[SRU][Trusty][PULL] Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)

Juerg Haefliger juerg.haefliger at canonical.com
Wed Jul 25 15:04:34 UTC 2018 

On 07/25/2018 03:35 PM, Stefan Bader wrote:
> On 28.06.2018 16:40, Juerg Haefliger wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1774181
>>
>> Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre
>> v1 mitigation. Add the missing patches and merge them with Ubuntu's current
>> implementation.
>>
>> == SRU Justification ==
>> Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset
>> which introduced a barrier macro to prevent speculation beyond array boundaries
>> for user controlled indices. What eventually landed in upstream is slightly
>> different and uses a barrier macro in combination with a masking solution (plus
>> syscall table and user pointer sanitation). During the updates to newer stable
>> upstream versions, all those patches were skipped. After reviewing them, we
>> want to bring them back and merge them with the current implementation which
>> brings us back in sync with upstream stable.
> 
> I went through the set and ended more or less with the same comments as Khaled:
> - some patches look like picked from 4.4.y without mentioning that
> - personally I like to start a new section with the backported/cherry picked
>   line, this makes it a bit more obvious where the new block starts. Not really
>   important but some patches do it that way and some not. So either one style
>   or the other would be good.
> - I would squash moving that WARN_ON_ONCE and removing it into one patch with
>   the commit message of the removal
> - Renaming osb() and fixing the last uses really should be one patch for bi-
>   section.

Will fix it up and resend a new PR.

Thanks for the review!
...Juerg


> -Stefan
>>
>> == Fix ==
>> Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131.
>> Where appropriate, replace Ubuntu's additional barriers with the masking macro.
>>
>> == Regression Potential ==
>> Low. The patches have been in upstream for quite a while now and we keep the
>> speculation barriers that are currently in Ubuntu but not in upstream.
>>
>> == Test Case ==
>> TBD.
>>
>> Compile-tested all supported architectures.
>>
>> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
>> ---
>>
>> The following changes since commit ae41eb7e6e1f4431c8a6d98578588d15b7240bf8:
>>
>>   fscache: Fix hanging wait on page discarded by writeback (2018-06-18 17:44:37 +0200)
>>
>> are available in the Git repository at:
>>
>>   git://git.launchpad.net/~juergh/+git/trusty-linux lp1774181
>>
>> for you to fetch changes up to 182dabb3ee807633a0a11e8bbac93a64d111fdd3:
>>
>>   UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() (2018-06-28 16:08:50 +0200)
>>
>> ----------------------------------------------------------------
>> Ben Hutchings (1):
>>       x86/syscall: Sanitize syscall table de-references under speculation
>>
>> Dan Williams (9):
>>       array_index_nospec: Sanitize speculative array de-references
>>       x86: Implement array_index_mask_nospec
>>       x86: Introduce barrier_nospec
>>       x86/get_user: Use pointer masking to limit speculation
>>       vfs, fdtable: Prevent bounds-check bypass via speculative execution
>>       nl80211: Sanitize array index in parse_txq_params
>>       x86/spectre: Report get_user mitigation for spectre_v1
>>       x86/kvm: Update spectre-v1 mitigation
>>       nospec: Kill array_index_nospec_mask_check()
>>
>> Juerg Haefliger (3):
>>       UBUNTU: SAUCE: Replace osb() calls with array_index_nospec()
>>       UBUNTU: SAUCE: Rename osb() to barrier_nospec()
>>       UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb()
>>
>> Mark Rutland (1):
>>       Documentation: Document array_index_nospec
>>
>> Rasmus Villemoes (1):
>>       nospec: Allow index argument to have const-qualified type
>>
>> Will Deacon (1):
>>       nospec: Move array_index_nospec() parameter checking into separate macro
>>
>>  Documentation/speculation.txt            | 90 ++++++++++++++++++++++++++++++++
>>  arch/arm/include/asm/barrier.h           |  3 --
>>  arch/arm64/include/asm/barrier.h         |  3 --
>>  arch/powerpc/include/asm/barrier.h       |  3 +-
>>  arch/s390/include/asm/barrier.h          | 13 +++--
>>  arch/x86/ia32/ia32entry.S                | 36 ++++++++-----
>>  arch/x86/include/asm/barrier.h           | 32 ++++++++++--
>>  arch/x86/kernel/cpu/bugs.c               | 10 +---
>>  arch/x86/kernel/entry_32.S               |  4 ++
>>  arch/x86/kernel/entry_64.S               | 16 +++---
>>  arch/x86/kvm/vmx.c                       | 15 ++++--
>>  arch/x86/lib/getuser.S                   | 10 ++++
>>  drivers/media/usb/uvc/uvc_v4l2.c         |  5 +-
>>  drivers/net/wireless/ath/carl9170/main.c |  3 +-
>>  drivers/scsi/qla2xxx/qla_mr.c            |  5 +-
>>  fs/udf/misc.c                            | 13 ++---
>>  include/asm-generic/barrier.h            | 11 ----
>>  include/linux/fdtable.h                  |  3 +-
>>  include/linux/nospec.h                   | 53 +++++++++++++++++++
>>  kernel/user_namespace.c                  |  3 +-
>>  net/core/filter.c                        |  5 +-
>>  net/wireless/nl80211.c                   |  9 ++--
>>  22 files changed, 268 insertions(+), 77 deletions(-)
>>  create mode 100644 Documentation/speculation.txt
>>
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180725/3cb90fc3/attachment.sig>

More information about the kernel-team mailing list