Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 346edd61ce1ce5f2a2a3e81518d86b2b239ed4d4
commit346edd61ce1ce5f2a2a3e81518d86b2b239ed4d4[log] [tgz]
authorMark Rutland <mark.rutland@arm.com>Thu Apr 12 12:11:03 2018 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Apr 20 08:20:43 2018 +0200
treeee4b0c5784b5f97d69b8a2fad1a478d1408f9216
parentf3ed64a6273ebdc1ddf22262c4e5f724688b7393 [diff]
arm64: uaccess: Prevent speculative use of the current addr_limit


From: Will Deacon <will.deacon@arm.com>

commit c2f0ad4fc089cff81cef6a13d04b399980ecbfcc upstream.

A mispredicted conditional call to set_fs could result in the wrong
addr_limit being forwarded under speculation to a subsequent access_ok
check, potentially forming part of a spectre-v1 attack using uaccess
routines.

This patch prevents this forwarding from taking place, but putting heavy
barriers in set_fs after writing the addr_limit.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com> [v4.9 backport]
Tested-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: ee4b0c5784b5f97d69b8a2fad1a478d1408f9216
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS