-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Jul 2022 01:20:17 +0200 Source: linux-signed-arm64 Architecture: source Version: 5.19~rc6+1~exp1 Distribution: experimental Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <benh@debian.org> Changes: linux-signed-arm64 (5.19~rc6+1~exp1) experimental; urgency=medium . * Sign kernel from linux 5.19~rc6-1~exp1 . * New upstream release candidate . [ Ben Hutchings ] * [mips64el/mips64r2el] Fix package description * [x86] Add mitigations for RETbleed on AMD/Hygon (CVE-2022-29900) and Intel (CVE-2022-29901) processors: - x86/kvm/vmx: Make noinstr clean - x86/cpufeatures: Move RETPOLINE flags to word 11 - x86/retpoline: Cleanup some #ifdefery - x86/retpoline: Swizzle retpoline thunk - x86/retpoline: Use -mfunction-return - x86: Undo return-thunk damage - x86,objtool: Create .return_sites - x86,static_call: Use alternative RET encoding - x86/ftrace: Use alternative RET encoding - x86/bpf: Use alternative RET encoding - x86/kvm: Fix SETcc emulation for return thunks - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation - x86/sev: Avoid using __x86_return_thunk - x86: Use return-thunk in asm code - x86/entry: Avoid very early RET - objtool: Treat .text.__x86.* as noinstr - x86: Add magic AMD return-thunk - x86/bugs: Report AMD retbleed vulnerability - x86/bugs: Add AMD retbleed= boot parameter - x86/bugs: Enable STIBP for JMP2RET - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value - x86/entry: Add kernel IBRS implementation - x86/bugs: Optimize SPEC_CTRL MSR writes - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() - x86/bugs: Report Intel retbleed vulnerability - intel_idle: Disable IBRS during long idle - objtool: Update Retpoline validation - x86/xen: Rename SYS* entry points - x86/xen: Add UNTRAIN_RET - x86/bugs: Add retbleed=ibpb - x86/bugs: Do IBPB fallback check only once - objtool: Add entry UNRET validation - x86/cpu/amd: Add Spectral Chicken - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n - x86/speculation: Fix firmware entry SPEC_CTRL handling - x86/speculation: Fix SPEC_CTRL write on SMT state change - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit - x86/speculation: Remove x86_spec_ctrl_mask - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} - KVM: VMX: Flatten __vmx_vcpu_run() - KVM: VMX: Convert launched argument to flags - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS - KVM: VMX: Fix IBRS handling after vmexit - x86/speculation: Fill RSB on vmexit for IBRS - KVM: VMX: Prevent RSB underflow before vmenter - x86/common: Stamp out the stepping madness - x86/cpu/amd: Enumerate BTC_NO - x86/retbleed: Add fine grained Kconfig knobs - x86/bugs: Add Cannon lake to RETBleed affected CPU list - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported - x86/kexec: Disable RET on kexec - x86/speculation: Disable RRSBA behavior - x86/static_call: Serialize __static_call_fixup() properly * [amd64] Enable SLS mitigation Checksums-Sha1: f6cfc0a660a0dc77d901eb5f04ea07f0e4f404d7 7472 linux-signed-arm64_5.19~rc6+1~exp1.dsc dc6490b4c5c40b93937a683137c7ae897f705b0e 2641996 linux-signed-arm64_5.19~rc6+1~exp1.tar.xz Checksums-Sha256: 70195ddec4c5c7748dfbd5d82e456734101fc67da4a93ceceaec08112016a07b 7472 linux-signed-arm64_5.19~rc6+1~exp1.dsc 36fafb8d1b35935ebbae6c1f8424ef6ec96a802f15b5235b17b68f634eac2e27 2641996 linux-signed-arm64_5.19~rc6+1~exp1.tar.xz Files: dfbd7dbcb81cc876650f767b30e1c0ff 7472 kernel optional linux-signed-arm64_5.19~rc6+1~exp1.dsc eed4f4b6057eb101605c7cc0130a42be 2641996 kernel optional linux-signed-arm64_5.19~rc6+1~exp1.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmLPvgMACgkQi0FRiLdO NzbfkQ//Q2ZIHYkqouFeeDtWX0if8sVK2Ji5I8iuIfARgMdteq2vYU9xUOnBNvoi DOnrRpgAm9xhzIooceSvb7ZjYk/exrK1aB1uos3lHk4iEDfa2A9YyI9mz72LIAmc Z7p1vXH2HS9rSFWgXtC54yJloOVGLlvrg6e2AxF1AtN306OEk1mNYjU2VnGQWIMw q9oCztsYjtbdoMQ3pQI4S3SGGhmeYLAYcX+Q5xhcZRU0HStFI1Nn+/cwuppISHsR wnfaDjzxR0HsJMtFGl0/DrTQ6ErWiMcBgLhmEn0Tqsxz1kSLcf1QM6oXEbtnNGpr d92uExQgwNxE2BzIs3JA8PqDYrb//Tk9wAUYf/GpoccuHYPJOLWiYZ+EICmpNJEi 64yvHdR0i2WUxmvaHY/gKI6reiwHWDqksszkMBUPzBQnlCybtaZzTF9oVzAyUJ2o dQEDFYfKXrN/GAUx6qEcLN/6v3qEafAa7Q0vW6pKhUZY+m69rOMiX48H2qckd0Fv auh8fcYhZkNkF1vI/uh9T7lc2FpwOQ2oRybPiQbgO8nWzbLaHwarX8AdQJxpVHP9 AVjIoBUpe/lHtPfCg1M51gbXvh7e2vJ+S7Av4D3sdbdXxwJzrCog3X/nxFmebtdi f0osxldmC6h/TKI/q/IhskwJN7sMKkCCfBohp+mkMa/Rp7HxDuA= =75DS -----END PGP SIGNATURE-----