From patchwork Thu Jun 28 14:40:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 936191 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41GjBn3y19z9ryt; Fri, 29 Jun 2018 00:41:05 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fYY6R-0004if-4P; Thu, 28 Jun 2018 14:40:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fYY6Q-0004i5-4a for kernel-team@lists.ubuntu.com; Thu, 28 Jun 2018 14:40:54 +0000 Received: from mail-ed1-f70.google.com ([209.85.208.70]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fYY6P-0008RY-TT for kernel-team@lists.ubuntu.com; Thu, 28 Jun 2018 14:40:53 +0000 Received: by mail-ed1-f70.google.com with SMTP id i10-v6so2185639eds.19 for ; Thu, 28 Jun 2018 07:40:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=GHtwItaqbAVvHYUP5+FF5Q2IaTmpb7gthTZrC+h2mgc=; b=KeKUO6krUxy0CtqiGSw6JXV2i/3oIDp9x+ARtFyggkQ1AoE84vlM4zIYf+LAfdHOy/ pHChdk6kw5ec6rA5bCqxzBJx2XBxb24a55hxG5XlGwZCH2pj8Vx6t+pei8tVrXAg6fq/ ttS05hUAkYuAodg8TAelMn7N4vq86gSoSSVSIr4uNIKx9yYbeZJ8OOtm1WHhg5TYXUWX IJwq8jxenuGOEhlJBPyemMWaWKldnqO00XfH/u+hzkB2DS+OfB7Fj/Z8MlbHV8gNdky6 bioL0gP4svMmyU3YzVfrqg7m5czA2KVBzp8PMZZOCoYgD14B9nYNlHDVtuIdZZUyIRLV yvnw== X-Gm-Message-State: APt69E3rmvEzmZThgtRrpOiUqBhwVdOsBhAUOnUhhgyca5JILdxMyG5+ Hy+yWJTPpQXKYpj/IyyW3lQpFourYB7/kO75SEqBBitddWdz2EIT2hFLxknDm2q/QZvCUUKxlwP IG/VXRQGlstmbksDR6SvWcDWLuDEFMKUzvYPhs3rtCA== X-Received: by 2002:a50:f098:: with SMTP id v24-v6mr9740866edl.90.1530196853400; Thu, 28 Jun 2018 07:40:53 -0700 (PDT) X-Google-Smtp-Source: AAOMgpe/c8gW0yLS+iDu4aZTFQIKfqt6mhkXkVXxInTOfjuFLUwf3aSvU41REnEzGgQNAx5cYKei/Q== X-Received: by 2002:a50:f098:: with SMTP id v24-v6mr9740856edl.90.1530196853214; Thu, 28 Jun 2018 07:40:53 -0700 (PDT) Received: from localhost.localdomain ([81.221.205.149]) by smtp.gmail.com with ESMTPSA id p8-v6sm1543907edh.11.2018.06.28.07.40.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Jun 2018 07:40:52 -0700 (PDT) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PULL] Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181) Date: Thu, 28 Jun 2018 16:40:50 +0200 Message-Id: <182dabb3ee807633a0a11e8bbac93a64d111fdd3.1530194947.git.juergh@canonical.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1774181 Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. Compile-tested all supported architectures. Signed-off-by: Juerg Haefliger --- The following changes since commit ae41eb7e6e1f4431c8a6d98578588d15b7240bf8: fscache: Fix hanging wait on page discarded by writeback (2018-06-18 17:44:37 +0200) are available in the Git repository at: git://git.launchpad.net/~juergh/+git/trusty-linux lp1774181 for you to fetch changes up to 182dabb3ee807633a0a11e8bbac93a64d111fdd3: UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() (2018-06-28 16:08:50 +0200) ---------------------------------------------------------------- Ben Hutchings (1): x86/syscall: Sanitize syscall table de-references under speculation Dan Williams (9): array_index_nospec: Sanitize speculative array de-references x86: Implement array_index_mask_nospec x86: Introduce barrier_nospec x86/get_user: Use pointer masking to limit speculation vfs, fdtable: Prevent bounds-check bypass via speculative execution nl80211: Sanitize array index in parse_txq_params x86/spectre: Report get_user mitigation for spectre_v1 x86/kvm: Update spectre-v1 mitigation nospec: Kill array_index_nospec_mask_check() Juerg Haefliger (3): UBUNTU: SAUCE: Replace osb() calls with array_index_nospec() UBUNTU: SAUCE: Rename osb() to barrier_nospec() UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() Mark Rutland (1): Documentation: Document array_index_nospec Rasmus Villemoes (1): nospec: Allow index argument to have const-qualified type Will Deacon (1): nospec: Move array_index_nospec() parameter checking into separate macro Documentation/speculation.txt | 90 ++++++++++++++++++++++++++++++++ arch/arm/include/asm/barrier.h | 3 -- arch/arm64/include/asm/barrier.h | 3 -- arch/powerpc/include/asm/barrier.h | 3 +- arch/s390/include/asm/barrier.h | 13 +++-- arch/x86/ia32/ia32entry.S | 36 ++++++++----- arch/x86/include/asm/barrier.h | 32 ++++++++++-- arch/x86/kernel/cpu/bugs.c | 10 +--- arch/x86/kernel/entry_32.S | 4 ++ arch/x86/kernel/entry_64.S | 16 +++--- arch/x86/kvm/vmx.c | 15 ++++-- arch/x86/lib/getuser.S | 10 ++++ drivers/media/usb/uvc/uvc_v4l2.c | 5 +- drivers/net/wireless/ath/carl9170/main.c | 3 +- drivers/scsi/qla2xxx/qla_mr.c | 5 +- fs/udf/misc.c | 13 ++--- include/asm-generic/barrier.h | 11 ---- include/linux/fdtable.h | 3 +- include/linux/nospec.h | 53 +++++++++++++++++++ kernel/user_namespace.c | 3 +- net/core/filter.c | 5 +- net/wireless/nl80211.c | 9 ++-- 22 files changed, 268 insertions(+), 77 deletions(-) create mode 100644 Documentation/speculation.txt