MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,371,389 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
510603f504
Go to file
Pawan Gupta 510603f504 x86/vmscape: Add conditional IBPB mitigation 
Commit 2f8f173413f1cbf52660d04df92d0069c4306d25 upstream.

VMSCAPE is a vulnerability that exploits insufficient branch predictor
isolation between a guest and a userspace hypervisor (like QEMU). Existing
mitigations already protect kernel/KVM from a malicious guest. Userspace
can additionally be protected by flushing the branch predictors after a
VMexit.

Since it is the userspace that consumes the poisoned branch predictors,
conditionally issue an IBPB after a VMexit and before returning to
userspace. Workloads that frequently switch between hypervisor and
userspace will incur the most overhead from the new IBPB.

This new IBPB is not integrated with the existing IBPB sites. For
instance, a task can use the existing speculation control prctl() to
get an IBPB at context switch time. With this implementation, the
IBPB is doubled up: one at context switch and another before running
userspace.

The intent is to integrate and optimize these cases post-embargo.

[ dhansen: elaborate on suboptimal IBPB solution ]

Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-11 17:23:22 +02:00
arch x86/vmscape: Add conditional IBPB mitigation 2025-09-11 17:23:22 +02:00
block blk-zoned: Fix a lockdep complaint about recursive locking 2025-09-04 16:55:46 +02:00
certs
crypto crypto: acomp - Fix CFI failure due to type punning 2025-08-28 16:34:34 +02:00
Documentation Documentation/hw-vuln: Add VMSCAPE documentation 2025-09-11 17:23:21 +02:00
drivers Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" 2025-09-09 19:02:41 +02:00
fs cifs: prevent NULL pointer dereference in UTF16 conversion 2025-09-09 19:02:34 +02:00
include mm: introduce and use {pgd,p4d}_populate_kernel() 2025-09-09 19:02:30 +02:00
init io_uring: fix breakage in EXPERT menu 2025-08-15 16:38:23 +02:00
io_uring io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths 2025-09-04 16:55:43 +02:00
ipc - The 3 patch series "hung_task: extend blocking task stacktrace dump to 2025-05-31 19:12:53 -07:00
kernel audit: fix out-of-bounds read in audit_compare_dname_path() 2025-09-09 19:02:34 +02:00
lib lib/sbitmap: convert shallow_depth from one word to the whole sbitmap 2025-08-20 18:41:31 +02:00
LICENSES LICENSES: add CC0-1.0 license text 2025-05-21 14:54:17 +02:00
mm kunit: kasan_test: disable fortify string checker on kasan_strings() test 2025-09-09 19:02:30 +02:00
net batman-adv: fix OOB read/write in network-coding decode 2025-09-09 19:02:34 +02:00
rust rust: mm: mark VmaNew as transparent 2025-09-09 19:02:29 +02:00
samples samples/damon/mtier: support boot time enable setup 2025-08-20 18:41:35 +02:00
scripts rust: support Rust >= 1.91.0 target spec 2025-09-09 19:02:35 +02:00
security apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:34:16 +02:00
sound ALSA: hda: tas2781: reorder tas2563 calibration variables 2025-09-09 19:02:36 +02:00
tools tools: gpio: remove the include directory on make clean 2025-09-09 19:02:39 +02:00
usr usr/include: openrisc: don't HDRTEST bpf_perf_event.h 2025-05-12 15:03:17 +09:00
virt KVM: Allow CPU to reschedule while setting per-page memory attributes 2025-06-24 12:20:17 -07:00
.clang-format Linux 6.15-rc5 2025-05-06 16:39:25 +10:00
.clippy.toml rust: clean Rust 1.88.0's warning about clippy::disallowed_macros configuration 2025-05-07 00:11:47 +02:00
.cocciconfig
.editorconfig
.get_maintainer.ignore MAINTAINERS: Retire Ralf Baechle 2024-11-12 15:48:59 +01:00
.gitattributes
.gitignore gitignore: allow .pylintrc to be tracked 2025-08-15 16:39:03 +02:00
.mailmap 11 hotfixes. 9 are cc:stable and the remainder address post-6.15 issues 2025-07-24 19:13:30 -07:00
.pylintrc docs: add a .pylintrc file with sys path for docs scripts 2025-04-09 12:10:33 -06:00
.rustfmt.toml
COPYING
CREDITS mm: update MAINTAINERS entry for HMM 2025-07-19 19:26:16 -07:00
Kbuild drm: ensure drm headers are self-contained and pass kernel-doc 2025-02-12 10:44:43 +02:00
Kconfig io_uring: Rename KConfig to Kconfig 2025-02-19 14:53:27 -07:00
MAINTAINERS 11 hotfixes. 9 are cc:stable and the remainder address post-6.15 issues 2025-07-24 19:13:30 -07:00
Makefile Linux 6.16.6 2025-09-09 19:02:41 +02:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.