[SRU][Trusty][PULL] Prevent speculation on user controlled pointer (LP: #1775137)

Juerg Haefliger juerg.haefliger at canonical.com
Thu Jun 28 14:47:17 UTC 2018 

BugLink: https://bugs.launchpad.net/bugs/1775137

== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.

== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec

== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a while
now and the changes only introduce a barrier on copy_from_user operations.

== Test Case ==
TBD.

Compile-tested all supported architectures.

Signed-off-by: Juerg Haefliger <juergh at canonical.com>
---

The following changes since commit 182dabb3ee807633a0a11e8bbac93a64d111fdd3:

  UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() (2018-06-28 16:08:50 +0200)

are available in the Git repository at:

  git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137

for you to fetch changes up to 01c904cae0a339aeb07d383f9f46526f5467b096:

  x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-06-28 16:41:27 +0200)

----------------------------------------------------------------
Dan Williams (3):
      x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
      x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
      x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

Linus Torvalds (2):
      x86: reorganize SMAP handling in user space accesses
      x86: fix SMAP in 32-bit environments

 arch/x86/include/asm/uaccess.h    | 47 +++++++++++++++-----
 arch/x86/include/asm/uaccess_32.h | 24 ++++++++++
 arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------
 arch/x86/lib/usercopy_32.c        | 20 ++++-----
 4 files changed, 136 insertions(+), 49 deletions(-)

More information about the kernel-team mailing list