From c780195351db915c7a0edba829e58c1f1bda4363 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: May 13 2019 03:59:45 +0000 Subject: Update patch for RH1566890. Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to rh1566890-CVE_2018_3639-speculative_store_bypass.patch Added dependent patch, rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch --- diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index e54a6d4..bc2178d 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -985,7 +985,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 0%{?dist} +Release: 1%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1095,7 +1095,8 @@ Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_ # PR3083, RH1346460: Regression in SSL debug output without an ECC provider Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch # RH1566890: CVE-2018-3639 -Patch529: rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch +Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch +Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch # PR3601: Fix additional -Wreturn-type issues introduced by 8061651 Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch # Support for building the SunEC provider with the system NSS installation @@ -1585,6 +1586,7 @@ sh %{SOURCE12} %patch523 %patch528 %patch529 +%patch531 %patch530 %patch563 %patch564 @@ -2267,6 +2269,13 @@ require "copy_jdk_configs.lua" %endif %changelog +* Mon May 13 2019 Severin Gehwolf - 1:1.8.0.212.b04-1 +- Update patch for RH1566890. + - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to + rh1566890-CVE_2018_3639-speculative_store_bypass.patch + - Added dependent patch, + rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch + * Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-0 - Update to aarch64-shenandoah-jdk8u212-b04. diff --git a/rh1566890-CVE_2018_3639-speculative_store_bypass.patch b/rh1566890-CVE_2018_3639-speculative_store_bypass.patch new file mode 100644 index 0000000..d8f3a5a --- /dev/null +++ b/rh1566890-CVE_2018_3639-speculative_store_bypass.patch @@ -0,0 +1,44 @@ +diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp +--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp ++++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp +@@ -103,6 +103,8 @@ + # include + # include + ++#include ++ + PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC + + #ifndef _GNU_SOURCE +@@ -4997,6 +4999,31 @@ + } + } + ++/* Per task speculation control */ ++#ifndef PR_GET_SPECULATION_CTRL ++#define PR_GET_SPECULATION_CTRL 52 ++#endif ++#ifndef PR_SET_SPECULATION_CTRL ++#define PR_SET_SPECULATION_CTRL 53 ++#endif ++/* Speculation control variants */ ++# undef PR_SPEC_STORE_BYPASS ++# define PR_SPEC_STORE_BYPASS 0 ++/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ ++# undef PR_SPEC_NOT_AFFECTED ++# undef PR_SPEC_PRCTL ++# undef PR_SPEC_ENABLE ++# undef PR_SPEC_DISABLE ++# define PR_SPEC_NOT_AFFECTED 0 ++# define PR_SPEC_PRCTL (1UL << 0) ++# define PR_SPEC_ENABLE (1UL << 1) ++# define PR_SPEC_DISABLE (1UL << 2) ++ ++static void set_speculation() __attribute__((constructor)); ++static void set_speculation() { ++ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); ++} ++ + // this is called _before_ most of the global arguments have been parsed + void os::init(void) { + char dummy; /* used to get a guess on initial stack address */ diff --git a/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch b/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch new file mode 100644 index 0000000..94ef9d4 --- /dev/null +++ b/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch @@ -0,0 +1,54 @@ +diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp +--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp ++++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp +@@ -5001,26 +5001,43 @@ + + /* Per task speculation control */ + #ifndef PR_GET_SPECULATION_CTRL +-#define PR_GET_SPECULATION_CTRL 52 ++# define PR_GET_SPECULATION_CTRL 52 + #endif + #ifndef PR_SET_SPECULATION_CTRL +-#define PR_SET_SPECULATION_CTRL 53 ++# define PR_SET_SPECULATION_CTRL 53 + #endif + /* Speculation control variants */ +-# undef PR_SPEC_STORE_BYPASS ++#ifndef PR_SPEC_STORE_BYPASS + # define PR_SPEC_STORE_BYPASS 0 ++#endif + /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ +-# undef PR_SPEC_NOT_AFFECTED +-# undef PR_SPEC_PRCTL +-# undef PR_SPEC_ENABLE +-# undef PR_SPEC_DISABLE ++ ++#ifndef PR_SPEC_NOT_AFFECTED + # define PR_SPEC_NOT_AFFECTED 0 ++#endif ++#ifndef PR_SPEC_PRCTL + # define PR_SPEC_PRCTL (1UL << 0) ++#endif ++#ifndef PR_SPEC_ENABLE + # define PR_SPEC_ENABLE (1UL << 1) ++#endif ++#ifndef PR_SPEC_DISABLE + # define PR_SPEC_DISABLE (1UL << 2) ++#endif ++#ifndef PR_SPEC_FORCE_DISABLE ++# define PR_SPEC_FORCE_DISABLE (1UL << 3) ++#endif ++#ifndef PR_SPEC_DISABLE_NOEXEC ++# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) ++#endif + + static void set_speculation() __attribute__((constructor)); + static void set_speculation() { ++ if ( prctl(PR_SET_SPECULATION_CTRL, ++ PR_SPEC_STORE_BYPASS, ++ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { ++ return; ++ } + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); + } + diff --git a/rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch b/rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch deleted file mode 100644 index d8f3a5a..0000000 --- a/rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp ---- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp -+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp -@@ -103,6 +103,8 @@ - # include - # include - -+#include -+ - PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC - - #ifndef _GNU_SOURCE -@@ -4997,6 +4999,31 @@ - } - } - -+/* Per task speculation control */ -+#ifndef PR_GET_SPECULATION_CTRL -+#define PR_GET_SPECULATION_CTRL 52 -+#endif -+#ifndef PR_SET_SPECULATION_CTRL -+#define PR_SET_SPECULATION_CTRL 53 -+#endif -+/* Speculation control variants */ -+# undef PR_SPEC_STORE_BYPASS -+# define PR_SPEC_STORE_BYPASS 0 -+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ -+# undef PR_SPEC_NOT_AFFECTED -+# undef PR_SPEC_PRCTL -+# undef PR_SPEC_ENABLE -+# undef PR_SPEC_DISABLE -+# define PR_SPEC_NOT_AFFECTED 0 -+# define PR_SPEC_PRCTL (1UL << 0) -+# define PR_SPEC_ENABLE (1UL << 1) -+# define PR_SPEC_DISABLE (1UL << 2) -+ -+static void set_speculation() __attribute__((constructor)); -+static void set_speculation() { -+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); -+} -+ - // this is called _before_ most of the global arguments have been parsed - void os::init(void) { - char dummy; /* used to get a guess on initial stack address */