On Tue, Nov 24, 2020 at 11:18:05AM +0800, yangerkun wrote: > > > 在 2020/11/20 15:30, gre...@linuxfoundation.org 写道: > > > > This is a note to let you know that I've just added the patch titled > > > > powerpc/64s: flush L1D after user accesses > > > > to the 4.4-stable tree which can be found at: > > > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > > > The filename of the patch is: > > powerpc-64s-flush-l1d-after-user-accesses.patch > > and it can be found in the queue-4.4 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable tree, > > please let <sta...@vger.kernel.org> know about it. > > > > > > > > From foo@baz Fri Nov 20 08:28:41 AM CET 2020 > > From: Daniel Axtens <d...@axtens.net> > > Date: Fri, 20 Nov 2020 11:07:04 +1100 > > Subject: powerpc/64s: flush L1D after user accesses > > To: sta...@vger.kernel.org > > Cc: d...@axtens.net > > Message-ID: <20201120000704.374811-9-...@axtens.net> > > > > From: Nicholas Piggin <npig...@gmail.com> > > > > commit 9a32a7e78bd0cd9a9b6332cbdc345ee5ffd0c5de upstream. > > > > IBM Power9 processors can speculatively operate on data in the L1 cache > > before > > it has been completely validated, via a way-prediction mechanism. It is not > > possible > > for an attacker to determine the contents of impermissible memory using > > this method, > > since these systems implement a combination of hardware and software > > security measures > > to prevent scenarios where protected data could be leaked. > > > > However these measures don't address the scenario where an attacker induces > > the operating system to speculatively execute instructions using data that > > the > > attacker controls. This can be used for example to speculatively bypass > > "kernel > > user access prevention" techniques, as discovered by Anthony Steinhauser of > > Google's Safeside Project. This is not an attack by itself, but there is a > > possibility > > it could be used in conjunction with side-channels or other weaknesses in > > the > > privileged code to construct an attack. > > > > This issue can be mitigated by flushing the L1 cache between privilege > > boundaries > > of concern. This patch flushes the L1 cache after user accesses. > > > > This is part of the fix for CVE-2020-4788. > > > > Signed-off-by: Nicholas Piggin <npig...@gmail.com> > > Signed-off-by: Daniel Axtens <d...@axtens.net> > > Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> > > --- > > Documentation/kernel-parameters.txt | 4 + > > arch/powerpc/include/asm/book3s/64/kup-radix.h | 23 ++++++ > > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > > arch/powerpc/include/asm/kup.h | 4 + > > arch/powerpc/include/asm/security_features.h | 3 > > arch/powerpc/include/asm/setup.h | 1 > > arch/powerpc/kernel/exceptions-64s.S | 86 > > +++++++------------------ > > arch/powerpc/kernel/ppc_ksyms.c | 7 ++ > > arch/powerpc/kernel/setup_64.c | 80 > > +++++++++++++++++++++++ > > arch/powerpc/kernel/vmlinux.lds.S | 7 ++ > > arch/powerpc/lib/feature-fixups.c | 50 ++++++++++++++ > > arch/powerpc/platforms/powernv/setup.c | 7 +- > > arch/powerpc/platforms/pseries/setup.c | 4 + > > 13 files changed, 224 insertions(+), 61 deletions(-) > > create mode 100644 arch/powerpc/include/asm/book3s/64/kup-radix.h > > > > --- a/Documentation/kernel-parameters.txt > > +++ b/Documentation/kernel-parameters.txt > > @@ -2197,6 +2197,7 @@ bytes respectively. Such letter suffixes > > mds=off [X86] > > tsx_async_abort=off [X86] > > no_entry_flush [PPC] > > + no_uaccess_flush [PPC] > > auto (default) > > Mitigate all CPU vulnerabilities, but leave SMT > > @@ -2521,6 +2522,9 @@ bytes respectively. Such letter suffixes > > nospec_store_bypass_disable > > [HW] Disable all mitigations for the Speculative Store > > Bypass vulnerability > > + no_uaccess_flush > > + [PPC] Don't flush the L1-D cache after accessing user > > data. > > + > > noxsave [BUGS=X86] Disables x86 extended register state save > > and restore using xsave. The kernel will fallback to > > enabling legacy floating-point and sse state. > > --- /dev/null > > +++ b/arch/powerpc/include/asm/book3s/64/kup-radix.h > > @@ -0,0 +1,23 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +#ifndef _ASM_POWERPC_BOOK3S_64_KUP_RADIX_H > > +#define _ASM_POWERPC_BOOK3S_64_KUP_RADIX_H > > +#include <linux/jump_label.h> > > + > > +DECLARE_STATIC_KEY_FALSE(uaccess_flush_key); > > + > > +/* Prototype for function defined in exceptions-64s.S */ > > +void do_uaccess_flush(void); > > + > > +static __always_inline void allow_user_access(void __user *to, const void > > __user *from, > > + unsigned long size) > > +{ > > +} > > + > > +static inline void prevent_user_access(void __user *to, const void __user > > *from, > > Hi, > > This will redefine prevent_user_access and lead to compile error... > > > In file included from arch/powerpc/kernel/ppc_ksyms.c:10:0: > ./arch/powerpc/include/asm/book3s/64/kup-radix.h:11:29: error: redefinition > of 'allow_user_access' > static __always_inline void allow_user_access(void __user *to, const void > __user *from, > ^~~~~~~~~~~~~~~~~ > In file included from ./arch/powerpc/include/asm/uaccess.h:12:0, > from arch/powerpc/kernel/ppc_ksyms.c:8: > ./arch/powerpc/include/asm/kup.h:12:20: note: previous definition of > 'allow_user_access' was here > static inline void allow_user_access(void __user *to, const void __user > *from, > ^~~~~~~~~~~~~~~~~ > In file included from arch/powerpc/kernel/ppc_ksyms.c:10:0: > ./arch/powerpc/include/asm/book3s/64/kup-radix.h:16:20: error: redefinition > of 'prevent_user_access' > static inline void prevent_user_access(void __user *to, const void __user > *from, > ^~~~~~~~~~~~~~~~~~~ > In file included from ./arch/powerpc/include/asm/uaccess.h:12:0, > from arch/powerpc/kernel/ppc_ksyms.c:8: > ./arch/powerpc/include/asm/kup.h:14:20: note: previous definition of > 'prevent_user_access' was here > static inline void prevent_user_access(void __user *to, const void __user > *from, > ^~~~~~~~~~~~~~~~~~~ > make[1]: *** [scripts/Makefile.build:277: arch/powerpc/kernel/ppc_ksyms.o] > Error 1 > make[1]: *** Waiting for unfinished jobs....
Should be fixed in the -rc releases I just made yesterday, right? thanks, greg k-h