[SRU,Trusty,PULL,v2] Prevent speculation on user controlled pointer (LP: #1775137)

Message ID 7803ab83a55eb1e01f902e260f61a1526ab36a5f.1532598458.git.juergh@canonical.com
State New
Headers show
Series
  • [SRU,Trusty,PULL,v2] Prevent speculation on user controlled pointer (LP: #1775137)
Related show

Pull-request

git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2

Message

Juerg Haefliger July 26, 2018, 9:49 a.m.
BugLink: https://bugs.launchpad.net/bugs/1775137

== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels.

== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec

== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations.

== Test Case ==
TBD.

v1 -> v2:
  - No functional changes.
  - Pulled backports/cherry-picks from upstream stable and tagged them
    accordingly.
  - Added a newline before my sign-off to start a new section.

Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---

The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7:

  UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200)

are available in the Git repository at:

  git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2

for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f:

  x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200)

----------------------------------------------------------------
Dan Williams (3):
      x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
      x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
      x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

Linus Torvalds (2):
      x86: reorganize SMAP handling in user space accesses
      x86: fix SMAP in 32-bit environments

 arch/x86/include/asm/uaccess.h    | 47 +++++++++++++++-----
 arch/x86/include/asm/uaccess_32.h | 24 ++++++++++
 arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------
 arch/x86/lib/usercopy_32.c        | 20 ++++-----
 4 files changed, 136 insertions(+), 49 deletions(-)

Comments

Stefan Bader July 26, 2018, 11:49 a.m. | #1
On 26.07.2018 11:49, Juerg Haefliger wrote:
> git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Kleber Souza July 27, 2018, 3:24 p.m. | #2
On 07/26/18 11:49, Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/1775137
> 
> == SRU Justification ==
> Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels.
> 
> == Fix ==
> Backport the following patches:
> x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
> x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
> x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
> 
> == Regression Potential ==
> Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations.
> 
> == Test Case ==
> TBD.
> 
> v1 -> v2:
>   - No functional changes.
>   - Pulled backports/cherry-picks from upstream stable and tagged them
>     accordingly.
>   - Added a newline before my sign-off to start a new section.
> 
> Signed-off-by: Juerg Haefliger <juergh@canonical.com>

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

> ---
> 
> The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7:
> 
>   UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200)
> 
> are available in the Git repository at:
> 
>   git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2
> 
> for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f:
> 
>   x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200)
> 
> ----------------------------------------------------------------
> Dan Williams (3):
>       x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
>       x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
>       x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
> 
> Linus Torvalds (2):
>       x86: reorganize SMAP handling in user space accesses
>       x86: fix SMAP in 32-bit environments
> 
>  arch/x86/include/asm/uaccess.h    | 47 +++++++++++++++-----
>  arch/x86/include/asm/uaccess_32.h | 24 ++++++++++
>  arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------
>  arch/x86/lib/usercopy_32.c        | 20 ++++-----
>  4 files changed, 136 insertions(+), 49 deletions(-)
>
Kleber Souza July 27, 2018, 3:26 p.m. | #3
On 07/26/18 11:49, Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/1775137
> 
> == SRU Justification ==
> Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels.
> 
> == Fix ==
> Backport the following patches:
> x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
> x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
> x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
> 
> == Regression Potential ==
> Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations.
> 
> == Test Case ==
> TBD.
> 
> v1 -> v2:
>   - No functional changes.
>   - Pulled backports/cherry-picks from upstream stable and tagged them
>     accordingly.
>   - Added a newline before my sign-off to start a new section.
> 
> Signed-off-by: Juerg Haefliger <juergh@canonical.com>
> ---
> 
> The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7:
> 
>   UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200)
> 
> are available in the Git repository at:
> 
>   git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2
> 
> for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f:
> 
>   x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200)
> 
> ----------------------------------------------------------------
> Dan Williams (3):
>       x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
>       x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
>       x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
> 
> Linus Torvalds (2):
>       x86: reorganize SMAP handling in user space accesses
>       x86: fix SMAP in 32-bit environments
> 
>  arch/x86/include/asm/uaccess.h    | 47 +++++++++++++++-----
>  arch/x86/include/asm/uaccess_32.h | 24 ++++++++++
>  arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------
>  arch/x86/lib/usercopy_32.c        | 20 ++++-----
>  4 files changed, 136 insertions(+), 49 deletions(-)
> 

Applied to trusty/master-next branch.

Thanks,
Kleber