Re: [PATCH 5.5 000/176] 5.5.8-stable review

[Greg Kroah-Hartman]

On Wed, Mar 04, 2020 at 12:43:42PM +0530, Naresh Kamboju wrote:
> On Tue, 3 Mar 2020 at 23:16, Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > This is the start of the stable review cycle for the 5.5.8 release.
> > There are 176 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Thu, 05 Mar 2020 17:42:06 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> >         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.8-rc1.gz
> > or in the git tree and branch at:
> >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> >
> 
> Results from Linaroâs test farm.
> Regressions detected on x86_64 and i386.
> 
> Test failure output:
> CVE-2017-5715: VULN (IBRS+IBPB or retpoline+IBPB+RSB filling, is
> needed to mitigate the vulnerability)
> 
> Test description:
> CVE-2017-5715 branch target injection (Spectre Variant 2)
> 
> Impact: Kernel
> Mitigation 1: new opcode via microcode update that should be used by
> up to date compilers to protect the BTB (by flushing indirect branch
> predictors)
> Mitigation 2: introducing "retpoline" into compilers, and recompile
> software/OS with it
> Performance impact of the mitigation: high for mitigation 1, medium
> for mitigation 2, depending on your CPU

So these are regressions or just new tests?

If regressions, can you do 'git bisect' to find the offending commit?

Also, are you sure you have an updated microcode on these machines and a
proper compiler for retpoline?

thanks,

greg k-h