[SRU][Bionic][PULL] Updates for Spectre v1 (CVE-2017-5753)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Bionic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Juerg Haefliger
This pull request contains fix(es) for the following CVE(s):
  CVE-2017-5753

Pull in the latest Spectre v1 fixes from mainline. All commits are either
clean cherry-picks or simple backports (context adjustments only).

The changes are fairly trivial and non-intrusive (low risk) in that they
sprinkle array_index_nospec() calls over different places where an array
index is user controllable.

Compile-tested all supported architectures.

Signed-off-by: Juerg Haefliger <[hidden email]>
---

The following changes since commit bb55c24ff413a2877c5215195edf60db6f38f913:

  UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (2019-04-09 08:26:44 +0200)

are available in the Git repository at:

  git://git.launchpad.net/~juergh/+git/bionic-linux update-spectre-v1

for you to fetch changes up to f1216d8699cfc4ce0ba639633b0453f6974bb2ef:

  ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-10 13:52:46 +0200)

----------------------------------------------------------------
Breno Leitao (2):
      HID: hiddev: fix potential Spectre v1
      powerpc/ptrace: Mitigate potential Spectre v1

Davidlohr Bueso (1):
      sysvipc/sem: mitigate semnum index against spectre v1

Gustavo A. R. Silva (25):
      drm/amdgpu/pm: Fix potential Spectre v1
      drm/i915/kvmgt: Fix potential Spectre v1
      hwmon: (nct6775) Fix potential Spectre v1
      switchtec: Fix Spectre v1 vulnerability
      misc: hmc6352: fix potential Spectre v1
      tty: vt_ioctl: fix potential Spectre v1
      IB/ucm: Fix Spectre v1 vulnerability
      RDMA/ucma: Fix Spectre v1 vulnerability
      drm/bufs: Fix Spectre v1 vulnerability
      usb: gadget: storage: Fix Spectre v1 vulnerability
      ptp: fix Spectre v1 vulnerability
      drivers/misc/sgi-gru: fix Spectre v1 vulnerability
      ipv4: Fix potential Spectre v1 vulnerability
      ALSA: emux: Fix potential Spectre v1 vulnerabilities
      ALSA: pcm: Fix potential Spectre v1 vulnerability
      ip6mr: Fix potential Spectre v1 vulnerability
      ALSA: rme9652: Fix potential Spectre v1 vulnerability
      ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
      KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
      drm/ioctl: Fix Spectre v1 vulnerabilities
      char/mwave: fix potential Spectre v1 vulnerability
      applicom: Fix potential Spectre v1 vulnerabilities
      ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
      ALSA: rawmidi: Fix potential Spectre v1 vulnerability
      ALSA: seq: oss: Fix Spectre v1 vulnerability

Jason Wang (1):
      vhost: Fix Spectre V1 vulnerability

Jeff Moyer (1):
      aio: fix spectre gadget in lookup_ioctx

Jeremy Cline (6):
      net: socket: fix potential spectre v1 gadget in socketcall
      net: socket: Fix potential spectre v1 gadget in sock_is_registered
      netlink: Fix spectre v1 gadget in netlink_create()
      ext4: fix spectre gadget in ext4_mb_regular_allocator()
      net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
      fs/quota: Fix spectre gadget in do_quotactl

Jinbum Park (2):
      pktcdvd: Fix possible Spectre-v1 for pkt_devs
      mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom

Johannes Berg (1):
      cfg80211: prevent speculation on cfg80211_classify8021d() return

John Garry (1):
      libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()

Mark Rutland (3):
      KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
      arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
      KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()

Martin Schwidefsky (1):
      s390/keyboard: sanitize array index in do_kdsk_ioctl

Masashi Honma (2):
      nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
      nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds

Mauro Carvalho Chehab (1):
      media: dvb_ca_en50221: prevent using slot_info for Spectre attacs

Michael Ellerman (1):
      powerpc: Use barrier_nospec in copy_from_user()

