# git rev-parse -q --verify 7e1ed4da4a16e035a76001461fbd75c453b73206^{commit} 7e1ed4da4a16e035a76001461fbd75c453b73206 already have revision, skipping fetch # git checkout -q -f -B kisskb 7e1ed4da4a16e035a76001461fbd75c453b73206 # git clean -qxdf # < git log -1 # commit 7e1ed4da4a16e035a76001461fbd75c453b73206 # Author: Breno Leitao # Date: Wed Jan 30 10:46:00 2019 -0200 # # powerpc/ptrace: Mitigate potential Spectre v1 # # 'regno' is directly controlled by user space, hence leading to a potential # exploitation of the Spectre variant 1 vulnerability. # # On PTRACE_SETREGS and PTRACE_GETREGS requests, user space passes the # register number that would be read or written. This register number is # called 'regno' which is part of the 'addr' syscall parameter. # # This 'regno' value is checked against the maximum pt_regs structure size, # and then used to dereference it, which matches the initial part of a # Spectre v1 (and Spectre v1.1) attack. The dereferenced value, then, # is returned to userspace in the GETREGS case. # # This patch sanitizes 'regno' before using it to dereference pt_reg. # # Notice that given that speculation windows are large, the policy is # to kill the speculation on the first load and not worry if it can be # completed with a dependent load/store [1]. # # [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 # # Signed-off-by: Breno Leitao # Acked-by: Gustavo A. R. Silva # Signed-off-by: Michael Ellerman # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-ld --version # < git log --format=%s --max-count=1 7e1ed4da4a16e035a76001461fbd75c453b73206 # < make -s -j 80 ARCH=powerpc O=/kisskb/build/powerpc-next_44x_sequoia_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- 44x/sequoia_defconfig # make -s -j 80 ARCH=powerpc O=/kisskb/build/powerpc-next_44x_sequoia_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:186:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:65:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:339:21: note: 'pdeo' was declared here /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq': /kisskb/src/drivers/tty/serial/8250/8250_core.c:247:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c:227:19: note: 'i' was declared here INFO: Uncompressed kernel (size 0x46d894) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x500000) Image Name: Linux-5.0.0-rc2-g7e1ed4da4a16 Created: Wed Feb 6 00:47:26 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2253647 Bytes = 2200.83 KiB = 2.15 MiB Load Address: 00500000 Entry Point: 005014e0 Completed OK # rm -rf /kisskb/build/powerpc-next_44x_sequoia_defconfig_powerpc-gcc4.6 # Build took: 0:00:33.253517