From patchwork Thu Jul 26 09:49:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 949575 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41bnPJ2pMGz9ryl; Thu, 26 Jul 2018 19:49:23 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fictW-0000f2-OJ; Thu, 26 Jul 2018 09:49:14 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fictU-0000eh-Dj for kernel-team@lists.ubuntu.com; Thu, 26 Jul 2018 09:49:12 +0000 Received: from mail-ed1-f71.google.com ([209.85.208.71]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fictU-0000BF-6M for kernel-team@lists.ubuntu.com; Thu, 26 Jul 2018 09:49:12 +0000 Received: by mail-ed1-f71.google.com with SMTP id l1-v6so582289edi.11 for ; Thu, 26 Jul 2018 02:49:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to; bh=tZfjuqmbMjlCmvi6JIy3Bem3/w36cnosIdglK9lvsjI=; b=IE09pEAk3Fv4Bq+O84iLlCWAb1xRESD9erCVN4pZSNKsKGpaee46mTgfXRfLvXZwYO g4mJidIlwb3xlGStelUK9XEVi7hBcA7pVkmmVtDxqAcOdLGEGHqRxTDkU6tMvOx7izT0 bC34SQw0+8cVS5bGrVg84wF4hfFIVJdAJkW2hrucI9iZ0jL+BFzWTcT+scmM3bzFDRMs TYYHzpo7i1flUCZqC3QQ9WZMZZOtYmETldpgUX8DPhJmnCnvwcBgh3elEyeKN5AwSNEy ZLHse7EzC97HfwOyWwNl/UsBtC5B3/Z6A1zB5czDazucLX8RAv3oWvtRec49nBKRIDUT PGAQ== X-Gm-Message-State: AOUpUlGMzPGBDOLE7jRt5HaXkCW0N+ILNP32qS2we4Jxgk5OC/BWcNke NbucA6voIyY6pzOzf+T3hMKtAlm6BhTmH3tKyM1usAYf8eUHvwspxDyaQeKENzub+gZ6ZEslgeU 16DOMO0M8wYyVEvWNRVVEyn/V+m9ZnJMCVTN7euVyrA== X-Received: by 2002:a50:cc4d:: with SMTP id n13-v6mr1938161edi.171.1532598551718; Thu, 26 Jul 2018 02:49:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpf1ogRB2qyLuveAeIE5iHoQ7TkrA9gjs34jBOewxP3xP6/C8+OZLEGRj6ZvNAjULllfOXbJqA== X-Received: by 2002:a50:cc4d:: with SMTP id n13-v6mr1938146edi.171.1532598551521; Thu, 26 Jul 2018 02:49:11 -0700 (PDT) Received: from localhost.localdomain ([81.221.205.149]) by smtp.gmail.com with ESMTPSA id j42-v6sm675241eda.2.2018.07.26.02.49.10 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jul 2018 02:49:10 -0700 (PDT) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PULL v2] Prevent speculation on user controlled pointer (LP: #1775137) Date: Thu, 26 Jul 2018 11:49:09 +0200 Message-Id: <7803ab83a55eb1e01f902e260f61a1526ab36a5f.1532598458.git.juergh@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <01c904cae0a339aeb07d383f9f46526f5467b096.1530196995.git.juergh@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1775137 == SRU Justification == Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. == Fix == Backport the following patches: x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec == Regression Potential == Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. == Test Case == TBD. v1 -> v2: - No functional changes. - Pulled backports/cherry-picks from upstream stable and tagged them accordingly. - Added a newline before my sign-off to start a new section. Signed-off-by: Juerg Haefliger Acked-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza --- The following changes since commit 2dd022222443a00e54f58f0e2a0e5f9e78c0e6b7: UBUNTU: SAUCE: Rename osb() to barrier_nospec() (2018-07-26 09:46:02 +0200) are available in the Git repository at: git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137-v2 for you to fetch changes up to 7803ab83a55eb1e01f902e260f61a1526ab36a5f: x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-07-26 11:38:40 +0200) ---------------------------------------------------------------- Dan Williams (3): x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Linus Torvalds (2): x86: reorganize SMAP handling in user space accesses x86: fix SMAP in 32-bit environments arch/x86/include/asm/uaccess.h | 47 +++++++++++++++----- arch/x86/include/asm/uaccess_32.h | 24 ++++++++++ arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------ arch/x86/lib/usercopy_32.c | 20 ++++----- 4 files changed, 136 insertions(+), 49 deletions(-)