Loading Documentation/admin-guide/hw-vuln/mds.rst +5 −2 Original line number Diff line number Diff line Loading @@ -265,8 +265,11 @@ time with the option "mds=". The valid arguments for this option are: ============ ============================================================= Not specifying this option is equivalent to "mds=full". Not specifying this option is equivalent to "mds=full". For processors that are affected by both TAA (TSX Asynchronous Abort) and MDS, specifying just "mds=off" without an accompanying "tsx_async_abort=off" will have no effect as the same mitigation is used for both vulnerabilities. Mitigation selection guide -------------------------- Loading Documentation/admin-guide/hw-vuln/tsx_async_abort.rst +4 −1 Original line number Diff line number Diff line Loading @@ -174,7 +174,10 @@ the option "tsx_async_abort=". The valid arguments for this option are: CPU is not vulnerable to cross-thread TAA attacks. ============ ============================================================= Not specifying this option is equivalent to "tsx_async_abort=full". Not specifying this option is equivalent to "tsx_async_abort=full". For processors that are affected by both TAA and MDS, specifying just "tsx_async_abort=off" without an accompanying "mds=off" will have no effect as the same mitigation is used for both vulnerabilities. The kernel command line also allows to control the TSX feature using the parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used Loading Documentation/admin-guide/kernel-parameters.txt +23 −10 Original line number Diff line number Diff line Loading @@ -2477,6 +2477,12 @@ SMT on vulnerable CPUs off - Unconditionally disable MDS mitigation On TAA-affected machines, mds=off can be prevented by an active TAA mitigation as both vulnerabilities are mitigated with the same mechanism so in order to disable this mitigation, you need to specify tsx_async_abort=off too. Not specifying this option is equivalent to mds=full. Loading Loading @@ -4941,6 +4947,11 @@ vulnerable to cross-thread TAA attacks. off - Unconditionally disable TAA mitigation On MDS-affected machines, tsx_async_abort=off can be prevented by an active MDS mitigation as both vulnerabilities are mitigated with the same mechanism so in order to disable this mitigation, you need to specify mds=off too. Not specifying this option is equivalent to tsx_async_abort=full. On CPUs which are MDS affected and deploy MDS mitigation, TAA mitigation is not Loading Loading @@ -5100,13 +5111,13 @@ Flags is a set of characters, each corresponding to a common usb-storage quirk flag as follows: a = SANE_SENSE (collect more than 18 bytes of sense data); of sense data, not on uas); b = BAD_SENSE (don't collect more than 18 bytes of sense data); bytes of sense data, not on uas); c = FIX_CAPACITY (decrease the reported device capacity by one sector); d = NO_READ_DISC_INFO (don't use READ_DISC_INFO command); READ_DISC_INFO command, not on uas); e = NO_READ_CAPACITY_16 (don't use READ_CAPACITY_16 command); f = NO_REPORT_OPCODES (don't use report opcodes Loading @@ -5121,17 +5132,18 @@ j = NO_REPORT_LUNS (don't use report luns command, uas only); l = NOT_LOCKABLE (don't try to lock and unlock ejectable media); unlock ejectable media, not on uas); m = MAX_SECTORS_64 (don't transfer more than 64 sectors = 32 KB at a time); than 64 sectors = 32 KB at a time, not on uas); n = INITIAL_READ10 (force a retry of the initial READ(10) command); initial READ(10) command, not on uas); o = CAPACITY_OK (accept the capacity reported by the device); reported by the device, not on uas); p = WRITE_CACHE (the device cache is ON by default); by default, not on uas); r = IGNORE_RESIDUE (the device reports bogus residue values); bogus residue