[SRU][Xenial][PATCH 0/5] Prevent speculation on user controlled pointer (LP #1775137)
Juerg Haefliger
juerg.haefliger at canonical.com
Wed Jun 6 14:20:47 UTC 2018
BugLink: https://bugs.launchpad.net/bugs/1775137
This patchset adds the missing Spectre v1 mitigation for speculating on user controlled pointers.
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
Signed-off-by: Juerg Haefliger <juergh at canonical.com>
Dan Williams (3):
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
Linus Torvalds (2):
x86: reorganize SMAP handling in user space accesses
x86: fix SMAP in 32-bit environments
arch/x86/include/asm/uaccess.h | 64 ++++++++++++++-------
arch/x86/include/asm/uaccess_32.h | 26 +++++++++
arch/x86/include/asm/uaccess_64.h | 94 ++++++++++++++++++++++---------
arch/x86/lib/usercopy_32.c | 20 +++----
4 files changed, 147 insertions(+), 57 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list