From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 4 Sep 2019 10:32:54 +0000 (+0200)
Subject: 5.2-stable patches
X-Git-Tag: v4.4.191~9
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9303b52511dc87db06f6eb0276421c36a0854b59;p=thirdparty%2Fkernel%2Fstable-queue.git

5.2-stable patches

added patches:
	x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
---

diff --git a/queue-5.2/series b/queue-5.2/series
index 11f1c9b8454..386896c1fe1 100644
--- a/queue-5.2/series
+++ b/queue-5.2/series
@@ -138,3 +138,4 @@ iwlwifi-pcie-don-t-switch-fw-to-qnj-when-ax201-is-de.patch
 iwlwifi-pcie-handle-switching-killer-qu-b0-nics-to-c.patch
 drm-i915-do-not-create-a-new-max_bpc-prop-for-mst-co.patch
 drm-i915-dp-fix-dsc-enable-code-to-use-cpu_transcode.patch
+x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
diff --git a/queue-5.2/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch b/queue-5.2/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
new file mode 100644
index 00000000000..7e58992529e
--- /dev/null
+++ b/queue-5.2/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
@@ -0,0 +1,40 @@
+From d91372b3cc092fb573ad0ed3edba584dcc3913da Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 4 Sep 2019 12:27:18 +0200
+Subject: x86/ptrace: fix up botched merge of spectrev1 fix
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+I incorrectly merged commit 31a2fbb390fe ("x86/ptrace: Fix possible
+spectre-v1 in ptrace_get_debugreg()") when backporting it, as was
+graciously pointed out at
+https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
+
+Resolve the upstream difference with the stable kernel merge to properly
+protect things.
+
+Reported-by: Brad Spengler <spender@grsecurity.net>
+Cc: Dianzhang Chen <dianzhangchen0@gmail.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: <bp@alien8.de>
+Cc: <hpa@zytor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/ptrace.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -644,11 +644,10 @@ static unsigned long ptrace_get_debugreg
+ {
+ 	struct thread_struct *thread = &tsk->thread;
+ 	unsigned long val = 0;
+-	int index = n;
+ 
+ 	if (n < HBP_NUM) {
++		int index = array_index_nospec(n, HBP_NUM);
+ 		struct perf_event *bp = thread->ptrace_bps[index];
+-		index = array_index_nospec(index, HBP_NUM);
+ 
+ 		if (bp)
+ 			val = bp->hw.info.address;