values, not on uas); s = SINGLE_LUN (the device has only one Logical Unit); t = NO_ATA_1X (don't allow ATA(12) and ATA(16) Loading @@ -5140,7 +5152,8 @@ w = NO_WP_DETECT (don't test whether the medium is write-protected). y = ALWAYS_SYNC (issue a SYNCHRONIZE_CACHE even if the device claims no cache) even if the device claims no cache, not on uas) Example: quirks=0419:aaf5:rl,0421:0433:rc user_debug= [KNL,ARM] Loading Documentation/networking/ip-sysctl.txt +13 −0 Original line number Diff line number Diff line Loading @@ -939,6 +939,19 @@ ip_local_reserved_ports - list of comma separated ranges Default: Empty ip_local_unbindable_ports - list of comma separated ranges Specify the ports which are not directly bind()able. Usually you would use this to block the use of ports which are invalid due to something outside of the control of the kernel. For example a port stolen by the nic for serial console, remote power management or debugging. There's a relatively high chance you will also want to list these ports in 'ip_local_reserved_ports' to prevent autobinding. Default: Empty ip_unprivileged_port_start - INTEGER This is a per-namespace sysctl. It defines the first unprivileged port in the network namespace. Privileged ports Loading Makefile +62 −2 Original line number Diff line number Diff line # SPDX-License-Identifier: GPL-2.0 VERSION = 5 PATCHLEVEL = 4 SUBLEVEL = 0 SUBLEVEL = 5 EXTRAVERSION = NAME = Kleptomaniac Octopus Loading Loading @@ -662,6 +662,16 @@ RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc export RETPOLINE_CFLAGS export RETPOLINE_VDSO_CFLAGS # Make toolchain changes before including arch/$(SRCARCH)/Makefile to ensure # ar/cc/ld-* macros return correct values. ifdef CONFIG_LTO_CLANG # LTO produces LLVM IR instead of object files. Use llvm-ar and llvm-nm, so we # can process these. AR := llvm-ar LLVM_NM := llvm-nm export LLVM_NM endif include arch/$(SRCARCH)/Makefile ifdef need-config Loading Loading @@ -860,6 +870,55 @@ ifdef CONFIG_LIVEPATCH KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone) endif ifdef CONFIG_SHADOW_CALL_STACK CC_FLAGS_SCS := -fsanitize=shadow-call-stack KBUILD_CFLAGS += $(CC_FLAGS_SCS) export CC_FLAGS_SCS endif ifdef CONFIG_LTO_CLANG ifdef CONFIG_THINLTO CC_FLAGS_LTO_CLANG := -flto=thin $(call cc-option, -fsplit-lto-unit) KBUILD_LDFLAGS += --thinlto-cache-dir=.thinlto-cache else CC_FLAGS_LTO_CLANG := -flto endif CC_FLAGS_LTO_CLANG += -fvisibility=default # Limit inlining across translation units to reduce binary size LD_FLAGS_LTO_CLANG := -mllvm -import-instr-limit=5 KBUILD_LDFLAGS += $(LD_FLAGS_LTO_CLANG) KBUILD_LDFLAGS_MODULE += $(LD_FLAGS_LTO_CLANG) KBUILD_LDS_MODULE += $(srctree)/scripts/module-lto.lds endif ifdef CONFIG_LTO CC_FLAGS_LTO := $(CC_FLAGS_LTO_CLANG) KBUILD_CFLAGS += $(CC_FLAGS_LTO) export CC_FLAGS_LTO endif ifdef CONFIG_CFI_CLANG CC_FLAGS_CFI := -fsanitize=cfi \ -fno-sanitize-cfi-canonical-jump-tables ifdef CONFIG_MODULES CC_FLAGS_CFI += -fsanitize-cfi-cross-dso endif ifdef CONFIG_CFI_PERMISSIVE CC_FLAGS_CFI += -fsanitize-recover=cfi \ -fno-sanitize-trap=cfi endif # If LTO flags are filtered out, we must also filter out CFI. CC_FLAGS_LTO += $(CC_FLAGS_CFI) KBUILD_CFLAGS += $(CC_FLAGS_CFI) export CC_FLAGS_CFI endif # arch Makefile may override CC so keep this after arch Makefile is included NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) Loading Loading @@ -1695,7 +1754,8 @@ clean: $(clean-dirs) -o -name modules.builtin -o -name '.tmp_*.o.*' \ -o -name '*.c.[012]*.*' \ -o -name '*.ll' \ -o -name '*.gcno' \) -type f -print | xargs rm -f -o -name '*.gcno' \ -o -name '*.*.symversions' \) -type f -print | xargs rm -f # Generate tags for editors # --------------------------------------------------------------------------- Loading Loading
Documentation/admin-guide/hw-vuln/mds.rst +5 −2 Original line number Diff line number Diff line Loading @@ -265,8 +265,11 @@ time with the option "mds=". The valid arguments for this option are: ============ ============================================================= Not specifying this option is equivalent to "mds=full". Not specifying this option is equivalent to "mds=full". For processors that are affected by both TAA (TSX Asynchronous Abort) and MDS, specifying just "mds=off" without an accompanying "tsx_async_abort=off" will have no effect as the same mitigation is used for both vulnerabilities. Mitigation selection guide -------------------------- Loading
Documentation/admin-guide/hw-vuln/tsx_async_abort.rst +4 −1 Original line number Diff line number Diff line Loading @@ -174,7 +174,10 @@ the option "tsx_async_abort=". The valid arguments for this option are: CPU is not vulnerable to cross-thread TAA attacks. ============ ============================================================= Not specifying this option is equivalent to "tsx_async_abort=full". Not specifying this option is equivalent to "tsx_async_abort=full". For processors that are affected by both TAA and MDS, specifying just "tsx_async_abort=off" without an accompanying "mds=off" will have no effect as the same mitigation is used for both vulnerabilities. The kernel command line also allows to control the TSX feature using the parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used Loading
Documentation/admin-guide/kernel-parameters.txt +23 −10 Original line number Diff line number Diff line Loading @@ -2477,6 +2477,12 @@ SMT on vulnerable CPUs off - Unconditionally disable MDS mitigation On TAA-affected machines, mds=off can be prevented by an active TAA mitigation as both vulnerabilities are mitigated with the same mechanism so in order to disable this mitigation, you need to specify tsx_async_abort=off too. Not specifying this option is equivalent to mds=full. Loading Loading @@ -4941,6 +4947,11 @@ vulnerable to cross-thread TAA attacks. off - Unconditionally disable TAA mitigation On MDS-affected machines, tsx_async_abort=off can be prevented by an active MDS mitigation as both vulnerabilities are mitigated with the same mechanism so in order to disable this mitigation, you need to specify mds=off too. Not specifying this option is equivalent to tsx_async_abort=full. On CPUs which are MDS affected and deploy MDS mitigation, TAA mitigation is not Loading Loading @@ -5100,13 +5111,13 @@ Flags is a set of characters, each corresponding to a common usb-storage quirk flag as follows: a = SANE_SENSE (collect more than 18 bytes of sense data); of sense data, not on uas); b = BAD_SENSE (don't collect more than 18 bytes of sense data); bytes of sense data, not on uas); c = FIX_CAPACITY (decrease the reported device capacity by one sector); d = NO_READ_DISC_INFO (don't use READ_DISC_INFO command); READ_DISC_INFO command, not on uas); e = NO_READ_CAPACITY_16 (don't use READ_CAPACITY_16 command); f = NO_REPORT_OPCODES (don't use report opcodes Loading @@ -5121,17 +5132,18 @@ j = NO_REPORT_LUNS (don't use report luns command, uas only); l = NOT_LOCKABLE (don't try to lock and unlock ejectable media); unlock ejectable media, not on uas); m = MAX_SECTORS_64 (don't transfer more than 64 sectors = 32 KB at a time); than 64 sectors = 32 KB at a time, not on uas); n = INITIAL_READ10 (force a retry of the initial READ(10) command); initial READ(10) command, not on uas); o = CAPACITY_OK (accept the capacity reported by the device); reported by the device, not on uas); p = WRITE_CACHE (the device cache is ON by default); by default, not on uas); r = IGNORE_RESIDUE (the device reports bogus residue values); bogus residue values, not on uas); s = SINGLE_LUN (the device has only one Logical Unit); t = NO_ATA_1X (don't allow ATA(12) and ATA(16) Loading @@ -5140,7 +5152,8 @@ w = NO_WP_DETECT (don't test whether the medium is write-protected). y = ALWAYS_SYNC (issue a SYNCHRONIZE_CACHE even if the device claims no cache) even if the device claims no cache, not on uas) Example: quirks=0419:aaf5:rl,0421:0433:rc user_debug= [KNL,ARM] Loading
Documentation/networking/ip-sysctl.txt +13 −0 Original line number Diff line number Diff line Loading @@ -939,6 +939,19 @@ ip_local_reserved_ports - list of comma separated ranges Default: Empty ip_local_unbindable_ports - list of comma separated ranges Specify the ports which are not directly bind()able. Usually you would use this to block the use of ports which are invalid due to something outside of the control of the kernel. For example a port stolen by the nic for serial console, remote power management or debugging. There's a relatively high chance you will also want to list these ports in 'ip_local_reserved_ports' to prevent autobinding. Default: Empty ip_unprivileged_port_start - INTEGER This is a per-namespace sysctl. It defines the first unprivileged port in the network namespace. Privileged ports Loading
Makefile +62 −2 Original line number Diff line number Diff line # SPDX-License-Identifier: GPL-2.0 VERSION = 5 PATCHLEVEL = 4 SUBLEVEL = 0 SUBLEVEL = 5 EXTRAVERSION = NAME = Kleptomaniac Octopus Loading Loading @@ -662,6 +662,16 @@ RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc export RETPOLINE_CFLAGS export RETPOLINE_VDSO_CFLAGS # Make toolchain changes before including arch/$(SRCARCH)/Makefile to ensure # ar/cc/ld-* macros return correct values. ifdef CONFIG_LTO_CLANG # LTO produces LLVM IR instead of object files. Use llvm-ar and llvm-nm, so we # can process these. AR := llvm-ar LLVM_NM := llvm-nm export LLVM_NM endif include arch/$(SRCARCH)/Makefile ifdef need-config Loading Loading @@ -860,6 +870,55 @@ ifdef CONFIG_LIVEPATCH KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone) endif ifdef CONFIG_SHADOW_CALL_STACK CC_FLAGS_SCS := -fsanitize=shadow-call-stack KBUILD_CFLAGS += $(CC_FLAGS_SCS) export CC_FLAGS_SCS endif ifdef CONFIG_LTO_CLANG ifdef CONFIG_THINLTO CC_FLAGS_LTO_CLANG := -flto=thin $(call cc-option, -fsplit-lto-unit) KBUILD_LDFLAGS += --thinlto-cache-dir=.thinlto-cache else CC_FLAGS_LTO_CLANG := -flto endif CC_FLAGS_LTO_CLANG += -fvisibility=default # Limit inlining across translation units to reduce binary size LD_FLAGS_LTO_CLANG := -mllvm -import-instr-limit=5 KBUILD_LDFLAGS += $(LD_FLAGS_LTO_CLANG) KBUILD_LDFLAGS_MODULE += $(LD_FLAGS_LTO_CLANG) KBUILD_LDS_MODULE += $(srctree)/scripts/module-lto.lds endif ifdef CONFIG_LTO CC_FLAGS_LTO := $(CC_FLAGS_LTO_CLANG) KBUILD_CFLAGS += $(CC_FLAGS_LTO) export CC_FLAGS_LTO endif ifdef CONFIG_CFI_CLANG CC_FLAGS_CFI := -fsanitize=cfi \ -fno-sanitize-cfi-canonical-jump-tables ifdef CONFIG_MODULES CC_FLAGS_CFI += -fsanitize-cfi-cross-dso endif ifdef CONFIG_CFI_PERMISSIVE CC_FLAGS_CFI += -fsanitize-recover=cfi \ -fno-sanitize-trap=cfi endif # If LTO flags are filtered out, we must also filter out CFI. CC_FLAGS_LTO += $(CC_FLAGS_CFI) KBUILD_CFLAGS += $(CC_FLAGS_CFI) export CC_FLAGS_CFI endif # arch Makefile may override CC so keep this after arch Makefile is included NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) Loading Loading @@ -1695,7 +1754,8 @@ clean: $(clean-dirs) -o -name modules.builtin -o -name '.tmp_*.o.*' \ -o -name '*.c.[012]*.*' \ -o -name '*.ll' \ -o -name '*.gcno' \) -type f -print | xargs rm -f -o -name '*.gcno' \ -o -name '*.*.symversions' \) -type f -print | xargs rm -f # Generate tags for editors # --------------------------------------------------------------------------- Loading
