* [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall
@ 2023-08-11 16:01 Stoiko Ivanov
2023-08-11 16:01 ` [pve-devel] [PATCH pve-kernel 2/2] d/rules: enable mitigation config-options Stoiko Ivanov
2023-08-11 16:04 ` [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall Stoiko Ivanov
0 siblings, 2 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2023-08-11 16:01 UTC (permalink / raw)
To: pve-devel
Changes taken from ubuntu's repository (at launchpad)
sending as individual cherry-picks, as we're currently based on our
own tag.
Split into 2 patches as applying the patches happens after we copy the
source (and remove debian/ubuntu specific folders)
The resulting build should in all cases be tested on an affected machine too!
Stoiko Ivanov (2):
add fixes for downfall
d/rules: enable mitigation config-options
debian/rules | 4 +-
...-init-Provide-arch_cpu_finalize_init.patch | 85 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 235 +++++++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 82 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 89 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 108 ++++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 217 +++++++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 75 +++
...022-init-Remove-check_bugs-leftovers.patch | 172 +++++
...nvoke-arch_cpu_finalize_init-earlier.patch | 64 ++
...m_encrypt_init-into-arch_cpu_finaliz.patch | 121 ++++
...it-Initialize-signal-frame-size-late.patch | 81 +++
...cpuinfo-argument-from-init-functions.patch | 76 +++
...7-x86-fpu-Mark-init-functions-__init.patch | 44 ++
...-initialization-into-arch_cpu_finali.patch | 80 +++
...-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch | 69 ++
...ondary-processors-FPU-initialization.patch | 42 ++
...-Add-Gather-Data-Sampling-mitigation.patch | 595 ++++++++++++++++++
...n-Add-force-option-to-GDS-mitigation.patch | 172 +++++
...eculation-Add-Kconfig-option-for-GDS.patch | 75 +++
.../0034-KVM-Add-GDS_NO-support-to-KVM.patch | 85 +++
...6-Fix-backwards-on-off-logic-about-Y.patch | 38 ++
24 files changed, 2768 insertions(+), 1 deletion(-)
create mode 100644 patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0022-init-Remove-check_bugs-leftovers.patch
create mode 100644 patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch
create mode 100644 patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch
create mode 100644 patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch
create mode 100644 patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch
create mode 100644 patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch
create mode 100644 patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch
create mode 100644 patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch
create mode 100644 patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch
create mode 100644 patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch
create mode 100644 patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch
create mode 100644 patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch
create mode 100644 patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch
create mode 100644 patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH pve-kernel 2/2] d/rules: enable mitigation config-options
2023-08-11 16:01 [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall Stoiko Ivanov
@ 2023-08-11 16:01 ` Stoiko Ivanov
2023-08-11 16:04 ` [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall Stoiko Ivanov
1 sibling, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2023-08-11 16:01 UTC (permalink / raw)
To: pve-devel
CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and CONFIG_GDS_FORCE_MITIGATION
follows commit 3edbe24ed004516bd910f6e97fbd4b62cf589239
in ubuntu-upstream/master-next
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
debian/rules | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/rules b/debian/rules
index b4bfb5c14e20..9a26a0bf4317 100755
--- a/debian/rules
+++ b/debian/rules
@@ -96,7 +96,9 @@ PMX_CONFIG_OPTS= \
-e CONFIG_SECURITY_LOCKDOWN_LSM \
-e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
--set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
--e CONFIG_PAGE_TABLE_ISOLATION
+-e CONFIG_PAGE_TABLE_ISOLATION \
+-e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
+-e CONFIG_GDS_FORCE_MITIGATION
debian/control: $(wildcard debian/*.in)
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall
2023-08-11 16:01 [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall Stoiko Ivanov
2023-08-11 16:01 ` [pve-devel] [PATCH pve-kernel 2/2] d/rules: enable mitigation config-options Stoiko Ivanov
@ 2023-08-11 16:04 ` Stoiko Ivanov
1 sibling, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2023-08-11 16:04 UTC (permalink / raw)
To: pve-devel
On Fri, 11 Aug 2023 18:01:02 +0200
Stoiko Ivanov <s.ivanov@proxmox.com> wrote:
please ignore this - I accidentally sent a patch too many (which got
removed in the moderation queue)
the actual series is the next thread on the list
> Changes taken from ubuntu's repository (at launchpad)
> sending as individual cherry-picks, as we're currently based on our
> own tag.
>
> Split into 2 patches as applying the patches happens after we copy the
> source (and remove debian/ubuntu specific folders)
>
> The resulting build should in all cases be tested on an affected machine too!
>
> Stoiko Ivanov (2):
> add fixes for downfall
> d/rules: enable mitigation config-options
>
> debian/rules | 4 +-
> ...-init-Provide-arch_cpu_finalize_init.patch | 85 +++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 235 +++++++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 82 +++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 89 +++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 108 ++++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 217 +++++++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++
> ...cpu-Switch-to-arch_cpu_finalize_init.patch | 75 +++
> ...022-init-Remove-check_bugs-leftovers.patch | 172 +++++
> ...nvoke-arch_cpu_finalize_init-earlier.patch | 64 ++
> ...m_encrypt_init-into-arch_cpu_finaliz.patch | 121 ++++
> ...it-Initialize-signal-frame-size-late.patch | 81 +++
> ...cpuinfo-argument-from-init-functions.patch | 76 +++
> ...7-x86-fpu-Mark-init-functions-__init.patch | 44 ++
> ...-initialization-into-arch_cpu_finali.patch | 80 +++
> ...-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch | 69 ++
> ...ondary-processors-FPU-initialization.patch | 42 ++
> ...-Add-Gather-Data-Sampling-mitigation.patch | 595 ++++++++++++++++++
> ...n-Add-force-option-to-GDS-mitigation.patch | 172 +++++
> ...eculation-Add-Kconfig-option-for-GDS.patch | 75 +++
> .../0034-KVM-Add-GDS_NO-support-to-KVM.patch | 85 +++
> ...6-Fix-backwards-on-off-logic-about-Y.patch | 38 ++
> 24 files changed, 2768 insertions(+), 1 deletion(-)
> create mode 100644 patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch
> create mode 100644 patches/kernel/0022-init-Remove-check_bugs-leftovers.patch
> create mode 100644 patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch
> create mode 100644 patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch
> create mode 100644 patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch
> create mode 100644 patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch
> create mode 100644 patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch
> create mode 100644 patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch
> create mode 100644 patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch
> create mode 100644 patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch
> create mode 100644 patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch
> create mode 100644 patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch
> create mode 100644 patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch
> create mode 100644 patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch
> create mode 100644 patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall
@ 2023-08-11 16:02 Stoiko Ivanov
0 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2023-08-11 16:02 UTC (permalink / raw)
To: pve-devel
Changes taken from ubuntu's repository (at launchpad)
sending as individual cherry-picks, as we're currently based on our
own tag.
Split into 2 patches as applying the patches happens after we copy the
source (and remove debian/ubuntu specific folders)
The resulting build should in all cases be tested on an affected machine too!
Stoiko Ivanov (2):
add fixes for downfall
d/rules: enable mitigation config-options
debian/rules | 4 +-
...-init-Provide-arch_cpu_finalize_init.patch | 85 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 235 +++++++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 82 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 89 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 108 ++++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 217 +++++++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++
...cpu-Switch-to-arch_cpu_finalize_init.patch | 75 +++
...022-init-Remove-check_bugs-leftovers.patch | 172 +++++
...nvoke-arch_cpu_finalize_init-earlier.patch | 64 ++
...m_encrypt_init-into-arch_cpu_finaliz.patch | 121 ++++
...it-Initialize-signal-frame-size-late.patch | 81 +++
...cpuinfo-argument-from-init-functions.patch | 76 +++
...7-x86-fpu-Mark-init-functions-__init.patch | 44 ++
...-initialization-into-arch_cpu_finali.patch | 80 +++
...-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch | 69 ++
...ondary-processors-FPU-initialization.patch | 42 ++
...-Add-Gather-Data-Sampling-mitigation.patch | 595 ++++++++++++++++++
...n-Add-force-option-to-GDS-mitigation.patch | 172 +++++
...eculation-Add-Kconfig-option-for-GDS.patch | 75 +++
.../0034-KVM-Add-GDS_NO-support-to-KVM.patch | 85 +++
...6-Fix-backwards-on-off-logic-about-Y.patch | 38 ++
24 files changed, 2768 insertions(+), 1 deletion(-)
create mode 100644 patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch
create mode 100644 patches/kernel/0022-init-Remove-check_bugs-leftovers.patch
create mode 100644 patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch
create mode 100644 patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch
create mode 100644 patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch
create mode 100644 patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch
create mode 100644 patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch
create mode 100644 patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch
create mode 100644 patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch
create mode 100644 patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch
create mode 100644 patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch
create mode 100644 patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch
create mode 100644 patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch
create mode 100644 patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch
create mode 100644 patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-08-11 16:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-11 16:01 [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall Stoiko Ivanov
2023-08-11 16:01 ` [pve-devel] [PATCH pve-kernel 2/2] d/rules: enable mitigation config-options Stoiko Ivanov
2023-08-11 16:04 ` [pve-devel] [PATCH pve-kernel 0/2] cherry-picks and config-options for downfall Stoiko Ivanov
2023-08-11 16:02 Stoiko Ivanov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal