer (BHB) to speculatively steer an indirect branch

to a specific Branch Target Buffer (BTB) entry, even if the entry isn't

associated with the source address of the indirect branch. Specifically,

the BHB might be shared across privilege levels even in the presence of

Enhanced IBRS.



Currently the only known real-world BHB attack vector is via

unprivileged eBPF. Therefore, it's highly recommended to not enable

unprivileged eBPF, especially when eIBRS is used (without retpolines).

For a full mitigation against BHB attacks, it's recommended to use

retpolines (or eIBRS combined with retpolines).



Attack scenarios

----------------
@@ -364,13 +377,15 @@ The possible values in this file are: 


  - Kernel status:



  ====================================  =================================

  ========================================  =================================

  'Not affected'                            The processor is not vulnerable

  'Vulnerable'                          Vulnerable, no mitigation

  'Mitigation: Full generic retpoline'  Software-focused mitigation

  'Mitigation: Full AMD retpoline'      AMD-specific software mitigation

  'Mitigation: None'                        Vulnerable, no mitigation

  'Mitigation: Retpolines'                  Use Retpoline thunks

  'Mitigation: LFENCE'                      Use LFENCE instructions

  'Mitigation: Enhanced IBRS'               Hardware-focused mitigation

  ====================================  =================================

  'Mitigation: Enhanced IBRS + Retpolines'  Hardware-focused + Retpolines

  'Mitigation: Enhanced IBRS + LFENCE'      Hardware-focused + LFENCE

  ========================================  =================================



  - Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is

    used to protect against Spectre variant 2 attacks when calling firmware (x86 only).
@@ -583,12 +598,13 @@ kernel command line. 


		Specific mitigations can also be selected manually:



		retpoline

					replace indirect branches

		retpoline,generic

					google's original retpoline

		retpoline,amd

					AMD-specific minimal thunk

                retpoline               auto pick between generic,lfence

                retpoline,generic       Retpolines

                retpoline,lfence        LFENCE; indirect branch

                retpoline,amd           alias for retpoline,lfence

                eibrs                   enhanced IBRS

                eibrs,retpoline         enhanced IBRS + Retpolines

                eibrs,lfence            enhanced IBRS + LFENCE



		Not specifying this option is equivalent to

		spectre_v2=auto.
@@ -599,7 +615,7 @@ kernel command line. 
		spectre_v2=off. Spectre variant 1 mitigations

		cannot be disabled.



For spectre_v2_user see :doc:`/admin-guide/kernel-parameters`.

For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt



Mitigation selection guide

--------------------------
@@ -681,7 +697,7 @@ AMD white papers: 


.. _spec_ref6:



[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf>`_.

[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf>`_.



ARM white papers:

Documentation/admin-guide/kernel-parameters.txt

+6 −2
Original line number Diff line number Diff line
@@ -5361,8 +5361,12 @@ 
			Specific mitigations can also be selected manually:



			retpoline	  - replace indirect branches

			retpoline,generic - google's original retpoline

			retpoline,amd     - AMD-specific minimal thunk

			retpoline,generic - Retpolines

			retpoline,lfence  - LFENCE; indirect branch

			retpoline,amd     - alias for retpoline,lfence

			eibrs		  - enhanced IBRS

			eibrs,retpoline   - enhanced IBRS + Retpolines

			eibrs,lfence      - enhanced IBRS + LFENCE



			Not specifying this option is equivalent to

			spectre_v2=auto.

Documentation/admin-guide/mm/pagemap.rst

+1 −1
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ There are four components to pagemap: 
    * Bit  56    page exclusively mapped (since 4.2)

    * Bit  57    pte is uffd-wp write-protected (since 5.13) (see

      :ref:`Documentation/admin-guide/mm/userfaultfd.rst <userfaultfd>`)

    * Bits 57-60 zero

    * Bits 58-60 zero

    * Bit  61    page is file-page or shared-anon (since 3.5)

    * Bit  62    page swapped

    * Bit  63    page present