From: Jimmy Tran <jtoantran@google.com>
To: stable@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
Arnd Bergmann <arnd@arndb.de>, Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
David Laight <david.laight@aculab.com>,
Andrei Vagin <avagin@gmail.com>,
Jimmy Tran <jtoantran@google.com>
Subject: [PATCH 6.6 v2 0/7] x86: fix user address masking non-canonical
Date: Wed, 6 Aug 2025 16:19:56 +0000 [thread overview]
Message-ID: <20250806162003.1134886-1-jtoantran@google.com> (raw)
Hi everyone,
This is v2 of my series to backport the critical security fix,
identified as CVE-2020-12965 ("Transient Execution of Non-Canonical Accesses"),
to the 6.6.y stable kernel tree.
Linus Torvalds's second proposed solution offers a more targeted and
smaller backport for CVE-2020-12965 compared to backporting the entire
patch series.
This alternative would focus solely on the user address masking
logic that addresses the AMD speculation issue with non-canonical
addresses.
Instead of introducing the extensive "runtime-constant"
infrastructure seen in the larger patch series, this solution would:
- Introduce a single new variable for the USER_PTR_MAX
value.
- Use an actual memory load to access this USER_PTR_MAX value, rather than
leveraging the runtime_const mechanism.
While this approach would result in a noticeably smaller and more
localized patch, it would differ from what's currently in the
mainline kernel. This divergence would necessitate significant
additional testing to ensure its stability.
I am ready to implement the second proposed solution if the
maintainers wish to move forward in that direction, understanding the
testing implications. Please let me know your preference.
Changes in v2:
==============
- Incorporated the commit 91309a708: x86: use cmov for user address
as suggested by David Laight. This commit is now included as the first patch
in the series.
This series addresses the CVE-2020-12965 vulnerability by
introducing the necessary x86 infrastructure and the specific fix for user
address masking non-canonical speculation issues.
v1:
==============
This patch series backports a critical security fix, identified as
CVE-2020-12965 ("Transient Execution of Non-Canonical Accesses"), to the
6.6.y stable kernel tree.
David Laight (1):
x86: fix off-by-one in access_ok()
Linus Torvalds (6):
vfs: dcache: move hashlen_hash() from callers into d_hash()
runtime constants: add default dummy infrastructure
runtime constants: add x86 architecture support
arm64: add 'runtime constant' support
x86: fix user address masking non-canonical speculation issue
x86: use cmov for user address masking
arch/arm64/include/asm/runtime-const.h | 92 ++++++++++++++++++++++++++
arch/arm64/kernel/vmlinux.lds.S | 3 +
arch/x86/include/asm/runtime-const.h | 61 +++++++++++++++++
arch/x86/include/asm/uaccess_64.h | 44 +++++++-----
arch/x86/kernel/cpu/common.c | 10 +++
arch/x86/kernel/vmlinux.lds.S | 4 ++
arch/x86/lib/getuser.S | 10 ++-
fs/dcache.c | 17 +++--
include/asm-generic/Kbuild | 1 +
include/asm-generic/runtime-const.h | 15 +++++
include/asm-generic/vmlinux.lds.h | 8 +++
11 files changed, 242 insertions(+), 23 deletions(-)
create mode 100644 arch/arm64/include/asm/runtime-const.h
create mode 100644 arch/x86/include/asm/runtime-const.h
create mode 100644 include/asm-generic/runtime-const.h
--
2.50.1.470.g6ba607880d-goog
next reply other threads:[~2025-08-06 16:20 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-06 16:19 Jimmy Tran [this message]
2025-08-06 16:19 ` [PATCH v2 1/7] vfs: dcache: move hashlen_hash() from callers into d_hash() Jimmy Tran
2025-08-06 16:19 ` [PATCH v2 2/7] runtime constants: add default dummy infrastructure Jimmy Tran
2025-08-12 13:00 ` Greg Kroah-Hartman
2025-08-06 16:19 ` [PATCH v2 3/7] runtime constants: add x86 architecture support Jimmy Tran
2025-08-06 21:01 ` David Laight
2025-08-06 16:20 ` [PATCH v2 4/7] arm64: add 'runtime constant' support Jimmy Tran
2025-08-06 16:20 ` [PATCH v2 5/7] x86: fix user address masking non-canonical speculation issue Jimmy Tran
2025-08-06 16:20 ` [PATCH v2 6/7] x86: fix off-by-one in access_ok() Jimmy Tran
2025-08-06 16:20 ` [PATCH v2 7/7] x86: use cmov for user address masking Jimmy Tran
2025-08-06 18:02 ` [PATCH 6.6 v2 0/7] x86: fix user address masking non-canonical Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250806162003.1134886-1-jtoantran@google.com \
--to=jtoantran@google.com \
--cc=arnd@arndb.de \
--cc=avagin@gmail.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=david.laight@aculab.com \
--cc=gregkh@linuxfoundation.org \
--cc=mingo@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox