git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Robin Murphy <robin.murphy@arm.com>
	Mon, 5 Feb 2018 15:34:19 +0000 (15:34 +0000)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Tue, 27 Feb 2018 16:33:01 +0000 (11:33 -0500)
commit	2e25780a4562b4b38a6d4540fe36d9c21c68414c
tree	7453e12df1d553b4596983803307473b0a7d9139	tree
parent	31bc4cd7530c7215351e365d63d9e8cfe4d9d4ec	commit \| diff

arm64: Use pointer masking to limit uaccess speculation

Commit 4d8efc2d5ee4 upstream.

Similarly to x86, mitigate speculation past an access_ok() check by
masking the pointer against the address limit before use.

Even if we don't expect speculative writes per se, it is plausible that
a CPU may still speculate at least as far as fetching a cache line for
writing, hence we also harden put_user() and clear_user() for peace of
mind.

Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2e985d2647a07bad21892811e8eb85f5231a1d4a)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>