Hi Thomas, Ingo, Here is another spin of the Spectre variant1 mitigations. Changes since v5 [1]: * Use the _nospec suffix for all new infrastructure, i.e. s/ifence/barrier_nospec/, s/array_idx/array_index_nospec/, and s/array_idx_mask/array_index_mask_nospec/. (Ingo) * Fix up array_index_mask_nospec() to have a proper kernel doc comment (Thomas) * Fix up copyright attribution in include/linux/nospec.h (Ingo) * Spell out 'index' and 'size' throughout the patch set rather than 'idx' and 'sz'. (Ingo). * Clarify placement of barrier_nospec() relative to stac() in __uaccess_begin_nospec() (Ingo) * Drop the syscall fast path elimination patch out of this series since Andy is handling that separately. (Andy) * Simplify the x86 array_index_mask_nospec() assembly, no need for a separate 32-bit version (Ingo) * Clarify that the 'cmp, sbb' sequence in the get_user_<size> variants are effectively open coded array_index_nospec() instances where the array base is the user pointer and the array limit is the task address limit. (Ingo) * Replace '<function identifier>' with <function identifier>() throughout the series. (Ingo) * Comment and whitespace fixups in asm/barrier.h (Ingo) * Split the definition of barrier_nospec() into its own patch separate from its new usages with __uaccess_begin_nospec(). (Ingo) * Split the __uaccess_begin_nospec() patch into one that cleans up open coded stac/clac usage and one that uses the new __uaccess_begin_nospec() helper. (Ingo) * Change the contents of the 'bug/spectre_v1' sysfs file to: "Mitigation: __user pointer sanitization" since these changes do raise the kernel's defenses. (Ingo) [1]: https://www.spinics.net/lists/linux-arch/msg44193.html --- Dan Williams (12): array_index_nospec: sanitize speculative array de-references x86: implement array_index_mask_nospec x86: introduce barrier_nospec x86: introduce __uaccess_begin_nospec x86, usercopy: replace open coded stac/clac with __uaccess_{begin,end} x86, __get_user: use __uaccess_begin_nospec x86, get_user: use pointer masking to limit speculation x86: sanitize syscall table de-references under speculation vfs, fdtable: prevent bounds-check bypass via speculative execution kvm, x86: update spectre-v1 mitigation nl80211: sanitize array index in parse_txq_params x86/spectre: report get_user mitigation for spectre_v1 Mark Rutland (1): Documentation: document array_index_nospec Documentation/speculation.txt | 90 +++++++++++++++++++++++++++++++++++++ arch/x86/entry/common.c | 5 ++ arch/x86/include/asm/barrier.h | 28 ++++++++++++ arch/x86/include/asm/msr.h | 3 - arch/x86/include/asm/uaccess.h | 15 +++++- arch/x86/include/asm/uaccess_32.h | 6 +- arch/x86/include/asm/uaccess_64.h | 12 ++--- arch/x86/kernel/cpu/bugs.c | 2 - arch/x86/kvm/vmx.c | 14 ++++-- arch/x86/lib/getuser.S | 10 ++++ arch/x86/lib/usercopy_32.c | 8 ++- include/linux/fdtable.h | 5 ++ include/linux/nospec.h | 72 ++++++++++++++++++++++++++++++ net/wireless/nl80211.c | 9 ++-- 14 files changed, 251 insertions(+), 28 deletions(-) create mode 100644 Documentation/speculation.txt create mode 100644 include/linux/nospec.h