Drop x86 IBPB patch that should not be backported by itself

There are several follow-up commits that are needed to avoid major
performance regressions.

2 files changed, 0 insertions, 167 deletions

diff --git a/queue-3.16/series b/queue-3.16/series
index 5def932c..6b7e6b4a 100644
--- a/queue-3.16/series
+++ b/queue-3.16/series
@@ -42,7 +42,6 @@ usb-chipidea-prevent-unbalanced-irq-disable.patch
 crypto-lrw-fix-out-of-bounds-access-on-counter-overflow.patch
 media-pci-cx23885-handle-adding-to-list-failure.patch
 net-phy-stop-with-excessive-soft-reset.patch
-x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch
 fuse-fix-blocked_waitq-wakeup.patch
 edac-i7core-sb-skx-_edac-fix-uncorrected-error-counting.patch
 iio-adc-at91-fix-acking-drdy-irq-on-simple-conversions.patch
diff --git a/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch b/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch
deleted file mode 100644
index dc37dae9..00000000
--- a/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From: Jiri Kosina <jkosina@suse.cz>
-Date: Tue, 25 Sep 2018 14:38:18 +0200
-Subject: x86/speculation: Apply IBPB more strictly to avoid cross-process data
- leak
-
-commit dbfe2953f63c640463c630746cd5d9de8b2f63ae upstream.
-
-Currently, IBPB is only issued in cases when switching into a non-dumpable
-process, the rationale being to protect such 'important and security
-sensitive' processess (such as GPG) from data leaking into a different
-userspace process via spectre v2.
-
-This is however completely insufficient to provide proper userspace-to-userpace
-spectrev2 protection, as any process can poison branch buffers before being
-scheduled out, and the newly scheduled process immediately becomes spectrev2
-victim.
-
-In order to minimize the performance impact (for usecases that do require
-spectrev2 protection), issue the barrier only in cases when switching between
-processess where the victim can't be ptraced by the potential attacker (as in
-such cases, the attacker doesn't have to bother with branch buffers at all).
-
-[ tglx: Split up PTRACE_MODE_NOACCESS_CHK into PTRACE_MODE_SCHED and
-  PTRACE_MODE_IBPB to be able to do ptrace() context tracking reasonably
-  fine-grained ]
-
-Fixes: 18bf3c3ea8 ("x86/speculation: Use Indirect Branch Prediction Barrier in context switch")
-Originally-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc:  "WoodhouseDavid" <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc:  "SchauflerCasey" <casey.schaufler@intel.com>
-Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251437340.15880@cbobk.fhfr.pm
-[bwh: Backported to 3.16: We don't have mm_context_t::ctx_id so can't use
- it to compare task identity.]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -7,6 +7,7 @@
- #include <linux/module.h>
- #include <linux/cpu.h>
- #include <linux/debugfs.h>
-+#include <linux/ptrace.h>
- 
- #include <asm/tlbflush.h>
- #include <asm/mmu_context.h>
-@@ -95,6 +96,19 @@ void switch_mm(struct mm_struct *prev, s
- 	local_irq_restore(flags);
- }
- 
-+static bool ibpb_needed(struct task_struct *tsk)
-+{
-+	/*
-+	 * Check if the current (previous) task has access to the memory
-+	 * of the @tsk (next) task. If access is denied, make sure to
-+	 * issue a IBPB to stop user->user Spectre-v2 attacks.
-+	 *
-+	 * Note: __ptrace_may_access() returns 0 or -ERRNO.
-+	 */
-+	return (tsk && tsk->mm &&
-+		ptrace_may_access_sched(tsk, PTRACE_MODE_SPEC_IBPB));
-+}
-+
- void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
- 			struct task_struct *tsk)
- {
-@@ -107,16 +121,13 @@ void switch_mm_irqs_off(struct mm_struct
- 		 * one process from doing Spectre-v2 attacks on another.
- 		 *
- 		 * As an optimization, flush indirect branches only when
--		 * switching into processes that disable dumping. This
--		 * protects high value processes like gpg, without having
--		 * too high performance overhead. IBPB is *expensive*!
--		 *
--		 * This will not flush branches when switching into kernel
--		 * threads. It will flush if we switch to a different non-
--		 * dumpable process.
-+		 * switching into a processes that can't be ptrace by the
-+		 * current one (as in such case, attacker has much more
-+		 * convenient way how to tamper with the next process than
-+		 * branch buffer poisoning).
- 		 */
--		if (tsk && tsk->mm &&
--		    get_dumpable(tsk->mm) != SUID_DUMP_USER)
-+		if (static_cpu_has(X86_FEATURE_USE_IBPB) &&
-+				ibpb_needed(tsk))
- 			indirect_branch_prediction_barrier();
- 
- 		this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
---- a/include/linux/ptrace.h
-+++ b/include/linux/ptrace.h
-@@ -59,14 +59,17 @@ extern void exit_ptrace(struct task_stru
- #define PTRACE_MODE_READ	0x01
- #define PTRACE_MODE_ATTACH	0x02
- #define PTRACE_MODE_NOAUDIT	0x04
--#define PTRACE_MODE_FSCREDS 0x08
--#define PTRACE_MODE_REALCREDS 0x10
-+#define PTRACE_MODE_FSCREDS	0x08
-+#define PTRACE_MODE_REALCREDS	0x10
-+#define PTRACE_MODE_SCHED	0x20
-+#define PTRACE_MODE_IBPB	0x40
- 
- /* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */
- #define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS)
- #define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS)
- #define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS)
- #define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS)
-+#define PTRACE_MODE_SPEC_IBPB (PTRACE_MODE_ATTACH_REALCREDS | PTRACE_MODE_IBPB)
- 
- /**
-  * ptrace_may_access - check whether the caller is permitted to access
-@@ -84,6 +87,20 @@ extern void exit_ptrace(struct task_stru
-  */
- extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
- 
-+/**
-+ * ptrace_may_access - check whether the caller is permitted to access
-+ * a target task.
-+ * @task: target task
-+ * @mode: selects type of access and caller credentials
-+ *
-+ * Returns true on success, false on denial.
-+ *
-+ * Similar to ptrace_may_access(). Only to be called from context switch
-+ * code. Does not call into audit and the regular LSM hooks due to locking
-+ * constraints.
-+ */
-+extern bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode);
-+
- static inline int ptrace_reparented(struct task_struct *child)
- {
- 	return !same_thread_group(child->real_parent, child->parent);
---- a/kernel/ptrace.c
-+++ b/kernel/ptrace.c
-@@ -262,6 +262,9 @@ static int ptrace_check_attach(struct ta
- 
- static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
- {
-+	if (mode & PTRACE_MODE_SCHED)
-+		return false;
-+
- 	if (mode & PTRACE_MODE_NOAUDIT)
- 		return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
- 	else
-@@ -329,9 +332,16 @@ ok:
- 	     !ptrace_has_cap(mm->user_ns, mode)))
- 	    return -EPERM;
- 
-+	if (mode & PTRACE_MODE_SCHED)
-+		return 0;
- 	return security_ptrace_access_check(task, mode);
- }
- 
-+bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode)
-+{
-+	return __ptrace_may_access(task, mode | PTRACE_MODE_SCHED);
-+}
-+
- bool ptrace_may_access(struct task_struct *task, unsigned int mode)
- {
- 	int err;