ACK: [SRU][Bionic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Stefan Bader stefan.bader at canonical.com
Wed Apr 17 15:59:43 UTC 2019 

On 10.04.19 13:57, Juerg Haefliger wrote:
> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
> 
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
> 
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
> 
> Compile-tested all supported architectures.
> 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
> 
> The following changes since commit bb55c24ff413a2877c5215195edf60db6f38f913:
> 
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (2019-04-09 08:26:44 +0200)
> 
> are available in the Git repository at:
> 
>   git://git.launchpad.net/~juergh/+git/bionic-linux update-spectre-v1
> 
> for you to fetch changes up to f1216d8699cfc4ce0ba639633b0453f6974bb2ef:
> 
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-10 13:52:46 +0200)
> 
> ----------------------------------------------------------------
> Breno Leitao (2):
>       HID: hiddev: fix potential Spectre v1
>       powerpc/ptrace: Mitigate potential Spectre v1
> 
> Davidlohr Bueso (1):
>       sysvipc/sem: mitigate semnum index against spectre v1
> 
> Gustavo A. R. Silva (25):
>       drm/amdgpu/pm: Fix potential Spectre v1
>       drm/i915/kvmgt: Fix potential Spectre v1
>       hwmon: (nct6775) Fix potential Spectre v1
>       switchtec: Fix Spectre v1 vulnerability
>       misc: hmc6352: fix potential Spectre v1
>       tty: vt_ioctl: fix potential Spectre v1
>       IB/ucm: Fix Spectre v1 vulnerability
>       RDMA/ucma: Fix Spectre v1 vulnerability
>       drm/bufs: Fix Spectre v1 vulnerability
>       usb: gadget: storage: Fix Spectre v1 vulnerability
>       ptp: fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
> 
> Jason Wang (1):
>       vhost: Fix Spectre V1 vulnerability
> 
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
> 
> Jeremy Cline (6):
>       net: socket: fix potential spectre v1 gadget in socketcall
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       netlink: Fix spectre v1 gadget in netlink_create()
>       ext4: fix spectre gadget in ext4_mb_regular_allocator()
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>       fs/quota: Fix spectre gadget in do_quotactl
> 
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
> 
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
> 
> John Garry (1):
>       libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
> 
> Mark Rutland (3):
>       KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>       KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
> 
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
> 
> Masashi Honma (2):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>       nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
> 
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
> 
> Michael Ellerman (1):
>       powerpc: Use barrier_nospec in copy_from_user()
> 
>  arch/arm64/kernel/ptrace.c                   | 19 ++++++++-------
>  arch/powerpc/include/asm/uaccess.h           | 11 ++++++++-
>  arch/powerpc/kernel/ptrace.c                 |  8 ++++++-
>  drivers/ata/libahci.c                        |  7 ++++--
>  drivers/block/pktcdvd.c                      |  4 +++-
>  drivers/char/applicom.c                      | 35 +++++++++++++++++++---------
>  drivers/char/ipmi/ipmi_msghandler.c          |  6 +++++
>  drivers/char/mwave/mwavedd.c                 |  7 ++++++
>  drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c       |  2 ++
>  drivers/gpu/drm/drm_bufs.c                   |  3 +++
>  drivers/gpu/drm/drm_ioctl.c                  | 10 ++++++--
>  drivers/gpu/drm/i915/gvt/kvmgt.c             |  9 ++++++-
>  drivers/hid/usbhid/hiddev.c                  | 18 ++++++++++----
>  drivers/hwmon/nct6775.c                      |  2 ++
>  drivers/infiniband/core/ucm.c                |  3 +++
>  drivers/infiniband/core/ucma.c               |  3 +++
>  drivers/media/dvb-core/dvb_ca_en50221.c      |  5 ++++
>  drivers/misc/hmc6352.c                       |  2 ++
>  drivers/misc/sgi-gru/grukdump.c              |  4 ++++
>  drivers/net/wireless/mac80211_hwsim.c        |  4 ++++
>  drivers/pci/switch/switchtec.c               |  4 ++++
>  drivers/ptp/ptp_chardev.c                    |  4 ++++
>  drivers/s390/char/keyboard.c                 | 28 ++++++++++++----------
>  drivers/tty/vt/vt_ioctl.c                    |  4 ++++
>  drivers/usb/gadget/function/f_mass_storage.c |  3 +++
>  drivers/vhost/vhost.c                        |  2 ++
>  fs/aio.c                                     |  2 ++
>  fs/ext4/mballoc.c                            |  4 +++-
>  fs/quota/quota.c                             |  2 ++
>  ipc/sem.c                                    | 18 ++++++++++----
>  net/core/sock_diag.c                         |  2 ++
>  net/ipv4/ipmr.c                              |  4 ++++
>  net/ipv6/ip6mr.c                             |  3 +++
>  net/netlink/af_netlink.c                     |  2 ++
>  net/socket.c                                 |  2 ++
>  net/wireless/nl80211.c                       | 20 ++++++++++++----
>  net/wireless/util.c                          | 34 +++++++++++++++++++--------
>  sound/core/pcm.c                             |  2 ++
>  sound/core/rawmidi.c                         |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c           |  7 +++---
>  sound/pci/emu10k1/emufx.c                    |  5 ++++
>  sound/pci/rme9652/hdsp.c                     | 10 ++++----
>  sound/synth/emux/emux_hwdep.c                |  7 ++++--
>  virt/kvm/arm/vgic/vgic-mmio-v2.c             |  3 +++
>  virt/kvm/arm/vgic/vgic.c                     | 13 +++++++----
>  45 files changed, 273 insertions(+), 76 deletions(-)
> 
Seem to be all in the context of Spectre v1

Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190417/3c44e4f2/attachment-0001.sig>

More information about the kernel-team mailing list