 arch/arm64/kernel/ptrace.c                   | 19 ++++++++-------
 arch/powerpc/include/asm/uaccess.h           | 11 ++++++++-
 arch/powerpc/kernel/ptrace.c                 |  8 ++++++-
 drivers/ata/libahci.c                        |  7 ++++--
 drivers/block/pktcdvd.c                      |  4 +++-
 drivers/char/applicom.c                      | 35 +++++++++++++++++++---------
 drivers/char/ipmi/ipmi_msghandler.c          |  6 +++++
 drivers/char/mwave/mwavedd.c                 |  7 ++++++
 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c       |  2 ++
 drivers/gpu/drm/drm_bufs.c                   |  3 +++
 drivers/gpu/drm/drm_ioctl.c                  | 10 ++++++--
 drivers/gpu/drm/i915/gvt/kvmgt.c             |  9 ++++++-
 drivers/hid/usbhid/hiddev.c                  | 18 ++++++++++----
 drivers/hwmon/nct6775.c                      |  2 ++
 drivers/infiniband/core/ucm.c                |  3 +++
 drivers/infiniband/core/ucma.c               |  3 +++
 drivers/media/dvb-core/dvb_ca_en50221.c      |  5 ++++
 drivers/misc/hmc6352.c                       |  2 ++
 drivers/misc/sgi-gru/grukdump.c              |  4 ++++
 drivers/net/wireless/mac80211_hwsim.c        |  4 ++++
 drivers/pci/switch/switchtec.c               |  4 ++++
 drivers/ptp/ptp_chardev.c                    |  4 ++++
 drivers/s390/char/keyboard.c                 | 28 ++++++++++++----------
 drivers/tty/vt/vt_ioctl.c                    |  4 ++++
 drivers/usb/gadget/function/f_mass_storage.c |  3 +++
 drivers/vhost/vhost.c                        |  2 ++
 fs/aio.c                                     |  2 ++
 fs/ext4/mballoc.c                            |  4 +++-
 fs/quota/quota.c                             |  2 ++
 ipc/sem.c                                    | 18 ++++++++++----
 net/core/sock_diag.c                         |  2 ++
 net/ipv4/ipmr.c                              |  4 ++++
 net/ipv6/ip6mr.c                             |  3 +++
 net/netlink/af_netlink.c                     |  2 ++
 net/socket.c                                 |  2 ++
 net/wireless/nl80211.c                       | 20 ++++++++++++----
 net/wireless/util.c                          | 34 +++++++++++++++++++--------
 sound/core/pcm.c                             |  2 ++
 sound/core/rawmidi.c                         |  2 ++
 sound/core/seq/oss/seq_oss_synth.c           |  7 +++---
 sound/pci/emu10k1/emufx.c                    |  5 ++++
 sound/pci/rme9652/hdsp.c                     | 10 ++++----
 sound/synth/emux/emux_hwdep.c                |  7 ++++--
 virt/kvm/arm/vgic/vgic-mmio-v2.c             |  3 +++
 virt/kvm/arm/vgic/vgic.c                     | 13 +++++++----
 45 files changed, 273 insertions(+), 76 deletions(-)

