cmnts/questions: [SRU][Trusty][PULL] Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
Khaled Elmously
khalid.elmously at canonical.com
Tue Jul 24 04:54:21 UTC 2018
1) It seems like your final patch "UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb()" should actually be part of the patch just before it, as part of the refactor?
2) This is probably a stupid question, but why do some osb() calls stay as they are (only get renamed) while others become a call to array_index_nospec() ?
3) Regarding your "needed?" comments, presumably, anywhere osb() was being called before will still need a barrier - so why do you think they would NOT be needed? (Where did that set of 'speculatively-accessed arrays originally come from anyway? I don't see barriers in these locations in mainline or stable)
4) (minor) should the cherry-pick/backport SHAs mention that they're from linux-stable ?
On 2018-06-28 16:40:50 , Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/1774181
>
> Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre
> v1 mitigation. Add the missing patches and merge them with Ubuntu's current
> implementation.
>
> == SRU Justification ==
> Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset
> which introduced a barrier macro to prevent speculation beyond array boundaries
> for user controlled indices. What eventually landed in upstream is slightly
> different and uses a barrier macro in combination with a masking solution (plus
> syscall table and user pointer sanitation). During the updates to newer stable
> upstream versions, all those patches were skipped. After reviewing them, we
> want to bring them back and merge them with the current implementation which
> brings us back in sync with upstream stable.
>
> == Fix ==
> Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131.
> Where appropriate, replace Ubuntu's additional barriers with the masking macro.
>
> == Regression Potential ==
> Low. The patches have been in upstream for quite a while now and we keep the
> speculation barriers that are currently in Ubuntu but not in upstream.
>
> == Test Case ==
> TBD.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
>
> The following changes since commit ae41eb7e6e1f4431c8a6d98578588d15b7240bf8:
>
> fscache: Fix hanging wait on page discarded by writeback (2018-06-18 17:44:37 +0200)
>
> are available in the Git repository at:
>
> git://git.launchpad.net/~juergh/+git/trusty-linux lp1774181
>
> for you to fetch changes up to 182dabb3ee807633a0a11e8bbac93a64d111fdd3:
>
> UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() (2018-06-28 16:08:50 +0200)
>
> ----------------------------------------------------------------
> Ben Hutchings (1):
> x86/syscall: Sanitize syscall table de-references under speculation
>
> Dan Williams (9):
> array_index_nospec: Sanitize speculative array de-references
> x86: Implement array_index_mask_nospec
> x86: Introduce barrier_nospec
> x86/get_user: Use pointer masking to limit speculation
> vfs, fdtable: Prevent bounds-check bypass via speculative execution
> nl80211: Sanitize array index in parse_txq_params
> x86/spectre: Report get_user mitigation for spectre_v1
> x86/kvm: Update spectre-v1 mitigation
> nospec: Kill array_index_nospec_mask_check()
>
> Juerg Haefliger (3):
> UBUNTU: SAUCE: Replace osb() calls with array_index_nospec()
> UBUNTU: SAUCE: Rename osb() to barrier_nospec()
> UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb()
>
> Mark Rutland (1):
> Documentation: Document array_index_nospec
>
> Rasmus Villemoes (1):
> nospec: Allow index argument to have const-qualified type
>
> Will Deacon (1):
> nospec: Move array_index_nospec() parameter checking into separate macro
>
> Documentation/speculation.txt | 90 ++++++++++++++++++++++++++++++++
> arch/arm/include/asm/barrier.h | 3 --
> arch/arm64/include/asm/barrier.h | 3 --
> arch/powerpc/include/asm/barrier.h | 3 +-
> arch/s390/include/asm/barrier.h | 13 +++--
> arch/x86/ia32/ia32entry.S | 36 ++++++++-----
> arch/x86/include/asm/barrier.h | 32 ++++++++++--
> arch/x86/kernel/cpu/bugs.c | 10 +---
> arch/x86/kernel/entry_32.S | 4 ++
> arch/x86/kernel/entry_64.S | 16 +++---
> arch/x86/kvm/vmx.c | 15 ++++--
> arch/x86/lib/getuser.S | 10 ++++
> drivers/media/usb/uvc/uvc_v4l2.c | 5 +-
> drivers/net/wireless/ath/carl9170/main.c | 3 +-
> drivers/scsi/qla2xxx/qla_mr.c | 5 +-
> fs/udf/misc.c | 13 ++---
> include/asm-generic/barrier.h | 11 ----
> include/linux/fdtable.h | 3 +-
> include/linux/nospec.h | 53 +++++++++++++++++++
> kernel/user_namespace.c | 3 +-
> net/core/filter.c | 5 +-
> net/wireless/nl80211.c | 9 ++--
> 22 files changed, 268 insertions(+), 77 deletions(-)
> create mode 100644 Documentation/speculation.txt
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list