[SRU][Xenial][PULL] Updates for Spectre v1 (CVE-2017-5753)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Xenial][PULL] Updates for Spectre v1 (CVE-2017-5753)

Juerg Haefliger
This pull request contains fix(es) for the following CVE(s):
  CVE-2017-5753

Pull in the latest Spectre v1 fixes from mainline. All commits are either
clean cherry-picks or simple backports (context adjustments only).

The changes are fairly trivial and non-intrusive (low risk) in that they
sprinkle array_index_nospec() calls over different places where an array
index is user controllable.

Compile-tested all supported architectures.

Signed-off-by: Juerg Haefliger <[hidden email]>
---

The following changes since commit 4a18c9eb9b143743de8a54ffd31be81652d9ee93:

  Revert "module: Add retpoline tag to VERMAGIC" (2019-04-09 08:32:15 +0200)

are available in the Git repository at:

  git://git.launchpad.net/~juergh/+git/xenial-linux update-spectre-v1

for you to fetch changes up to 7b3e7388ac9296c2af6e025d1534ef4675d059aa:

  ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 08:34:34 +0200)

----------------------------------------------------------------
Breno Leitao (1):
      powerpc/ptrace: Mitigate potential Spectre v1

Gustavo A. R. Silva (4):
      hwmon: (nct6775) Fix potential Spectre v1
      ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
      ALSA: rawmidi: Fix potential Spectre v1 vulnerability
      ALSA: seq: oss: Fix Spectre v1 vulnerability

Jeremy Cline (2):
      net: socket: Fix potential spectre v1 gadget in sock_is_registered
      net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()

Jinbum Park (2):
      pktcdvd: Fix possible Spectre-v1 for pkt_devs
      mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom

Johannes Berg (1):
      cfg80211: prevent speculation on cfg80211_classify8021d() return

Mark Rutland (2):
      arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
      arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()

Martin Schwidefsky (1):
      s390/keyboard: sanitize array index in do_kdsk_ioctl

Masashi Honma (1):
      nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT

Mauro Carvalho Chehab (1):
      media: dvb_ca_en50221: prevent using slot_info for Spectre attacs

Peter Zijlstra (1):
      sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]

Thomas Gleixner (1):
      posix-timers: Protect posix clock array access against speculation

 arch/arm64/kernel/ptrace.c              | 33 +++++++++++++++++++++------------
 arch/powerpc/kernel/ptrace.c            |  8 +++++++-
 drivers/block/pktcdvd.c                 |  3 +++
 drivers/char/ipmi/ipmi_msghandler.c     |  6 ++++++
 drivers/hwmon/nct6775.c                 |  2 ++
 drivers/media/dvb-core/dvb_ca_en50221.c |  5 +++++
 drivers/net/wireless/mac80211_hwsim.c   |  4 ++++
 drivers/s390/char/keyboard.c            | 28 ++++++++++++++++------------
 kernel/sched/auto_group.c               |  7 +++++--
 kernel/time/posix-timers.c              | 11 ++++++++---
 net/core/sock_diag.c                    |  2 ++
 net/wireless/nl80211.c                  |  1 +
 net/wireless/util.c                     | 33 +++++++++++++++++++++++----------
 sound/core/rawmidi.c                    |  2 ++
 sound/core/seq/oss/seq_oss_synth.c      |  7 ++++---
 15 files changed, 109 insertions(+), 43 deletions(-)

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Xenial][PULL] Updates for Spectre v1 (CVE-2017-5753)

Stefan Bader-2
On 10.04.19 14:00, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit 4a18c9eb9b143743de8a54ffd31be81652d9ee93:
>
>   Revert "module: Add retpoline tag to VERMAGIC" (2019-04-09 08:32:15 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/xenial-linux update-spectre-v1
>
> for you to fetch changes up to 7b3e7388ac9296c2af6e025d1534ef4675d059aa:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 08:34:34 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> Gustavo A. R. Silva (4):
>       hwmon: (nct6775) Fix potential Spectre v1
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeremy Cline (2):
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Mark Rutland (2):
>       arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> Masashi Honma (1):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
>
> Peter Zijlstra (1):
>       sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
>
> Thomas Gleixner (1):
>       posix-timers: Protect posix clock array access against speculation
>
>  arch/arm64/kernel/ptrace.c              | 33 +++++++++++++++++++++------------
>  arch/powerpc/kernel/ptrace.c            |  8 +++++++-
>  drivers/block/pktcdvd.c                 |  3 +++
>  drivers/char/ipmi/ipmi_msghandler.c     |  6 ++++++
>  drivers/hwmon/nct6775.c                 |  2 ++
>  drivers/media/dvb-core/dvb_ca_en50221.c |  5 +++++
>  drivers/net/wireless/mac80211_hwsim.c   |  4 ++++
>  drivers/s390/char/keyboard.c            | 28 ++++++++++++++++------------
>  kernel/sched/auto_group.c               |  7 +++++--
>  kernel/time/posix-timers.c              | 11 ++++++++---
>  net/core/sock_diag.c                    |  2 ++
>  net/wireless/nl80211.c                  |  1 +
>  net/wireless/util.c                     | 33 +++++++++++++++++++++++----------
>  sound/core/rawmidi.c                    |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c      |  7 ++++---
>  15 files changed, 109 insertions(+), 43 deletions(-)
>
Acked-by: Stefan Bader <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Xenial][PULL] Updates for Spectre v1 (CVE-2017-5753)