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Bionic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Stefan Bader-2
On 10.04.19 13:57, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit bb55c24ff413a2877c5215195edf60db6f38f913:
>
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (2019-04-09 08:26:44 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/bionic-linux update-spectre-v1
>
> for you to fetch changes up to f1216d8699cfc4ce0ba639633b0453f6974bb2ef:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-10 13:52:46 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (2):
>       HID: hiddev: fix potential Spectre v1
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> Davidlohr Bueso (1):
>       sysvipc/sem: mitigate semnum index against spectre v1
>
> Gustavo A. R. Silva (25):
>       drm/amdgpu/pm: Fix potential Spectre v1
>       drm/i915/kvmgt: Fix potential Spectre v1
>       hwmon: (nct6775) Fix potential Spectre v1
>       switchtec: Fix Spectre v1 vulnerability
>       misc: hmc6352: fix potential Spectre v1
>       tty: vt_ioctl: fix potential Spectre v1
>       IB/ucm: Fix Spectre v1 vulnerability
>       RDMA/ucma: Fix Spectre v1 vulnerability
>       drm/bufs: Fix Spectre v1 vulnerability
>       usb: gadget: storage: Fix Spectre v1 vulnerability
>       ptp: fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jason Wang (1):
>       vhost: Fix Spectre V1 vulnerability
>
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
>
> Jeremy Cline (6):
>       net: socket: fix potential spectre v1 gadget in socketcall
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       netlink: Fix spectre v1 gadget in netlink_create()
>       ext4: fix spectre gadget in ext4_mb_regular_allocator()
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>       fs/quota: Fix spectre gadget in do_quotactl
>
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> John Garry (1):
>       libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
>
> Mark Rutland (3):
>       KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>       KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> Masashi Honma (2):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>       nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
>
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
>
> Michael Ellerman (1):
>       powerpc: Use barrier_nospec in copy_from_user()
>
>  arch/arm64/kernel/ptrace.c                   | 19 ++++++++-------
>  arch/powerpc/include/asm/uaccess.h           | 11 ++++++++-
>  arch/powerpc/kernel/ptrace.c                 |  8 ++++++-
>  drivers/ata/libahci.c                        |  7 ++++--
>  drivers/block/pktcdvd.c                      |  4 +++-
>  drivers/char/applicom.c                      | 35 +++++++++++++++++++---------
>  drivers/char/ipmi/ipmi_msghandler.c          |  6 +++++
>  drivers/char/mwave/mwavedd.c                 |  7 ++++++
>  drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c       |  2 ++
>  drivers/gpu/drm/drm_bufs.c                   |  3 +++
>  drivers/gpu/drm/drm_ioctl.c                  | 10 ++++++--
>  drivers/gpu/drm/i915/gvt/kvmgt.c             |  9 ++++++-
>  drivers/hid/usbhid/hiddev.c                  | 18 ++++++++++----
>  drivers/hwmon/nct6775.c                      |  2 ++
>  drivers/infiniband/core/ucm.c                |  3 +++
>  drivers/infiniband/core/ucma.c               |  3 +++
>  drivers/media/dvb-core/dvb_ca_en50221.c      |  5 ++++
>  drivers/misc/hmc6352.c                       |  2 ++
>  drivers/misc/sgi-gru/grukdump.c              |  4 ++++
>  drivers/net/wireless/mac80211_hwsim.c        |  4 ++++
>  drivers/pci/switch/switchtec.c               |  4 ++++
>  drivers/ptp/ptp_chardev.c                    |  4 ++++
>  drivers/s390/char/keyboard.c                 | 28 ++++++++++++----------
>  drivers/tty/vt/vt_ioctl.c                    |  4 ++++
>  drivers/usb/gadget/function/f_mass_storage.c |  3 +++
>  drivers/vhost/vhost.c                        |  2 ++
>  fs/aio.c                                     |  2 ++
>  fs/ext4/mballoc.c                            |  4 +++-
>  fs/quota/quota.c                             |  2 ++
>  ipc/sem.c                                    | 18 ++++++++++----
>  net/core/sock_diag.c                         |  2 ++
>  net/ipv4/ipmr.c                              |  4 ++++
>  net/ipv6/ip6mr.c                             |  3 +++
>  net/netlink/af_netlink.c                     |  2 ++
>  net/socket.c                                 |  2 ++
>  net/wireless/nl80211.c                       | 20 ++++++++++++----
>  net/wireless/util.c                          | 34 +++++++++++++++++++--------
>  sound/core/pcm.c                             |  2 ++
>  sound/core/rawmidi.c                         |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c           |  7 +++---
>  sound/pci/emu10k1/emufx.c                    |  5 ++++
>  sound/pci/rme9652/hdsp.c                     | 10 ++++----
>  sound/synth/emux/emux_hwdep.c                |  7 ++++--
>  virt/kvm/arm/vgic/vgic-mmio-v2.c             |  3 +++
>  virt/kvm/arm/vgic/vgic.c                     | 13 +++++++----
>  45 files changed, 273 insertions(+), 76 deletions(-)
>
Seem to be all in the context of Spectre v1

