Re: Security fixes for 4.4

On Thu, Dec 13, 2018 at 06:51:19PM +0000, Ben Hutchings wrote:

I've backported a number of fixes for security issues affecting 4.4- stable.  All of these are already fixed in the newer stable branches.

For the BPF fix, I verified that the self-tests (taken from 4.14) didn't regress and temporarily added logging to check that the mitigation is applied when needed.

For the KVM changes, I verified that IBPB/IBRS are now exposed to and used by a guest on Intel hardware.

I also verified that the current self-tests for timers, usercopy and vm didn't regress.

Thanks a lot for these!

All now queued up.

greg k-h