On 02/09/2018 01:23 PM, Frank Krüger wrote:
Hi there
Given today's kernel stable repo update to 4.15.2,
"grep . /sys/devices/system/cpu/vulnerabilities/*
gives
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
What does "_user pointer sanitization" mean?
The current mitigation for V1 of Spectre is complete only for references that
the kernel makes into user space. The commit message for the patch that changed
that message is as follows:
x86/spectre: Report get_user mitigation for spectre_v1
commit edfbae53dab8348fca778531be9f4855d2ca0360
Reflect the presence of get_user(), __get_user(), and 'syscall' protections
in sysfs. The expectation is that new and better tooling will allow the
kernel to grow more usages of array_index_nospec(), for now, only claim
mitigation for __user pointer de-references.
Reported-by: Jiri Slaby