June 2018 - Linux-stable-mirror

[PATCH Resend 1/2] MIPS: io: Add barrier after register read in inX()

by Huacai Chen

While a barrier is present in the outX() functions before the register write, a similar barrier is missing in the inX() functions after the register read. This could allow memory accesses following inX() to observe stale data. This patch is very similar to commit a1cc7034e33d12dc1 ("MIPS: io: Add barrier after register read in readX()"). Because war_io_reorder_wmb() is both used by writeX() and outX(), if readX() need a barrier then so does inX(). Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/include/asm/io.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/mips/include/asm/io.h b/arch/mips/include/asm/io.h index a7d0b83..cea8ad8 100644 --- a/arch/mips/include/asm/io.h +++ b/arch/mips/include/asm/io.h @@ -414,6 +414,8 @@ static inline type pfx##in##bwlq##p(unsigned long port) \ __val = *__addr; \ slow; \ \ + /* prevent prefetching of coherent DMA data prematurely */ \ + rmb(); \ return pfx##ioswab##bwlq(__addr, __val); \ } -- 2.7.0

6 years, 8 months

1
0
0 0

Re: ct helper ipv6

by Florian Westphal

Ale <mystic(a)tin.it> wrote: [ cc stable, could you please queue below fix? ] > When I try to use CT HELPER for the ipv6, nft it dies and I have to > restart the pc. But it works well for ip and inet. > > nft add ct helper ip6 filter ftp-std { type \"ftp\" protocol tcp\; } > nft add rule ip6 filter WAN-IN iifname $IF_WAN_1 tcp sport $UP_PORTS > tcp dport $UP_PORTS ct helper set \"ftp-std\" counter accept > > Kernel: RIP: strlen+0x0/0x20 RSP: ffffae1b4c67f980 > kernel: Code: f8 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f > b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00 > <80> 3f 00 74 10 48 89 f8 48 > This is most likely fixed in 4.17 by commit b71534583f22d08c3e3563bf5100aeb5f5c9fbe5 netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump The bug was added in Linux 4.12.

6 years, 8 months

2
1
0 0

Linux 4.17.1

by Greg KH

I'm announcing the release of the 4.17.1 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 ++++ Makefile | 2 - drivers/net/dsa/b53/b53_common.c | 15 +++++++ drivers/net/dsa/b53/b53_priv.h | 2 + drivers/net/dsa/b53/b53_srab.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/team/team.c | 3 + drivers/pci/host/pci-hyperv.c | 46 +++++++++++++++++------ include/linux/mroute_base.h | 10 ----- include/net/ipv6.h | 5 ++ net/core/flow_dissector.c | 2 - net/core/rtnetlink.c | 8 ++-- net/ipv4/fib_semantics.c | 4 ++ net/ipv4/ipmr_base.c | 8 ++-- net/ipv4/netfilter/nf_flow_table_ipv4.c | 5 +- net/ipv6/ip6_output.c | 3 + net/ipv6/ip6mr.c | 21 +++++++--- net/ipv6/ndisc.c | 6 +++ net/ipv6/netfilter/nf_flow_table_ipv6.c | 1 net/ipv6/route.c | 4 +- net/l2tp/l2tp_ppp.c | 35 ++++++++--------- net/packet/af_packet.c | 2 - net/sctp/transport.c | 2 - 23 files changed, 131 insertions(+), 68 deletions(-) Arun Parameswaran (1): net: dsa: b53: Fix for brcm tag issue in Cygnus SoC Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Dan Carpenter (1): team: use netdev_features_t instead of u32 Dexuan Cui (1): PCI: hv: Do not wait forever on a device that has disappeared Eric Dumazet (3): net: metrics: add proper netlink validation net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() Greg Kroah-Hartman (1): Linux 4.17.1 Guillaume Nault (1): l2tp: fix refcount leakage on PPPoL2TP sockets Jason A. Donenfeld (1): netfilter: nf_flow_table: attach dst to skbs Julia Lawall (1): bnx2x: use the right constant Michal Kubecek (1): ipv6: omit traffic class when calculating flow hash Sabrina Dubroca (2): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds ipmr: fix error path when ipmr_new_table fails Stephen Suryaputra (1): vrf: check the original netdevice for generating redirect Xin Long (1): sctp: not allow transport timeout value less than HZ/5 for hb_timer

6 years, 8 months

1
1
0 0

Linux 4.16.15

by Greg KH

I'm announcing the release of the 4.16.15 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 ++++ Makefile | 2 - drivers/gpu/drm/drm_file.c | 1 drivers/isdn/hardware/eicon/diva.c | 22 +++++++---- drivers/isdn/hardware/eicon/diva.h | 5 +- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++---- drivers/net/dsa/b53/b53_common.c | 15 +++++++ drivers/net/dsa/b53/b53_priv.h | 2 + drivers/net/dsa/b53/b53_srab.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++-- drivers/net/ethernet/emulex/benet/be_main.c | 4 +- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 42 +++++++++++++++++++++ drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 5 ++ drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 - drivers/net/ethernet/socionext/netsec.c | 4 +- drivers/net/ethernet/ti/davinci_emac.c | 22 ++++++----- drivers/net/phy/bcm-cygnus.c | 6 +-- drivers/net/phy/bcm-phy-lib.c | 2 - drivers/net/phy/bcm-phy-lib.h | 7 +++ drivers/net/phy/bcm7xxx.c | 4 +- drivers/net/team/team.c | 3 + drivers/net/tun.c | 15 ++++--- drivers/net/usb/cdc_mbim.c | 2 - drivers/net/virtio_net.c | 21 +++++----- drivers/pci/host/pci-hyperv.c | 46 +++++++++++++++++------ drivers/vhost/net.c | 37 ++++++++++++------ drivers/vhost/vhost.c | 3 + include/net/ipv6.h | 5 ++ mm/mmap.c | 32 ++++++++++++++++ net/core/flow_dissector.c | 2 - net/core/net-sysfs.c | 6 +-- net/core/rtnetlink.c | 8 ++-- net/dccp/proto.c | 2 - net/ipv4/fib_frontend.c | 1 net/ipv4/fib_semantics.c | 4 ++ net/ipv4/ip_sockglue.c | 2 - net/ipv4/ip_tunnel.c | 8 ++-- net/ipv4/ipmr.c | 7 +++ net/ipv4/netfilter/nf_flow_table_ipv4.c | 5 +- net/ipv6/ip6_output.c | 3 + net/ipv6/ip6_tunnel.c | 11 ++++- net/ipv6/ip6mr.c | 3 + net/ipv6/ndisc.c | 6 +++ net/ipv6/netfilter/nf_flow_table_ipv6.c | 1 net/ipv6/route.c | 2 - net/ipv6/seg6_iptunnel.c | 4 +- net/ipv6/sit.c | 5 +- net/kcm/kcmsock.c | 2 - net/l2tp/l2tp_ppp.c | 35 ++++++++--------- net/packet/af_packet.c | 4 +- net/sched/cls_api.c | 2 - net/sched/cls_flower.c | 2 - net/sctp/transport.c | 2 - scripts/kconfig/confdata.c | 2 - 56 files changed, 338 insertions(+), 145 deletions(-) Alexander Duyck (1): net-sysfs: Fix memory leak in XPS configuration Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Ard Biesheuvel (1): net: netsec: reduce DMA mask to 40 bits Arun Parameswaran (1): net: dsa: b53: Fix for brcm tag issue in Cygnus SoC Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Dan Carpenter (2): net: ethernet: davinci_emac: fix error handling in probe() team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Dexuan Cui (1): PCI: hv: Do not wait forever on a device that has disappeared Eran Ben Elisha (1): net/mlx5e: When RXFCS is set, add FCS data into checksum calculation Eric Dumazet (4): ipmr: properly check rhltable_init() return value net: metrics: add proper netlink validation net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() Florian Fainelli (2): net: phy: broadcom: Fix bcm_write_exp() net: phy: broadcom: Fix auxiliary control register reads Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 4.16.15 Guillaume Nault (1): l2tp: fix refcount leakage on PPPoL2TP sockets Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Jason A. Donenfeld (1): netfilter: nf_flow_table: attach dst to skbs Jason Wang (6): vhost: synchronize IOTLB message with dev cleanup virtio-net: correctly transmit XDP buff after linearizing virtio-net: fix leaking page for gso packet during mergeable XDP virtio-net: correctly check num_buf during err path virtio-net: correctly redirect linearized packet vhost_net: flush batched heads before trying to busy polling Julia Lawall (1): bnx2x: use the right constant Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Mathieu Xhonneux (1): ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline Michal Kubecek (1): ipv6: omit traffic class when calculating flow hash Nathan Chancellor (1): kconfig: Avoid format overflow warning from GCC 8.1 Nicolas Dichtel (2): ip6_tunnel: remove magic mtu value 0xFFF8 ip_tunnel: restore binding to ifaces with a large mtu Or Gerlitz (1): net : sched: cls_api: deal with egdev path only if needed Paul Blakey (1): cls_flower: Fix incorrect idr release when failing to modify rule Petr Machata (1): mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG Roopa Prabhu (1): net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Shahed Shaikh (1): qed: Fix mask for physical address in ILT entry Stephen Suryaputra (1): vrf: check the original netdevice for generating redirect Suresh Reddy (1): be2net: Fix error detection logic for BE3 Toshiaki Makita (1): tun: Fix NULL pointer dereference in XDP redirect Wenwen Wang (1): isdn: eicon: fix a missing-check bug Willem de Bruijn (2): ipv4: remove warning in ip_recv_error packet: fix reserve calculation Xin Long (1): sctp: not allow transport timeout value less than HZ/5 for hb_timer

