[PATCH v6 00/13] spectre variant1 mitigations for tip/x86/pti

From: Dan Williams
Date: Mon Jan 29 2018 - 20:11:23 EST


Hi Thomas, Ingo,

Here is another spin of the Spectre variant1 mitigations.

Changes since v5 [1]:
* Use the _nospec suffix for all new infrastructure, i.e.
s/ifence/barrier_nospec/, s/array_idx/array_index_nospec/,
and s/array_idx_mask/array_index_mask_nospec/. (Ingo)

* Fix up array_index_mask_nospec() to have a proper kernel doc comment
(Thomas)

* Fix up copyright attribution in include/linux/nospec.h (Ingo)

* Spell out 'index' and 'size' throughout the patch set rather than
'idx' and 'sz'. (Ingo).

* Clarify placement of barrier_nospec() relative to stac() in
__uaccess_begin_nospec() (Ingo)

* Drop the syscall fast path elimination patch out of this series since
Andy is handling that separately. (Andy)

* Simplify the x86 array_index_mask_nospec() assembly, no need for a
separate 32-bit version (Ingo)

* Clarify that the 'cmp, sbb' sequence in the get_user_<size> variants
are effectively open coded array_index_nospec() instances where the
array base is the user pointer and the array limit is the task address
limit. (Ingo)

* Replace '<function identifier>' with <function identifier>()
throughout the series. (Ingo)

* Comment and whitespace fixups in asm/barrier.h (Ingo)

* Split the definition of barrier_nospec() into its own patch separate
from its new usages with __uaccess_begin_nospec(). (Ingo)

* Split the __uaccess_begin_nospec() patch into one that cleans up open
coded stac/clac usage and one that uses the new
__uaccess_begin_nospec() helper. (Ingo)

* Change the contents of the 'bug/spectre_v1' sysfs file to:
"Mitigation: __user pointer sanitization" since these changes do raise
the kernel's defenses. (Ingo)

[1]: https://www.spinics.net/lists/linux-arch/msg44193.html

---

Dan Williams (12):
array_index_nospec: sanitize speculative array de-references
x86: implement array_index_mask_nospec
x86: introduce barrier_nospec
x86: introduce __uaccess_begin_nospec
x86, usercopy: replace open coded stac/clac with __uaccess_{begin,end}
x86, __get_user: use __uaccess_begin_nospec
x86, get_user: use pointer masking to limit speculation
x86: sanitize syscall table de-references under speculation
vfs, fdtable: prevent bounds-check bypass via speculative execution
kvm, x86: update spectre-v1 mitigation
nl80211: sanitize array index in parse_txq_params
x86/spectre: report get_user mitigation for spectre_v1

Mark Rutland (1):
Documentation: document array_index_nospec


Documentation/speculation.txt | 90 +++++++++++++++++++++++++++++++++++++
arch/x86/entry/common.c | 5 ++
arch/x86/include/asm/barrier.h | 28 ++++++++++++
arch/x86/include/asm/msr.h | 3 -
arch/x86/include/asm/uaccess.h | 15 +++++-
arch/x86/include/asm/uaccess_32.h | 6 +-
arch/x86/include/asm/uaccess_64.h | 12 ++---
arch/x86/kernel/cpu/bugs.c | 2 -
arch/x86/kvm/vmx.c | 14 ++++--
arch/x86/lib/getuser.S | 10 ++++
arch/x86/lib/usercopy_32.c | 8 ++-
include/linux/fdtable.h | 5 ++
include/linux/nospec.h | 72 ++++++++++++++++++++++++++++++
net/wireless/nl80211.c | 9 ++--
14 files changed, 251 insertions(+), 28 deletions(-)
create mode 100644 Documentation/speculation.txt
create mode 100644 include/linux/nospec.h