For Trusty 3.13, add the following patches: * UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() * UBUNTU: SAUCE: Rename osb() to barrier_nospec() * UBUNTU: SAUCE: Replace osb() calls with array_index_nospec() * nospec: Kill array_index_nospec_mask_check() * nospec: Move array_index_nospec() parameter checking into separate macro * nospec: Allow index argument to have const-qualified type * x86/kvm: Update spectre-v1 mitigation * x86/spectre: Report get_user mitigation for spectre_v1 * nl80211: Sanitize array index in parse_txq_params * vfs, fdtable: Prevent bounds-check bypass via speculative execution * x86/syscall: Sanitize syscall table de-references under speculation * x86/get_user: Use pointer masking to limit speculation * x86: Introduce barrier_nospec * x86: Implement array_index_mask_nospec * array_index_nospec: Sanitize speculative array de-references * Documentation: Document array_index_nospec
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Committed Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