6 years, 8 months

1
1
0 0

Linux 4.14.49

by Greg KH

I'm announcing the release of the 4.14.49 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 + Makefile | 2 drivers/gpu/drm/drm_file.c | 1 drivers/isdn/hardware/eicon/diva.c | 22 ++- drivers/isdn/hardware/eicon/diva.h | 5 drivers/isdn/hardware/eicon/divasmain.c | 18 +-- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 8 - drivers/net/ethernet/emulex/benet/be_main.c | 4 drivers/net/ethernet/mellanox/mlx4/qp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 42 +++++++ drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 drivers/net/phy/bcm-cygnus.c | 6 - drivers/net/phy/bcm-phy-lib.c | 2 drivers/net/phy/bcm-phy-lib.h | 7 + drivers/net/phy/bcm7xxx.c | 4 drivers/net/team/team.c | 3 drivers/net/tun.c | 15 +- drivers/net/usb/cdc_mbim.c | 2 drivers/net/virtio_net.c | 19 +-- drivers/pci/host/pci-hyperv.c | 46 ++++++-- drivers/scsi/sd_zbc.c | 128 +++++++++++++---------- drivers/vhost/vhost.c | 3 fs/btrfs/disk-io.c | 3 include/net/ipv6.h | 5 include/uapi/linux/btrfs_tree.h | 1 mm/mmap.c | 32 +++++ net/core/flow_dissector.c | 2 net/core/net-sysfs.c | 6 - net/core/rtnetlink.c | 8 - net/dccp/proto.c | 2 net/ipv4/fib_frontend.c | 1 net/ipv4/fib_semantics.c | 4 net/ipv4/ip_sockglue.c | 2 net/ipv4/ipmr.c | 7 + net/ipv6/ip6_output.c | 3 net/ipv6/ip6_tunnel.c | 11 + net/ipv6/ip6mr.c | 3 net/ipv6/ndisc.c | 6 + net/ipv6/route.c | 2 net/ipv6/seg6_iptunnel.c | 4 net/ipv6/sit.c | 5 net/kcm/kcmsock.c | 2 net/packet/af_packet.c | 4 net/sched/cls_flower.c | 2 net/sctp/transport.c | 2 scripts/kconfig/confdata.c | 2 47 files changed, 329 insertions(+), 144 deletions(-) Alexander Duyck (1): net-sysfs: Fix memory leak in XPS configuration Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Anand Jain (1): btrfs: define SUPER_FLAG_METADUMP_V2 Bart Van Assche (1): scsi: sd_zbc: Avoid that resetting a zone fails sporadically Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Damien Le Moal (1): scsi: sd_zbc: Fix potential memory leak Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Dexuan Cui (1): PCI: hv: Do not wait forever on a device that has disappeared Eran Ben Elisha (1): net/mlx5e: When RXFCS is set, add FCS data into checksum calculation Eric Dumazet (4): ipmr: properly check rhltable_init() return value net: metrics: add proper netlink validation net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() Florian Fainelli (2): net: phy: broadcom: Fix bcm_write_exp() net: phy: broadcom: Fix auxiliary control register reads Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 4.14.49 Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Jason Wang (4): vhost: synchronize IOTLB message with dev cleanup virtio-net: correctly transmit XDP buff after linearizing virtio-net: correctly check num_buf during err path virtio-net: fix leaking page for gso packet during mergeable XDP Julia Lawall (1): bnx2x: use the right constant Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Mathieu Xhonneux (1): ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline Michal Kubecek (1): ipv6: omit traffic class when calculating flow hash Nathan Chancellor (1): kconfig: Avoid format overflow warning from GCC 8.1 Nicolas Dichtel (1): ip6_tunnel: remove magic mtu value 0xFFF8 Paul Blakey (1): cls_flower: Fix incorrect idr release when failing to modify rule Roopa Prabhu (1): net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Shahed Shaikh (1): qed: Fix mask for physical address in ILT entry Stephen Suryaputra (1): vrf: check the original netdevice for generating redirect Suresh Reddy (1): be2net: Fix error detection logic for BE3 Toshiaki Makita (1): tun: Fix NULL pointer dereference in XDP redirect Wenwen Wang (1): isdn: eicon: fix a missing-check bug Willem de Bruijn (2): ipv4: remove warning in ip_recv_error packet: fix reserve calculation Xin Long (1): sctp: not allow transport timeout value less than HZ/5 for hb_timer

