github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-14 10:03:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
f0ec2cd031
linux/Documentation
History
Nicholas Piggin 31ebc2fe02 powerpc/64s: flush L1D after user accesses 
commit 9a32a7e78b upstream.

IBM Power9 processors can speculatively operate on data in the L1 cache before
it has been completely validated, via a way-prediction mechanism. It is not possible
for an attacker to determine the contents of impermissible memory using this method,
since these systems implement a combination of hardware and software security measures
to prevent scenarios where protected data could be leaked.

However these measures don't address the scenario where an attacker induces
the operating system to speculatively execute instructions using data that the
attacker controls. This can be used for example to speculatively bypass "kernel
user access prevention" techniques, as discovered by Anthony Steinhauser of
Google's Safeside Project. This is not an attack by itself, but there is a possibility
it could be used in conjunction with side-channels or other weaknesses in the
privileged code to construct an attack.

This issue can be mitigated by flushing the L1 cache between privilege boundaries
of concern. This patch flushes the L1 cache after user accesses.

This is part of the fix for CVE-2020-4788.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-11-22 10:02:26 +01:00
..
ABI iio: improve IIO_CONCENTRATION channel type description 2020-08-19 08:14:54 +02:00
accelerators
accounting
acpi
admin-guide powerpc/64s: flush L1D after user accesses 2020-11-22 10:02:26 +01:00
aoe
arm ARM: 8833/1: Ensure that NEON code always compiles with Clang 2019-04-05 22:33:08 +02:00
arm64 arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 2020-04-29 16:31:08 +02:00
auxdisplay
backlight
block
blockdev
bpf
bus-devices
cdrom
cgroup-v1
cma
connector
console
core-api
cpu-freq
cpuidle
crypto
dev-tools
device-mapper
devicetree dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion 2020-10-01 13:14:43 +02:00
doc-guide
driver-api ata: make qc_prep return ata_completion_errors 2020-10-01 13:14:54 +02:00
driver-model
early-userspace
EDID
extcon
fault-injection
fb
features
filesystems fscrypt: return -EXDEV for incompatible rename or link into encrypted dir 2020-11-05 11:08:35 +01:00
firmware_class
fmc
fpga
gpio
gpu
hid HID: doc: fix wrong data structure reference for UHID_OUTPUT 2019-12-05 09:20:36 +01:00
hwmon
i2c i2c: i801: Add support for Intel Comet Lake 2019-05-04 09:20:15 +02:00
ia64
ide
iio
infiniband
input
ioctl
isdn
kbuild kbuild: support LLVM=1 to switch the default tools to Clang/LLVM 2020-09-26 18:01:32 +02:00
kdump
kernel-hacking
laptops
leds
lightnvm
livepatch
locking
m68k
maintainer
md
media media: videodev2.h: RGB BT2020 and HSV are always full range 2020-11-05 11:08:40 +01:00
memory-devices
mic
mips
misc-devices
mmc
mtd
namespaces
netlabel
networking icmp: randomize the global rate limiter 2020-10-29 09:54:58 +01:00
nfc
nios2
nvdimm
nvmem
openrisc
parisc
PCI
pcmcia
perf
phy
platform
power
powerpc
pps
process stable-kernel-rules.rst: add link to networking patch queue 2019-03-23 20:10:10 +01:00
pti
ptp
rapidio
RCU
riscv
s390
scheduler sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices 2019-11-12 19:20:50 +01:00
scsi
security
serial
sh
sound ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups 2020-04-17 10:48:45 +02:00
sparc
sphinx doc: Cope with Sphinx logging deprecations 2019-06-09 09:17:21 +02:00
sphinx-static
spi
sysctl bpf: add bpf_jit_limit knob to restrict unpriv allocations 2019-05-31 06:46:03 -07:00
target
thermal
timers
trace
translations
usb USB: rio500: Remove Rio 500 kernel driver 2019-10-17 13:44:47 -07:00
userspace-api Documentation: Add section about CPU vulnerabilities for Spectre 2019-07-14 08:11:17 +02:00
virtual x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit 2020-06-22 09:05:12 +02:00
vm
w1
watchdog
wimax
x86 x86/speculation/taa: Add documentation for TSX Async Abort 2019-11-12 19:21:34 +01:00
xtensa
.gitignore
00-INDEX
atomic_bitops.txt
atomic_t.txt x86/atomic: Fix smp_mb__{before,after}_atomic() 2019-07-26 09:14:08 +02:00
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
Changes
clearing-warn-once.txt
CodingStyle
conf.py docs: Fix conf.py for Sphinx 2.0 2019-06-09 09:17:20 +02:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
digsig.txt
DMA-API-HOWTO.txt
DMA-API.txt
DMA-attributes.txt
DMA-ISA-LPC.txt
docutils.conf
dontdiff
efi-stub.txt
eisa.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcc-plugins.txt
highuid.txt
hw_random.txt
hwspinlock.txt
index.rst x86/speculation/mds: Add mds_clear_cpu_buffers() 2019-05-14 19:17:54 +02:00
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
irqflags-tracing.txt
isa.txt
isapnp.txt
kernel-per-CPU-kthreads.txt
kobject.txt
kprobes.txt
kref.txt
ldm.txt
lockup-watchdogs.txt
logo.gif
logo.txt
lsm.txt
lzo.txt
mailbox.txt
Makefile
memory-barriers.txt
memory-hotplug.txt
men-chameleon-bus.txt
nommu-mmap.txt
ntb.txt
numastat.txt
padata.txt
parport-lowlevel.txt
percpu-rw-semaphore.txt
phy.txt
pi-futex.txt
pnp.txt
preempt-locking.txt
pwm.txt
rbtree.txt
remoteproc.txt
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt futex: Update comments and docs about return values of arch futex code 2019-07-03 13:14:49 +02:00
rpmsg.txt
rtc.txt
SAK.txt
sgi-ioc4.txt
siphash.txt
SM501.txt
smsc_ece1099.txt
speculation.txt
static-keys.txt
SubmittingPatches
svga.txt
switchtec.txt
sync_file.txt
tee.txt
this_cpu_ops.txt
unaligned-memory-access.txt
vfio-mediated-device.txt
vfio.txt
video-output.txt
xillybus.txt
xz.txt
zorro.txt