Kleber Souza
In reply to this post by Juerg Haefliger
On 4/10/19 2:00 PM, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit 4a18c9eb9b143743de8a54ffd31be81652d9ee93:
>
>   Revert "module: Add retpoline tag to VERMAGIC" (2019-04-09 08:32:15 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/xenial-linux update-spectre-v1
>
> for you to fetch changes up to 7b3e7388ac9296c2af6e025d1534ef4675d059aa:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 08:34:34 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> Gustavo A. R. Silva (4):
>       hwmon: (nct6775) Fix potential Spectre v1
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeremy Cline (2):
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Mark Rutland (2):
>       arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> Masashi Honma (1):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
>
> Peter Zijlstra (1):
>       sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
>
> Thomas Gleixner (1):
>       posix-timers: Protect posix clock array access against speculation
>
>  arch/arm64/kernel/ptrace.c              | 33 +++++++++++++++++++++------------
>  arch/powerpc/kernel/ptrace.c            |  8 +++++++-
>  drivers/block/pktcdvd.c                 |  3 +++
>  drivers/char/ipmi/ipmi_msghandler.c     |  6 ++++++
>  drivers/hwmon/nct6775.c                 |  2 ++
>  drivers/media/dvb-core/dvb_ca_en50221.c |  5 +++++
>  drivers/net/wireless/mac80211_hwsim.c   |  4 ++++
>  drivers/s390/char/keyboard.c            | 28 ++++++++++++++++------------
>  kernel/sched/auto_group.c               |  7 +++++--
>  kernel/time/posix-timers.c              | 11 ++++++++---
>  net/core/sock_diag.c                    |  2 ++
>  net/wireless/nl80211.c                  |  1 +
>  net/wireless/util.c                     | 33 +++++++++++++++++++++++----------
>  sound/core/rawmidi.c                    |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c      |  7 ++++---
>  15 files changed, 109 insertions(+), 43 deletions(-)
>

Acked-by: Kleber Sacilotto de Souza <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED: [SRU][Xenial][PULL] Updates for Spectre v1 (CVE-2017-5753)

Kleber Souza
In reply to this post by Juerg Haefliger
On 4/10/19 2:00 PM, Juerg Haefliger wrote:

> This pull request contains fix(es) for the following CVE(s):
>   CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>
> The following changes since commit 4a18c9eb9b143743de8a54ffd31be81652d9ee93:
>
>   Revert "module: Add retpoline tag to VERMAGIC" (2019-04-09 08:32:15 +0200)
>
> are available in the Git repository at:
>
>   git://git.launchpad.net/~juergh/+git/xenial-linux update-spectre-v1
>
> for you to fetch changes up to 7b3e7388ac9296c2af6e025d1534ef4675d059aa:
>
>   ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 08:34:34 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
>       powerpc/ptrace: Mitigate potential Spectre v1
>
> Gustavo A. R. Silva (4):
>       hwmon: (nct6775) Fix potential Spectre v1
>       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
>       ALSA: rawmidi: Fix potential Spectre v1 vulnerability
>       ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeremy Cline (2):
>       net: socket: Fix potential spectre v1 gadget in sock_is_registered
>       net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
>
> Jinbum Park (2):
>       pktcdvd: Fix possible Spectre-v1 for pkt_devs
>       mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
>
> Johannes Berg (1):
>       cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Mark Rutland (2):
>       arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
>       arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
>
> Martin Schwidefsky (1):
>       s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> Masashi Honma (1):
>       nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
>
> Mauro Carvalho Chehab (1):
>       media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
>
> Peter Zijlstra (1):
>       sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
>
> Thomas Gleixner (1):
>       posix-timers: Protect posix clock array access against speculation
>
>  arch/arm64/kernel/ptrace.c              | 33 +++++++++++++++++++++------------
>  arch/powerpc/kernel/ptrace.c            |  8 +++++++-
>  drivers/block/pktcdvd.c                 |  3 +++
>  drivers/char/ipmi/ipmi_msghandler.c     |  6 ++++++
>  drivers/hwmon/nct6775.c                 |  2 ++
>  drivers/media/dvb-core/dvb_ca_en50221.c |  5 +++++
>  drivers/net/wireless/mac80211_hwsim.c   |  4 ++++
>  drivers/s390/char/keyboard.c            | 28 ++++++++++++++++------------
>  kernel/sched/auto_group.c               |  7 +++++--
>  kernel/time/posix-timers.c              | 11 ++++++++---
>  net/core/sock_diag.c                    |  2 ++
>  net/wireless/nl80211.c                  |  1 +
>  net/wireless/util.c                     | 33 +++++++++++++++++++++++----------
>  sound/core/rawmidi.c                    |  2 ++
>  sound/core/seq/oss/seq_oss_synth.c      |  7 ++++---
>  15 files changed, 109 insertions(+), 43 deletions(-)
>

Applied to xenial/master-next branch.

Thanks,
Kleber

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team