| Message ID | 7803ab83a55eb1e01f902e260f61a1526ab36a5f.1532598458.git.juergh@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Trusty,PULL,v2] Prevent speculation on user controlled pointer (LP: #1775137) | expand |
On 26.07.2018 11:49, Juerg Haefliger wrote: > git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2 Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 07/26/18 11:49, Juerg Haefliger wrote: > BugLink: https://bugs.launchpad.net/bugs/1775137 > > == SRU Justification == > Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. > > == Fix == > Backport the following patches: > x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec > x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} > x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec > > == Regression Potential == > Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. > > == Test Case == > TBD. > > v1 -> v2: > - No functional changes. > - Pulled backports/cherry-picks from upstream stable and tagged them > accordingly. > - Added a newline before my sign-off to start a new section. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > --- > > The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7: > > UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2 > > for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f: > > x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200) > > ---------------------------------------------------------------- > Dan Williams (3): > x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec > x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} > x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec > > Linus Torvalds (2): > x86: reorganize SMAP handling in user space accesses > x86: fix SMAP in 32-bit environments > > arch/x86/include/asm/uaccess.h | 47 +++++++++++++++----- > arch/x86/include/asm/uaccess_32.h | 24 ++++++++++ > arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------ > arch/x86/lib/usercopy_32.c | 20 ++++----- > 4 files changed, 136 insertions(+), 49 deletions(-) >
On 07/26/18 11:49, Juerg Haefliger wrote: > BugLink: https://bugs.launchpad.net/bugs/1775137 > > == SRU Justification == > Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. > > == Fix == > Backport the following patches: > x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec > x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} > x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec > > == Regression Potential == > Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. > > == Test Case == > TBD. > > v1 -> v2: > - No functional changes. > - Pulled backports/cherry-picks from upstream stable and tagged them > accordingly. > - Added a newline before my sign-off to start a new section. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7: > > UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2 > > for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f: > > x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200) > > ---------------------------------------------------------------- > Dan Williams (3): > x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec > x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} > x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec > > Linus Torvalds (2): > x86: reorganize SMAP handling in user space accesses > x86: fix SMAP in 32-bit environments > > arch/x86/include/asm/uaccess.h | 47 +++++++++++++++----- > arch/x86/include/asm/uaccess_32.h | 24 ++++++++++ > arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------ > arch/x86/lib/usercopy_32.c | 20 ++++----- > 4 files changed, 136 insertions(+), 49 deletions(-) > Applied to trusty/master-next branch. Thanks, Kleber
BugLink: https://bugs.launchpad.net/bugs/1775137 == SRU Justification == Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. == Fix == Backport the following patches: x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec == Regression Potential == Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. == Test Case == TBD. v1 -> v2: - No functional changes. - Pulled backports/cherry-picks from upstream stable and tagged them accordingly. - Added a newline before my sign-off to start a new section. Signed-off-by: Juerg Haefliger <juergh@canonical.com> --- The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7: UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200) are available in the Git repository at: git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2 for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f: x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200) ---------------------------------------------------------------- Dan Williams (3): x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Linus Torvalds (2): x86: reorganize SMAP handling in user space accesses x86: fix SMAP in 32-bit environments arch/x86/include/asm/uaccess.h | 47 +++++++++++++++----- arch/x86/include/asm/uaccess_32.h | 24 ++++++++++ arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------ arch/x86/lib/usercopy_32.c | 20 ++++----- 4 files changed, 136 insertions(+), 49 deletions(-)