system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-20 19:17:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/tools
History
Linus Torvalds dda3f4252e powerpc fixes for CVE-2020-4788 
From Daniel's cover letter:
 
 IBM Power9 processors can speculatively operate on data in the L1 cache
 before it has been completely validated, via a way-prediction mechanism. It
 is not possible for an attacker to determine the contents of impermissible
 memory using this method, since these systems implement a combination of
 hardware and software security measures to prevent scenarios where
 protected data could be leaked.
 
 However these measures don't address the scenario where an attacker induces
 the operating system to speculatively execute instructions using data that
 the attacker controls. This can be used for example to speculatively bypass
 "kernel user access prevention" techniques, as discovered by Anthony
 Steinhauser of Google's Safeside Project. This is not an attack by itself,
 but there is a possibility it could be used in conjunction with
 side-channels or other weaknesses in the privileged code to construct an
 attack.
 
 This issue can be mitigated by flushing the L1 cache between privilege
 boundaries of concern.
 
 This patch series flushes the L1 cache on kernel entry (patch 2) and after the
 kernel performs any user accesses (patch 3). It also adds a self-test and
 performs some related cleanups.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl+2aqETHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgG+hD/4njSFct2amqWfqDYR9b2OykWmnMQXn
 geookk5SbItQF7vh1q2SVA6r43s5ZAxgD5fezx4LgG6p3QU39+Tr0RhzUUHWMPDV
 UNGZK6x/N/GSYeq0bqvMHmVwS0FDjPE8nOtA8Hn2T9mUUsu9G0okpgYPLnEu6rb1
 gIyS35zlLBh9obi3MfJzyln/AmCE7hdonKRtLAxvGiERJAyfAG757lrdjrwavyHy
 mwz+XPl5PF88jfO5cbcZT9gNHmZZPzVsOVwNcstCh2FcwuePv9dWe1pxsBxxKqP5
 UXceXPcKM7VlRNmehimq7q/hfbget4RJGGKYPNXeKHOo6yfy7lJPiQV4h+5z2pSs
 SPP2fQQPq0aubmcO23CXFtZl4WRHQ4pax6opepnpIfC2vZ0HLXJtPrhMKcbFJNTo
 qPis6HWQPpIuI6l4MJfs+YO9ETxCR31Yd28qFAfPFoHlnQZTfx6NPhw8HKxTbSh2
 Svr4X6Y14j3UsQgLTCArCXWAG/hlfRwxDZJ4AvR9EU0HJGDyZ45Y+LTD1N8bbsny
 zcYfPqWGPIanLcNPNFYIQwDZo7ff08KdmngUvf/Q9om60mP1hsPJMHf6VhPXj4fC
 2TZ11fORssSlBSNtIkFkbjEG+aiWtWnz3fN3uSyT50rgGwtDHJzVzLiUWHlZKcxW
 X73YdxuT8fqQwg==
 =Yibq
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Fixes for CVE-2020-4788.

  From Daniel's cover letter:

  IBM Power9 processors can speculatively operate on data in the L1
  cache before it has been completely validated, via a way-prediction
  mechanism. It is not possible for an attacker to determine the
  contents of impermissible memory using this method, since these
  systems implement a combination of hardware and software security
  measures to prevent scenarios where protected data could be leaked.

  However these measures don't address the scenario where an attacker
  induces the operating system to speculatively execute instructions
  using data that the attacker controls. This can be used for example to
  speculatively bypass "kernel user access prevention" techniques, as
  discovered by Anthony Steinhauser of Google's Safeside Project. This
  is not an attack by itself, but there is a possibility it could be
  used in conjunction with side-channels or other weaknesses in the
  privileged code to construct an attack.

  This issue can be mitigated by flushing the L1 cache between privilege
  boundaries of concern.

  This patch series flushes the L1 cache on kernel entry (patch 2) and
  after the kernel performs any user accesses (patch 3). It also adds a
  self-test and performs some related cleanups"

* tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations
  selftests/powerpc: refactor entry and rfi_flush tests
  selftests/powerpc: entry flush test
  powerpc: Only include kup-radix.h for 64-bit Book3S
  powerpc/64s: flush L1D after user accesses
  powerpc/64s: flush L1D on kernel entry
  selftests/powerpc: rfi_flush: disable entry flush if present
2020-11-19 11:32:31 -08:00
..
accounting
arch tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' 2020-11-12 17:55:41 -03:00
bootconfig Updates for tracing and bootconfig: 2020-10-15 15:51:28 -07:00
bpf tools/bpftool: Fix attaching flow dissector 2020-11-05 18:20:41 -08:00
build tools feature: Fixup fast path feature detection 2020-11-03 09:24:20 -03:00
cgroup blk-iocost: update iocost_monitor.py 2020-09-01 19:38:33 -06:00
debugging
edid
firewire
firmware
gpio tools: gpio: add debounce support to gpio-event-mon 2020-09-30 10:57:30 +02:00
hv tools: hv: change http to https in hv_kvp_daemon.c 2020-07-06 10:46:23 +00:00
iio iio: add IIO_MOD_O2 modifier 2020-08-22 10:53:12 +01:00
include tools include UAPI: Update linux/mount.h copy 2020-11-03 08:52:11 -03:00
io_uring tools/io_uring: fix compile breakage 2020-09-21 07:50:58 -06:00
kvm/kvm_stat
laptop
leds
lib libbpf: Fix possible use after free in xsk_socket__delete 2020-11-04 21:37:29 +01:00
memory-model tools/memory-model: Expand the cheatsheet.txt notion of relaxed 2020-09-04 11:58:15 -07:00
objtool objtool changes for v5.10: 2020-10-14 10:13:37 -07:00
pci
pcmcia
perf perf test: Avoid an msan warning in a copied stack. 2020-11-16 14:10:58 -03:00
power Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2020-11-10 10:02:31 -08:00
scripts
spi spi: tools: Make default_tx/rx and input_tx static 2020-06-11 16:27:24 +01:00
testing powerpc fixes for CVE-2020-4788 2020-11-19 11:32:31 -08:00
thermal/tmon
time
usb tools: usb: move to tools buildsystem 2020-08-19 14:11:44 +02:00
virtio virtio: fixes, features 2020-08-11 14:34:17 -07:00
vm mm: Add PG_arch_2 page flag 2020-09-04 12:46:06 +01:00
wmi
Makefile bpf: Compile resolve_btfids tool at kernel compilation start 2020-07-13 10:42:02 -07:00