linux/arch/powerpc
Linus Torvalds dda3f4252e powerpc fixes for CVE-2020-4788
From Daniel's cover letter:
 
 IBM Power9 processors can speculatively operate on data in the L1 cache
 before it has been completely validated, via a way-prediction mechanism. It
 is not possible for an attacker to determine the contents of impermissible
 memory using this method, since these systems implement a combination of
 hardware and software security measures to prevent scenarios where
 protected data could be leaked.
 
 However these measures don't address the scenario where an attacker induces
 the operating system to speculatively execute instructions using data that
 the attacker controls. This can be used for example to speculatively bypass
 "kernel user access prevention" techniques, as discovered by Anthony
 Steinhauser of Google's Safeside Project. This is not an attack by itself,
 but there is a possibility it could be used in conjunction with
 side-channels or other weaknesses in the privileged code to construct an
 attack.
 
 This issue can be mitigated by flushing the L1 cache between privilege
 boundaries of concern.
 
 This patch series flushes the L1 cache on kernel entry (patch 2) and after the
 kernel performs any user accesses (patch 3). It also adds a self-test and
 performs some related cleanups.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl+2aqETHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgG+hD/4njSFct2amqWfqDYR9b2OykWmnMQXn
 geookk5SbItQF7vh1q2SVA6r43s5ZAxgD5fezx4LgG6p3QU39+Tr0RhzUUHWMPDV
 UNGZK6x/N/GSYeq0bqvMHmVwS0FDjPE8nOtA8Hn2T9mUUsu9G0okpgYPLnEu6rb1
 gIyS35zlLBh9obi3MfJzyln/AmCE7hdonKRtLAxvGiERJAyfAG757lrdjrwavyHy
 mwz+XPl5PF88jfO5cbcZT9gNHmZZPzVsOVwNcstCh2FcwuePv9dWe1pxsBxxKqP5
 UXceXPcKM7VlRNmehimq7q/hfbget4RJGGKYPNXeKHOo6yfy7lJPiQV4h+5z2pSs
 SPP2fQQPq0aubmcO23CXFtZl4WRHQ4pax6opepnpIfC2vZ0HLXJtPrhMKcbFJNTo
 qPis6HWQPpIuI6l4MJfs+YO9ETxCR31Yd28qFAfPFoHlnQZTfx6NPhw8HKxTbSh2
 Svr4X6Y14j3UsQgLTCArCXWAG/hlfRwxDZJ4AvR9EU0HJGDyZ45Y+LTD1N8bbsny
 zcYfPqWGPIanLcNPNFYIQwDZo7ff08KdmngUvf/Q9om60mP1hsPJMHf6VhPXj4fC
 2TZ11fORssSlBSNtIkFkbjEG+aiWtWnz3fN3uSyT50rgGwtDHJzVzLiUWHlZKcxW
 X73YdxuT8fqQwg==
 =Yibq
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Fixes for CVE-2020-4788.

  From Daniel's cover letter:

  IBM Power9 processors can speculatively operate on data in the L1
  cache before it has been completely validated, via a way-prediction
  mechanism. It is not possible for an attacker to determine the
  contents of impermissible memory using this method, since these
  systems implement a combination of hardware and software security
  measures to prevent scenarios where protected data could be leaked.

  However these measures don't address the scenario where an attacker
  induces the operating system to speculatively execute instructions
  using data that the attacker controls. This can be used for example to
  speculatively bypass "kernel user access prevention" techniques, as
  discovered by Anthony Steinhauser of Google's Safeside Project. This
  is not an attack by itself, but there is a possibility it could be
  used in conjunction with side-channels or other weaknesses in the
  privileged code to construct an attack.

  This issue can be mitigated by flushing the L1 cache between privilege
  boundaries of concern.

  This patch series flushes the L1 cache on kernel entry (patch 2) and
  after the kernel performs any user accesses (patch 3). It also adds a
  self-test and performs some related cleanups"

* tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations
  selftests/powerpc: refactor entry and rfi_flush tests
  selftests/powerpc: entry flush test
  powerpc: Only include kup-radix.h for 64-bit Book3S
  powerpc/64s: flush L1D after user accesses
  powerpc/64s: flush L1D on kernel entry
  selftests/powerpc: rfi_flush: disable entry flush if present
2020-11-19 11:32:31 -08:00
..
boot powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
configs powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
crypto crypto: powerpc/crc-vpmsum_test - Fix sparse endianness warning 2020-09-04 17:57:15 +10:00
include powerpc fixes for CVE-2020-4788 2020-11-19 11:32:31 -08:00
kernel powerpc fixes for CVE-2020-4788 2020-11-19 11:32:31 -08:00
kexec arch, drivers: replace for_each_membock() with for_each_mem_range() 2020-10-13 18:38:35 -07:00
kvm treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
lib powerpc/64s: flush L1D after user accesses 2020-11-19 23:47:18 +11:00
math-emu
mm powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
net bpf, powerpc: Fix misuse of fallthrough in bpf_jit_comp() 2020-09-29 16:39:11 +02:00
oprofile powerpc/oprofile: fix spelling mistake "contex" -> "context" 2020-08-25 01:31:33 +10:00
perf perf/arch: Remove perf_sample_data::regs_user_copy 2020-11-09 18:12:34 +01:00
platforms powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations 2020-11-19 23:47:25 +11:00
purgatory powerpc/kexec_file: Enable early kernel OPAL calls 2020-07-29 23:47:55 +10:00
sysdev powerpc/xive: Make debug routines static 2020-09-18 20:05:25 +10:00
tools powerpc/tools: Remove 90 line limit in checkpatch script 2020-09-08 22:57:11 +10:00
xmon powerpc/watchpoint: Add hw_len wherever missing 2020-09-15 22:13:20 +10:00
Kbuild
Kconfig powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
Kconfig.debug powerpc: Remove Xilinx PPC405/PPC440 support 2020-05-28 23:24:34 +10:00
Makefile Kbuild updates for v5.10 2020-10-22 13:13:57 -07:00
Makefile.postlink powerpc: unrel_branch_check.sh: use nm to find symbol value 2020-09-02 11:00:22 +10:00