Acked-by: Stefan Bader <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Bionic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Kleber Souza
In reply to this post by Juerg Haefliger
On 4/10/19 1:57 PM, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit bb55c24ff413a2877c5215195edf60db6f38f913:
>
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (2019-04-09 08:26:44 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/bionic-linux update-spectre-v1
>
> for you to fetch changes up to f1216d8699cfc4ce0ba639633b0453f6974bb2ef:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-10 13:52:46 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (2):
>       HID: hiddev: fix potential Spectre v1
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> Davidlohr Bueso (1):
>       sysvipc/sem: mitigate semnum index against spectre v1
>
> Gustavo A. R. Silva (25):
>       drm/amdgpu/pm: Fix potential Spectre v1
>       drm/i915/kvmgt: Fix potential Spectre v1
>       hwmon: (nct6775) Fix potential Spectre v1
>       switchtec: Fix Spectre v1 vulnerability
>       misc: hmc6352: fix potential Spectre v1
>       tty: vt_ioctl: fix potential Spectre v1
>       IB/ucm: Fix Spectre v1 vulnerability
>       RDMA/ucma: Fix Spectre v1 vulnerability
>       drm/bufs: Fix Spectre v1 vulnerability
>       usb: gadget: storage: Fix Spectre v1 vulnerability
>       ptp: fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jason Wang (1):
>       vhost: Fix Spectre V1 vulnerability
>
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
>
> Jeremy Cline (6):
>       net: socket: fix potential spectre v1 gadget in socketcall
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       netlink: Fix spectre v1 gadget in netlink_create()
>       ext4: fix spectre gadget in ext4_mb_regular_allocator()
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>       fs/quota: Fix spectre gadget in do_quotactl
>
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> John Garry (1):
>       libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
>
> Mark Rutland (3):
>       KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>       KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> Masashi Honma (2):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>       nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
>
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
>
> Michael Ellerman (1):
>       powerpc: Use barrier_nospec in copy_from_user()
>
>  arch/arm64/kernel/ptrace.c                   | 19 ++++++++-------
>  arch/powerpc/include/asm/uaccess.h           | 11 ++++++++-
>  arch/powerpc/kernel/ptrace.c                 |  8 ++++++-
>  drivers/ata/libahci.c                        |  7 ++++--
>  drivers/block/pktcdvd.c                      |  4 +++-
>  drivers/char/applicom.c                      | 35 +++++++++++++++++++---------
>  drivers/char/ipmi/ipmi_msghandler.c          |  6 +++++
>  drivers/char/mwave/mwavedd.c                 |  7 ++++++
>  drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c       |  2 ++
>  drivers/gpu/drm/drm_bufs.c                   |  3 +++
>  drivers/gpu/drm/drm_ioctl.c                  | 10 ++++++--
>  drivers/gpu/drm/i915/gvt/kvmgt.c             |  9 ++++++-
>  drivers/hid/usbhid/hiddev.c                  | 18 ++++++++++----
>  drivers/hwmon/nct6775.c                      |  2 ++
>  drivers/infiniband/core/ucm.c                |  3 +++
>  drivers/infiniband/core/ucma.c               |  3 +++
>  drivers/media/dvb-core/dvb_ca_en50221.c      |  5 ++++
>  drivers/misc/hmc6352.c                       |  2 ++
>  drivers/misc/sgi-gru/grukdump.c              |  4 ++++
>  drivers/net/wireless/mac80211_hwsim.c        |  4 ++++
>  drivers/pci/switch/switchtec.c               |  4 ++++
>  drivers/ptp/ptp_chardev.c                    |  4 ++++
>  drivers/s390/char/keyboard.c                 | 28 ++++++++++++----------
>  drivers/tty/vt/vt_ioctl.c                    |  4 ++++
>  drivers/usb/gadget/function/f_mass_storage.c |  3 +++
>  drivers/vhost/vhost.c                        |  2 ++
>  fs/aio.c                                     |  2 ++
>  fs/ext4/mballoc.c                            |  4 +++-
>  fs/quota/quota.c                             |  2 ++
>  ipc/sem.c                                    | 18 ++++++++++----
>  net/core/sock_diag.c                         |  2 ++
>  net/ipv4/ipmr.c                              |  4 ++++
>  net/ipv6/ip6mr.c                             |  3 +++
>  net/netlink/af_netlink.c                     |  2 ++
>  net/socket.c                                 |  2 ++
>  net/wireless/nl80211.c                       | 20 ++++++++++++----
>  net/wireless/util.c                          | 34 +++++++++++++++++++--------
>  sound/core/pcm.c                             |  2 ++
>  sound/core/rawmidi.c                         |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c           |  7 +++---
>  sound/pci/emu10k1/emufx.c                    |  5 ++++
>  sound/pci/rme9652/hdsp.c                     | 10 ++++----
>  sound/synth/emux/emux_hwdep.c                |  7 ++++--
>  virt/kvm/arm/vgic/vgic-mmio-v2.c             |  3 +++
>  virt/kvm/arm/vgic/vgic.c                     | 13 +++++++----
>  45 files changed, 273 insertions(+), 76 deletions(-)
>


Acked-by: Kleber Sacilotto de Souza <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED/cmnt: [SRU][Bionic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Stefan Bader-2
In reply to this post by Juerg Haefliger
On 10.04.19 13:57, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit bb55c24ff413a2877c5215195edf60db6f38f913:
>
>   UBUNTU: SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (2019-04-09 08:26:44 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/bionic-linux update-spectre-v1
>
> for you to fetch changes up to f1216d8699cfc4ce0ba639633b0453f6974bb2ef:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-10 13:52:46 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (2):
>       HID: hiddev: fix potential Spectre v1
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> Davidlohr Bueso (1):
>       sysvipc/sem: mitigate semnum index against spectre v1
>
> Gustavo A. R. Silva (25):
>       drm/amdgpu/pm: Fix potential Spectre v1
>       drm/i915/kvmgt: Fix potential Spectre v1
>       hwmon: (nct6775) Fix potential Spectre v1
>       switchtec: Fix Spectre v1 vulnerability
>       misc: hmc6352: fix potential Spectre v1
>       tty: vt_ioctl: fix potential Spectre v1
>       IB/ucm: Fix Spectre v1 vulnerability
>       RDMA/ucma: Fix Spectre v1 vulnerability
>       drm/bufs: Fix Spectre v1 vulnerability
>       usb: gadget: storage: Fix Spectre v1 vulnerability
>       ptp: fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jason Wang (1):
>       vhost: Fix Spectre V1 vulnerability
>
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
>
> Jeremy Cline (6):
>       net: socket: fix potential spectre v1 gadget in socketcall
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       netlink: Fix spectre v1 gadget in netlink_create()
>       ext4: fix spectre gadget in ext4_mb_regular_allocator()
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>       fs/quota: Fix spectre gadget in do_quotactl
>
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> John Garry (1):
>       libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
>
> Mark Rutland (3):
>       KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>       KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> Masashi Honma (2):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>       nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
>
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
>
> Michael Ellerman (1):
>       powerpc: Use barrier_nospec in copy_from_user()
>
>  arch/arm64/kernel/ptrace.c                   | 19 ++++++++-------
>  arch/powerpc/include/asm/uaccess.h           | 11 ++++++++-
>  arch/powerpc/kernel/ptrace.c                 |  8 ++++++-
>  drivers/ata/libahci.c                        |  7 ++++--
>  drivers/block/pktcdvd.c                      |  4 +++-
>  drivers/char/applicom.c                      | 35 +++++++++++++++++++---------
>  drivers/char/ipmi/ipmi_msghandler.c          |  6 +++++
>  drivers/char/mwave/mwavedd.c                 |  7 ++++++
>  drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c       |  2 ++
>  drivers/gpu/drm/drm_bufs.c                   |  3 +++
>  drivers/gpu/drm/drm_ioctl.c                  | 10 ++++++--
>  drivers/gpu/drm/i915/gvt/kvmgt.c             |  9 ++++++-
>  drivers/hid/usbhid/hiddev.c                  | 18 ++++++++++----
>  drivers/hwmon/nct6775.c                      |  2 ++
>  drivers/infiniband/core/ucm.c                |  3 +++
>  drivers/infiniband/core/ucma.c               |  3 +++
>  drivers/media/dvb-core/dvb_ca_en50221.c      |  5 ++++
>  drivers/misc/hmc6352.c                       |  2 ++
>  drivers/misc/sgi-gru/grukdump.c              |  4 ++++
>  drivers/net/wireless/mac80211_hwsim.c        |  4 ++++
>  drivers/pci/switch/switchtec.c               |  4 ++++
>  drivers/ptp/ptp_chardev.c                    |  4 ++++
>  drivers/s390/char/keyboard.c                 | 28 ++++++++++++----------
>  drivers/tty/vt/vt_ioctl.c                    |  4 ++++
>  drivers/usb/gadget/function/f_mass_storage.c |  3 +++
>  drivers/vhost/vhost.c                        |  2 ++
>  fs/aio.c                                     |  2 ++
>  fs/ext4/mballoc.c                            |  4 +++-
>  fs/quota/quota.c                             |  2 ++
>  ipc/sem.c                                    | 18 ++++++++++----
>  net/core/sock_diag.c                         |  2 ++
>  net/ipv4/ipmr.c                              |  4 ++++
>  net/ipv6/ip6mr.c                             |  3 +++
>  net/netlink/af_netlink.c                     |  2 ++
>  net/socket.c                                 |  2 ++
>  net/wireless/nl80211.c                       | 20 ++++++++++++----
>  net/wireless/util.c                          | 34 +++++++++++++++++++--------
>  sound/core/pcm.c                             |  2 ++
>  sound/core/rawmidi.c                         |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c           |  7 +++---
>  sound/pci/emu10k1/emufx.c                    |  5 ++++
>  sound/pci/rme9652/hdsp.c                     | 10 ++++----
>  sound/synth/emux/emux_hwdep.c                |  7 ++++--
>  virt/kvm/arm/vgic/vgic-mmio-v2.c             |  3 +++
>  virt/kvm/arm/vgic/vgic.c                     | 13 +++++++----
>  45 files changed, 273 insertions(+), 76 deletions(-)
>
Skipped the following patch as it was already applied since submission:

* powerpc: Use barrier_nospec in copy_from_user()

Applied to bionic/master-next. Thanks.

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment