git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Will Deacon <will.deacon@arm.com>
	Mon, 5 Feb 2018 15:34:21 +0000 (15:34 +0000)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Tue, 27 Feb 2018 16:33:03 +0000 (11:33 -0500)
commit	0ee32d7be38f54da86368e619504b41d82cd0c5d
tree	79d7842790edf2b7aebe716a1df476cca7773207	tree
parent	e43513e151499774a6fad16bfbbaed86ab90f065	commit \| diff

arm64: uaccess: Prevent speculative use of the current addr_limit

Commit c2f0ad4fc089 upstream.

A mispredicted conditional call to set_fs could result in the wrong
addr_limit being forwarded under speculation to a subsequent access_ok
check, potentially forming part of a spectre-v1 attack using uaccess
routines.

This patch prevents this forwarding from taking place, but putting heavy
barriers in set_fs after writing the addr_limit.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1ccaee9dea60f97e2f64fe17b8c23ff06fe95041)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>