Re: Patch "powerpc/64s: flush L1D after user accesses" has been added to the 4.4-stable tree
From: Greg KH
Date: Tue Nov 24 2020 - 01:06:32 EST
On Tue, Nov 24, 2020 at 11:18:05AM +0800, yangerkun wrote:
>
>
> 在 2020/11/20 15:30, gregkh@xxxxxxxxxxxxxxxxxxx 写道:
> >
> > This is a note to let you know that I've just added the patch titled
> >
> > powerpc/64s: flush L1D after user accesses
> >
> > to the 4.4-stable tree which can be found at:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >
> > The filename of the patch is:
> > powerpc-64s-flush-l1d-after-user-accesses.patch
> > and it can be found in the queue-4.4 subdirectory.
> >
> > If you, or anyone else, feels it should not be added to the stable tree,
> > please let <stable@xxxxxxxxxxxxxxx> know about it.
> >
> >
> > > > From foo@baz Fri Nov 20 08:28:41 AM CET 2020
> > From: Daniel Axtens <dja@xxxxxxxxxx>
> > Date: Fri, 20 Nov 2020 11:07:04 +1100
> > Subject: powerpc/64s: flush L1D after user accesses
> > To: stable@xxxxxxxxxxxxxxx
> > Cc: dja@xxxxxxxxxx
> > Message-ID: <20201120000704.374811-9-dja@xxxxxxxxxx>
> >
> > From: Nicholas Piggin <npiggin@xxxxxxxxx>
> >
> > commit 9a32a7e78bd0cd9a9b6332cbdc345ee5ffd0c5de upstream.
> >
> > IBM Power9 processors can speculatively operate on data in the L1 cache before
> > it has been completely validated, via a way-prediction mechanism. It is not possible
> > for an attacker to determine the contents of impermissible memory using this method,
> > since these systems implement a combination of hardware and software security measures
> > to prevent scenarios where protected data could be leaked.
> >
> > However these measures don't address the scenario where an attacker induces
> > the operating system to speculatively execute instructions using data that the
> > attacker controls. This can be used for example to speculatively bypass "kernel
> > user access prevention" techniques, as discovered by Anthony Steinhauser of
> > Google's Safeside Project. This is not an attack by itself, but there is a possibility
> > it could be used in conjunction with side-channels or other weaknesses in the
> > privileged code to construct an attack.
> >
> > This issue can be mitigated by flushing the L1 cache between privilege boundaries
> > of concern. This patch flushes the L1 cache after user accesses.
> >
> > This is part of the fix for CVE-2020-4788.
> >
> > Signed-off-by: Nicholas Piggin <npiggin@xxxxxxxxx>
> > Signed-off-by: Daniel Axtens <dja@xxxxxxxxxx>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> > ---
> > Documentation/kernel-parameters.txt | 4 +
> > arch/powerpc/include/asm/book3s/64/kup-radix.h | 23 ++++++
> > arch/powerpc/include/asm/feature-fixups.h | 9 ++
> > arch/powerpc/include/asm/kup.h | 4 +
> > arch/powerpc/include/asm/security_features.h | 3
> > arch/powerpc/include/asm/setup.h | 1
> > arch/powerpc/kernel/exceptions-64s.S | 86 +++++++------------------
> > arch/powerpc/kernel/ppc_ksyms.c | 7 ++
> > arch/powerpc/kernel/setup_64.c | 80 +++++++++++++++++++++++
> > arch/powerpc/kernel/vmlinux.lds.S | 7 ++
> > arch/powerpc/lib/feature-fixups.c | 50 ++++++++++++++
> > arch/powerpc/platforms/powernv/setup.c | 7 +-
> > arch/powerpc/platforms/pseries/setup.c | 4 +
> > 13 files changed, 224 insertions(+), 61 deletions(-)
> > create mode 100644 arch/powerpc/include/asm/book3s/64/kup-radix.h
> >
> > --- a/Documentation/kernel-parameters.txt
> > +++ b/Documentation/kernel-parameters.txt
> > @@ -2197,6 +2197,7 @@ bytes respectively. Such letter suffixes
> > mds=off [X86]
> > tsx_async_abort=off [X86]
> > no_entry_flush [PPC]
> > + no_uaccess_flush [PPC]
> > auto (default)
> > Mitigate all CPU vulnerabilities, but leave SMT
> > @@ -2521,6 +2522,9 @@ bytes respectively. Such letter suffixes
> > nospec_store_bypass_disable
> > [HW] Disable all mitigations for the Speculative Store Bypass vulnerability
> > + no_uaccess_flush
> > + [PPC] Don't flush the L1-D cache after accessing user data.
> > +
> > noxsave [BUGS=X86] Disables x86 extended register state save
> > and restore using xsave. The kernel will fallback to
> > enabling legacy floating-point and sse state.
> > --- /dev/null
> > +++ b/arch/powerpc/include/asm/book3s/64/kup-radix.h
> > @@ -0,0 +1,23 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +#ifndef _ASM_POWERPC_BOOK3S_64_KUP_RADIX_H
> > +#define _ASM_POWERPC_BOOK3S_64_KUP_RADIX_H
> > +#include <linux/jump_label.h>
> > +
> > +DECLARE_STATIC_KEY_FALSE(uaccess_flush_key);
> > +
> > +/* Prototype for function defined in exceptions-64s.S */
> > +void do_uaccess_flush(void);
> > +
> > +static __always_inline void allow_user_access(void __user *to, const void __user *from,
> > + unsigned long size)
> > +{
> > +}
> > +
> > +static inline void prevent_user_access(void __user *to, const void __user *from,
>
> Hi,
>
> This will redefine prevent_user_access and lead to compile error...
>
>
> In file included from arch/powerpc/kernel/ppc_ksyms.c:10:0:
> ./arch/powerpc/include/asm/book3s/64/kup-radix.h:11:29: error: redefinition
> of 'allow_user_access'
> static __always_inline void allow_user_access(void __user *to, const void
> __user *from,
> ^~~~~~~~~~~~~~~~~
> In file included from ./arch/powerpc/include/asm/uaccess.h:12:0,
> from arch/powerpc/kernel/ppc_ksyms.c:8:
> ./arch/powerpc/include/asm/kup.h:12:20: note: previous definition of
> 'allow_user_access' was here
> static inline void allow_user_access(void __user *to, const void __user
> *from,
> ^~~~~~~~~~~~~~~~~
> In file included from arch/powerpc/kernel/ppc_ksyms.c:10:0:
> ./arch/powerpc/include/asm/book3s/64/kup-radix.h:16:20: error: redefinition
> of 'prevent_user_access'
> static inline void prevent_user_access(void __user *to, const void __user
> *from,
> ^~~~~~~~~~~~~~~~~~~
> In file included from ./arch/powerpc/include/asm/uaccess.h:12:0,
> from arch/powerpc/kernel/ppc_ksyms.c:8:
> ./arch/powerpc/include/asm/kup.h:14:20: note: previous definition of
> 'prevent_user_access' was here
> static inline void prevent_user_access(void __user *to, const void __user
> *from,
> ^~~~~~~~~~~~~~~~~~~
> make[1]: *** [scripts/Makefile.build:277: arch/powerpc/kernel/ppc_ksyms.o]
> Error 1
> make[1]: *** Waiting for unfinished jobs....
Should be fixed in the -rc releases I just made yesterday, right?
thanks,
greg k-h