ACK/cmnt: [SRU][Xenial][PATCH 0/5] Prevent speculation on user controlled pointer (LP #1775137)

Stefan Bader stefan.bader at canonical.com
Wed Jun 6 15:17:53 UTC 2018


On 06.06.2018 07:20, Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/1775137
> 
> This patchset adds the missing Spectre v1 mitigation for speculating on user controlled pointers.
> 
> == SRU Justification ==
> Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels.
> 
> == Fix ==
> Backport the following patches:
> x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
> x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
> x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
> 
> == Regression Potential ==
> Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations.
> 
> == Test Case ==
> TBD.
> 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> 
> 
> Dan Williams (3):
>   x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
>   x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
>   x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
> 
> Linus Torvalds (2):
>   x86: reorganize SMAP handling in user space accesses
>   x86: fix SMAP in 32-bit environments
> 
>  arch/x86/include/asm/uaccess.h    | 64 ++++++++++++++-------
>  arch/x86/include/asm/uaccess_32.h | 26 +++++++++
>  arch/x86/include/asm/uaccess_64.h | 94 ++++++++++++++++++++++---------
>  arch/x86/lib/usercopy_32.c        | 20 +++----
>  4 files changed, 147 insertions(+), 57 deletions(-)
> 

Looking at the patches they seem to match what they claim to do. I am just
wondering whether there would be a slightly better way to point out backport
decisions like that "don't use <something> in <function>" in the last patch.
Maybe that could be a comment in the associated bug report?

But anyway,

Acked-by: Stefan Bader <stefan.bader at canonical.com>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180606/06df5abb/attachment.sig>


More information about the kernel-team mailing list