-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Aug 2023 23:01:57 +0200 Source: linux Architecture: source Version: 6.1.38-3 Distribution: bookworm-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Changes: linux (6.1.38-3) bookworm-security; urgency=high . [ Salvatore Bonaccorso ] * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() - ia64/cpu: Switch to arch_cpu_finalize_init() - loongarch/cpu: Switch to arch_cpu_finalize_init() - m68k/cpu: Switch to arch_cpu_finalize_init() - mips/cpu: Switch to arch_cpu_finalize_init() - sh/cpu: Switch to arch_cpu_finalize_init() - sparc/cpu: Switch to arch_cpu_finalize_init() - um/cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init() earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() - x86/init: Initialize signal frame size late - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init functions __init - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build - x86/xen: Fix secondary processors' FPU initialization - x86/mm: fix poking_init() for Xen PV guests - x86/mm: Use mm_alloc() in poking_init() - mm: Move mm_cachep initialization to mm_init() - x86/mm: Initialize text poking earlier - Documentation/x86: Fix backwards on/off logic about YMM support * [x86] Add a Speculative RAS Overflow (SRSO) mitigation (CVE-2023-20569) - x86/bugs: Increase the x86 bugs vector size to two u32s - x86/srso: Add a Speculative RAS Overflow mitigation - x86/srso: Add IBPB_BRTYPE support - x86/srso: Add SRSO_NO support - x86/srso: Add IBPB - x86/srso: Add IBPB on VMEXIT - x86/srso: Fix return thunks in generated code - x86/srso: Add a forgotten NOENDBR annotation * Bump ABI to 11 . [ Ben Hutchings ] * [x86] Add missing pieces of SRSO mitigation: - x86/cpu, kvm: Add support for CPUID_80000021_EAX - x86/srso: Tie SBPB bit setting to microcode patch detection Checksums-Sha1: 623777e14a9efdeb52cae24fa81e3375b047110a 290924 linux_6.1.38-3.dsc b62f7e5f8b2b056eb67f1c03b685d2e7f14e0458 1518432 linux_6.1.38-3.debian.tar.xz b058ebee35ac3d067cae7102e20a6f4755a868cd 6830 linux_6.1.38-3_source.buildinfo Checksums-Sha256: 5842342b18d24a08c2bce4bd929a963c214b2b9b08619b375a19538f8480f3ba 290924 linux_6.1.38-3.dsc 6241f5204d60782054cce305e0686fe4c1018199b4ccf6b6d0b68253d1a36f8e 1518432 linux_6.1.38-3.debian.tar.xz b00a5281a2a91af98e696cca8a0c7d5ed22874df779b53f74b3c244e0f568451 6830 linux_6.1.38-3_source.buildinfo Files: 46f39dac226a3ac6c198a637407ddd3a 290924 kernel optional linux_6.1.38-3.dsc 04cfd2d07847ace6bea8bbdc7c4ad153 1518432 kernel optional linux_6.1.38-3.debian.tar.xz f96337fdb5ef76c3a56027933d0ec267 6830 kernel optional linux_6.1.38-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTRvphfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ef0AQAJUrP5FP2vuIvfFIIY5Q5NzX/uv5WBva vZuVJG0l9HirpcMXBPrEKmbIK2d8FwAFLTLJjObc25nQx/DRfg9yFwPsLOgodRZs UVvlcSITobMgs31ME6ZqsXjl0QUUWu0TDDihIUlMYw32ieUrQHYiuaR9lXGBo+Yu qQsfV2xIAzLCLApt2jMyR9TPLnHzXSIl+r9z4vYERCNvfEE9KNGUro9qW1wim0Xm Xnx/cWKdSq7jn0gE+b9wBnzVUMzAb680F0Z9ujPMpY32Y4VmTI+r2ubca8W3M3RT BuoUBvmIp0fj8N9G6vpkZDeSGVyhpPLzgob8N07+NOgUMxnWr8W7gEEGvcnVsfE7 TYjLzuM3B0PT4LlqAgfxz61GzBhRy8pvAAz8QDkB1EeRDnzuejCL9RZWKVbd4izc 3K1f32R3bDhcu3pgSs6+2wxLZRj7Q8kcag94cIxVfIJM3efZY0jUScJtwaOZSb47 EYJ8vFb7qj68Tqpk8Nouhkr6KgEB+t4F6RsC2TVLWzPVFvGt93D7PRJL0KeFbbPY lMGKr+UtsbNsaOZ6UeCU2ABFt73Jk5UkKbXtxlMJVgd3pcu4j7ChrosCWPJ529e1 BtJwuLlPbvmJA4hr4M72trCgS3BprP07HbxCxO6tCX0T+ZZHPu3u8cG5xbrqSRwp 0x7kI65evmfe =J8kE -----END PGP SIGNATURE-----