On 8/7/18 6:49 AM, Greg KH wrote: > On Fri, Aug 03, 2018 at 04:20:31PM -0700, Srivatsa S. Bhat wrote: >> On 8/2/18 3:22 PM, Kees Cook wrote: >>> On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat >>> wrote: >>>> On 7/26/18 4:09 PM, Kees Cook wrote: >>>>> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina wrote: >>>>>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>>>>> >>>>>>> However, if you are proposing that you'd like to contribute the enhanced >>>>>>> PTI/Spectre (upstream) patches from the SLES 4.4 tree to 4.4 stable, and >>>>>>> have them merged instead of this patch series, then I would certainly >>>>>>> welcome it! >>>>>> >>>>>> I'd in principle love us to push everything back to 4.4, but there are a >>>>>> few reasons (*) why that's not happening shortly. >>>>>> >>>>>> Anyway, to point out explicitly what's really needed for those folks >>>>>> running 4.4-stable and relying on PTI providing The Real Thing(TM), it's >>>>>> either a 4.4-stable port of >>>>>> >>>>>> http://kernel.suse.com/cgit/kernel-source/plain/patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack.patch?id=3428a77b02b1ba03e45d8fc352ec350429f57fc7 >>>>>> >>>>>> or making THREADINFO_GFP imply __GFP_ZERO. >>>>> >>>>> This is true in Linus's tree now. Should be trivial to backport: >>>>> https://git.kernel.org/linus/e01e80634ecdd >>>>> >>>> >>>> Hi Jiri, Kees, >>>> >>>> Thank you for suggesting the patch! I have attached the (locally >>>> tested) 4.4 and 4.9 backports of that patch with this mail. (The >>>> mainline commit applies cleanly on 4.14). >>>> >>>> Greg, could you please consider including them in stable 4.4, 4.9 >>>> and 4.14? >>> >>> I don't think your v4.9 is sufficient: it leaves the vmapped stack >>> uncleared. v4.9 needs ca182551857 ("kmemleak: clear stale pointers >>> from task stacks") included in the backport (really, just adding the >>> memset()). >>> >> >> Ah, I see, thank you! I have attached the updated patchset for 4.9 >> with this mail. >> >>> Otherwise, yup, looks good. >>> >> Thank you for reviewing the patches! >> >> Regards, >> Srivatsa >> VMware Photon OS > > These work for 4.9, do you also have a set for 4.4? > Thank you for considering these patches for 4.9! The (single) patch for 4.4 did not need any more changes, and hence is the same as the one I attached in my previous mail. I'll attach it again here for your reference. Also, upstream commit e01e80634ecdde1 (fork: unconditionally clear stack on fork) applies cleanly on 4.14 stable, so it would be great to cherry-pick it to 4.14 stable as well. Thank you! Regards, Srivatsa VMware Photon OS