6 years, 8 months

1
1
0 0

[GIT PULL] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

by Srivatsa S. Bhat

Hi Greg, I have backported Spectre-v2 fixes and patches for the Speculative Store Bypass vulnerability to 4.4.y (they apply cleanly on top of 4.4.136). I would appreciate if you could kindly consider them for review and inclusion in a future 4.4.y release. Thank you very much! Regards, Srivatsa VMware Photon OS The following changes since commit dc45cafe612ec6960fe728f3260a0b751c73f4aa: Linux 4.4.136 (2018-06-06 16:46:24 +0200) are available in the git repository at: https://github.com/srivatsabhat/linux-stable spectre-v2-fixes-4.4.136 for you to fetch changes up to 9b8faf91ba22460785968e013763d9a5be869228: x86/bugs: Rename SSBD_NO to SSB_NO (2018-06-11 13:58:43 -0700) ---------------------------------------------------------------- Alexander Kuleshov (1): x86/boot: Simplify kernel load address alignment check Alexander Sergeyev (1): x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist Andi Kleen (1): x86/headers: Don't include asm/processor.h in asm/atomic.h Andrey Smetanin (1): kvm/x86: per-vcpu apicv deactivation support Andy Lutomirski (2): x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 x86/mm: Give each mm TLB flush generation a unique ID Andy Shevchenko (1): x86/cpu: Rename Merrifield2 to Moorefield Arnd Bergmann (1): x86/pti: Mark constant arrays as __initconst Ashok Raj (1): KVM/x86: Add IBPB support Borislav Petkov (16): x86/cpufeature: Move some of the scattered feature bits to x86_capability x86/cpufeature: Cleanup get_cpu_cap() x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros x86/cpu: Provide a config option to disable static_cpu_has x86/fpu: Add an XSTATE_OP() macro x86/fpu: Get rid of xstate_fault() x86/cpufeature: Carve out X86_FEATURE_* x86/cpufeature: Replace the old static_cpu_has() with safe variant x86/cpufeature: Get rid of the non-asm goto variant x86/alternatives: Add an auxilary section x86/vdso: Use static_cpu_has() x86/cpufeature: Speed up cpu_feature_enabled() Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/cpu/AMD: Fix erratum 1076 (CPB bit) x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Brian Gerst (1): x86/alternatives: Discard dynamic check after init Dan Williams (2): x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface x86/speculation: Fix up array_index_nospec_mask() asm constraint Dave Hansen (7): x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions x86/mm/pkeys: Fix mismerge of protection keys CPUID bits x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys x86/cpufeature: Update cpufeaure macros x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated x86/cpufeature: Add helper macro for mask check macros x86/mm: Factor out LDT init from context init David Matlack (2): kvm: x86: nVMX: maintain internal copy of current VMCS KVM: nVMX: mark vmcs12 pages dirty on L2 exit David Woodhouse (14): x86/cpufeatures: Add CPUID_7_EDX CPUID leaf x86/cpufeatures: Add Intel feature bits for Speculation Control x86/cpufeatures: Add AMD feature bits for Speculation Control x86/msr: Add definitions for new speculation control MSRs x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support x86/cpufeatures: Clean up Spectre v2 related CPUID flags x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel x86/speculation: Update Speculation Control microcode blacklist x86/speculation: Correct Speculation Control microcode blacklist again x86/speculation: Use IBRS if available before calling into firmware x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Denys Vlasenko (1): x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs Huaitong Han (1): KVM: x86: remove magic number with enum cpuid_leafs Ingo Molnar (2): x86/speculation: Clean up various Spectre related details x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP Jim Mattson (4): KVM: VMX: Add VMCS to CPU's loaded VMCSs before VMPTRLD kvm: nVMX: VMCLEAR an active shadow VMCS after last use KVM: nVMX: Eliminate vmcs02 pool x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (2): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static Juergen Gross (3): x86: Remove unused function cpu_has_ht_siblings() x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend xen: set cpu capabilities from xen_start_kernel() KarimAllah Ahmed (4): KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs Kees Cook (5): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Konrad Rzeszutek Wilk (15): x86/spectre_v2: Don't check microcode versions when running under hypervisors x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO Kyle Huey (2): x86/process: Optimize TIF checks in __switch_to_xtra() x86/process: Correct and optimize TIF_BLOCKSTEP switch Linus Torvalds (1): x86/nospec: Simplify alternative_msr_write() Mickaël Salaün (2): selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC selftest/seccomp: Fix the seccomp(2) signature Paolo Bonzini (4): KVM: VMX: introduce alloc_loaded_vmcs KVM: VMX: make MSR bitmaps per-VCPU KVM/x86: Remove indirect MSR op calls from SPEC_CTRL KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() Peter Zijlstra (1): x86/speculation: Add <asm/msr-index.h> dependency Piotr Luc (1): x86/cpu/intel: Add Knights Mill to Intel family Radim Krčmář (1): KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC Thomas Gleixner (19): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Optimize TIF_NOTSC switch x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Tim Chen (1): x86/speculation: Use Indirect Branch Prediction Barrier in context switch Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Wanpeng Li (1): KVM: VMX: Enable MSR-BASED TPR shadow even if APICv is inactive Yang Zhang (1): kvm: vmx: check apicv is active before using VT-d posted interrupt Yazen Ghannam (1): x86/cpu: Add detection of AMD RAS Capabilities Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/kernel-parameters.txt | 47 +- Documentation/spec_ctrl.txt | 94 +++ arch/x86/Kconfig | 11 + arch/x86/Kconfig.debug | 10 - arch/x86/boot/cpuflags.h | 2 +- arch/x86/boot/mkcpustr.c | 2 +- arch/x86/crypto/chacha20_glue.c | 2 +- arch/x86/crypto/crc32-pclmul_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 4 +- arch/x86/crypto/crct10dif-pclmul_glue.c | 2 +- arch/x86/entry/common.c | 1 + arch/x86/entry/entry_32.S | 2 +- arch/x86/entry/entry_64_compat.S | 75 +- arch/x86/entry/vdso/vdso32-setup.c | 1 - arch/x86/entry/vdso/vdso32/system_call.S | 2 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 6 - arch/x86/include/asm/apic.h | 1 - arch/x86/include/asm/apm.h | 6 + arch/x86/include/asm/arch_hweight.h | 2 + arch/x86/include/asm/atomic.h | 1 - arch/x86/include/asm/atomic64_32.h | 1 - arch/x86/include/asm/barrier.h | 2 +- arch/x86/include/asm/cmpxchg.h | 1 + arch/x86/include/asm/cmpxchg_32.h | 2 +- arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/cpufeature.h | 584 +++----------- arch/x86/include/asm/cpufeatures.h | 335 ++++++++ arch/x86/include/asm/disabled-features.h | 18 + arch/x86/include/asm/fpu/internal.h | 184 +++-- arch/x86/include/asm/intel-family.h | 10 +- arch/x86/include/asm/irq_work.h | 2 +- arch/x86/include/asm/kvm_host.h | 8 +- arch/x86/include/asm/mmu.h | 15 +- arch/x86/include/asm/mmu_context.h | 25 +- arch/x86/include/asm/msr-index.h | 22 + arch/x86/include/asm/mwait.h | 2 + arch/x86/include/asm/nospec-branch.h | 56 +- arch/x86/include/asm/processor.h | 3 +- arch/x86/include/asm/required-features.h | 10 + arch/x86/include/asm/smap.h | 2 +- arch/x86/include/asm/smp.h | 10 - arch/x86/include/asm/spec-ctrl.h | 80 ++ arch/x86/include/asm/thread_info.h | 8 +- arch/x86/include/asm/tlbflush.h | 13 + arch/x86/include/asm/uaccess_64.h | 2 +- arch/x86/include/asm/xor_32.h | 2 +- arch/x86/kernel/apic/apic_numachip.c | 4 +- arch/x86/kernel/cpu/Makefile | 2 +- arch/x86/kernel/cpu/amd.c | 42 +- arch/x86/kernel/cpu/bugs.c | 427 +++++++++- arch/x86/kernel/cpu/centaur.c | 4 +- arch/x86/kernel/cpu/common.c | 193 +++-- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/cyrix.c | 1 + arch/x86/kernel/cpu/intel.c | 78 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 8 +- arch/x86/kernel/cpu/match.c | 2 +- arch/x86/kernel/cpu/mkcapflags.sh | 6 +- arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/cpu/mtrr/main.c | 4 +- arch/x86/kernel/cpu/perf_event_amd.c | 4 +- arch/x86/kernel/cpu/perf_event_amd_uncore.c | 11 +- arch/x86/kernel/cpu/scattered.c | 20 - arch/x86/kernel/cpu/transmeta.c | 6 +- arch/x86/kernel/e820.c | 1 + arch/x86/kernel/fpu/init.c | 4 +- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 4 +- arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/hw_breakpoint.c | 6 +- arch/x86/kernel/ldt.c | 4 +- arch/x86/kernel/msr.c | 2 +- arch/x86/kernel/process.c | 224 +++++- arch/x86/kernel/smpboot.c | 7 +- arch/x86/kernel/verify_cpu.S | 2 +- arch/x86/kernel/vm86_32.c | 4 +- arch/x86/kernel/vmlinux.lds.S | 11 + arch/x86/kvm/cpuid.c | 73 +- arch/x86/kvm/cpuid.h | 40 + arch/x86/kvm/irq.c | 2 +- arch/x86/kvm/lapic.c | 23 +- arch/x86/kvm/lapic.h | 4 +- arch/x86/kvm/svm.c | 157 +++- arch/x86/kvm/vmx.c | 884 ++++++++++++--------- arch/x86/kvm/x86.c | 33 +- arch/x86/lib/clear_page_64.S | 2 +- arch/x86/lib/copy_page_64.S | 2 +- arch/x86/lib/copy_user_64.S | 2 +- arch/x86/lib/memcpy_64.S | 2 +- arch/x86/lib/memmove_64.S | 2 +- arch/x86/lib/memset_64.S | 2 +- arch/x86/lib/retpoline.S | 2 +- arch/x86/mm/setup_nx.c | 5 +- arch/x86/mm/tlb.c | 33 + arch/x86/oprofile/op_model_amd.c | 1 - arch/x86/platform/efi/efi_64.c | 5 + arch/x86/um/asm/barrier.h | 2 +- arch/x86/xen/enlighten.c | 16 +- arch/x86/xen/suspend.c | 16 + drivers/base/cpu.c | 8 + drivers/char/hw_random/via-rng.c | 5 +- drivers/crypto/padlock-aes.c | 2 +- drivers/crypto/padlock-sha.c | 2 +- drivers/iommu/intel_irq_remapping.c | 2 +- fs/btrfs/disk-io.c | 2 +- fs/proc/array.c | 26 + include/linux/compiler.h | 4 + include/linux/cpu.h | 2 + include/linux/nospec.h | 10 + include/linux/sched.h | 9 + include/linux/seccomp.h | 3 +- include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 4 +- kernel/seccomp.c | 21 +- kernel/sys.c | 21 + lib/atomic64_test.c | 4 + tools/testing/selftests/seccomp/seccomp_bpf.c | 98 ++- 119 files changed, 2983 insertions(+), 1325 deletions(-) create mode 100644 Documentation/spec_ctrl.txt create mode 100644 arch/x86/include/asm/cpufeatures.h create mode 100644 arch/x86/include/asm/spec-ctrl.h

6 years, 8 months

2
1
0 0

[PATCH 4.9] KVM: VMX: Expose SSBD properly to guests, 4.9 supplement

by Ben Hutchings

Fix an additional misuse of X86_FEATURE_SSBD in guest_cpuid_has_spec_ctrl(). This function was introduced in the backport of SSBD support to 4.9 and is not present upstream, so it was not fixed by commit 43462d908821 "KVM: VMX: Expose SSBD properly to guests." Fixes: 52817587e706 ("x86/cpufeatures: Disentangle SSBD enumeration") Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: David Woodhouse <dwmw(a)amazon.co.uk> Cc: kvm(a)vger.kernel.org --- arch/x86/kvm/cpuid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index c38369781239..8a841b9d8f84 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -179,7 +179,7 @@ static inline bool guest_cpuid_has_spec_ctrl(struct kvm_vcpu *vcpu) if (best && (best->ebx & bit(X86_FEATURE_AMD_IBRS))) return true; best = kvm_find_cpuid_entry(vcpu, 7, 0); - return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_SSBD))); + return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_SPEC_CTRL_SSBD))); } static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu)

6 years, 8 months

1
0
0 0

[PATCH 4.4] brcmfmac: Fix check for ISO3166 code

by Ben Hutchings

From: Stefan Wahren <stefan.wahren(a)i2se.com> commit 9b9322db5c5a1917a66c71fe47c3848a9a31227e upstream. The commit "regulatory: add NUL to request alpha2" increases the length of alpha2 to 3. This causes a regression on brcmfmac, because brcmf_cfg80211_reg_notifier() expect valid ISO3166 codes in the complete array. So fix this accordingly. Fixes: 657308f73e67 ("regulatory: add NUL to request alpha2") Signed-off-by: Stefan Wahren <stefan.wahren(a)i2se.com> Acked-by: Franky Lin <franky.lin(a)broadcom.com> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> [bwh: Backported to 4.4: adjust filename] Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> --- drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c index 83e5aa6a9f28..ad35e760ed3f 100644 --- a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c @@ -6167,7 +6167,7 @@ static void brcmf_cfg80211_reg_notifier(struct wiphy *wiphy, req->alpha2[0], req->alpha2[1]); /* ignore non-ISO3166 country codes */ - for (i = 0; i < sizeof(req->alpha2); i++) + for (i = 0; i < 2; i++) if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') { brcmf_err("not a ISO3166 code\n"); return; -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

6 years, 8 months

1
0
0 0

[PATCH v11 0/7] dax: fix dma vs truncate/hole-punch

by Dan Williams

Changes since v9 [1] and v10 [2] * Resend the full series with the reworked "mm: introduce MEMORY_DEVICE_FS_DAX and CONFIG_DEV_PAGEMAP_OPS" (Christoph) * Move generic_dax_pagefree() into the pmem driver (Christoph) * Cleanup __bdev_dax_supported() (Christoph) * Cleanup some stale SRCU bits leftover from other iterations (Jan) * Cleanup xfs_break_layouts() (Jan) [1]: https://lists.01.org/pipermail/linux-nvdimm/2018-April/015457.html [2]: https://lists.01.org/pipermail/linux-nvdimm/2018-May/015885.html --- Background: get_user_pages() in the filesystem pins file backed memory pages for access by devices performing dma. However, it only pins the memory pages not the page-to-file offset association. If a file is truncated the pages are mapped out of the file and dma may continue indefinitely into a page that is owned by a device driver. This breaks coherency of the file vs dma, but the assumption is that if userspace wants the file-space truncated it does not matter what data is inbound from the device, it is not relevant anymore. The only expectation is that dma can safely continue while the filesystem reallocates the block(s). Problem: This expectation that dma can safely continue while the filesystem changes the block map is broken by dax. With dax the target dma page *is* the filesystem block. The model of leaving the page pinned for dma, but truncating the file block out of the file, means that the filesytem is free to reallocate a block under active dma to another file and now the expected data-incoherency situation has turned into active data-corruption. Solution: Defer all filesystem operations (fallocate(), truncate()) on a dax mode file while any page/block in the file is under active dma. This solution assumes that dma is transient. Cases where dma operations are known to not be transient, like RDMA, have been explicitly disabled via commits like 5f1d43de5416 "IB/core: disable memory registration of filesystem-dax vmas". The dax_layout_busy_page() routine is called by filesystems with a lock held against mm faults (i_mmap_lock) to find pinned / busy dax pages. The process of looking up a busy page invalidates all mappings to trigger any subsequent get_user_pages() to block on i_mmap_lock. The filesystem continues to call dax_layout_busy_page() until it finally returns no more active pages. This approach assumes that the page pinning is transient, if that assumption is violated the system would have likely hung from the uncompleted I/O. --- Dan Williams (7): memremap: split devm_memremap_pages() and memremap() infrastructure mm: introduce MEMORY_DEVICE_FS_DAX and CONFIG_DEV_PAGEMAP_OPS mm: fix __gup_device_huge vs unmap mm, fs, dax: handle layout changes to pinned dax mappings xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL xfs: prepare xfs_break_layouts() for another layout type xfs, dax: introduce xfs_break_dax_layouts() drivers/dax/super.c | 14 ++- drivers/nvdimm/pfn_devs.c | 2 drivers/nvdimm/pmem.c | 25 +++++ fs/Kconfig | 1 fs/dax.c | 97 +++++++++++++++++++++ fs/xfs/xfs_file.c | 72 ++++++++++++++-- fs/xfs/xfs_inode.h | 16 +++ fs/xfs/xfs_ioctl.c | 8 -- fs/xfs/xfs_iops.c | 16 ++- fs/xfs/xfs_pnfs.c | 15 ++- fs/xfs/xfs_pnfs.h | 5 + include/linux/dax.h | 7 ++ include/linux/memremap.h | 36 ++------ include/linux/mm.h | 71 +++++++++++---- kernel/Makefile | 3 - kernel/iomem.c | 167 ++++++++++++++++++++++++++++++++++++ kernel/memremap.c | 209 ++++++--------------------------------------- mm/Kconfig | 5 + mm/gup.c | 36 ++++++-- mm/hmm.c | 13 --- mm/swap.c | 3 - 21 files changed, 542 insertions(+), 279 deletions(-) create mode 100644 kernel/iomem.c

