From patchwork Wed Jun 6 14:20:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 925876 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4119nq52mKz9s01; Thu, 7 Jun 2018 00:21:03 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fQZJ1-0003tM-Sc; Wed, 06 Jun 2018 14:20:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fQZJ0-0003tD-PU for kernel-team@lists.ubuntu.com; Wed, 06 Jun 2018 14:20:54 +0000 Received: from mail-wr0-f200.google.com ([209.85.128.200]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fQZJ0-00046D-Hj for kernel-team@lists.ubuntu.com; Wed, 06 Jun 2018 14:20:54 +0000 Received: by mail-wr0-f200.google.com with SMTP id a15-v6so3604584wrr.23 for ; Wed, 06 Jun 2018 07:20:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=N/hW983SwyJp9oZXsE0VkFarao/aS0/cqVXfU1vqNsE=; b=cYa8vzgTmdAhKFpU8d3xm14hN/+9nZbTCQaAvWBS4RYk7r8Sh2uFRfiC0V0rSvn7AQ QbC70uPXkKyyiz/ogmMZvBcNWZ7l98sXvLj5DY/Kx9k9QwwT5pdpeMOq4RVKcgKlPAcE TlFJ23GbswZqTnAhjWLqCoS+AJbsLnp7gnmthYkynzKfAIkeltPXBWeVkON8DTVeNhfW 4g3P6Mjio72a6FMkl6xaO9hwi0VR+x+dIDZuHiYZRGzl0QqcA1qymCeNUr0G7DlVInKw RGjU5NUjaWzaI0+E3SXuNvQkDs87ZGaw2eBRZ9mIrcoLSJ7pwRmPTk2bonzTRmzCo6s/ sdwQ== X-Gm-Message-State: APt69E1aPL93vXyMNTmqUkxevHLr0WCOgAnz/XRIA/fxdt3+/8E0z+LN ptTpm66nxpxEn4JK11+rJZ/lQ2OEFuEtteHPZwHp7Y2BT2IBpFyRBnphXPZ5hRtELhkWO5EVbI3 52Ns3aiSJNqzbjJNNzLIHP47LXaB7uPUyJW9uG8uguQ== X-Received: by 2002:a50:c05e:: with SMTP id u30-v6mr3925606edd.202.1528294854101; Wed, 06 Jun 2018 07:20:54 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKxphFq933AFYVfH+G64P+HPEyyDyW8KJ22gp9g1GiOhiUuinsREMN3BOHAcmpOxJuesQ1UOQ== X-Received: by 2002:a50:c05e:: with SMTP id u30-v6mr3925590edd.202.1528294853954; Wed, 06 Jun 2018 07:20:53 -0700 (PDT) Received: from gollum.fritz.box ([81.221.205.149]) by smtp.gmail.com with ESMTPSA id f25-v6sm14810130edd.87.2018.06.06.07.20.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Jun 2018 07:20:53 -0700 (PDT) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Xenial][PATCH 0/5] Prevent speculation on user controlled pointer (LP #1775137) Date: Wed, 6 Jun 2018 16:20:47 +0200 Message-Id: <20180606142052.32684-1-juergh@canonical.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1775137 This patchset adds the missing Spectre v1 mitigation for speculating on user controlled pointers. == SRU Justification == Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. == Fix == Backport the following patches: x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec == Regression Potential == Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. == Test Case == TBD. Signed-off-by: Juerg Haefliger Dan Williams (3): x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Linus Torvalds (2): x86: reorganize SMAP handling in user space accesses x86: fix SMAP in 32-bit environments arch/x86/include/asm/uaccess.h | 64 ++++++++++++++------- arch/x86/include/asm/uaccess_32.h | 26 +++++++++ arch/x86/include/asm/uaccess_64.h | 94 ++++++++++++++++++++++--------- arch/x86/lib/usercopy_32.c | 20 +++---- 4 files changed, 147 insertions(+), 57 deletions(-) Acked-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza