git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Jiri Kosina <jkosina@suse.cz>
	Wed, 29 Aug 2018 19:17:00 +0000 (21:17 +0200)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Wed, 5 Sep 2018 13:59:19 +0000 (15:59 +0200)
commit	14623a43c5a5e933ffa3febb2cf472a584e39474
tree	f2b23dd7f6f89f80136ae15a4e0656e03d2df36e	tree
parent	2de98e05cdd2208d7cacb7d275470ced1fbc18c9	commit \| diff

x86/speculation: Protect against userspace-userspace spectreRSB

The article "Spectre Returns! Speculation Attacks using the Return Stack
Buffer" [1] describes two new (sub-)variants of spectrev2-like attacks,
making use solely of the RSB contents even on CPUs that don't fallback to
BTB on RSB underflow (Skylake+).

Mitigate userspace-userspace attacks by always unconditionally filling RSB on
context switch when the generic spectrev2 mitigation has been enabled.

[1] https://arxiv.org/pdf/1807.07940.pdf

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1807261308190.997@cbobk.fhfr.pm
CVE-2018-15572

(cherry picked from commit fdf82a7856b32d905c39afc85e34364491e46346)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
[ kleber: fixed CVE reference ]
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>