# git rev-parse -q --verify 7e1ed4da4a16e035a76001461fbd75c453b73206^{commit} 7e1ed4da4a16e035a76001461fbd75c453b73206 already have revision, skipping fetch # git checkout -q -f -B kisskb 7e1ed4da4a16e035a76001461fbd75c453b73206 # git clean -qxdf # < git log -1 # commit 7e1ed4da4a16e035a76001461fbd75c453b73206 # Author: Breno Leitao # Date: Wed Jan 30 10:46:00 2019 -0200 # # powerpc/ptrace: Mitigate potential Spectre v1 # # 'regno' is directly controlled by user space, hence leading to a potential # exploitation of the Spectre variant 1 vulnerability. # # On PTRACE_SETREGS and PTRACE_GETREGS requests, user space passes the # register number that would be read or written. This register number is # called 'regno' which is part of the 'addr' syscall parameter. # # This 'regno' value is checked against the maximum pt_regs structure size, # and then used to dereference it, which matches the initial part of a # Spectre v1 (and Spectre v1.1) attack. The dereferenced value, then, # is returned to userspace in the GETREGS case. # # This patch sanitizes 'regno' before using it to dereference pt_reg. # # Notice that given that speculation windows are large, the policy is # to kill the speculation on the first load and not worry if it can be # completed with a dependent load/store [1]. # # [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 # # Signed-off-by: Breno Leitao # Acked-by: Gustavo A. R. Silva # Signed-off-by: Michael Ellerman # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 7e1ed4da4a16e035a76001461fbd75c453b73206 # < make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-next_52xx_lite5200b_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- 52xx/lite5200b_defconfig # make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-next_52xx_lite5200b_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- /kisskb/src/arch/powerpc/platforms/52xx/lite5200_sleep.S: Assembler messages: /kisskb/src/arch/powerpc/platforms/52xx/lite5200_sleep.S:184: Warning: invalid register expression INFO: Uncompressed kernel (size 0x4dd27c) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x500000) INFO: Uncompressed kernel (size 0x4dd27c) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x500000) INFO: Uncompressed kernel (size 0x4ccb98) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x500000) Image Name: Linux-5.0.0-rc2-g7e1ed4da4a16 Created: Wed Feb 6 01:34:52 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2461045 Bytes = 2403.36 KiB = 2.35 MiB Load Address: 00000000 Entry Point: 00000000 Image Name: Linux-5.0.0-rc2-g7e1ed4da4a16 Created: Wed Feb 6 01:34:52 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2490659 Bytes = 2432.28 KiB = 2.38 MiB Load Address: 00500000 Entry Point: 00500284 Image Name: Linux-5.0.0-rc2-g7e1ed4da4a16 Created: Wed Feb 6 01:34:52 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2491212 Bytes = 2432.82 KiB = 2.38 MiB Load Address: 00500000 Entry Point: 00500284 Completed OK # rm -rf /kisskb/build/powerpc-next_52xx_lite5200b_defconfig_powerpc-gcc5 # Build took: 0:00:42.207724