** Description changed: - Upstream's Spectre v1 mitigation prevents speculation on a user - controlled pointer. This part of the Spectre v1 patchset was never - backported to 4.4 (for unknown reasons) so Xenial is lacking it as well. - All the other stable upstream kernels include it, so add it to Xenial. - Specifically, the following patches are needed: + == SRU Justification == + Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. - c7f631cb07e7 x86/get_user: Use pointer masking to limit speculation - 304ec1b05031 x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec - b5c4ae4f3532 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} - b3bbfb3fb5d2 x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec + == Fix == + Backport the following patches: + x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec + x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} + x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec + + == Regression Potential == + Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. + + == Test Case == + TBD.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1775137 Title: Prevent speculation on user controlled pointer Status in linux package in Ubuntu: Incomplete Bug description: == SRU Justification == Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other stable upstream kernels include it, so add it to our older kernels. == Fix == Backport the following patches: x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec == Regression Potential == Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp