[SRU][Trusty][PULL] Prevent speculation on user controlled pointer (LP: #1775137)
Juerg Haefliger
juerg.haefliger at canonical.com
Thu Jun 28 14:47:17 UTC 2018
BugLink: https://bugs.launchpad.net/bugs/1775137
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a while
now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
Compile-tested all supported architectures.
Signed-off-by: Juerg Haefliger <juergh at canonical.com>
---
The following changes since commit 182dabb3ee807633a0a11e8bbac93a64d111fdd3:
UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() (2018-06-28 16:08:50 +0200)
are available in the Git repository at:
git://git.launchpad.net/~juergh/+git/trusty-linux lp1775137
for you to fetch changes up to 01c904cae0a339aeb07d383f9f46526f5467b096:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (2018-06-28 16:41:27 +0200)
----------------------------------------------------------------
Dan Williams (3):
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
Linus Torvalds (2):
x86: reorganize SMAP handling in user space accesses
x86: fix SMAP in 32-bit environments
arch/x86/include/asm/uaccess.h | 47 +++++++++++++++-----
arch/x86/include/asm/uaccess_32.h | 24 ++++++++++
arch/x86/include/asm/uaccess_64.h | 94 +++++++++++++++++++++++++++------------
arch/x86/lib/usercopy_32.c | 20 ++++-----
4 files changed, 136 insertions(+), 49 deletions(-)
More information about the kernel-team
mailing list