git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Will Deacon <will.deacon@arm.com>
	Mon, 5 Feb 2018 15:34:20 +0000 (15:34 +0000)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Tue, 27 Feb 2018 16:33:02 +0000 (11:33 -0500)
commit	e43513e151499774a6fad16bfbbaed86ab90f065
tree	b89a50667338177a9b5f76e380f034d7a80e08ae	tree
parent	2e25780a4562b4b38a6d4540fe36d9c21c68414c	commit \| diff

arm64: entry: Ensure branch through syscall table is bounded under speculation

Commit 6314d90e6493 upstream.

In a similar manner to array_index_mask_nospec, this patch introduces an
assembly macro (mask_nospec64) which can be used to bound a value under
speculation. This macro is then used to ensure that the indirect branch
through the syscall table is bounded under speculation, with out-of-range
addresses speculating as calls to sys_io_setup (0).

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 7a51d7d2f7f77cea72fe0f73bd40d39852cd0702)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

arch/arm64/include/asm/assembler.h		diff \| blob \| blame \| history
arch/arm64/kernel/entry.S		diff \| blob \| blame \| history