6 years, 8 months

2
3
0 0

+ mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: fix devmem_is_allowed() for sub-page System RAM intersections has been added to the -mm tree. Its filename is mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-fix-devmem_is_allowed-for-sub-p… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-fix-devmem_is_allowed-for-sub-p… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm: fix devmem_is_allowed() for sub-page System RAM intersections Hussam reports: I was poking around and for no real reason, I did cat /dev/mem and strings /dev/mem. Then I saw the following warning in dmesg. I saved it and rebooted immediately. memremap attempted on mixed range 0x000000000009c000 size: 0x1000 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 11810 at kernel/memremap.c:98 memremap+0x104/0x170 [..] Call Trace: xlate_dev_mem_ptr+0x25/0x40 read_mem+0x89/0x1a0 __vfs_read+0x36/0x170 The memremap() implementation checks for attempts to remap System RAM with MEMREMAP_WB and instead redirects those mapping attempts to the linear map. However, that only works if the physical address range being remapped is page aligned. In low memory we have situations like the following: 00000000-00000fff : Reserved 00001000-0009fbff : System RAM 0009fc00-0009ffff : Reserved ...where System RAM intersects Reserved ranges on a sub-page page granularity. Given that devmem_is_allowed() special cases any attempt to map System RAM in the first 1MB of memory, replace page_is_ram() with the more precise region_intersects() to trap attempts to map disallowed ranges. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199999 Link: http://lkml.kernel.org/r/152856436164.18127.2847888121707136898.stgit@dwill… Fixes: 92281dee825f ("arch: introduce memremap()") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Hussam Al-Tayeb <me(a)hussam.eu.org> Tested-by: Hussam Al-Tayeb <me(a)hussam.eu.org> Cc: <stable(a)vger.kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/mm/init.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff -puN arch/x86/mm/init.c~mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections arch/x86/mm/init.c --- a/arch/x86/mm/init.c~mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections +++ a/arch/x86/mm/init.c @@ -706,7 +706,9 @@ void __init init_mem_mapping(void) */ int devmem_is_allowed(unsigned long pagenr) { - if (page_is_ram(pagenr)) { + if (region_intersects(PFN_PHYS(pagenr), PAGE_SIZE, + IORESOURCE_SYSTEM_RAM, IORES_DESC_NONE) + != REGION_DISJOINT) { /* * For disallowed memory regions in the low 1MB range, * request that the page be shown as all zeros. _ Patches currently in -mm which might be from dan.j.williams(a)intel.com are mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections.patch mm-devm_memremap_pages-mark-devm_memremap_pages-export_symbol_gpl.patch mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch mm-hmm-use-devm-semantics-for-hmm_devmem_add-remove.patch mm-hmm-replace-hmm_devmem_pages_create-with-devm_memremap_pages.patch mm-hmm-mark-hmm_devmem_add-add_resource-export_symbol_gpl.patch

6 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2018