-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Aug 2023 23:01:57 +0200 Source: linux-signed-amd64 Architecture: source Version: 6.1.38+3 Distribution: bookworm-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Changes: linux-signed-amd64 (6.1.38+3) bookworm-security; urgency=high . * Sign kernel from linux 6.1.38-3 . [ Salvatore Bonaccorso ] * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() - ia64/cpu: Switch to arch_cpu_finalize_init() - loongarch/cpu: Switch to arch_cpu_finalize_init() - m68k/cpu: Switch to arch_cpu_finalize_init() - mips/cpu: Switch to arch_cpu_finalize_init() - sh/cpu: Switch to arch_cpu_finalize_init() - sparc/cpu: Switch to arch_cpu_finalize_init() - um/cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init() earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() - x86/init: Initialize signal frame size late - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init functions __init - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build - x86/xen: Fix secondary processors' FPU initialization - x86/mm: fix poking_init() for Xen PV guests - x86/mm: Use mm_alloc() in poking_init() - mm: Move mm_cachep initialization to mm_init() - x86/mm: Initialize text poking earlier - Documentation/x86: Fix backwards on/off logic about YMM support * [x86] Add a Speculative RAS Overflow (SRSO) mitigation (CVE-2023-20569) - x86/bugs: Increase the x86 bugs vector size to two u32s - x86/srso: Add a Speculative RAS Overflow mitigation - x86/srso: Add IBPB_BRTYPE support - x86/srso: Add SRSO_NO support - x86/srso: Add IBPB - x86/srso: Add IBPB on VMEXIT - x86/srso: Fix return thunks in generated code - x86/srso: Add a forgotten NOENDBR annotation * Bump ABI to 11 . [ Ben Hutchings ] * [x86] Add missing pieces of SRSO mitigation: - x86/cpu, kvm: Add support for CPUID_80000021_EAX - x86/srso: Tie SBPB bit setting to microcode patch detection Checksums-Sha1: 4db021dee395e986cfe7f79e6d383d84e85df64a 8482 linux-signed-amd64_6.1.38+3.dsc 44610c2d4af999fb8d5eeedfc8edd1b7aded89f6 3034864 linux-signed-amd64_6.1.38+3.tar.xz Checksums-Sha256: a8b4ce490dfadbf7ea8e3b5769e5a572a431fa48f172c817ed7b61108f4fe8c7 8482 linux-signed-amd64_6.1.38+3.dsc 885db6bbc334efea5de6ad5127b46defb67f36b3d13a5655912d8b2bfb4048f4 3034864 linux-signed-amd64_6.1.38+3.tar.xz Files: 3a15fb9b3170f5c343c5a60a649263f7 8482 kernel optional linux-signed-amd64_6.1.38+3.dsc 85a503efcaef9da292be2d82ff6ea836 3034864 kernel optional linux-signed-amd64_6.1.38+3.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmTSctkACgkQi0FRiLdO NzaDug//epooFsarxUTu5/uu34njaydmyFljVah+tBaCxhTlyTjeWnIIaKb39Qu7 KxJFr5/sJhIt4L1LhAivgZwaWX4x6ZgB8d7dsvMzYYnwFNorPVCBO0jZi5K1FwtC JYmGXctGzrwNx68EY1CVufoIR6UFGdPd5JviMDlEBspq/HQ2893WsjW0Ajmncz5A 1ZP4TiEzxTdgrZcQvF1nRWA/dMzL1rMXiU20s/g2+fNqi0Y37QiUyDS2dkL586E3 85lK703WROmO+tUSDHKX3/S1izjduyDzTrxlHUUYuT7ArqYEK64fx6YPltWnswn7 PuX4dQD7SDU/U7K9GBI5Oo0mtjXOohRz/+MqLiUaFaWvhkGlmQSdoIb5vcgLOGCT lnEup67RBVl7KfHBc+TnPTdZUHDCd+v487apbxAEW9k3aX+Xbhih1oVxf/FVDJFp dIkqFCUl0ZGBMDm/56D6kRpE/r4zI0Z5mcJTK3vF0IrEQoNyWaSkXtyb/G6gXoNL UtcxFNeIebJSs6WAmSqPx+Vyx59tP0+HLrHkqSpbbYMLTGycImBq9V6J1KpOQDkr 2j10wwOlm7k+RsIiC+/3rWxbxVdMgtH62o2Paa8m0m9AHvSGsJHpjdRbgojZhf08 2kxw4cljQrvLxWiAIYYRE0+nIXqy+ueudv2RRV7VaUk9sQS3Ghg= =Y2xl -----END PGP SIGNATURE-----