]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d1d6495) | patch
arm64: uaccess: Prevent speculative use of the current addr_limit
authorWill Deacon <will.deacon@arm.com>
Mon, 5 Feb 2018 15:34:21 +0000 (15:34 +0000)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Wed, 7 Mar 2018 11:14:01 +0000 (12:14 +0100)
commitcf1b0630860184e3734f4dd876685da9c3f47c2d
tree5c632000ffc01c6ebf6433133080ffb3acef9dcetree
parentd1d64957391251cc0a4a9be80946f2b56be68b22commit | diff
arm64: uaccess: Prevent speculative use of the current addr_limit

Commit c2f0ad4fc089 upstream.

A mispredicted conditional call to set_fs could result in the wrong
addr_limit being forwarded under speculation to a subsequent access_ok
check, potentially forming part of a spectre-v1 attack using uaccess
routines.

This patch prevents this forwarding from taking place, but putting heavy
barriers in set_fs after writing the addr_limit.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1ccaee9dea60f97e2f64fe17b8c23ff06fe95041)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
arch/arm64/include/asm/uaccess.h diff | blob | blame | history
Ubuntu Artful kernel mirror