[SRU][Cosmic][PULL] Updates for Spectre v1 (CVE-2017-5753)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Cosmic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Juerg Haefliger
This pull request contains fix(es) for the following CVE(s):
  CVE-2017-5753

Pull in the latest Spectre v1 fixes from mainline. All commits are either
clean cherry-picks or simple backports (context adjustments only).

The changes are fairly trivial and non-intrusive (low risk) in that they
sprinkle array_index_nospec() calls over different places where an array
index is user controllable.

Compile-tested all supported architectures.

Signed-off-by: Juerg Haefliger <[hidden email]>
---

The following changes since commit 0a4b03deaca7749c26b776ded32d6ea38db0b3ee:

  openvswitch: fix flow actions reallocation (2019-04-08 17:21:25 +0200)

are available in the Git repository at:

  git://git.launchpad.net/~juergh/+git/cosmic-linux update-spectre-v1

for you to fetch changes up to 2ff3f1444a12589176e2c628465cdd465b8ffa03:

  ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 09:47:03 +0200)

----------------------------------------------------------------
Breno Leitao (1):
      powerpc/ptrace: Mitigate potential Spectre v1

David S. Miller (1):
      net: Revert recent Spectre-v1 patches.

Gustavo A. R. Silva (19):
      drm/bufs: Fix Spectre v1 vulnerability
      drivers/misc/sgi-gru: fix Spectre v1 vulnerability
      ipv4: Fix potential Spectre v1 vulnerability
      ALSA: emux: Fix potential Spectre v1 vulnerabilities
      ALSA: pcm: Fix potential Spectre v1 vulnerability
      ip6mr: Fix potential Spectre v1 vulnerability
      ALSA: rme9652: Fix potential Spectre v1 vulnerability
      ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
      KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
      drm/ioctl: Fix Spectre v1 vulnerabilities
      net: core: Fix Spectre v1 vulnerability
      phonet: af_phonet: Fix Spectre v1 vulnerability
      nfc: af_nfc: Fix Spectre v1 vulnerability
      can: af_can: Fix Spectre v1 vulnerability
      char/mwave: fix potential Spectre v1 vulnerability
      applicom: Fix potential Spectre v1 vulnerabilities
      ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
      ALSA: rawmidi: Fix potential Spectre v1 vulnerability
      ALSA: seq: oss: Fix Spectre v1 vulnerability

Jeff Moyer (1):
      aio: fix spectre gadget in lookup_ioctx

Johannes Berg (1):
      cfg80211: prevent speculation on cfg80211_classify8021d() return

Martin Schwidefsky (1):
      s390/keyboard: sanitize array index in do_kdsk_ioctl

 arch/powerpc/kernel/ptrace.c        |  8 +++++++-
 drivers/char/applicom.c             | 35 ++++++++++++++++++++++++-----------
 drivers/char/ipmi/ipmi_msghandler.c | 26 ++++++++++++++++++--------
 drivers/char/mwave/mwavedd.c        |  7 +++++++
 drivers/gpu/drm/drm_bufs.c          |  3 +++
 drivers/gpu/drm/drm_ioctl.c         | 10 ++++++++--
 drivers/misc/sgi-gru/grukdump.c     |  4 ++++
 drivers/s390/char/keyboard.c        | 28 ++++++++++++++++------------
 fs/aio.c                            |  2 ++
 net/ipv4/ipmr.c                     |  4 ++++
 net/ipv6/ip6mr.c                    |  4 ++++
 net/wireless/util.c                 | 34 ++++++++++++++++++++++++----------
 sound/core/pcm.c                    |  2 ++
 sound/core/rawmidi.c                |  2 ++
 sound/core/seq/oss/seq_oss_synth.c  |  7 ++++---
 sound/pci/emu10k1/emufx.c           |  5 +++++
 sound/pci/rme9652/hdsp.c            | 10 ++++++----
 sound/synth/emux/emux_hwdep.c       |  7 +++++--
 virt/kvm/arm/vgic/vgic.c            |  2 +-
 19 files changed, 146 insertions(+), 54 deletions(-)

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Cosmic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Stefan Bader-2
On 10.04.19 09:38, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit 0a4b03deaca7749c26b776ded32d6ea38db0b3ee:
>
>   openvswitch: fix flow actions reallocation (2019-04-08 17:21:25 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/cosmic-linux update-spectre-v1
>
> for you to fetch changes up to 2ff3f1444a12589176e2c628465cdd465b8ffa03:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 09:47:03 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> David S. Miller (1):
>       net: Revert recent Spectre-v1 patches.
>
> Gustavo A. R. Silva (19):
>       drm/bufs: Fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       net: core: Fix Spectre v1 vulnerability
>       phonet: af_phonet: Fix Spectre v1 vulnerability
>       nfc: af_nfc: Fix Spectre v1 vulnerability
>       can: af_can: Fix Spectre v1 vulnerability
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
>  arch/powerpc/kernel/ptrace.c        |  8 +++++++-
>  drivers/char/applicom.c             | 35 ++++++++++++++++++++++++-----------
>  drivers/char/ipmi/ipmi_msghandler.c | 26 ++++++++++++++++++--------
>  drivers/char/mwave/mwavedd.c        |  7 +++++++
>  drivers/gpu/drm/drm_bufs.c          |  3 +++
>  drivers/gpu/drm/drm_ioctl.c         | 10 ++++++++--
>  drivers/misc/sgi-gru/grukdump.c     |  4 ++++
>  drivers/s390/char/keyboard.c        | 28 ++++++++++++++++------------
>  fs/aio.c                            |  2 ++
>  net/ipv4/ipmr.c                     |  4 ++++
>  net/ipv6/ip6mr.c                    |  4 ++++
>  net/wireless/util.c                 | 34 ++++++++++++++++++++++++----------
>  sound/core/pcm.c                    |  2 ++
>  sound/core/rawmidi.c                |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c  |  7 ++++---
>  sound/pci/emu10k1/emufx.c           |  5 +++++
>  sound/pci/rme9652/hdsp.c            | 10 ++++++----
>  sound/synth/emux/emux_hwdep.c       |  7 +++++--
>  virt/kvm/arm/vgic/vgic.c            |  2 +-
>  19 files changed, 146 insertions(+), 54 deletions(-)
>
Acked-by: Stefan Bader <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Cosmic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Kleber Souza
In reply to this post by Juerg Haefliger
On 4/10/19 9:38 AM, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit 0a4b03deaca7749c26b776ded32d6ea38db0b3ee:
>
>   openvswitch: fix flow actions reallocation (2019-04-08 17:21:25 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/cosmic-linux update-spectre-v1
>
> for you to fetch changes up to 2ff3f1444a12589176e2c628465cdd465b8ffa03:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 09:47:03 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> David S. Miller (1):
>       net: Revert recent Spectre-v1 patches.
>
> Gustavo A. R. Silva (19):
>       drm/bufs: Fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       net: core: Fix Spectre v1 vulnerability
>       phonet: af_phonet: Fix Spectre v1 vulnerability
>       nfc: af_nfc: Fix Spectre v1 vulnerability
>       can: af_can: Fix Spectre v1 vulnerability
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
>  arch/powerpc/kernel/ptrace.c        |  8 +++++++-
>  drivers/char/applicom.c             | 35 ++++++++++++++++++++++++-----------
>  drivers/char/ipmi/ipmi_msghandler.c | 26 ++++++++++++++++++--------
>  drivers/char/mwave/mwavedd.c        |  7 +++++++
>  drivers/gpu/drm/drm_bufs.c          |  3 +++
>  drivers/gpu/drm/drm_ioctl.c         | 10 ++++++++--
>  drivers/misc/sgi-gru/grukdump.c     |  4 ++++
>  drivers/s390/char/keyboard.c        | 28 ++++++++++++++++------------
>  fs/aio.c                            |  2 ++
>  net/ipv4/ipmr.c                     |  4 ++++
>  net/ipv6/ip6mr.c                    |  4 ++++
>  net/wireless/util.c                 | 34 ++++++++++++++++++++++++----------
>  sound/core/pcm.c                    |  2 ++
>  sound/core/rawmidi.c                |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c  |  7 ++++---
>  sound/pci/emu10k1/emufx.c           |  5 +++++
>  sound/pci/rme9652/hdsp.c            | 10 ++++++----
>  sound/synth/emux/emux_hwdep.c       |  7 +++++--
>  virt/kvm/arm/vgic/vgic.c            |  2 +-
>  19 files changed, 146 insertions(+), 54 deletions(-)
>

Acked-by: Kleber Sacilotto de Souza <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED: [SRU][Cosmic][PULL] Updates for Spectre v1 (CVE-2017-5753)

Stefan Bader-2
In reply to this post by Juerg Haefliger
On 10.04.19 09:38, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit 0a4b03deaca7749c26b776ded32d6ea38db0b3ee:
>
>   openvswitch: fix flow actions reallocation (2019-04-08 17:21:25 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/cosmic-linux update-spectre-v1
>
> for you to fetch changes up to 2ff3f1444a12589176e2c628465cdd465b8ffa03:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 09:47:03 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> David S. Miller (1):
>       net: Revert recent Spectre-v1 patches.
>
> Gustavo A. R. Silva (19):
>       drm/bufs: Fix Spectre v1 vulnerability
>       drivers/misc/sgi-gru: fix Spectre v1 vulnerability
>       ipv4: Fix potential Spectre v1 vulnerability
>       ALSA: emux: Fix potential Spectre v1 vulnerabilities
>       ALSA: pcm: Fix potential Spectre v1 vulnerability
>       ip6mr: Fix potential Spectre v1 vulnerability
>       ALSA: rme9652: Fix potential Spectre v1 vulnerability
>       ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
>       KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
>       drm/ioctl: Fix Spectre v1 vulnerabilities
>       net: core: Fix Spectre v1 vulnerability
>       phonet: af_phonet: Fix Spectre v1 vulnerability
>       nfc: af_nfc: Fix Spectre v1 vulnerability
>       can: af_can: Fix Spectre v1 vulnerability
>       char/mwave: fix potential Spectre v1 vulnerability
>       applicom: Fix potential Spectre v1 vulnerabilities
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeff Moyer (1):
>       aio: fix spectre gadget in lookup_ioctx
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
>  arch/powerpc/kernel/ptrace.c        |  8 +++++++-
>  drivers/char/applicom.c             | 35 ++++++++++++++++++++++++-----------
>  drivers/char/ipmi/ipmi_msghandler.c | 26 ++++++++++++++++++--------
>  drivers/char/mwave/mwavedd.c        |  7 +++++++
>  drivers/gpu/drm/drm_bufs.c          |  3 +++
>  drivers/gpu/drm/drm_ioctl.c         | 10 ++++++++--
>  drivers/misc/sgi-gru/grukdump.c     |  4 ++++
>  drivers/s390/char/keyboard.c        | 28 ++++++++++++++++------------
>  fs/aio.c                            |  2 ++
>  net/ipv4/ipmr.c                     |  4 ++++
>  net/ipv6/ip6mr.c                    |  4 ++++
>  net/wireless/util.c                 | 34 ++++++++++++++++++++++++----------
>  sound/core/pcm.c                    |  2 ++
>  sound/core/rawmidi.c                |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c  |  7 ++++---
>  sound/pci/emu10k1/emufx.c           |  5 +++++
>  sound/pci/rme9652/hdsp.c            | 10 ++++++----
>  sound/synth/emux/emux_hwdep.c       |  7 +++++--
>  virt/kvm/arm/vgic/vgic.c            |  2 +-
>  19 files changed, 146 insertions(+), 54 deletions(-)
>
Applied to cosmic/master-next. Thanks.

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment