Changelog
linux (5.19~rc6-1~exp1) experimental; urgency=medium
* New upstream release candidate
[ Ben Hutchings ]
* [mips64el/mips64r2el] Fix package description
* [x86] Add mitigations for RETbleed on AMD/Hygon (CVE-2022-29900) and
Intel (CVE-2022-29901) processors:
- x86/kvm/vmx: Make noinstr clean
- x86/cpufeatures: Move RETPOLINE flags to word 11
- x86/retpoline: Cleanup some #ifdefery
- x86/retpoline: Swizzle retpoline thunk
- x86/retpoline: Use -mfunction-return
- x86: Undo return-thunk damage
- x86,objtool: Create .return_sites
- x86,static_call: Use alternative RET encoding
- x86/ftrace: Use alternative RET encoding
- x86/bpf: Use alternative RET encoding
- x86/kvm: Fix SETcc emulation for return thunks
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
- x86/sev: Avoid using __x86_return_thunk
- x86: Use return-thunk in asm code
- x86/entry: Avoid very early RET
- objtool: Treat .text.__x86.* as noinstr
- x86: Add magic AMD return-thunk
- x86/bugs: Report AMD retbleed vulnerability
- x86/bugs: Add AMD retbleed= boot parameter
- x86/bugs: Enable STIBP for JMP2RET
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
- x86/entry: Add kernel IBRS implementation
- x86/bugs: Optimize SPEC_CTRL MSR writes
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
- x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation()
- x86/bugs: Report Intel retbleed vulnerability
- intel_idle: Disable IBRS during long idle
- objtool: Update Retpoline validation
- x86/xen: Rename SYS* entry points
- x86/xen: Add UNTRAIN_RET
- x86/bugs: Add retbleed=ibpb
- x86/bugs: Do IBPB fallback check only once
- objtool: Add entry UNRET validation
- x86/cpu/amd: Add Spectral Chicken
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
- x86/speculation: Fix firmware entry SPEC_CTRL handling
- x86/speculation: Fix SPEC_CTRL write on SMT state change
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
- x86/speculation: Remove x86_spec_ctrl_mask
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
- KVM: VMX: Flatten __vmx_vcpu_run()
- KVM: VMX: Convert launched argument to flags
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
- KVM: VMX: Fix IBRS handling after vmexit
- x86/speculation: Fill RSB on vmexit for IBRS
- KVM: VMX: Prevent RSB underflow before vmenter
- x86/common: Stamp out the stepping madness
- x86/cpu/amd: Enumerate BTC_NO
- x86/retbleed: Add fine grained Kconfig knobs
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
- x86/kexec: Disable RET on kexec
- x86/speculation: Disable RRSBA behavior
- x86/static_call: Serialize __static_call_fixup() properly
* [amd64] Enable SLS mitigation
-- Ben Hutchings <email address hidden> Wed, 13 Jul 2022 01:20:17 +0200