[SRU][Trusty][PULL] Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
Juerg Haefliger
juerg.haefliger at canonical.com
Wed Jul 25 15:04:34 UTC 2018
On 07/25/2018 03:35 PM, Stefan Bader wrote:
> On 28.06.2018 16:40, Juerg Haefliger wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1774181
>>
>> Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre
>> v1 mitigation. Add the missing patches and merge them with Ubuntu's current
>> implementation.
>>
>> == SRU Justification ==
>> Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset
>> which introduced a barrier macro to prevent speculation beyond array boundaries
>> for user controlled indices. What eventually landed in upstream is slightly
>> different and uses a barrier macro in combination with a masking solution (plus
>> syscall table and user pointer sanitation). During the updates to newer stable
>> upstream versions, all those patches were skipped. After reviewing them, we
>> want to bring them back and merge them with the current implementation which
>> brings us back in sync with upstream stable.
>
> I went through the set and ended more or less with the same comments as Khaled:
> - some patches look like picked from 4.4.y without mentioning that
> - personally I like to start a new section with the backported/cherry picked
> line, this makes it a bit more obvious where the new block starts. Not really
> important but some patches do it that way and some not. So either one style
> or the other would be good.
> - I would squash moving that WARN_ON_ONCE and removing it into one patch with
> the commit message of the removal
> - Renaming osb() and fixing the last uses really should be one patch for bi-
> section.
Will fix it up and resend a new PR.
Thanks for the review!
...Juerg
> -Stefan
>>
>> == Fix ==
>> Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131.
>> Where appropriate, replace Ubuntu's additional barriers with the masking macro.
>>
>> == Regression Potential ==
>> Low. The patches have been in upstream for quite a while now and we keep the
>> speculation barriers that are currently in Ubuntu but not in upstream.
>>
>> == Test Case ==
>> TBD.
>>
>> Compile-tested all supported architectures.
>>
>> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
>> ---
>>
>> The following changes since commit ae41eb7e6e1f4431c8a6d98578588d15b7240bf8:
>>
>> fscache: Fix hanging wait on page discarded by writeback (2018-06-18 17:44:37 +0200)
>>
>> are available in the Git repository at:
>>
>> git://git.launchpad.net/~juergh/+git/trusty-linux lp1774181
>>
>> for you to fetch changes up to 182dabb3ee807633a0a11e8bbac93a64d111fdd3:
>>
>> UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() (2018-06-28 16:08:50 +0200)
>>
>> ----------------------------------------------------------------
>> Ben Hutchings (1):
>> x86/syscall: Sanitize syscall table de-references under speculation
>>
>> Dan Williams (9):
>> array_index_nospec: Sanitize speculative array de-references
>> x86: Implement array_index_mask_nospec
>> x86: Introduce barrier_nospec
>> x86/get_user: Use pointer masking to limit speculation
>> vfs, fdtable: Prevent bounds-check bypass via speculative execution
>> nl80211: Sanitize array index in parse_txq_params
>> x86/spectre: Report get_user mitigation for spectre_v1
>> x86/kvm: Update spectre-v1 mitigation
>> nospec: Kill array_index_nospec_mask_check()
>>
>> Juerg Haefliger (3):
>> UBUNTU: SAUCE: Replace osb() calls with array_index_nospec()
>> UBUNTU: SAUCE: Rename osb() to barrier_nospec()
>> UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb()
>>
>> Mark Rutland (1):
>> Documentation: Document array_index_nospec
>>
>> Rasmus Villemoes (1):
>> nospec: Allow index argument to have const-qualified type
>>
>> Will Deacon (1):
>> nospec: Move array_index_nospec() parameter checking into separate macro
>>
>> Documentation/speculation.txt | 90 ++++++++++++++++++++++++++++++++
>> arch/arm/include/asm/barrier.h | 3 --
>> arch/arm64/include/asm/barrier.h | 3 --
>> arch/powerpc/include/asm/barrier.h | 3 +-
>> arch/s390/include/asm/barrier.h | 13 +++--
>> arch/x86/ia32/ia32entry.S | 36 ++++++++-----
>> arch/x86/include/asm/barrier.h | 32 ++++++++++--
>> arch/x86/kernel/cpu/bugs.c | 10 +---
>> arch/x86/kernel/entry_32.S | 4 ++
>> arch/x86/kernel/entry_64.S | 16 +++---
>> arch/x86/kvm/vmx.c | 15 ++++--
>> arch/x86/lib/getuser.S | 10 ++++
>> drivers/media/usb/uvc/uvc_v4l2.c | 5 +-
>> drivers/net/wireless/ath/carl9170/main.c | 3 +-
>> drivers/scsi/qla2xxx/qla_mr.c | 5 +-
>> fs/udf/misc.c | 13 ++---
>> include/asm-generic/barrier.h | 11 ----
>> include/linux/fdtable.h | 3 +-
>> include/linux/nospec.h | 53 +++++++++++++++++++
>> kernel/user_namespace.c | 3 +-
>> net/core/filter.c | 5 +-
>> net/wireless/nl80211.c | 9 ++--
>> 22 files changed, 268 insertions(+), 77 deletions(-)
>> create mode 100644 Documentation/speculation.txt
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180725/3cb90fc3/attachment.sig>
More information about the kernel-team
mailing list