# git rev-parse -q --verify 7e1ed4da4a16e035a76001461fbd75c453b73206^{commit} 7e1ed4da4a16e035a76001461fbd75c453b73206 already have revision, skipping fetch # git checkout -q -f -B kisskb 7e1ed4da4a16e035a76001461fbd75c453b73206 # git clean -qxdf # < git log -1 # commit 7e1ed4da4a16e035a76001461fbd75c453b73206 # Author: Breno Leitao # Date: Wed Jan 30 10:46:00 2019 -0200 # # powerpc/ptrace: Mitigate potential Spectre v1 # # 'regno' is directly controlled by user space, hence leading to a potential # exploitation of the Spectre variant 1 vulnerability. # # On PTRACE_SETREGS and PTRACE_GETREGS requests, user space passes the # register number that would be read or written. This register number is # called 'regno' which is part of the 'addr' syscall parameter. # # This 'regno' value is checked against the maximum pt_regs structure size, # and then used to dereference it, which matches the initial part of a # Spectre v1 (and Spectre v1.1) attack. The dereferenced value, then, # is returned to userspace in the GETREGS case. # # This patch sanitizes 'regno' before using it to dereference pt_reg. # # Notice that given that speculation windows are large, the policy is # to kill the speculation on the first load and not worry if it can be # completed with a dependent load/store [1]. # # [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 # # Signed-off-by: Breno Leitao # Acked-by: Gustavo A. R. Silva # Signed-off-by: Michael Ellerman # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 7e1ed4da4a16e035a76001461fbd75c453b73206 # < make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-next_pmac32_defconfig+SMP_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- pmac32_defconfig # Added to kconfig CONFIG_SMP=y # yes \n | make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-next_pmac32_defconfig+SMP_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- oldconfig yes: standard output: Broken pipe # make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-next_pmac32_defconfig+SMP_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- In file included from /kisskb/src/sound/ppc/pmac.h:25:0, from /kisskb/src/sound/ppc/awacs.c:29: /kisskb/src/sound/ppc/awacs.c: In function 'snd_pmac_awacs_init': /kisskb/src/include/sound/control.h:223:9: warning: 'speaker_vol' may be used uninitialized in this function [-Wmaybe-uninitialized] return _snd_ctl_add_slave(master, slave, 0); ^ /kisskb/src/sound/ppc/awacs.c:886:36: note: 'speaker_vol' was declared here struct snd_kcontrol *master_vol, *speaker_vol; ^ INFO: Uncompressed kernel (size 0x958314) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xa00000) Completed OK # rm -rf /kisskb/build/powerpc-next_pmac32_defconfig+SMP_powerpc-gcc5 # Build took: 0:01:26.683422