- Linux-stable-mirror - lists.linaro.org

Patch "[Variant 3/Meltdown] arm64: mm: Permit transitioning from Global to Non-Global without BBM" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Permit transitioning from Global to Non-Global without BBM to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 11:59:54 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Permit transitioning from Global to Non-Global without BBM From: Will Deacon <will.deacon(a)arm.com> Commit 4e6020565596 upstream. Break-before-make is not needed when transitioning from Global to Non-Global mappings, provided that the contiguous hint is not being used. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/mm/mmu.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -117,6 +117,10 @@ static bool pgattr_change_is_safe(u64 ol if ((old | new) & PTE_CONT) return false; + /* Transitioning from Global to Non-Global is safe */ + if (((old ^ new) == PTE_NG) && (new & PTE_NG)) + return true; + return ((old ^ new) & ~mask) == 0; } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Move ASID from TTBR0 to TTBR1" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Move ASID from TTBR0 to TTBR1 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:19:09 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Move ASID from TTBR0 to TTBR1 From: Will Deacon <will.deacon(a)arm.com> Commit 7655abb95386 upstream. In preparation for mapping kernelspace and userspace with different ASIDs, move the ASID to TTBR1 and update switch_mm to context-switch TTBR0 via an invalid mapping (the zero page). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/mmu_context.h | 7 +++++++ arch/arm64/include/asm/pgtable-hwdef.h | 1 + arch/arm64/include/asm/proc-fns.h | 6 ------ arch/arm64/mm/proc.S | 9 ++++++--- 4 files changed, 14 insertions(+), 9 deletions(-) --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -57,6 +57,13 @@ static inline void cpu_set_reserved_ttbr isb(); } +static inline void cpu_switch_mm(pgd_t *pgd, struct mm_struct *mm) +{ + BUG_ON(pgd == swapper_pg_dir); + cpu_set_reserved_ttbr0(); + cpu_do_switch_mm(virt_to_phys(pgd),mm); +} + /* * TCR.T0SZ value to use when the ID map is active. Usually equals * TCR_T0SZ(VA_BITS), unless system RAM is positioned very high in --- a/arch/arm64/include/asm/pgtable-hwdef.h +++ b/arch/arm64/include/asm/pgtable-hwdef.h @@ -272,6 +272,7 @@ #define TCR_TG1_4K (UL(2) << TCR_TG1_SHIFT) #define TCR_TG1_64K (UL(3) << TCR_TG1_SHIFT) +#define TCR_A1 (UL(1) << 22) #define TCR_ASID16 (UL(1) << 36) #define TCR_TBI0 (UL(1) << 37) #define TCR_HA (UL(1) << 39) --- a/arch/arm64/include/asm/proc-fns.h +++ b/arch/arm64/include/asm/proc-fns.h @@ -35,12 +35,6 @@ extern u64 cpu_do_resume(phys_addr_t ptr #include <asm/memory.h> -#define cpu_switch_mm(pgd,mm) \ -do { \ - BUG_ON(pgd == swapper_pg_dir); \ - cpu_do_switch_mm(virt_to_phys(pgd),mm); \ -} while (0) - #endif /* __ASSEMBLY__ */ #endif /* __KERNEL__ */ #endif /* __ASM_PROCFNS_H */ --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -139,9 +139,12 @@ ENDPROC(cpu_do_resume) */ ENTRY(cpu_do_switch_mm) pre_ttbr0_update_workaround x0, x2, x3 + mrs x2, ttbr1_el1 mmid x1, x1 // get mm->context.id - bfi x0, x1, #48, #16 // set the ASID - msr ttbr0_el1, x0 // set TTBR0 + bfi x2, x1, #48, #16 // set the ASID + msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set) + isb + msr ttbr0_el1, x0 // now update TTBR0 isb post_ttbr0_update_workaround ret @@ -225,7 +228,7 @@ ENTRY(__cpu_setup) * both user and kernel. */ ldr x10, =TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \ - TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 + TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 | TCR_A1 tcr_set_idmap_t0sz x10, x9 /* Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 14:13:33 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI From: Will Deacon <will.deacon(a)arm.com> Commit 9b0de864b5bc upstream. Since an mm has both a kernel and a user ASID, we need to ensure that broadcast TLB maintenance targets both address spaces so that things like CoW continue to work with the uaccess primitives in the kernel. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/tlbflush.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/tlbflush.h +++ b/arch/arm64/include/asm/tlbflush.h @@ -23,6 +23,7 @@ #include <linux/sched.h> #include <asm/cputype.h> +#include <asm/mmu.h> /* * Raw TLBI operations. @@ -54,6 +55,11 @@ #define __tlbi(op, ...) __TLBI_N(op, ##__VA_ARGS__, 1, 0) +#define __tlbi_user(op, arg) do { \ + if (arm64_kernel_unmapped_at_el0()) \ + __tlbi(op, (arg) | USER_ASID_FLAG); \ +} while (0) + /* * TLB Management * ============== @@ -115,6 +121,7 @@ static inline void flush_tlb_mm(struct m dsb(ishst); __tlbi(aside1is, asid); + __tlbi_user(aside1is, asid); dsb(ish); } @@ -125,6 +132,7 @@ static inline void flush_tlb_page(struct dsb(ishst); __tlbi(vale1is, addr); + __tlbi_user(vale1is, addr); dsb(ish); } @@ -151,10 +159,13 @@ static inline void __flush_tlb_range(str dsb(ishst); for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) { - if (last_level) + if (last_level) { __tlbi(vale1is, addr); - else + __tlbi_user(vale1is, addr); + } else { __tlbi(vae1is, addr); + __tlbi_user(vae1is, addr); + } } dsb(ish); } @@ -194,6 +205,7 @@ static inline void __flush_tlb_pgtable(s unsigned long addr = uaddr >> 12 | (ASID(mm) << 48); __tlbi(vae1is, addr); + __tlbi_user(vae1is, addr); dsb(ish); } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Map entry trampoline into trampoline and kernel page tables" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Map entry trampoline into trampoline and kernel page tables to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:14:17 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Map entry trampoline into trampoline and kernel page tables From: Will Deacon <will.deacon(a)arm.com> Commit 51a0048beb44 upstream. The exception entry trampoline needs to be mapped at the same virtual address in both the trampoline page table (which maps nothing else) and also the kernel page table, so that we can swizzle TTBR1_EL1 on exceptions from and return to EL0. This patch maps the trampoline at a fixed virtual address in the fixmap area of the kernel virtual address space, which allows the kernel proper to be randomized with respect to the trampoline when KASLR is enabled. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/fixmap.h | 4 ++++ arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/kernel/asm-offsets.c | 6 +++++- arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -58,6 +58,10 @@ enum fixed_addresses { FIX_APEI_GHES_NMI, #endif /* CONFIG_ACPI_APEI_GHES */ +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_TEXT, +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, /* --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -684,6 +684,7 @@ static inline void pmdp_set_wrprotect(st extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; extern pgd_t idmap_pg_dir[PTRS_PER_PGD]; +extern pgd_t tramp_pg_dir[PTRS_PER_PGD]; /* * Encode and decode a swap entry: --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -24,6 +24,7 @@ #include <linux/kvm_host.h> #include <linux/suspend.h> #include <asm/cpufeature.h> +#include <asm/fixmap.h> #include <asm/thread_info.h> #include <asm/memory.h> #include <asm/smp_plat.h> @@ -148,11 +149,14 @@ int main(void) DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2)); DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); - BLANK(); DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address)); DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address)); DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next)); DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val)); + BLANK(); +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + DEFINE(TRAMP_VALIAS, TRAMP_VALIAS); +#endif return 0; } --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -525,6 +525,29 @@ static int __init parse_rodata(char *arg } early_param("rodata", parse_rodata); +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __init map_entry_trampoline(void) +{ + extern char __entry_tramp_text_start[]; + + pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; + phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start); + + /* The trampoline is always mapped and can therefore be global */ + pgprot_val(prot) &= ~PTE_NG; + + /* Map only the text into the trampoline page table */ + memset(tramp_pg_dir, 0, PGD_SIZE); + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, + prot, pgd_pgtable_alloc, 0); + + /* ...as well as the kernel page table */ + __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + return 0; +} +core_initcall(map_entry_trampoline); +#endif + /* * Create fine-grained mappings for the kernel. */ Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:58:16 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN From: Will Deacon <will.deacon(a)arm.com> Commit 27a921e75711 upstream. With the ASID now installed in TTBR1, we can re-enable ARM64_SW_TTBR0_PAN by ensuring that we switch to a reserved ASID of zero when disabling user access and restore the active user ASID on the uaccess enable path. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 1 - arch/arm64/include/asm/asm-uaccess.h | 25 +++++++++++++++++-------- arch/arm64/include/asm/uaccess.h | 21 +++++++++++++++++---- arch/arm64/kernel/entry.S | 4 ++-- arch/arm64/lib/clear_user.S | 2 +- arch/arm64/lib/copy_from_user.S | 2 +- arch/arm64/lib/copy_in_user.S | 2 +- arch/arm64/lib/copy_to_user.S | 2 +- arch/arm64/mm/cache.S | 2 +- arch/arm64/xen/hypercall.S | 2 +- 10 files changed, 42 insertions(+), 21 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -882,7 +882,6 @@ endif config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" - depends on BROKEN # Temporary while switch_mm is reworked help Enabling this option prevents the kernel from accessing user-space memory directly by pointing TTBR0_EL1 to a reserved --- a/arch/arm64/include/asm/asm-uaccess.h +++ b/arch/arm64/include/asm/asm-uaccess.h @@ -16,11 +16,20 @@ add \tmp1, \tmp1, #SWAPPER_DIR_SIZE // reserved_ttbr0 at the end of swapper_pg_dir msr ttbr0_el1, \tmp1 // set reserved TTBR0_EL1 isb + sub \tmp1, \tmp1, #SWAPPER_DIR_SIZE + bic \tmp1, \tmp1, #(0xffff << 48) + msr ttbr1_el1, \tmp1 // set reserved ASID + isb .endm - .macro __uaccess_ttbr0_enable, tmp1 + .macro __uaccess_ttbr0_enable, tmp1, tmp2 get_thread_info \tmp1 ldr \tmp1, [\tmp1, #TSK_TI_TTBR0] // load saved TTBR0_EL1 + mrs \tmp2, ttbr1_el1 + extr \tmp2, \tmp2, \tmp1, #48 + ror \tmp2, \tmp2, #16 + msr ttbr1_el1, \tmp2 // set the active ASID + isb msr ttbr0_el1, \tmp1 // set the non-PAN TTBR0_EL1 isb .endm @@ -31,18 +40,18 @@ alternative_if_not ARM64_HAS_PAN alternative_else_nop_endif .endm - .macro uaccess_ttbr0_enable, tmp1, tmp2 + .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3 alternative_if_not ARM64_HAS_PAN - save_and_disable_irq \tmp2 // avoid preemption - __uaccess_ttbr0_enable \tmp1 - restore_irq \tmp2 + save_and_disable_irq \tmp3 // avoid preemption + __uaccess_ttbr0_enable \tmp1, \tmp2 + restore_irq \tmp3 alternative_else_nop_endif .endm #else .macro uaccess_ttbr0_disable, tmp1 .endm - .macro uaccess_ttbr0_enable, tmp1, tmp2 + .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3 .endm #endif @@ -56,8 +65,8 @@ alternative_if ARM64_ALT_PAN_NOT_UAO alternative_else_nop_endif .endm - .macro uaccess_enable_not_uao, tmp1, tmp2 - uaccess_ttbr0_enable \tmp1, \tmp2 + .macro uaccess_enable_not_uao, tmp1, tmp2, tmp3 + uaccess_ttbr0_enable \tmp1, \tmp2, \tmp3 alternative_if ARM64_ALT_PAN_NOT_UAO SET_PSTATE_PAN(0) alternative_else_nop_endif --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -107,15 +107,19 @@ static inline void __uaccess_ttbr0_disab { unsigned long ttbr; + ttbr = read_sysreg(ttbr1_el1); /* reserved_ttbr0 placed at the end of swapper_pg_dir */ - ttbr = read_sysreg(ttbr1_el1) + SWAPPER_DIR_SIZE; - write_sysreg(ttbr, ttbr0_el1); + write_sysreg(ttbr + SWAPPER_DIR_SIZE, ttbr0_el1); + isb(); + /* Set reserved ASID */ + ttbr &= ~(0xffffUL << 48); + write_sysreg(ttbr, ttbr1_el1); isb(); } static inline void __uaccess_ttbr0_enable(void) { - unsigned long flags; + unsigned long flags, ttbr0, ttbr1; /* * Disable interrupts to avoid preemption between reading the 'ttbr0' @@ -123,7 +127,16 @@ static inline void __uaccess_ttbr0_enabl * roll-over and an update of 'ttbr0'. */ local_irq_save(flags); - write_sysreg(current_thread_info()->ttbr0, ttbr0_el1); + ttbr0 = current_thread_info()->ttbr0; + + /* Restore active ASID */ + ttbr1 = read_sysreg(ttbr1_el1); + ttbr1 |= ttbr0 & (0xffffUL << 48); + write_sysreg(ttbr1, ttbr1_el1); + isb(); + + /* Restore user page table */ + write_sysreg(ttbr0, ttbr0_el1); isb(); local_irq_restore(flags); } --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -184,7 +184,7 @@ alternative_if ARM64_HAS_PAN alternative_else_nop_endif .if \el != 0 - mrs x21, ttbr0_el1 + mrs x21, ttbr1_el1 tst x21, #0xffff << 48 // Check for the reserved ASID orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR b.eq 1f // TTBR0 access already disabled @@ -246,7 +246,7 @@ alternative_else_nop_endif tbnz x22, #22, 1f // Skip re-enabling TTBR0 access if the PSR_PAN_BIT is set .endif - __uaccess_ttbr0_enable x0 + __uaccess_ttbr0_enable x0, x1 .if \el == 0 /* --- a/arch/arm64/lib/clear_user.S +++ b/arch/arm64/lib/clear_user.S @@ -30,7 +30,7 @@ * Alignment fixed up by hardware. */ ENTRY(__clear_user) - uaccess_enable_not_uao x2, x3 + uaccess_enable_not_uao x2, x3, x4 mov x2, x1 // save the size for fixup return subs x1, x1, #8 b.mi 2f --- a/arch/arm64/lib/copy_from_user.S +++ b/arch/arm64/lib/copy_from_user.S @@ -64,7 +64,7 @@ end .req x5 ENTRY(__arch_copy_from_user) - uaccess_enable_not_uao x3, x4 + uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3 --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -65,7 +65,7 @@ end .req x5 ENTRY(raw_copy_in_user) - uaccess_enable_not_uao x3, x4 + uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3 --- a/arch/arm64/lib/copy_to_user.S +++ b/arch/arm64/lib/copy_to_user.S @@ -63,7 +63,7 @@ end .req x5 ENTRY(__arch_copy_to_user) - uaccess_enable_not_uao x3, x4 + uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3 --- a/arch/arm64/mm/cache.S +++ b/arch/arm64/mm/cache.S @@ -49,7 +49,7 @@ ENTRY(flush_icache_range) * - end - virtual end address of region */ ENTRY(__flush_cache_user_range) - uaccess_ttbr0_enable x2, x3 + uaccess_ttbr0_enable x2, x3, x4 dcache_line_size x2, x3 sub x3, x2, #1 bic x4, x0, x3 --- a/arch/arm64/xen/hypercall.S +++ b/arch/arm64/xen/hypercall.S @@ -101,7 +101,7 @@ ENTRY(privcmd_call) * need the explicit uaccess_enable/disable if the TTBR0 PAN emulation * is enabled (it implies that hardware UAO and PAN disabled). */ - uaccess_ttbr0_enable x6, x7 + uaccess_ttbr0_enable x6, x7, x8 hvc XEN_IMM /* Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 1 Dec 2017 17:33:48 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR From: Will Deacon <will.deacon(a)arm.com> Commit b519538dfefc upstream. There are now a handful of open-coded masks to extract the ASID from a TTBR value, so introduce a TTBR_ASID_MASK and use that instead. Suggested-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/asm-uaccess.h | 3 ++- arch/arm64/include/asm/mmu.h | 1 + arch/arm64/include/asm/uaccess.h | 4 ++-- arch/arm64/kernel/entry.S | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) --- a/arch/arm64/include/asm/asm-uaccess.h +++ b/arch/arm64/include/asm/asm-uaccess.h @@ -4,6 +4,7 @@ #include <asm/alternative.h> #include <asm/kernel-pgtable.h> +#include <asm/mmu.h> #include <asm/sysreg.h> #include <asm/assembler.h> @@ -17,7 +18,7 @@ msr ttbr0_el1, \tmp1 // set reserved TTBR0_EL1 isb sub \tmp1, \tmp1, #SWAPPER_DIR_SIZE - bic \tmp1, \tmp1, #(0xffff << 48) + bic \tmp1, \tmp1, #TTBR_ASID_MASK msr ttbr1_el1, \tmp1 // set reserved ASID isb .endm --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -18,6 +18,7 @@ #define MMCF_AARCH32 0x1 /* mm context flag for AArch32 executables */ #define USER_ASID_FLAG (UL(1) << 48) +#define TTBR_ASID_MASK (UL(0xffff) << 48) #ifndef __ASSEMBLY__ --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -112,7 +112,7 @@ static inline void __uaccess_ttbr0_disab write_sysreg(ttbr + SWAPPER_DIR_SIZE, ttbr0_el1); isb(); /* Set reserved ASID */ - ttbr &= ~(0xffffUL << 48); + ttbr &= ~TTBR_ASID_MASK; write_sysreg(ttbr, ttbr1_el1); isb(); } @@ -131,7 +131,7 @@ static inline void __uaccess_ttbr0_enabl /* Restore active ASID */ ttbr1 = read_sysreg(ttbr1_el1); - ttbr1 |= ttbr0 & (0xffffUL << 48); + ttbr1 |= ttbr0 & TTBR_ASID_MASK; write_sysreg(ttbr1, ttbr1_el1); isb(); --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -205,7 +205,7 @@ alternative_else_nop_endif .if \el != 0 mrs x21, ttbr1_el1 - tst x21, #0xffff << 48 // Check for the reserved ASID + tst x21, #TTBR_ASID_MASK // Check for the reserved ASID orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR b.eq 1f // TTBR0 access already disabled and x23, x23, #~PSR_PAN_BIT // Clear the emulated PAN in the saved SPSR Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Allocate ASIDs in pairs" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Allocate ASIDs in pairs to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-allocate-asids-in-pairs.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 14:10:28 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Allocate ASIDs in pairs From: Will Deacon <will.deacon(a)arm.com> Commit 0c8ea531b774 upstream. In preparation for separate kernel/user ASIDs, allocate them in pairs for each mm_struct. The bottom bit distinguishes the two: if it is set, then the ASID will map only userspace. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/mmu.h | 1 + arch/arm64/mm/context.c | 25 +++++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -17,6 +17,7 @@ #define __ASM_MMU_H #define MMCF_AARCH32 0x1 /* mm context flag for AArch32 executables */ +#define USER_ASID_FLAG (UL(1) << 48) typedef struct { atomic64_t id; --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -39,7 +39,16 @@ static cpumask_t tlb_flush_pending; #define ASID_MASK (~GENMASK(asid_bits - 1, 0)) #define ASID_FIRST_VERSION (1UL << asid_bits) -#define NUM_USER_ASIDS ASID_FIRST_VERSION + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define NUM_USER_ASIDS (ASID_FIRST_VERSION >> 1) +#define asid2idx(asid) (((asid) & ~ASID_MASK) >> 1) +#define idx2asid(idx) (((idx) << 1) & ~ASID_MASK) +#else +#define NUM_USER_ASIDS (ASID_FIRST_VERSION) +#define asid2idx(asid) ((asid) & ~ASID_MASK) +#define idx2asid(idx) asid2idx(idx) +#endif /* Get the ASIDBits supported by the current CPU */ static u32 get_cpu_asid_bits(void) @@ -104,7 +113,7 @@ static void flush_context(unsigned int c */ if (asid == 0) asid = per_cpu(reserved_asids, i); - __set_bit(asid & ~ASID_MASK, asid_map); + __set_bit(asid2idx(asid), asid_map); per_cpu(reserved_asids, i) = asid; } @@ -156,16 +165,16 @@ static u64 new_context(struct mm_struct * We had a valid ASID in a previous life, so try to re-use * it if possible. */ - asid &= ~ASID_MASK; - if (!__test_and_set_bit(asid, asid_map)) + if (!__test_and_set_bit(asid2idx(asid), asid_map)) return newasid; } /* * Allocate a free ASID. If we can't find one, take a note of the - * currently active ASIDs and mark the TLBs as requiring flushes. - * We always count from ASID #1, as we use ASID #0 when setting a - * reserved TTBR0 for the init_mm. + * currently active ASIDs and mark the TLBs as requiring flushes. We + * always count from ASID #2 (index 1), as we use ASID #0 when setting + * a reserved TTBR0 for the init_mm and we allocate ASIDs in even/odd + * pairs. */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid != NUM_USER_ASIDS) @@ -182,7 +191,7 @@ static u64 new_context(struct mm_struct set_asid: __set_bit(asid, asid_map); cur_idx = asid; - return asid | generation; + return idx2asid(asid) | generation; } void check_and_switch_context(struct mm_struct *mm, unsigned int cpu) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 13:58:08 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper From: Will Deacon <will.deacon(a)arm.com> Commit fc0e1299da54 upstream. In order for code such as TLB invalidation to operate efficiently when the decision to map the kernel at EL0 is determined at runtime, this patch introduces a helper function, arm64_kernel_unmapped_at_el0, to determine whether or not the kernel is mapped whilst running in userspace. Currently, this just reports the value of CONFIG_UNMAP_KERNEL_AT_EL0, but will later be hooked up to a fake CPU capability using a static key. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/mmu.h | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -19,6 +19,8 @@ #define MMCF_AARCH32 0x1 /* mm context flag for AArch32 executables */ #define USER_ASID_FLAG (UL(1) << 48) +#ifndef __ASSEMBLY__ + typedef struct { atomic64_t id; void *vdso; @@ -32,6 +34,11 @@ typedef struct { */ #define ASID(mm) ((mm)->context.id.counter & 0xffff) +static inline bool arm64_kernel_unmapped_at_el0(void) +{ + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); +} + extern void paging_init(void); extern void bootmem_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); @@ -42,4 +49,5 @@ extern void create_pgd_mapping(struct mm extern void *fixmap_remap_fdt(phys_addr_t dt_phys); extern void mark_linear_text_alias_ro(void); +#endif /* !__ASSEMBLY__ */ #endif Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: Make USER_DS an inclusive limit" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: Make USER_DS an inclusive limit to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-make-user_ds-an-inclusive-limit.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 5 Feb 2018 15:34:18 +0000 Subject: [Variant 1/Spectre-v1] arm64: Make USER_DS an inclusive limit From: Robin Murphy <robin.murphy(a)arm.com> Commit 51369e398d0d upstream. Currently, USER_DS represents an exclusive limit while KERNEL_DS is inclusive. In order to do some clever trickery for speculation-safe masking, we need them both to behave equivalently - there aren't enough bits to make KERNEL_DS exclusive, so we have precisely one option. This also happens to correct a longstanding false negative for a range ending on the very top byte of kernel memory. Mark Rutland points out that we've actually got the semantics of addresses vs. segments muddled up in most of the places we need to amend, so shuffle the {USER,KERNEL}_DS definitions around such that we can correct those properly instead of just pasting "-1"s everywhere. Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/processor.h | 3 ++ arch/arm64/include/asm/uaccess.h | 45 +++++++++++++++++++++---------------- arch/arm64/kernel/entry.S | 4 +-- arch/arm64/mm/fault.c | 4 +-- 4 files changed, 33 insertions(+), 23 deletions(-) --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -21,6 +21,9 @@ #define TASK_SIZE_64 (UL(1) << VA_BITS) +#define KERNEL_DS UL(-1) +#define USER_DS (TASK_SIZE_64 - 1) + #ifndef __ASSEMBLY__ /* --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -35,10 +35,7 @@ #include <asm/compiler.h> #include <asm/extable.h> -#define KERNEL_DS (-1UL) #define get_ds() (KERNEL_DS) - -#define USER_DS TASK_SIZE_64 #define get_fs() (current_thread_info()->addr_limit) static inline void set_fs(mm_segment_t fs) @@ -66,22 +63,32 @@ static inline void set_fs(mm_segment_t f * Returns 1 if the range is valid, 0 otherwise. * * This is equivalent to the following test: - * (u65)addr + (u65)size <= current->addr_limit - * - * This needs 65-bit arithmetic. + * (u65)addr + (u65)size <= (u65)current->addr_limit + 1 */ -#define __range_ok(addr, size) \ -({ \ - unsigned long __addr = (unsigned long)(addr); \ - unsigned long flag, roksum; \ - __chk_user_ptr(addr); \ - asm("adds %1, %1, %3; ccmp %1, %4, #2, cc; cset %0, ls" \ - : "=&r" (flag), "=&r" (roksum) \ - : "1" (__addr), "Ir" (size), \ - "r" (current_thread_info()->addr_limit) \ - : "cc"); \ - flag; \ -}) +static inline unsigned long __range_ok(unsigned long addr, unsigned long size) +{ + unsigned long limit = current_thread_info()->addr_limit; + + __chk_user_ptr(addr); + asm volatile( + // A + B <= C + 1 for all A,B,C, in four easy steps: + // 1: X = A + B; X' = X % 2^64 + " adds %0, %0, %2\n" + // 2: Set C = 0 if X > 2^64, to guarantee X' > C in step 4 + " csel %1, xzr, %1, hi\n" + // 3: Set X' = ~0 if X >= 2^64. For X == 2^64, this decrements X' + // to compensate for the carry flag being set in step 4. For + // X > 2^64, X' merely has to remain nonzero, which it does. + " csinv %0, %0, xzr, cc\n" + // 4: For X < 2^64, this gives us X' - C - 1 <= 0, where the -1 + // comes from the carry in being clear. Otherwise, we are + // testing X' - C == 0, subject to the previous adjustments. + " sbcs xzr, %0, %1\n" + " cset %0, ls\n" + : "+r" (addr), "+r" (limit) : "Ir" (size) : "cc"); + + return addr; +} /* * When dealing with data aborts, watchpoints, or instruction traps we may end @@ -90,7 +97,7 @@ static inline void set_fs(mm_segment_t f */ #define untagged_addr(addr) sign_extend64(addr, 55) -#define access_ok(type, addr, size) __range_ok(addr, size) +#define access_ok(type, addr, size) __range_ok((unsigned long)(addr), size) #define user_addr_max get_fs #define _ASM_EXTABLE(from, to) \ --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -167,10 +167,10 @@ alternative_else_nop_endif .else add x21, sp, #S_FRAME_SIZE get_thread_info tsk - /* Save the task's original addr_limit and set USER_DS (TASK_SIZE_64) */ + /* Save the task's original addr_limit and set USER_DS */ ldr x20, [tsk, #TSK_TI_ADDR_LIMIT] str x20, [sp, #S_ORIG_ADDR_LIMIT] - mov x20, #TASK_SIZE_64 + mov x20, #USER_DS str x20, [tsk, #TSK_TI_ADDR_LIMIT] /* No need to reset PSTATE.UAO, hardware's already set it to 0 for us */ .endif /* \el == 0 */ --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -242,7 +242,7 @@ static inline bool is_permission_fault(u if (fsc_type == ESR_ELx_FSC_PERM) return true; - if (addr < USER_DS && system_uses_ttbr0_pan()) + if (addr < TASK_SIZE && system_uses_ttbr0_pan()) return fsc_type == ESR_ELx_FSC_FAULT && (regs->pstate & PSR_PAN_BIT); @@ -426,7 +426,7 @@ static int __kprobes do_page_fault(unsig mm_flags |= FAULT_FLAG_WRITE; } - if (addr < USER_DS && is_permission_fault(esr, regs, addr)) { + if (addr < TASK_SIZE && is_permission_fault(esr, regs, addr)) { /* regs->orig_addr_limit may be 0 if we entered from EL0 */ if (regs->orig_addr_limit == KERNEL_DS) die("Accessing user space memory with fs=KERNEL_DS", regs, esr); Patches currently in stable-queue which might be from robin.murphy(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Use per-CPU vector when BP hardening is enabled" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Use per-CPU vector when BP hardening is enabled to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Wed, 3 Jan 2018 16:38:35 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Use per-CPU vector when BP hardening is enabled From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 6840bdd73d07 upstream. Now that we have per-CPU vectors, let's plug then in the KVM/arm64 code. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/asm/kvm_mmu.h | 10 ++++++++++ arch/arm64/include/asm/kvm_mmu.h | 38 ++++++++++++++++++++++++++++++++++++++ arch/arm64/kvm/hyp/switch.c | 2 +- virt/kvm/arm/arm.c | 8 +++++++- 4 files changed, 56 insertions(+), 2 deletions(-) --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -221,6 +221,16 @@ static inline unsigned int kvm_get_vmid_ return 8; } +static inline void *kvm_get_hyp_vector(void) +{ + return kvm_ksym_ref(__kvm_hyp_vector); +} + +static inline int kvm_map_vectors(void) +{ + return 0; +} + #endif /* !__ASSEMBLY__ */ #endif /* __ARM_KVM_MMU_H__ */ --- a/arch/arm64/include/asm/kvm_mmu.h +++ b/arch/arm64/include/asm/kvm_mmu.h @@ -309,5 +309,43 @@ static inline unsigned int kvm_get_vmid_ return (cpuid_feature_extract_unsigned_field(reg, ID_AA64MMFR1_VMIDBITS_SHIFT) == 2) ? 16 : 8; } +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +#include <asm/mmu.h> + +static inline void *kvm_get_hyp_vector(void) +{ + struct bp_hardening_data *data = arm64_get_bp_hardening_data(); + void *vect = kvm_ksym_ref(__kvm_hyp_vector); + + if (data->fn) { + vect = __bp_harden_hyp_vecs_start + + data->hyp_vectors_slot * SZ_2K; + + if (!has_vhe()) + vect = lm_alias(vect); + } + + return vect; +} + +static inline int kvm_map_vectors(void) +{ + return create_hyp_mappings(kvm_ksym_ref(__bp_harden_hyp_vecs_start), + kvm_ksym_ref(__bp_harden_hyp_vecs_end), + PAGE_HYP_EXEC); +} + +#else +static inline void *kvm_get_hyp_vector(void) +{ + return kvm_ksym_ref(__kvm_hyp_vector); +} + +static inline int kvm_map_vectors(void) +{ + return 0; +} +#endif + #endif /* __ASSEMBLY__ */ #endif /* __ARM64_KVM_MMU_H__ */ --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -51,7 +51,7 @@ static void __hyp_text __activate_traps_ val &= ~CPACR_EL1_FPEN; write_sysreg(val, cpacr_el1); - write_sysreg(__kvm_hyp_vector, vbar_el1); + write_sysreg(kvm_get_hyp_vector(), vbar_el1); } static void __hyp_text __activate_traps_nvhe(void) --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -1139,7 +1139,7 @@ static void cpu_init_hyp_mode(void *dumm pgd_ptr = kvm_mmu_get_httbr(); stack_page = __this_cpu_read(kvm_arm_hyp_stack_page); hyp_stack_ptr = stack_page + PAGE_SIZE; - vector_ptr = (unsigned long)kvm_ksym_ref(__kvm_hyp_vector); + vector_ptr = (unsigned long)kvm_get_hyp_vector(); __cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr); __cpu_init_stage2(); @@ -1384,6 +1384,12 @@ static int init_hyp_mode(void) goto out_err; } + err = kvm_map_vectors(); + if (err) { + kvm_err("Cannot map vectors\n"); + goto out_err; + } + /* * Map the Hyp stack pages */ Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:14 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 6167ec5c9145 upstream. A new feature of SMCCC 1.1 is that it offers firmware-based CPU workarounds. In particular, SMCCC_ARCH_WORKAROUND_1 provides BP hardening for CVE-2017-5715. If the host has some mitigation for this issue, report that we deal with it using SMCCC_ARCH_WORKAROUND_1, as we apply the host workaround on every guest exit. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/asm/kvm_host.h | 6 ++++++ arch/arm64/include/asm/kvm_host.h | 5 +++++ include/linux/arm-smccc.h | 5 +++++ virt/kvm/arm/psci.c | 9 ++++++++- 4 files changed, 24 insertions(+), 1 deletion(-) --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -293,4 +293,10 @@ int kvm_arm_vcpu_arch_get_attr(struct kv int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr); +static inline bool kvm_arm_harden_branch_predictor(void) +{ + /* No way to detect it yet, pretend it is not there. */ + return false; +} + #endif /* __ARM_KVM_HOST_H__ */ --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -384,4 +384,9 @@ static inline void __cpu_init_stage2(voi "PARange is %d bits, unsupported configuration!", parange); } +static inline bool kvm_arm_harden_branch_predictor(void) +{ + return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR); +} + #endif /* __ARM64_KVM_HOST_H__ */ --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -73,6 +73,11 @@ ARM_SMCCC_SMC_32, \ 0, 1) +#define ARM_SMCCC_ARCH_WORKAROUND_1 \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 0x8000) + #ifndef __ASSEMBLY__ #include <linux/linkage.h> --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -405,13 +405,20 @@ int kvm_hvc_call_handler(struct kvm_vcpu { u32 func_id = smccc_get_function(vcpu); u32 val = PSCI_RET_NOT_SUPPORTED; + u32 feature; switch (func_id) { case ARM_SMCCC_VERSION_FUNC_ID: val = ARM_SMCCC_VERSION_1_1; break; case ARM_SMCCC_ARCH_FEATURES_FUNC_ID: - /* Nothing supported yet */ + feature = smccc_get_arg1(vcpu); + switch(feature) { + case ARM_SMCCC_ARCH_WORKAROUND_1: + if (kvm_arm_harden_branch_predictor()) + val = 0; + break; + } break; default: return kvm_psci_call(vcpu); Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Make PSCI_VERSION a fast path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Make PSCI_VERSION a fast path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-make-psci_version-a-fast-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Wed, 3 Jan 2018 16:38:37 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Make PSCI_VERSION a fast path From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 90348689d500 upstream. For those CPUs that require PSCI to perform a BP invalidation, going all the way to the PSCI code for not much is a waste of precious cycles. Let's terminate that call as early as possible. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/switch.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -17,6 +17,7 @@ #include <linux/types.h> #include <linux/jump_label.h> +#include <uapi/linux/psci.h> #include <asm/kvm_asm.h> #include <asm/kvm_emulate.h> @@ -322,6 +323,18 @@ again: if (exit_code == ARM_EXCEPTION_TRAP && !__populate_fault_info(vcpu)) goto again; + if (exit_code == ARM_EXCEPTION_TRAP && + (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 || + kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32) && + vcpu_get_reg(vcpu, 0) == PSCI_0_2_FN_PSCI_VERSION) { + u64 val = PSCI_RET_NOT_SUPPORTED; + if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) + val = 2; + + vcpu_set_reg(vcpu, 0, val); + goto again; + } + if (static_branch_unlikely(&vgic_v2_cpuif_trap) && exit_code == ARM_EXCEPTION_TRAP) { bool valid; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:15 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling From: Marc Zyngier <marc.zyngier(a)arm.com> Commit f72af90c3783 upstream. We want SMCCC_ARCH_WORKAROUND_1 to be fast. As fast as possible. So let's intercept it as early as we can by testing for the function call number as soon as we've identified a HVC call coming from the guest. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/hyp-entry.S | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -15,6 +15,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <linux/arm-smccc.h> #include <linux/linkage.h> #include <asm/alternative.h> @@ -64,10 +65,11 @@ alternative_endif lsr x0, x1, #ESR_ELx_EC_SHIFT cmp x0, #ESR_ELx_EC_HVC64 + ccmp x0, #ESR_ELx_EC_HVC32, #4, ne b.ne el1_trap - mrs x1, vttbr_el2 // If vttbr is valid, the 64bit guest - cbnz x1, el1_trap // called HVC + mrs x1, vttbr_el2 // If vttbr is valid, the guest + cbnz x1, el1_hvc_guest // called HVC /* Here, we're pretty sure the host called HVC. */ ldp x0, x1, [sp], #16 @@ -100,6 +102,20 @@ alternative_endif eret +el1_hvc_guest: + /* + * Fastest possible path for ARM_SMCCC_ARCH_WORKAROUND_1. + * The workaround has already been applied on the host, + * so let's quickly get back to the guest. We don't bother + * restoring x1, as it can be clobbered anyway. + */ + ldr x1, [sp] // Guest's x0 + eor w1, w1, #ARM_SMCCC_ARCH_WORKAROUND_1 + cbnz w1, el1_trap + mov x0, x1 + add sp, sp, #16 + eret + el1_trap: /* * x0: ESR_EC Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Increment PC after handling an SMC trap" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Increment PC after handling an SMC trap to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-increment-pc-after-handling-an-smc-trap.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:07 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Increment PC after handling an SMC trap From: Marc Zyngier <marc.zyngier(a)arm.com> Commit f5115e8869e1 upstream. When handling an SMC trap, the "preferred return address" is set to that of the SMC, and not the next PC (which is a departure from the behaviour of an SMC that isn't trapped). Increment PC in the handler, as the guest is otherwise forever stuck... Cc: stable(a)vger.kernel.org Fixes: acfb3b883f6d ("arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls") Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/handle_exit.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -53,7 +53,16 @@ static int handle_hvc(struct kvm_vcpu *v static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run) { + /* + * "If an SMC instruction executed at Non-secure EL1 is + * trapped to EL2 because HCR_EL2.TSC is 1, the exception is a + * Trap exception, not a Secure Monitor Call exception [...]" + * + * We need to advance the PC after the trap, as it would + * otherwise return to the same address... + */ vcpu_set_reg(vcpu, 0, ~0UL); + kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu)); return 1; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 11:59:53 +0000 Subject: [Variant 3/Meltdown] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() From: Will Deacon <will.deacon(a)arm.com> Commit 41acec624087 upstream. To allow systems which do not require kpti to continue running with global kernel mappings (which appears to be a requirement for Cavium ThunderX due to a CPU erratum), make the use of nG in the kernel page tables dependent on arm64_kernel_unmapped_at_el0(), which is resolved at runtime. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/kernel-pgtable.h | 12 ++---------- arch/arm64/include/asm/pgtable-prot.h | 30 ++++++++++++++---------------- 2 files changed, 16 insertions(+), 26 deletions(-) --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -78,16 +78,8 @@ /* * Initial memory map attributes. */ -#define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) - -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) -#define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) -#else -#define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS -#define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS -#endif +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -37,13 +37,11 @@ #define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define PROT_DEFAULT (_PROT_DEFAULT | PTE_NG) -#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_SECT_NG) -#else -#define PROT_DEFAULT _PROT_DEFAULT -#define PROT_SECT_DEFAULT _PROT_SECT_DEFAULT -#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ +#define PTE_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PTE_NG : 0) +#define PMD_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PMD_SECT_NG : 0) + +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG) +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG) #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) @@ -55,22 +53,22 @@ #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) -#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) -#define _HYP_PAGE_DEFAULT (_PAGE_DEFAULT & ~PTE_NG) +#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) +#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT -#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE) -#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY) -#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY) -#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE) -#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT) +#define PAGE_KERNEL __pgprot(PROT_NORMAL) +#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY) +#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY) +#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN) +#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT) #define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) #define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) #define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) -#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) -#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) +#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) +#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) #define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kpti: Fix the interaction between ASID switching and software PAN" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kpti: Fix the interaction between ASID switching and software PAN to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Catalin Marinas <catalin.marinas(a)arm.com> Date: Wed, 10 Jan 2018 13:18:30 +0000 Subject: [Variant 3/Meltdown] arm64: kpti: Fix the interaction between ASID switching and software PAN From: Catalin Marinas <catalin.marinas(a)arm.com> Commit 6b88a32c7af6 upstream. With ARM64_SW_TTBR0_PAN enabled, the exception entry code checks the active ASID to decide whether user access was enabled (non-zero ASID) when the exception was taken. On return from exception, if user access was previously disabled, it re-instates TTBR0_EL1 from the per-thread saved value (updated in switch_mm() or efi_set_pgd()). Commit 7655abb95386 ("arm64: mm: Move ASID from TTBR0 to TTBR1") makes a TTBR0_EL1 + ASID switching non-atomic. Subsequently, commit 27a921e75711 ("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") changes the __uaccess_ttbr0_disable() function and asm macro to first write the reserved TTBR0_EL1 followed by the ASID=0 update in TTBR1_EL1. If an exception occurs between these two, the exception return code will re-instate a valid TTBR0_EL1. Similar scenario can happen in cpu_switch_mm() between setting the reserved TTBR0_EL1 and the ASID update in cpu_do_switch_mm(). This patch reverts the entry.S check for ASID == 0 to TTBR0_EL1 and disables the interrupts around the TTBR0_EL1 and ASID switching code in __uaccess_ttbr0_disable(). It also ensures that, when returning from the EFI runtime services, efi_set_pgd() doesn't leave a non-zero ASID in TTBR1_EL1 by using uaccess_ttbr0_{enable,disable}. The accesses to current_thread_info()->ttbr0 are updated to use READ_ONCE/WRITE_ONCE. As a safety measure, __uaccess_ttbr0_enable() always masks out any existing non-zero ASID TTBR1_EL1 before writing in the new ASID. Fixes: 27a921e75711 ("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") Acked-by: Will Deacon <will.deacon(a)arm.com> Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: James Morse <james.morse(a)arm.com> Tested-by: James Morse <james.morse(a)arm.com> Co-developed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/asm-uaccess.h | 12 +++++++----- arch/arm64/include/asm/efi.h | 12 +++++++----- arch/arm64/include/asm/mmu_context.h | 3 ++- arch/arm64/include/asm/uaccess.h | 9 ++++++--- arch/arm64/kernel/entry.S | 2 +- arch/arm64/lib/clear_user.S | 2 +- arch/arm64/lib/copy_from_user.S | 2 +- arch/arm64/lib/copy_in_user.S | 2 +- arch/arm64/lib/copy_to_user.S | 2 +- arch/arm64/mm/cache.S | 2 +- arch/arm64/mm/proc.S | 3 +++ arch/arm64/xen/hypercall.S | 2 +- 12 files changed, 32 insertions(+), 21 deletions(-) --- a/arch/arm64/include/asm/asm-uaccess.h +++ b/arch/arm64/include/asm/asm-uaccess.h @@ -14,11 +14,11 @@ #ifdef CONFIG_ARM64_SW_TTBR0_PAN .macro __uaccess_ttbr0_disable, tmp1 mrs \tmp1, ttbr1_el1 // swapper_pg_dir + bic \tmp1, \tmp1, #TTBR_ASID_MASK add \tmp1, \tmp1, #SWAPPER_DIR_SIZE // reserved_ttbr0 at the end of swapper_pg_dir msr ttbr0_el1, \tmp1 // set reserved TTBR0_EL1 isb sub \tmp1, \tmp1, #SWAPPER_DIR_SIZE - bic \tmp1, \tmp1, #TTBR_ASID_MASK msr ttbr1_el1, \tmp1 // set reserved ASID isb .endm @@ -35,9 +35,11 @@ isb .endm - .macro uaccess_ttbr0_disable, tmp1 + .macro uaccess_ttbr0_disable, tmp1, tmp2 alternative_if_not ARM64_HAS_PAN + save_and_disable_irq \tmp2 // avoid preemption __uaccess_ttbr0_disable \tmp1 + restore_irq \tmp2 alternative_else_nop_endif .endm @@ -49,7 +51,7 @@ alternative_if_not ARM64_HAS_PAN alternative_else_nop_endif .endm #else - .macro uaccess_ttbr0_disable, tmp1 + .macro uaccess_ttbr0_disable, tmp1, tmp2 .endm .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3 @@ -59,8 +61,8 @@ alternative_else_nop_endif /* * These macros are no-ops when UAO is present. */ - .macro uaccess_disable_not_uao, tmp1 - uaccess_ttbr0_disable \tmp1 + .macro uaccess_disable_not_uao, tmp1, tmp2 + uaccess_ttbr0_disable \tmp1, \tmp2 alternative_if ARM64_ALT_PAN_NOT_UAO SET_PSTATE_PAN(1) alternative_else_nop_endif --- a/arch/arm64/include/asm/efi.h +++ b/arch/arm64/include/asm/efi.h @@ -121,19 +121,21 @@ static inline void efi_set_pgd(struct mm if (mm != current->active_mm) { /* * Update the current thread's saved ttbr0 since it is - * restored as part of a return from exception. Set - * the hardware TTBR0_EL1 using cpu_switch_mm() - * directly to enable potential errata workarounds. + * restored as part of a return from exception. Enable + * access to the valid TTBR0_EL1 and invoke the errata + * workaround directly since there is no return from + * exception when invoking the EFI run-time services. */ update_saved_ttbr0(current, mm); - cpu_switch_mm(mm->pgd, mm); + uaccess_ttbr0_enable(); + post_ttbr_update_workaround(); } else { /* * Defer the switch to the current thread's TTBR0_EL1 * until uaccess_enable(). Restore the current * thread's saved ttbr0 corresponding to its active_mm */ - cpu_set_reserved_ttbr0(); + uaccess_ttbr0_disable(); update_saved_ttbr0(current, current->active_mm); } } --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -175,7 +175,7 @@ static inline void update_saved_ttbr0(st else ttbr = virt_to_phys(mm->pgd) | ASID(mm) << 48; - task_thread_info(tsk)->ttbr0 = ttbr; + WRITE_ONCE(task_thread_info(tsk)->ttbr0, ttbr); } #else static inline void update_saved_ttbr0(struct task_struct *tsk, @@ -230,6 +230,7 @@ switch_mm(struct mm_struct *prev, struct #define activate_mm(prev,next) switch_mm(prev, next, current) void verify_cpu_asid_bits(void); +void post_ttbr_update_workaround(void); #endif /* !__ASSEMBLY__ */ --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -105,16 +105,18 @@ static inline void set_fs(mm_segment_t f #ifdef CONFIG_ARM64_SW_TTBR0_PAN static inline void __uaccess_ttbr0_disable(void) { - unsigned long ttbr; + unsigned long flags, ttbr; + local_irq_save(flags); ttbr = read_sysreg(ttbr1_el1); + ttbr &= ~TTBR_ASID_MASK; /* reserved_ttbr0 placed at the end of swapper_pg_dir */ write_sysreg(ttbr + SWAPPER_DIR_SIZE, ttbr0_el1); isb(); /* Set reserved ASID */ - ttbr &= ~TTBR_ASID_MASK; write_sysreg(ttbr, ttbr1_el1); isb(); + local_irq_restore(flags); } static inline void __uaccess_ttbr0_enable(void) @@ -127,10 +129,11 @@ static inline void __uaccess_ttbr0_enabl * roll-over and an update of 'ttbr0'. */ local_irq_save(flags); - ttbr0 = current_thread_info()->ttbr0; + ttbr0 = READ_ONCE(current_thread_info()->ttbr0); /* Restore active ASID */ ttbr1 = read_sysreg(ttbr1_el1); + ttbr1 &= ~TTBR_ASID_MASK; /* safety measure */ ttbr1 |= ttbr0 & TTBR_ASID_MASK; write_sysreg(ttbr1, ttbr1_el1); isb(); --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -204,7 +204,7 @@ alternative_if ARM64_HAS_PAN alternative_else_nop_endif .if \el != 0 - mrs x21, ttbr1_el1 + mrs x21, ttbr0_el1 tst x21, #TTBR_ASID_MASK // Check for the reserved ASID orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR b.eq 1f // TTBR0 access already disabled --- a/arch/arm64/lib/clear_user.S +++ b/arch/arm64/lib/clear_user.S @@ -50,7 +50,7 @@ uao_user_alternative 9f, strh, sttrh, wz b.mi 5f uao_user_alternative 9f, strb, sttrb, wzr, x0, 0 5: mov x0, #0 - uaccess_disable_not_uao x2 + uaccess_disable_not_uao x2, x3 ret ENDPROC(__clear_user) --- a/arch/arm64/lib/copy_from_user.S +++ b/arch/arm64/lib/copy_from_user.S @@ -67,7 +67,7 @@ ENTRY(__arch_copy_from_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" - uaccess_disable_not_uao x3 + uaccess_disable_not_uao x3, x4 mov x0, #0 // Nothing to copy ret ENDPROC(__arch_copy_from_user) --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -68,7 +68,7 @@ ENTRY(raw_copy_in_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" - uaccess_disable_not_uao x3 + uaccess_disable_not_uao x3, x4 mov x0, #0 ret ENDPROC(raw_copy_in_user) --- a/arch/arm64/lib/copy_to_user.S +++ b/arch/arm64/lib/copy_to_user.S @@ -66,7 +66,7 @@ ENTRY(__arch_copy_to_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" - uaccess_disable_not_uao x3 + uaccess_disable_not_uao x3, x4 mov x0, #0 ret ENDPROC(__arch_copy_to_user) --- a/arch/arm64/mm/cache.S +++ b/arch/arm64/mm/cache.S @@ -72,7 +72,7 @@ USER(9f, ic ivau, x4 ) // invalidate I isb mov x0, #0 1: - uaccess_ttbr0_disable x1 + uaccess_ttbr0_disable x1, x2 ret 9: mov x0, #-EFAULT --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -140,6 +140,9 @@ ENDPROC(cpu_do_resume) ENTRY(cpu_do_switch_mm) mrs x2, ttbr1_el1 mmid x1, x1 // get mm->context.id +#ifdef CONFIG_ARM64_SW_TTBR0_PAN + bfi x0, x1, #48, #16 // set the ASID field in TTBR0 +#endif bfi x2, x1, #48, #16 // set the ASID msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set) isb --- a/arch/arm64/xen/hypercall.S +++ b/arch/arm64/xen/hypercall.S @@ -107,6 +107,6 @@ ENTRY(privcmd_call) /* * Disable userspace access from kernel once the hyp call completed. */ - uaccess_ttbr0_disable x6 + uaccess_ttbr0_disable x6, x7 ret ENDPROC(privcmd_call); Patches currently in stable-queue which might be from catalin.marinas(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kill-psci_get_version-as-a-variant-2-workaround.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:21 +0000 Subject: [Variant 2/Spectre-v2] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 3a0a397ff5ff upstream. Now that we've standardised on SMCCC v1.1 to perform the branch prediction invalidation, let's drop the previous band-aid. If vendors haven't updated their firmware to do SMCCC 1.1, they haven't updated PSCI either, so we don't loose anything. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/bpi.S | 24 --------------------- arch/arm64/kernel/cpu_errata.c | 45 +++++++++++------------------------------ arch/arm64/kvm/hyp/switch.c | 14 ------------ 3 files changed, 13 insertions(+), 70 deletions(-) --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -54,30 +54,6 @@ ENTRY(__bp_harden_hyp_vecs_start) vectors __kvm_hyp_vector .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__psci_hyp_bp_inval_start) - sub sp, sp, #(8 * 18) - stp x16, x17, [sp, #(16 * 0)] - stp x14, x15, [sp, #(16 * 1)] - stp x12, x13, [sp, #(16 * 2)] - stp x10, x11, [sp, #(16 * 3)] - stp x8, x9, [sp, #(16 * 4)] - stp x6, x7, [sp, #(16 * 5)] - stp x4, x5, [sp, #(16 * 6)] - stp x2, x3, [sp, #(16 * 7)] - stp x0, x1, [sp, #(16 * 8)] - mov x0, #0x84000000 - smc #0 - ldp x16, x17, [sp, #(16 * 0)] - ldp x14, x15, [sp, #(16 * 1)] - ldp x12, x13, [sp, #(16 * 2)] - ldp x10, x11, [sp, #(16 * 3)] - ldp x8, x9, [sp, #(16 * 4)] - ldp x6, x7, [sp, #(16 * 5)] - ldp x4, x5, [sp, #(16 * 6)] - ldp x2, x3, [sp, #(16 * 7)] - ldp x0, x1, [sp, #(16 * 8)] - add sp, sp, #(8 * 18) -ENTRY(__psci_hyp_bp_inval_end) ENTRY(__qcom_hyp_sanitize_link_stack_start) stp x29, x30, [sp, #-16]! --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -67,7 +67,6 @@ static int cpu_enable_trap_ctr_access(vo DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); #ifdef CONFIG_KVM -extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; extern char __qcom_hyp_sanitize_link_stack_start[]; extern char __qcom_hyp_sanitize_link_stack_end[]; extern char __smccc_workaround_1_smc_start[]; @@ -116,8 +115,6 @@ static void __install_bp_hardening_cb(bp spin_unlock(&bp_lock); } #else -#define __psci_hyp_bp_inval_start NULL -#define __psci_hyp_bp_inval_end NULL #define __qcom_hyp_sanitize_link_stack_start NULL #define __qcom_hyp_sanitize_link_stack_end NULL #define __smccc_workaround_1_smc_start NULL @@ -164,24 +161,25 @@ static void call_hvc_arch_workaround_1(v arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); } -static bool check_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +static int enable_smccc_arch_workaround_1(void *data) { + const struct arm64_cpu_capabilities *entry = data; bp_hardening_cb_t cb; void *smccc_start, *smccc_end; struct arm_smccc_res res; if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return false; + return 0; if (psci_ops.smccc_version == SMCCC_VERSION_1_0) - return false; + return 0; switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if (res.a0) - return false; + return 0; cb = call_hvc_arch_workaround_1; smccc_start = __smccc_workaround_1_hvc_start; smccc_end = __smccc_workaround_1_hvc_end; @@ -191,35 +189,18 @@ static bool check_smccc_arch_workaround_ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if (res.a0) - return false; + return 0; cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: - return false; + return 0; } install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); - return true; -} - -static int enable_psci_bp_hardening(void *data) -{ - const struct arm64_cpu_capabilities *entry = data; - - if (psci_ops.get_version) { - if (check_smccc_arch_workaround_1(entry)) - return 0; - - install_bp_hardening_cb(entry, - (bp_hardening_cb_t)psci_ops.get_version, - __psci_hyp_bp_inval_start, - __psci_hyp_bp_inval_end); - } - return 0; } @@ -399,22 +380,22 @@ const struct arm64_cpu_capabilities arm6 { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, @@ -428,12 +409,12 @@ const struct arm64_cpu_capabilities arm6 { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, #endif { --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -325,20 +325,6 @@ again: if (exit_code == ARM_EXCEPTION_TRAP && !__populate_fault_info(vcpu)) goto again; - if (exit_code == ARM_EXCEPTION_TRAP && - (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 || - kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32)) { - u32 val = vcpu_get_reg(vcpu, 0); - - if (val == PSCI_0_2_FN_PSCI_VERSION) { - val = kvm_psci_version(vcpu, kern_hyp_va(vcpu->kvm)); - if (unlikely(val == KVM_ARM_PSCI_0_1)) - val = PSCI_RET_NOT_SUPPORTED; - vcpu_set_reg(vcpu, 0, val); - goto again; - } - } - if (static_branch_unlikely(&vgic_v2_cpuif_trap) && exit_code == ARM_EXCEPTION_TRAP) { bool valid; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kpti: Add ->enable callback to remap swapper using nG mappings" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kpti: Add ->enable callback to remap swapper using nG mappings to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 6 Feb 2018 22:22:50 +0000 Subject: [Variant 3/Meltdown] arm64: kpti: Add ->enable callback to remap swapper using nG mappings From: Will Deacon <will.deacon(a)arm.com> Commit f992b4dfd58b upstream. Defaulting to global mappings for kernel space is generally good for performance and appears to be necessary for Cavium ThunderX. If we subsequently decide that we need to enable kpti, then we need to rewrite our existing page table entries to be non-global. This is fiddly, and made worse by the possible use of contiguous mappings, which require a strict break-before-make sequence. Since the enable callback runs on each online CPU from stop_machine context, we can have all CPUs enter the idmap, where secondaries can wait for the primary CPU to rewrite swapper with its MMU off. It's all fairly horrible, but at least it only runs once. Tested-by: Marc Zyngier <marc.zyngier(a)arm.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 4 arch/arm64/kernel/cpufeature.c | 25 ++++ arch/arm64/mm/proc.S | 201 +++++++++++++++++++++++++++++++++++-- 3 files changed, 223 insertions(+), 7 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -486,4 +486,8 @@ alternative_else_nop_endif #endif .endm + .macro pte_to_phys, phys, pte + and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) + .endm + #endif /* __ASM_ASSEMBLER_H */ --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -828,6 +828,30 @@ static bool unmap_kernel_at_el0(const st ID_AA64PFR0_CSV3_SHIFT); } +static int kpti_install_ng_mappings(void *__unused) +{ + typedef void (kpti_remap_fn)(int, int, phys_addr_t); + extern kpti_remap_fn idmap_kpti_install_ng_mappings; + kpti_remap_fn *remap_fn; + + static bool kpti_applied = false; + int cpu = smp_processor_id(); + + if (kpti_applied) + return 0; + + remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings); + + cpu_install_idmap(); + remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir)); + cpu_uninstall_idmap(); + + if (!cpu) + kpti_applied = true; + + return 0; +} + static int __init parse_kpti(char *str) { bool enabled; @@ -934,6 +958,7 @@ static const struct arm64_cpu_capabiliti .capability = ARM64_UNMAP_KERNEL_AT_EL0, .def_scope = SCOPE_SYSTEM, .matches = unmap_kernel_at_el0, + .enable = kpti_install_ng_mappings, }, #endif { --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -153,6 +153,16 @@ ENTRY(cpu_do_switch_mm) ENDPROC(cpu_do_switch_mm) .pushsection ".idmap.text", "ax" + +.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 + adrp \tmp1, empty_zero_page + msr ttbr1_el1, \tmp2 + isb + tlbi vmalle1 + dsb nsh + isb +.endm + /* * void idmap_cpu_replace_ttbr1(phys_addr_t new_pgd) * @@ -163,13 +173,7 @@ ENTRY(idmap_cpu_replace_ttbr1) mrs x2, daif msr daifset, #0xf - adrp x1, empty_zero_page - msr ttbr1_el1, x1 - isb - - tlbi vmalle1 - dsb nsh - isb + __idmap_cpu_set_reserved_ttbr1 x1, x3 msr ttbr1_el1, x0 isb @@ -180,6 +184,189 @@ ENTRY(idmap_cpu_replace_ttbr1) ENDPROC(idmap_cpu_replace_ttbr1) .popsection +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + .pushsection ".idmap.text", "ax" + + .macro __idmap_kpti_get_pgtable_ent, type + dc cvac, cur_\()\type\()p // Ensure any existing dirty + dmb sy // lines are written back before + ldr \type, [cur_\()\type\()p] // loading the entry + tbz \type, #0, next_\()\type // Skip invalid entries + .endm + + .macro __idmap_kpti_put_pgtable_ent_ng, type + orr \type, \type, #PTE_NG // Same bit for blocks and pages + str \type, [cur_\()\type\()p] // Update the entry and ensure it + dc civac, cur_\()\type\()p // is visible to all CPUs. + .endm + +/* + * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper) + * + * Called exactly once from stop_machine context by each CPU found during boot. + */ +__idmap_kpti_flag: + .long 1 +ENTRY(idmap_kpti_install_ng_mappings) + cpu .req w0 + num_cpus .req w1 + swapper_pa .req x2 + swapper_ttb .req x3 + flag_ptr .req x4 + cur_pgdp .req x5 + end_pgdp .req x6 + pgd .req x7 + cur_pudp .req x8 + end_pudp .req x9 + pud .req x10 + cur_pmdp .req x11 + end_pmdp .req x12 + pmd .req x13 + cur_ptep .req x14 + end_ptep .req x15 + pte .req x16 + + mrs swapper_ttb, ttbr1_el1 + adr flag_ptr, __idmap_kpti_flag + + cbnz cpu, __idmap_kpti_secondary + + /* We're the boot CPU. Wait for the others to catch up */ + sevl +1: wfe + ldaxr w18, [flag_ptr] + eor w18, w18, num_cpus + cbnz w18, 1b + + /* We need to walk swapper, so turn off the MMU. */ + mrs x18, sctlr_el1 + bic x18, x18, #SCTLR_ELx_M + msr sctlr_el1, x18 + isb + + /* Everybody is enjoying the idmap, so we can rewrite swapper. */ + /* PGD */ + mov cur_pgdp, swapper_pa + add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8) +do_pgd: __idmap_kpti_get_pgtable_ent pgd + tbnz pgd, #1, walk_puds + __idmap_kpti_put_pgtable_ent_ng pgd +next_pgd: + add cur_pgdp, cur_pgdp, #8 + cmp cur_pgdp, end_pgdp + b.ne do_pgd + + /* Publish the updated tables and nuke all the TLBs */ + dsb sy + tlbi vmalle1is + dsb ish + isb + + /* We're done: fire up the MMU again */ + mrs x18, sctlr_el1 + orr x18, x18, #SCTLR_ELx_M + msr sctlr_el1, x18 + isb + + /* Set the flag to zero to indicate that we're all done */ + str wzr, [flag_ptr] + ret + + /* PUD */ +walk_puds: + .if CONFIG_PGTABLE_LEVELS > 3 + pte_to_phys cur_pudp, pgd + add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8) +do_pud: __idmap_kpti_get_pgtable_ent pud + tbnz pud, #1, walk_pmds + __idmap_kpti_put_pgtable_ent_ng pud +next_pud: + add cur_pudp, cur_pudp, 8 + cmp cur_pudp, end_pudp + b.ne do_pud + b next_pgd + .else /* CONFIG_PGTABLE_LEVELS <= 3 */ + mov pud, pgd + b walk_pmds +next_pud: + b next_pgd + .endif + + /* PMD */ +walk_pmds: + .if CONFIG_PGTABLE_LEVELS > 2 + pte_to_phys cur_pmdp, pud + add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8) +do_pmd: __idmap_kpti_get_pgtable_ent pmd + tbnz pmd, #1, walk_ptes + __idmap_kpti_put_pgtable_ent_ng pmd +next_pmd: + add cur_pmdp, cur_pmdp, #8 + cmp cur_pmdp, end_pmdp + b.ne do_pmd + b next_pud + .else /* CONFIG_PGTABLE_LEVELS <= 2 */ + mov pmd, pud + b walk_ptes +next_pmd: + b next_pud + .endif + + /* PTE */ +walk_ptes: + pte_to_phys cur_ptep, pmd + add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8) +do_pte: __idmap_kpti_get_pgtable_ent pte + __idmap_kpti_put_pgtable_ent_ng pte +next_pte: + add cur_ptep, cur_ptep, #8 + cmp cur_ptep, end_ptep + b.ne do_pte + b next_pmd + + /* Secondary CPUs end up here */ +__idmap_kpti_secondary: + /* Uninstall swapper before surgery begins */ + __idmap_cpu_set_reserved_ttbr1 x18, x17 + + /* Increment the flag to let the boot CPU we're ready */ +1: ldxr w18, [flag_ptr] + add w18, w18, #1 + stxr w17, w18, [flag_ptr] + cbnz w17, 1b + + /* Wait for the boot CPU to finish messing around with swapper */ + sevl +1: wfe + ldxr w18, [flag_ptr] + cbnz w18, 1b + + /* All done, act like nothing happened */ + msr ttbr1_el1, swapper_ttb + isb + ret + + .unreq cpu + .unreq num_cpus + .unreq swapper_pa + .unreq swapper_ttb + .unreq flag_ptr + .unreq cur_pgdp + .unreq end_pgdp + .unreq pgd + .unreq cur_pudp + .unreq end_pudp + .unreq pud + .unreq cur_pmdp + .unreq end_pmdp + .unreq pmd + .unreq cur_ptep + .unreq end_ptep + .unreq pte +ENDPROC(idmap_kpti_install_ng_mappings) + .popsection +#endif + /* * __cpu_setup * Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 16:19:39 +0000 Subject: [Variant 3/Meltdown] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry From: Will Deacon <will.deacon(a)arm.com> Commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -807,15 +807,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y. Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kconfig-add-config_unmap_kernel_at_el0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:41:01 +0000 Subject: [Variant 3/Meltdown] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 From: Will Deacon <will.deacon(a)arm.com> Commit 084eb77cd3a8 upstream. Add a Kconfig entry to control use of the entry trampoline, which allows us to unmap the kernel whilst running in userspace and improve the robustness of KASLR. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -806,6 +806,19 @@ config FORCE_MAX_ZONEORDER However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 4M allocations matching the default size used by generic code. +config UNMAP_KERNEL_AT_EL0 + bool "Unmap kernel when running in userspace (aka \"KAISER\")" + default y + help + Some attacks against KASLR make use of the timing difference between + a permission fault which could arise from a page table entry that is + present in the TLB, and a translation fault which always requires a + page table walk. This option defends against these attacks by unmapping + the kernel whilst running in userspace, therefore forcing translation + faults for all of kernel space. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kaslr: Put kernel vectors address in separate data page" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kaslr: Put kernel vectors address in separate data page to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 6 Dec 2017 11:24:02 +0000 Subject: [Variant 3/Meltdown] arm64: kaslr: Put kernel vectors address in separate data page From: Will Deacon <will.deacon(a)arm.com> Commit 6c27c4082f4f upstream. The literal pool entry for identifying the vectors base is the only piece of information in the trampoline page that identifies the true location of the kernel. This patch moves it into a page-aligned region of the .rodata section and maps this adjacent to the trampoline text via an additional fixmap entry, which protects against any accidental leakage of the trampoline contents. Suggested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/fixmap.h | 1 + arch/arm64/kernel/entry.S | 14 ++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 5 ++++- arch/arm64/mm/mmu.c | 10 +++++++++- 4 files changed, 28 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -59,6 +59,7 @@ enum fixed_addresses { #endif /* CONFIG_ACPI_APEI_GHES */ #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -982,7 +982,13 @@ alternative_else_nop_endif msr tpidrro_el0, x30 // Restored in kernel_ventry .endif tramp_map_kernel x30 +#ifdef CONFIG_RANDOMIZE_BASE + adr x30, tramp_vectors + PAGE_SIZE +alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 + ldr x30, [x30] +#else ldr x30, =vectors +#endif prfm plil1strm, [x30, #(1b - tramp_vectors)] msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) @@ -1025,6 +1031,14 @@ END(tramp_exit_compat) .ltorg .popsection // .entry.tramp.text +#ifdef CONFIG_RANDOMIZE_BASE + .pushsection ".rodata", "a" + .align PAGE_SHIFT + .globl __entry_tramp_data_start +__entry_tramp_data_start: + .quad vectors + .popsection // .rodata +#endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -251,7 +251,10 @@ ASSERT(__idmap_text_end - (__idmap_text_ ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) <= SZ_4K, "Hibernate exit text too big or misaligned") #endif - +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE, + "Entry trampoline text too big") +#endif /* * If padding is applied before .head.text, virt<->phys conversions will fail. */ --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -541,8 +541,16 @@ static int __init map_entry_trampoline(v __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, prot, pgd_pgtable_alloc, 0); - /* ...as well as the kernel page table */ + /* Map both the text and data into the kernel page table */ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { + extern char __entry_tramp_data_start[]; + + __set_fixmap(FIX_ENTRY_TRAMP_DATA, + __pa_symbol(__entry_tramp_data_start), + PAGE_KERNEL_RO); + } + return 0; } core_initcall(map_entry_trampoline); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for affected Cortex-A CPUs" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for affected Cortex-A CPUs to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 12:46:21 +0000 Subject: [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for affected Cortex-A CPUs From: Will Deacon <will.deacon(a)arm.com> Commit aa6acde65e03 upstream. Cortex-A57, A72, A73 and A75 are susceptible to branch predictor aliasing and can theoretically be attacked by malicious code. This patch implements a PSCI-based mitigation for these CPUs when available. The call into firmware will invalidate the branch predictor state, preventing any malicious entries from affecting other victim contexts. Co-developed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/bpi.S | 24 +++++++++++++++++++++++ arch/arm64/kernel/cpu_errata.c | 42 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -53,3 +53,27 @@ ENTRY(__bp_harden_hyp_vecs_start) vectors __kvm_hyp_vector .endr ENTRY(__bp_harden_hyp_vecs_end) +ENTRY(__psci_hyp_bp_inval_start) + sub sp, sp, #(8 * 18) + stp x16, x17, [sp, #(16 * 0)] + stp x14, x15, [sp, #(16 * 1)] + stp x12, x13, [sp, #(16 * 2)] + stp x10, x11, [sp, #(16 * 3)] + stp x8, x9, [sp, #(16 * 4)] + stp x6, x7, [sp, #(16 * 5)] + stp x4, x5, [sp, #(16 * 6)] + stp x2, x3, [sp, #(16 * 7)] + stp x0, x1, [sp, #(16 * 8)] + mov x0, #0x84000000 + smc #0 + ldp x16, x17, [sp, #(16 * 0)] + ldp x14, x15, [sp, #(16 * 1)] + ldp x12, x13, [sp, #(16 * 2)] + ldp x10, x11, [sp, #(16 * 3)] + ldp x8, x9, [sp, #(16 * 4)] + ldp x6, x7, [sp, #(16 * 5)] + ldp x4, x5, [sp, #(16 * 6)] + ldp x2, x3, [sp, #(16 * 7)] + ldp x0, x1, [sp, #(16 * 8)] + add sp, sp, #(8 * 18) +ENTRY(__psci_hyp_bp_inval_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -67,6 +67,8 @@ static int cpu_enable_trap_ctr_access(vo DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); #ifdef CONFIG_KVM +extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; + static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) { @@ -108,6 +110,9 @@ static void __install_bp_hardening_cb(bp spin_unlock(&bp_lock); } #else +#define __psci_hyp_bp_inval_start NULL +#define __psci_hyp_bp_inval_end NULL + static void __install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -132,6 +137,21 @@ static void install_bp_hardening_cb(con __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); } + +#include <linux/psci.h> + +static int enable_psci_bp_hardening(void *data) +{ + const struct arm64_cpu_capabilities *entry = data; + + if (psci_ops.get_version) + install_bp_hardening_cb(entry, + (bp_hardening_cb_t)psci_ops.get_version, + __psci_hyp_bp_inval_start, + __psci_hyp_bp_inval_end); + + return 0; +} #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #define MIDR_RANGE(model, min, max) \ @@ -282,6 +302,28 @@ const struct arm64_cpu_capabilities arm6 MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), + .enable = enable_psci_bp_hardening, + }, +#endif { } }; Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: Implement array_index_mask_nospec()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: Implement array_index_mask_nospec() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-implement-array_index_mask_nospec.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 5 Feb 2018 15:34:17 +0000 Subject: [Variant 1/Spectre-v1] arm64: Implement array_index_mask_nospec() From: Robin Murphy <robin.murphy(a)arm.com> Commit 022620eed3d0 upstream. Provide an optimised, assembly implementation of array_index_mask_nospec() for arm64 so that the compiler is not in a position to transform the code in ways which affect its ability to inhibit speculation (e.g. by introducing conditional branches). This is similar to the sequence used by x86, modulo architectural differences in the carry/borrow flags. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/barrier.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) --- a/arch/arm64/include/asm/barrier.h +++ b/arch/arm64/include/asm/barrier.h @@ -40,6 +40,27 @@ #define dma_rmb() dmb(oshld) #define dma_wmb() dmb(oshst) +/* + * Generate a mask for array_index__nospec() that is ~0UL when 0 <= idx < sz + * and 0 otherwise. + */ +#define array_index_mask_nospec array_index_mask_nospec +static inline unsigned long array_index_mask_nospec(unsigned long idx, + unsigned long sz) +{ + unsigned long mask; + + asm volatile( + " cmp %1, %2\n" + " sbc %0, xzr, xzr\n" + : "=r" (mask) + : "r" (idx), "Ir" (sz) + : "cc"); + + csdb(); + return mask; +} + #define __smp_mb() dmb(ish) #define __smp_rmb() dmb(ishld) #define __smp_wmb() dmb(ishst) Patches currently in stable-queue which might be from robin.murphy(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: futex: Mask __user pointers prior to dereference" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: futex: Mask __user pointers prior to dereference to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-futex-mask-__user-pointers-prior-to-dereference.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:24 +0000 Subject: [Variant 1/Spectre-v1] arm64: futex: Mask __user pointers prior to dereference From: Will Deacon <will.deacon(a)arm.com> Commit 91b2d3442f6a upstream. The arm64 futex code has some explicit dereferencing of user pointers where performing atomic operations in response to a futex command. This patch uses masking to limit any speculative futex operations to within the user address space. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/futex.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/futex.h +++ b/arch/arm64/include/asm/futex.h @@ -48,9 +48,10 @@ do { \ } while (0) static inline int -arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) +arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *_uaddr) { int oldval = 0, ret, tmp; + u32 __user *uaddr = __uaccess_mask_ptr(_uaddr); pagefault_disable(); @@ -88,15 +89,17 @@ arch_futex_atomic_op_inuser(int op, int } static inline int -futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *_uaddr, u32 oldval, u32 newval) { int ret = 0; u32 val, tmp; + u32 __user *uaddr; - if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + if (!access_ok(VERIFY_WRITE, _uaddr, sizeof(u32))) return -EFAULT; + uaddr = __uaccess_mask_ptr(_uaddr); uaccess_enable(); asm volatile("// futex_atomic_cmpxchg_inatomic\n" " prfm pstl1strm, %2\n" Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Mon, 29 Jan 2018 11:59:56 +0000 Subject: [Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 6dc52b15c4a4 upstream. Cavium ThunderX's erratum 27456 results in a corruption of icache entries that are loaded from memory that is mapped as non-global (i.e. ASID-tagged). As KPTI is based on memory being mapped non-global, let's prevent it from kicking in if this erratum is detected. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> [will: Update comment] Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -803,12 +803,23 @@ static int __kpti_forced; /* 0: not forc static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + char const *str = "command line option"; u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); - /* Forced on command line? */ + /* + * For reasons that aren't entirely clear, enabling KPTI on Cavium + * ThunderX leads to apparent I-cache corruption of kernel text, which + * ends as well as you might imagine. Don't even try. + */ + if (cpus_have_const_cap(ARM64_WORKAROUND_CAVIUM_27456)) { + str = "ARM64_WORKAROUND_CAVIUM_27456"; + __kpti_forced = -1; + } + + /* Forced? */ if (__kpti_forced) { - pr_info_once("kernel page table isolation forced %s by command line option\n", - __kpti_forced > 0 ? "ON" : "OFF"); + pr_info_once("kernel page table isolation forced %s by %s\n", + __kpti_forced > 0 ? "ON" : "OFF", str); return __kpti_forced > 0; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 12:00:00 +0000 Subject: [Variant 3/Meltdown] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives From: Will Deacon <will.deacon(a)arm.com> Commit 439e70e27a51 upstream. The identity map is mapped as both writeable and executable by the SWAPPER_MM_MMUFLAGS and this is relied upon by the kpti code to manage a synchronisation flag. Update the .pushsection flags to reflect the actual mapping attributes. Reported-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu-reset.S | 2 +- arch/arm64/kernel/head.S | 2 +- arch/arm64/kernel/sleep.S | 2 +- arch/arm64/mm/proc.S | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) --- a/arch/arm64/kernel/cpu-reset.S +++ b/arch/arm64/kernel/cpu-reset.S @@ -16,7 +16,7 @@ #include <asm/virt.h> .text -.pushsection .idmap.text, "ax" +.pushsection .idmap.text, "awx" /* * __cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) - Helper for --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -371,7 +371,7 @@ ENDPROC(__primary_switched) * end early head section, begin head code that is also used for * hotplug and needs to have the same protections as the text region */ - .section ".idmap.text","ax" + .section ".idmap.text","awx" ENTRY(kimage_vaddr) .quad _text - TEXT_OFFSET --- a/arch/arm64/kernel/sleep.S +++ b/arch/arm64/kernel/sleep.S @@ -96,7 +96,7 @@ ENTRY(__cpu_suspend_enter) ret ENDPROC(__cpu_suspend_enter) - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(cpu_resume) bl el2_setup // if in EL2 drop to EL1 cleanly bl __cpu_setup --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -86,7 +86,7 @@ ENDPROC(cpu_do_suspend) * * x0: Address of context pointer */ - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(cpu_do_resume) ldp x2, x3, [x0] ldp x4, x5, [x0, #16] @@ -152,7 +152,7 @@ ENTRY(cpu_do_switch_mm) ret ENDPROC(cpu_do_switch_mm) - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" .macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 adrp \tmp1, empty_zero_page @@ -185,7 +185,7 @@ ENDPROC(idmap_cpu_replace_ttbr1) .popsection #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" .macro __idmap_kpti_get_pgtable_ent, type dc cvac, cur_\()\type\()p // Ensure any existing dirty @@ -373,7 +373,7 @@ ENDPROC(idmap_kpti_install_ng_mappings) * Initialise the processor for turning the MMU on. Return in x0 the * value of the SCTLR_EL1 register. */ - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(__cpu_setup) tlbi vmalle1 // Invalidate local TLB dsb nsh Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:29:19 +0000 Subject: [Variant 3/Meltdown] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code From: Will Deacon <will.deacon(a)arm.com> Commit d1777e686ad1 upstream. We rely on an atomic swizzling of TTBR1 when transitioning from the entry trampoline to the kernel proper on an exception. We can't rely on this atomicity in the face of Falkor erratum #E1003, so on affected cores we can issue a TLB invalidation to invalidate the walk cache prior to jumping into the kernel. There is still the possibility of a TLB conflict here due to conflicting walk cache entries prior to the invalidation, but this doesn't appear to be the case on these CPUs in practice. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 17 +++++------------ arch/arm64/kernel/entry.S | 12 ++++++++++++ 2 files changed, 17 insertions(+), 12 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -504,20 +504,13 @@ config CAVIUM_ERRATUM_30115 config QCOM_FALKOR_ERRATUM_1003 bool "Falkor E1003: Incorrect translation due to ASID change" default y - select ARM64_PAN if ARM64_SW_TTBR0_PAN help On Falkor v1, an incorrect ASID may be cached in the TLB when ASID - and BADDR are changed together in TTBRx_EL1. The workaround for this - issue is to use a reserved ASID in cpu_do_switch_mm() before - switching to the new ASID. Saying Y here selects ARM64_PAN if - ARM64_SW_TTBR0_PAN is selected. This is done because implementing and - maintaining the E1003 workaround in the software PAN emulation code - would be an unnecessary complication. The affected Falkor v1 CPU - implements ARMv8.1 hardware PAN support and using hardware PAN - support versus software PAN emulation is mutually exclusive at - runtime. - - If unsure, say Y. + and BADDR are changed together in TTBRx_EL1. Since we keep the ASID + in TTBR1_EL1, this situation only occurs in the entry trampoline and + then only for entries in the walk cache, since the leaf translation + is unchanged. Work around the erratum by invalidating the walk cache + entries for the trampoline before entering the kernel proper. config QCOM_FALKOR_ERRATUM_1009 bool "Falkor E1009: Prematurely complete a DSB after a TLBI" --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -941,6 +941,18 @@ __ni_sys_trace: sub \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) bic \tmp, \tmp, #USER_ASID_FLAG msr ttbr1_el1, \tmp +#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003 +alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003 + /* ASID already in \tmp[63:48] */ + movk \tmp, #:abs_g2_nc:(TRAMP_VALIAS >> 12) + movk \tmp, #:abs_g1_nc:(TRAMP_VALIAS >> 12) + /* 2MB boundary containing the vectors, so we nobble the walk cache */ + movk \tmp, #:abs_g0_nc:((TRAMP_VALIAS & ~(SZ_2M - 1)) >> 12) + isb + tlbi vae1, \tmp + dsb nsh +alternative_else_nop_endif +#endif /* CONFIG_QCOM_FALKOR_ERRATUM_1003 */ .endm .macro tramp_unmap_kernel, tmp Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Hook up entry trampoline to exception vectors" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Hook up entry trampoline to exception vectors to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:24:29 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Hook up entry trampoline to exception vectors From: Will Deacon <will.deacon(a)arm.com> Commit 4bf3286d29f3 upstream. Hook up the entry trampoline to our exception vectors so that all exceptions from and returns to EL0 go via the trampoline, which swizzles the vector base register accordingly. Transitioning to and from the kernel clobbers x30, so we use tpidrro_el0 and far_el1 as scratch registers for native tasks. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -73,6 +73,17 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + .if \el == 0 + .if \regsize == 64 + mrs x30, tpidrro_el0 + msr tpidrro_el0, xzr + .else + mov x30, xzr + .endif + .endif +#endif + sub sp, sp, #S_FRAME_SIZE #ifdef CONFIG_VMAP_STACK /* @@ -119,6 +130,11 @@ b el\()\el\()_\label .endm + .macro tramp_alias, dst, sym + mov_q \dst, TRAMP_VALIAS + add \dst, \dst, #(\sym - .entry.tramp.text) + .endm + .macro kernel_entry, el, regsize = 64 .if \regsize == 32 mov w0, w0 // zero upper 32 bits of x0 @@ -269,18 +285,20 @@ alternative_else_nop_endif .if \el == 0 ldr x23, [sp, #S_SP] // load return stack pointer msr sp_el0, x23 + tst x22, #PSR_MODE32_BIT // native task? + b.eq 3f + #ifdef CONFIG_ARM64_ERRATUM_845719 alternative_if ARM64_WORKAROUND_845719 - tbz x22, #4, 1f #ifdef CONFIG_PID_IN_CONTEXTIDR mrs x29, contextidr_el1 msr contextidr_el1, x29 #else msr contextidr_el1, xzr #endif -1: alternative_else_nop_endif #endif +3: .endif msr elr_el1, x21 // set up the return data @@ -302,7 +320,22 @@ alternative_else_nop_endif ldp x28, x29, [sp, #16 * 14] ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp - eret // return to kernel + +#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 + eret +#else + .if \el == 0 + bne 4f + msr far_el1, x30 + tramp_alias x30, tramp_exit_native + br x30 +4: + tramp_alias x30, tramp_exit_compat + br x30 + .else + eret + .endif +#endif .endm .macro irq_stack_entry Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Explicitly pass exception level to kernel_ventry macro" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Explicitly pass exception level to kernel_ventry macro to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:20:21 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Explicitly pass exception level to kernel_ventry macro From: Will Deacon <will.deacon(a)arm.com> Commit 5b1f7fe41909 upstream. We will need to treat exceptions from EL0 differently in kernel_ventry, so rework the macro to take the exception level as an argument and construct the branch target using that. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 50 +++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 25 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -71,7 +71,7 @@ #define BAD_FIQ 2 #define BAD_ERROR 3 - .macro kernel_ventry label + .macro kernel_ventry, el, label, regsize = 64 .align 7 sub sp, sp, #S_FRAME_SIZE #ifdef CONFIG_VMAP_STACK @@ -84,7 +84,7 @@ tbnz x0, #THREAD_SHIFT, 0f sub x0, sp, x0 // x0'' = sp' - x0' = (sp + x0) - sp = x0 sub sp, sp, x0 // sp'' = sp' - x0 = (sp + x0) - x0 = sp - b \label + b el\()\el\()_\label 0: /* @@ -116,7 +116,7 @@ sub sp, sp, x0 mrs x0, tpidrro_el0 #endif - b \label + b el\()\el\()_\label .endm .macro kernel_entry, el, regsize = 64 @@ -367,31 +367,31 @@ tsk .req x28 // current thread_info .align 11 ENTRY(vectors) - kernel_ventry el1_sync_invalid // Synchronous EL1t - kernel_ventry el1_irq_invalid // IRQ EL1t - kernel_ventry el1_fiq_invalid // FIQ EL1t - kernel_ventry el1_error_invalid // Error EL1t - - kernel_ventry el1_sync // Synchronous EL1h - kernel_ventry el1_irq // IRQ EL1h - kernel_ventry el1_fiq_invalid // FIQ EL1h - kernel_ventry el1_error_invalid // Error EL1h - - kernel_ventry el0_sync // Synchronous 64-bit EL0 - kernel_ventry el0_irq // IRQ 64-bit EL0 - kernel_ventry el0_fiq_invalid // FIQ 64-bit EL0 - kernel_ventry el0_error_invalid // Error 64-bit EL0 + kernel_ventry 1, sync_invalid // Synchronous EL1t + kernel_ventry 1, irq_invalid // IRQ EL1t + kernel_ventry 1, fiq_invalid // FIQ EL1t + kernel_ventry 1, error_invalid // Error EL1t + + kernel_ventry 1, sync // Synchronous EL1h + kernel_ventry 1, irq // IRQ EL1h + kernel_ventry 1, fiq_invalid // FIQ EL1h + kernel_ventry 1, error_invalid // Error EL1h + + kernel_ventry 0, sync // Synchronous 64-bit EL0 + kernel_ventry 0, irq // IRQ 64-bit EL0 + kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0 + kernel_ventry 0, error_invalid // Error 64-bit EL0 #ifdef CONFIG_COMPAT - kernel_ventry el0_sync_compat // Synchronous 32-bit EL0 - kernel_ventry el0_irq_compat // IRQ 32-bit EL0 - kernel_ventry el0_fiq_invalid_compat // FIQ 32-bit EL0 - kernel_ventry el0_error_invalid_compat // Error 32-bit EL0 + kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0 + kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0 + kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0 + kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0 #else - kernel_ventry el0_sync_invalid // Synchronous 32-bit EL0 - kernel_ventry el0_irq_invalid // IRQ 32-bit EL0 - kernel_ventry el0_fiq_invalid // FIQ 32-bit EL0 - kernel_ventry el0_error_invalid // Error 32-bit EL0 + kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0 + kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0 + kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0 + kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0 #endif END(vectors) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Reword comment about post_ttbr_update_workaround" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Reword comment about post_ttbr_update_workaround to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 11:59:58 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Reword comment about post_ttbr_update_workaround From: Will Deacon <will.deacon(a)arm.com> Commit f167211a93ac upstream. We don't fully understand the Cavium ThunderX erratum, but it appears that mapping the kernel as nG can lead to horrible consequences such as attempting to execute userspace from kernel context. Since kpti isn't enabled for these CPUs anyway, simplify the comment justifying the lack of post_ttbr_update_workaround in the exception trampoline. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -962,16 +962,9 @@ alternative_else_nop_endif orr \tmp, \tmp, #USER_ASID_FLAG msr ttbr1_el1, \tmp /* - * We avoid running the post_ttbr_update_workaround here because the - * user and kernel ASIDs don't have conflicting mappings, so any - * "blessing" as described in: - * - * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com - * - * will not hurt correctness. Whilst this may partially defeat the - * point of using split ASIDs in the first place, it avoids - * the hit of invalidating the entire I-cache on every return to - * userspace. + * We avoid running the post_ttbr_update_workaround here because + * it's only needed by Cavium ThunderX, which requires KPTI to be + * disabled. */ .endm Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: entry: Ensure branch through syscall table is bounded under speculation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: entry: Ensure branch through syscall table is bounded under speculation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:20 +0000 Subject: [Variant 1/Spectre-v1] arm64: entry: Ensure branch through syscall table is bounded under speculation From: Will Deacon <will.deacon(a)arm.com> Commit 6314d90e6493 upstream. In a similar manner to array_index_mask_nospec, this patch introduces an assembly macro (mask_nospec64) which can be used to bound a value under speculation. This macro is then used to ensure that the indirect branch through the syscall table is bounded under speculation, with out-of-range addresses speculating as calls to sys_io_setup (0). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 11 +++++++++++ arch/arm64/kernel/entry.S | 2 ++ 2 files changed, 13 insertions(+) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -103,6 +103,17 @@ .endm /* + * Sanitise a 64-bit bounded index wrt speculation, returning zero if out + * of bounds. + */ + .macro mask_nospec64, idx, limit, tmp + sub \tmp, \idx, \limit + bic \tmp, \tmp, \idx + and \idx, \idx, \tmp, asr #63 + csdb + .endm + +/* * NOP sequence */ .macro nops, num --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -376,6 +376,7 @@ alternative_insn eret, nop, ARM64_UNMAP_ * x7 is reserved for the system call number in 32-bit mode. */ wsc_nr .req w25 // number of system calls +xsc_nr .req x25 // number of system calls (zero-extended) wscno .req w26 // syscall number xscno .req x26 // syscall number (zero-extended) stbl .req x27 // syscall table pointer @@ -884,6 +885,7 @@ el0_svc_naked: // compat entry point b.ne __sys_trace cmp wscno, wsc_nr // check upper syscall limit b.hs ni_sys + mask_nospec64 xscno, xsc_nr, x19 // enforce bounds for syscall number ldr x16, [stbl, xscno, lsl #3] // address in the syscall table blr x16 // call sys_* routine b ret_fast_syscall Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 2 Feb 2018 17:31:40 +0000 Subject: [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 From: Will Deacon <will.deacon(a)arm.com> Commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena <dhettena(a)nvidia.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -821,6 +821,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -751,6 +751,12 @@ asmlinkage void __exception do_mem_abort arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:38:19 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 From: Will Deacon <will.deacon(a)arm.com> Commit ea1e3de85e94 upstream. Allow explicit disabling of the entry trampoline on the kernel command line (kpti=off) by adding a fake CPU feature (ARM64_UNMAP_KERNEL_AT_EL0) that can be used to toggle the alternative sequences in our entry code and avoid use of the trampoline altogether if desired. This also allows us to make use of a static key in arm64_kernel_unmapped_at_el0(). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/mmu.h | 3 +- arch/arm64/kernel/cpufeature.c | 41 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 9 ++++---- 4 files changed, 50 insertions(+), 6 deletions(-) --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -40,7 +40,8 @@ #define ARM64_WORKAROUND_858921 19 #define ARM64_WORKAROUND_CAVIUM_30115 20 #define ARM64_HAS_DCPOP 21 +#define ARM64_UNMAP_KERNEL_AT_EL0 23 -#define ARM64_NCAPS 22 +#define ARM64_NCAPS 24 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -36,7 +36,8 @@ typedef struct { static inline bool arm64_kernel_unmapped_at_el0(void) { - return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && + cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -796,6 +796,40 @@ static bool has_no_fpsimd(const struct a ID_AA64PFR0_FP_SHIFT) < 0; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + /* Forced on command line? */ + if (__kpti_forced) { + pr_info_once("kernel page table isolation forced %s by command line option\n", + __kpti_forced > 0 ? "ON" : "OFF"); + return __kpti_forced > 0; + } + + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) + return true; + + return false; +} + +static int __init parse_kpti(char *str) +{ + bool enabled; + int ret = strtobool(str, &enabled); + + if (ret) + return ret; + + __kpti_forced = enabled ? 1 : -1; + return 0; +} +__setup("kpti=", parse_kpti); +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -882,6 +916,13 @@ static const struct arm64_cpu_capabiliti .def_scope = SCOPE_SYSTEM, .matches = hyp_offset_low, }, +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + { + .capability = ARM64_UNMAP_KERNEL_AT_EL0, + .def_scope = SCOPE_SYSTEM, + .matches = unmap_kernel_at_el0, + }, +#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -74,6 +74,7 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el == 0 .if \regsize == 64 mrs x30, tpidrro_el0 @@ -82,6 +83,7 @@ mov x30, xzr .endif .endif +alternative_else_nop_endif #endif sub sp, sp, #S_FRAME_SIZE @@ -321,10 +323,9 @@ alternative_else_nop_endif ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp -#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 - eret -#else .if \el == 0 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x30 tramp_alias x30, tramp_exit_native @@ -332,10 +333,10 @@ alternative_else_nop_endif 4: tramp_alias x30, tramp_exit_compat br x30 +#endif .else eret .endif -#endif .endm .macro irq_stack_entry Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 2 Feb 2018 17:31:39 +0000 Subject: [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions From: Will Deacon <will.deacon(a)arm.com> Commit 5dfc6ed27710 upstream. Software-step and PC alignment fault exceptions have higher priority than instruction abort exceptions, so apply the BP hardening hooks there too if the user PC appears to reside in kernel space. Reported-by: Dan Hettena <dhettena(a)nvidia.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 6 ++++-- arch/arm64/mm/fault.c | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -759,8 +759,10 @@ el0_sp_pc: * Stack or PC alignment exception handling */ mrs x26, far_el1 - // enable interrupts before calling the main handler - enable_dbg_and_irq + enable_dbg +#ifdef CONFIG_TRACE_IRQFLAGS + bl trace_hardirqs_off +#endif ct_user_exit mov x0, x26 mov x1, x25 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -778,6 +778,12 @@ asmlinkage void __exception do_sp_pc_abo struct siginfo info; struct task_struct *tsk = current; + if (user_mode(regs)) { + if (instruction_pointer(regs) > TASK_SIZE) + arm64_apply_bp_hardening(); + local_irq_enable(); + } + if (show_unhandled_signals && unhandled_signal(tsk, SIGBUS)) pr_info_ratelimited("%s[%d]: %s exception: pc=%p sp=%p\n", tsk->comm, task_pid_nr(tsk), @@ -837,6 +843,9 @@ asmlinkage int __exception do_debug_exce if (interrupts_enabled(regs)) trace_hardirqs_off(); + if (user_mode(regs) && instruction_pointer(regs) > TASK_SIZE) + arm64_apply_bp_hardening(); + if (!inf->fn(addr, esr, regs)) { rv = 1; } else { Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 11:19:34 +0000 Subject: [Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 From: Will Deacon <will.deacon(a)arm.com> Commit a65d219fe5dc upstream. Hook up MIDR values for the Cortex-A72 and Cortex-A75 CPUs, since they will soon need MIDR matches for hardening the branch predictor. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cputype.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -79,8 +79,10 @@ #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 #define ARM_CPU_PART_CORTEX_A57 0xD07 +#define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A53 0xD03 #define ARM_CPU_PART_CORTEX_A73 0xD09 +#define ARM_CPU_PART_CORTEX_A75 0xD0A #define APM_CPU_PART_POTENZA 0x000 @@ -97,7 +99,9 @@ #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) +#define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) +#define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:07:40 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0 From: Will Deacon <will.deacon(a)arm.com> Commit c7b9adaf85f8 upstream. To allow unmapping of the kernel whilst running at EL0, we need to point the exception vectors at an entry trampoline that can map/unmap the kernel on entry/exit respectively. This patch adds the trampoline page, although it is not yet plugged into the vector table and is therefore unused. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 86 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 17 +++++++ 2 files changed, 103 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -28,6 +28,8 @@ #include <asm/errno.h> #include <asm/esr.h> #include <asm/irq.h> +#include <asm/memory.h> +#include <asm/mmu.h> #include <asm/processor.h> #include <asm/ptrace.h> #include <asm/thread_info.h> @@ -895,6 +897,90 @@ __ni_sys_trace: .popsection // .entry.text +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +/* + * Exception vectors trampoline. + */ + .pushsection ".entry.tramp.text", "ax" + + .macro tramp_map_kernel, tmp + mrs \tmp, ttbr1_el1 + sub \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) + bic \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + .endm + + .macro tramp_unmap_kernel, tmp + mrs \tmp, ttbr1_el1 + add \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) + orr \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + /* + * We avoid running the post_ttbr_update_workaround here because the + * user and kernel ASIDs don't have conflicting mappings, so any + * "blessing" as described in: + * + * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com + * + * will not hurt correctness. Whilst this may partially defeat the + * point of using split ASIDs in the first place, it avoids + * the hit of invalidating the entire I-cache on every return to + * userspace. + */ + .endm + + .macro tramp_ventry, regsize = 64 + .align 7 +1: + .if \regsize == 64 + msr tpidrro_el0, x30 // Restored in kernel_ventry + .endif + tramp_map_kernel x30 + ldr x30, =vectors + prfm plil1strm, [x30, #(1b - tramp_vectors)] + msr vbar_el1, x30 + add x30, x30, #(1b - tramp_vectors) + isb + br x30 + .endm + + .macro tramp_exit, regsize = 64 + adr x30, tramp_vectors + msr vbar_el1, x30 + tramp_unmap_kernel x30 + .if \regsize == 64 + mrs x30, far_el1 + .endif + eret + .endm + + .align 11 +ENTRY(tramp_vectors) + .space 0x400 + + tramp_ventry + tramp_ventry + tramp_ventry + tramp_ventry + + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 +END(tramp_vectors) + +ENTRY(tramp_exit_native) + tramp_exit +END(tramp_exit_native) + +ENTRY(tramp_exit_compat) + tramp_exit 32 +END(tramp_exit_compat) + + .ltorg + .popsection // .entry.tramp.text +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + /* * Special system call wrappers. */ --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -57,6 +57,17 @@ jiffies = jiffies_64; #define HIBERNATE_TEXT #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define TRAMP_TEXT \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \ + *(.entry.tramp.text) \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_end) = .; +#else +#define TRAMP_TEXT +#endif + /* * The size of the PE/COFF section that covers the kernel image, which * runs from stext to _edata, must be a round multiple of the PE/COFF @@ -113,6 +124,7 @@ SECTIONS HYPERVISOR_TEXT IDMAP_TEXT HIBERNATE_TEXT + TRAMP_TEXT *(.fixup) *(.gnu.warning) . = ALIGN(16); @@ -214,6 +226,11 @@ SECTIONS . += RESERVED_TTBR0_SIZE; #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + tramp_pg_dir = .; + . += PAGE_SIZE; +#endif + __pecoff_data_size = ABSOLUTE(. - __initdata_begin); _end = .; Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Sun, 7 Jan 2018 22:53:35 -0800 Subject: [Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs From: Jayachandran C <jnair(a)caviumnetworks.com> Commit 0d90718871fe upstream. Add the older Broadcom ID as well as the new Cavium ID for ThunderX2 CPUs. Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cputype.h | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -87,6 +87,7 @@ #define CAVIUM_CPU_PART_THUNDERX 0x0A1 #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2 #define CAVIUM_CPU_PART_THUNDERX_83XX 0x0A3 +#define CAVIUM_CPU_PART_THUNDERX2 0x0AF #define BRCM_CPU_PART_VULCAN 0x516 @@ -100,6 +101,8 @@ #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) +#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2) +#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN) #define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1) #define MIDR_QCOM_FALKOR MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR) #define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO) Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpufeature-pass-capability-structure-to-enable-callback.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 2 Jan 2018 21:37:25 +0000 Subject: [Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback From: Will Deacon <will.deacon(a)arm.com> Commit 0a0d111d40fd upstream. In order to invoke the CPU capability ->matches callback from the ->enable callback for applying local-CPU workarounds, we need a handle on the capability structure. This patch passes a pointer to the capability structure to the ->enable callback. Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1144,7 +1144,7 @@ void __init enable_cpu_capabilities(cons * uses an IPI, giving us a PSTATE that disappears when * we return. */ - stop_machine(caps->enable, NULL, cpu_online_mask); + stop_machine(caps->enable, (void *)caps, cpu_online_mask); } } } @@ -1203,7 +1203,7 @@ verify_local_cpu_features(const struct a cpu_die_early(); } if (caps->enable) - caps->enable(NULL); + caps->enable((void *)caps); } } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Stephen Boyd <sboyd(a)codeaurora.org> Date: Wed, 13 Dec 2017 14:19:37 -0800 Subject: [Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata From: Stephen Boyd <sboyd(a)codeaurora.org> Commit bb48711800e6 upstream. The Kryo CPUs are also affected by the Falkor 1003 errata, so we need to do the same workaround on Kryo CPUs. The MIDR is slightly more complicated here, where the PART number is not always the same when looking at all the bits from 15 to 4. Drop the lower 8 bits and just look at the top 4 to see if it's '2' and then consider those as Kryo CPUs. This covers all the combinations without having to list them all out. Fixes: 38fd94b0275c ("arm64: Work around Falkor erratum 1003") Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/arm64/silicon-errata.txt | 2 +- arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) --- a/Documentation/arm64/silicon-errata.txt +++ b/Documentation/arm64/silicon-errata.txt @@ -71,7 +71,7 @@ stable kernels. | Hisilicon | Hip0{5,6,7} | #161010101 | HISILICON_ERRATUM_161010101 | | Hisilicon | Hip0{6,7} | #161010701 | N/A | | | | | | -| Qualcomm Tech. | Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | +| Qualcomm Tech. | Kryo/Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | | Qualcomm Tech. | Falkor v1 | E1009 | QCOM_FALKOR_ERRATUM_1009 | | Qualcomm Tech. | QDF2400 ITS | E0065 | QCOM_QDF2400_ERRATUM_0065 | | Qualcomm Tech. | Falkor v{1,2} | E1041 | QCOM_FALKOR_ERRATUM_1041 | --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -92,6 +92,7 @@ #define QCOM_CPU_PART_FALKOR_V1 0x800 #define QCOM_CPU_PART_FALKOR 0xC00 +#define QCOM_CPU_PART_KRYO 0x200 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) @@ -101,6 +102,7 @@ #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) #define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1) #define MIDR_QCOM_FALKOR MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR) +#define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO) #ifndef __ASSEMBLY__ --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -30,6 +30,20 @@ is_affected_midr_range(const struct arm6 entry->midr_range_max); } +static bool __maybe_unused +is_kryo_midr(const struct arm64_cpu_capabilities *entry, int scope) +{ + u32 model; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + model = read_cpuid_id(); + model &= MIDR_IMPLEMENTOR_MASK | (0xf00 << MIDR_PARTNUM_SHIFT) | + MIDR_ARCHITECTURE_MASK; + + return model == entry->midr_model; +} + static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) @@ -169,6 +183,13 @@ const struct arm64_cpu_capabilities arm6 MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(0, 0)), }, + { + .desc = "Qualcomm Technologies Kryo erratum 1003", + .capability = ARM64_WORKAROUND_QCOM_FALKOR_E1003, + .def_scope = SCOPE_LOCAL_CPU, + .midr_model = MIDR_QCOM_KRYO, + .matches = is_kryo_midr, + }, #endif #ifdef CONFIG_QCOM_FALKOR_ERRATUM_1009 { Patches currently in stable-queue which might be from sboyd(a)codeaurora.org are queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: James Morse <james.morse(a)arm.com> Date: Mon, 15 Jan 2018 19:38:54 +0000 Subject: [Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early From: James Morse <james.morse(a)arm.com> Commit edf298cfce47 upstream. this_cpu_has_cap() tests caps->desc not caps->matches, so it stops walking the list when it finds a 'silent' feature, instead of walking to the end of the list. Prior to v4.6's 644c2ae198412 ("arm64: cpufeature: Test 'matches' pointer to find the end of the list") we always tested desc to find the end of a capability list. This was changed for dubious things like PAN_NOT_UAO. v4.7's e3661b128e53e ("arm64: Allow a capability to be checked on single CPU") added this_cpu_has_cap() using the old desc style test. CC: Suzuki K Poulose <suzuki.poulose(a)arm.com> Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Acked-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: James Morse <james.morse(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1102,9 +1102,8 @@ static bool __this_cpu_has_cap(const str if (WARN_ON(preemptible())) return false; - for (caps = cap_array; caps->desc; caps++) + for (caps = cap_array; caps->matches; caps++) if (caps->capability == cap && - caps->matches && caps->matches(caps, SCOPE_LOCAL_CPU)) return true; return false; Patches currently in stable-queue which might be from james.morse(a)arm.com are queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: capabilities: Handle duplicate entries for a capability" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: capabilities: Handle duplicate entries for a capability to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-capabilities-handle-duplicate-entries-for-a-capability.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Tue, 9 Jan 2018 16:12:18 +0000 Subject: [Variant 3/Meltdown] arm64: capabilities: Handle duplicate entries for a capability From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Commit 67948af41f2e upstream. Sometimes a single capability could be listed multiple times with differing matches(), e.g, CPU errata for different MIDR versions. This breaks verify_local_cpu_feature() and this_cpu_has_cap() as we stop checking for a capability on a CPU with the first entry in the given table, which is not sufficient. Make sure we run the checks for all entries of the same capability. We do this by fixing __this_cpu_has_cap() to run through all the entries in the given table for a match and reuse it for verify_local_cpu_feature(). Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Acked-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 44 +++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 21 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1047,6 +1047,26 @@ static void __init setup_elf_hwcaps(cons cap_set_elf_hwcap(hwcaps); } +/* + * Check if the current CPU has a given feature capability. + * Should be called from non-preemptible context. + */ +static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, + unsigned int cap) +{ + const struct arm64_cpu_capabilities *caps; + + if (WARN_ON(preemptible())) + return false; + + for (caps = cap_array; caps->desc; caps++) + if (caps->capability == cap && + caps->matches && + caps->matches(caps, SCOPE_LOCAL_CPU)) + return true; + return false; +} + void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps, const char *info) { @@ -1125,8 +1145,9 @@ verify_local_elf_hwcaps(const struct arm } static void -verify_local_cpu_features(const struct arm64_cpu_capabilities *caps) +verify_local_cpu_features(const struct arm64_cpu_capabilities *caps_list) { + const struct arm64_cpu_capabilities *caps = caps_list; for (; caps->matches; caps++) { if (!cpus_have_cap(caps->capability)) continue; @@ -1134,7 +1155,7 @@ verify_local_cpu_features(const struct a * If the new CPU misses an advertised feature, we cannot proceed * further, park the cpu. */ - if (!caps->matches(caps, SCOPE_LOCAL_CPU)) { + if (!__this_cpu_has_cap(caps_list, caps->capability)) { pr_crit("CPU%d: missing feature: %s\n", smp_processor_id(), caps->desc); cpu_die_early(); @@ -1195,25 +1216,6 @@ static void __init mark_const_caps_ready static_branch_enable(&arm64_const_caps_ready); } -/* - * Check if the current CPU has a given feature capability. - * Should be called from non-preemptible context. - */ -static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, - unsigned int cap) -{ - const struct arm64_cpu_capabilities *caps; - - if (WARN_ON(preemptible())) - return false; - - for (caps = cap_array; caps->desc; caps++) - if (caps->capability == cap && caps->matches) - return caps->matches(caps, SCOPE_LOCAL_CPU); - - return false; -} - extern const struct arm64_cpu_capabilities arm64_errata[]; bool this_cpu_has_cap(unsigned int cap) Patches currently in stable-queue which might be from suzuki.poulose(a)arm.com are queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: barrier: Add CSDB macros to control data-value prediction" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: barrier: Add CSDB macros to control data-value prediction to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:16 +0000 Subject: [Variant 1/Spectre-v1] arm64: barrier: Add CSDB macros to control data-value prediction From: Will Deacon <will.deacon(a)arm.com> Commit 669474e772b9 upstream. For CPUs capable of data value prediction, CSDB waits for any outstanding predictions to architecturally resolve before allowing speculative execution to continue. Provide macros to expose it to the arch code. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 7 +++++++ arch/arm64/include/asm/barrier.h | 2 ++ 2 files changed, 9 insertions(+) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -96,6 +96,13 @@ .endm /* + * Value prediction barrier + */ + .macro csdb + hint #20 + .endm + +/* * NOP sequence */ .macro nops, num --- a/arch/arm64/include/asm/barrier.h +++ b/arch/arm64/include/asm/barrier.h @@ -31,6 +31,8 @@ #define dmb(opt) asm volatile("dmb " #opt : : : "memory") #define dsb(opt) asm volatile("dsb " #opt : : : "memory") +#define csdb() asm volatile("hint #20" : : : "memory") + #define mb() dsb(sy) #define rmb() dsb(ld) #define wmb() dsb(st) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-branch-predictor-hardening-for-cavium-thunderx2.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Fri, 19 Jan 2018 04:22:47 -0800 Subject: [Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2 From: Jayachandran C <jnair(a)caviumnetworks.com> Commit f3d795d9b360 upstream. Use PSCI based mitigation for speculative execution attacks targeting the branch predictor. We use the same mechanism as the one used for Cortex-A CPUs, we expect the PSCI version call to have a side effect of clearing the BTBs. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu_errata.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -359,6 +359,16 @@ const struct arm64_cpu_capabilities arm6 .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT, MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), + .enable = enable_psci_bp_hardening, + }, #endif { } Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Add skeleton to harden the branch predictor against aliasing attacks" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Add skeleton to harden the branch predictor against aliasing attacks to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 11:17:58 +0000 Subject: [Variant 2/Spectre-v2] arm64: Add skeleton to harden the branch predictor against aliasing attacks From: Will Deacon <will.deacon(a)arm.com> Commit 0f15adbb2861 upstream. Aliasing attacks against CPU branch predictors can allow an attacker to redirect speculative control flow on some CPUs and potentially divulge information from one context to another. This patch adds initial skeleton code behind a new Kconfig option to enable implementation-specific mitigations against these attacks for CPUs that are affected. Co-developed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 17 ++++++++ arch/arm64/include/asm/cpucaps.h | 3 + arch/arm64/include/asm/mmu.h | 37 +++++++++++++++++++ arch/arm64/include/asm/sysreg.h | 1 arch/arm64/kernel/Makefile | 4 ++ arch/arm64/kernel/bpi.S | 55 ++++++++++++++++++++++++++++ arch/arm64/kernel/cpu_errata.c | 74 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/cpufeature.c | 1 arch/arm64/kernel/entry.S | 8 ++-- arch/arm64/mm/context.c | 2 + arch/arm64/mm/fault.c | 17 ++++++++ 11 files changed, 215 insertions(+), 4 deletions(-) create mode 100644 arch/arm64/kernel/bpi.S --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -818,6 +818,23 @@ config UNMAP_KERNEL_AT_EL0 If unsure, say Y. +config HARDEN_BRANCH_PREDICTOR + bool "Harden the branch predictor against aliasing attacks" if EXPERT + default y + help + Speculation attacks against some high-performance processors rely on + being able to manipulate the branch predictor for a victim context by + executing aliasing branches in the attacker context. Such attacks + can be partially mitigated against by clearing internal branch + predictor state and limiting the prediction logic in some situations. + + This config option will take CPU-specific actions to harden the + branch predictor against aliasing attacks and may rely on specific + instruction sequences or control bits being set by the system + firmware. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -41,7 +41,8 @@ #define ARM64_WORKAROUND_CAVIUM_30115 20 #define ARM64_HAS_DCPOP 21 #define ARM64_UNMAP_KERNEL_AT_EL0 23 +#define ARM64_HARDEN_BRANCH_PREDICTOR 24 -#define ARM64_NCAPS 24 +#define ARM64_NCAPS 25 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -41,6 +41,43 @@ static inline bool arm64_kernel_unmapped cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } +typedef void (*bp_hardening_cb_t)(void); + +struct bp_hardening_data { + int hyp_vectors_slot; + bp_hardening_cb_t fn; +}; + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[]; + +DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); + +static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) +{ + return this_cpu_ptr(&bp_hardening_data); +} + +static inline void arm64_apply_bp_hardening(void) +{ + struct bp_hardening_data *d; + + if (!cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) + return; + + d = arm64_get_bp_hardening_data(); + if (d->fn) + d->fn(); +} +#else +static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) +{ + return NULL; +} + +static inline void arm64_apply_bp_hardening(void) { } +#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ + extern void paging_init(void); extern void bootmem_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -333,6 +333,7 @@ /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 +#define ID_AA64PFR0_CSV2_SHIFT 56 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 #define ID_AA64PFR0_FP_SHIFT 16 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -55,6 +55,10 @@ arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o +ifeq ($(CONFIG_KVM),y) +arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o +endif + obj-y += $(arm64-obj-y) vdso/ probes/ obj-m += $(arm64-obj-m) head-y := head.o --- /dev/null +++ b/arch/arm64/kernel/bpi.S @@ -0,0 +1,55 @@ +/* + * Contains CPU specific branch predictor invalidation sequences + * + * Copyright (C) 2018 ARM Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <linux/linkage.h> + +.macro ventry target + .rept 31 + nop + .endr + b \target +.endm + +.macro vectors target + ventry \target + 0x000 + ventry \target + 0x080 + ventry \target + 0x100 + ventry \target + 0x180 + + ventry \target + 0x200 + ventry \target + 0x280 + ventry \target + 0x300 + ventry \target + 0x380 + + ventry \target + 0x400 + ventry \target + 0x480 + ventry \target + 0x500 + ventry \target + 0x580 + + ventry \target + 0x600 + ventry \target + 0x680 + ventry \target + 0x700 + ventry \target + 0x780 +.endm + + .align 11 +ENTRY(__bp_harden_hyp_vecs_start) + .rept 4 + vectors __kvm_hyp_vector + .endr +ENTRY(__bp_harden_hyp_vecs_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -60,6 +60,80 @@ static int cpu_enable_trap_ctr_access(vo return 0; } +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +#include <asm/mmu_context.h> +#include <asm/cacheflush.h> + +DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); + +#ifdef CONFIG_KVM +static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + void *dst = lm_alias(__bp_harden_hyp_vecs_start + slot * SZ_2K); + int i; + + for (i = 0; i < SZ_2K; i += 0x80) + memcpy(dst + i, hyp_vecs_start, hyp_vecs_end - hyp_vecs_start); + + flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K); +} + +static void __install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + static int last_slot = -1; + static DEFINE_SPINLOCK(bp_lock); + int cpu, slot = -1; + + spin_lock(&bp_lock); + for_each_possible_cpu(cpu) { + if (per_cpu(bp_hardening_data.fn, cpu) == fn) { + slot = per_cpu(bp_hardening_data.hyp_vectors_slot, cpu); + break; + } + } + + if (slot == -1) { + last_slot++; + BUG_ON(((__bp_harden_hyp_vecs_end - __bp_harden_hyp_vecs_start) + / SZ_2K) <= last_slot); + slot = last_slot; + __copy_hyp_vect_bpi(slot, hyp_vecs_start, hyp_vecs_end); + } + + __this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot); + __this_cpu_write(bp_hardening_data.fn, fn); + spin_unlock(&bp_lock); +} +#else +static void __install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + __this_cpu_write(bp_hardening_data.fn, fn); +} +#endif /* CONFIG_KVM */ + +static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, + bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + u64 pfr0; + + if (!entry->matches(entry, SCOPE_LOCAL_CPU)) + return; + + pfr0 = read_cpuid(ID_AA64PFR0_EL1); + if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT)) + return; + + __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); +} +#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ + #define MIDR_RANGE(model, min, max) \ .def_scope = SCOPE_LOCAL_CPU, \ .matches = is_affected_midr_range, \ --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -126,6 +126,7 @@ static const struct arm64_ftr_bits ftr_i static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV2_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0), S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI), S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_FP_SHIFT, 4, ID_AA64PFR0_FP_NI), --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -724,13 +724,15 @@ el0_ia: * Instruction abort handling */ mrs x26, far_el1 - // enable interrupts before calling the main handler - enable_dbg_and_irq + enable_dbg +#ifdef CONFIG_TRACE_IRQFLAGS + bl trace_hardirqs_off +#endif ct_user_exit mov x0, x26 mov x1, x25 mov x2, sp - bl do_mem_abort + bl do_el0_ia_bp_hardening b ret_to_user el0_fpsimd_acc: /* --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -242,6 +242,8 @@ asmlinkage void post_ttbr_update_workaro "ic iallu; dsb nsh; isb", ARM64_WORKAROUND_CAVIUM_27456, CONFIG_CAVIUM_ERRATUM_27456)); + + arm64_apply_bp_hardening(); } static int asids_init(void) --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -751,6 +751,23 @@ asmlinkage void __exception do_mem_abort arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, + unsigned int esr, + struct pt_regs *regs) +{ + /* + * We've taken an instruction abort from userspace and not yet + * re-enabled IRQs. If the address is a kernel address, apply + * BP hardening prior to enabling IRQs and pre-emption. + */ + if (addr > TASK_SIZE) + arm64_apply_bp_hardening(); + + local_irq_enable(); + do_mem_abort(addr, esr, regs); +} + + /* * Handle stack alignment exceptions. */ Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.14/arm64-mm-allocate-asids-in-pairs.patch queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-implement-array_index_mask_nospec.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: smccc: Make function identifiers an unsigned quantity" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: smccc: Make function identifiers an unsigned quantity to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:18 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: smccc: Make function identifiers an unsigned quantity From: Marc Zyngier <marc.zyngier(a)arm.com> Commit ded4c39e93f3 upstream. Function identifiers are a 32bit, unsigned quantity. But we never tell so to the compiler, resulting in the following: 4ac: b26187e0 mov x0, #0xffffffff80000001 We thus rely on the firmware narrowing it for us, which is not always a reasonable expectation. Cc: stable(a)vger.kernel.org Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/arm-smccc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -14,14 +14,16 @@ #ifndef __LINUX_ARM_SMCCC_H #define __LINUX_ARM_SMCCC_H +#include <uapi/linux/const.h> + /* * This file provides common defines for ARM SMC Calling Convention as * specified in * http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html */ -#define ARM_SMCCC_STD_CALL 0 -#define ARM_SMCCC_FAST_CALL 1 +#define ARM_SMCCC_STD_CALL _AC(0,U) +#define ARM_SMCCC_FAST_CALL _AC(1,U) #define ARM_SMCCC_TYPE_SHIFT 31 #define ARM_SMCCC_SMC_32 0 Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:20 +0000 Subject: [Variant 2/Spectre-v2] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support From: Marc Zyngier <marc.zyngier(a)arm.com> Commit b092201e0020 upstream. Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1. It is lovely. Really. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/bpi.S | 20 ++++++++++++ arch/arm64/kernel/cpu_errata.c | 68 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 87 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -17,6 +17,7 @@ */ #include <linux/linkage.h> +#include <linux/arm-smccc.h> .macro ventry target .rept 31 @@ -85,3 +86,22 @@ ENTRY(__qcom_hyp_sanitize_link_stack_sta .endr ldp x29, x30, [sp], #16 ENTRY(__qcom_hyp_sanitize_link_stack_end) + +.macro smccc_workaround_1 inst + sub sp, sp, #(8 * 4) + stp x2, x3, [sp, #(8 * 0)] + stp x0, x1, [sp, #(8 * 2)] + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1 + \inst #0 + ldp x2, x3, [sp, #(8 * 0)] + ldp x0, x1, [sp, #(8 * 2)] + add sp, sp, #(8 * 4) +.endm + +ENTRY(__smccc_workaround_1_smc_start) + smccc_workaround_1 smc +ENTRY(__smccc_workaround_1_smc_end) + +ENTRY(__smccc_workaround_1_hvc_start) + smccc_workaround_1 hvc +ENTRY(__smccc_workaround_1_hvc_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -70,6 +70,10 @@ DEFINE_PER_CPU_READ_MOSTLY(struct bp_har extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; extern char __qcom_hyp_sanitize_link_stack_start[]; extern char __qcom_hyp_sanitize_link_stack_end[]; +extern char __smccc_workaround_1_smc_start[]; +extern char __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_1_hvc_start[]; +extern char __smccc_workaround_1_hvc_end[]; static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -116,6 +120,10 @@ static void __install_bp_hardening_cb(bp #define __psci_hyp_bp_inval_end NULL #define __qcom_hyp_sanitize_link_stack_start NULL #define __qcom_hyp_sanitize_link_stack_end NULL +#define __smccc_workaround_1_smc_start NULL +#define __smccc_workaround_1_smc_end NULL +#define __smccc_workaround_1_hvc_start NULL +#define __smccc_workaround_1_hvc_end NULL static void __install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, @@ -142,17 +150,75 @@ static void install_bp_hardening_cb(con __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); } +#include <uapi/linux/psci.h> +#include <linux/arm-smccc.h> #include <linux/psci.h> +static void call_smc_arch_workaround_1(void) +{ + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static void call_hvc_arch_workaround_1(void) +{ + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static bool check_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +{ + bp_hardening_cb_t cb; + void *smccc_start, *smccc_end; + struct arm_smccc_res res; + + if (!entry->matches(entry, SCOPE_LOCAL_CPU)) + return false; + + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + return false; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if (res.a0) + return false; + cb = call_hvc_arch_workaround_1; + smccc_start = __smccc_workaround_1_hvc_start; + smccc_end = __smccc_workaround_1_hvc_end; + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if (res.a0) + return false; + cb = call_smc_arch_workaround_1; + smccc_start = __smccc_workaround_1_smc_start; + smccc_end = __smccc_workaround_1_smc_end; + break; + + default: + return false; + } + + install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); + + return true; +} + static int enable_psci_bp_hardening(void *data) { const struct arm64_cpu_capabilities *entry = data; - if (psci_ops.get_version) + if (psci_ops.get_version) { + if (check_smccc_arch_workaround_1(entry)) + return 0; + install_bp_hardening_cb(entry, (bp_hardening_cb_t)psci_ops.get_version, __psci_hyp_bp_inval_start, __psci_hyp_bp_inval_end); + } return 0; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:19 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive From: Marc Zyngier <marc.zyngier(a)arm.com> Commit f2d3b2e8759a upstream. One of the major improvement of SMCCC v1.1 is that it only clobbers the first 4 registers, both on 32 and 64bit. This means that it becomes very easy to provide an inline version of the SMC call primitive, and avoid performing a function call to stash the registers that would otherwise be clobbered by SMCCC v1.0. Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/arm-smccc.h | 141 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -150,5 +150,146 @@ asmlinkage void __arm_smccc_hvc(unsigned #define arm_smccc_hvc_quirk(...) __arm_smccc_hvc(__VA_ARGS__) +/* SMCCC v1.1 implementation madness follows */ +#ifdef CONFIG_ARM64 + +#define SMCCC_SMC_INST "smc #0" +#define SMCCC_HVC_INST "hvc #0" + +#elif defined(CONFIG_ARM) +#include <asm/opcodes-sec.h> +#include <asm/opcodes-virt.h> + +#define SMCCC_SMC_INST __SMC(0) +#define SMCCC_HVC_INST __HVC(0) + +#endif + +#define ___count_args(_0, _1, _2, _3, _4, _5, _6, _7, _8, x, ...) x + +#define __count_args(...) \ + ___count_args(__VA_ARGS__, 7, 6, 5, 4, 3, 2, 1, 0) + +#define __constraint_write_0 \ + "+r" (r0), "=&r" (r1), "=&r" (r2), "=&r" (r3) +#define __constraint_write_1 \ + "+r" (r0), "+r" (r1), "=&r" (r2), "=&r" (r3) +#define __constraint_write_2 \ + "+r" (r0), "+r" (r1), "+r" (r2), "=&r" (r3) +#define __constraint_write_3 \ + "+r" (r0), "+r" (r1), "+r" (r2), "+r" (r3) +#define __constraint_write_4 __constraint_write_3 +#define __constraint_write_5 __constraint_write_4 +#define __constraint_write_6 __constraint_write_5 +#define __constraint_write_7 __constraint_write_6 + +#define __constraint_read_0 +#define __constraint_read_1 +#define __constraint_read_2 +#define __constraint_read_3 +#define __constraint_read_4 "r" (r4) +#define __constraint_read_5 __constraint_read_4, "r" (r5) +#define __constraint_read_6 __constraint_read_5, "r" (r6) +#define __constraint_read_7 __constraint_read_6, "r" (r7) + +#define __declare_arg_0(a0, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register unsigned long r1 asm("r1"); \ + register unsigned long r2 asm("r2"); \ + register unsigned long r3 asm("r3") + +#define __declare_arg_1(a0, a1, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register typeof(a1) r1 asm("r1") = a1; \ + register unsigned long r2 asm("r2"); \ + register unsigned long r3 asm("r3") + +#define __declare_arg_2(a0, a1, a2, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register typeof(a1) r1 asm("r1") = a1; \ + register typeof(a2) r2 asm("r2") = a2; \ + register unsigned long r3 asm("r3") + +#define __declare_arg_3(a0, a1, a2, a3, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register typeof(a1) r1 asm("r1") = a1; \ + register typeof(a2) r2 asm("r2") = a2; \ + register typeof(a3) r3 asm("r3") = a3 + +#define __declare_arg_4(a0, a1, a2, a3, a4, res) \ + __declare_arg_3(a0, a1, a2, a3, res); \ + register typeof(a4) r4 asm("r4") = a4 + +#define __declare_arg_5(a0, a1, a2, a3, a4, a5, res) \ + __declare_arg_4(a0, a1, a2, a3, a4, res); \ + register typeof(a5) r5 asm("r5") = a5 + +#define __declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res) \ + __declare_arg_5(a0, a1, a2, a3, a4, a5, res); \ + register typeof(a6) r6 asm("r6") = a6 + +#define __declare_arg_7(a0, a1, a2, a3, a4, a5, a6, a7, res) \ + __declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res); \ + register typeof(a7) r7 asm("r7") = a7 + +#define ___declare_args(count, ...) __declare_arg_ ## count(__VA_ARGS__) +#define __declare_args(count, ...) ___declare_args(count, __VA_ARGS__) + +#define ___constraints(count) \ + : __constraint_write_ ## count \ + : __constraint_read_ ## count \ + : "memory" +#define __constraints(count) ___constraints(count) + +/* + * We have an output list that is not necessarily used, and GCC feels + * entitled to optimise the whole sequence away. "volatile" is what + * makes it stick. + */ +#define __arm_smccc_1_1(inst, ...) \ + do { \ + __declare_args(__count_args(__VA_ARGS__), __VA_ARGS__); \ + asm volatile(inst "\n" \ + __constraints(__count_args(__VA_ARGS__))); \ + if (___res) \ + *___res = (typeof(*___res)){r0, r1, r2, r3}; \ + } while (0) + +/* + * arm_smccc_1_1_smc() - make an SMCCC v1.1 compliant SMC call + * + * This is a variadic macro taking one to eight source arguments, and + * an optional return structure. + * + * @a0-a7: arguments passed in registers 0 to 7 + * @res: result values from registers 0 to 3 + * + * This macro is used to make SMC calls following SMC Calling Convention v1.1. + * The content of the supplied param are copied to registers 0 to 7 prior + * to the SMC instruction. The return values are updated with the content + * from register 0 to 3 on return from the SMC instruction if not NULL. + */ +#define arm_smccc_1_1_smc(...) __arm_smccc_1_1(SMCCC_SMC_INST, __VA_ARGS__) + +/* + * arm_smccc_1_1_hvc() - make an SMCCC v1.1 compliant HVC call + * + * This is a variadic macro taking one to eight source arguments, and + * an optional return structure. + * + * @a0-a7: arguments passed in registers 0 to 7 + * @res: result values from registers 0 to 3 + * + * This macro is used to make HVC calls following SMC Calling Convention v1.1. + * The content of the supplied param are copied to registers 0 to 7 prior + * to the HVC instruction. The return values are updated with the content + * from register 0 to 3 on return from the HVC instruction if not NULL. + */ +#define arm_smccc_1_1_hvc(...) __arm_smccc_1_1(SMCCC_HVC_INST, __VA_ARGS__) + #endif /*__ASSEMBLY__*/ #endif /*__LINUX_ARM_SMCCC_H*/ Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Turn kvm_psci_version into a static inline" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Turn kvm_psci_version into a static inline to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:13 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Turn kvm_psci_version into a static inline From: Marc Zyngier <marc.zyngier(a)arm.com> Commit a4097b351118 upstream. We're about to need kvm_psci_version in HYP too. So let's turn it into a static inline, and pass the kvm structure as a second parameter (so that HYP can do a kern_hyp_va on it). Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/switch.c | 18 +++++++++++------- include/kvm/arm_psci.h | 21 ++++++++++++++++++++- virt/kvm/arm/psci.c | 12 ++---------- 3 files changed, 33 insertions(+), 18 deletions(-) --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -19,6 +19,8 @@ #include <linux/jump_label.h> #include <uapi/linux/psci.h> +#include <kvm/arm_psci.h> + #include <asm/kvm_asm.h> #include <asm/kvm_emulate.h> #include <asm/kvm_hyp.h> @@ -325,14 +327,16 @@ again: if (exit_code == ARM_EXCEPTION_TRAP && (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 || - kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32) && - vcpu_get_reg(vcpu, 0) == PSCI_0_2_FN_PSCI_VERSION) { - u64 val = PSCI_RET_NOT_SUPPORTED; - if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) - val = 2; + kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32)) { + u32 val = vcpu_get_reg(vcpu, 0); - vcpu_set_reg(vcpu, 0, val); - goto again; + if (val == PSCI_0_2_FN_PSCI_VERSION) { + val = kvm_psci_version(vcpu, kern_hyp_va(vcpu->kvm)); + if (unlikely(val == KVM_ARM_PSCI_0_1)) + val = PSCI_RET_NOT_SUPPORTED; + vcpu_set_reg(vcpu, 0, val); + goto again; + } } if (static_branch_unlikely(&vgic_v2_cpuif_trap) && --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -18,6 +18,7 @@ #ifndef __KVM_ARM_PSCI_H__ #define __KVM_ARM_PSCI_H__ +#include <linux/kvm_host.h> #include <uapi/linux/psci.h> #define KVM_ARM_PSCI_0_1 PSCI_VERSION(0, 1) @@ -26,7 +27,25 @@ #define KVM_ARM_PSCI_LATEST KVM_ARM_PSCI_1_0 -int kvm_psci_version(struct kvm_vcpu *vcpu); +/* + * We need the KVM pointer independently from the vcpu as we can call + * this from HYP, and need to apply kern_hyp_va on it... + */ +static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm) +{ + /* + * Our PSCI implementation stays the same across versions from + * v0.2 onward, only adding the few mandatory functions (such + * as FEATURES with 1.0) that are required by newer + * revisions. It is thus safe to return the latest. + */ + if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) + return KVM_ARM_PSCI_LATEST; + + return KVM_ARM_PSCI_0_1; +} + + int kvm_hvc_call_handler(struct kvm_vcpu *vcpu); #endif /* __KVM_ARM_PSCI_H__ */ --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -123,7 +123,7 @@ static unsigned long kvm_psci_vcpu_on(st if (!vcpu) return PSCI_RET_INVALID_PARAMS; if (!vcpu->arch.power_off) { - if (kvm_psci_version(source_vcpu) != KVM_ARM_PSCI_0_1) + if (kvm_psci_version(source_vcpu, kvm) != KVM_ARM_PSCI_0_1) return PSCI_RET_ALREADY_ON; else return PSCI_RET_INVALID_PARAMS; @@ -232,14 +232,6 @@ static void kvm_psci_system_reset(struct kvm_prepare_system_event(vcpu, KVM_SYSTEM_EVENT_RESET); } -int kvm_psci_version(struct kvm_vcpu *vcpu) -{ - if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) - return KVM_ARM_PSCI_LATEST; - - return KVM_ARM_PSCI_0_1; -} - static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; @@ -397,7 +389,7 @@ static int kvm_psci_0_1_call(struct kvm_ */ static int kvm_psci_call(struct kvm_vcpu *vcpu) { - switch (kvm_psci_version(vcpu)) { + switch (kvm_psci_version(vcpu, vcpu->kvm)) { case KVM_ARM_PSCI_1_0: return kvm_psci_1_0_call(vcpu); case KVM_ARM_PSCI_0_2: Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Implement PSCI 1.0 support" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Implement PSCI 1.0 support to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-implement-psci-1.0-support.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:11 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Implement PSCI 1.0 support From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 58e0b2239a4d upstream. PSCI 1.0 can be trivially implemented by providing the FEATURES call on top of PSCI 0.2 and returning 1.0 as the PSCI version. We happily ignore everything else, as they are either optional or are clarifications that do not require any additional change. PSCI 1.0 is now the default until we decide to add a userspace selection API. Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/kvm/arm_psci.h | 3 +++ virt/kvm/arm/psci.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 1 deletion(-) --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -22,6 +22,9 @@ #define KVM_ARM_PSCI_0_1 PSCI_VERSION(0, 1) #define KVM_ARM_PSCI_0_2 PSCI_VERSION(0, 2) +#define KVM_ARM_PSCI_1_0 PSCI_VERSION(1, 0) + +#define KVM_ARM_PSCI_LATEST KVM_ARM_PSCI_1_0 int kvm_psci_version(struct kvm_vcpu *vcpu); int kvm_psci_call(struct kvm_vcpu *vcpu); --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -234,7 +234,7 @@ static void kvm_psci_system_reset(struct int kvm_psci_version(struct kvm_vcpu *vcpu) { if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) - return KVM_ARM_PSCI_0_2; + return KVM_ARM_PSCI_LATEST; return KVM_ARM_PSCI_0_1; } @@ -313,6 +313,47 @@ static int kvm_psci_0_2_call(struct kvm_ return ret; } +static int kvm_psci_1_0_call(struct kvm_vcpu *vcpu) +{ + u32 psci_fn = smccc_get_function(vcpu); + u32 feature; + unsigned long val; + int ret = 1; + + switch(psci_fn) { + case PSCI_0_2_FN_PSCI_VERSION: + val = KVM_ARM_PSCI_1_0; + break; + case PSCI_1_0_FN_PSCI_FEATURES: + feature = smccc_get_arg1(vcpu); + switch(feature) { + case PSCI_0_2_FN_PSCI_VERSION: + case PSCI_0_2_FN_CPU_SUSPEND: + case PSCI_0_2_FN64_CPU_SUSPEND: + case PSCI_0_2_FN_CPU_OFF: + case PSCI_0_2_FN_CPU_ON: + case PSCI_0_2_FN64_CPU_ON: + case PSCI_0_2_FN_AFFINITY_INFO: + case PSCI_0_2_FN64_AFFINITY_INFO: + case PSCI_0_2_FN_MIGRATE_INFO_TYPE: + case PSCI_0_2_FN_SYSTEM_OFF: + case PSCI_0_2_FN_SYSTEM_RESET: + case PSCI_1_0_FN_PSCI_FEATURES: + val = 0; + break; + default: + val = PSCI_RET_NOT_SUPPORTED; + break; + } + break; + default: + return kvm_psci_0_2_call(vcpu); + } + + smccc_set_retval(vcpu, val, 0, 0, 0); + return ret; +} + static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; @@ -355,6 +396,8 @@ static int kvm_psci_0_1_call(struct kvm_ int kvm_psci_call(struct kvm_vcpu *vcpu) { switch (kvm_psci_version(vcpu)) { + case KVM_ARM_PSCI_1_0: + return kvm_psci_1_0_call(vcpu); case KVM_ARM_PSCI_0_2: return kvm_psci_0_2_call(vcpu); case KVM_ARM_PSCI_0_1: Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Consolidate the PSCI include files" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Consolidate the PSCI include files to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-consolidate-the-psci-include-files.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:08 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Consolidate the PSCI include files From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 1a2fb94e6a77 upstream. As we're about to update the PSCI support, and because I'm lazy, let's move the PSCI include file to include/kvm so that both ARM architectures can find it. Acked-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/asm/kvm_psci.h | 27 --------------------------- arch/arm/kvm/handle_exit.c | 2 +- arch/arm64/include/asm/kvm_psci.h | 27 --------------------------- arch/arm64/kvm/handle_exit.c | 3 ++- include/kvm/arm_psci.h | 27 +++++++++++++++++++++++++++ virt/kvm/arm/arm.c | 2 +- virt/kvm/arm/psci.c | 3 ++- 7 files changed, 33 insertions(+), 58 deletions(-) delete mode 100644 arch/arm/include/asm/kvm_psci.h rename arch/arm64/include/asm/kvm_psci.h => include/kvm/arm_psci.h (89%) --- a/arch/arm/include/asm/kvm_psci.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2012 - ARM Ltd - * Author: Marc Zyngier <marc.zyngier(a)arm.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef __ARM_KVM_PSCI_H__ -#define __ARM_KVM_PSCI_H__ - -#define KVM_ARM_PSCI_0_1 1 -#define KVM_ARM_PSCI_0_2 2 - -int kvm_psci_version(struct kvm_vcpu *vcpu); -int kvm_psci_call(struct kvm_vcpu *vcpu); - -#endif /* __ARM_KVM_PSCI_H__ */ --- a/arch/arm/kvm/handle_exit.c +++ b/arch/arm/kvm/handle_exit.c @@ -21,7 +21,7 @@ #include <asm/kvm_emulate.h> #include <asm/kvm_coproc.h> #include <asm/kvm_mmu.h> -#include <asm/kvm_psci.h> +#include <kvm/arm_psci.h> #include <trace/events/kvm.h> #include "trace.h" --- a/arch/arm64/include/asm/kvm_psci.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2012,2013 - ARM Ltd - * Author: Marc Zyngier <marc.zyngier(a)arm.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef __ARM64_KVM_PSCI_H__ -#define __ARM64_KVM_PSCI_H__ - -#define KVM_ARM_PSCI_0_1 1 -#define KVM_ARM_PSCI_0_2 2 - -int kvm_psci_version(struct kvm_vcpu *vcpu); -int kvm_psci_call(struct kvm_vcpu *vcpu); - -#endif /* __ARM64_KVM_PSCI_H__ */ --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -22,12 +22,13 @@ #include <linux/kvm.h> #include <linux/kvm_host.h> +#include <kvm/arm_psci.h> + #include <asm/esr.h> #include <asm/kvm_asm.h> #include <asm/kvm_coproc.h> #include <asm/kvm_emulate.h> #include <asm/kvm_mmu.h> -#include <asm/kvm_psci.h> #define CREATE_TRACE_POINTS #include "trace.h" --- /dev/null +++ b/include/kvm/arm_psci.h @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2012,2013 - ARM Ltd + * Author: Marc Zyngier <marc.zyngier(a)arm.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef __KVM_ARM_PSCI_H__ +#define __KVM_ARM_PSCI_H__ + +#define KVM_ARM_PSCI_0_1 1 +#define KVM_ARM_PSCI_0_2 2 + +int kvm_psci_version(struct kvm_vcpu *vcpu); +int kvm_psci_call(struct kvm_vcpu *vcpu); + +#endif /* __KVM_ARM_PSCI_H__ */ --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -29,6 +29,7 @@ #include <linux/kvm.h> #include <trace/events/kvm.h> #include <kvm/arm_pmu.h> +#include <kvm/arm_psci.h> #define CREATE_TRACE_POINTS #include "trace.h" @@ -44,7 +45,6 @@ #include <asm/kvm_mmu.h> #include <asm/kvm_emulate.h> #include <asm/kvm_coproc.h> -#include <asm/kvm_psci.h> #include <asm/sections.h> #ifdef REQUIRES_VIRT --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -21,9 +21,10 @@ #include <asm/cputype.h> #include <asm/kvm_emulate.h> -#include <asm/kvm_psci.h> #include <asm/kvm_host.h> +#include <kvm/arm_psci.h> + #include <uapi/linux/psci.h> /* Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Advertise SMCCC v1.1" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Advertise SMCCC v1.1 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-advertise-smccc-v1.1.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:12 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Advertise SMCCC v1.1 From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 09e6be12effd upstream. The new SMC Calling Convention (v1.1) allows for a reduced overhead when calling into the firmware, and provides a new feature discovery mechanism. Make it visible to KVM guests. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/kvm/handle_exit.c | 2 +- arch/arm64/kvm/handle_exit.c | 2 +- include/kvm/arm_psci.h | 2 +- include/linux/arm-smccc.h | 13 +++++++++++++ virt/kvm/arm/psci.c | 24 +++++++++++++++++++++++- 5 files changed, 39 insertions(+), 4 deletions(-) --- a/arch/arm/kvm/handle_exit.c +++ b/arch/arm/kvm/handle_exit.c @@ -36,7 +36,7 @@ static int handle_hvc(struct kvm_vcpu *v kvm_vcpu_hvc_get_imm(vcpu)); vcpu->stat.hvc_exit_stat++; - ret = kvm_psci_call(vcpu); + ret = kvm_hvc_call_handler(vcpu); if (ret < 0) { kvm_inject_undefined(vcpu); return 1; --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -43,7 +43,7 @@ static int handle_hvc(struct kvm_vcpu *v kvm_vcpu_hvc_get_imm(vcpu)); vcpu->stat.hvc_exit_stat++; - ret = kvm_psci_call(vcpu); + ret = kvm_hvc_call_handler(vcpu); if (ret < 0) { vcpu_set_reg(vcpu, 0, ~0UL); return 1; --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -27,6 +27,6 @@ #define KVM_ARM_PSCI_LATEST KVM_ARM_PSCI_1_0 int kvm_psci_version(struct kvm_vcpu *vcpu); -int kvm_psci_call(struct kvm_vcpu *vcpu); +int kvm_hvc_call_handler(struct kvm_vcpu *vcpu); #endif /* __KVM_ARM_PSCI_H__ */ --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -60,6 +60,19 @@ #define ARM_SMCCC_QUIRK_NONE 0 #define ARM_SMCCC_QUIRK_QCOM_A6 1 /* Save/restore register a6 */ +#define ARM_SMCCC_VERSION_1_0 0x10000 +#define ARM_SMCCC_VERSION_1_1 0x10001 + +#define ARM_SMCCC_VERSION_FUNC_ID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 0) + +#define ARM_SMCCC_ARCH_FEATURES_FUNC_ID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 1) + #ifndef __ASSEMBLY__ #include <linux/linkage.h> --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -15,6 +15,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <linux/arm-smccc.h> #include <linux/preempt.h> #include <linux/kvm_host.h> #include <linux/wait.h> @@ -339,6 +340,7 @@ static int kvm_psci_1_0_call(struct kvm_ case PSCI_0_2_FN_SYSTEM_OFF: case PSCI_0_2_FN_SYSTEM_RESET: case PSCI_1_0_FN_PSCI_FEATURES: + case ARM_SMCCC_VERSION_FUNC_ID: val = 0; break; default: @@ -393,7 +395,7 @@ static int kvm_psci_0_1_call(struct kvm_ * Errors: * -EINVAL: Unrecognized PSCI function */ -int kvm_psci_call(struct kvm_vcpu *vcpu) +static int kvm_psci_call(struct kvm_vcpu *vcpu) { switch (kvm_psci_version(vcpu)) { case KVM_ARM_PSCI_1_0: @@ -406,3 +408,23 @@ int kvm_psci_call(struct kvm_vcpu *vcpu) return -EINVAL; }; } + +int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) +{ + u32 func_id = smccc_get_function(vcpu); + u32 val = PSCI_RET_NOT_SUPPORTED; + + switch (func_id) { + case ARM_SMCCC_VERSION_FUNC_ID: + val = ARM_SMCCC_VERSION_1_1; + break; + case ARM_SMCCC_ARCH_FEATURES_FUNC_ID: + /* Nothing supported yet */ + break; + default: + return kvm_psci_call(vcpu); + } + + smccc_set_retval(vcpu, val, 0, 0, 0); + return 1; +} Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Add smccc accessors to PSCI code" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Add smccc accessors to PSCI code to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:10 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Add smccc accessors to PSCI code From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 84684fecd7ea upstream. Instead of open coding the accesses to the various registers, let's add explicit SMCCC accessors. Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- virt/kvm/arm/psci.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 10 deletions(-) --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -32,6 +32,38 @@ #define AFFINITY_MASK(level) ~((0x1UL << ((level) * MPIDR_LEVEL_BITS)) - 1) +static u32 smccc_get_function(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 0); +} + +static unsigned long smccc_get_arg1(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 1); +} + +static unsigned long smccc_get_arg2(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 2); +} + +static unsigned long smccc_get_arg3(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 3); +} + +static void smccc_set_retval(struct kvm_vcpu *vcpu, + unsigned long a0, + unsigned long a1, + unsigned long a2, + unsigned long a3) +{ + vcpu_set_reg(vcpu, 0, a0); + vcpu_set_reg(vcpu, 1, a1); + vcpu_set_reg(vcpu, 2, a2); + vcpu_set_reg(vcpu, 3, a3); +} + static unsigned long psci_affinity_mask(unsigned long affinity_level) { if (affinity_level <= 3) @@ -77,7 +109,7 @@ static unsigned long kvm_psci_vcpu_on(st unsigned long context_id; phys_addr_t target_pc; - cpu_id = vcpu_get_reg(source_vcpu, 1) & MPIDR_HWID_BITMASK; + cpu_id = smccc_get_arg1(source_vcpu) & MPIDR_HWID_BITMASK; if (vcpu_mode_is_32bit(source_vcpu)) cpu_id &= ~((u32) 0); @@ -96,8 +128,8 @@ static unsigned long kvm_psci_vcpu_on(st return PSCI_RET_INVALID_PARAMS; } - target_pc = vcpu_get_reg(source_vcpu, 2); - context_id = vcpu_get_reg(source_vcpu, 3); + target_pc = smccc_get_arg2(source_vcpu); + context_id = smccc_get_arg3(source_vcpu); kvm_reset_vcpu(vcpu); @@ -116,7 +148,7 @@ static unsigned long kvm_psci_vcpu_on(st * NOTE: We always update r0 (or x0) because for PSCI v0.1 * the general puspose registers are undefined upon CPU_ON. */ - vcpu_set_reg(vcpu, 0, context_id); + smccc_set_retval(vcpu, context_id, 0, 0, 0); vcpu->arch.power_off = false; smp_mb(); /* Make sure the above is visible */ @@ -136,8 +168,8 @@ static unsigned long kvm_psci_vcpu_affin struct kvm *kvm = vcpu->kvm; struct kvm_vcpu *tmp; - target_affinity = vcpu_get_reg(vcpu, 1); - lowest_affinity_level = vcpu_get_reg(vcpu, 2); + target_affinity = smccc_get_arg1(vcpu); + lowest_affinity_level = smccc_get_arg2(vcpu); /* Determine target affinity mask */ target_affinity_mask = psci_affinity_mask(lowest_affinity_level); @@ -210,7 +242,7 @@ int kvm_psci_version(struct kvm_vcpu *vc static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; - unsigned long psci_fn = vcpu_get_reg(vcpu, 0) & ~((u32) 0); + u32 psci_fn = smccc_get_function(vcpu); unsigned long val; int ret = 1; @@ -277,14 +309,14 @@ static int kvm_psci_0_2_call(struct kvm_ break; } - vcpu_set_reg(vcpu, 0, val); + smccc_set_retval(vcpu, val, 0, 0, 0); return ret; } static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; - unsigned long psci_fn = vcpu_get_reg(vcpu, 0) & ~((u32) 0); + u32 psci_fn = smccc_get_function(vcpu); unsigned long val; switch (psci_fn) { @@ -302,7 +334,7 @@ static int kvm_psci_0_1_call(struct kvm_ break; } - vcpu_set_reg(vcpu, 0, val); + smccc_set_retval(vcpu, val, 0, 0, 0); return 1; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Add PSCI_VERSION helper" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Add PSCI_VERSION helper to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-add-psci_version-helper.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:09 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Add PSCI_VERSION helper From: Marc Zyngier <marc.zyngier(a)arm.com> Commit d0a144f12a7c upstream. As we're about to trigger a PSCI version explosion, it doesn't hurt to introduce a PSCI_VERSION helper that is going to be used everywhere. Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/kvm/arm_psci.h | 6 ++++-- include/uapi/linux/psci.h | 3 +++ virt/kvm/arm/psci.c | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -18,8 +18,10 @@ #ifndef __KVM_ARM_PSCI_H__ #define __KVM_ARM_PSCI_H__ -#define KVM_ARM_PSCI_0_1 1 -#define KVM_ARM_PSCI_0_2 2 +#include <uapi/linux/psci.h> + +#define KVM_ARM_PSCI_0_1 PSCI_VERSION(0, 1) +#define KVM_ARM_PSCI_0_2 PSCI_VERSION(0, 2) int kvm_psci_version(struct kvm_vcpu *vcpu); int kvm_psci_call(struct kvm_vcpu *vcpu); --- a/include/uapi/linux/psci.h +++ b/include/uapi/linux/psci.h @@ -88,6 +88,9 @@ (((ver) & PSCI_VERSION_MAJOR_MASK) >> PSCI_VERSION_MAJOR_SHIFT) #define PSCI_VERSION_MINOR(ver) \ ((ver) & PSCI_VERSION_MINOR_MASK) +#define PSCI_VERSION(maj, min) \ + ((((maj) << PSCI_VERSION_MAJOR_SHIFT) & PSCI_VERSION_MAJOR_MASK) | \ + ((min) & PSCI_VERSION_MINOR_MASK)) /* PSCI features decoding (>=1.0) */ #define PSCI_1_0_FEATURES_CPU_SUSPEND_PF_SHIFT 1 --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -25,8 +25,6 @@ #include <kvm/arm_psci.h> -#include <uapi/linux/psci.h> - /* * This is an implementation of the Power State Coordination Interface * as described in ARM document number ARM DEN 0022A. @@ -222,7 +220,7 @@ static int kvm_psci_0_2_call(struct kvm_ * Bits[31:16] = Major Version = 0 * Bits[15:0] = Minor Version = 2 */ - val = 2; + val = KVM_ARM_PSCI_0_2; break; case PSCI_0_2_FN_CPU_SUSPEND: case PSCI_0_2_FN64_CPU_SUSPEND: Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

[PATCH] ubifs: Fix synced_i_size calculation for xattr inodes

by Richard Weinberger

In ubifs_jnl_update() we sync parent and child inodes to the flash, in case of xattrs, the parent inode (AKA host inode) has a non-zero data_len. Therefore we need to adjust synced_i_size too. This issue was reported by ubifs self tests unter a xattr related work load. UBIFS error (ubi0:0 pid 1896): dbg_check_synced_i_size: ui_size is 4, synced_i_size is 0, but inode is clean UBIFS error (ubi0:0 pid 1896): dbg_check_synced_i_size: i_ino 65, i_mode 0x81a4, i_size 4 Cc: <stable(a)vger.kernel.org> Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/journal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 04c4ec6483e5..e3e1e093db81 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -664,6 +664,8 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, finish_reservation(c); spin_lock(&ui->ui_lock); ui->synced_i_size = ui->ui_size; + if (xent) + host_ui->synced_i_size = host_ui->ui_size; spin_unlock(&ui->ui_lock); mark_inode_clean(c, ui); mark_inode_clean(c, host_ui); -- 2.13.6

7 years, 4 months

1
1
0 0

[PATCH for v3.2 00/12] v4l2-compat-ioctl32.c: remove set_fs(KERNEL_DS)

by Hans Verkuil

From: Hans Verkuil <hans.verkuil(a)cisco.com> This patch series fixes a number of bugs and culminates in the removal of the set_fs(KERNEL_DS) call in v4l2-compat-ioctl32.c. This was tested with a VM running 3.2, the vivi driver (a poor substitute for the much improved vivid driver that's available in later kernels, but it's the best I had) since that emulates the more common V4L2 ioctls that need to pass through v4l2-compat-ioctl32.c) and the 32-bit v4l2-compliance + 32-bit v4l2-ctl utilities that together exercised the most common ioctls. Most of the v4l2-compat-ioctl32.c do cleanups and fix subtle issues that v4l2-compliance complained about. The purpose is to 1) make it easy to verify that the final patch didn't introduce errors by first eliminating errors caused by other known bugs, and 2) keep the final patch at least somewhat readable. Regards, Hans Daniel Mentz (2): media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Hans Verkuil (10): media: v4l2-ioctl.c: don't copy back the result for -ENOTTY media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF media: v4l2-compat-ioctl32.c: fix the indentation media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 media: v4l2-compat-ioctl32.c: avoid sizeof(type) media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors drivers/media/video/Makefile | 7 +- drivers/media/video/v4l2-compat-ioctl32.c | 966 ++++++++++++++++++------------ drivers/media/video/v4l2-ioctl.c | 6 +- 3 files changed, 597 insertions(+), 382 deletions(-) -- 2.15.1

7 years, 4 months

1
12
0 0

[PATCH for v3.16 00/14] v4l2-compat-ioctl32.c: remove set_fs(KERNEL_DS)

by Hans Verkuil

From: Hans Verkuil <hans.verkuil(a)cisco.com> This patch series fixes a number of bugs and culminates in the removal of the set_fs(KERNEL_DS) call in v4l2-compat-ioctl32.c. This was tested with a VM running 3.16, the vivi driver (a poor substitute for the much improved vivid driver that's available in later kernels, but it's the best I had) since that emulates the more common V4L2 ioctls that need to pass through v4l2-compat-ioctl32.c) and the 32-bit v4l2-compliance + 32-bit v4l2-ctl utilities that together exercised the most common ioctls. Most of the v4l2-compat-ioctl32.c do cleanups and fix subtle issues that v4l2-compliance complained about. The purpose is to 1) make it easy to verify that the final patch didn't introduce errors by first eliminating errors caused by other known bugs, and 2) keep the final patch at least somewhat readable. While compiling the media drivers for 3.16 I also came across a bug introduced in the 3.16 stable series that caused a compile error in the adv7604 driver. That's fixed in the first patch. Call it a bonus patch :-) Regards, Hans Daniel Mentz (2): media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Hans Verkuil (11): adv7604: use correct drive strength defines media: v4l2-ioctl.c: don't copy back the result for -ENOTTY media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF media: v4l2-compat-ioctl32.c: fix the indentation media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 media: v4l2-compat-ioctl32.c: avoid sizeof(type) media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors Ricardo Ribalda (1): vb2: V4L2_BUF_FLAG_DONE is set after DQBUF drivers/media/i2c/adv7604.c | 6 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1030 +++++++++++++++---------- drivers/media/v4l2-core/v4l2-ioctl.c | 5 +- drivers/media/v4l2-core/videobuf2-core.c | 5 + 4 files changed, 642 insertions(+), 404 deletions(-) -- 2.15.1

7 years, 4 months

1
14
0 0

[PATCH] platform/x86: wmi: fix off-by-one write in wmi_dev_probe()

by Andrey Ryabinin

wmi_dev_probe() allocates one byte less than necessary, thus subsequent sprintf() call writes trailing zero past the end of the 'buf': BUG: KASAN: slab-out-of-bounds in vsnprintf+0xda4/0x1240 Write of size 1 at addr ffff880423529caf by task kworker/1:1/32 Call Trace: dump_stack+0xb3/0x14d print_address_description+0xd7/0x380 kasan_report+0x166/0x2b0 vsnprintf+0xda4/0x1240 sprintf+0x9b/0xd0 wmi_dev_probe+0x1c3/0x400 driver_probe_device+0x5d1/0x990 bus_for_each_drv+0x109/0x190 __device_attach+0x217/0x360 bus_probe_device+0x1ad/0x260 deferred_probe_work_func+0x10f/0x5d0 process_one_work+0xa8b/0x1dc0 worker_thread+0x20d/0x17d0 kthread+0x311/0x3d0 ret_from_fork+0x3a/0x50 Allocated by task 32: kasan_kmalloc+0xa0/0xd0 __kmalloc+0x14f/0x3e0 wmi_dev_probe+0x182/0x400 driver_probe_device+0x5d1/0x990 bus_for_each_drv+0x109/0x190 __device_attach+0x217/0x360 bus_probe_device+0x1ad/0x260 deferred_probe_work_func+0x10f/0x5d0 process_one_work+0xa8b/0x1dc0 worker_thread+0x20d/0x17d0 kthread+0x311/0x3d0 ret_from_fork+0x3a/0x50 Increment allocation size to fix this. Fixes: 44b6b7661132 ("platform/x86: wmi: create userspace interface for drivers") Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: <stable(a)vger.kernel.org> --- drivers/platform/x86/wmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c index daa68acbc900..c0c8945603cb 100644 --- a/drivers/platform/x86/wmi.c +++ b/drivers/platform/x86/wmi.c @@ -933,7 +933,7 @@ static int wmi_dev_probe(struct device *dev) goto probe_failure; } - buf = kmalloc(strlen(wdriver->driver.name) + 4, GFP_KERNEL); + buf = kmalloc(strlen(wdriver->driver.name) + 5, GFP_KERNEL); if (!buf) { ret = -ENOMEM; goto probe_string_failure; -- 2.13.6

7 years, 4 months

1
0
0 0

[PATCH for v4.1 00/14] v4l2-compat-ioctl32.c: remove set_fs(KERNEL_DS)

by Hans Verkuil

From: Hans Verkuil <hans.verkuil(a)cisco.com> This patch series fixes a number of bugs and culminates in the removal of the set_fs(KERNEL_DS) call in v4l2-compat-ioctl32.c. This was tested with a VM running 4.1, the vivid driver (since that emulates almost all V4L2 ioctls that need to pass through v4l2-compat-ioctl32.c) and a 32-bit v4l2-compliance utility since that exercises almost all ioctls as well. Combined this gives good test coverage. Most of the v4l2-compat-ioctl32.c do cleanups and fix subtle issues that v4l2-compliance complained about. The purpose is to 1) make it easy to verify that the final patch didn't introduce errors by first eliminating errors caused by other known bugs, and 2) keep the final patch at least somewhat readable. Regards, Hans Daniel Mentz (2): media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Hans Verkuil (11): media: v4l2-ioctl.c: don't copy back the result for -ENOTTY media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF media: v4l2-compat-ioctl32.c: fix the indentation media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 media: v4l2-compat-ioctl32.c: avoid sizeof(type) media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors Ricardo Ribalda Delgado (1): vb2: V4L2_BUF_FLAG_DONE is set after DQBUF drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1014 +++++++++++++++---------- drivers/media/v4l2-core/v4l2-ioctl.c | 5 +- drivers/media/v4l2-core/videobuf2-core.c | 5 + 3 files changed, 625 insertions(+), 399 deletions(-) -- 2.15.1

7 years, 4 months

1
14
0 0

Re: [PATCH 3/4] clk: bcm2835: De-assert/assert PLL reset signal when appropriate

by Boris Brezillon

On Thu, 08 Feb 2018 15:15:42 +0000 Eric Anholt <eric(a)anholt.net> wrote: > Boris Brezillon <boris.brezillon(a)bootlin.com> writes: > > > In order to enable a PLL, not only the PLL has to be powered up and > > locked, but you also have to de-assert the reset signal. The last part > > was missing. Add it so PLLs that were not enabled by the FW/bootloader > > can be enabled from Linux. > > > > Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks") > > Cc: <stable(a)vger.kernel.org> > > Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> > > --- > > drivers/clk/bcm/clk-bcm2835.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c > > index a07f6451694a..6c5d4a8e426c 100644 > > --- a/drivers/clk/bcm/clk-bcm2835.c > > +++ b/drivers/clk/bcm/clk-bcm2835.c > > @@ -602,6 +602,9 @@ static void bcm2835_pll_off(struct clk_hw *hw) > > const struct bcm2835_pll_data *data = pll->data; > > > > spin_lock(&cprman->regs_lock); > > + cprman_write(cprman, data->a2w_ctrl_reg, > > + cprman_read(cprman, data->a2w_ctrl_reg) & > > + ~A2W_PLL_CTRL_PRST_DISABLE); > > cprman_write(cprman, data->cm_ctrl_reg, > > cprman_read(cprman, data->cm_ctrl_reg) | > > CM_PLL_ANARST); > > For turning off, the FW just does the equivalent of: > > cprman_write(cprman, data->cm_ctrl_reg, CM_PLL_ANARST); > cprman_write(cprman, data->a2w_ctrl_reg, A2W_PLL_CTRL_PWRDN); Hm, the write to ->a2w_ctrl_reg overwrites the NDIV/PDIV values done in bcm2835_pll_set_rate(). So, either we do: cprman_write(cprman, data->cm_ctrl_reg, CM_PLL_ANARST); cprman_write(cprman, data->a2w_ctrl_reg, cprman_read(cprman, data->a2w_ctrl_reg) | A2W_PLL_CTRL_PWRDN); or we cache the pdiv/ndiv values in struct bcm2835_pll and only apply them in bcm2835_pll_on(). I'd recommend going for the former to keep the changes easily backportable to older kernels. > > How about we do that, instead? > > > @@ -640,6 +643,10 @@ static int bcm2835_pll_on(struct clk_hw *hw) > > cpu_relax(); > > } > > > > + cprman_write(cprman, data->a2w_ctrl_reg, > > + cprman_read(cprman, data->a2w_ctrl_reg) | > > + A2W_PLL_CTRL_PRST_DISABLE); > > + > > return 0; > > } > > I agree with this hunk -- they drop PRST at the very end, after lock. -- Boris Brezillon, Bootlin (formerly Free Electrons) Embedded Linux and Kernel engineering http://bootlin.com

7 years, 4 months

1
0
0 0

v3.2.99 build: 4 failures 20 warnings (v3.2.99)

by Build bot for Mark Brown

Tree/Branch: v3.2.99 Git describe: v3.2.99 Commit: 9e48785895 Linux 3.2.99 Build Time: 0 min 4 sec Passed: 0 / 4 ( 0.00 %) Failed: 4 / 4 (100.00 %) Errors: 6 Warnings: 20 Section Mismatches: 0 Failed defconfigs: x86_64-allnoconfig arm-allmodconfig arm-allnoconfig x86_64-defconfig Errors: x86_64-allnoconfig /home/broonie/build/linux-stable/scripts/mod/empty.c:1:0: error: code model kernel does not support PIC mode /home/broonie/build/linux-stable/kernel/bounds.c:1:0: error: code model kernel does not support PIC mode arm-allnoconfig /home/broonie/build/linux-stable/arch/arm/include/asm/div64.h:77:7: error: '__LINUX_ARM_ARCH__' undeclared (first use in this function) /home/broonie/build/linux-stable/arch/arm/include/asm/glue-cache.h:129:2: error: #error Unknown cache maintenance model /home/broonie/build/linux-stable/arch/arm/include/asm/glue-df.h:107:2: error: #error Unknown data abort handler type /home/broonie/build/linux-stable/arch/arm/include/asm/glue-pf.h:54:2: error: #error Unknown prefetch abort handler type x86_64-defconfig /home/broonie/build/linux-stable/scripts/mod/empty.c:1:0: error: code model kernel does not support PIC mode /home/broonie/build/linux-stable/kernel/bounds.c:1:0: error: code model kernel does not support PIC mode ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 2 warnings 0 mismatches : arm-allmodconfig 19 warnings 0 mismatches : arm-allnoconfig ------------------------------------------------------------------------------- Errors summary: 6 2 /home/broonie/build/linux-stable/scripts/mod/empty.c:1:0: error: code model kernel does not support PIC mode 2 /home/broonie/build/linux-stable/kernel/bounds.c:1:0: error: code model kernel does not support PIC mode 1 /home/broonie/build/linux-stable/arch/arm/include/asm/glue-pf.h:54:2: error: #error Unknown prefetch abort handler type 1 /home/broonie/build/linux-stable/arch/arm/include/asm/glue-df.h:107:2: error: #error Unknown data abort handler type 1 /home/broonie/build/linux-stable/arch/arm/include/asm/glue-cache.h:129:2: error: #error Unknown cache maintenance model 1 /home/broonie/build/linux-stable/arch/arm/include/asm/div64.h:77:7: error: '__LINUX_ARM_ARCH__' undeclared (first use in this function) Warnings Summary: 20 2 .config:27:warning: symbol value '' invalid for PHYS_OFFSET 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:342:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:272:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:265:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:131:35: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:127:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:121:3: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:120:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:114:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/swab.h:25:28: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/processor.h:82:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/processor.h:102:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/irqflags.h:11:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/fpstate.h:32:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/cachetype.h:33:7: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/cachetype.h:28:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/cacheflush.h:196:7: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/cacheflush.h:194:7: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/bitops.h:217:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 /home/broonie/build/linux-stable/arch/arm/include/asm/atomic.h:30:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allnoconfig : FAIL, 2 errors, 0 warnings, 0 section mismatches Errors: /home/broonie/build/linux-stable/scripts/mod/empty.c:1:0: error: code model kernel does not support PIC mode /home/broonie/build/linux-stable/kernel/bounds.c:1:0: error: code model kernel does not support PIC mode ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 0 errors, 2 warnings, 0 section mismatches Warnings: .config:27:warning: symbol value '' invalid for PHYS_OFFSET .config:27:warning: symbol value '' invalid for PHYS_OFFSET ------------------------------------------------------------------------------- arm-allnoconfig : FAIL, 4 errors, 19 warnings, 0 section mismatches Errors: /home/broonie/build/linux-stable/arch/arm/include/asm/div64.h:77:7: error: '__LINUX_ARM_ARCH__' undeclared (first use in this function) /home/broonie/build/linux-stable/arch/arm/include/asm/glue-cache.h:129:2: error: #error Unknown cache maintenance model /home/broonie/build/linux-stable/arch/arm/include/asm/glue-df.h:107:2: error: #error Unknown data abort handler type /home/broonie/build/linux-stable/arch/arm/include/asm/glue-pf.h:54:2: error: #error Unknown prefetch abort handler type Warnings: /home/broonie/build/linux-stable/arch/arm/include/asm/irqflags.h:11:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:114:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:120:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:121:3: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:127:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:131:35: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:265:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:272:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/system.h:342:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/bitops.h:217:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/swab.h:25:28: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/fpstate.h:32:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/processor.h:82:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/processor.h:102:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/atomic.h:30:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/cachetype.h:28:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/cachetype.h:33:7: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/cacheflush.h:194:7: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] /home/broonie/build/linux-stable/arch/arm/include/asm/cacheflush.h:196:7: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] ------------------------------------------------------------------------------- x86_64-defconfig : FAIL, 2 errors, 0 warnings, 0 section mismatches Errors: /home/broonie/build/linux-stable/scripts/mod/empty.c:1:0: error: code model kernel does not support PIC mode /home/broonie/build/linux-stable/kernel/bounds.c:1:0: error: code model kernel does not support PIC mode ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches:

7 years, 4 months

1
0
0 0

Re: Linux 4.9.81

by Christoph Biedl

Bcc: Subject: Re: Linux 4.9.81 Reply-To: In-Reply-To: <20180213115042.GA2914(a)kroah.com> Message-ID: <1518543096(a)msgid.manchmal.in-ulm.de> Greg KH wrote... > I'm announcing the release of the 4.9.81 kernel. *sigh* I don't always test-build the -rc review kernels, but when I don't, I should have. So (cross-)building for ppc64 using the attached configuration, I got: AS arch/powerpc/kernel/entry_64.o arch/powerpc/kernel/entry_64.S: Assembler messages: arch/powerpc/kernel/entry_64.S:260: Error: unrecognized opcode: `rfi_to_user' arch/powerpc/kernel/entry_64.S:270: Error: unrecognized opcode: `rfi_to_kernel' arch/powerpc/kernel/entry_64.S:885: Error: unrecognized opcode: `rfi_to_user' arch/powerpc/kernel/entry_64.S:900: Error: unrecognized opcode: `rfi_to_kernel' scripts/Makefile.build:393: recipe for target 'arch/powerpc/kernel/entry_64.o' failed make[1]: *** [arch/powerpc/kernel/entry_64.o] Error 1 Makefile:995: recipe for target 'arch/powerpc/kernel' failed make: *** [arch/powerpc/kernel] Error 2 Build command was (gcc 6.3, Debian stretch): make ARCH=powerpc CROSS_COMPILE=powerpc64-linux-gnu- LDFLAGS= KCPPFLAGS=-fno-pic Obvious culprit is | powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL This seems to help: --- a/arch/powerpc/kernel/entry_64.S +++ b/arch/powerpc/kernel/entry_64.S @@ -29,6 +29,7 @@ #include <asm/ppc_asm.h> #include <asm/asm-offsets.h> #include <asm/cputable.h> +#include <asm/exception-64s.h> #include <asm/firmware.h> #include <asm/bug.h> #include <asm/ptrace.h> Regards, Christoph # # Automatically generated file; DO NOT EDIT. # Linux/powerpc 4.9.81 Kernel Configuration # CONFIG_PPC64=y # # Processor support # CONFIG_PPC_BOOK3S_64=y # CONFIG_PPC_BOOK3E_64 is not set # CONFIG_GENERIC_CPU is not set # CONFIG_CELL_CPU is not set CONFIG_POWER4_CPU=y # CONFIG_POWER5_CPU is not set # CONFIG_POWER6_CPU is not set # CONFIG_POWER7_CPU is not set # CONFIG_POWER8_CPU is not set CONFIG_PPC_BOOK3S=y CONFIG_PPC_FPU=y CONFIG_ALTIVEC=y # CONFIG_VSX is not set # CONFIG_PPC_ICSWX is not set CONFIG_PPC_STD_MMU=y CONFIG_PPC_STD_MMU_64=y # CONFIG_PPC_RADIX_MMU is not set # CONFIG_PPC_MM_SLICES is not set CONFIG_PPC_HAVE_PMU_SUPPORT=y CONFIG_PPC_PERF_CTRS=y CONFIG_SMP=y CONFIG_NR_CPUS=8 CONFIG_PPC_DOORBELL=y CONFIG_VDSO32=y CONFIG_CPU_BIG_ENDIAN=y # CONFIG_CPU_LITTLE_ENDIAN is not set CONFIG_64BIT=y CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y CONFIG_MMU=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NR_IRQS=512 CONFIG_STACKTRACE_SUPPORT=y CONFIG_TRACE_IRQFLAGS_SUPPORT=y CONFIG_LOCKDEP_SUPPORT=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_ARCH_HAS_ILOG2_U32=y CONFIG_ARCH_HAS_ILOG2_U64=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_HAS_DMA_SET_COHERENT_MASK=y CONFIG_PPC=y # CONFIG_GENERIC_CSUM is not set CONFIG_EARLY_PRINTK=y CONFIG_PANIC_TIMEOUT=300 CONFIG_COMPAT=y CONFIG_SYSVIPC_COMPAT=y CONFIG_SCHED_OMIT_FRAME_POINTER=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_PPC_UDBG_16550=y CONFIG_GENERIC_TBSYNC=y CONFIG_AUDIT_ARCH=y CONFIG_GENERIC_BUG=y CONFIG_EPAPR_BOOT=y # CONFIG_DEFAULT_UIMAGE is not set CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y # CONFIG_PPC_DCR_NATIVE is not set # CONFIG_PPC_DCR_MMIO is not set # CONFIG_PPC_OF_PLATFORM_PCI is not set CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_PPC_EMULATE_SSTEP=y CONFIG_ZONE_DMA32=y CONFIG_PGTABLE_LEVELS=4 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y # # General setup # CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE="" # CONFIG_COMPILE_TEST is not set CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_XZ=y # CONFIG_KERNEL_GZIP is not set CONFIG_KERNEL_XZ=y CONFIG_DEFAULT_HOSTNAME="" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_FHANDLE=y # CONFIG_USELIB is not set CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y # # IRQ subsystem # CONFIG_GENERIC_IRQ_SHOW=y CONFIG_GENERIC_IRQ_SHOW_LEVEL=y CONFIG_HARDIRQS_SW_RESEND=y CONFIG_IRQ_DOMAIN=y CONFIG_GENERIC_MSI_IRQ=y # CONFIG_IRQ_DOMAIN_DEBUG is not set CONFIG_IRQ_FORCED_THREADING=y CONFIG_SPARSE_IRQ=y CONFIG_GENERIC_TIME_VSYSCALL_OLD=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_ARCH_HAS_TICK_BROADCAST=y CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_GENERIC_CMOS_UPDATE=y # # Timers subsystem # CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ_COMMON=y # CONFIG_HZ_PERIODIC is not set CONFIG_NO_HZ_IDLE=y # CONFIG_NO_HZ is not set CONFIG_HIGH_RES_TIMERS=y # # CPU/Task time and stats accounting # CONFIG_TICK_CPU_ACCOUNTING=y # CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y # # RCU Subsystem # CONFIG_TREE_RCU=y # CONFIG_RCU_EXPERT is not set CONFIG_SRCU=y # CONFIG_TASKS_RCU is not set CONFIG_RCU_STALL_COMMON=y # CONFIG_TREE_RCU_TRACE is not set # CONFIG_RCU_EXPEDITE_BOOT is not set CONFIG_BUILD_BIN2C=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=17 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 CONFIG_NMI_LOG_BUF_SHIFT=13 CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y CONFIG_MEMCG=y # CONFIG_MEMCG_SWAP is not set CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set CONFIG_CGROUP_WRITEBACK=y CONFIG_CGROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y CONFIG_CFS_BANDWIDTH=y # CONFIG_RT_GROUP_SCHED is not set CONFIG_CGROUP_PIDS=y CONFIG_CGROUP_FREEZER=y CONFIG_CPUSETS=y CONFIG_PROC_PID_CPUSET=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_PERF=y # CONFIG_CGROUP_DEBUG is not set # CONFIG_CHECKPOINT_RESTORE is not set CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y CONFIG_SCHED_AUTOGROUP=y # CONFIG_SYSFS_DEPRECATED is not set # CONFIG_RELAY is not set CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" CONFIG_RD_GZIP=y # CONFIG_RD_BZIP2 is not set # CONFIG_RD_LZMA is not set CONFIG_RD_XZ=y # CONFIG_RD_LZO is not set # CONFIG_RD_LZ4 is not set CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SYSCTL=y CONFIG_ANON_INODES=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_BPF=y CONFIG_EXPERT=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y # CONFIG_SYSCTL_SYSCALL is not set CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_ALL is not set # CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_PRINTK=y CONFIG_PRINTK_NMI=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_BPF_SYSCALL=y # CONFIG_BPF_JIT_ALWAYS_ON is not set CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_ADVISE_SYSCALLS=y # CONFIG_USERFAULTFD is not set CONFIG_PCI_QUIRKS=y CONFIG_MEMBARRIER=y # CONFIG_EMBEDDED is not set CONFIG_HAVE_PERF_EVENTS=y # # Kernel Performance Events And Counters # CONFIG_PERF_EVENTS=y CONFIG_VM_EVENT_COUNTERS=y # CONFIG_COMPAT_BRK is not set CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_SLAB_FREELIST_RANDOM is not set # CONFIG_SYSTEM_DATA_VERIFICATION is not set # CONFIG_PROFILING is not set CONFIG_KEXEC_CORE=y CONFIG_HAVE_OPROFILE=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y # CONFIG_STATIC_KEYS_SELFTEST is not set # CONFIG_UPROBES is not set # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_ARCH_USE_BUILTIN_BSWAP=y CONFIG_HAVE_IOREMAP_PROT=y CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y CONFIG_HAVE_NMI=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y CONFIG_HAVE_HW_BREAKPOINT=y CONFIG_HAVE_PERF_EVENTS_NMI=y CONFIG_HAVE_PERF_REGS=y CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_HAVE_RCU_TABLE_FREE=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y # CONFIG_CC_STACKPROTECTOR is not set CONFIG_HAVE_VIRT_CPU_ACCOUNTING=y CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_HAVE_MOD_ARCH_SPECIFIC=y CONFIG_MODULES_USE_ELF_RELA=y CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y CONFIG_ARCH_HAS_ELF_RANDOMIZE=y # CONFIG_HAVE_ARCH_HASH is not set # CONFIG_ISA_BUS_API is not set CONFIG_CLONE_BACKWARDS=y CONFIG_OLD_SIGSUSPEND=y CONFIG_COMPAT_OLD_SIGACTION=y # CONFIG_CPU_NO_EFFICIENT_FFS is not set # CONFIG_HAVE_ARCH_VMAP_STACK is not set # # GCOV-based kernel profiling # # CONFIG_GCOV_KERNEL is not set CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y # CONFIG_MODULE_SRCVERSION_ALL is not set # CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y CONFIG_BLK_DEV_BSGLIB=y # CONFIG_BLK_DEV_INTEGRITY is not set CONFIG_BLK_DEV_THROTTLING=y # CONFIG_BLK_CMDLINE_PARSER is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_AIX_PARTITION is not set # CONFIG_OSF_PARTITION is not set CONFIG_AMIGA_PARTITION=y # CONFIG_ATARI_PARTITION is not set CONFIG_MAC_PARTITION=y CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set CONFIG_KARMA_PARTITION=y # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set # CONFIG_CMDLINE_PARTITION is not set CONFIG_BLOCK_COMPAT=y CONFIG_BLK_MQ_PCI=y # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_CFQ_GROUP_IOSCHED=y # CONFIG_DEFAULT_DEADLINE is not set CONFIG_DEFAULT_CFQ=y # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="cfq" CONFIG_PADATA=y CONFIG_ASN1=m CONFIG_INLINE_SPIN_UNLOCK_IRQ=y CONFIG_INLINE_READ_UNLOCK=y CONFIG_INLINE_READ_UNLOCK_IRQ=y CONFIG_INLINE_WRITE_UNLOCK=y CONFIG_INLINE_WRITE_UNLOCK_IRQ=y CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_RWSEM_SPIN_ON_OWNER=y CONFIG_LOCK_SPIN_ON_OWNER=y CONFIG_FREEZER=y CONFIG_PPC_MSI_BITMAP=y CONFIG_PPC_XICS=y CONFIG_PPC_ICP_NATIVE=y # CONFIG_PPC_ICP_HV is not set # CONFIG_PPC_ICS_RTAS is not set CONFIG_PPC_SCOM=y # CONFIG_SCOM_DEBUGFS is not set # CONFIG_GE_FPGA is not set # # Platform support # CONFIG_PPC_POWERNV=y # CONFIG_OPAL_PRD is not set # CONFIG_PPC_PSERIES is not set CONFIG_PPC_PMAC=y CONFIG_PPC_PMAC64=y # CONFIG_PPC_MAPLE is not set # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PS3 is not set # CONFIG_PPC_CELL is not set # CONFIG_PPC_CELL_NATIVE is not set # CONFIG_PPC_IBM_CELL_BLADE is not set # CONFIG_PQ2ADS is not set # CONFIG_KVM_GUEST is not set # CONFIG_EPAPR_PARAVIRT is not set CONFIG_PPC_NATIVE=y CONFIG_PPC_OF_BOOT_TRAMPOLINE=y CONFIG_PPC_SMP_MUXED_IPI=y # CONFIG_IPIC is not set CONFIG_MPIC=y # CONFIG_PPC_EPAPR_HV_PIC is not set # CONFIG_MPIC_WEIRD is not set # CONFIG_MPIC_MSGR is not set # CONFIG_PPC_I8259 is not set CONFIG_U3_DART=y # CONFIG_PPC_RTAS is not set # CONFIG_MMIO_NVRAM is not set CONFIG_MPIC_U3_HT_IRQS=y CONFIG_EEH=y # CONFIG_PPC_MPC106 is not set CONFIG_PPC_970_NAP=y CONFIG_PPC_P7_NAP=y CONFIG_PPC_INDIRECT_PIO=y # # CPU Frequency scaling # CONFIG_CPU_FREQ=y CONFIG_CPU_FREQ_GOV_ATTR_SET=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=y # CONFIG_CPU_FREQ_STAT_DETAILS is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y # CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set CONFIG_CPU_FREQ_GOV_PERFORMANCE=y CONFIG_CPU_FREQ_GOV_POWERSAVE=y CONFIG_CPU_FREQ_GOV_USERSPACE=y CONFIG_CPU_FREQ_GOV_ONDEMAND=y CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y # CONFIG_CPU_FREQ_GOV_SCHEDUTIL is not set # # CPU frequency scaling drivers # CONFIG_CPU_FREQ_PMAC64=y CONFIG_POWERNV_CPUFREQ=y # # CPUIdle driver # # # CPU Idle # CONFIG_CPU_IDLE=y CONFIG_CPU_IDLE_GOV_LADDER=y CONFIG_CPU_IDLE_GOV_MENU=y # # POWERPC CPU Idle Drivers # CONFIG_POWERNV_CPUIDLE=y # CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set # CONFIG_FSL_ULI1575 is not set # CONFIG_GEN_RTC is not set # CONFIG_SIMPLE_GPIO is not set # # Kernel options # CONFIG_HZ_100=y # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set # CONFIG_HZ_1000 is not set CONFIG_HZ=100 CONFIG_SCHED_HRTICK=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set CONFIG_BINFMT_ELF=y CONFIG_COMPAT_BINFMT_ELF=y CONFIG_ELFCORE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=m CONFIG_COREDUMP=y # CONFIG_PPC_TRANSACTIONAL_MEM is not set CONFIG_IOMMU_HELPER=y # CONFIG_SWIOTLB is not set CONFIG_HOTPLUG_CPU=y CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_HAS_WALK_MEMORY=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y CONFIG_PPC64_SUPPORTS_MEMORY_FAILURE=y CONFIG_KEXEC=y # CONFIG_RELOCATABLE is not set # CONFIG_CRASH_DUMP is not set # CONFIG_IRQ_ALL_CPUS is not set # CONFIG_NUMA is not set CONFIG_ARCH_SELECT_MEMORY_MODEL=y CONFIG_ARCH_FLATMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_HAVE_MEMBLOCK=y CONFIG_HAVE_MEMBLOCK_NODE_MAP=y CONFIG_HAVE_GENERIC_RCU_GUP=y CONFIG_NO_BOOTMEM=y # CONFIG_HAVE_BOOTMEM_INFO_NODE is not set CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_COMPACTION=y CONFIG_MIGRATION=y CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_BOUNCE=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y # CONFIG_MEMORY_FAILURE is not set # CONFIG_TRANSPARENT_HUGEPAGE is not set CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y # CONFIG_CMA is not set # CONFIG_ZSWAP is not set # CONFIG_ZPOOL is not set # CONFIG_ZBUD is not set # CONFIG_ZSMALLOC is not set CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y # CONFIG_IDLE_PAGE_TRACKING is not set CONFIG_PPC_4K_PAGES=y # CONFIG_PPC_64K_PAGES is not set CONFIG_FORCE_MAX_ZONEORDER=13 CONFIG_PPC_COPRO_BASE=y # CONFIG_SCHED_SMT is not set CONFIG_PPC_DENORMALISATION=y CONFIG_CMDLINE_BOOL=y CONFIG_CMDLINE="console=ttyS0,9600 console=tty0" # CONFIG_CMDLINE_FORCE is not set CONFIG_EXTRA_TARGETS="" CONFIG_ARCH_WANTS_FREEZER_CONTROL=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y # CONFIG_SUSPEND_SKIP_SYNC is not set # CONFIG_HIBERNATION is not set CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y # CONFIG_PM_AUTOSLEEP is not set # CONFIG_PM_WAKELOCKS is not set CONFIG_PM=y # CONFIG_PM_DEBUG is not set # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set CONFIG_SECCOMP=y CONFIG_ISA_DMA_API=y # # Bus options # CONFIG_ZONE_DMA=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y # CONFIG_PPC_INDIRECT_PCI is not set # CONFIG_FSL_LBC is not set CONFIG_PCI=y CONFIG_PCI_DOMAINS=y CONFIG_PCI_SYSCALL=y CONFIG_PCIEPORTBUS=y CONFIG_PCIEAER=y # CONFIG_PCIE_ECRC is not set # CONFIG_PCIEAER_INJECT is not set CONFIG_PCIEASPM=y # CONFIG_PCIEASPM_DEBUG is not set CONFIG_PCIEASPM_DEFAULT=y # CONFIG_PCIEASPM_POWERSAVE is not set # CONFIG_PCIEASPM_PERFORMANCE is not set CONFIG_PCIE_PME=y # CONFIG_PCIE_DPC is not set # CONFIG_PCIE_PTM is not set CONFIG_PCI_BUS_ADDR_T_64BIT=y CONFIG_PCI_MSI=y # CONFIG_PCI_MSI_IRQ_DOMAIN is not set # CONFIG_PCI_DEBUG is not set CONFIG_PCI_REALLOC_ENABLE_AUTO=y # CONFIG_PCI_STUB is not set # CONFIG_PCI_IOV is not set # CONFIG_PCI_PRI is not set # CONFIG_PCI_PASID is not set # CONFIG_HOTPLUG_PCI is not set # # PCI host controller drivers # # CONFIG_PCCARD is not set # CONFIG_HAS_RAPIDIO is not set # CONFIG_RAPIDIO is not set # CONFIG_NONSTATIC_KERNEL is not set CONFIG_PAGE_OFFSET=0xc000000000000000 CONFIG_KERNEL_START=0xc000000000000000 CONFIG_PHYSICAL_START=0x00000000 CONFIG_ARCH_RANDOM=y CONFIG_NET=y CONFIG_COMPAT_NETLINK_MESSAGES=y CONFIG_NET_INGRESS=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_DIAG=y CONFIG_UNIX=y CONFIG_UNIX_DIAG=y CONFIG_XFRM=y CONFIG_XFRM_ALGO=m # CONFIG_XFRM_USER is not set # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=m CONFIG_NET_KEY=m # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y # CONFIG_IP_MULTICAST is not set CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE_STATS is not set CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_CLASSID=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=m # CONFIG_NET_IPGRE_DEMUX is not set CONFIG_NET_IP_TUNNEL=m CONFIG_SYN_COOKIES=y CONFIG_NET_IPVTI=m CONFIG_NET_UDP_TUNNEL=m CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set CONFIG_INET_AH=m CONFIG_INET_ESP=m CONFIG_INET_IPCOMP=m CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m # CONFIG_INET_UDP_DIAG is not set CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y CONFIG_TCP_CONG_WESTWOOD=m CONFIG_TCP_CONG_HTCP=m CONFIG_TCP_CONG_HSTCP=m CONFIG_TCP_CONG_HYBLA=m CONFIG_TCP_CONG_VEGAS=m # CONFIG_TCP_CONG_NV is not set CONFIG_TCP_CONG_SCALABLE=m CONFIG_TCP_CONG_LP=m CONFIG_TCP_CONG_VENO=m CONFIG_TCP_CONG_YEAH=m CONFIG_TCP_CONG_ILLINOIS=m # CONFIG_TCP_CONG_DCTCP is not set # CONFIG_TCP_CONG_CDG is not set CONFIG_TCP_CONG_BBR=m CONFIG_DEFAULT_CUBIC=y # CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_TCP_MD5SIG=y CONFIG_IPV6=y # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set CONFIG_INET6_AH=m CONFIG_INET6_ESP=m CONFIG_INET6_IPCOMP=m # CONFIG_IPV6_MIP6 is not set # CONFIG_IPV6_ILA is not set CONFIG_INET6_XFRM_TUNNEL=m CONFIG_INET6_TUNNEL=m CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_FOU=m # CONFIG_IPV6_FOU_TUNNEL is not set CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y # CONFIG_IPV6_MROUTE_MULTIPLE_TABLES is not set CONFIG_IPV6_PIMSM_V2=y # CONFIG_NETWORK_SECMARK is not set CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y # # Core Netfilter Configuration # CONFIG_NETFILTER_INGRESS=y CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_LOG_COMMON=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_ZONES=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CONNTRACK_LABELS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_SNMP=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NF_CT_NETLINK_TIMEOUT=y CONFIG_NF_CT_NETLINK_HELPER=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_SIP=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=y CONFIG_NF_TABLES=y CONFIG_NF_TABLES_INET=y CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_EXTHDR=y CONFIG_NFT_META=y CONFIG_NFT_NUMGEN=y CONFIG_NFT_CT=y CONFIG_NFT_SET_RBTREE=y CONFIG_NFT_SET_HASH=y CONFIG_NFT_COUNTER=y CONFIG_NFT_LOG=y CONFIG_NFT_LIMIT=y CONFIG_NFT_MASQ=y CONFIG_NFT_REDIR=y CONFIG_NFT_NAT=y CONFIG_NFT_QUEUE=y CONFIG_NFT_QUOTA=y CONFIG_NFT_REJECT=y CONFIG_NFT_REJECT_INET=y CONFIG_NFT_COMPAT=y CONFIG_NFT_HASH=y # CONFIG_NF_DUP_NETDEV is not set # CONFIG_NFT_DUP_NETDEV is not set # CONFIG_NFT_FWD_NETDEV is not set CONFIG_NETFILTER_XTABLES=y # # Xtables combined modules # CONFIG_NETFILTER_XT_MARK=y CONFIG_NETFILTER_XT_CONNMARK=y # # Xtables targets # CONFIG_NETFILTER_XT_TARGET_AUDIT=y CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_CT=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_HMARK=y CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y CONFIG_NETFILTER_XT_TARGET_LED=y CONFIG_NETFILTER_XT_TARGET_LOG=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_REDIRECT=y CONFIG_NETFILTER_XT_TARGET_TEE=y CONFIG_NETFILTER_XT_TARGET_TPROXY=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # # Xtables matches # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y CONFIG_NETFILTER_XT_MATCH_BPF=y CONFIG_NETFILTER_XT_MATCH_CGROUP=y CONFIG_NETFILTER_XT_MATCH_CLUSTER=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_CPU=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ECN=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPCOMP=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_L2TP=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_NFACCT=y CONFIG_NETFILTER_XT_MATCH_OSF=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_RECENT=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_SOCKET=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_SET is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_TABLES_IPV4=y CONFIG_NFT_CHAIN_ROUTE_IPV4=y CONFIG_NFT_REJECT_IPV4=y # CONFIG_NFT_DUP_IPV4 is not set # CONFIG_NF_TABLES_ARP is not set CONFIG_NF_DUP_IPV4=y # CONFIG_NF_LOG_ARP is not set CONFIG_NF_LOG_IPV4=y CONFIG_NF_REJECT_IPV4=y CONFIG_NF_NAT_IPV4=y CONFIG_NFT_CHAIN_NAT_IPV4=y CONFIG_NF_NAT_MASQUERADE_IPV4=y CONFIG_NFT_MASQ_IPV4=y CONFIG_NFT_REDIR_IPV4=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_RPFILTER=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_SYNPROXY=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y # CONFIG_IP_NF_ARPTABLES is not set # # IPv6: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV6=y CONFIG_NF_CONNTRACK_IPV6=y CONFIG_NF_TABLES_IPV6=y CONFIG_NFT_CHAIN_ROUTE_IPV6=y CONFIG_NFT_REJECT_IPV6=y # CONFIG_NFT_DUP_IPV6 is not set CONFIG_NF_DUP_IPV6=y CONFIG_NF_REJECT_IPV6=y CONFIG_NF_LOG_IPV6=y CONFIG_NF_NAT_IPV6=y CONFIG_NFT_CHAIN_NAT_IPV6=y CONFIG_NF_NAT_MASQUERADE_IPV6=y CONFIG_NFT_MASQ_IPV6=y CONFIG_NFT_REDIR_IPV6=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RPFILTER=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_TARGET_SYNPROXY=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_IP6_NF_NAT=y CONFIG_IP6_NF_TARGET_MASQUERADE=y CONFIG_IP6_NF_TARGET_NPT=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_L2TP is not set # CONFIG_BRIDGE is not set CONFIG_HAVE_NET_DSA=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y # CONFIG_VLAN_8021Q_GVRP is not set # CONFIG_VLAN_8021Q_MVRP is not set # CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_PHONET is not set # CONFIG_6LOWPAN is not set # CONFIG_IEEE802154 is not set # CONFIG_NET_SCHED is not set # CONFIG_DCB is not set CONFIG_DNS_RESOLVER=m # CONFIG_BATMAN_ADV is not set # CONFIG_OPENVSWITCH is not set # CONFIG_VSOCKETS is not set CONFIG_NETLINK_DIAG=y # CONFIG_MPLS is not set # CONFIG_HSR is not set # CONFIG_NET_SWITCHDEV is not set # CONFIG_NET_L3_MASTER_DEV is not set # CONFIG_NET_NCSI is not set CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y CONFIG_SOCK_CGROUP_DATA=y CONFIG_CGROUP_NET_PRIO=y CONFIG_CGROUP_NET_CLASSID=y CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y CONFIG_BPF_JIT=y CONFIG_NET_FLOW_LIMIT=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set # CONFIG_AF_KCM is not set # CONFIG_STREAM_PARSER is not set CONFIG_FIB_RULES=y CONFIG_WIRELESS=y CONFIG_WIRELESS_EXT=y CONFIG_WEXT_CORE=y CONFIG_WEXT_PROC=y CONFIG_WEXT_SPY=y CONFIG_WEXT_PRIV=y CONFIG_CFG80211=m # CONFIG_NL80211_TESTMODE is not set # CONFIG_CFG80211_DEVELOPER_WARNINGS is not set # CONFIG_CFG80211_CERTIFICATION_ONUS is not set CONFIG_CFG80211_DEFAULT_PS=y # CONFIG_CFG80211_DEBUGFS is not set # CONFIG_CFG80211_INTERNAL_REGDB is not set CONFIG_CFG80211_CRDA_SUPPORT=y CONFIG_CFG80211_WEXT=y CONFIG_CFG80211_WEXT_EXPORT=y CONFIG_LIB80211=m CONFIG_LIB80211_CRYPT_WEP=m CONFIG_LIB80211_CRYPT_CCMP=m CONFIG_LIB80211_CRYPT_TKIP=m # CONFIG_LIB80211_DEBUG is not set CONFIG_MAC80211=m CONFIG_MAC80211_HAS_RC=y CONFIG_MAC80211_RC_MINSTREL=y CONFIG_MAC80211_RC_MINSTREL_HT=y # CONFIG_MAC80211_RC_MINSTREL_VHT is not set CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_MESH=y CONFIG_MAC80211_LEDS=y # CONFIG_MAC80211_DEBUGFS is not set # CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 # CONFIG_WIMAX is not set CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y # CONFIG_RFKILL_INPUT is not set # CONFIG_NET_9P is not set # CONFIG_CAIF is not set # CONFIG_CEPH_LIB is not set # CONFIG_NFC is not set # CONFIG_LWTUNNEL is not set CONFIG_DST_CACHE=y # CONFIG_NET_DEVLINK is not set CONFIG_MAY_USE_DEVLINK=y CONFIG_HAVE_EBPF_JIT=y # # Device Drivers # # # Generic Driver Options # CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="" CONFIG_DEVTMPFS=y # CONFIG_DEVTMPFS_MOUNT is not set # CONFIG_STANDALONE is not set CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_ALLOW_DEV_COREDUMP=y # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set # CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set # CONFIG_SYS_HYPERVISOR is not set # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y CONFIG_DMA_SHARED_BUFFER=y # CONFIG_FENCE_TRACE is not set # # Bus devices # CONFIG_CONNECTOR=m # CONFIG_MTD is not set CONFIG_DTC=y CONFIG_OF=y # CONFIG_OF_UNITTEST is not set CONFIG_OF_FLATTREE=y CONFIG_OF_EARLY_FLATTREE=y CONFIG_OF_ADDRESS=y CONFIG_OF_ADDRESS_PCI=y CONFIG_OF_IRQ=y CONFIG_OF_NET=y CONFIG_OF_MDIO=y CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y CONFIG_OF_RESERVED_MEM=y # CONFIG_OF_OVERLAY is not set CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y # CONFIG_PARPORT is not set CONFIG_BLK_DEV=y # CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set # CONFIG_BLK_CPQ_CISS_DA is not set # CONFIG_BLK_DEV_DAC960 is not set # CONFIG_BLK_DEV_UMEM is not set # CONFIG_BLK_DEV_COW_COMMON is not set CONFIG_BLK_DEV_LOOP=m CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 CONFIG_BLK_DEV_CRYPTOLOOP=m # CONFIG_BLK_DEV_DRBD is not set CONFIG_BLK_DEV_NBD=m # CONFIG_BLK_DEV_SKD is not set # CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 CONFIG_CDROM_PKTCDVD=m CONFIG_CDROM_PKTCDVD_BUFFERS=8 # CONFIG_CDROM_PKTCDVD_WCACHE is not set CONFIG_ATA_OVER_ETH=y # CONFIG_BLK_DEV_HD is not set # CONFIG_BLK_DEV_RBD is not set # CONFIG_BLK_DEV_RSXX is not set # CONFIG_BLK_DEV_NVME is not set # CONFIG_NVME_TARGET is not set # # Misc devices # # CONFIG_SENSORS_LIS3LV02D is not set # CONFIG_AD525X_DPOT is not set # CONFIG_DUMMY_IRQ is not set # CONFIG_PHANTOM is not set # CONFIG_SGI_IOC4 is not set CONFIG_TIFM_CORE=m # CONFIG_TIFM_7XX1 is not set # CONFIG_ICS932S401 is not set # CONFIG_ENCLOSURE_SERVICES is not set # CONFIG_HP_ILO is not set # CONFIG_APDS9802ALS is not set # CONFIG_ISL29003 is not set # CONFIG_ISL29020 is not set CONFIG_SENSORS_TSL2550=m # CONFIG_SENSORS_BH1770 is not set # CONFIG_SENSORS_APDS990X is not set # CONFIG_HMC6352 is not set CONFIG_DS1682=m # CONFIG_USB_SWITCH_FSA9480 is not set # CONFIG_SRAM is not set # CONFIG_C2PORT is not set # # EEPROM support # # CONFIG_EEPROM_AT24 is not set # CONFIG_EEPROM_LEGACY is not set # CONFIG_EEPROM_MAX6875 is not set CONFIG_EEPROM_93CX6=m # CONFIG_CB710_CORE is not set # # Texas Instruments shared transport line discipline # # CONFIG_SENSORS_LIS3_I2C is not set # # Altera FPGA firmware download module # # CONFIG_ALTERA_STAPL is not set # # Intel MIC Bus Driver # # # SCIF Bus Driver # # # VOP Bus Driver # # # Intel MIC Host Driver # # # Intel MIC Card Driver # # # SCIF Driver # # # Intel MIC Coprocessor State Management (COSM) Drivers # # # VOP Driver # # CONFIG_GENWQE is not set # CONFIG_ECHO is not set CONFIG_CXL_BASE=y CONFIG_CXL_AFU_DRIVER_OPS=y CONFIG_CXL=m CONFIG_HAVE_IDE=y # CONFIG_IDE is not set # # SCSI device support # CONFIG_SCSI_MOD=y # CONFIG_RAID_ATTRS is not set CONFIG_SCSI=y CONFIG_SCSI_DMA=y # CONFIG_SCSI_NETLINK is not set # CONFIG_SCSI_MQ_DEFAULT is not set CONFIG_SCSI_PROC_FS=y # # SCSI support type (disk, tape, CD-ROM) # CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set # CONFIG_CHR_DEV_OSST is not set CONFIG_BLK_DEV_SR=m # CONFIG_BLK_DEV_SR_VENDOR is not set CONFIG_CHR_DEV_SG=m # CONFIG_CHR_DEV_SCH is not set CONFIG_SCSI_CONSTANTS=y # CONFIG_SCSI_LOGGING is not set CONFIG_SCSI_SCAN_ASYNC=y # # SCSI Transports # # CONFIG_SCSI_SPI_ATTRS is not set # CONFIG_SCSI_FC_ATTRS is not set CONFIG_SCSI_ISCSI_ATTRS=m # CONFIG_SCSI_SAS_ATTRS is not set # CONFIG_SCSI_SAS_LIBSAS is not set # CONFIG_SCSI_SRP_ATTRS is not set CONFIG_SCSI_LOWLEVEL=y CONFIG_ISCSI_TCP=m # CONFIG_ISCSI_BOOT_SYSFS is not set # CONFIG_SCSI_CXGB3_ISCSI is not set # CONFIG_SCSI_CXGB4_ISCSI is not set # CONFIG_SCSI_BNX2_ISCSI is not set # CONFIG_BE2ISCSI is not set CONFIG_CXLFLASH=m # CONFIG_BLK_DEV_3W_XXXX_RAID is not set # CONFIG_SCSI_HPSA is not set # CONFIG_SCSI_3W_9XXX is not set # CONFIG_SCSI_3W_SAS is not set # CONFIG_SCSI_ACARD is not set # CONFIG_SCSI_AACRAID is not set # CONFIG_SCSI_AIC7XXX is not set # CONFIG_SCSI_AIC79XX is not set # CONFIG_SCSI_AIC94XX is not set # CONFIG_SCSI_MVSAS is not set # CONFIG_SCSI_MVUMI is not set # CONFIG_SCSI_ADVANSYS is not set # CONFIG_SCSI_ARCMSR is not set # CONFIG_SCSI_ESAS2R is not set # CONFIG_MEGARAID_NEWGEN is not set # CONFIG_MEGARAID_LEGACY is not set # CONFIG_MEGARAID_SAS is not set # CONFIG_SCSI_MPT3SAS is not set # CONFIG_SCSI_MPT2SAS is not set # CONFIG_SCSI_SMARTPQI is not set # CONFIG_SCSI_UFSHCD is not set # CONFIG_SCSI_HPTIOP is not set # CONFIG_SCSI_SNIC is not set # CONFIG_SCSI_DMX3191D is not set # CONFIG_SCSI_EATA is not set # CONFIG_SCSI_FUTURE_DOMAIN is not set # CONFIG_SCSI_GDTH is not set # CONFIG_SCSI_IPS is not set # CONFIG_SCSI_INITIO is not set # CONFIG_SCSI_INIA100 is not set # CONFIG_SCSI_STEX is not set # CONFIG_SCSI_SYM53C8XX_2 is not set # CONFIG_SCSI_IPR is not set # CONFIG_SCSI_QLOGIC_1280 is not set # CONFIG_SCSI_QLA_ISCSI is not set # CONFIG_SCSI_DC395x is not set # CONFIG_SCSI_AM53C974 is not set # CONFIG_SCSI_WD719X is not set # CONFIG_SCSI_DEBUG is not set # CONFIG_SCSI_PMCRAID is not set # CONFIG_SCSI_PM8001 is not set # CONFIG_SCSI_DH is not set # CONFIG_SCSI_OSD_INITIATOR is not set CONFIG_ATA=y # CONFIG_ATA_NONSTANDARD is not set CONFIG_ATA_VERBOSE_ERROR=y # CONFIG_SATA_PMP is not set # # Controllers with non-SFF native interface # CONFIG_SATA_AHCI=m # CONFIG_SATA_AHCI_PLATFORM is not set # CONFIG_AHCI_CEVA is not set # CONFIG_AHCI_QORIQ is not set # CONFIG_SATA_INIC162X is not set # CONFIG_SATA_ACARD_AHCI is not set # CONFIG_SATA_SIL24 is not set CONFIG_ATA_SFF=y # # SFF controllers with custom DMA interface # # CONFIG_PDC_ADMA is not set # CONFIG_SATA_QSTOR is not set # CONFIG_SATA_SX4 is not set CONFIG_ATA_BMDMA=y # # SATA SFF controllers with BMDMA # # CONFIG_ATA_PIIX is not set # CONFIG_SATA_DWC is not set # CONFIG_SATA_MV is not set # CONFIG_SATA_NV is not set # CONFIG_SATA_PROMISE is not set CONFIG_SATA_SIL=m # CONFIG_SATA_SIS is not set CONFIG_SATA_SVW=y # CONFIG_SATA_ULI is not set # CONFIG_SATA_VIA is not set # CONFIG_SATA_VITESSE is not set # # PATA SFF controllers with BMDMA # # CONFIG_PATA_ALI is not set # CONFIG_PATA_AMD is not set # CONFIG_PATA_ARTOP is not set # CONFIG_PATA_ATIIXP is not set # CONFIG_PATA_ATP867X is not set # CONFIG_PATA_CMD64X is not set # CONFIG_PATA_CYPRESS is not set # CONFIG_PATA_EFAR is not set # CONFIG_PATA_HPT366 is not set # CONFIG_PATA_HPT37X is not set # CONFIG_PATA_HPT3X2N is not set # CONFIG_PATA_HPT3X3 is not set # CONFIG_PATA_IT8213 is not set CONFIG_PATA_IT821X=m # CONFIG_PATA_JMICRON is not set CONFIG_PATA_MACIO=y # CONFIG_PATA_MARVELL is not set # CONFIG_PATA_NETCELL is not set # CONFIG_PATA_NINJA32 is not set # CONFIG_PATA_NS87415 is not set # CONFIG_PATA_OLDPIIX is not set # CONFIG_PATA_OPTIDMA is not set # CONFIG_PATA_PDC2027X is not set # CONFIG_PATA_PDC_OLD is not set # CONFIG_PATA_RADISYS is not set # CONFIG_PATA_RDC is not set # CONFIG_PATA_SCH is not set # CONFIG_PATA_SERVERWORKS is not set CONFIG_PATA_SIL680=m # CONFIG_PATA_SIS is not set # CONFIG_PATA_TOSHIBA is not set # CONFIG_PATA_TRIFLEX is not set # CONFIG_PATA_VIA is not set # CONFIG_PATA_WINBOND is not set # # PIO-only SFF controllers # # CONFIG_PATA_CMD640_PCI is not set # CONFIG_PATA_MPIIX is not set # CONFIG_PATA_NS87410 is not set # CONFIG_PATA_OPTI is not set # CONFIG_PATA_PLATFORM is not set # CONFIG_PATA_RZ1000 is not set # # Generic fallback / legacy drivers # # CONFIG_ATA_GENERIC is not set # CONFIG_PATA_LEGACY is not set CONFIG_MD=y CONFIG_BLK_DEV_MD=y CONFIG_MD_AUTODETECT=y # CONFIG_MD_LINEAR is not set # CONFIG_MD_RAID0 is not set CONFIG_MD_RAID1=y CONFIG_MD_RAID10=y CONFIG_MD_RAID456=y # CONFIG_MD_MULTIPATH is not set # CONFIG_MD_FAULTY is not set # CONFIG_BCACHE is not set CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=y # CONFIG_DM_MQ_DEFAULT is not set # CONFIG_DM_DEBUG is not set CONFIG_DM_BUFIO=m # CONFIG_DM_DEBUG_BLOCK_STACK_TRACING is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=m # CONFIG_DM_THIN_PROVISIONING is not set # CONFIG_DM_CACHE is not set # CONFIG_DM_ERA is not set CONFIG_DM_MIRROR=y CONFIG_DM_LOG_USERSPACE=m # CONFIG_DM_RAID is not set # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set CONFIG_DM_UEVENT=y # CONFIG_DM_FLAKEY is not set # CONFIG_DM_VERITY is not set # CONFIG_DM_SWITCH is not set # CONFIG_DM_LOG_WRITES is not set # CONFIG_TARGET_CORE is not set # CONFIG_FUSION is not set # # IEEE 1394 (FireWire) support # CONFIG_FIREWIRE=m CONFIG_FIREWIRE_OHCI=m CONFIG_FIREWIRE_SBP2=m CONFIG_FIREWIRE_NET=m # CONFIG_FIREWIRE_NOSY is not set CONFIG_MACINTOSH_DRIVERS=y CONFIG_ADB_PMU=y CONFIG_ADB_PMU_LED=y CONFIG_PMAC_SMU=y CONFIG_MAC_EMUMOUSEBTN=y CONFIG_WINDFARM=m # CONFIG_WINDFARM_PM81 is not set # CONFIG_WINDFARM_PM72 is not set # CONFIG_WINDFARM_RM31 is not set # CONFIG_WINDFARM_PM91 is not set CONFIG_WINDFARM_PM112=m # CONFIG_WINDFARM_PM121 is not set CONFIG_PMAC_RACKMETER=m CONFIG_NETDEVICES=y CONFIG_MII=m CONFIG_NET_CORE=y # CONFIG_BONDING is not set CONFIG_DUMMY=m # CONFIG_EQUALIZER is not set # CONFIG_NET_FC is not set # CONFIG_NET_TEAM is not set # CONFIG_MACVLAN is not set # CONFIG_VXLAN is not set # CONFIG_GENEVE is not set # CONFIG_GTP is not set # CONFIG_MACSEC is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set CONFIG_TUN=m # CONFIG_TUN_VNET_CROSS_LE is not set CONFIG_VETH=m # CONFIG_NLMON is not set # CONFIG_ARCNET is not set # # CAIF transport drivers # # # Distributed Switch Architecture drivers # CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_3COM is not set # CONFIG_NET_VENDOR_ADAPTEC is not set # CONFIG_NET_VENDOR_AGERE is not set # CONFIG_NET_VENDOR_ALTEON is not set # CONFIG_ALTERA_TSE is not set # CONFIG_NET_VENDOR_AMAZON is not set CONFIG_NET_VENDOR_AMD=y # CONFIG_AMD8111_ETH is not set CONFIG_PCNET32=m # CONFIG_NET_VENDOR_ARC is not set # CONFIG_NET_VENDOR_ATHEROS is not set # CONFIG_NET_VENDOR_AURORA is not set # CONFIG_NET_CADENCE is not set CONFIG_NET_VENDOR_BROADCOM=y # CONFIG_B44 is not set # CONFIG_BCMGENET is not set # CONFIG_BNX2 is not set # CONFIG_CNIC is not set CONFIG_TIGON3=y # CONFIG_BNX2X is not set # CONFIG_SYSTEMPORT is not set # CONFIG_BNXT is not set # CONFIG_NET_VENDOR_BROCADE is not set # CONFIG_NET_VENDOR_CAVIUM is not set # CONFIG_NET_VENDOR_CHELSIO is not set # CONFIG_NET_VENDOR_CISCO is not set # CONFIG_DNET is not set CONFIG_NET_VENDOR_DEC=y CONFIG_NET_TULIP=y # CONFIG_DE2104X is not set # CONFIG_TULIP is not set # CONFIG_DE4X5 is not set # CONFIG_WINBOND_840 is not set CONFIG_DM9102=m # CONFIG_ULI526X is not set # CONFIG_NET_VENDOR_DLINK is not set # CONFIG_NET_VENDOR_EMULEX is not set # CONFIG_NET_VENDOR_EZCHIP is not set # CONFIG_NET_VENDOR_EXAR is not set # CONFIG_NET_VENDOR_HP is not set CONFIG_NET_VENDOR_INTEL=y # CONFIG_E100 is not set CONFIG_E1000=m # CONFIG_E1000E is not set # CONFIG_IGB is not set # CONFIG_IGBVF is not set # CONFIG_IXGB is not set # CONFIG_IXGBE is not set # CONFIG_IXGBEVF is not set # CONFIG_I40E is not set # CONFIG_I40EVF is not set # CONFIG_FM10K is not set # CONFIG_NET_VENDOR_I825XX is not set # CONFIG_JME is not set CONFIG_NET_VENDOR_MARVELL=y # CONFIG_MVMDIO is not set # CONFIG_MVNETA_BM is not set CONFIG_SKGE=m # CONFIG_SKGE_DEBUG is not set # CONFIG_SKGE_GENESIS is not set CONFIG_SKY2=m # CONFIG_SKY2_DEBUG is not set # CONFIG_NET_VENDOR_MELLANOX is not set # CONFIG_NET_VENDOR_MICREL is not set # CONFIG_NET_VENDOR_MYRI is not set # CONFIG_FEALNX is not set # CONFIG_NET_VENDOR_NATSEMI is not set # CONFIG_NET_VENDOR_NETRONOME is not set # CONFIG_NET_VENDOR_NVIDIA is not set # CONFIG_NET_VENDOR_OKI is not set # CONFIG_ETHOC is not set # CONFIG_NET_PACKET_ENGINE is not set # CONFIG_NET_VENDOR_QLOGIC is not set # CONFIG_NET_VENDOR_QUALCOMM is not set CONFIG_NET_VENDOR_REALTEK=y CONFIG_8139CP=m CONFIG_8139TOO=m # CONFIG_8139TOO_PIO is not set # CONFIG_8139TOO_TUNE_TWISTER is not set # CONFIG_8139TOO_8129 is not set # CONFIG_8139_OLD_RX_RESET is not set CONFIG_R8169=m # CONFIG_NET_VENDOR_RENESAS is not set # CONFIG_NET_VENDOR_RDC is not set # CONFIG_NET_VENDOR_ROCKER is not set # CONFIG_NET_VENDOR_SAMSUNG is not set # CONFIG_NET_VENDOR_SEEQ is not set # CONFIG_NET_VENDOR_SILAN is not set # CONFIG_NET_VENDOR_SIS is not set # CONFIG_SFC is not set # CONFIG_NET_VENDOR_SMSC is not set # CONFIG_NET_VENDOR_STMICRO is not set # CONFIG_NET_VENDOR_SUN is not set # CONFIG_NET_VENDOR_SYNOPSYS is not set # CONFIG_NET_VENDOR_TEHUTI is not set # CONFIG_NET_VENDOR_TI is not set # CONFIG_NET_VENDOR_VIA is not set # CONFIG_NET_VENDOR_WIZNET is not set # CONFIG_NET_VENDOR_XILINX is not set # CONFIG_FDDI is not set # CONFIG_HIPPI is not set CONFIG_PHYLIB=y CONFIG_SWPHY=y # # MDIO bus device drivers # # CONFIG_MDIO_BCM_UNIMAC is not set # CONFIG_MDIO_BITBANG is not set # CONFIG_MDIO_BUS_MUX_MMIOREG is not set # CONFIG_MDIO_HISI_FEMAC is not set # CONFIG_MDIO_OCTEON is not set # CONFIG_MDIO_THUNDER is not set # # MII PHY device drivers # # CONFIG_AMD_PHY is not set # CONFIG_AQUANTIA_PHY is not set # CONFIG_AT803X_PHY is not set # CONFIG_BCM7XXX_PHY is not set # CONFIG_BCM87XX_PHY is not set # CONFIG_BROADCOM_PHY is not set # CONFIG_CICADA_PHY is not set # CONFIG_DAVICOM_PHY is not set # CONFIG_DP83848_PHY is not set # CONFIG_DP83867_PHY is not set CONFIG_FIXED_PHY=y # CONFIG_ICPLUS_PHY is not set # CONFIG_INTEL_XWAY_PHY is not set # CONFIG_LSI_ET1011C_PHY is not set # CONFIG_LXT_PHY is not set # CONFIG_MARVELL_PHY is not set # CONFIG_MICREL_PHY is not set CONFIG_MICROCHIP_PHY=m # CONFIG_MICROSEMI_PHY is not set # CONFIG_NATIONAL_PHY is not set # CONFIG_QSEMI_PHY is not set # CONFIG_REALTEK_PHY is not set # CONFIG_SMSC_PHY is not set # CONFIG_STE10XP is not set # CONFIG_TERANETICS_PHY is not set # CONFIG_VITESSE_PHY is not set # CONFIG_XILINX_GMII2RGMII is not set # CONFIG_PPP is not set # CONFIG_SLIP is not set CONFIG_USB_NET_DRIVERS=y CONFIG_USB_CATC=m CONFIG_USB_KAWETH=m CONFIG_USB_PEGASUS=m CONFIG_USB_RTL8150=m CONFIG_USB_RTL8152=m CONFIG_USB_LAN78XX=m CONFIG_USB_USBNET=m CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m # CONFIG_USB_NET_CDC_EEM is not set CONFIG_USB_NET_CDC_NCM=m # CONFIG_USB_NET_HUAWEI_CDC_NCM is not set CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m CONFIG_USB_NET_SR9800=m CONFIG_USB_NET_SMSC75XX=m CONFIG_USB_NET_SMSC95XX=m CONFIG_USB_NET_GL620A=m CONFIG_USB_NET_NET1080=m CONFIG_USB_NET_PLUSB=m CONFIG_USB_NET_MCS7830=m CONFIG_USB_NET_RNDIS_HOST=m CONFIG_USB_NET_CDC_SUBSET_ENABLE=m CONFIG_USB_NET_CDC_SUBSET=m CONFIG_USB_ALI_M5632=y CONFIG_USB_AN2720=y CONFIG_USB_BELKIN=y CONFIG_USB_ARMLINUX=y CONFIG_USB_EPSON2888=y CONFIG_USB_KC2190=y CONFIG_USB_NET_ZAURUS=m # CONFIG_USB_NET_CX82310_ETH is not set # CONFIG_USB_NET_KALMIA is not set # CONFIG_USB_NET_QMI_WWAN is not set # CONFIG_USB_HSO is not set # CONFIG_USB_NET_INT51X1 is not set # CONFIG_USB_IPHETH is not set # CONFIG_USB_SIERRA_NET is not set # CONFIG_USB_VL600 is not set CONFIG_USB_NET_CH9200=m CONFIG_WLAN=y # CONFIG_WLAN_VENDOR_ADMTEK is not set CONFIG_ATH_COMMON=m CONFIG_WLAN_VENDOR_ATH=y # CONFIG_ATH_DEBUG is not set # CONFIG_ATH5K is not set # CONFIG_ATH5K_PCI is not set # CONFIG_ATH9K is not set # CONFIG_ATH9K_HTC is not set CONFIG_CARL9170=m CONFIG_CARL9170_LEDS=y CONFIG_CARL9170_WPC=y # CONFIG_CARL9170_HWRNG is not set # CONFIG_ATH6KL is not set # CONFIG_AR5523 is not set # CONFIG_WIL6210 is not set CONFIG_ATH10K=m # CONFIG_ATH10K_PCI is not set # CONFIG_ATH10K_DEBUG is not set # CONFIG_ATH10K_DEBUGFS is not set # CONFIG_WCN36XX is not set # CONFIG_WLAN_VENDOR_ATMEL is not set # CONFIG_WLAN_VENDOR_BROADCOM is not set # CONFIG_WLAN_VENDOR_CISCO is not set CONFIG_WLAN_VENDOR_INTEL=y # CONFIG_IPW2100 is not set CONFIG_IPW2200=m # CONFIG_IPW2200_MONITOR is not set CONFIG_IPW2200_QOS=y # CONFIG_IPW2200_DEBUG is not set CONFIG_LIBIPW=m # CONFIG_LIBIPW_DEBUG is not set # CONFIG_IWL4965 is not set # CONFIG_IWL3945 is not set # CONFIG_IWLWIFI is not set CONFIG_WLAN_VENDOR_INTERSIL=y # CONFIG_HOSTAP is not set # CONFIG_HERMES is not set # CONFIG_P54_COMMON is not set # CONFIG_PRISM54 is not set # CONFIG_WLAN_VENDOR_MARVELL is not set # CONFIG_WLAN_VENDOR_MEDIATEK is not set CONFIG_WLAN_VENDOR_RALINK=y CONFIG_RT2X00=m # CONFIG_RT2400PCI is not set # CONFIG_RT2500PCI is not set # CONFIG_RT61PCI is not set # CONFIG_RT2800PCI is not set CONFIG_RT2500USB=m CONFIG_RT73USB=m CONFIG_RT2800USB=m CONFIG_RT2800USB_RT33XX=y CONFIG_RT2800USB_RT35XX=y CONFIG_RT2800USB_RT3573=y CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m CONFIG_RT2X00_LIB_USB=m CONFIG_RT2X00_LIB=m CONFIG_RT2X00_LIB_FIRMWARE=y CONFIG_RT2X00_LIB_CRYPTO=y CONFIG_RT2X00_LIB_LEDS=y # CONFIG_RT2X00_DEBUG is not set CONFIG_WLAN_VENDOR_REALTEK=y # CONFIG_RTL8180 is not set CONFIG_RTL8187=m CONFIG_RTL8187_LEDS=y CONFIG_RTL_CARDS=m # CONFIG_RTL8192CE is not set # CONFIG_RTL8192SE is not set # CONFIG_RTL8192DE is not set # CONFIG_RTL8723AE is not set # CONFIG_RTL8723BE is not set # CONFIG_RTL8188EE is not set # CONFIG_RTL8192EE is not set # CONFIG_RTL8821AE is not set CONFIG_RTL8192CU=m CONFIG_RTLWIFI=m CONFIG_RTLWIFI_USB=m # CONFIG_RTLWIFI_DEBUG is not set CONFIG_RTL8192C_COMMON=m # CONFIG_RTL8XXXU is not set # CONFIG_WLAN_VENDOR_RSI is not set CONFIG_WLAN_VENDOR_ST=y # CONFIG_CW1200 is not set # CONFIG_WLAN_VENDOR_TI is not set CONFIG_WLAN_VENDOR_ZYDAS=y CONFIG_USB_ZD1201=m CONFIG_ZD1211RW=m # CONFIG_ZD1211RW_DEBUG is not set # CONFIG_MAC80211_HWSIM is not set # CONFIG_USB_NET_RNDIS_WLAN is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set # CONFIG_VMXNET3 is not set # CONFIG_ISDN is not set # CONFIG_NVM is not set # # Input device support # CONFIG_INPUT=y CONFIG_INPUT_LEDS=y # CONFIG_INPUT_FF_MEMLESS is not set CONFIG_INPUT_POLLDEV=m # CONFIG_INPUT_SPARSEKMAP is not set # CONFIG_INPUT_MATRIXKMAP is not set # # Userland interfaces # # CONFIG_INPUT_MOUSEDEV is not set # CONFIG_INPUT_JOYDEV is not set CONFIG_INPUT_EVDEV=m # CONFIG_INPUT_EVBUG is not set # # Input Device Drivers # CONFIG_INPUT_KEYBOARD=y # CONFIG_KEYBOARD_ADP5588 is not set # CONFIG_KEYBOARD_ADP5589 is not set CONFIG_KEYBOARD_ATKBD=m # CONFIG_KEYBOARD_QT1070 is not set # CONFIG_KEYBOARD_QT2160 is not set # CONFIG_KEYBOARD_LKKBD is not set # CONFIG_KEYBOARD_TCA6416 is not set # CONFIG_KEYBOARD_TCA8418 is not set # CONFIG_KEYBOARD_LM8323 is not set # CONFIG_KEYBOARD_LM8333 is not set # CONFIG_KEYBOARD_MAX7359 is not set # CONFIG_KEYBOARD_MCS is not set # CONFIG_KEYBOARD_MPR121 is not set # CONFIG_KEYBOARD_NEWTON is not set # CONFIG_KEYBOARD_OPENCORES is not set CONFIG_KEYBOARD_STOWAWAY=m # CONFIG_KEYBOARD_SUNKBD is not set # CONFIG_KEYBOARD_OMAP4 is not set # CONFIG_KEYBOARD_XTKBD is not set # CONFIG_KEYBOARD_CAP11XX is not set # CONFIG_INPUT_MOUSE is not set # CONFIG_INPUT_JOYSTICK is not set # CONFIG_INPUT_TABLET is not set # CONFIG_INPUT_TOUCHSCREEN is not set CONFIG_INPUT_MISC=y # CONFIG_INPUT_AD714X is not set # CONFIG_INPUT_ATMEL_CAPTOUCH is not set # CONFIG_INPUT_BMA150 is not set # CONFIG_INPUT_E3X0_BUTTON is not set # CONFIG_INPUT_MMA8450 is not set # CONFIG_INPUT_MPU3050 is not set CONFIG_INPUT_ATI_REMOTE2=m CONFIG_INPUT_KEYSPAN_REMOTE=m # CONFIG_INPUT_KXTJ9 is not set CONFIG_INPUT_POWERMATE=m CONFIG_INPUT_YEALINK=m # CONFIG_INPUT_CM109 is not set # CONFIG_INPUT_UINPUT is not set # CONFIG_INPUT_PCF8574 is not set # CONFIG_INPUT_ADXL34X is not set # CONFIG_INPUT_IMS_PCU is not set # CONFIG_INPUT_CMA3000 is not set # CONFIG_INPUT_IDEAPAD_SLIDEBAR is not set # CONFIG_INPUT_DRV2665_HAPTICS is not set # CONFIG_INPUT_DRV2667_HAPTICS is not set # CONFIG_RMI4_CORE is not set # # Hardware I/O ports # CONFIG_SERIO=m CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y CONFIG_SERIO_I8042=m CONFIG_SERIO_SERPORT=m # CONFIG_SERIO_PCIPS2 is not set CONFIG_SERIO_LIBPS2=m CONFIG_SERIO_RAW=m # CONFIG_SERIO_XILINX_XPS_PS2 is not set # CONFIG_SERIO_ALTERA_PS2 is not set # CONFIG_SERIO_PS2MULT is not set # CONFIG_SERIO_ARC_PS2 is not set # CONFIG_SERIO_APBPS2 is not set # CONFIG_USERIO is not set # CONFIG_GAMEPORT is not set # # Character devices # CONFIG_TTY=y CONFIG_VT=y CONFIG_CONSOLE_TRANSLATIONS=y CONFIG_VT_CONSOLE=y CONFIG_VT_CONSOLE_SLEEP=y CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_UNIX98_PTYS=y # CONFIG_LEGACY_PTYS is not set # CONFIG_SERIAL_NONSTANDARD is not set # CONFIG_NOZOMI is not set # CONFIG_N_GSM is not set # CONFIG_TRACE_SINK is not set # CONFIG_PPC_EPAPR_HV_BYTECHAN is not set CONFIG_DEVMEM=y # CONFIG_DEVKMEM is not set # # Serial drivers # CONFIG_SERIAL_EARLYCON=y CONFIG_SERIAL_8250=y # CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set # CONFIG_SERIAL_8250_FINTEK is not set CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_DMA=y CONFIG_SERIAL_8250_PCI=y CONFIG_SERIAL_8250_NR_UARTS=4 CONFIG_SERIAL_8250_RUNTIME_UARTS=4 # CONFIG_SERIAL_8250_EXTENDED is not set CONFIG_SERIAL_8250_FSL=y # CONFIG_SERIAL_8250_DW is not set # CONFIG_SERIAL_8250_RT288X is not set # CONFIG_SERIAL_8250_MOXA is not set CONFIG_SERIAL_OF_PLATFORM=y # # Non-8250 serial port support # # CONFIG_SERIAL_UARTLITE is not set CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_PMACZILOG=y CONFIG_SERIAL_PMACZILOG_TTYS=y CONFIG_SERIAL_PMACZILOG_CONSOLE=y CONFIG_SERIAL_JSM=m # CONFIG_SERIAL_SCCNXP is not set # CONFIG_SERIAL_SC16IS7XX is not set # CONFIG_SERIAL_ALTERA_JTAGUART is not set # CONFIG_SERIAL_ALTERA_UART is not set # CONFIG_SERIAL_XILINX_PS_UART is not set # CONFIG_SERIAL_ARC is not set # CONFIG_SERIAL_RP2 is not set # CONFIG_SERIAL_FSL_LPUART is not set # CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set # CONFIG_TTY_PRINTK is not set CONFIG_HVC_DRIVER=y CONFIG_HVC_IRQ=y CONFIG_HVC_OPAL=y # CONFIG_HVC_UDBG is not set CONFIG_POWERNV_OP_PANEL=m # CONFIG_IPMI_HANDLER is not set CONFIG_HW_RANDOM=m # CONFIG_HW_RANDOM_TIMERIOMEM is not set CONFIG_HW_RANDOM_POWERNV=m # CONFIG_R3964 is not set CONFIG_APPLICOM=m # CONFIG_RAW_DRIVER is not set # CONFIG_HANGCHECK_TIMER is not set # CONFIG_TCG_TPM is not set CONFIG_DEVPORT=y # CONFIG_XILLYBUS is not set # # I2C support # CONFIG_I2C=y CONFIG_I2C_BOARDINFO=y # CONFIG_I2C_COMPAT is not set CONFIG_I2C_CHARDEV=m # CONFIG_I2C_MUX is not set CONFIG_I2C_HELPER_AUTO=y CONFIG_I2C_SMBUS=m CONFIG_I2C_ALGOBIT=y CONFIG_I2C_ALGOPCA=m # # I2C Hardware Bus support # # # PC SMBus host controller drivers # # CONFIG_I2C_ALI1535 is not set # CONFIG_I2C_ALI1563 is not set # CONFIG_I2C_ALI15X3 is not set # CONFIG_I2C_AMD756 is not set # CONFIG_I2C_AMD8111 is not set # CONFIG_I2C_I801 is not set # CONFIG_I2C_ISCH is not set # CONFIG_I2C_PIIX4 is not set # CONFIG_I2C_NFORCE2 is not set CONFIG_I2C_SIS5595=m CONFIG_I2C_SIS630=m CONFIG_I2C_SIS96X=m CONFIG_I2C_VIA=m CONFIG_I2C_VIAPRO=m # # Mac SMBus host controller drivers # CONFIG_I2C_POWERMAC=y # # I2C system bus drivers (mostly embedded / system-on-chip) # # CONFIG_I2C_DESIGNWARE_PLATFORM is not set # CONFIG_I2C_DESIGNWARE_PCI is not set CONFIG_I2C_MPC=m CONFIG_I2C_OCORES=m CONFIG_I2C_PCA_PLATFORM=m # CONFIG_I2C_PXA_PCI is not set CONFIG_I2C_SIMTEC=m # CONFIG_I2C_XILINX is not set # # External I2C/SMBus adapter drivers # # CONFIG_I2C_DIOLAN_U2C is not set CONFIG_I2C_PARPORT_LIGHT=m # CONFIG_I2C_ROBOTFUZZ_OSIF is not set CONFIG_I2C_TAOS_EVM=m CONFIG_I2C_TINY_USB=m # # Other I2C/SMBus bus drivers # CONFIG_I2C_OPAL=y # CONFIG_I2C_STUB is not set # CONFIG_I2C_SLAVE is not set # CONFIG_I2C_DEBUG_CORE is not set # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set # CONFIG_SPI is not set # CONFIG_SPMI is not set # CONFIG_HSI is not set # # PPS support # CONFIG_PPS=y # CONFIG_PPS_DEBUG is not set # # PPS clients support # # CONFIG_PPS_CLIENT_KTIMER is not set # CONFIG_PPS_CLIENT_LDISC is not set # CONFIG_PPS_CLIENT_GPIO is not set # # PPS generators support # # # PTP clock support # CONFIG_PTP_1588_CLOCK=y # # Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. # # CONFIG_GPIOLIB is not set # CONFIG_W1 is not set # CONFIG_POWER_AVS is not set # CONFIG_POWER_RESET is not set CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set # CONFIG_PDA_POWER is not set # CONFIG_TEST_POWER is not set # CONFIG_BATTERY_DS2780 is not set # CONFIG_BATTERY_DS2781 is not set # CONFIG_BATTERY_DS2782 is not set # CONFIG_BATTERY_SBS is not set # CONFIG_BATTERY_BQ27XXX is not set # CONFIG_BATTERY_MAX17040 is not set # CONFIG_BATTERY_MAX17042 is not set # CONFIG_CHARGER_MAX8903 is not set # CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set # CONFIG_BATTERY_GAUGE_LTC2941 is not set CONFIG_HWMON=y CONFIG_HWMON_VID=m # CONFIG_HWMON_DEBUG_CHIP is not set # # Native drivers # # CONFIG_SENSORS_AD7414 is not set CONFIG_SENSORS_AD7418=m CONFIG_SENSORS_ADM1021=m CONFIG_SENSORS_ADM1025=m CONFIG_SENSORS_ADM1026=m CONFIG_SENSORS_ADM1029=m CONFIG_SENSORS_ADM1031=m CONFIG_SENSORS_ADM9240=m # CONFIG_SENSORS_ADT7410 is not set # CONFIG_SENSORS_ADT7411 is not set # CONFIG_SENSORS_ADT7462 is not set CONFIG_SENSORS_ADT7470=m # CONFIG_SENSORS_ADT7475 is not set # CONFIG_SENSORS_ASC7621 is not set CONFIG_SENSORS_ATXP1=m # CONFIG_SENSORS_DS620 is not set CONFIG_SENSORS_DS1621=m CONFIG_SENSORS_I5K_AMB=m CONFIG_SENSORS_F75375S=m # CONFIG_SENSORS_FTSTEUTATES is not set CONFIG_SENSORS_GL518SM=m CONFIG_SENSORS_GL520SM=m # CONFIG_SENSORS_G760A is not set # CONFIG_SENSORS_G762 is not set # CONFIG_SENSORS_HIH6130 is not set CONFIG_SENSORS_IBMPOWERNV=y # CONFIG_SENSORS_JC42 is not set # CONFIG_SENSORS_POWR1220 is not set # CONFIG_SENSORS_LINEAGE is not set # CONFIG_SENSORS_LTC2945 is not set # CONFIG_SENSORS_LTC2990 is not set # CONFIG_SENSORS_LTC4151 is not set # CONFIG_SENSORS_LTC4215 is not set # CONFIG_SENSORS_LTC4222 is not set # CONFIG_SENSORS_LTC4245 is not set # CONFIG_SENSORS_LTC4260 is not set # CONFIG_SENSORS_LTC4261 is not set # CONFIG_SENSORS_MAX16065 is not set CONFIG_SENSORS_MAX1619=m # CONFIG_SENSORS_MAX1668 is not set # CONFIG_SENSORS_MAX197 is not set # CONFIG_SENSORS_MAX6639 is not set # CONFIG_SENSORS_MAX6642 is not set CONFIG_SENSORS_MAX6650=m # CONFIG_SENSORS_MAX6697 is not set # CONFIG_SENSORS_MAX31790 is not set # CONFIG_SENSORS_MCP3021 is not set CONFIG_SENSORS_LM63=m # CONFIG_SENSORS_LM73 is not set CONFIG_SENSORS_LM75=m CONFIG_SENSORS_LM77=m CONFIG_SENSORS_LM78=m CONFIG_SENSORS_LM80=m CONFIG_SENSORS_LM83=m CONFIG_SENSORS_LM85=m CONFIG_SENSORS_LM87=m CONFIG_SENSORS_LM90=m CONFIG_SENSORS_LM92=m CONFIG_SENSORS_LM93=m # CONFIG_SENSORS_LM95234 is not set # CONFIG_SENSORS_LM95241 is not set # CONFIG_SENSORS_LM95245 is not set # CONFIG_SENSORS_NTC_THERMISTOR is not set # CONFIG_SENSORS_NCT7802 is not set # CONFIG_SENSORS_NCT7904 is not set CONFIG_SENSORS_PCF8591=m # CONFIG_PMBUS is not set # CONFIG_SENSORS_SHT21 is not set # CONFIG_SENSORS_SHT3x is not set # CONFIG_SENSORS_SHTC1 is not set CONFIG_SENSORS_SIS5595=m # CONFIG_SENSORS_EMC1403 is not set # CONFIG_SENSORS_EMC2103 is not set # CONFIG_SENSORS_EMC6W201 is not set CONFIG_SENSORS_SMSC47M192=m # CONFIG_SENSORS_SCH56XX_COMMON is not set # CONFIG_SENSORS_SMM665 is not set # CONFIG_SENSORS_ADC128D818 is not set # CONFIG_SENSORS_ADS1015 is not set CONFIG_SENSORS_ADS7828=m # CONFIG_SENSORS_AMC6821 is not set # CONFIG_SENSORS_INA209 is not set # CONFIG_SENSORS_INA2XX is not set # CONFIG_SENSORS_INA3221 is not set # CONFIG_SENSORS_TC74 is not set CONFIG_SENSORS_THMC50=m # CONFIG_SENSORS_TMP102 is not set # CONFIG_SENSORS_TMP103 is not set # CONFIG_SENSORS_TMP401 is not set # CONFIG_SENSORS_TMP421 is not set CONFIG_SENSORS_VIA686A=m CONFIG_SENSORS_VT8231=m CONFIG_SENSORS_W83781D=m CONFIG_SENSORS_W83791D=m CONFIG_SENSORS_W83792D=m CONFIG_SENSORS_W83793=m # CONFIG_SENSORS_W83795 is not set CONFIG_SENSORS_W83L785TS=m CONFIG_SENSORS_W83L786NG=m CONFIG_THERMAL=m CONFIG_THERMAL_HWMON=y CONFIG_THERMAL_OF=y # CONFIG_THERMAL_WRITABLE_TRIPS is not set CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y # CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set # CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set # CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set # CONFIG_THERMAL_GOV_FAIR_SHARE is not set CONFIG_THERMAL_GOV_STEP_WISE=y # CONFIG_THERMAL_GOV_BANG_BANG is not set # CONFIG_THERMAL_GOV_USER_SPACE is not set # CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set # CONFIG_CPU_THERMAL is not set # CONFIG_THERMAL_EMULATION is not set # CONFIG_QORIQ_THERMAL is not set # # ACPI INT340X thermal drivers # CONFIG_WATCHDOG=y CONFIG_WATCHDOG_CORE=y # CONFIG_WATCHDOG_NOWAYOUT is not set CONFIG_WATCHDOG_SYSFS=y # # Watchdog Device Drivers # # CONFIG_SOFT_WATCHDOG is not set # CONFIG_XILINX_WATCHDOG is not set # CONFIG_ZIIRAVE_WATCHDOG is not set # CONFIG_CADENCE_WATCHDOG is not set # CONFIG_DW_WATCHDOG is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_ALIM7101_WDT is not set # CONFIG_I6300ESB_WDT is not set # # PCI-based Watchdog Cards # # CONFIG_PCIPCWATCHDOG is not set # CONFIG_WDTPCI is not set # # USB-based Watchdog Cards # # CONFIG_USBPCWATCHDOG is not set # # Watchdog Pretimeout Governors # # CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set CONFIG_SSB_POSSIBLE=y # # Sonics Silicon Backplane # # CONFIG_SSB is not set CONFIG_BCMA_POSSIBLE=y # # Broadcom specific AMBA # # CONFIG_BCMA is not set # # Multifunction device drivers # CONFIG_MFD_CORE=y # CONFIG_MFD_ACT8945A is not set # CONFIG_MFD_AS3711 is not set # CONFIG_MFD_AS3722 is not set # CONFIG_PMIC_ADP5520 is not set # CONFIG_MFD_ATMEL_FLEXCOM is not set # CONFIG_MFD_ATMEL_HLCDC is not set # CONFIG_MFD_BCM590XX is not set # CONFIG_MFD_AXP20X_I2C is not set # CONFIG_PMIC_DA903X is not set # CONFIG_MFD_DA9052_I2C is not set # CONFIG_MFD_DA9055 is not set # CONFIG_MFD_DA9062 is not set # CONFIG_MFD_DA9063 is not set # CONFIG_MFD_DA9150 is not set # CONFIG_MFD_DLN2 is not set # CONFIG_MFD_EXYNOS_LPASS is not set # CONFIG_MFD_MC13XXX_I2C is not set # CONFIG_MFD_HI6421_PMIC is not set # CONFIG_HTC_PASIC3 is not set # CONFIG_LPC_ICH is not set # CONFIG_LPC_SCH is not set # CONFIG_MFD_JANZ_CMODIO is not set # CONFIG_MFD_KEMPLD is not set # CONFIG_MFD_88PM800 is not set # CONFIG_MFD_88PM805 is not set # CONFIG_MFD_88PM860X is not set # CONFIG_MFD_MAX14577 is not set # CONFIG_MFD_MAX77620 is not set # CONFIG_MFD_MAX77686 is not set # CONFIG_MFD_MAX77693 is not set # CONFIG_MFD_MAX77843 is not set # CONFIG_MFD_MAX8907 is not set # CONFIG_MFD_MAX8925 is not set # CONFIG_MFD_MAX8997 is not set # CONFIG_MFD_MAX8998 is not set # CONFIG_MFD_MT6397 is not set # CONFIG_MFD_MENF21BMC is not set # CONFIG_MFD_VIPERBOARD is not set # CONFIG_MFD_RETU is not set # CONFIG_MFD_PCF50633 is not set # CONFIG_MFD_RDC321X is not set # CONFIG_MFD_RTSX_PCI is not set # CONFIG_MFD_RT5033 is not set CONFIG_MFD_RTSX_USB=y # CONFIG_MFD_RC5T583 is not set # CONFIG_MFD_RK808 is not set # CONFIG_MFD_RN5T618 is not set # CONFIG_MFD_SEC_CORE is not set # CONFIG_MFD_SI476X_CORE is not set # CONFIG_MFD_SM501 is not set # CONFIG_MFD_SKY81452 is not set # CONFIG_MFD_SMSC is not set # CONFIG_ABX500_CORE is not set # CONFIG_MFD_STMPE is not set # CONFIG_MFD_SYSCON is not set # CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_PALMAS is not set # CONFIG_TPS6105X is not set # CONFIG_TPS6507X is not set # CONFIG_MFD_TPS65086 is not set # CONFIG_MFD_TPS65090 is not set # CONFIG_MFD_TPS65217 is not set # CONFIG_MFD_TI_LP873X is not set # CONFIG_MFD_TPS65218 is not set # CONFIG_MFD_TPS6586X is not set # CONFIG_MFD_TPS65912_I2C is not set # CONFIG_MFD_TPS80031 is not set # CONFIG_TWL4030_CORE is not set # CONFIG_TWL6040_CORE is not set # CONFIG_MFD_WL1273_CORE is not set # CONFIG_MFD_LM3533 is not set # CONFIG_MFD_TC3589X is not set # CONFIG_MFD_TMIO is not set # CONFIG_MFD_VX855 is not set # CONFIG_MFD_ARIZONA_I2C is not set # CONFIG_MFD_WM8400 is not set # CONFIG_MFD_WM831X_I2C is not set # CONFIG_MFD_WM8350_I2C is not set # CONFIG_MFD_WM8994 is not set # CONFIG_REGULATOR is not set # CONFIG_MEDIA_SUPPORT is not set # # Graphics support # # CONFIG_AGP is not set CONFIG_VGA_ARB=y CONFIG_VGA_ARB_MAX_GPUS=16 CONFIG_DRM=m # CONFIG_DRM_DP_AUX_CHARDEV is not set CONFIG_DRM_KMS_HELPER=m CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_FBDEV_EMULATION=y # CONFIG_DRM_LOAD_EDID_FIRMWARE is not set CONFIG_DRM_TTM=m # # I2C encoder or helper chips # # CONFIG_DRM_I2C_CH7006 is not set CONFIG_DRM_I2C_SIL164=m # CONFIG_DRM_I2C_NXP_TDA998X is not set CONFIG_DRM_RADEON=m # CONFIG_DRM_RADEON_USERPTR is not set # CONFIG_DRM_AMDGPU is not set # # ACP (Audio CoProcessor) Configuration # CONFIG_DRM_NOUVEAU=m CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_VGEM=m # CONFIG_DRM_UDL is not set # CONFIG_DRM_AST is not set # CONFIG_DRM_MGAG200 is not set # CONFIG_DRM_CIRRUS_QEMU is not set # CONFIG_DRM_QXL is not set # CONFIG_DRM_BOCHS is not set CONFIG_DRM_BRIDGE=y # # Display Interface Bridges # # CONFIG_DRM_ANALOGIX_ANX78XX is not set # CONFIG_DRM_DUMB_VGA_DAC is not set # CONFIG_DRM_NXP_PTN3460 is not set # CONFIG_DRM_PARADE_PS8622 is not set # CONFIG_DRM_SII902X is not set # CONFIG_DRM_TOSHIBA_TC358767 is not set # CONFIG_DRM_I2C_ADV7511 is not set # CONFIG_DRM_ARCPGU is not set # CONFIG_DRM_LEGACY is not set # # Frame buffer Devices # CONFIG_FB=y CONFIG_FIRMWARE_EDID=y CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y CONFIG_FB_DDC=y # CONFIG_FB_BOOT_VESA_SUPPORT is not set CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y CONFIG_FB_CFB_IMAGEBLIT=y # CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set CONFIG_FB_SYS_FILLRECT=m CONFIG_FB_SYS_COPYAREA=m CONFIG_FB_SYS_IMAGEBLIT=m # CONFIG_FB_FOREIGN_ENDIAN is not set CONFIG_FB_SYS_FOPS=m CONFIG_FB_DEFERRED_IO=y # CONFIG_FB_SVGALIB is not set CONFIG_FB_MACMODES=y CONFIG_FB_BACKLIGHT=y CONFIG_FB_MODE_HELPERS=y # CONFIG_FB_TILEBLITTING is not set # # Frame buffer hardware drivers # # CONFIG_FB_CIRRUS is not set # CONFIG_FB_PM2 is not set # CONFIG_FB_CYBER2000 is not set CONFIG_FB_OF=y # CONFIG_FB_ASILIANT is not set CONFIG_FB_IMSTT=y # CONFIG_FB_VGA16 is not set # CONFIG_FB_UVESA is not set # CONFIG_FB_OPENCORES is not set # CONFIG_FB_S1D13XXX is not set CONFIG_FB_NVIDIA=y CONFIG_FB_NVIDIA_I2C=y # CONFIG_FB_NVIDIA_DEBUG is not set CONFIG_FB_NVIDIA_BACKLIGHT=y CONFIG_FB_RIVA=y # CONFIG_FB_RIVA_I2C is not set # CONFIG_FB_RIVA_DEBUG is not set CONFIG_FB_RIVA_BACKLIGHT=y # CONFIG_FB_I740 is not set # CONFIG_FB_MATROX is not set # CONFIG_FB_RADEON is not set CONFIG_FB_ATY128=y CONFIG_FB_ATY128_BACKLIGHT=y # CONFIG_FB_ATY is not set # CONFIG_FB_S3 is not set # CONFIG_FB_SAVAGE is not set # CONFIG_FB_SIS is not set # CONFIG_FB_NEOMAGIC is not set # CONFIG_FB_KYRO is not set # CONFIG_FB_3DFX is not set # CONFIG_FB_VOODOO1 is not set # CONFIG_FB_VT8623 is not set # CONFIG_FB_TRIDENT is not set # CONFIG_FB_ARK is not set # CONFIG_FB_PM3 is not set # CONFIG_FB_CARMINE is not set # CONFIG_FB_SMSCUFX is not set # CONFIG_FB_UDL is not set # CONFIG_FB_IBM_GXT4500 is not set # CONFIG_FB_VIRTUAL is not set # CONFIG_FB_METRONOME is not set # CONFIG_FB_MB862XX is not set # CONFIG_FB_BROADSHEET is not set # CONFIG_FB_AUO_K190X is not set CONFIG_FB_SIMPLE=y # CONFIG_FB_SM712 is not set CONFIG_BACKLIGHT_LCD_SUPPORT=y # CONFIG_LCD_CLASS_DEVICE is not set CONFIG_BACKLIGHT_CLASS_DEVICE=y # CONFIG_BACKLIGHT_GENERIC is not set # CONFIG_BACKLIGHT_PM8941_WLED is not set # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LV5207LP is not set # CONFIG_BACKLIGHT_BD6107 is not set CONFIG_VGASTATE=y CONFIG_HDMI=y # # Console display driver support # CONFIG_VGA_CONSOLE=y CONFIG_VGACON_SOFT_SCROLLBACK=y CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64 CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set CONFIG_LOGO=y # CONFIG_LOGO_LINUX_MONO is not set # CONFIG_LOGO_LINUX_VGA16 is not set # CONFIG_LOGO_LINUX_CLUT224 is not set CONFIG_SOUND=m CONFIG_SOUND_OSS_CORE=y CONFIG_SOUND_OSS_CORE_PRECLAIM=y CONFIG_SND=m CONFIG_SND_TIMER=m CONFIG_SND_PCM=m CONFIG_SND_HWDEP=m CONFIG_SND_RAWMIDI=m CONFIG_SND_SEQUENCER=m # CONFIG_SND_SEQ_DUMMY is not set CONFIG_SND_OSSEMUL=y CONFIG_SND_MIXER_OSS=m CONFIG_SND_PCM_OSS=m CONFIG_SND_PCM_OSS_PLUGINS=y CONFIG_SND_PCM_TIMER=y CONFIG_SND_SEQUENCER_OSS=y # CONFIG_SND_HRTIMER is not set # CONFIG_SND_DYNAMIC_MINORS is not set CONFIG_SND_SUPPORT_OLD_API=y CONFIG_SND_PROC_FS=y CONFIG_SND_VERBOSE_PROCFS=y # CONFIG_SND_VERBOSE_PRINTK is not set # CONFIG_SND_DEBUG is not set CONFIG_SND_VMASTER=y CONFIG_SND_RAWMIDI_SEQ=m # CONFIG_SND_OPL3_LIB_SEQ is not set # CONFIG_SND_OPL4_LIB_SEQ is not set # CONFIG_SND_SBAWE_SEQ is not set # CONFIG_SND_EMU10K1_SEQ is not set CONFIG_SND_DRIVERS=y # CONFIG_SND_DUMMY is not set # CONFIG_SND_ALOOP is not set CONFIG_SND_VIRMIDI=m # CONFIG_SND_MTPAV is not set # CONFIG_SND_SERIAL_U16550 is not set # CONFIG_SND_MPU401 is not set CONFIG_SND_PCI=y # CONFIG_SND_AD1889 is not set # CONFIG_SND_ALS300 is not set # CONFIG_SND_ALS4000 is not set # CONFIG_SND_ALI5451 is not set # CONFIG_SND_ATIIXP is not set # CONFIG_SND_ATIIXP_MODEM is not set # CONFIG_SND_AU8810 is not set # CONFIG_SND_AU8820 is not set # CONFIG_SND_AU8830 is not set # CONFIG_SND_AW2 is not set # CONFIG_SND_AZT3328 is not set # CONFIG_SND_BT87X is not set # CONFIG_SND_CA0106 is not set # CONFIG_SND_CMIPCI is not set # CONFIG_SND_OXYGEN is not set # CONFIG_SND_CS4281 is not set # CONFIG_SND_CS46XX is not set # CONFIG_SND_CTXFI is not set # CONFIG_SND_DARLA20 is not set # CONFIG_SND_GINA20 is not set # CONFIG_SND_LAYLA20 is not set # CONFIG_SND_DARLA24 is not set # CONFIG_SND_GINA24 is not set # CONFIG_SND_LAYLA24 is not set # CONFIG_SND_MONA is not set # CONFIG_SND_MIA is not set # CONFIG_SND_ECHO3G is not set # CONFIG_SND_INDIGO is not set # CONFIG_SND_INDIGOIO is not set # CONFIG_SND_INDIGODJ is not set # CONFIG_SND_INDIGOIOX is not set # CONFIG_SND_INDIGODJX is not set # CONFIG_SND_EMU10K1 is not set # CONFIG_SND_EMU10K1X is not set # CONFIG_SND_ENS1370 is not set # CONFIG_SND_ENS1371 is not set # CONFIG_SND_ES1938 is not set # CONFIG_SND_ES1968 is not set # CONFIG_SND_FM801 is not set # CONFIG_SND_HDSP is not set # CONFIG_SND_HDSPM is not set # CONFIG_SND_ICE1712 is not set # CONFIG_SND_ICE1724 is not set # CONFIG_SND_INTEL8X0 is not set # CONFIG_SND_INTEL8X0M is not set # CONFIG_SND_KORG1212 is not set # CONFIG_SND_LOLA is not set # CONFIG_SND_LX6464ES is not set # CONFIG_SND_MAESTRO3 is not set # CONFIG_SND_MIXART is not set # CONFIG_SND_NM256 is not set # CONFIG_SND_PCXHR is not set # CONFIG_SND_RIPTIDE is not set # CONFIG_SND_RME32 is not set # CONFIG_SND_RME96 is not set # CONFIG_SND_RME9652 is not set # CONFIG_SND_SE6X is not set # CONFIG_SND_SONICVIBES is not set # CONFIG_SND_TRIDENT is not set # CONFIG_SND_VIA82XX is not set # CONFIG_SND_VIA82XX_MODEM is not set # CONFIG_SND_VIRTUOSO is not set # CONFIG_SND_VX222 is not set # CONFIG_SND_YMFPCI is not set # # HD-Audio # # CONFIG_SND_HDA_INTEL is not set CONFIG_SND_HDA_PREALLOC_SIZE=64 CONFIG_SND_PPC=y CONFIG_SND_POWERMAC=m CONFIG_SND_POWERMAC_AUTO_DRC=y CONFIG_SND_AOA=m CONFIG_SND_AOA_FABRIC_LAYOUT=m CONFIG_SND_AOA_ONYX=m CONFIG_SND_AOA_TAS=m CONFIG_SND_AOA_TOONIE=m CONFIG_SND_AOA_SOUNDBUS=m CONFIG_SND_AOA_SOUNDBUS_I2S=m CONFIG_SND_USB=y CONFIG_SND_USB_AUDIO=m # CONFIG_SND_USB_UA101 is not set CONFIG_SND_USB_USX2Y=m CONFIG_SND_USB_CAIAQ=m CONFIG_SND_USB_CAIAQ_INPUT=y # CONFIG_SND_USB_6FIRE is not set # CONFIG_SND_USB_HIFACE is not set # CONFIG_SND_BCD2000 is not set # CONFIG_SND_USB_POD is not set # CONFIG_SND_USB_PODHD is not set # CONFIG_SND_USB_TONEPORT is not set # CONFIG_SND_USB_VARIAX is not set CONFIG_SND_FIREWIRE=y # CONFIG_SND_DICE is not set # CONFIG_SND_OXFW is not set # CONFIG_SND_ISIGHT is not set # CONFIG_SND_FIREWORKS is not set # CONFIG_SND_BEBOB is not set # CONFIG_SND_FIREWIRE_DIGI00X is not set # CONFIG_SND_FIREWIRE_TASCAM is not set # CONFIG_SND_SOC is not set # CONFIG_SOUND_PRIME is not set # # HID support # CONFIG_HID=y # CONFIG_HID_BATTERY_STRENGTH is not set CONFIG_HIDRAW=y # CONFIG_UHID is not set CONFIG_HID_GENERIC=y # # Special HID drivers # # CONFIG_HID_A4TECH is not set # CONFIG_HID_ACRUX is not set CONFIG_HID_APPLE=m # CONFIG_HID_APPLEIR is not set # CONFIG_HID_AUREAL is not set # CONFIG_HID_BELKIN is not set # CONFIG_HID_BETOP_FF is not set # CONFIG_HID_CHERRY is not set # CONFIG_HID_CHICONY is not set # CONFIG_HID_CORSAIR is not set # CONFIG_HID_PRODIKEYS is not set # CONFIG_HID_CMEDIA is not set # CONFIG_HID_CYPRESS is not set # CONFIG_HID_DRAGONRISE is not set # CONFIG_HID_EMS_FF is not set # CONFIG_HID_ELECOM is not set # CONFIG_HID_ELO is not set # CONFIG_HID_EZKEY is not set # CONFIG_HID_GEMBIRD is not set # CONFIG_HID_GFRM is not set # CONFIG_HID_HOLTEK is not set # CONFIG_HID_GT683R is not set # CONFIG_HID_KEYTOUCH is not set # CONFIG_HID_KYE is not set # CONFIG_HID_UCLOGIC is not set # CONFIG_HID_WALTOP is not set # CONFIG_HID_GYRATION is not set # CONFIG_HID_ICADE is not set # CONFIG_HID_TWINHAN is not set # CONFIG_HID_KENSINGTON is not set # CONFIG_HID_LCPOWER is not set CONFIG_HID_LED=y # CONFIG_HID_LENOVO is not set # CONFIG_HID_LOGITECH is not set # CONFIG_HID_MAGICMOUSE is not set # CONFIG_HID_MICROSOFT is not set # CONFIG_HID_MONTEREY is not set # CONFIG_HID_MULTITOUCH is not set # CONFIG_HID_NTRIG is not set # CONFIG_HID_ORTEK is not set # CONFIG_HID_PANTHERLORD is not set # CONFIG_HID_PENMOUNT is not set # CONFIG_HID_PETALYNX is not set # CONFIG_HID_PICOLCD is not set # CONFIG_HID_PLANTRONICS is not set # CONFIG_HID_PRIMAX is not set # CONFIG_HID_ROCCAT is not set # CONFIG_HID_SAITEK is not set # CONFIG_HID_SAMSUNG is not set # CONFIG_HID_SONY is not set # CONFIG_HID_SPEEDLINK is not set # CONFIG_HID_STEELSERIES is not set # CONFIG_HID_SUNPLUS is not set # CONFIG_HID_RMI is not set # CONFIG_HID_GREENASIA is not set # CONFIG_HID_SMARTJOYPLUS is not set # CONFIG_HID_TIVO is not set # CONFIG_HID_TOPSEED is not set # CONFIG_HID_THINGM is not set # CONFIG_HID_THRUSTMASTER is not set # CONFIG_HID_WACOM is not set # CONFIG_HID_WIIMOTE is not set # CONFIG_HID_XINMO is not set # CONFIG_HID_ZEROPLUS is not set # CONFIG_HID_ZYDACRON is not set # CONFIG_HID_SENSOR_HUB is not set # CONFIG_HID_ALPS is not set # # USB HID support # CONFIG_USB_HID=y # CONFIG_HID_PID is not set CONFIG_USB_HIDDEV=y # # I2C HID support # # CONFIG_I2C_HID is not set CONFIG_USB_OHCI_BIG_ENDIAN_DESC=y CONFIG_USB_OHCI_BIG_ENDIAN_MMIO=y CONFIG_USB_OHCI_LITTLE_ENDIAN=y CONFIG_USB_SUPPORT=y CONFIG_USB_COMMON=y CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB=y CONFIG_USB_ANNOUNCE_NEW_DEVICES=y # # Miscellaneous USB options # CONFIG_USB_DEFAULT_PERSIST=y CONFIG_USB_DYNAMIC_MINORS=y # CONFIG_USB_OTG is not set # CONFIG_USB_OTG_WHITELIST is not set # CONFIG_USB_OTG_BLACKLIST_HUB is not set CONFIG_USB_LEDS_TRIGGER_USBPORT=y CONFIG_USB_MON=y # CONFIG_USB_WUSB_CBAF is not set # # USB Host Controller Drivers # # CONFIG_USB_C67X00_HCD is not set # CONFIG_USB_XHCI_HCD is not set CONFIG_USB_EHCI_HCD=y CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_EHCI_TT_NEWSCHED=y CONFIG_USB_EHCI_PCI=y CONFIG_USB_EHCI_HCD_PPC_OF=y # CONFIG_USB_EHCI_HCD_PLATFORM is not set # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set # CONFIG_USB_ISP1362_HCD is not set # CONFIG_USB_FOTG210_HCD is not set CONFIG_USB_OHCI_HCD=y CONFIG_USB_OHCI_HCD_PPC_OF_BE=y CONFIG_USB_OHCI_HCD_PPC_OF_LE=y CONFIG_USB_OHCI_HCD_PPC_OF=y CONFIG_USB_OHCI_HCD_PCI=y # CONFIG_USB_OHCI_HCD_PLATFORM is not set CONFIG_USB_UHCI_HCD=m # CONFIG_USB_SL811_HCD is not set # CONFIG_USB_R8A66597_HCD is not set # CONFIG_USB_HCD_TEST_MODE is not set # # USB Device Class drivers # CONFIG_USB_ACM=m CONFIG_USB_PRINTER=m CONFIG_USB_WDM=m # CONFIG_USB_TMC is not set # # NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may # # # also be needed; see USB_STORAGE Help for more info # CONFIG_USB_STORAGE=y # CONFIG_USB_STORAGE_DEBUG is not set CONFIG_USB_STORAGE_REALTEK=m CONFIG_REALTEK_AUTOPM=y CONFIG_USB_STORAGE_DATAFAB=m CONFIG_USB_STORAGE_FREECOM=m CONFIG_USB_STORAGE_ISD200=m CONFIG_USB_STORAGE_USBAT=m CONFIG_USB_STORAGE_SDDR09=m CONFIG_USB_STORAGE_SDDR55=m CONFIG_USB_STORAGE_JUMPSHOT=m CONFIG_USB_STORAGE_ALAUDA=m CONFIG_USB_STORAGE_ONETOUCH=m CONFIG_USB_STORAGE_KARMA=m CONFIG_USB_STORAGE_CYPRESS_ATACB=m CONFIG_USB_STORAGE_ENE_UB6250=m CONFIG_USB_UAS=m # # USB Imaging devices # # CONFIG_USB_MDC800 is not set # CONFIG_USB_MICROTEK is not set CONFIG_USBIP_CORE=m CONFIG_USBIP_VHCI_HCD=m CONFIG_USBIP_VHCI_HC_PORTS=8 CONFIG_USBIP_VHCI_NR_HCS=1 CONFIG_USBIP_HOST=m # CONFIG_USBIP_DEBUG is not set # CONFIG_USB_MUSB_HDRC is not set # CONFIG_USB_DWC3 is not set # CONFIG_USB_DWC2 is not set # CONFIG_USB_CHIPIDEA is not set # CONFIG_USB_ISP1760 is not set # # USB port drivers # CONFIG_USB_SERIAL=m CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_SIMPLE=m CONFIG_USB_SERIAL_AIRCABLE=m CONFIG_USB_SERIAL_ARK3116=m CONFIG_USB_SERIAL_BELKIN=m CONFIG_USB_SERIAL_CH341=m CONFIG_USB_SERIAL_WHITEHEAT=m CONFIG_USB_SERIAL_DIGI_ACCELEPORT=m CONFIG_USB_SERIAL_CP210X=m CONFIG_USB_SERIAL_CYPRESS_M8=m CONFIG_USB_SERIAL_EMPEG=m CONFIG_USB_SERIAL_FTDI_SIO=m CONFIG_USB_SERIAL_VISOR=m CONFIG_USB_SERIAL_IPAQ=m CONFIG_USB_SERIAL_IR=m CONFIG_USB_SERIAL_EDGEPORT=m CONFIG_USB_SERIAL_EDGEPORT_TI=m CONFIG_USB_SERIAL_F81232=m CONFIG_USB_SERIAL_GARMIN=m CONFIG_USB_SERIAL_IPW=m CONFIG_USB_SERIAL_IUU=m CONFIG_USB_SERIAL_KEYSPAN_PDA=m CONFIG_USB_SERIAL_KEYSPAN=m CONFIG_USB_SERIAL_KEYSPAN_MPR=y CONFIG_USB_SERIAL_KEYSPAN_USA28=y CONFIG_USB_SERIAL_KEYSPAN_USA28X=y CONFIG_USB_SERIAL_KEYSPAN_USA28XA=y CONFIG_USB_SERIAL_KEYSPAN_USA28XB=y CONFIG_USB_SERIAL_KEYSPAN_USA19=y CONFIG_USB_SERIAL_KEYSPAN_USA18X=y CONFIG_USB_SERIAL_KEYSPAN_USA19W=y CONFIG_USB_SERIAL_KEYSPAN_USA19QW=y CONFIG_USB_SERIAL_KEYSPAN_USA19QI=y CONFIG_USB_SERIAL_KEYSPAN_USA49W=y CONFIG_USB_SERIAL_KEYSPAN_USA49WLC=y CONFIG_USB_SERIAL_KLSI=m CONFIG_USB_SERIAL_KOBIL_SCT=m CONFIG_USB_SERIAL_MCT_U232=m # CONFIG_USB_SERIAL_METRO is not set CONFIG_USB_SERIAL_MOS7720=m CONFIG_USB_SERIAL_MOS7840=m CONFIG_USB_SERIAL_MXUPORT=m CONFIG_USB_SERIAL_NAVMAN=m CONFIG_USB_SERIAL_PL2303=m CONFIG_USB_SERIAL_OTI6858=m CONFIG_USB_SERIAL_QCAUX=m CONFIG_USB_SERIAL_QUALCOMM=m CONFIG_USB_SERIAL_SPCP8X5=m CONFIG_USB_SERIAL_SAFE=m CONFIG_USB_SERIAL_SAFE_PADDED=y CONFIG_USB_SERIAL_SIERRAWIRELESS=m CONFIG_USB_SERIAL_SYMBOL=m CONFIG_USB_SERIAL_TI=m CONFIG_USB_SERIAL_CYBERJACK=m CONFIG_USB_SERIAL_XIRCOM=m CONFIG_USB_SERIAL_WWAN=m CONFIG_USB_SERIAL_OPTION=m CONFIG_USB_SERIAL_OMNINET=m CONFIG_USB_SERIAL_OPTICON=m # CONFIG_USB_SERIAL_XSENS_MT is not set # CONFIG_USB_SERIAL_WISHBONE is not set CONFIG_USB_SERIAL_SSU100=m # CONFIG_USB_SERIAL_QT2 is not set # CONFIG_USB_SERIAL_DEBUG is not set # # USB Miscellaneous drivers # # CONFIG_USB_EMI62 is not set # CONFIG_USB_EMI26 is not set # CONFIG_USB_ADUTUX is not set # CONFIG_USB_SEVSEG is not set # CONFIG_USB_RIO500 is not set CONFIG_USB_LEGOTOWER=m # CONFIG_USB_LCD is not set CONFIG_USB_CYPRESS_CY7C63=m CONFIG_USB_CYTHERM=m CONFIG_USB_IDMOUSE=m # CONFIG_USB_FTDI_ELAN is not set # CONFIG_USB_APPLEDISPLAY is not set # CONFIG_USB_SISUSBVGA is not set # CONFIG_USB_LD is not set CONFIG_USB_TRANCEVIBRATOR=m CONFIG_USB_IOWARRIOR=m CONFIG_USB_TEST=m # CONFIG_USB_EHSET_TEST_FIXTURE is not set CONFIG_USB_ISIGHTFW=m # CONFIG_USB_YUREX is not set CONFIG_USB_EZUSB_FX2=m # CONFIG_USB_HSIC_USB3503 is not set # CONFIG_USB_HSIC_USB4604 is not set # CONFIG_USB_LINK_LAYER_TEST is not set CONFIG_USB_CHAOSKEY=m # # USB Physical Layer drivers # # CONFIG_USB_PHY is not set # CONFIG_NOP_USB_XCEIV is not set # CONFIG_USB_ISP1301 is not set # CONFIG_USB_GADGET is not set CONFIG_USB_LED_TRIG=y # CONFIG_USB_ULPI_BUS is not set # CONFIG_UWB is not set # CONFIG_MMC is not set # CONFIG_MEMSTICK is not set CONFIG_NEW_LEDS=y CONFIG_LEDS_CLASS=y # CONFIG_LEDS_CLASS_FLASH is not set # # LED drivers # # CONFIG_LEDS_BCM6328 is not set # CONFIG_LEDS_BCM6358 is not set # CONFIG_LEDS_LM3530 is not set # CONFIG_LEDS_LM3642 is not set # CONFIG_LEDS_PCA9532 is not set # CONFIG_LEDS_LP3944 is not set # CONFIG_LEDS_LP5521 is not set # CONFIG_LEDS_LP5523 is not set # CONFIG_LEDS_LP5562 is not set # CONFIG_LEDS_LP8501 is not set # CONFIG_LEDS_LP8860 is not set # CONFIG_LEDS_PCA955X is not set # CONFIG_LEDS_PCA963X is not set # CONFIG_LEDS_BD2802 is not set # CONFIG_LEDS_TCA6507 is not set # CONFIG_LEDS_TLC591XX is not set # CONFIG_LEDS_LM355x is not set # CONFIG_LEDS_IS31FL319X is not set # CONFIG_LEDS_IS31FL32XX is not set # # LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) # # CONFIG_LEDS_BLINKM is not set # CONFIG_LEDS_POWERNV is not set # # LED Triggers # CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=y CONFIG_LEDS_TRIGGER_ONESHOT=y CONFIG_LEDS_TRIGGER_DISK=y CONFIG_LEDS_TRIGGER_HEARTBEAT=y CONFIG_LEDS_TRIGGER_BACKLIGHT=y CONFIG_LEDS_TRIGGER_CPU=y CONFIG_LEDS_TRIGGER_DEFAULT_ON=y # # iptables trigger is under Netfilter config (LED target) # CONFIG_LEDS_TRIGGER_TRANSIENT=y # CONFIG_LEDS_TRIGGER_CAMERA is not set # CONFIG_LEDS_TRIGGER_PANIC is not set # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set CONFIG_EDAC_ATOMIC_SCRUB=y CONFIG_EDAC_SUPPORT=y # CONFIG_EDAC is not set CONFIG_RTC_LIB=y CONFIG_RTC_MC146818_LIB=y CONFIG_RTC_CLASS=y CONFIG_RTC_HCTOSYS=y CONFIG_RTC_HCTOSYS_DEVICE="rtc0" CONFIG_RTC_SYSTOHC=y CONFIG_RTC_SYSTOHC_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set # # RTC interfaces # CONFIG_RTC_INTF_SYSFS=y CONFIG_RTC_INTF_PROC=y CONFIG_RTC_INTF_DEV=y # CONFIG_RTC_INTF_DEV_UIE_EMUL is not set # CONFIG_RTC_DRV_TEST is not set # # I2C RTC drivers # # CONFIG_RTC_DRV_ABB5ZES3 is not set # CONFIG_RTC_DRV_ABX80X is not set CONFIG_RTC_DRV_DS1307=m CONFIG_RTC_DRV_DS1307_HWMON=y # CONFIG_RTC_DRV_DS1307_CENTURY is not set CONFIG_RTC_DRV_DS1374=m CONFIG_RTC_DRV_DS1374_WDT=y CONFIG_RTC_DRV_DS1672=m # CONFIG_RTC_DRV_HYM8563 is not set CONFIG_RTC_DRV_MAX6900=m CONFIG_RTC_DRV_RS5C372=m CONFIG_RTC_DRV_ISL1208=m # CONFIG_RTC_DRV_ISL12022 is not set CONFIG_RTC_DRV_X1205=m # CONFIG_RTC_DRV_PCF8523 is not set # CONFIG_RTC_DRV_PCF85063 is not set CONFIG_RTC_DRV_PCF8563=m CONFIG_RTC_DRV_PCF8583=m CONFIG_RTC_DRV_M41T80=m # CONFIG_RTC_DRV_M41T80_WDT is not set # CONFIG_RTC_DRV_BQ32K is not set CONFIG_RTC_DRV_S35390A=m CONFIG_RTC_DRV_FM3130=m # CONFIG_RTC_DRV_RX8010 is not set # CONFIG_RTC_DRV_RX8581 is not set # CONFIG_RTC_DRV_RX8025 is not set # CONFIG_RTC_DRV_EM3027 is not set # CONFIG_RTC_DRV_RV8803 is not set # # SPI RTC drivers # CONFIG_RTC_I2C_AND_SPI=y # # SPI and I2C RTC drivers # # CONFIG_RTC_DRV_DS3232 is not set # CONFIG_RTC_DRV_PCF2127 is not set # CONFIG_RTC_DRV_RV3029C2 is not set # # Platform RTC drivers # CONFIG_RTC_DRV_CMOS=m # CONFIG_RTC_DRV_DS1286 is not set CONFIG_RTC_DRV_DS1511=m CONFIG_RTC_DRV_DS1553=m # CONFIG_RTC_DRV_DS1685_FAMILY is not set CONFIG_RTC_DRV_DS1742=m # CONFIG_RTC_DRV_DS2404 is not set CONFIG_RTC_DRV_STK17TA8=m CONFIG_RTC_DRV_M48T86=m # CONFIG_RTC_DRV_M48T35 is not set CONFIG_RTC_DRV_M48T59=m # CONFIG_RTC_DRV_MSM6242 is not set # CONFIG_RTC_DRV_BQ4802 is not set # CONFIG_RTC_DRV_RP5C01 is not set CONFIG_RTC_DRV_V3020=m CONFIG_RTC_DRV_OPAL=y # CONFIG_RTC_DRV_ZYNQMP is not set # # on-CPU RTC drivers # CONFIG_RTC_DRV_GENERIC=y # CONFIG_RTC_DRV_SNVS is not set # # HID Sensor RTC drivers # # CONFIG_RTC_DRV_HID_SENSOR_TIME is not set CONFIG_DMADEVICES=y # CONFIG_DMADEVICES_DEBUG is not set # # DMA Devices # CONFIG_DMA_ENGINE=y CONFIG_DMA_OF=y # CONFIG_FSL_EDMA is not set # CONFIG_INTEL_IDMA64 is not set # CONFIG_QCOM_HIDMA_MGMT is not set # CONFIG_QCOM_HIDMA is not set # CONFIG_DW_DMAC is not set # CONFIG_DW_DMAC_PCI is not set # # DMA Clients # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set # # DMABUF options # # CONFIG_SYNC_FILE is not set # CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set # CONFIG_VIRT_DRIVERS is not set # # Virtio drivers # # CONFIG_VIRTIO_PCI is not set # CONFIG_VIRTIO_MMIO is not set # # Microsoft Hyper-V guest support # CONFIG_STAGING=y # CONFIG_PRISM2_USB is not set # CONFIG_COMEDI is not set # CONFIG_RTL8192U is not set # CONFIG_RTLLIB is not set # CONFIG_R8712U is not set CONFIG_R8188EU=m CONFIG_88EU_AP_MODE=y # CONFIG_RTS5208 is not set # CONFIG_VT6655 is not set # CONFIG_VT6656 is not set # CONFIG_FB_SM750 is not set # CONFIG_FB_XGI is not set # # Speakup console speech # # CONFIG_SPEAKUP is not set # CONFIG_STAGING_MEDIA is not set # # Android # # CONFIG_LTE_GDM724X is not set # CONFIG_FIREWIRE_SERIAL is not set # CONFIG_LNET is not set # CONFIG_DGNC is not set # CONFIG_GS_FPGABOOT is not set # CONFIG_MOST is not set # CONFIG_GREYBUS is not set # # Hardware Spinlock drivers # # # Clock Source drivers # # CONFIG_ATMEL_PIT is not set # CONFIG_SH_TIMER_CMT is not set # CONFIG_SH_TIMER_MTU2 is not set # CONFIG_SH_TIMER_TMU is not set # CONFIG_EM_TIMER_STI is not set # CONFIG_MAILBOX is not set CONFIG_IOMMU_SUPPORT=y # # Generic IOMMU Pagetable Support # # CONFIG_SPAPR_TCE_IOMMU is not set # # Remoteproc drivers # # CONFIG_STE_MODEM_RPROC is not set # # Rpmsg drivers # # # SOC (System On Chip) specific Drivers # # # Broadcom SoC drivers # # CONFIG_SUNXI_SRAM is not set # CONFIG_SOC_TI is not set # CONFIG_PM_DEVFREQ is not set # CONFIG_EXTCON is not set # CONFIG_MEMORY is not set # CONFIG_IIO is not set # CONFIG_NTB is not set # CONFIG_VME_BUS is not set # CONFIG_PWM is not set CONFIG_IRQCHIP=y CONFIG_ARM_GIC_MAX_NR=1 # CONFIG_IPACK_BUS is not set # CONFIG_RESET_CONTROLLER is not set # CONFIG_FMC is not set # # PHY Subsystem # # CONFIG_GENERIC_PHY is not set # CONFIG_PHY_PXA_28NM_HSIC is not set # CONFIG_PHY_PXA_28NM_USB2 is not set # CONFIG_BCM_KONA_USB2_PHY is not set # CONFIG_POWERCAP is not set # CONFIG_MCB is not set # # Performance monitor support # CONFIG_RAS=y # CONFIG_THUNDERBOLT is not set # # Android # # CONFIG_ANDROID is not set # CONFIG_LIBNVDIMM is not set # CONFIG_NVMEM is not set # CONFIG_STM is not set # CONFIG_INTEL_TH is not set # # FPGA Configuration Support # # CONFIG_FPGA is not set # # File systems # # CONFIG_EXT2_FS is not set # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_ENCRYPTION is not set # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_BTRFS_FS=m CONFIG_BTRFS_FS_POSIX_ACL=y # CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set # CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set # CONFIG_BTRFS_DEBUG is not set # CONFIG_BTRFS_ASSERT is not set # CONFIG_NILFS2_FS is not set # CONFIG_F2FS_FS is not set # CONFIG_FS_DAX is not set CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y # CONFIG_EXPORTFS_BLOCK_OPS is not set CONFIG_FILE_LOCKING=y CONFIG_MANDATORY_FILE_LOCKING=y # CONFIG_FS_ENCRYPTION is not set CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_FANOTIFY=y CONFIG_QUOTA=y CONFIG_QUOTA_NETLINK_INTERFACE=y # CONFIG_PRINT_QUOTA_WARNING is not set # CONFIG_QUOTA_DEBUG is not set CONFIG_QUOTA_TREE=m # CONFIG_QFMT_V1 is not set CONFIG_QFMT_V2=m CONFIG_QUOTACTL=y CONFIG_AUTOFS4_FS=m CONFIG_FUSE_FS=m # CONFIG_CUSE is not set CONFIG_OVERLAY_FS=m # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # CONFIG_ISO9660_FS=m CONFIG_JOLIET=y CONFIG_ZISOFS=y CONFIG_UDF_FS=m CONFIG_UDF_NLS=y # # DOS/FAT/NT Filesystems # CONFIG_FAT_FS=m CONFIG_MSDOS_FS=m CONFIG_VFAT_FS=m CONFIG_FAT_DEFAULT_CODEPAGE=850 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-15" # CONFIG_FAT_DEFAULT_UTF8 is not set CONFIG_NTFS_FS=m # CONFIG_NTFS_DEBUG is not set # CONFIG_NTFS_RW is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_PROC_CHILDREN=y CONFIG_KERNFS=y CONFIG_SYSFS=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y # CONFIG_HUGETLBFS is not set # CONFIG_HUGETLB_PAGE is not set CONFIG_CONFIGFS_FS=m CONFIG_MISC_FILESYSTEMS=y # CONFIG_ORANGEFS_FS is not set # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_ECRYPT_FS is not set CONFIG_HFS_FS=y CONFIG_HFSPLUS_FS=m CONFIG_HFSPLUS_FS_POSIX_ACL=y # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_LOGFS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_QNX6FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_PSTORE is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=m CONFIG_NFS_V2=m CONFIG_NFS_V3=m CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=m # CONFIG_NFS_SWAP is not set # CONFIG_NFS_V4_1 is not set # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y CONFIG_NFSD=m CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y # CONFIG_NFSD_BLOCKLAYOUT is not set # CONFIG_NFSD_SCSILAYOUT is not set # CONFIG_NFSD_FLEXFILELAYOUT is not set # CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_GRACE_PERIOD=m CONFIG_LOCKD=m CONFIG_LOCKD_V4=y CONFIG_NFS_ACL_SUPPORT=m CONFIG_NFS_COMMON=y CONFIG_SUNRPC=m CONFIG_SUNRPC_GSS=m CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DEBUG is not set # CONFIG_CEPH_FS is not set CONFIG_CIFS=m # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set # CONFIG_CIFS_UPCALL is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_ACL=y CONFIG_CIFS_DEBUG=y # CONFIG_CIFS_DEBUG2 is not set CONFIG_CIFS_DFS_UPCALL=y # CONFIG_CIFS_SMB2 is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=m CONFIG_NLS_CODEPAGE_737=m CONFIG_NLS_CODEPAGE_775=m CONFIG_NLS_CODEPAGE_850=m CONFIG_NLS_CODEPAGE_852=m CONFIG_NLS_CODEPAGE_855=m CONFIG_NLS_CODEPAGE_857=m CONFIG_NLS_CODEPAGE_860=m CONFIG_NLS_CODEPAGE_861=m CONFIG_NLS_CODEPAGE_862=m CONFIG_NLS_CODEPAGE_863=m CONFIG_NLS_CODEPAGE_864=m CONFIG_NLS_CODEPAGE_865=m CONFIG_NLS_CODEPAGE_866=m CONFIG_NLS_CODEPAGE_869=m CONFIG_NLS_CODEPAGE_936=m CONFIG_NLS_CODEPAGE_950=m CONFIG_NLS_CODEPAGE_932=m CONFIG_NLS_CODEPAGE_949=m CONFIG_NLS_CODEPAGE_874=m CONFIG_NLS_ISO8859_8=m CONFIG_NLS_CODEPAGE_1250=m CONFIG_NLS_CODEPAGE_1251=m CONFIG_NLS_ASCII=m CONFIG_NLS_ISO8859_1=m CONFIG_NLS_ISO8859_2=m CONFIG_NLS_ISO8859_3=m CONFIG_NLS_ISO8859_4=m CONFIG_NLS_ISO8859_5=m CONFIG_NLS_ISO8859_6=m CONFIG_NLS_ISO8859_7=m CONFIG_NLS_ISO8859_9=m CONFIG_NLS_ISO8859_13=m CONFIG_NLS_ISO8859_14=m CONFIG_NLS_ISO8859_15=m CONFIG_NLS_KOI8_R=m CONFIG_NLS_KOI8_U=m # CONFIG_NLS_MAC_ROMAN is not set # CONFIG_NLS_MAC_CELTIC is not set # CONFIG_NLS_MAC_CENTEURO is not set # CONFIG_NLS_MAC_CROATIAN is not set # CONFIG_NLS_MAC_CYRILLIC is not set # CONFIG_NLS_MAC_GAELIC is not set # CONFIG_NLS_MAC_GREEK is not set # CONFIG_NLS_MAC_ICELAND is not set # CONFIG_NLS_MAC_INUIT is not set # CONFIG_NLS_MAC_ROMANIAN is not set # CONFIG_NLS_MAC_TURKISH is not set CONFIG_NLS_UTF8=m # CONFIG_DLM is not set # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_RAID6_PQ=y CONFIG_BITREVERSE=y # CONFIG_HAVE_ARCH_BITREVERSE is not set CONFIG_GENERIC_STRNCPY_FROM_USER=y CONFIG_GENERIC_STRNLEN_USER=y CONFIG_GENERIC_NET_UTILS=y CONFIG_GENERIC_PCI_IOMAP=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_CRC_CCITT=m CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set CONFIG_CRC_ITU_T=m CONFIG_CRC32=y # CONFIG_CRC32_SELFTEST is not set CONFIG_CRC32_SLICEBY8=y # CONFIG_CRC32_SLICEBY4 is not set # CONFIG_CRC32_SARWATE is not set # CONFIG_CRC32_BIT is not set CONFIG_CRC7=m CONFIG_LIBCRC32C=y # CONFIG_CRC8 is not set # CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set # CONFIG_RANDOM32_SELFTEST is not set CONFIG_842_COMPRESS=m CONFIG_842_DECOMPRESS=m CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y CONFIG_LZO_DECOMPRESS=y CONFIG_LZ4_COMPRESS=m CONFIG_LZ4HC_COMPRESS=m CONFIG_LZ4_DECOMPRESS=m CONFIG_XZ_DEC=y # CONFIG_XZ_DEC_X86 is not set CONFIG_XZ_DEC_POWERPC=y # CONFIG_XZ_DEC_IA64 is not set # CONFIG_XZ_DEC_ARM is not set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is not set CONFIG_XZ_DEC_BCJ=y # CONFIG_XZ_DEC_TEST is not set CONFIG_DECOMPRESS_GZIP=y CONFIG_DECOMPRESS_XZ=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_INTERVAL_TREE=y CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y CONFIG_CPU_RMAP=y CONFIG_DQL=y CONFIG_GLOB=y # CONFIG_GLOB_SELFTEST is not set CONFIG_NLATTR=y CONFIG_CLZ_TAB=y # CONFIG_CORDIC is not set # CONFIG_DDR is not set # CONFIG_IRQ_POLL is not set CONFIG_MPILIB=y CONFIG_LIBFDT=y CONFIG_OID_REGISTRY=m CONFIG_FONT_SUPPORT=y CONFIG_FONTS=y CONFIG_FONT_8x8=y CONFIG_FONT_8x16=y CONFIG_FONT_6x11=y # CONFIG_FONT_7x14 is not set # CONFIG_FONT_PEARL_8x8 is not set # CONFIG_FONT_ACORN_8x8 is not set # CONFIG_FONT_MINI_4x6 is not set # CONFIG_FONT_6x10 is not set # CONFIG_FONT_SUN8x16 is not set # CONFIG_FONT_SUN12x22 is not set # CONFIG_FONT_10x18 is not set # CONFIG_SG_SPLIT is not set CONFIG_SG_POOL=y CONFIG_ARCH_HAS_SG_CHAIN=y CONFIG_SBITMAP=y # # Kernel hacking # # # printk and dmesg options # CONFIG_PRINTK_TIME=y CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 CONFIG_DYNAMIC_DEBUG=y # # Compile-time checks and compiler options # # CONFIG_DEBUG_INFO is not set CONFIG_ENABLE_WARN_DEPRECATED=y CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 # CONFIG_STRIP_ASM_SYMS is not set # CONFIG_READABLE_ASM is not set CONFIG_UNUSED_SYMBOLS=y # CONFIG_PAGE_OWNER is not set CONFIG_DEBUG_FS=y # CONFIG_HEADERS_CHECK is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 CONFIG_DEBUG_KERNEL=y # # Memory Debugging # # CONFIG_PAGE_EXTENSION is not set # CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_PAGE_POISONING is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_SLAB is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set # CONFIG_DEBUG_STACK_USAGE is not set # CONFIG_DEBUG_VM is not set CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_HAVE_DEBUG_STACKOVERFLOW=y # CONFIG_DEBUG_STACKOVERFLOW is not set # CONFIG_DEBUG_SHIRQ is not set # # Debug Lockups and Hangs # # CONFIG_LOCKUP_DETECTOR is not set CONFIG_DETECT_HUNG_TASK=y CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 # CONFIG_WQ_WATCHDOG is not set # CONFIG_PANIC_ON_OOPS is not set CONFIG_PANIC_ON_OOPS_VALUE=0 # CONFIG_SCHED_DEBUG is not set CONFIG_SCHED_INFO=y # CONFIG_SCHEDSTATS is not set # CONFIG_SCHED_STACK_END_CHECK is not set # CONFIG_DEBUG_TIMEKEEPING is not set # CONFIG_TIMER_STATS is not set # # Lock Debugging (spinlocks, mutexes, etc...) # # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set # CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set # CONFIG_DEBUG_LOCK_ALLOC is not set # CONFIG_PROVE_LOCKING is not set # CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set # CONFIG_LOCK_TORTURE_TEST is not set # CONFIG_STACKTRACE is not set # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y # CONFIG_DEBUG_LIST is not set # CONFIG_DEBUG_PI_LIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_DEBUG_CREDENTIALS is not set # # RCU Debugging # # CONFIG_PROVE_RCU is not set # CONFIG_SPARSE_RCU_POINTER is not set # CONFIG_TORTURE_TEST is not set # CONFIG_RCU_PERF_TEST is not set # CONFIG_RCU_TORTURE_TEST is not set CONFIG_RCU_CPU_STALL_TIMEOUT=21 # CONFIG_RCU_TRACE is not set # CONFIG_RCU_EQS_DEBUG is not set # CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set # CONFIG_NOTIFIER_ERROR_INJECTION is not set # CONFIG_FAULT_INJECTION is not set # CONFIG_LATENCYTOP is not set CONFIG_HAVE_FUNCTION_TRACER=y CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y CONFIG_HAVE_DYNAMIC_FTRACE=y CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set # # Runtime Testing # # CONFIG_LKDTM is not set # CONFIG_TEST_LIST_SORT is not set # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set # CONFIG_PERCPU_TEST is not set # CONFIG_ATOMIC64_SELFTEST is not set # CONFIG_ASYNC_RAID6_TEST is not set # CONFIG_TEST_HEXDUMP is not set # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_PRINTF is not set # CONFIG_TEST_BITMAP is not set # CONFIG_TEST_UUID is not set # CONFIG_TEST_RHASHTABLE is not set # CONFIG_TEST_HASH is not set # CONFIG_DMA_API_DEBUG is not set # CONFIG_TEST_LKM is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_BPF is not set # CONFIG_TEST_FIRMWARE is not set # CONFIG_TEST_UDELAY is not set # CONFIG_MEMTEST is not set # CONFIG_TEST_STATIC_KEYS is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y # CONFIG_KGDB is not set CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set # CONFIG_UBSAN is not set CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y CONFIG_STRICT_DEVMEM=y CONFIG_IO_STRICT_DEVMEM=y CONFIG_PPC_DISABLE_WERROR=y CONFIG_PRINT_STACK_DEPTH=64 # CONFIG_PPC_EMULATED_STATS is not set # CONFIG_CODE_PATCHING_SELFTEST is not set CONFIG_JUMP_LABEL_FEATURE_CHECKS=y # CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG is not set # CONFIG_FTR_FIXUP_SELFTEST is not set # CONFIG_MSI_BITMAP_SELFTEST is not set CONFIG_XMON=y # CONFIG_XMON_DEFAULT is not set CONFIG_XMON_DISASSEMBLY=y CONFIG_DEBUGGER=y CONFIG_BOOTX_TEXT=y # CONFIG_PPC_EARLY_DEBUG is not set # # Security options # CONFIG_KEYS=y CONFIG_KEYS_COMPAT=y # CONFIG_PERSISTENT_KEYRINGS is not set # CONFIG_BIG_KEYS is not set CONFIG_ENCRYPTED_KEYS=y # CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY is not set CONFIG_SECURITYFS=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=y CONFIG_ASYNC_CORE=y CONFIG_ASYNC_MEMCPY=y CONFIG_ASYNC_XOR=y CONFIG_ASYNC_PQ=y CONFIG_ASYNC_RAID6_RECOV=y CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=m CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=m CONFIG_CRYPTO_KPP2=y CONFIG_CRYPTO_KPP=y CONFIG_CRYPTO_RSA=m CONFIG_CRYPTO_DH=y CONFIG_CRYPTO_ECDH=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_USER is not set CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y CONFIG_CRYPTO_GF128MUL=y CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_PCRYPT=y CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_MCRYPTD=m CONFIG_CRYPTO_AUTHENC=m # CONFIG_CRYPTO_TEST is not set # # Authenticated Encryption with Associated Data # CONFIG_CRYPTO_CCM=m CONFIG_CRYPTO_GCM=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_SEQIV=m CONFIG_CRYPTO_ECHAINIV=m # # Block modes # CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=m CONFIG_CRYPTO_CTS=m CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_LRW=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_XTS=y # CONFIG_CRYPTO_KEYWRAP is not set # # Hash modes # CONFIG_CRYPTO_CMAC=m CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_XCBC=m CONFIG_CRYPTO_VMAC=m # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPT_CRC32C_VPMSUM is not set CONFIG_CRYPTO_CRC32=m CONFIG_CRYPTO_CRCT10DIF=m CONFIG_CRYPTO_GHASH=m CONFIG_CRYPTO_POLY1305=m CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MD5_PPC=y CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m CONFIG_CRYPTO_SHA1=m # CONFIG_CRYPTO_SHA1_PPC is not set CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_ANUBIS=m CONFIG_CRYPTO_ARC4=m CONFIG_CRYPTO_BLOWFISH=m CONFIG_CRYPTO_BLOWFISH_COMMON=m CONFIG_CRYPTO_CAMELLIA=m CONFIG_CRYPTO_CAST_COMMON=m CONFIG_CRYPTO_CAST5=m CONFIG_CRYPTO_CAST6=m CONFIG_CRYPTO_DES=m CONFIG_CRYPTO_FCRYPT=m CONFIG_CRYPTO_KHAZAD=m CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_CHACHA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m # # Compression # CONFIG_CRYPTO_DEFLATE=m CONFIG_CRYPTO_LZO=m CONFIG_CRYPTO_842=m CONFIG_CRYPTO_LZ4=m CONFIG_CRYPTO_LZ4HC=m # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_DRBG_MENU=m CONFIG_CRYPTO_DRBG_HMAC=y CONFIG_CRYPTO_DRBG_HASH=y CONFIG_CRYPTO_DRBG_CTR=y CONFIG_CRYPTO_DRBG=m CONFIG_CRYPTO_JITTERENTROPY=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m CONFIG_CRYPTO_USER_API_RNG=m CONFIG_CRYPTO_USER_API_AEAD=m CONFIG_CRYPTO_HW=y # CONFIG_CRYPTO_DEV_NX is not set # CONFIG_ASYMMETRIC_KEY_TYPE is not set # # Certificates for signature checking # # CONFIG_VIRTUALIZATION is not set

7 years, 4 months

3
2
0 0

Re: [PATCH] powerpc/xive: use hw CPU ids when configuring the CPU queues

by Cédric Le Goater

On 02/13/2018 10:18 AM, Michael Ellerman wrote: > Cédric Le Goater <clg(a)kaod.org> writes: > >> The CPU event notification queues on sPAPR should be configured using >> a hardware CPU identifier. >> >> The problem did not show up on the Power Hypervisor because pHyp >> supports 8 threads per core which keeps CPU number contiguous. This is >> not the case on all sPAPR virtual machines, some use SMT=1. >> >> Also improve error logging by adding the CPU number. >> >> Signed-off-by: Cédric Le Goater <clg(a)kaod.org> >> --- >> >> I think we should send this one to stable also. > > Fixes: eac1e731b59e ("powerpc/xive: guest exploitation of the XIVE interrupt controller") yes. > Cc: stable(a)vger.kernel.org # v4.14+ yes. I just added the Cc:. I am not sure that will work with patchwork though. Thanks, C. > ? > > cheers > >> diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c >> index d9c4c9366049..091f1d0d0af1 100644 >> --- a/arch/powerpc/sysdev/xive/spapr.c >> +++ b/arch/powerpc/sysdev/xive/spapr.c >> @@ -356,7 +356,8 @@ static int xive_spapr_configure_queue(u32 target, struct xive_q *q, u8 prio, >> >> rc = plpar_int_get_queue_info(0, target, prio, &esn_page, &esn_size); >> if (rc) { >> - pr_err("Error %lld getting queue info prio %d\n", rc, prio); >> + pr_err("Error %lld getting queue info CPU %d prio %d\n", rc, >> + target, prio); >> rc = -EIO; >> goto fail; >> } >> @@ -370,7 +371,8 @@ static int xive_spapr_configure_queue(u32 target, struct xive_q *q, u8 prio, >> /* Configure and enable the queue in HW */ >> rc = plpar_int_set_queue_config(flags, target, prio, qpage_phys, order); >> if (rc) { >> - pr_err("Error %lld setting queue for prio %d\n", rc, prio); >> + pr_err("Error %lld setting queue for CPU %d prio %d\n", rc, >> + target, prio); >> rc = -EIO; >> } else { >> q->qpage = qpage; >> @@ -389,8 +391,8 @@ static int xive_spapr_setup_queue(unsigned int cpu, struct xive_cpu *xc, >> if (IS_ERR(qpage)) >> return PTR_ERR(qpage); >> >> - return xive_spapr_configure_queue(cpu, q, prio, qpage, >> - xive_queue_shift); >> + return xive_spapr_configure_queue(get_hard_smp_processor_id(cpu), >> + q, prio, qpage, xive_queue_shift); >> } >> >> static void xive_spapr_cleanup_queue(unsigned int cpu, struct xive_cpu *xc, >> @@ -399,10 +401,12 @@ static void xive_spapr_cleanup_queue(unsigned int cpu, struct xive_cpu *xc, >> struct xive_q *q = &xc->queue[prio]; >> unsigned int alloc_order; >> long rc; >> + int hw_cpu = get_hard_smp_processor_id(cpu); >> >> - rc = plpar_int_set_queue_config(0, cpu, prio, 0, 0); >> + rc = plpar_int_set_queue_config(0, hw_cpu, prio, 0, 0); >> if (rc) >> - pr_err("Error %ld setting queue for prio %d\n", rc, prio); >> + pr_err("Error %ld setting queue for CPU %d prio %d\n", rc, >> + hw_cpu, prio); >> >> alloc_order = xive_alloc_order(xive_queue_shift); >> free_pages((unsigned long)q->qpage, alloc_order); >> -- >> 2.13.6

7 years, 4 months

2
1
0 0

[PATCH v5 3/6] x86/apic: Fix restoring boot irq mode in reboot and kexec/kdump

by Baoquan He

This is a regression fix. Before, to fix erratum AVR31, commit 522e66464467 ("x86/apic: Disable I/O APIC before shutdown of the local APIC") moved lapic_shutdown() calling after disable_IO_APIC() in reboot and kexec/kdump code path. This introdued a regression. The root cause is that disable_IO_APIC() not only clears IO_APIC, also restore boot irq mode by setting LAPIC/APIC/IMCR, calling lapic_shutdown() after disable_IO_APIC() will disable LAPIC and ruin the possible virtual wire mode setting which the code has been trying to do all along. The consequence is, in KVM guest kernel always prints warning as below during kexec/kdump kernel boots up. That happened in setup_local_APIC() since 'do { xxx } while (queued && max_loops > 0)' loop does not function well any more if pending irq exists in APIC IRR after LAPIC is disabled. [ 0.001000] WARNING: CPU: 0 PID: 0 at arch/x86/kernel/apic/apic.c:1467 setup_local_APIC+0x228/0x330 [ 0.001000] Modules linked in: [ 0.001000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.15.0-rc5+ #3 [ 0.001000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014 [ 0.001000] RIP: 0010:setup_local_APIC+0x228/0x330 [ 0.001000] RSP: 0000:ffffffffb6e03eb8 EFLAGS: 00010286 [ 0.001000] RAX: 0000009edb4c4d84 RBX: 0000000000000000 RCX: 00000000b099d800 [ 0.001000] RDX: 0000009e00000000 RSI: 0000000000000000 RDI: 0000000000000810 [ 0.001000] RBP: 0000000000000000 R08: ffffffffffffffff R09: 0000000000000001 [ 0.001000] R10: ffff98ce6a801c00 R11: 0761076d072f0776 R12: 0000000000000001 [ 0.001000] R13: 00000000000000f0 R14: 0000000000004000 R15: ffffffffffffc6ff [ 0.001000] FS: 0000000000000000(0000) GS:ffff98ce6bc00000(0000) knlGS:0000000000000000 [ 0.001000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.001000] CR2: 00000000ffffffff CR3: 0000000022209000 CR4: 00000000000406b0 [ 0.001000] Call Trace: [ 0.001000] apic_bsp_setup+0x56/0x74 [ 0.001000] x86_late_time_init+0x11/0x16 [ 0.001000] start_kernel+0x3c9/0x486 [ 0.001000] secondary_startup_64+0xa5/0xb0 [ 0.001000] Code: 00 85 c9 74 2d 0f 31 c1 e1 0a 48 c1 e2 20 41 89 cf 4c 03 7c 24 08 48 09 d0 49 29 c7 4c 89 3c 24 48 83 3c 24 00 0f 8f 8f fe ff ff <0f> ff e9 10 ff ff ff 48 83 2c 24 01 eb e7 48 83 c4 18 5b 5d 41 [ 0.001000] ---[ end trace b88e71b9a6ebebdd ]--- [ 0.001000] masked ExtINT on CPU#0 To fix this, just call clear_IO_APIC() to stop IO_APIC where disable_IO_APIC() was called, and call restore_boot_irq_mode() to restore boot irq mode before reboot or kexec/kdump jump. Signed-off-by: Baoquan He <bhe(a)redhat.com> Fixes: commit 522e66464467 ("x86/apic: Disable I/O APIC before shutdown of the local APIC") Cc: stable(a)vger.kernel.org --- v4->v5: Take the change related to KEXEC_JUMP out to new patch 0002. v4->v3: Eric pointed out the change related to KEXEC_JUMP is not right. Correct it. Add Fixes tag and Cc to stable. arch/x86/kernel/crash.c | 3 ++- arch/x86/kernel/reboot.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 10e74d4778a1..1f6680427ff0 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -199,9 +199,10 @@ void native_machine_crash_shutdown(struct pt_regs *regs) #ifdef CONFIG_X86_IO_APIC /* Prevent crash_kexec() from deadlocking on ioapic_lock. */ ioapic_zap_locks(); - disable_IO_APIC(); + clear_IO_APIC(); #endif lapic_shutdown(); + restore_boot_irq_mode(); #ifdef CONFIG_HPET_TIMER hpet_disable(); #endif diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index 2126b9d27c34..725624b6c0c0 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -666,7 +666,7 @@ void native_machine_shutdown(void) * Even without the erratum, it still makes sense to quiet IO APIC * before disabling Local APIC. */ - disable_IO_APIC(); + clear_IO_APIC(); #endif #ifdef CONFIG_SMP @@ -680,6 +680,7 @@ void native_machine_shutdown(void) #endif lapic_shutdown(); + restore_boot_irq_mode(); #ifdef CONFIG_HPET_TIMER hpet_disable(); -- 2.13.6

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] [PATCH] megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers

by Shivasharan S

Problem Statement: Sending I/O through 32 bit descriptors to Ventura series of controller results in IO timeout on certain conditions. This error only occurs on systems with high I/O activity on Ventura series controllers. Changes in this patch will prevent driver from using 32 bit descriptor and use 64 bit Descriptors. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kashyap Desai <kashyap.desai(a)broadcom.com> Signed-off-by: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> --- drivers/scsi/megaraid/megaraid_sas_fusion.c | 37 ++++++++++------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c index 073ced07e662..09f2bdb14b0a 100644 --- a/drivers/scsi/megaraid/megaraid_sas_fusion.c +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c @@ -226,26 +226,21 @@ static void megasas_fire_cmd_fusion(struct megasas_instance *instance, union MEGASAS_REQUEST_DESCRIPTOR_UNION *req_desc) { - if (instance->adapter_type == VENTURA_SERIES) - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_single_queue_port); - else { #if defined(writeq) && defined(CONFIG_64BIT) - u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | - le32_to_cpu(req_desc->u.low)); + u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | + le32_to_cpu(req_desc->u.low)); - writeq(req_data, &instance->reg_set->inbound_low_queue_port); + writeq(req_data, &instance->reg_set->inbound_low_queue_port); #else - unsigned long flags; - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc->u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + unsigned long flags; + spin_lock_irqsave(&instance->hba_lock, flags); + writel(le32_to_cpu(req_desc->u.low), + &instance->reg_set->inbound_low_queue_port); + writel(le32_to_cpu(req_desc->u.high), + &instance->reg_set->inbound_high_queue_port); + mmiowb(); + spin_unlock_irqrestore(&instance->hba_lock, flags); #endif - } } /** @@ -982,7 +977,6 @@ megasas_ioc_init_fusion(struct megasas_instance *instance) const char *sys_info; MFI_CAPABILITIES *drv_ops; u32 scratch_pad_2; - unsigned long flags; ktime_t time; bool cur_fw_64bit_dma_capable; @@ -1121,14 +1115,7 @@ megasas_ioc_init_fusion(struct megasas_instance *instance) break; } - /* For Ventura also IOC INIT required 64 bit Descriptor write. */ - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc.u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc.u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + megasas_fire_cmd_fusion(instance, &req_desc); wait_and_poll(instance, cmd, MFI_POLL_TIMEOUT_SECS); -- 2.14.1.dirty

7 years, 4 months

4
3
0 0

[Linux-stable-mirror] [PATCH] drm/i915/breadcrumbs: Ignore unsubmitted signalers

by Chris Wilson

When a request is preempted, it is unsubmitted from the HW queue and removed from the active list of breadcrumbs. In the process, this however triggers the signaler and it may see the clear rbtree with the old, and still valid, seqno, or it may match the cleared seqno with the now zero rq->global_seqno. This confuses the signaler into action and signaling the fence. Fixes: d6a2289d9d6b ("drm/i915: Remove the preempted request from the execution queue") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.12+ Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180206094633.30181-1-chris@… (cherry picked from commit fd10e2ce9905030d922e179a8047a4d50daffd8e) --- drivers/gpu/drm/i915/intel_breadcrumbs.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_breadcrumbs.c b/drivers/gpu/drm/i915/intel_breadcrumbs.c index bd40fea16b4f..f54ddda9fdad 100644 --- a/drivers/gpu/drm/i915/intel_breadcrumbs.c +++ b/drivers/gpu/drm/i915/intel_breadcrumbs.c @@ -594,29 +594,16 @@ void intel_engine_remove_wait(struct intel_engine_cs *engine, spin_unlock_irq(&b->rb_lock); } -static bool signal_valid(const struct drm_i915_gem_request *request) -{ - return intel_wait_check_request(&request->signaling.wait, request); -} - static bool signal_complete(const struct drm_i915_gem_request *request) { if (!request) return false; - /* If another process served as the bottom-half it may have already - * signalled that this wait is already completed. - */ - if (intel_wait_complete(&request->signaling.wait)) - return signal_valid(request); - - /* Carefully check if the request is complete, giving time for the + /* + * Carefully check if the request is complete, giving time for the * seqno to be visible or if the GPU hung. */ - if (__i915_request_irq_complete(request)) - return true; - - return false; + return __i915_request_irq_complete(request); } static struct drm_i915_gem_request *to_signaler(struct rb_node *rb) @@ -659,9 +646,13 @@ static int intel_breadcrumbs_signaler(void *arg) request = i915_gem_request_get_rcu(request); rcu_read_unlock(); if (signal_complete(request)) { - local_bh_disable(); - dma_fence_signal(&request->fence); - local_bh_enable(); /* kick start the tasklets */ + if (!test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, + &request->fence.flags)) { + local_bh_disable(); + dma_fence_signal(&request->fence); + GEM_BUG_ON(!i915_gem_request_completed(request)); + local_bh_enable(); /* kick start the tasklets */ + } spin_lock_irq(&b->rb_lock); -- 2.16.1

7 years, 4 months

2
1
0 0

[PATCH] xtensa: fix high memory/reserved memory collision

by Max Filippov

Xtensa memory initialization code frees high memory pages without checking whether they are in the reserved memory regions or not. That results in invalid value of totalram_pages and duplicate page usage by CMA and highmem. It produces a bunch of BUGs at startup looking like this: BUG: Bad page state in process swapper pfn:70800 page:be60c000 count:0 mapcount:-127 mapping: (null) index:0x1 flags: 0x80000000() raw: 80000000 00000000 00000001 ffffff80 00000000 be60c014 be60c014 0000000a page dumped because: nonzero mapcount Modules linked in: CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.16.0-rc1-00015-g7928b2cbe55b-dirty #23 Stack: bd839d33 00000000 00000018 ba97b64c a106578c bd839d70 be60c000 00000000 a1378054 bd86a000 00000003 ba97b64c a1066166 bd839da0 be60c000 ffe00000 a1066b58 bd839dc0 be504000 00000000 000002f4 bd838000 00000000 0000001e Call Trace: [<a1065734>] bad_page+0xac/0xd0 [<a106578c>] free_pages_check_bad+0x34/0x4c [<a1066166>] __free_pages_ok+0xae/0x14c [<a1066b58>] __free_pages+0x30/0x64 [<a1365de5>] init_cma_reserved_pageblock+0x35/0x44 [<a13682dc>] cma_init_reserved_areas+0xf4/0x148 [<a10034b8>] do_one_initcall+0x80/0xf8 [<a1361c16>] kernel_init_freeable+0xda/0x13c [<a125b59d>] kernel_init+0x9/0xd0 [<a1004304>] ret_from_kernel_thread+0xc/0x18 Only free high memory pages that are not reserved. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/mm/init.c | 70 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 7 deletions(-) diff --git a/arch/xtensa/mm/init.c b/arch/xtensa/mm/init.c index d776ec0d7b22..34aead7dcb48 100644 --- a/arch/xtensa/mm/init.c +++ b/arch/xtensa/mm/init.c @@ -79,19 +79,75 @@ void __init zones_init(void) free_area_init_node(0, zones_size, ARCH_PFN_OFFSET, NULL); } +#ifdef CONFIG_HIGHMEM +static void __init free_area_high(unsigned long pfn, unsigned long end) +{ + for (; pfn < end; pfn++) + free_highmem_page(pfn_to_page(pfn)); +} + +static void __init free_highpages(void) +{ + unsigned long max_low = max_low_pfn; + struct memblock_region *mem, *res; + + reset_all_zones_managed_pages(); + /* set highmem page free */ + for_each_memblock(memory, mem) { + unsigned long start = memblock_region_memory_base_pfn(mem); + unsigned long end = memblock_region_memory_end_pfn(mem); + + /* Ignore complete lowmem entries */ + if (end <= max_low) + continue; + + if (memblock_is_nomap(mem)) + continue; + + /* Truncate partial highmem entries */ + if (start < max_low) + start = max_low; + + /* Find and exclude any reserved regions */ + for_each_memblock(reserved, res) { + unsigned long res_start, res_end; + + res_start = memblock_region_reserved_base_pfn(res); + res_end = memblock_region_reserved_end_pfn(res); + + if (res_end < start) + continue; + if (res_start < start) + res_start = start; + if (res_start > end) + res_start = end; + if (res_end > end) + res_end = end; + if (res_start != start) + free_area_high(start, res_start); + start = res_end; + if (start == end) + break; + } + + /* And now free anything which remains */ + if (start < end) + free_area_high(start, end); + } +} +#else +static void __init free_highpages(void) +{ +} +#endif + /* * Initialize memory pages. */ void __init mem_init(void) { -#ifdef CONFIG_HIGHMEM - unsigned long tmp; - - reset_all_zones_managed_pages(); - for (tmp = max_low_pfn; tmp < max_pfn; tmp++) - free_highmem_page(pfn_to_page(tmp)); -#endif + free_highpages(); max_mapnr = max_pfn - ARCH_PFN_OFFSET; high_memory = (void *)__va(max_low_pfn << PAGE_SHIFT); -- 2.1.4

7 years, 4 months

1
0
0 0

[PATCH v3] platform/x86: dell-laptop: fix kbd_get_state's request value

by Laszlo Toth

Commit 9862b43624a5 ("platform/x86: dell-laptop: Allocate buffer on heap rather than globally") broke one request, changed it back to the original value. Tested on a Dell E6540, backlight came back. Fixes: 9862b43624a5 ("platform/x86: dell-laptop: Allocate buffer on heap rather than globally") Signed-off-by: Laszlo Toth <laszlth(a)gmail.com> --- Changes in v2: - split the fix and the function merge part Changes in v3: - added fixes tag drivers/platform/x86/dell-laptop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/x86/dell-laptop.c b/drivers/platform/x86/dell-laptop.c index 2a68f59..a37cff9 100644 --- a/drivers/platform/x86/dell-laptop.c +++ b/drivers/platform/x86/dell-laptop.c @@ -1279,7 +1279,7 @@ static int kbd_get_state(struct kbd_state *state) struct calling_interface_buffer buffer; int ret; - dell_fill_request(&buffer, 0, 0, 0, 0); + dell_fill_request(&buffer, 0x1, 0, 0, 0); ret = dell_send_request(&buffer, CLASS_KBD_BACKLIGHT, SELECT_KBD_BACKLIGHT); if (ret) -- 2.7.4

7 years, 4 months

1
0
0 0

[PATCH] nvme-pci: Remap CMB SQ entries on every controller reset

by Keith Busch

The controller memory buffer is remapped into a kernel address on each reset, but the driver was setting the submission queue base address only on the very first queue creation. The remapped address is likely to change after a reset, so accessing the old address will hit a kernel bug. This patch will set a CMB SQ base address each time the queue is created rather. Fixes: f63572dff1421 ("nvme: unmap CMB and remove sysfs file in reset path") Cc: Jon Derrick <jonathan.derrick(a)intel.com> Cc: <stable(a)vger.kernel.org> # 4.9+ Signed-off-by: Keith Busch <keith.busch(a)intel.com> --- drivers/nvme/host/pci.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 6fe7af00a1f4..e0f5153cd6ca 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -1364,18 +1364,14 @@ static int nvme_cmb_qdepth(struct nvme_dev *dev, int nr_io_queues, static int nvme_alloc_sq_cmds(struct nvme_dev *dev, struct nvme_queue *nvmeq, int qid, int depth) { - if (qid && dev->cmb && use_cmb_sqes && (dev->cmbsz & NVME_CMBSZ_SQS)) { - unsigned offset = (qid - 1) * roundup(SQ_SIZE(depth), - dev->ctrl.page_size); - nvmeq->sq_dma_addr = dev->cmb_bus_addr + offset; - nvmeq->sq_cmds_io = dev->cmb + offset; - } else { - nvmeq->sq_cmds = dma_alloc_coherent(dev->dev, SQ_SIZE(depth), - &nvmeq->sq_dma_addr, GFP_KERNEL); - if (!nvmeq->sq_cmds) - return -ENOMEM; - } + /* CMB SQEs will be mapped before creation */ + if (qid && dev->cmb && use_cmb_sqes && (dev->cmbsz & NVME_CMBSZ_SQS)) + return 0; + nvmeq->sq_cmds = dma_alloc_coherent(dev->dev, SQ_SIZE(depth), + &nvmeq->sq_dma_addr, GFP_KERNEL); + if (!nvmeq->sq_cmds) + return -ENOMEM; return 0; } @@ -1449,6 +1445,13 @@ static int nvme_create_queue(struct nvme_queue *nvmeq, int qid) struct nvme_dev *dev = nvmeq->dev; int result; + if (dev->cmb && use_cmb_sqes && (dev->cmbsz & NVME_CMBSZ_SQS)) { + unsigned offset = (qid - 1) * roundup(SQ_SIZE(nvmeq->q_depth), + dev->ctrl.page_size); + nvmeq->sq_dma_addr = dev->cmb_bus_addr + offset; + nvmeq->sq_cmds_io = dev->cmb + offset; + } + nvmeq->cq_vector = qid - 1; result = adapter_alloc_cq(dev, qid, nvmeq); if (result < 0) -- 2.14.3

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] [PATCH] uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define

by Hauke Mehrtens

This fixes a compile problem of some user space applications by not including linux/libc-compat.h in uapi/if_ether.h. linux/libc-compat.h checks which "features" the header files, included from the libc, provide to make the Linux kernel uapi header files only provide no conflicting structures and enums. If a user application mixes kernel headers and libc headers it could happen that linux/libc-compat.h gets included too early where not all other libc headers are included yet. Then the linux/libc-compat.h would not prevent all the redefinitions and we run into compile problems. This patch removes the include of linux/libc-compat.h from uapi/if_ether.h to fix the recently introduced case, but not all as this is more or less impossible. It is no problem to do the check directly in the if_ether.h file and not in libc-compat.h as this does not need any fancy glibc header detection as glibc never provided struct ethhdr and should define __UAPI_DEF_ETHHDR by them self when they will provide this. The following test program did not compile correctly any more: int main(void) { return 0; } Fixes: 6926e041a892 ("uapi/if_ether.h: prevent redefinition of struct ethhdr") Reported-by: Guillaume Nault <g.nault(a)alphalink.fr> Cc: <stable(a)vger.kernel.org> # 4.15 Signed-off-by: Hauke Mehrtens <hauke(a)hauke-m.de> --- include/uapi/linux/if_ether.h | 6 +++++- include/uapi/linux/libc-compat.h | 6 ------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/if_ether.h b/include/uapi/linux/if_ether.h index f8cb5760ea4f..8bbbcb5cd94b 100644 --- a/include/uapi/linux/if_ether.h +++ b/include/uapi/linux/if_ether.h @@ -23,7 +23,6 @@ #define _UAPI_LINUX_IF_ETHER_H #include <linux/types.h> -#include <linux/libc-compat.h> /* * IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble @@ -151,6 +150,11 @@ * This is an Ethernet frame header. */ +/* allow libcs like musl to deactivate this, glibc does not implement this. */ +#ifndef __UAPI_DEF_ETHHDR +#define __UAPI_DEF_ETHHDR 1 +#endif + #if __UAPI_DEF_ETHHDR struct ethhdr { unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h index fc29efaa918c..8254c937c9f4 100644 --- a/include/uapi/linux/libc-compat.h +++ b/include/uapi/linux/libc-compat.h @@ -264,10 +264,4 @@ #endif /* __GLIBC__ */ -/* Definitions for if_ether.h */ -/* allow libcs like musl to deactivate this, glibc does not implement this. */ -#ifndef __UAPI_DEF_ETHHDR -#define __UAPI_DEF_ETHHDR 1 -#endif - #endif /* _UAPI_LIBC_COMPAT_H */ -- 2.11.0

7 years, 4 months

3
3
0 0

v4.9.81 build: 0 failures 0 warnings (v4.9.81)

by Build bot for Mark Brown

Tree/Branch: v4.9.81 Git describe: v4.9.81 Commit: 7f3bd8db99 Linux 4.9.81 Build Time: 92 min 38 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 4 months

1
0
0 0

Patch "usb: gadget: uvc: Missing files for configfs interface" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: uvc: Missing files for configfs interface to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-uvc-missing-files-for-configfs-interface.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c8cd751060b149997b9de53a494fb1490ded72c5 Mon Sep 17 00:00:00 2001 From: Petr Cvek <petr.cvek(a)tul.cz> Date: Tue, 7 Mar 2017 00:57:20 +0100 Subject: usb: gadget: uvc: Missing files for configfs interface From: Petr Cvek <petr.cvek(a)tul.cz> commit c8cd751060b149997b9de53a494fb1490ded72c5 upstream. Commit 76e0da34c7ce ("usb-gadget/uvc: use per-attribute show and store methods") caused a stringification of an undefined macro argument "aname", so three UVC parameters (streaming_interval, streaming_maxpacket and streaming_maxburst) were named "aname". Add the definition of "aname" to the main macro and name the filenames as originaly intended. Signed-off-by: Petr Cvek <petr.cvek(a)tul.cz> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/uvc_configfs.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/drivers/usb/gadget/function/uvc_configfs.c +++ b/drivers/usb/gadget/function/uvc_configfs.c @@ -2202,7 +2202,7 @@ static struct configfs_item_operations u .release = uvc_attr_release, }; -#define UVCG_OPTS_ATTR(cname, conv, str2u, uxx, vnoc, limit) \ +#define UVCG_OPTS_ATTR(cname, aname, conv, str2u, uxx, vnoc, limit) \ static ssize_t f_uvc_opts_##cname##_show( \ struct config_item *item, char *page) \ { \ @@ -2245,16 +2245,16 @@ end: \ return ret; \ } \ \ -UVC_ATTR(f_uvc_opts_, cname, aname) +UVC_ATTR(f_uvc_opts_, cname, cname) #define identity_conv(x) (x) -UVCG_OPTS_ATTR(streaming_interval, identity_conv, kstrtou8, u8, identity_conv, - 16); -UVCG_OPTS_ATTR(streaming_maxpacket, le16_to_cpu, kstrtou16, u16, le16_to_cpu, - 3072); -UVCG_OPTS_ATTR(streaming_maxburst, identity_conv, kstrtou8, u8, identity_conv, - 15); +UVCG_OPTS_ATTR(streaming_interval, streaming_interval, identity_conv, + kstrtou8, u8, identity_conv, 16); +UVCG_OPTS_ATTR(streaming_maxpacket, streaming_maxpacket, le16_to_cpu, + kstrtou16, u16, le16_to_cpu, 3072); +UVCG_OPTS_ATTR(streaming_maxburst, streaming_maxburst, identity_conv, + kstrtou8, u8, identity_conv, 15); #undef identity_conv Patches currently in stable-queue which might be from petr.cvek(a)tul.cz are queue-4.4/usb-gadget-uvc-missing-files-for-configfs-interface.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.4] x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER

by Eric Biggers

This is a build fix for the 4.4 PTI backport. 4.4 kernels do not have commit be7635e7287e ("arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections") which went into 4.6. Consequently, the irqentry sections are only created when CONFIG_FUNCTION_GRAPH_TRACER is enabled, not also when CONFIG_KASAN is enabled. Therefore, fix the condition for trying to add a user mapping for this section. This fixes the following build error: arch/x86/mm/kaiser.c: In function ‘kaiser_init’: arch/x86/mm/kaiser.c:367:33: error: ‘__irqentry_text_start’ undeclared (first use in this function) kaiser_add_user_map_ptrs_early(__irqentry_text_start, [...] Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- arch/x86/mm/kaiser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c index 2298434f7bdb..7a72e32e4806 100644 --- a/arch/x86/mm/kaiser.c +++ b/arch/x86/mm/kaiser.c @@ -363,7 +363,7 @@ void __init kaiser_init(void) kaiser_add_user_map_ptrs_early(__entry_text_start, __entry_text_end, __PAGE_KERNEL_RX); -#if defined(CONFIG_FUNCTION_GRAPH_TRACER) || defined(CONFIG_KASAN) +#ifdef CONFIG_FUNCTION_GRAPH_TRACER kaiser_add_user_map_ptrs_early(__irqentry_text_start, __irqentry_text_end, __PAGE_KERNEL_RX); -- 2.16.0.rc1.238.g530d649a79-goog

7 years, 4 months

4
3
0 0

Patch "sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ad0f1d9d65938aec72a698116cd73a980916895e Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 23 Jan 2018 20:45:37 -0500 Subject: sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() From: Steven Rostedt (VMware) <rostedt(a)goodmis.org> commit ad0f1d9d65938aec72a698116cd73a980916895e upstream. When the rto_push_irq_work_func() is called, it looks at the RT overloaded bitmask in the root domain via the runqueue (rq->rd). The problem is that during CPU up and down, nothing here stops rq->rd from changing between taking the rq->rd->rto_lock and releasing it. That means the lock that is released is not the same lock that was taken. Instead of using this_rq()->rd to get the root domain, as the irq work is part of the root domain, we can simply get the root domain from the irq work that is passed to the routine: container_of(work, struct root_domain, rto_push_work) This keeps the root domain consistent. Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/rt.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1833,9 +1833,8 @@ static void push_rt_tasks(struct rq *rq) * the rt_loop_next will cause the iterator to perform another scan. * */ -static int rto_next_cpu(struct rq *rq) +static int rto_next_cpu(struct root_domain *rd) { - struct root_domain *rd = rq->rd; int next; int cpu; @@ -1911,7 +1910,7 @@ static void tell_cpu_to_push(struct rq * * Otherwise it is finishing up and an ipi needs to be sent. */ if (rq->rd->rto_cpu < 0) - cpu = rto_next_cpu(rq); + cpu = rto_next_cpu(rq->rd); raw_spin_unlock(&rq->rd->rto_lock); @@ -1924,6 +1923,8 @@ static void tell_cpu_to_push(struct rq * /* Called from hardirq context */ void rto_push_irq_work_func(struct irq_work *work) { + struct root_domain *rd = + container_of(work, struct root_domain, rto_push_work); struct rq *rq; int cpu; @@ -1939,18 +1940,18 @@ void rto_push_irq_work_func(struct irq_w raw_spin_unlock(&rq->lock); } - raw_spin_lock(&rq->rd->rto_lock); + raw_spin_lock(&rd->rto_lock); /* Pass the IPI to the next rt overloaded queue */ - cpu = rto_next_cpu(rq); + cpu = rto_next_cpu(rd); - raw_spin_unlock(&rq->rd->rto_lock); + raw_spin_unlock(&rd->rto_lock); if (cpu < 0) return; /* Try the next RT overloaded CPU */ - irq_work_queue_on(&rq->rd->rto_push_work, cpu); + irq_work_queue_on(&rd->rto_push_work, cpu); } #endif /* HAVE_RT_PUSH_IPI */ Patches currently in stable-queue which might be from rostedt(a)goodmis.org are queue-4.4/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.4/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "sched/rt: Up the root domain ref count when passing it around via IPIs" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/rt: Up the root domain ref count when passing it around via IPIs to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 364f56653708ba8bcdefd4f0da2a42904baa8eeb Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 23 Jan 2018 20:45:38 -0500 Subject: sched/rt: Up the root domain ref count when passing it around via IPIs From: Steven Rostedt (VMware) <rostedt(a)goodmis.org> commit 364f56653708ba8bcdefd4f0da2a42904baa8eeb upstream. When issuing an IPI RT push, where an IPI is sent to each CPU that has more than one RT task scheduled on it, it references the root domain's rto_mask, that contains all the CPUs within the root domain that has more than one RT task in the runable state. The problem is, after the IPIs are initiated, the rq->lock is released. This means that the root domain that is associated to the run queue could be freed while the IPIs are going around. Add a sched_get_rd() and a sched_put_rd() that will increment and decrement the root domain's ref count respectively. This way when initiating the IPIs, the scheduler will up the root domain's ref count before releasing the rq->lock, ensuring that the root domain does not go away until the IPI round is complete. Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/core.c | 13 +++++++++++++ kernel/sched/rt.c | 9 +++++++-- kernel/sched/sched.h | 2 ++ 3 files changed, 22 insertions(+), 2 deletions(-) --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5896,6 +5896,19 @@ static void rq_attach_root(struct rq *rq call_rcu_sched(&old_rd->rcu, free_rootdomain); } +void sched_get_rd(struct root_domain *rd) +{ + atomic_inc(&rd->refcount); +} + +void sched_put_rd(struct root_domain *rd) +{ + if (!atomic_dec_and_test(&rd->refcount)) + return; + + call_rcu_sched(&rd->rcu, free_rootdomain); +} + static int init_rootdomain(struct root_domain *rd) { memset(rd, 0, sizeof(*rd)); --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1916,8 +1916,11 @@ static void tell_cpu_to_push(struct rq * rto_start_unlock(&rq->rd->rto_loop_start); - if (cpu >= 0) + if (cpu >= 0) { + /* Make sure the rd does not get freed while pushing */ + sched_get_rd(rq->rd); irq_work_queue_on(&rq->rd->rto_push_work, cpu); + } } /* Called from hardirq context */ @@ -1947,8 +1950,10 @@ void rto_push_irq_work_func(struct irq_w raw_spin_unlock(&rd->rto_lock); - if (cpu < 0) + if (cpu < 0) { + sched_put_rd(rd); return; + } /* Try the next RT overloaded CPU */ irq_work_queue_on(&rd->rto_push_work, cpu); --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -553,6 +553,8 @@ struct root_domain { }; extern struct root_domain def_root_domain; +extern void sched_get_rd(struct root_domain *rd); +extern void sched_put_rd(struct root_domain *rd); #ifdef HAVE_RT_PUSH_IPI extern void rto_push_irq_work_func(struct irq_work *work); Patches currently in stable-queue which might be from rostedt(a)goodmis.org are queue-4.4/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.4/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "powerpc/pseries: include linux/types.h in asm/hvcall.h" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/pseries: include linux/types.h in asm/hvcall.h to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1b689a95ce7427075f9ac9fb4aea1af530742b7f Mon Sep 17 00:00:00 2001 From: Michal Suchanek <msuchanek(a)suse.de> Date: Mon, 15 Jan 2018 14:30:03 +0100 Subject: powerpc/pseries: include linux/types.h in asm/hvcall.h From: Michal Suchanek <msuchanek(a)suse.de> commit 1b689a95ce7427075f9ac9fb4aea1af530742b7f upstream. Commit 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings") uses u64 in asm/hvcall.h without including linux/types.h This breaks hvcall.h users that do not include the header themselves. Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings") Signed-off-by: Michal Suchanek <msuchanek(a)suse.de> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/include/asm/hvcall.h | 1 + 1 file changed, 1 insertion(+) --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -298,6 +298,7 @@ #define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ull << 61) // IBM bit 2 #ifndef __ASSEMBLY__ +#include <linux/types.h> /** * plpar_hcall_norets: - Make a pseries hypervisor call with no return arguments Patches currently in stable-queue which might be from msuchanek(a)suse.de are queue-4.4/powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch

7 years, 4 months

1
0
0 0

Patch "posix-timer: Properly check sigevent->sigev_notify" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled posix-timer: Properly check sigevent->sigev_notify to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: posix-timer-properly-check-sigevent-sigev_notify.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From cef31d9af908243421258f1df35a4a644604efbe Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Fri, 15 Dec 2017 10:32:03 +0100 Subject: posix-timer: Properly check sigevent->sigev_notify From: Thomas Gleixner <tglx(a)linutronix.de> commit cef31d9af908243421258f1df35a4a644604efbe upstream. timer_create() specifies via sigevent->sigev_notify the signal delivery for the new timer. The valid modes are SIGEV_NONE, SIGEV_SIGNAL, SIGEV_THREAD and (SIGEV_SIGNAL | SIGEV_THREAD_ID). The sanity check in good_sigevent() is only checking the valid combination for the SIGEV_THREAD_ID bit, i.e. SIGEV_SIGNAL, but if SIGEV_THREAD_ID is not set it accepts any random value. This has no real effects on the posix timer and signal delivery code, but it affects show_timer() which handles the output of /proc/$PID/timers. That function uses a string array to pretty print sigev_notify. The access to that array has no bound checks, so random sigev_notify cause access beyond the array bounds. Add proper checks for the valid notify modes and remove the SIGEV_THREAD_ID masking from various code pathes as SIGEV_NONE can never be set in combination with SIGEV_THREAD_ID. Reported-by: Eric Biggers <ebiggers3(a)gmail.com> Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Reported-by: Alexey Dobriyan <adobriyan(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/time/posix-timers.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -507,17 +507,22 @@ static struct pid *good_sigevent(sigeven { struct task_struct *rtn = current->group_leader; - if ((event->sigev_notify & SIGEV_THREAD_ID ) && - (!(rtn = find_task_by_vpid(event->sigev_notify_thread_id)) || - !same_thread_group(rtn, current) || - (event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_SIGNAL)) + switch (event->sigev_notify) { + case SIGEV_SIGNAL | SIGEV_THREAD_ID: + rtn = find_task_by_vpid(event->sigev_notify_thread_id); + if (!rtn || !same_thread_group(rtn, current)) + return NULL; + /* FALLTHRU */ + case SIGEV_SIGNAL: + case SIGEV_THREAD: + if (event->sigev_signo <= 0 || event->sigev_signo > SIGRTMAX) + return NULL; + /* FALLTHRU */ + case SIGEV_NONE: + return task_pid(rtn); + default: return NULL; - - if (((event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) && - ((event->sigev_signo <= 0) || (event->sigev_signo > SIGRTMAX))) - return NULL; - - return task_pid(rtn); + } } void posix_timers_register_clock(const clockid_t clock_id, @@ -745,8 +750,7 @@ common_timer_get(struct k_itimer *timr, /* interval timer ? */ if (iv.tv64) cur_setting->it_interval = ktime_to_timespec(iv); - else if (!hrtimer_active(timer) && - (timr->it_sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) + else if (!hrtimer_active(timer) && timr->it_sigev_notify != SIGEV_NONE) return; now = timer->base->get_time(); @@ -757,7 +761,7 @@ common_timer_get(struct k_itimer *timr, * expiry is > now. */ if (iv.tv64 && (timr->it_requeue_pending & REQUEUE_PENDING || - (timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) + timr->it_sigev_notify == SIGEV_NONE)) timr->it_overrun += (unsigned int) hrtimer_forward(timer, now, iv); remaining = __hrtimer_expires_remaining_adjusted(timer, now); @@ -767,7 +771,7 @@ common_timer_get(struct k_itimer *timr, * A single shot SIGEV_NONE timer must return 0, when * it is expired ! */ - if ((timr->it_sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) + if (timr->it_sigev_notify != SIGEV_NONE) cur_setting->it_value.tv_nsec = 1; } else cur_setting->it_value = ktime_to_timespec(remaining); @@ -865,7 +869,7 @@ common_timer_set(struct k_itimer *timr, timr->it.real.interval = timespec_to_ktime(new_setting->it_interval); /* SIGEV_NONE timers are not queued ! See common_timer_get */ - if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) { + if (timr->it_sigev_notify == SIGEV_NONE) { /* Setup correct expiry time for relative timers */ if (mode == HRTIMER_MODE_REL) { hrtimer_add_expires(timer, timer->base->get_time()); Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.4/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.4/x86-asm-fix-inline-asm-call-constraints-for-gcc-4.4.patch queue-4.4/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.4/posix-timer-properly-check-sigevent-sigev_notify.patch queue-4.4/x86-microcode-do-the-family-check-first.patch queue-4.4/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "netfilter: nf_queue: Make the queue_handler pernet" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nf_queue: Make the queue_handler pernet to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nf_queue-make-the-queue_handler-pernet.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From dc3ee32e96d74dd6c80eed63af5065cb75899299 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" <ebiederm(a)xmission.com> Date: Fri, 13 May 2016 21:18:52 -0500 Subject: netfilter: nf_queue: Make the queue_handler pernet From: Eric W. Biederman <ebiederm(a)xmission.com> commit dc3ee32e96d74dd6c80eed63af5065cb75899299 upstream. Florian Weber reported: > Under full load (unshare() in loop -> OOM conditions) we can > get kernel panic: > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 > IP: [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70 > [..] > task: ffff88012dfa3840 ti: ffff88012dffc000 task.ti: ffff88012dffc000 > RIP: 0010:[<ffffffff81476c85>] [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70 > RSP: 0000:ffff88012dfffd80 EFLAGS: 00010206 > RAX: 0000000000000008 RBX: ffffffff81add0c0 RCX: ffff88013fd80000 > [..] > Call Trace: > [<ffffffff81474d98>] nf_queue_nf_hook_drop+0x18/0x20 > [<ffffffff814738eb>] nf_unregister_net_hook+0xdb/0x150 > [<ffffffff8147398f>] netfilter_net_exit+0x2f/0x60 > [<ffffffff8141b088>] ops_exit_list.isra.4+0x38/0x60 > [<ffffffff8141b652>] setup_net+0xc2/0x120 > [<ffffffff8141bd09>] copy_net_ns+0x79/0x120 > [<ffffffff8106965b>] create_new_namespaces+0x11b/0x1e0 > [<ffffffff810698a7>] unshare_nsproxy_namespaces+0x57/0xa0 > [<ffffffff8104baa2>] SyS_unshare+0x1b2/0x340 > [<ffffffff81608276>] entry_SYSCALL_64_fastpath+0x1e/0xa8 > Code: 65 00 48 89 e5 41 56 41 55 41 54 53 83 e8 01 48 8b 97 70 12 00 00 48 98 49 89 f4 4c 8b 74 c2 18 4d 8d 6e 08 49 81 c6 88 00 00 00 <49> 8b 5d 00 48 85 db 74 1a 48 89 df 4c 89 e2 48 c7 c6 90 68 47 > The simple fix for this requires a new pernet variable for struct nf_queue that indicates when it is safe to use the dynamically allocated nf_queue state. As we need a variable anyway make nf_register_queue_handler and nf_unregister_queue_handler pernet. This allows the existing logic of when it is safe to use the state from the nfnetlink_queue module to be reused with no changes except for making it per net. The syncrhonize_rcu from nf_unregister_queue_handler is moved to a new function nfnl_queue_net_exit_batch so that the worst case of having a syncrhonize_rcu in the pernet exit path is not experienced in batch mode. Reported-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com> Acked-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Cc: Eric Biggers <ebiggers3(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/net/netfilter/nf_queue.h | 4 ++-- include/net/netns/netfilter.h | 2 ++ net/netfilter/nf_queue.c | 17 ++++++++--------- net/netfilter/nfnetlink_queue.c | 18 ++++++++++++------ 4 files changed, 24 insertions(+), 17 deletions(-) --- a/include/net/netfilter/nf_queue.h +++ b/include/net/netfilter/nf_queue.h @@ -28,8 +28,8 @@ struct nf_queue_handler { struct nf_hook_ops *ops); }; -void nf_register_queue_handler(const struct nf_queue_handler *qh); -void nf_unregister_queue_handler(void); +void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); +void nf_unregister_queue_handler(struct net *net); void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); void nf_queue_entry_get_refs(struct nf_queue_entry *entry); --- a/include/net/netns/netfilter.h +++ b/include/net/netns/netfilter.h @@ -5,11 +5,13 @@ struct proc_dir_entry; struct nf_logger; +struct nf_queue_handler; struct netns_nf { #if defined CONFIG_PROC_FS struct proc_dir_entry *proc_netfilter; #endif + const struct nf_queue_handler __rcu *queue_handler; const struct nf_logger __rcu *nf_loggers[NFPROTO_NUMPROTO]; #ifdef CONFIG_SYSCTL struct ctl_table_header *nf_log_dir_header; --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -26,23 +26,21 @@ * Once the queue is registered it must reinject all packets it * receives, no matter what. */ -static const struct nf_queue_handler __rcu *queue_handler __read_mostly; /* return EBUSY when somebody else is registered, return EEXIST if the * same handler is registered, return 0 in case of success. */ -void nf_register_queue_handler(const struct nf_queue_handler *qh) +void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) { /* should never happen, we only have one queueing backend in kernel */ - WARN_ON(rcu_access_pointer(queue_handler)); - rcu_assign_pointer(queue_handler, qh); + WARN_ON(rcu_access_pointer(net->nf.queue_handler)); + rcu_assign_pointer(net->nf.queue_handler, qh); } EXPORT_SYMBOL(nf_register_queue_handler); /* The caller must flush their queue before this */ -void nf_unregister_queue_handler(void) +void nf_unregister_queue_handler(struct net *net) { - RCU_INIT_POINTER(queue_handler, NULL); - synchronize_rcu(); + RCU_INIT_POINTER(net->nf.queue_handler, NULL); } EXPORT_SYMBOL(nf_unregister_queue_handler); @@ -103,7 +101,7 @@ void nf_queue_nf_hook_drop(struct net *n const struct nf_queue_handler *qh; rcu_read_lock(); - qh = rcu_dereference(queue_handler); + qh = rcu_dereference(net->nf.queue_handler); if (qh) qh->nf_hook_drop(net, ops); rcu_read_unlock(); @@ -122,9 +120,10 @@ int nf_queue(struct sk_buff *skb, struct nf_queue_entry *entry = NULL; const struct nf_afinfo *afinfo; const struct nf_queue_handler *qh; + struct net *net = state->net; /* QUEUE == DROP if no one is waiting, to be safe. */ - qh = rcu_dereference(queue_handler); + qh = rcu_dereference(net->nf.queue_handler); if (!qh) { status = -ESRCH; goto err; --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -1382,21 +1382,29 @@ static int __net_init nfnl_queue_net_ini net->nf.proc_netfilter, &nfqnl_file_ops)) return -ENOMEM; #endif + nf_register_queue_handler(net, &nfqh); return 0; } static void __net_exit nfnl_queue_net_exit(struct net *net) { + nf_unregister_queue_handler(net); #ifdef CONFIG_PROC_FS remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter); #endif } +static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list) +{ + synchronize_rcu(); +} + static struct pernet_operations nfnl_queue_net_ops = { - .init = nfnl_queue_net_init, - .exit = nfnl_queue_net_exit, - .id = &nfnl_queue_net_id, - .size = sizeof(struct nfnl_queue_net), + .init = nfnl_queue_net_init, + .exit = nfnl_queue_net_exit, + .exit_batch = nfnl_queue_net_exit_batch, + .id = &nfnl_queue_net_id, + .size = sizeof(struct nfnl_queue_net), }; static int __init nfnetlink_queue_init(void) @@ -1417,7 +1425,6 @@ static int __init nfnetlink_queue_init(v } register_netdevice_notifier(&nfqnl_dev_notifier); - nf_register_queue_handler(&nfqh); return status; cleanup_netlink_notifier: @@ -1429,7 +1436,6 @@ out: static void __exit nfnetlink_queue_fini(void) { - nf_unregister_queue_handler(); unregister_netdevice_notifier(&nfqnl_dev_notifier); nfnetlink_subsys_unregister(&nfqnl_subsys); netlink_unregister_notifier(&nfqnl_rtnl_notifier); Patches currently in stable-queue which might be from ebiederm(a)xmission.com are queue-4.4/netfilter-nf_queue-make-the-queue_handler-pernet.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7bf7a7116ed313c601307f7e585419369926ab05 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:21 -0400 Subject: media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 7bf7a7116ed313c601307f7e585419369926ab05 upstream. When the tuner was split from m88rs2000 the attach function is in wrong place. Move to dm04_lme2510_tuner to trap errors on failure and removing a call to lme_coldreset. Prevents driver starting up without any tuner connected. Fixes to trap for ts2020 fail. LME2510(C): FE Found M88RS2000 ts2020: probe of 0-0060 failed with error -11 ... LME2510(C): TUN Found RS2000 tuner kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -1083,8 +1083,6 @@ static int dm04_lme2510_frontend_attach( if (adap->fe[0]) { info("FE Found M88RS2000"); - dvb_attach(ts2020_attach, adap->fe[0], &ts2020_config, - &d->i2c_adap); st->i2c_tuner_gate_w = 5; st->i2c_tuner_gate_r = 5; st->i2c_tuner_addr = 0x60; @@ -1150,17 +1148,18 @@ static int dm04_lme2510_tuner(struct dvb ret = st->tuner_config; break; case TUNER_RS2000: - ret = st->tuner_config; + if (dvb_attach(ts2020_attach, adap->fe[0], + &ts2020_config, &d->i2c_adap)) + ret = st->tuner_config; break; default: break; } - if (ret) + if (ret) { info("TUN Found %s tuner", tun_msg[ret]); - else { - info("TUN No tuner found --- resetting device"); - lme_coldreset(d); + } else { + info("TUN No tuner found"); return -ENODEV; } Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.4/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.4/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: Improve logic checking of warm start" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: Improve logic checking of warm start to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d932ee27e852e4904647f15b64dedca51187ad7 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:20 -0400 Subject: media: dvb-usb-v2: lmedm04: Improve logic checking of warm start From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream. Warm start has no check as whether a genuine device has connected and proceeds to next execution path. Check device should read 0x47 at offset of 2 on USB descriptor read and it is the amount requested of 6 bytes. Fix for kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access as Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -503,18 +503,23 @@ static int lme2510_pid_filter(struct dvb static int lme2510_return_status(struct dvb_usb_device *d) { - int ret = 0; + int ret; u8 *data; - data = kzalloc(10, GFP_KERNEL); + data = kzalloc(6, GFP_KERNEL); if (!data) return -ENOMEM; - ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), - 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200); - info("Firmware Status: %x (%x)", ret , data[2]); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), + 0x06, 0x80, 0x0302, 0x00, + data, 0x6, 200); + if (ret != 6) + ret = -EINVAL; + else + ret = data[2]; + + info("Firmware Status: %6ph", data); - ret = (ret < 0) ? -ENODEV : data[2]; kfree(data); return ret; } @@ -1199,6 +1204,7 @@ static int lme2510_get_adapter_count(str static int lme2510_identify_state(struct dvb_usb_device *d, const char **name) { struct lme2510_state *st = d->priv; + int status; usb_reset_configuration(d->udev); @@ -1207,12 +1213,16 @@ static int lme2510_identify_state(struct st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware; - if (lme2510_return_status(d) == 0x44) { + status = lme2510_return_status(d); + if (status == 0x44) { *name = lme_firmware_switch(d, 0); return COLD; } - return 0; + if (status != 0x47) + return -EINVAL; + + return WARM; } static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type, Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.4/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.4/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "dmaengine: dmatest: fix container_of member in dmatest_callback" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: dmatest: fix container_of member in dmatest_callback to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 66b3bd2356e0a1531c71a3dcf96944621e25c17c Mon Sep 17 00:00:00 2001 From: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> Date: Mon, 29 Jan 2018 14:40:11 +0800 Subject: dmaengine: dmatest: fix container_of member in dmatest_callback From: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> commit 66b3bd2356e0a1531c71a3dcf96944621e25c17c upstream. The type of arg passed to dmatest_callback is struct dmatest_done. It refers to test_done in struct dmatest_thread, not done_wait. Fixes: 6f6a23a213be ("dmaengine: dmatest: move callback wait ...") Signed-off-by: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> Acked-by: Adam Wallis <awallis(a)codeaurora.org> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/dmatest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dma/dmatest.c +++ b/drivers/dma/dmatest.c @@ -329,7 +329,7 @@ static void dmatest_callback(void *arg) { struct dmatest_done *done = arg; struct dmatest_thread *thread = - container_of(arg, struct dmatest_thread, done_wait); + container_of(done, struct dmatest_thread, test_done); if (!thread->done) { done->done = true; wake_up_all(done->wait); Patches currently in stable-queue which might be from shunyong.yang(a)hxt-semitech.com are queue-4.4/dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch

7 years, 4 months

1
0
0 0

Patch "kaiser: fix compile error without vsyscall" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kaiser: fix compile error without vsyscall to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kaiser-fix-compile-error-without-vsyscall.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 16:45:20 CET 2018 Date: Tue, 13 Feb 2018 16:45:20 +0100 To: Greg KH <gregkh(a)linuxfoundation.org> From: Hugh Dickins <hughd(a)google.com> Subject: kaiser: fix compile error without vsyscall From: Hugh Dickins <hughd(a)google.com> Tobias noticed a compile error on 4.4.115, and it's the same on 4.9.80: arch/x86/mm/kaiser.c: In function ‘kaiser_init’: arch/x86/mm/kaiser.c:348:8: error: ‘vsyscall_pgprot’ undeclared (first use in this function) It seems like his combination of kernel options doesn't work for KAISER. X86_VSYSCALL_EMULATION is not set on his system, while LEGACY_VSYSCALL is set to NONE (LEGACY_VSYSCALL_NONE=y). He managed to get things compiling again, by moving the 'extern unsigned long vsyscall_pgprot' outside of the preprocessor statement. This works because the optimizer removes that code (vsyscall_enabled() is always false) - and that's how it was done in some older backports. Reported-by: Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Signed-off-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/vsyscall.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -13,7 +13,6 @@ extern void map_vsyscall(void); */ extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address); extern bool vsyscall_enabled(void); -extern unsigned long vsyscall_pgprot; #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) @@ -22,5 +21,6 @@ static inline bool emulate_vsyscall(stru } static inline bool vsyscall_enabled(void) { return false; } #endif +extern unsigned long vsyscall_pgprot; #endif /* _ASM_X86_VSYSCALL_H */ Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.4/powerpc-simplify-module-toc-handling.patch queue-4.4/powerpc-64s-simple-rfi-macro-conversions.patch queue-4.4/crypto-tcrypt-fix-s-g-table-for-test_aead_speed.patch queue-4.4/media-soc_camera-soc_scale_crop-add-missing-module_description-author-license.patch queue-4.4/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.4/r8169-fix-rtl8168ep-take-too-long-to-complete-driver-initialization.patch queue-4.4/powerpc-64-fix-flush_-d-i-cache_range-called-from-modules.patch queue-4.4/powerpc-64-add-macros-for-annotating-the-destination-of-rfid-hrfid.patch queue-4.4/tcp-release-sk_frag.page-in-tcp_disconnect.patch queue-4.4/kaiser-fix-compile-error-without-vsyscall.patch queue-4.4/drm-rcar-du-use-the-vbk-interrupt-for-vblank-events.patch queue-4.4/usb-gadget-uvc-missing-files-for-configfs-interface.patch queue-4.4/dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch queue-4.4/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.4/powerpc-pseries-add-h_get_cpu_characteristics-flags-wrapper.patch queue-4.4/asoc-rsnd-don-t-call-free_irq-on-parent-ssi.patch queue-4.4/net-igmp-add-a-missing-rcu-locking-section.patch queue-4.4/netfilter-nf_queue-make-the-queue_handler-pernet.patch queue-4.4/powerpc-64s-allow-control-of-rfi-flush-via-debugfs.patch queue-4.4/powerpc-powernv-check-device-tree-for-rfi-flush-settings.patch queue-4.4/asoc-rsnd-avoid-duplicate-free_irq.patch queue-4.4/cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch queue-4.4/cifs-fix-autonegotiate-security-settings-mismatch.patch queue-4.4/don-t-put-symlink-bodies-in-pagecache-into-highmem.patch queue-4.4/powerpc-64s-convert-slb_miss_common-to-use-rfi_to_user-kernel.patch queue-4.4/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch queue-4.4/x86-asm-fix-inline-asm-call-constraints-for-gcc-4.4.patch queue-4.4/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.4/net-cdc_ncm-initialize-drvflags-before-usage.patch queue-4.4/posix-timer-properly-check-sigevent-sigev_notify.patch queue-4.4/ip6mr-fix-stale-iterator.patch queue-4.4/x86-microcode-do-the-family-check-first.patch queue-4.4/x86-kaiser-fix-build-error-with-kasan-function_graph_tracer.patch queue-4.4/powerpc-64s-support-disabling-rfi-flush-with-no_rfi_flush-and-nopti.patch queue-4.4/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch queue-4.4/powerpc-64-convert-the-syscall-exit-path-to-use-rfi_to_user-kernel.patch queue-4.4/powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch queue-4.4/drm-rcar-du-fix-race-condition-when-disabling-planes-at-crtc-stop.patch queue-4.4/asoc-pcm512x-add-missing-module_description-author-license.patch queue-4.4/vhost_net-stop-device-during-reset-owner.patch queue-4.4/powerpc-bpf-jit-disable-classic-bpf-jit-on-ppc64le.patch queue-4.4/powerpc-64s-add-support-for-rfi-flush-of-l1-d-cache.patch queue-4.4/usbip-vhci_hcd-clear-just-the-usb_port_stat_power-bit.patch queue-4.4/powerpc-pseries-query-hypervisor-for-rfi-flush-settings.patch queue-4.4/cifs-zero-sensitive-data-when-freeing.patch queue-4.4/qlcnic-fix-deadlock-bug.patch queue-4.4/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch queue-4.4/powerpc-fix-vsx-enabling-flushing-to-also-test-msr_fp-and-msr_vec.patch queue-4.4/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch queue-4.4/powerpc-64-convert-fast_exception_return-to-use-rfi_to_user-kernel.patch queue-4.4/usbip-fix-3eee23c3ec14-tcp_socket-address-still-in-the-status-file.patch queue-4.4/asoc-simple-card-fix-misleading-error-message.patch queue-4.4/powerpc-64s-wire-up-cpu_show_meltdown.patch

7 years, 4 months

1
0
0 0

Patch "CIFS: zero sensitive data when freeing" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled CIFS: zero sensitive data when freeing to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-zero-sensitive-data-when-freeing.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 97f4b7276b829a8927ac903a119bef2f963ccc58 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Thu, 25 Jan 2018 15:59:39 +0100 Subject: CIFS: zero sensitive data when freeing From: Aurelien Aptel <aaptel(a)suse.com> commit 97f4b7276b829a8927ac903a119bef2f963ccc58 upstream. also replaces memset()+kfree() by kzfree(). Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Reviewed-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/cifsencrypt.c | 3 +-- fs/cifs/connect.c | 6 +++--- fs/cifs/misc.c | 14 ++++---------- 3 files changed, 8 insertions(+), 15 deletions(-) --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -306,9 +306,8 @@ int calc_lanman_hash(const char *passwor { int i; int rc; - char password_with_pad[CIFS_ENCPWD_SIZE]; + char password_with_pad[CIFS_ENCPWD_SIZE] = {0}; - memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); if (password) strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1695,7 +1695,7 @@ cifs_parse_mount_options(const char *mou tmp_end++; if (!(tmp_end < end && tmp_end[1] == delim)) { /* No it is not. Set the password to NULL */ - kfree(vol->password); + kzfree(vol->password); vol->password = NULL; break; } @@ -1733,7 +1733,7 @@ cifs_parse_mount_options(const char *mou options = end; } - kfree(vol->password); + kzfree(vol->password); /* Now build new password string */ temp_len = strlen(value); vol->password = kzalloc(temp_len+1, GFP_KERNEL); @@ -4148,7 +4148,7 @@ cifs_construct_tcon(struct cifs_sb_info reset_cifs_unix_caps(0, tcon, NULL, vol_info); out: kfree(vol_info->username); - kfree(vol_info->password); + kzfree(vol_info->password); kfree(vol_info); return tcon; --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -99,14 +99,11 @@ sesInfoFree(struct cifs_ses *buf_to_free kfree(buf_to_free->serverOS); kfree(buf_to_free->serverDomain); kfree(buf_to_free->serverNOS); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free->user_name); kfree(buf_to_free->domainName); - kfree(buf_to_free->auth_key.response); - kfree(buf_to_free); + kzfree(buf_to_free->auth_key.response); + kzfree(buf_to_free); } struct cifs_tcon * @@ -137,10 +134,7 @@ tconInfoFree(struct cifs_tcon *buf_to_fr } atomic_dec(&tconInfoAllocCount); kfree(buf_to_free->nativeFileSystem); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free); } Patches currently in stable-queue which might be from aaptel(a)suse.com are queue-4.4/cifs-zero-sensitive-data-when-freeing.patch

7 years, 4 months

1
0
0 0

Patch "cifs: Fix missing put_xid in cifs_file_strict_mmap" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix missing put_xid in cifs_file_strict_mmap to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f04a703c3d613845ae3141bfaf223489de8ab3eb Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <mawilcox(a)microsoft.com> Date: Fri, 15 Dec 2017 12:48:32 -0800 Subject: cifs: Fix missing put_xid in cifs_file_strict_mmap From: Matthew Wilcox <mawilcox(a)microsoft.com> commit f04a703c3d613845ae3141bfaf223489de8ab3eb upstream. If cifs_zap_mapping() returned an error, we would return without putting the xid that we got earlier. Restructure cifs_file_strict_mmap() and cifs_file_mmap() to be more similar to each other and have a single point of return that always puts the xid. Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/file.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -3241,20 +3241,18 @@ static const struct vm_operations_struct int cifs_file_strict_mmap(struct file *file, struct vm_area_struct *vma) { - int rc, xid; + int xid, rc = 0; struct inode *inode = file_inode(file); xid = get_xid(); - if (!CIFS_CACHE_READ(CIFS_I(inode))) { + if (!CIFS_CACHE_READ(CIFS_I(inode))) rc = cifs_zap_mapping(inode); - if (rc) - return rc; - } - - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } @@ -3264,16 +3262,16 @@ int cifs_file_mmap(struct file *file, st int rc, xid; xid = get_xid(); + rc = cifs_revalidate_file(file); - if (rc) { + if (rc) cifs_dbg(FYI, "Validation prior to mmap failed, error=%d\n", rc); - free_xid(xid); - return rc; - } - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } Patches currently in stable-queue which might be from mawilcox(a)microsoft.com are queue-4.4/cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch

7 years, 4 months

1
0
0 0

Patch "dccp: CVE-2017-8824: use-after-free in DCCP code" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dccp: CVE-2017-8824: use-after-free in DCCP code to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dccp-cve-2017-8824-use-after-free-in-dccp-code.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 Mon Sep 17 00:00:00 2001 From: Mohamed Ghannam <simo.ghannam(a)gmail.com> Date: Tue, 5 Dec 2017 20:58:35 +0000 Subject: dccp: CVE-2017-8824: use-after-free in DCCP code From: Mohamed Ghannam <simo.ghannam(a)gmail.com> commit 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 upstream. Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect() must free dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL. Signed-off-by: Mohamed Ghannam <simo.ghannam(a)gmail.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dccp/proto.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -259,6 +259,7 @@ int dccp_disconnect(struct sock *sk, int { struct inet_connection_sock *icsk = inet_csk(sk); struct inet_sock *inet = inet_sk(sk); + struct dccp_sock *dp = dccp_sk(sk); int err = 0; const int old_state = sk->sk_state; @@ -278,6 +279,10 @@ int dccp_disconnect(struct sock *sk, int sk->sk_err = ECONNRESET; dccp_clear_xmit_timers(sk); + ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); + ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); + dp->dccps_hc_rx_ccid = NULL; + dp->dccps_hc_tx_ccid = NULL; __skb_queue_purge(&sk->sk_receive_queue); __skb_queue_purge(&sk->sk_write_queue); Patches currently in stable-queue which might be from simo.ghannam(a)gmail.com are queue-4.4/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch

7 years, 4 months

1
0
0 0

Patch "cifs: Fix autonegotiate security settings mismatch" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix autonegotiate security settings mismatch to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-autonegotiate-security-settings-mismatch.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9aca7e454415f7878b28524e76bebe1170911a88 Mon Sep 17 00:00:00 2001 From: Daniel N Pettersson <danielnp(a)axis.com> Date: Thu, 11 Jan 2018 16:00:12 +0100 Subject: cifs: Fix autonegotiate security settings mismatch From: Daniel N Pettersson <danielnp(a)axis.com> commit 9aca7e454415f7878b28524e76bebe1170911a88 upstream. Autonegotiation gives a security settings mismatch error if the SMB server selects an SMBv3 dialect that isn't SMB3.02. The exact error is "protocol revalidation - security settings mismatch". This can be tested using Samba v4.2 or by setting the global Samba setting max protocol = SMB3_00. The check that fails in smb3_validate_negotiate is the dialect verification of the negotiate info response. This is because it tries to verify against the protocol_id in the global smbdefault_values. The protocol_id in smbdefault_values is SMB3.02. In SMB2_negotiate the protocol_id in smbdefault_values isn't updated, it is global so it probably shouldn't be, but server->dialect is. This patch changes the check in smb3_validate_negotiate to use server->dialect instead of server->vals->protocol_id. The patch works with autonegotiate and when using a specific version in the vers mount option. Signed-off-by: Daniel N Pettersson <danielnp(a)axis.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/smb2pdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -580,8 +580,7 @@ int smb3_validate_negotiate(const unsign } /* check validate negotiate info response matches what we got earlier */ - if (pneg_rsp->Dialect != - cpu_to_le16(tcon->ses->server->vals->protocol_id)) + if (pneg_rsp->Dialect != cpu_to_le16(tcon->ses->server->dialect)) goto vneg_out; if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode)) Patches currently in stable-queue which might be from danielnp(a)axis.com are queue-4.4/cifs-fix-autonegotiate-security-settings-mismatch.patch

7 years, 4 months

1
0
0 0

Patch "watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: watchdog-gpio_wdt-set-wdog_hw_running-in-gpio_wdt_stop.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From bc137dfdbec27c0ec5731a89002daded4a4aa1ea Mon Sep 17 00:00:00 2001 From: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> Date: Thu, 9 Nov 2017 14:39:55 +0100 Subject: watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop From: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> commit bc137dfdbec27c0ec5731a89002daded4a4aa1ea upstream. The first patch above (https://patchwork.kernel.org/patch/9970181/) makes the oops go away, but it just papers over the problem. The real problem is that the watchdog core clears WDOG_HW_RUNNING in watchdog_stop, and the gpio driver fails to set it in its stop function when it doesn't actually stop it. This means that the core doesn't know that it now has responsibility for petting the device, in turn causing the device to reset the system (I hadn't noticed this because the board I'm working on has that reset logic disabled). How about this (other drivers may of course have the same problem, I haven't checked). One might say that ->stop should return an error when the device can't be stopped, but OTOH this brings parity between a device without a ->stop method and a GPIO wd that has always-running set. IOW, I think ->stop should only return an error when an actual attempt to stop the hardware failed. From: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> The watchdog framework clears WDOG_HW_RUNNING before calling ->stop. If the driver is unable to stop the device, it is supposed to set that bit again so that the watchdog core takes care of sending heart-beats while the device is not open from user-space. Update the gpio_wdt driver to honour that contract (and get rid of the redundant clearing of WDOG_HW_RUNNING). Fixes: 3c10bbde10 ("watchdog: core: Clear WDOG_HW_RUNNING before calling the stop function") Signed-off-by: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Wim Van Sebroeck <wim(a)iguana.be> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/watchdog/gpio_wdt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/watchdog/gpio_wdt.c +++ b/drivers/watchdog/gpio_wdt.c @@ -80,7 +80,8 @@ static int gpio_wdt_stop(struct watchdog if (!priv->always_running) { gpio_wdt_disable(priv); - clear_bit(WDOG_HW_RUNNING, &wdd->status); + } else { + set_bit(WDOG_HW_RUNNING, &wdd->status); } return 0; Patches currently in stable-queue which might be from rasmus.villemoes(a)prevas.dk are queue-4.15/watchdog-gpio_wdt-set-wdog_hw_running-in-gpio_wdt_stop.patch

7 years, 4 months

1
0
0 0

Patch "sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ad0f1d9d65938aec72a698116cd73a980916895e Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 23 Jan 2018 20:45:37 -0500 Subject: sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() From: Steven Rostedt (VMware) <rostedt(a)goodmis.org> commit ad0f1d9d65938aec72a698116cd73a980916895e upstream. When the rto_push_irq_work_func() is called, it looks at the RT overloaded bitmask in the root domain via the runqueue (rq->rd). The problem is that during CPU up and down, nothing here stops rq->rd from changing between taking the rq->rd->rto_lock and releasing it. That means the lock that is released is not the same lock that was taken. Instead of using this_rq()->rd to get the root domain, as the irq work is part of the root domain, we can simply get the root domain from the irq work that is passed to the routine: container_of(work, struct root_domain, rto_push_work) This keeps the root domain consistent. Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/rt.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1907,9 +1907,8 @@ static void push_rt_tasks(struct rq *rq) * the rt_loop_next will cause the iterator to perform another scan. * */ -static int rto_next_cpu(struct rq *rq) +static int rto_next_cpu(struct root_domain *rd) { - struct root_domain *rd = rq->rd; int next; int cpu; @@ -1985,7 +1984,7 @@ static void tell_cpu_to_push(struct rq * * Otherwise it is finishing up and an ipi needs to be sent. */ if (rq->rd->rto_cpu < 0) - cpu = rto_next_cpu(rq); + cpu = rto_next_cpu(rq->rd); raw_spin_unlock(&rq->rd->rto_lock); @@ -1998,6 +1997,8 @@ static void tell_cpu_to_push(struct rq * /* Called from hardirq context */ void rto_push_irq_work_func(struct irq_work *work) { + struct root_domain *rd = + container_of(work, struct root_domain, rto_push_work); struct rq *rq; int cpu; @@ -2013,18 +2014,18 @@ void rto_push_irq_work_func(struct irq_w raw_spin_unlock(&rq->lock); } - raw_spin_lock(&rq->rd->rto_lock); + raw_spin_lock(&rd->rto_lock); /* Pass the IPI to the next rt overloaded queue */ - cpu = rto_next_cpu(rq); + cpu = rto_next_cpu(rd); - raw_spin_unlock(&rq->rd->rto_lock); + raw_spin_unlock(&rd->rto_lock); if (cpu < 0) return; /* Try the next RT overloaded CPU */ - irq_work_queue_on(&rq->rd->rto_push_work, cpu); + irq_work_queue_on(&rd->rto_push_work, cpu); } #endif /* HAVE_RT_PUSH_IPI */ Patches currently in stable-queue which might be from rostedt(a)goodmis.org are queue-4.15/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.15/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "ssb: Do not disable PCI host on non-Mips" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ssb: Do not disable PCI host on non-Mips to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ssb-do-not-disable-pci-host-on-non-mips.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a9e6d44ddeccd3522670e641f1ed9b068e746ff7 Mon Sep 17 00:00:00 2001 From: Sven Joachim <svenjoac(a)gmx.de> Date: Fri, 26 Jan 2018 10:38:01 +0100 Subject: ssb: Do not disable PCI host on non-Mips From: Sven Joachim <svenjoac(a)gmx.de> commit a9e6d44ddeccd3522670e641f1ed9b068e746ff7 upstream. After upgrading an old laptop to 4.15-rc9, I found that the eth0 and wlan0 interfaces had disappeared. It turns out that the b43 and b44 drivers require SSB_PCIHOST_POSSIBLE which depends on PCI_DRIVERS_LEGACY, a config option that only exists on Mips. Fixes: 58eae1416b80 ("ssb: Disable PCI host for PCI_DRIVERS_GENERIC") Signed-off-by: Sven Joachim <svenjoac(a)gmx.de> Reviewed-by: James Hogan <jhogan(a)kernel.org> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/ssb/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/ssb/Kconfig +++ b/drivers/ssb/Kconfig @@ -32,7 +32,7 @@ config SSB_BLOCKIO config SSB_PCIHOST_POSSIBLE bool - depends on SSB && (PCI = y || PCI = SSB) && PCI_DRIVERS_LEGACY + depends on SSB && (PCI = y || PCI = SSB) && (PCI_DRIVERS_LEGACY || !MIPS) default y config SSB_PCIHOST Patches currently in stable-queue which might be from svenjoac(a)gmx.de are queue-4.15/ssb-do-not-disable-pci-host-on-non-mips.patch

7 years, 4 months

1
0
0 0

Patch "sched/rt: Up the root domain ref count when passing it around via IPIs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/rt: Up the root domain ref count when passing it around via IPIs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 364f56653708ba8bcdefd4f0da2a42904baa8eeb Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 23 Jan 2018 20:45:38 -0500 Subject: sched/rt: Up the root domain ref count when passing it around via IPIs From: Steven Rostedt (VMware) <rostedt(a)goodmis.org> commit 364f56653708ba8bcdefd4f0da2a42904baa8eeb upstream. When issuing an IPI RT push, where an IPI is sent to each CPU that has more than one RT task scheduled on it, it references the root domain's rto_mask, that contains all the CPUs within the root domain that has more than one RT task in the runable state. The problem is, after the IPIs are initiated, the rq->lock is released. This means that the root domain that is associated to the run queue could be freed while the IPIs are going around. Add a sched_get_rd() and a sched_put_rd() that will increment and decrement the root domain's ref count respectively. This way when initiating the IPIs, the scheduler will up the root domain's ref count before releasing the rq->lock, ensuring that the root domain does not go away until the IPI round is complete. Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/rt.c | 9 +++++++-- kernel/sched/sched.h | 2 ++ kernel/sched/topology.c | 13 +++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1990,8 +1990,11 @@ static void tell_cpu_to_push(struct rq * rto_start_unlock(&rq->rd->rto_loop_start); - if (cpu >= 0) + if (cpu >= 0) { + /* Make sure the rd does not get freed while pushing */ + sched_get_rd(rq->rd); irq_work_queue_on(&rq->rd->rto_push_work, cpu); + } } /* Called from hardirq context */ @@ -2021,8 +2024,10 @@ void rto_push_irq_work_func(struct irq_w raw_spin_unlock(&rd->rto_lock); - if (cpu < 0) + if (cpu < 0) { + sched_put_rd(rd); return; + } /* Try the next RT overloaded CPU */ irq_work_queue_on(&rd->rto_push_work, cpu); --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -665,6 +665,8 @@ extern struct mutex sched_domains_mutex; extern void init_defrootdomain(void); extern int sched_init_domains(const struct cpumask *cpu_map); extern void rq_attach_root(struct rq *rq, struct root_domain *rd); +extern void sched_get_rd(struct root_domain *rd); +extern void sched_put_rd(struct root_domain *rd); #ifdef HAVE_RT_PUSH_IPI extern void rto_push_irq_work_func(struct irq_work *work); --- a/kernel/sched/topology.c +++ b/kernel/sched/topology.c @@ -259,6 +259,19 @@ void rq_attach_root(struct rq *rq, struc call_rcu_sched(&old_rd->rcu, free_rootdomain); } +void sched_get_rd(struct root_domain *rd) +{ + atomic_inc(&rd->refcount); +} + +void sched_put_rd(struct root_domain *rd) +{ + if (!atomic_dec_and_test(&rd->refcount)) + return; + + call_rcu_sched(&rd->rcu, free_rootdomain); +} + static int init_rootdomain(struct root_domain *rd) { if (!zalloc_cpumask_var(&rd->span, GFP_KERNEL)) Patches currently in stable-queue which might be from rostedt(a)goodmis.org are queue-4.15/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.15/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "Revert "drm/i915: mark all device info struct with __initconst"" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "drm/i915: mark all device info struct with __initconst" to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-drm-i915-mark-all-device-info-struct-with-__initconst.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b5a756a722286af9702d565501e1f690d075d16b Mon Sep 17 00:00:00 2001 From: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Date: Mon, 29 Jan 2018 08:33:46 +0000 Subject: Revert "drm/i915: mark all device info struct with __initconst" From: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> commit b5a756a722286af9702d565501e1f690d075d16b upstream. This reverts commit 5b54eddd3920e9f6f1a6d972454baf350cbae77e. Conflicts: drivers/gpu/drm/i915/i915_pci.c Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104805 Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> Fixes: 5b54eddd3920 ("drm/i915: mark all device info struct with __initconst") Link: https://patchwork.freedesktop.org/patch/msgid/20180129083346.29173-1-lionel… (cherry picked from commit 5db47e37b38755c5e26e6b8fbc1a32ce73495940) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Ozkan Sezer <sezeroz(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/i915/i915_pci.c | 94 ++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 47 deletions(-) --- a/drivers/gpu/drm/i915/i915_pci.c +++ b/drivers/gpu/drm/i915/i915_pci.c @@ -74,19 +74,19 @@ GEN_DEFAULT_PAGE_SIZES, \ CURSOR_OFFSETS -static const struct intel_device_info intel_i830_info __initconst = { +static const struct intel_device_info intel_i830_info = { GEN2_FEATURES, .platform = INTEL_I830, .is_mobile = 1, .cursor_needs_physical = 1, .num_pipes = 2, /* legal, last one wins */ }; -static const struct intel_device_info intel_i845g_info __initconst = { +static const struct intel_device_info intel_i845g_info = { GEN2_FEATURES, .platform = INTEL_I845G, }; -static const struct intel_device_info intel_i85x_info __initconst = { +static const struct intel_device_info intel_i85x_info = { GEN2_FEATURES, .platform = INTEL_I85X, .is_mobile = 1, .num_pipes = 2, /* legal, last one wins */ @@ -94,7 +94,7 @@ static const struct intel_device_info in .has_fbc = 1, }; -static const struct intel_device_info intel_i865g_info __initconst = { +static const struct intel_device_info intel_i865g_info = { GEN2_FEATURES, .platform = INTEL_I865G, }; @@ -108,7 +108,7 @@ static const struct intel_device_info in GEN_DEFAULT_PAGE_SIZES, \ CURSOR_OFFSETS -static const struct intel_device_info intel_i915g_info __initconst = { +static const struct intel_device_info intel_i915g_info = { GEN3_FEATURES, .platform = INTEL_I915G, .cursor_needs_physical = 1, .has_overlay = 1, .overlay_needs_physical = 1, @@ -116,7 +116,7 @@ static const struct intel_device_info in .unfenced_needs_alignment = 1, }; -static const struct intel_device_info intel_i915gm_info __initconst = { +static const struct intel_device_info intel_i915gm_info = { GEN3_FEATURES, .platform = INTEL_I915GM, .is_mobile = 1, @@ -128,7 +128,7 @@ static const struct intel_device_info in .unfenced_needs_alignment = 1, }; -static const struct intel_device_info intel_i945g_info __initconst = { +static const struct intel_device_info intel_i945g_info = { GEN3_FEATURES, .platform = INTEL_I945G, .has_hotplug = 1, .cursor_needs_physical = 1, @@ -137,7 +137,7 @@ static const struct intel_device_info in .unfenced_needs_alignment = 1, }; -static const struct intel_device_info intel_i945gm_info __initconst = { +static const struct intel_device_info intel_i945gm_info = { GEN3_FEATURES, .platform = INTEL_I945GM, .is_mobile = 1, .has_hotplug = 1, .cursor_needs_physical = 1, @@ -148,14 +148,14 @@ static const struct intel_device_info in .unfenced_needs_alignment = 1, }; -static const struct intel_device_info intel_g33_info __initconst = { +static const struct intel_device_info intel_g33_info = { GEN3_FEATURES, .platform = INTEL_G33, .has_hotplug = 1, .has_overlay = 1, }; -static const struct intel_device_info intel_pineview_info __initconst = { +static const struct intel_device_info intel_pineview_info = { GEN3_FEATURES, .platform = INTEL_PINEVIEW, .is_mobile = 1, .has_hotplug = 1, @@ -172,7 +172,7 @@ static const struct intel_device_info in GEN_DEFAULT_PAGE_SIZES, \ CURSOR_OFFSETS -static const struct intel_device_info intel_i965g_info __initconst = { +static const struct intel_device_info intel_i965g_info = { GEN4_FEATURES, .platform = INTEL_I965G, .has_overlay = 1, @@ -180,7 +180,7 @@ static const struct intel_device_info in .has_snoop = false, }; -static const struct intel_device_info intel_i965gm_info __initconst = { +static const struct intel_device_info intel_i965gm_info = { GEN4_FEATURES, .platform = INTEL_I965GM, .is_mobile = 1, .has_fbc = 1, @@ -190,13 +190,13 @@ static const struct intel_device_info in .has_snoop = false, }; -static const struct intel_device_info intel_g45_info __initconst = { +static const struct intel_device_info intel_g45_info = { GEN4_FEATURES, .platform = INTEL_G45, .ring_mask = RENDER_RING | BSD_RING, }; -static const struct intel_device_info intel_gm45_info __initconst = { +static const struct intel_device_info intel_gm45_info = { GEN4_FEATURES, .platform = INTEL_GM45, .is_mobile = 1, .has_fbc = 1, @@ -213,12 +213,12 @@ static const struct intel_device_info in GEN_DEFAULT_PAGE_SIZES, \ CURSOR_OFFSETS -static const struct intel_device_info intel_ironlake_d_info __initconst = { +static const struct intel_device_info intel_ironlake_d_info = { GEN5_FEATURES, .platform = INTEL_IRONLAKE, }; -static const struct intel_device_info intel_ironlake_m_info __initconst = { +static const struct intel_device_info intel_ironlake_m_info = { GEN5_FEATURES, .platform = INTEL_IRONLAKE, .is_mobile = 1, .has_fbc = 1, @@ -241,12 +241,12 @@ static const struct intel_device_info in GEN6_FEATURES, \ .platform = INTEL_SANDYBRIDGE -static const struct intel_device_info intel_sandybridge_d_gt1_info __initconst = { +static const struct intel_device_info intel_sandybridge_d_gt1_info = { SNB_D_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_sandybridge_d_gt2_info __initconst = { +static const struct intel_device_info intel_sandybridge_d_gt2_info = { SNB_D_PLATFORM, .gt = 2, }; @@ -257,12 +257,12 @@ static const struct intel_device_info in .is_mobile = 1 -static const struct intel_device_info intel_sandybridge_m_gt1_info __initconst = { +static const struct intel_device_info intel_sandybridge_m_gt1_info = { SNB_M_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_sandybridge_m_gt2_info __initconst = { +static const struct intel_device_info intel_sandybridge_m_gt2_info = { SNB_M_PLATFORM, .gt = 2, }; @@ -286,12 +286,12 @@ static const struct intel_device_info in .platform = INTEL_IVYBRIDGE, \ .has_l3_dpf = 1 -static const struct intel_device_info intel_ivybridge_d_gt1_info __initconst = { +static const struct intel_device_info intel_ivybridge_d_gt1_info = { IVB_D_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_ivybridge_d_gt2_info __initconst = { +static const struct intel_device_info intel_ivybridge_d_gt2_info = { IVB_D_PLATFORM, .gt = 2, }; @@ -302,17 +302,17 @@ static const struct intel_device_info in .is_mobile = 1, \ .has_l3_dpf = 1 -static const struct intel_device_info intel_ivybridge_m_gt1_info __initconst = { +static const struct intel_device_info intel_ivybridge_m_gt1_info = { IVB_M_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_ivybridge_m_gt2_info __initconst = { +static const struct intel_device_info intel_ivybridge_m_gt2_info = { IVB_M_PLATFORM, .gt = 2, }; -static const struct intel_device_info intel_ivybridge_q_info __initconst = { +static const struct intel_device_info intel_ivybridge_q_info = { GEN7_FEATURES, .platform = INTEL_IVYBRIDGE, .gt = 2, @@ -320,7 +320,7 @@ static const struct intel_device_info in .has_l3_dpf = 1, }; -static const struct intel_device_info intel_valleyview_info __initconst = { +static const struct intel_device_info intel_valleyview_info = { .platform = INTEL_VALLEYVIEW, .gen = 7, .is_lp = 1, @@ -356,17 +356,17 @@ static const struct intel_device_info in .platform = INTEL_HASWELL, \ .has_l3_dpf = 1 -static const struct intel_device_info intel_haswell_gt1_info __initconst = { +static const struct intel_device_info intel_haswell_gt1_info = { HSW_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_haswell_gt2_info __initconst = { +static const struct intel_device_info intel_haswell_gt2_info = { HSW_PLATFORM, .gt = 2, }; -static const struct intel_device_info intel_haswell_gt3_info __initconst = { +static const struct intel_device_info intel_haswell_gt3_info = { HSW_PLATFORM, .gt = 3, }; @@ -386,17 +386,17 @@ static const struct intel_device_info in .gen = 8, \ .platform = INTEL_BROADWELL -static const struct intel_device_info intel_broadwell_gt1_info __initconst = { +static const struct intel_device_info intel_broadwell_gt1_info = { BDW_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_broadwell_gt2_info __initconst = { +static const struct intel_device_info intel_broadwell_gt2_info = { BDW_PLATFORM, .gt = 2, }; -static const struct intel_device_info intel_broadwell_rsvd_info __initconst = { +static const struct intel_device_info intel_broadwell_rsvd_info = { BDW_PLATFORM, .gt = 3, /* According to the device ID those devices are GT3, they were @@ -404,13 +404,13 @@ static const struct intel_device_info in */ }; -static const struct intel_device_info intel_broadwell_gt3_info __initconst = { +static const struct intel_device_info intel_broadwell_gt3_info = { BDW_PLATFORM, .gt = 3, .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, }; -static const struct intel_device_info intel_cherryview_info __initconst = { +static const struct intel_device_info intel_cherryview_info = { .gen = 8, .num_pipes = 3, .has_hotplug = 1, .is_lp = 1, @@ -453,12 +453,12 @@ static const struct intel_device_info in .gen = 9, \ .platform = INTEL_SKYLAKE -static const struct intel_device_info intel_skylake_gt1_info __initconst = { +static const struct intel_device_info intel_skylake_gt1_info = { SKL_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_skylake_gt2_info __initconst = { +static const struct intel_device_info intel_skylake_gt2_info = { SKL_PLATFORM, .gt = 2, }; @@ -468,12 +468,12 @@ static const struct intel_device_info in .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING -static const struct intel_device_info intel_skylake_gt3_info __initconst = { +static const struct intel_device_info intel_skylake_gt3_info = { SKL_GT3_PLUS_PLATFORM, .gt = 3, }; -static const struct intel_device_info intel_skylake_gt4_info __initconst = { +static const struct intel_device_info intel_skylake_gt4_info = { SKL_GT3_PLUS_PLATFORM, .gt = 4, }; @@ -509,13 +509,13 @@ static const struct intel_device_info in IVB_CURSOR_OFFSETS, \ BDW_COLORS -static const struct intel_device_info intel_broxton_info __initconst = { +static const struct intel_device_info intel_broxton_info = { GEN9_LP_FEATURES, .platform = INTEL_BROXTON, .ddb_size = 512, }; -static const struct intel_device_info intel_geminilake_info __initconst = { +static const struct intel_device_info intel_geminilake_info = { GEN9_LP_FEATURES, .platform = INTEL_GEMINILAKE, .ddb_size = 1024, @@ -527,17 +527,17 @@ static const struct intel_device_info in .gen = 9, \ .platform = INTEL_KABYLAKE -static const struct intel_device_info intel_kabylake_gt1_info __initconst = { +static const struct intel_device_info intel_kabylake_gt1_info = { KBL_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_kabylake_gt2_info __initconst = { +static const struct intel_device_info intel_kabylake_gt2_info = { KBL_PLATFORM, .gt = 2, }; -static const struct intel_device_info intel_kabylake_gt3_info __initconst = { +static const struct intel_device_info intel_kabylake_gt3_info = { KBL_PLATFORM, .gt = 3, .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, @@ -548,17 +548,17 @@ static const struct intel_device_info in .gen = 9, \ .platform = INTEL_COFFEELAKE -static const struct intel_device_info intel_coffeelake_gt1_info __initconst = { +static const struct intel_device_info intel_coffeelake_gt1_info = { CFL_PLATFORM, .gt = 1, }; -static const struct intel_device_info intel_coffeelake_gt2_info __initconst = { +static const struct intel_device_info intel_coffeelake_gt2_info = { CFL_PLATFORM, .gt = 2, }; -static const struct intel_device_info intel_coffeelake_gt3_info __initconst = { +static const struct intel_device_info intel_coffeelake_gt3_info = { CFL_PLATFORM, .gt = 3, .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, @@ -569,7 +569,7 @@ static const struct intel_device_info in .ddb_size = 1024, \ GLK_COLORS -static const struct intel_device_info intel_cannonlake_gt2_info __initconst = { +static const struct intel_device_info intel_cannonlake_gt2_info = { GEN10_FEATURES, .is_alpha_support = 1, .platform = INTEL_CANNONLAKE, Patches currently in stable-queue which might be from lionel.g.landwerlin(a)intel.com are queue-4.15/revert-drm-i915-mark-all-device-info-struct-with-__initconst.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] perf: arm_spe: Fail device probe when arm64_kernel_unmapped_at_el0()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] perf: arm_spe: Fail device probe when arm64_kernel_unmapped_at_el0() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 27 Nov 2017 15:49:53 +0000 Subject: [Variant 3/Meltdown] perf: arm_spe: Fail device probe when arm64_kernel_unmapped_at_el0() From: Will Deacon <will.deacon(a)arm.com> Commit 7a4a0c1555b8 upstream. When running with the kernel unmapped whilst at EL0, the virtually-addressed SPE buffer is also unmapped, which can lead to buffer faults if userspace profiling is enabled and potentially also when writing back kernel samples unless an expensive drain operation is performed on exception return. For now, fail the SPE driver probe when arm64_kernel_unmapped_at_el0(). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/perf/arm_spe_pmu.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/perf/arm_spe_pmu.c +++ b/drivers/perf/arm_spe_pmu.c @@ -1164,6 +1164,15 @@ static int arm_spe_pmu_device_dt_probe(s struct arm_spe_pmu *spe_pmu; struct device *dev = &pdev->dev; + /* + * If kernelspace is unmapped when running at EL0, then the SPE + * buffer will fault and prematurely terminate the AUX session. + */ + if (arm64_kernel_unmapped_at_el0()) { + dev_warn_once(dev, "profiling buffer inaccessible. Try passing \"kpti=off\" on the kernel command line\n"); + return -EPERM; + } + spe_pmu = devm_kzalloc(dev, sizeof(*spe_pmu), GFP_KERNEL); if (!spe_pmu) { dev_err(dev, "failed to allocate spe_pmu\n"); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "media: hdpvr: Fix an error handling path in hdpvr_probe()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: hdpvr: Fix an error handling path in hdpvr_probe() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c0f71bbb810237a38734607ca4599632f7f5d47f Mon Sep 17 00:00:00 2001 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Fri, 22 Sep 2017 09:07:06 -0400 Subject: media: hdpvr: Fix an error handling path in hdpvr_probe() From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> commit c0f71bbb810237a38734607ca4599632f7f5d47f upstream. Here, hdpvr_register_videodev() is responsible for setup and register a video device. Also defining and initializing a worker. hdpvr_register_videodev() is calling by hdpvr_probe at last. So no need to flush any work here. Unregister v4l2, free buffers and memory. If hdpvr_probe() will fail. Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/hdpvr/hdpvr-core.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) --- a/drivers/media/usb/hdpvr/hdpvr-core.c +++ b/drivers/media/usb/hdpvr/hdpvr-core.c @@ -292,7 +292,7 @@ static int hdpvr_probe(struct usb_interf /* register v4l2_device early so it can be used for printks */ if (v4l2_device_register(&interface->dev, &dev->v4l2_dev)) { dev_err(&interface->dev, "v4l2_device_register failed\n"); - goto error; + goto error_free_dev; } mutex_init(&dev->io_mutex); @@ -301,7 +301,7 @@ static int hdpvr_probe(struct usb_interf dev->usbc_buf = kmalloc(64, GFP_KERNEL); if (!dev->usbc_buf) { v4l2_err(&dev->v4l2_dev, "Out of memory\n"); - goto error; + goto error_v4l2_unregister; } init_waitqueue_head(&dev->wait_buffer); @@ -339,13 +339,13 @@ static int hdpvr_probe(struct usb_interf } if (!dev->bulk_in_endpointAddr) { v4l2_err(&dev->v4l2_dev, "Could not find bulk-in endpoint\n"); - goto error; + goto error_put_usb; } /* init the device */ if (hdpvr_device_init(dev)) { v4l2_err(&dev->v4l2_dev, "device init failed\n"); - goto error; + goto error_put_usb; } mutex_lock(&dev->io_mutex); @@ -353,7 +353,7 @@ static int hdpvr_probe(struct usb_interf mutex_unlock(&dev->io_mutex); v4l2_err(&dev->v4l2_dev, "allocating transfer buffers failed\n"); - goto error; + goto error_put_usb; } mutex_unlock(&dev->io_mutex); @@ -361,7 +361,7 @@ static int hdpvr_probe(struct usb_interf retval = hdpvr_register_i2c_adapter(dev); if (retval < 0) { v4l2_err(&dev->v4l2_dev, "i2c adapter register failed\n"); - goto error; + goto error_free_buffers; } client = hdpvr_register_ir_rx_i2c(dev); @@ -394,13 +394,17 @@ static int hdpvr_probe(struct usb_interf reg_fail: #if IS_ENABLED(CONFIG_I2C) i2c_del_adapter(&dev->i2c_adapter); +error_free_buffers: #endif + hdpvr_free_buffers(dev); +error_put_usb: + usb_put_dev(dev->udev); + kfree(dev->usbc_buf); +error_v4l2_unregister: + v4l2_device_unregister(&dev->v4l2_dev); +error_free_dev: + kfree(dev); error: - if (dev) { - flush_work(&dev->worker); - /* this frees allocated memory */ - hdpvr_delete(dev); - } return retval; } Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-4.15/media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7bf7a7116ed313c601307f7e585419369926ab05 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:21 -0400 Subject: media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 7bf7a7116ed313c601307f7e585419369926ab05 upstream. When the tuner was split from m88rs2000 the attach function is in wrong place. Move to dm04_lme2510_tuner to trap errors on failure and removing a call to lme_coldreset. Prevents driver starting up without any tuner connected. Fixes to trap for ts2020 fail. LME2510(C): FE Found M88RS2000 ts2020: probe of 0-0060 failed with error -11 ... LME2510(C): TUN Found RS2000 tuner kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -1076,8 +1076,6 @@ static int dm04_lme2510_frontend_attach( if (adap->fe[0]) { info("FE Found M88RS2000"); - dvb_attach(ts2020_attach, adap->fe[0], &ts2020_config, - &d->i2c_adap); st->i2c_tuner_gate_w = 5; st->i2c_tuner_gate_r = 5; st->i2c_tuner_addr = 0x60; @@ -1143,17 +1141,18 @@ static int dm04_lme2510_tuner(struct dvb ret = st->tuner_config; break; case TUNER_RS2000: - ret = st->tuner_config; + if (dvb_attach(ts2020_attach, adap->fe[0], + &ts2020_config, &d->i2c_adap)) + ret = st->tuner_config; break; default: break; } - if (ret) + if (ret) { info("TUN Found %s tuner", tun_msg[ret]); - else { - info("TUN No tuner found --- resetting device"); - lme_coldreset(d); + } else { + info("TUN No tuner found"); return -ENODEV; } Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.15/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.15/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: Improve logic checking of warm start" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: Improve logic checking of warm start to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d932ee27e852e4904647f15b64dedca51187ad7 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:20 -0400 Subject: media: dvb-usb-v2: lmedm04: Improve logic checking of warm start From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream. Warm start has no check as whether a genuine device has connected and proceeds to next execution path. Check device should read 0x47 at offset of 2 on USB descriptor read and it is the amount requested of 6 bytes. Fix for kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access as Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -494,18 +494,23 @@ static int lme2510_pid_filter(struct dvb static int lme2510_return_status(struct dvb_usb_device *d) { - int ret = 0; + int ret; u8 *data; - data = kzalloc(10, GFP_KERNEL); + data = kzalloc(6, GFP_KERNEL); if (!data) return -ENOMEM; - ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), - 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200); - info("Firmware Status: %x (%x)", ret , data[2]); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), + 0x06, 0x80, 0x0302, 0x00, + data, 0x6, 200); + if (ret != 6) + ret = -EINVAL; + else + ret = data[2]; + + info("Firmware Status: %6ph", data); - ret = (ret < 0) ? -ENODEV : data[2]; kfree(data); return ret; } @@ -1189,6 +1194,7 @@ static int lme2510_get_adapter_count(str static int lme2510_identify_state(struct dvb_usb_device *d, const char **name) { struct lme2510_state *st = d->priv; + int status; usb_reset_configuration(d->udev); @@ -1197,12 +1203,16 @@ static int lme2510_identify_state(struct st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware; - if (lme2510_return_status(d) == 0x44) { + status = lme2510_return_status(d); + if (status == 0x44) { *name = lme_firmware_switch(d, 0); return COLD; } - return 0; + if (status != 0x47) + return -EINVAL; + + return WARM; } static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type, Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.15/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.15/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] firmware/psci: Expose PSCI conduit" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] firmware/psci: Expose PSCI conduit to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: firmware-psci-expose-psci-conduit.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:16 +0000 Subject: [Variant 2/Spectre-v2] firmware/psci: Expose PSCI conduit From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 09a8d6d48499 upstream. In order to call into the firmware to apply workarounds, it is useful to find out whether we're using HVC or SMC. Let's expose this through the psci_ops. Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/psci.c | 28 +++++++++++++++++++++++----- include/linux/psci.h | 7 +++++++ 2 files changed, 30 insertions(+), 5 deletions(-) --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c @@ -59,7 +59,9 @@ bool psci_tos_resident_on(int cpu) return cpu == resident_cpu; } -struct psci_operations psci_ops; +struct psci_operations psci_ops = { + .conduit = PSCI_CONDUIT_NONE, +}; typedef unsigned long (psci_fn)(unsigned long, unsigned long, unsigned long, unsigned long); @@ -210,6 +212,22 @@ static unsigned long psci_migrate_info_u 0, 0, 0); } +static void set_conduit(enum psci_conduit conduit) +{ + switch (conduit) { + case PSCI_CONDUIT_HVC: + invoke_psci_fn = __invoke_psci_fn_hvc; + break; + case PSCI_CONDUIT_SMC: + invoke_psci_fn = __invoke_psci_fn_smc; + break; + default: + WARN(1, "Unexpected PSCI conduit %d\n", conduit); + } + + psci_ops.conduit = conduit; +} + static int get_set_conduit_method(struct device_node *np) { const char *method; @@ -222,9 +240,9 @@ static int get_set_conduit_method(struct } if (!strcmp("hvc", method)) { - invoke_psci_fn = __invoke_psci_fn_hvc; + set_conduit(PSCI_CONDUIT_HVC); } else if (!strcmp("smc", method)) { - invoke_psci_fn = __invoke_psci_fn_smc; + set_conduit(PSCI_CONDUIT_SMC); } else { pr_warn("invalid \"method\" property: %s\n", method); return -EINVAL; @@ -654,9 +672,9 @@ int __init psci_acpi_init(void) pr_info("probing for conduit method from ACPI.\n"); if (acpi_psci_use_hvc()) - invoke_psci_fn = __invoke_psci_fn_hvc; + set_conduit(PSCI_CONDUIT_HVC); else - invoke_psci_fn = __invoke_psci_fn_smc; + set_conduit(PSCI_CONDUIT_SMC); return psci_probe(); } --- a/include/linux/psci.h +++ b/include/linux/psci.h @@ -25,6 +25,12 @@ bool psci_tos_resident_on(int cpu); int psci_cpu_init_idle(unsigned int cpu); int psci_cpu_suspend_enter(unsigned long index); +enum psci_conduit { + PSCI_CONDUIT_NONE, + PSCI_CONDUIT_SMC, + PSCI_CONDUIT_HVC, +}; + struct psci_operations { u32 (*get_version)(void); int (*cpu_suspend)(u32 state, unsigned long entry_point); @@ -34,6 +40,7 @@ struct psci_operations { int (*affinity_info)(unsigned long target_affinity, unsigned long lowest_affinity_level); int (*migrate_info_type)(void); + enum psci_conduit conduit; }; extern struct psci_operations psci_ops; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: firmware-psci-expose-smccc-version-through-psci_ops.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:17 +0000 Subject: [Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops From: Marc Zyngier <marc.zyngier(a)arm.com> Commit e78eef554a91 upstream. Since PSCI 1.0 allows the SMCCC version to be (indirectly) probed, let's do that at boot time, and expose the version of the calling convention as part of the psci_ops structure. Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/psci.c | 27 +++++++++++++++++++++++++++ include/linux/psci.h | 6 ++++++ 2 files changed, 33 insertions(+) --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c @@ -61,6 +61,7 @@ bool psci_tos_resident_on(int cpu) struct psci_operations psci_ops = { .conduit = PSCI_CONDUIT_NONE, + .smccc_version = SMCCC_VERSION_1_0, }; typedef unsigned long (psci_fn)(unsigned long, unsigned long, @@ -511,6 +512,31 @@ static void __init psci_init_migrate(voi pr_info("Trusted OS resident on physical CPU 0x%lx\n", cpuid); } +static void __init psci_init_smccc(void) +{ + u32 ver = ARM_SMCCC_VERSION_1_0; + int feature; + + feature = psci_features(ARM_SMCCC_VERSION_FUNC_ID); + + if (feature != PSCI_RET_NOT_SUPPORTED) { + u32 ret; + ret = invoke_psci_fn(ARM_SMCCC_VERSION_FUNC_ID, 0, 0, 0); + if (ret == ARM_SMCCC_VERSION_1_1) { + psci_ops.smccc_version = SMCCC_VERSION_1_1; + ver = ret; + } + } + + /* + * Conveniently, the SMCCC and PSCI versions are encoded the + * same way. No, this isn't accidental. + */ + pr_info("SMC Calling Convention v%d.%d\n", + PSCI_VERSION_MAJOR(ver), PSCI_VERSION_MINOR(ver)); + +} + static void __init psci_0_2_set_functions(void) { pr_info("Using standard PSCI v0.2 function IDs\n"); @@ -559,6 +585,7 @@ static int __init psci_probe(void) psci_init_migrate(); if (PSCI_VERSION_MAJOR(ver) >= 1) { + psci_init_smccc(); psci_init_cpu_suspend(); psci_init_system_suspend(); } --- a/include/linux/psci.h +++ b/include/linux/psci.h @@ -31,6 +31,11 @@ enum psci_conduit { PSCI_CONDUIT_HVC, }; +enum smccc_version { + SMCCC_VERSION_1_0, + SMCCC_VERSION_1_1, +}; + struct psci_operations { u32 (*get_version)(void); int (*cpu_suspend)(u32 state, unsigned long entry_point); @@ -41,6 +46,7 @@ struct psci_operations { unsigned long lowest_affinity_level); int (*migrate_info_type)(void); enum psci_conduit conduit; + enum smccc_version smccc_version; }; extern struct psci_operations psci_ops; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 2 Jan 2018 21:45:41 +0000 Subject: [Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure From: Will Deacon <will.deacon(a)arm.com> Commit d68e3ba5303f upstream. Entry into recent versions of ARM Trusted Firmware will invalidate the CPU branch predictor state in order to protect against aliasing attacks. This patch exposes the PSCI "VERSION" function via psci_ops, so that it can be invoked outside of the PSCI driver where necessary. Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/psci.c | 2 ++ include/linux/psci.h | 1 + 2 files changed, 3 insertions(+) --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c @@ -496,6 +496,8 @@ static void __init psci_init_migrate(voi static void __init psci_0_2_set_functions(void) { pr_info("Using standard PSCI v0.2 function IDs\n"); + psci_ops.get_version = psci_get_version; + psci_function_id[PSCI_FN_CPU_SUSPEND] = PSCI_FN_NATIVE(0_2, CPU_SUSPEND); psci_ops.cpu_suspend = psci_cpu_suspend; --- a/include/linux/psci.h +++ b/include/linux/psci.h @@ -26,6 +26,7 @@ int psci_cpu_init_idle(unsigned int cpu) int psci_cpu_suspend_enter(unsigned long index); struct psci_operations { + u32 (*get_version)(void); int (*cpu_suspend)(u32 state, unsigned long entry_point); int (*cpu_off)(u32 state); int (*cpu_on)(unsigned long cpuid, unsigned long entry_point); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "dmaengine: dmatest: fix container_of member in dmatest_callback" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: dmatest: fix container_of member in dmatest_callback to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 66b3bd2356e0a1531c71a3dcf96944621e25c17c Mon Sep 17 00:00:00 2001 From: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> Date: Mon, 29 Jan 2018 14:40:11 +0800 Subject: dmaengine: dmatest: fix container_of member in dmatest_callback From: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> commit 66b3bd2356e0a1531c71a3dcf96944621e25c17c upstream. The type of arg passed to dmatest_callback is struct dmatest_done. It refers to test_done in struct dmatest_thread, not done_wait. Fixes: 6f6a23a213be ("dmaengine: dmatest: move callback wait ...") Signed-off-by: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> Acked-by: Adam Wallis <awallis(a)codeaurora.org> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/dmatest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dma/dmatest.c +++ b/drivers/dma/dmatest.c @@ -355,7 +355,7 @@ static void dmatest_callback(void *arg) { struct dmatest_done *done = arg; struct dmatest_thread *thread = - container_of(arg, struct dmatest_thread, done_wait); + container_of(done, struct dmatest_thread, test_done); if (!thread->done) { done->done = true; wake_up_all(done->wait); Patches currently in stable-queue which might be from shunyong.yang(a)hxt-semitech.com are queue-4.15/dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch

7 years, 4 months

1
0
0 0

Patch "cifs: Fix missing put_xid in cifs_file_strict_mmap" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix missing put_xid in cifs_file_strict_mmap to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f04a703c3d613845ae3141bfaf223489de8ab3eb Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <mawilcox(a)microsoft.com> Date: Fri, 15 Dec 2017 12:48:32 -0800 Subject: cifs: Fix missing put_xid in cifs_file_strict_mmap From: Matthew Wilcox <mawilcox(a)microsoft.com> commit f04a703c3d613845ae3141bfaf223489de8ab3eb upstream. If cifs_zap_mapping() returned an error, we would return without putting the xid that we got earlier. Restructure cifs_file_strict_mmap() and cifs_file_mmap() to be more similar to each other and have a single point of return that always puts the xid. Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/file.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -3471,20 +3471,18 @@ static const struct vm_operations_struct int cifs_file_strict_mmap(struct file *file, struct vm_area_struct *vma) { - int rc, xid; + int xid, rc = 0; struct inode *inode = file_inode(file); xid = get_xid(); - if (!CIFS_CACHE_READ(CIFS_I(inode))) { + if (!CIFS_CACHE_READ(CIFS_I(inode))) rc = cifs_zap_mapping(inode); - if (rc) - return rc; - } - - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } @@ -3494,16 +3492,16 @@ int cifs_file_mmap(struct file *file, st int rc, xid; xid = get_xid(); + rc = cifs_revalidate_file(file); - if (rc) { + if (rc) cifs_dbg(FYI, "Validation prior to mmap failed, error=%d\n", rc); - free_xid(xid); - return rc; - } - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } Patches currently in stable-queue which might be from mawilcox(a)microsoft.com are queue-4.15/cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch

7 years, 4 months

1
0
0 0

Patch "cpufreq: mediatek: add mediatek related projects into blacklist" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cpufreq: mediatek: add mediatek related projects into blacklist to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cpufreq-mediatek-add-mediatek-related-projects-into-blacklist.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6066998cbd2b1012a8d5bc9a2957cfd0ad53150e Mon Sep 17 00:00:00 2001 From: Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> Date: Fri, 8 Dec 2017 14:07:56 +0800 Subject: cpufreq: mediatek: add mediatek related projects into blacklist From: Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> commit 6066998cbd2b1012a8d5bc9a2957cfd0ad53150e upstream. mediatek projects will use mediate-cpufreq.c as cpufreq driver, instead of using cpufreq_dt.c Add mediatek related projects into cpufreq-dt blacklist Signed-off-by: Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/cpufreq/cpufreq-dt-platdev.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/drivers/cpufreq/cpufreq-dt-platdev.c +++ b/drivers/cpufreq/cpufreq-dt-platdev.c @@ -108,6 +108,14 @@ static const struct of_device_id blackli { .compatible = "marvell,armadaxp", }, + { .compatible = "mediatek,mt2701", }, + { .compatible = "mediatek,mt2712", }, + { .compatible = "mediatek,mt7622", }, + { .compatible = "mediatek,mt7623", }, + { .compatible = "mediatek,mt817x", }, + { .compatible = "mediatek,mt8173", }, + { .compatible = "mediatek,mt8176", }, + { .compatible = "nvidia,tegra124", }, { .compatible = "st,stih407", }, Patches currently in stable-queue which might be from andrew-sh.cheng(a)mediatek.com are queue-4.15/cpufreq-mediatek-add-mediatek-related-projects-into-blacklist.patch

7 years, 4 months

1
0
0 0

Patch "CIFS: zero sensitive data when freeing" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled CIFS: zero sensitive data when freeing to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-zero-sensitive-data-when-freeing.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 97f4b7276b829a8927ac903a119bef2f963ccc58 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Thu, 25 Jan 2018 15:59:39 +0100 Subject: CIFS: zero sensitive data when freeing From: Aurelien Aptel <aaptel(a)suse.com> commit 97f4b7276b829a8927ac903a119bef2f963ccc58 upstream. also replaces memset()+kfree() by kzfree(). Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Reviewed-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/cifsencrypt.c | 3 +-- fs/cifs/connect.c | 6 +++--- fs/cifs/misc.c | 14 ++++---------- 3 files changed, 8 insertions(+), 15 deletions(-) --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -325,9 +325,8 @@ int calc_lanman_hash(const char *passwor { int i; int rc; - char password_with_pad[CIFS_ENCPWD_SIZE]; + char password_with_pad[CIFS_ENCPWD_SIZE] = {0}; - memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); if (password) strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1707,7 +1707,7 @@ cifs_parse_mount_options(const char *mou tmp_end++; if (!(tmp_end < end && tmp_end[1] == delim)) { /* No it is not. Set the password to NULL */ - kfree(vol->password); + kzfree(vol->password); vol->password = NULL; break; } @@ -1745,7 +1745,7 @@ cifs_parse_mount_options(const char *mou options = end; } - kfree(vol->password); + kzfree(vol->password); /* Now build new password string */ temp_len = strlen(value); vol->password = kzalloc(temp_len+1, GFP_KERNEL); @@ -4235,7 +4235,7 @@ cifs_construct_tcon(struct cifs_sb_info reset_cifs_unix_caps(0, tcon, NULL, vol_info); out: kfree(vol_info->username); - kfree(vol_info->password); + kzfree(vol_info->password); kfree(vol_info); return tcon; --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -98,14 +98,11 @@ sesInfoFree(struct cifs_ses *buf_to_free kfree(buf_to_free->serverOS); kfree(buf_to_free->serverDomain); kfree(buf_to_free->serverNOS); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free->user_name); kfree(buf_to_free->domainName); - kfree(buf_to_free->auth_key.response); - kfree(buf_to_free); + kzfree(buf_to_free->auth_key.response); + kzfree(buf_to_free); } struct cifs_tcon * @@ -136,10 +133,7 @@ tconInfoFree(struct cifs_tcon *buf_to_fr } atomic_dec(&tconInfoAllocCount); kfree(buf_to_free->nativeFileSystem); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free); } Patches currently in stable-queue which might be from aaptel(a)suse.com are queue-4.15/cifs-zero-sensitive-data-when-freeing.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-use-ret-instruction-for-exiting-the-trampoline.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 16:15:59 +0000 Subject: [Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline From: Will Deacon <will.deacon(a)arm.com> Commit be04a6d1126b upstream. Speculation attacks against the entry trampoline can potentially resteer the speculative instruction stream through the indirect branch and into arbitrary gadgets within the kernel. This patch defends against these attacks by forcing a misprediction through the return stack: a dummy BL instruction loads an entry into the stack, so that the predicted program flow of the subsequent RET instruction is to a branch-to-self instruction which is finally resolved as a branch to the kernel vectors with speculation suppressed. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -1029,6 +1029,14 @@ alternative_else_nop_endif .if \regsize == 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif + /* + * Defend against branch aliasing attacks by pushing a dummy + * entry onto the return stack and using a RET instruction to + * enter the full-fat kernel vectors. + */ + bl 2f + b . +2: tramp_map_kernel x30 #ifdef CONFIG_RANDOMIZE_BASE adr x30, tramp_vectors + PAGE_SIZE @@ -1041,7 +1049,7 @@ alternative_insn isb, nop, ARM64_WORKARO msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) isb - br x30 + ret .endm .macro tramp_exit, regsize = 64 Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "cifs: Fix autonegotiate security settings mismatch" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix autonegotiate security settings mismatch to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-autonegotiate-security-settings-mismatch.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9aca7e454415f7878b28524e76bebe1170911a88 Mon Sep 17 00:00:00 2001 From: Daniel N Pettersson <danielnp(a)axis.com> Date: Thu, 11 Jan 2018 16:00:12 +0100 Subject: cifs: Fix autonegotiate security settings mismatch From: Daniel N Pettersson <danielnp(a)axis.com> commit 9aca7e454415f7878b28524e76bebe1170911a88 upstream. Autonegotiation gives a security settings mismatch error if the SMB server selects an SMBv3 dialect that isn't SMB3.02. The exact error is "protocol revalidation - security settings mismatch". This can be tested using Samba v4.2 or by setting the global Samba setting max protocol = SMB3_00. The check that fails in smb3_validate_negotiate is the dialect verification of the negotiate info response. This is because it tries to verify against the protocol_id in the global smbdefault_values. The protocol_id in smbdefault_values is SMB3.02. In SMB2_negotiate the protocol_id in smbdefault_values isn't updated, it is global so it probably shouldn't be, but server->dialect is. This patch changes the check in smb3_validate_negotiate to use server->dialect instead of server->vals->protocol_id. The patch works with autonegotiate and when using a specific version in the vers mount option. Signed-off-by: Daniel N Pettersson <danielnp(a)axis.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/smb2pdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -733,8 +733,7 @@ int smb3_validate_negotiate(const unsign } /* check validate negotiate info response matches what we got earlier */ - if (pneg_rsp->Dialect != - cpu_to_le16(tcon->ses->server->vals->protocol_id)) + if (pneg_rsp->Dialect != cpu_to_le16(tcon->ses->server->dialect)) goto vneg_out; if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode)) Patches currently in stable-queue which might be from danielnp(a)axis.com are queue-4.15/cifs-fix-autonegotiate-security-settings-mismatch.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: Use pointer masking to limit uaccess speculation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: Use pointer masking to limit uaccess speculation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-use-pointer-masking-to-limit-uaccess-speculation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 5 Feb 2018 15:34:19 +0000 Subject: [Variant 1/Spectre-v1] arm64: Use pointer masking to limit uaccess speculation From: Robin Murphy <robin.murphy(a)arm.com> Commit 4d8efc2d5ee4 upstream. Similarly to x86, mitigate speculation past an access_ok() check by masking the pointer against the address limit before use. Even if we don't expect speculative writes per se, it is plausible that a CPU may still speculate at least as far as fetching a cache line for writing, hence we also harden put_user() and clear_user() for peace of mind. Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -216,6 +216,26 @@ static inline void uaccess_enable_not_ua } /* + * Sanitise a uaccess pointer such that it becomes NULL if above the + * current addr_limit. + */ +#define uaccess_mask_ptr(ptr) (__typeof__(ptr))__uaccess_mask_ptr(ptr) +static inline void __user *__uaccess_mask_ptr(const void __user *ptr) +{ + void __user *safe_ptr; + + asm volatile( + " bics xzr, %1, %2\n" + " csel %0, %1, xzr, eq\n" + : "=&r" (safe_ptr) + : "r" (ptr), "r" (current_thread_info()->addr_limit) + : "cc"); + + csdb(); + return safe_ptr; +} + +/* * The "__xxx" versions of the user access functions do not verify the address * space - it must have been done previously with a separate "access_ok()" * call. @@ -285,7 +305,7 @@ do { \ __typeof__(*(ptr)) __user *__p = (ptr); \ might_fault(); \ access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ - __get_user((x), __p) : \ + __p = uaccess_mask_ptr(__p), __get_user((x), __p) : \ ((x) = 0, -EFAULT); \ }) @@ -349,7 +369,7 @@ do { \ __typeof__(*(ptr)) __user *__p = (ptr); \ might_fault(); \ access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ - __put_user((x), __p) : \ + __p = uaccess_mask_ptr(__p), __put_user((x), __p) : \ -EFAULT; \ }) @@ -365,7 +385,7 @@ extern unsigned long __must_check __clea static inline unsigned long __must_check clear_user(void __user *to, unsigned long n) { if (access_ok(VERIFY_WRITE, to, n)) - n = __clear_user(to, n); + n = __clear_user(__uaccess_mask_ptr(to), n); return n; } Patches currently in stable-queue which might be from robin.murphy(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:22 +0000 Subject: [Variant 1/Spectre-v1] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user From: Will Deacon <will.deacon(a)arm.com> Commit 84624087dd7e upstream. access_ok isn't an expensive operation once the addr_limit for the current thread has been loaded into the cache. Given that the initial access_ok check preceding a sequence of __{get,put}_user operations will take the brunt of the miss, we can make the __* variants identical to the full-fat versions, which brings with it the benefits of address masking. The likely cost in these sequences will be from toggling PAN/UAO, which we can address later by implementing the *_unsafe versions. Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 54 +++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 22 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -294,28 +294,33 @@ do { \ (x) = (__force __typeof__(*(ptr)))__gu_val; \ } while (0) -#define __get_user(x, ptr) \ +#define __get_user_check(x, ptr, err) \ ({ \ - int __gu_err = 0; \ - __get_user_err((x), (ptr), __gu_err); \ - __gu_err; \ + __typeof__(*(ptr)) __user *__p = (ptr); \ + might_fault(); \ + if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \ + __p = uaccess_mask_ptr(__p); \ + __get_user_err((x), __p, (err)); \ + } else { \ + (x) = 0; (err) = -EFAULT; \ + } \ }) #define __get_user_error(x, ptr, err) \ ({ \ - __get_user_err((x), (ptr), (err)); \ + __get_user_check((x), (ptr), (err)); \ (void)0; \ }) -#define get_user(x, ptr) \ +#define __get_user(x, ptr) \ ({ \ - __typeof__(*(ptr)) __user *__p = (ptr); \ - might_fault(); \ - access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ - __p = uaccess_mask_ptr(__p), __get_user((x), __p) : \ - ((x) = 0, -EFAULT); \ + int __gu_err = 0; \ + __get_user_check((x), (ptr), __gu_err); \ + __gu_err; \ }) +#define get_user __get_user + #define __put_user_asm(instr, alt_instr, reg, x, addr, err, feature) \ asm volatile( \ "1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \ @@ -358,28 +363,33 @@ do { \ uaccess_disable_not_uao(); \ } while (0) -#define __put_user(x, ptr) \ +#define __put_user_check(x, ptr, err) \ ({ \ - int __pu_err = 0; \ - __put_user_err((x), (ptr), __pu_err); \ - __pu_err; \ + __typeof__(*(ptr)) __user *__p = (ptr); \ + might_fault(); \ + if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \ + __p = uaccess_mask_ptr(__p); \ + __put_user_err((x), __p, (err)); \ + } else { \ + (err) = -EFAULT; \ + } \ }) #define __put_user_error(x, ptr, err) \ ({ \ - __put_user_err((x), (ptr), (err)); \ + __put_user_check((x), (ptr), (err)); \ (void)0; \ }) -#define put_user(x, ptr) \ +#define __put_user(x, ptr) \ ({ \ - __typeof__(*(ptr)) __user *__p = (ptr); \ - might_fault(); \ - access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ - __p = uaccess_mask_ptr(__p), __put_user((x), __p) : \ - -EFAULT; \ + int __pu_err = 0; \ + __put_user_check((x), (ptr), __pu_err); \ + __pu_err; \ }) +#define put_user __put_user + extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n); #define raw_copy_from_user __arch_copy_from_user extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:23 +0000 Subject: [Variant 1/Spectre-v1] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user From: Will Deacon <will.deacon(a)arm.com> Commit f71c2ffcb20d upstream. Like we've done for get_user and put_user, ensure that user pointers are masked before invoking the underlying __arch_{clear,copy_*}_user operations. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 29 ++++++++++++++++++++++------- arch/arm64/kernel/arm64ksyms.c | 4 ++-- arch/arm64/lib/clear_user.S | 6 +++--- arch/arm64/lib/copy_in_user.S | 5 +++-- 4 files changed, 30 insertions(+), 14 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -391,20 +391,35 @@ do { \ #define put_user __put_user extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n); -#define raw_copy_from_user __arch_copy_from_user +#define raw_copy_from_user(to, from, n) \ +({ \ + __arch_copy_from_user((to), __uaccess_mask_ptr(from), (n)); \ +}) + extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n); -#define raw_copy_to_user __arch_copy_to_user -extern unsigned long __must_check raw_copy_in_user(void __user *to, const void __user *from, unsigned long n); -extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); +#define raw_copy_to_user(to, from, n) \ +({ \ + __arch_copy_to_user(__uaccess_mask_ptr(to), (from), (n)); \ +}) + +extern unsigned long __must_check __arch_copy_in_user(void __user *to, const void __user *from, unsigned long n); +#define raw_copy_in_user(to, from, n) \ +({ \ + __arch_copy_in_user(__uaccess_mask_ptr(to), \ + __uaccess_mask_ptr(from), (n)); \ +}) + #define INLINE_COPY_TO_USER #define INLINE_COPY_FROM_USER -static inline unsigned long __must_check clear_user(void __user *to, unsigned long n) +extern unsigned long __must_check __arch_clear_user(void __user *to, unsigned long n); +static inline unsigned long __must_check __clear_user(void __user *to, unsigned long n) { if (access_ok(VERIFY_WRITE, to, n)) - n = __clear_user(__uaccess_mask_ptr(to), n); + n = __arch_clear_user(__uaccess_mask_ptr(to), n); return n; } +#define clear_user __clear_user extern long strncpy_from_user(char *dest, const char __user *src, long count); @@ -418,7 +433,7 @@ extern unsigned long __must_check __copy static inline int __copy_from_user_flushcache(void *dst, const void __user *src, unsigned size) { kasan_check_write(dst, size); - return __copy_user_flushcache(dst, src, size); + return __copy_user_flushcache(dst, __uaccess_mask_ptr(src), size); } #endif --- a/arch/arm64/kernel/arm64ksyms.c +++ b/arch/arm64/kernel/arm64ksyms.c @@ -37,8 +37,8 @@ EXPORT_SYMBOL(clear_page); /* user mem (segment) */ EXPORT_SYMBOL(__arch_copy_from_user); EXPORT_SYMBOL(__arch_copy_to_user); -EXPORT_SYMBOL(__clear_user); -EXPORT_SYMBOL(raw_copy_in_user); +EXPORT_SYMBOL(__arch_clear_user); +EXPORT_SYMBOL(__arch_copy_in_user); /* physical memory */ EXPORT_SYMBOL(memstart_addr); --- a/arch/arm64/lib/clear_user.S +++ b/arch/arm64/lib/clear_user.S @@ -21,7 +21,7 @@ .text -/* Prototype: int __clear_user(void *addr, size_t sz) +/* Prototype: int __arch_clear_user(void *addr, size_t sz) * Purpose : clear some user memory * Params : addr - user memory address to clear * : sz - number of bytes to clear @@ -29,7 +29,7 @@ * * Alignment fixed up by hardware. */ -ENTRY(__clear_user) +ENTRY(__arch_clear_user) uaccess_enable_not_uao x2, x3, x4 mov x2, x1 // save the size for fixup return subs x1, x1, #8 @@ -52,7 +52,7 @@ uao_user_alternative 9f, strb, sttrb, wz 5: mov x0, #0 uaccess_disable_not_uao x2, x3 ret -ENDPROC(__clear_user) +ENDPROC(__arch_clear_user) .section .fixup,"ax" .align 2 --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -64,14 +64,15 @@ .endm end .req x5 -ENTRY(raw_copy_in_user) + +ENTRY(__arch_copy_in_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3, x4 mov x0, #0 ret -ENDPROC(raw_copy_in_user) +ENDPROC(__arch_copy_in_user) .section .fixup,"ax" .align 2 Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:21 +0000 Subject: [Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit From: Will Deacon <will.deacon(a)arm.com> Commit c2f0ad4fc089 upstream. A mispredicted conditional call to set_fs could result in the wrong addr_limit being forwarded under speculation to a subsequent access_ok check, potentially forming part of a spectre-v1 attack using uaccess routines. This patch prevents this forwarding from taking place, but putting heavy barriers in set_fs after writing the addr_limit. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 7 +++++++ 1 file changed, 7 insertions(+) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -42,6 +42,13 @@ static inline void set_fs(mm_segment_t f { current_thread_info()->addr_limit = fs; + /* + * Prevent a mispredicted conditional call to set_fs from forwarding + * the wrong address limit to access_ok under speculation. + */ + dsb(nsh); + isb(); + /* On user-mode return, check fs is correct */ set_thread_flag(TIF_FSCHECK); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Turn on KPTI only on CPUs that need it" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Turn on KPTI only on CPUs that need it to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-turn-on-kpti-only-on-cpus-that-need-it.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Fri, 19 Jan 2018 04:22:48 -0800 Subject: [Variant 3/Meltdown] arm64: Turn on KPTI only on CPUs that need it From: Jayachandran C <jnair(a)caviumnetworks.com> Commit 0ba2e29c7fc1 upstream. Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in unmap_kernel_at_el0(). These CPUs are not vulnerable to CVE-2017-5754 and do not need KPTI when KASLR is off. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const st if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; + /* Don't force KPTI for CPUs that are not vulnerable */ + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { + case MIDR_CAVIUM_THUNDERX2: + case MIDR_BRCM_VULCAN: + return false; + } + /* Defer to CPU feature registers */ return !cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV3_SHIFT); Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:33:28 +0000 Subject: [Variant 3/Meltdown] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks From: Will Deacon <will.deacon(a)arm.com> Commit 18011eac28c7 upstream. When unmapping the kernel at EL0, we use tpidrro_el0 as a scratch register during exception entry from native tasks and subsequently zero it in the kernel_ventry macro. We can therefore avoid zeroing tpidrro_el0 in the context-switch path for native tasks using the entry trampoline. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/process.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -370,16 +370,14 @@ void tls_preserve_current_state(void) static void tls_thread_switch(struct task_struct *next) { - unsigned long tpidr, tpidrro; - tls_preserve_current_state(); - tpidr = *task_user_tls(next); - tpidrro = is_compat_thread(task_thread_info(next)) ? - next->thread.tp_value : 0; + if (is_compat_thread(task_thread_info(next))) + write_sysreg(next->thread.tp_value, tpidrro_el0); + else if (!arm64_kernel_unmapped_at_el0()) + write_sysreg(0, tpidrro_el0); - write_sysreg(tpidr, tpidr_el0); - write_sysreg(tpidrro, tpidrro_el0); + write_sysreg(*task_user_tls(next), tpidr_el0); } /* Restore the UAO state depending on next's addr_limit */ Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Take into account ID_AA64PFR0_EL1.CSV3" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Take into account ID_AA64PFR0_EL1.CSV3 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-take-into-account-id_aa64pfr0_el1.csv3.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 27 Nov 2017 18:29:30 +0000 Subject: [Variant 3/Meltdown] arm64: Take into account ID_AA64PFR0_EL1.CSV3 From: Will Deacon <will.deacon(a)arm.com> Commit 179a56f6f9fb upstream. For non-KASLR kernels where the KPTI behaviour has not been overridden on the command line we can use ID_AA64PFR0_EL1.CSV3 to determine whether or not we should unmap the kernel whilst running at EL0. Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/kernel/cpufeature.c Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -437,6 +437,7 @@ #define ID_AA64ISAR1_DPB_SHIFT 0 /* id_aa64pfr0 */ +#define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_SVE_SHIFT 32 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -145,6 +145,7 @@ static const struct arm64_ftr_bits ftr_i }; static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_GIC_SHIFT, 4, 0), @@ -852,6 +853,8 @@ static int __kpti_forced; /* 0: not forc static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); + /* Forced on command line? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by command line option\n", @@ -863,7 +866,9 @@ static bool unmap_kernel_at_el0(const st if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - return false; + /* Defer to CPU feature registers */ + return !cpuid_feature_extract_unsigned_field(pfr0, + ID_AA64PFR0_CSV3_SHIFT); } static int __init parse_kpti(char *str) @@ -968,6 +973,7 @@ static const struct arm64_cpu_capabiliti }, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 { + .desc = "Kernel page table isolation (KPTI)", .capability = ARM64_UNMAP_KERNEL_AT_EL0, .def_scope = SCOPE_SYSTEM, .matches = unmap_kernel_at_el0, Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Run enable method for errata work arounds on late CPUs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Run enable method for errata work arounds on late CPUs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 17 Jan 2018 17:42:20 +0000 Subject: [Variant 2/Spectre-v2] arm64: Run enable method for errata work arounds on late CPUs From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Commit 55b35d070c25 upstream. When a CPU is brought up after we have finalised the system wide capabilities (i.e, features and errata), we make sure the new CPU doesn't need a new errata work around which has not been detected already. However we don't run enable() method on the new CPU for the errata work arounds already detected. This could cause the new CPU running without potential work arounds. It is upto the "enable()" method to decide if this CPU should do something about the errata. Fixes: commit 6a6efbb45b7d95c84 ("arm64: Verify CPU errata work arounds on hotplugged CPU") Cc: Will Deacon <will.deacon(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Andre Przywara <andre.przywara(a)arm.com> Cc: Dave Martin <dave.martin(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu_errata.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -221,15 +221,18 @@ void verify_local_cpu_errata_workarounds { const struct arm64_cpu_capabilities *caps = arm64_errata; - for (; caps->matches; caps++) - if (!cpus_have_cap(caps->capability) && - caps->matches(caps, SCOPE_LOCAL_CPU)) { + for (; caps->matches; caps++) { + if (cpus_have_cap(caps->capability)) { + if (caps->enable) + caps->enable((void *)caps); + } else if (caps->matches(caps, SCOPE_LOCAL_CPU)) { pr_crit("CPU%d: Requires work around for %s, not detected" " at boot time\n", smp_processor_id(), caps->desc ? : "an erratum"); cpu_die_early(); } + } } void update_cpu_errata_workarounds(void) Patches currently in stable-queue which might be from suzuki.poulose(a)arm.com are queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Move BP hardening to check_and_switch_context" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Move BP hardening to check_and_switch_context to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-move-bp-hardening-to-check_and_switch_context.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Fri, 19 Jan 2018 15:42:09 +0000 Subject: [Variant 2/Spectre-v2] arm64: Move BP hardening to check_and_switch_context From: Marc Zyngier <marc.zyngier(a)arm.com> Commit a8e4c0a919ae upstream. We call arm64_apply_bp_hardening() from post_ttbr_update_workaround, which has the unexpected consequence of being triggered on every exception return to userspace when ARM64_SW_TTBR0_PAN is selected, even if no context switch actually occured. This is a bit suboptimal, and it would be more logical to only invalidate the branch predictor when we actually switch to a different mm. In order to solve this, move the call to arm64_apply_bp_hardening() into check_and_switch_context(), where we're guaranteed to pick a different mm context. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/mm/context.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -231,6 +231,9 @@ void check_and_switch_context(struct mm_ raw_spin_unlock_irqrestore(&cpu_asid_lock, flags); switch_mm_fastpath: + + arm64_apply_bp_hardening(); + /* * Defer TTBR0_EL1 setting for user threads to uaccess_enable() when * emulating PAN. @@ -246,8 +249,6 @@ asmlinkage void post_ttbr_update_workaro "ic iallu; dsb nsh; isb", ARM64_WORKAROUND_CAVIUM_27456, CONFIG_CAVIUM_ERRATUM_27456)); - - arm64_apply_bp_hardening(); } static int asids_init(void) Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Move post_ttbr_update_workaround to C code" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Move post_ttbr_update_workaround to C code to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-move-post_ttbr_update_workaround-to-c-code.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 2 Jan 2018 18:19:39 +0000 Subject: [Variant 2/Spectre-v2] arm64: Move post_ttbr_update_workaround to C code From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 95e3de3590e3 upstream. We will soon need to invoke a CPU-specific function pointer after changing page tables, so move post_ttbr_update_workaround out into C code to make this possible. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/include/asm/assembler.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 13 ------------- arch/arm64/kernel/entry.S | 2 +- arch/arm64/mm/context.c | 9 +++++++++ arch/arm64/mm/proc.S | 3 +-- 4 files changed, 11 insertions(+), 16 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -494,19 +494,6 @@ alternative_endif mrs \rd, sp_el0 .endm -/* - * Errata workaround post TTBRx_EL1 update. - */ - .macro post_ttbr_update_workaround -#ifdef CONFIG_CAVIUM_ERRATUM_27456 -alternative_if ARM64_WORKAROUND_CAVIUM_27456 - ic iallu - dsb nsh - isb -alternative_else_nop_endif -#endif - .endm - .macro pte_to_phys, phys, pte and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) .endm --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -277,7 +277,7 @@ alternative_else_nop_endif * Cavium erratum 27456 (broadcast TLBI instructions may cause I-cache * corruption). */ - post_ttbr_update_workaround + bl post_ttbr_update_workaround .endif 1: .if \el != 0 --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -239,6 +239,15 @@ switch_mm_fastpath: cpu_switch_mm(mm->pgd, mm); } +/* Errata workaround post TTBRx_EL1 update. */ +asmlinkage void post_ttbr_update_workaround(void) +{ + asm(ALTERNATIVE("nop; nop; nop", + "ic iallu; dsb nsh; isb", + ARM64_WORKAROUND_CAVIUM_27456, + CONFIG_CAVIUM_ERRATUM_27456)); +} + static int asids_init(void) { asid_bits = get_cpu_asid_bits(); --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -148,8 +148,7 @@ ENTRY(cpu_do_switch_mm) isb msr ttbr0_el1, x0 // now update TTBR0 isb - post_ttbr_update_workaround - ret + b post_ttbr_update_workaround // Back to C code... ENDPROC(cpu_do_switch_mm) .pushsection ".idmap.text", "awx" Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Use non-global mappings for kernel space" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Use non-global mappings for kernel space to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-use-non-global-mappings-for-kernel-space.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 12:56:18 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Use non-global mappings for kernel space From: Will Deacon <will.deacon(a)arm.com> Commit e046eb0c9bf2 upstream. In preparation for unmapping the kernel whilst running in userspace, make the kernel mappings non-global so we can avoid expensive TLB invalidation on kernel exit to userspace. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/kernel-pgtable.h | 12 ++++++++++-- arch/arm64/include/asm/pgtable-prot.h | 21 +++++++++++++++------ 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h index 7803343e5881..77a27af01371 100644 --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -78,8 +78,16 @@ /* * Initial memory map attributes. */ -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) +#define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) +#else +#define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS +#define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS +#endif #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 0a5635fb0ef9..22a926825e3f 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -34,8 +34,16 @@ #include <asm/pgtable-types.h> -#define PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_NG) +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_SECT_NG) +#else +#define PROT_DEFAULT _PROT_DEFAULT +#define PROT_SECT_DEFAULT _PROT_SECT_DEFAULT +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) @@ -48,6 +56,7 @@ #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) #define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) +#define _HYP_PAGE_DEFAULT (_PAGE_DEFAULT & ~PTE_NG) #define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE) #define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY) @@ -55,15 +64,15 @@ #define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE) #define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT) -#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) -#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) -#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) +#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) +#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) +#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) #define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) #define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) -#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_PXN | PTE_UXN) +#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) #define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE) #define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) -- 2.16.1 Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Rename post_ttbr0_update_workaround" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Rename post_ttbr0_update_workaround to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-rename-post_ttbr0_update_workaround.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:34:30 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Rename post_ttbr0_update_workaround From: Will Deacon <will.deacon(a)arm.com> Commit 158d495899ce upstream. The post_ttbr0_update_workaround hook applies to any change to TTBRx_EL1. Since we're using TTBR1 for the ASID, rename the hook to make it clearer as to what it's doing. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 5 ++--- arch/arm64/kernel/entry.S | 2 +- arch/arm64/mm/proc.S | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -477,10 +477,9 @@ alternative_endif .endm /* -/* - * Errata workaround post TTBR0_EL1 update. + * Errata workaround post TTBRx_EL1 update. */ - .macro post_ttbr0_update_workaround + .macro post_ttbr_update_workaround #ifdef CONFIG_CAVIUM_ERRATUM_27456 alternative_if ARM64_WORKAROUND_CAVIUM_27456 ic iallu --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -257,7 +257,7 @@ alternative_else_nop_endif * Cavium erratum 27456 (broadcast TLBI instructions may cause I-cache * corruption). */ - post_ttbr0_update_workaround + post_ttbr_update_workaround .endif 1: .if \el != 0 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -145,7 +145,7 @@ ENTRY(cpu_do_switch_mm) isb msr ttbr0_el1, x0 // now update TTBR0 isb - post_ttbr0_update_workaround + post_ttbr_update_workaround ret ENDPROC(cpu_do_switch_mm) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:04:48 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN From: Will Deacon <will.deacon(a)arm.com> Commit 376133b7edc2 upstream. We're about to rework the way ASIDs are allocated, switch_mm is implemented and low-level kernel entry/exit is handled, so keep the ARM64_SW_TTBR0_PAN code out of the way whilst we do the heavy lifting. It will be re-enabled in a subsequent patch. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -920,6 +920,7 @@ endif config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" + depends on BROKEN # Temporary while switch_mm is reworked help Enabling this option prevents the kernel from accessing user-space memory directly by pointing TTBR0_EL1 to a reserved Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:29:06 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 From: Will Deacon <will.deacon(a)arm.com> Commit 85d13c001497 upstream. The pre_ttbr0_update_workaround hook is called prior to context-switching TTBR0 because Falkor erratum E1003 can cause TLB allocation with the wrong ASID if both the ASID and the base address of the TTBR are updated at the same time. With the ASID sitting safely in TTBR1, we no longer update things atomically, so we can remove the pre_ttbr0_update_workaround macro as it's no longer required. The erratum infrastructure and documentation is left around for #E1003, as it will be required by the entry trampoline code in a future patch. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 22 ---------------------- arch/arm64/include/asm/mmu_context.h | 2 -- arch/arm64/mm/context.c | 11 ----------- arch/arm64/mm/proc.S | 1 - 4 files changed, 36 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -26,7 +26,6 @@ #include <asm/asm-offsets.h> #include <asm/cpufeature.h> #include <asm/debug-monitors.h> -#include <asm/mmu_context.h> #include <asm/page.h> #include <asm/pgtable-hwdef.h> #include <asm/ptrace.h> @@ -478,27 +477,6 @@ alternative_endif .endm /* - * Errata workaround prior to TTBR0_EL1 update - * - * val: TTBR value with new BADDR, preserved - * tmp0: temporary register, clobbered - * tmp1: other temporary register, clobbered - */ - .macro pre_ttbr0_update_workaround, val, tmp0, tmp1 -#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003 -alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003 - mrs \tmp0, ttbr0_el1 - mov \tmp1, #FALKOR_RESERVED_ASID - bfi \tmp0, \tmp1, #48, #16 // reserved ASID + old BADDR - msr ttbr0_el1, \tmp0 - isb - bfi \tmp0, \val, #0, #48 // reserved ASID + new BADDR - msr ttbr0_el1, \tmp0 - isb -alternative_else_nop_endif -#endif - .endm - /* * Errata workaround post TTBR0_EL1 update. */ --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -19,8 +19,6 @@ #ifndef __ASM_MMU_CONTEXT_H #define __ASM_MMU_CONTEXT_H -#define FALKOR_RESERVED_ASID 1 - #ifndef __ASSEMBLY__ #include <linux/compiler.h> --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -79,13 +79,6 @@ void verify_cpu_asid_bits(void) } } -static void set_reserved_asid_bits(void) -{ - if (IS_ENABLED(CONFIG_QCOM_FALKOR_ERRATUM_1003) && - cpus_have_const_cap(ARM64_WORKAROUND_QCOM_FALKOR_E1003)) - __set_bit(FALKOR_RESERVED_ASID, asid_map); -} - static void flush_context(unsigned int cpu) { int i; @@ -94,8 +87,6 @@ static void flush_context(unsigned int c /* Update the list of reserved ASIDs and the ASID bitmap. */ bitmap_clear(asid_map, 0, NUM_USER_ASIDS); - set_reserved_asid_bits(); - for_each_possible_cpu(i) { asid = atomic64_xchg_relaxed(&per_cpu(active_asids, i), 0); /* @@ -254,8 +245,6 @@ static int asids_init(void) panic("Failed to allocate bitmap for %lu ASIDs\n", NUM_USER_ASIDS); - set_reserved_asid_bits(); - pr_info("ASID allocator initialised with %lu entries\n", NUM_USER_ASIDS); return 0; } --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -138,7 +138,6 @@ ENDPROC(cpu_do_resume) * - pgd_phys - physical address of new TTB */ ENTRY(cpu_do_switch_mm) - pre_ttbr0_update_workaround x0, x2, x3 mrs x2, ttbr1_el1 mmid x1, x1 // get mm->context.id bfi x2, x1, #48, #16 // set the ASID Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Permit transitioning from Global to Non-Global without BBM" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Permit transitioning from Global to Non-Global without BBM to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 11:59:54 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Permit transitioning from Global to Non-Global without BBM From: Will Deacon <will.deacon(a)arm.com> Commit 4e6020565596 upstream. Break-before-make is not needed when transitioning from Global to Non-Global mappings, provided that the contiguous hint is not being used. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/mm/mmu.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -117,6 +117,10 @@ static bool pgattr_change_is_safe(u64 ol if ((old | new) & PTE_CONT) return false; + /* Transitioning from Global to Non-Global is safe */ + if (((old ^ new) == PTE_NG) && (new & PTE_NG)) + return true; + return ((old ^ new) & ~mask) == 0; } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Move ASID from TTBR0 to TTBR1" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Move ASID from TTBR0 to TTBR1 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:19:09 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Move ASID from TTBR0 to TTBR1 From: Will Deacon <will.deacon(a)arm.com> Commit 7655abb95386 upstream. In preparation for mapping kernelspace and userspace with different ASIDs, move the ASID to TTBR1 and update switch_mm to context-switch TTBR0 via an invalid mapping (the zero page). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/mmu_context.h | 7 +++++++ arch/arm64/include/asm/pgtable-hwdef.h | 1 + arch/arm64/include/asm/proc-fns.h | 6 ------ arch/arm64/mm/proc.S | 9 ++++++--- 4 files changed, 14 insertions(+), 9 deletions(-) --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -57,6 +57,13 @@ static inline void cpu_set_reserved_ttbr isb(); } +static inline void cpu_switch_mm(pgd_t *pgd, struct mm_struct *mm) +{ + BUG_ON(pgd == swapper_pg_dir); + cpu_set_reserved_ttbr0(); + cpu_do_switch_mm(virt_to_phys(pgd),mm); +} + /* * TCR.T0SZ value to use when the ID map is active. Usually equals * TCR_T0SZ(VA_BITS), unless system RAM is positioned very high in --- a/arch/arm64/include/asm/pgtable-hwdef.h +++ b/arch/arm64/include/asm/pgtable-hwdef.h @@ -272,6 +272,7 @@ #define TCR_TG1_4K (UL(2) << TCR_TG1_SHIFT) #define TCR_TG1_64K (UL(3) << TCR_TG1_SHIFT) +#define TCR_A1 (UL(1) << 22) #define TCR_ASID16 (UL(1) << 36) #define TCR_TBI0 (UL(1) << 37) #define TCR_HA (UL(1) << 39) --- a/arch/arm64/include/asm/proc-fns.h +++ b/arch/arm64/include/asm/proc-fns.h @@ -35,12 +35,6 @@ extern u64 cpu_do_resume(phys_addr_t ptr #include <asm/memory.h> -#define cpu_switch_mm(pgd,mm) \ -do { \ - BUG_ON(pgd == swapper_pg_dir); \ - cpu_do_switch_mm(virt_to_phys(pgd),mm); \ -} while (0) - #endif /* __ASSEMBLY__ */ #endif /* __KERNEL__ */ #endif /* __ASM_PROCFNS_H */ --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -139,9 +139,12 @@ ENDPROC(cpu_do_resume) */ ENTRY(cpu_do_switch_mm) pre_ttbr0_update_workaround x0, x2, x3 + mrs x2, ttbr1_el1 mmid x1, x1 // get mm->context.id - bfi x0, x1, #48, #16 // set the ASID - msr ttbr0_el1, x0 // set TTBR0 + bfi x2, x1, #48, #16 // set the ASID + msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set) + isb + msr ttbr0_el1, x0 // now update TTBR0 isb post_ttbr0_update_workaround ret @@ -224,7 +227,7 @@ ENTRY(__cpu_setup) * both user and kernel. */ ldr x10, =TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \ - TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 + TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 | TCR_A1 tcr_set_idmap_t0sz x10, x9 /* Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Map entry trampoline into trampoline and kernel page tables" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Map entry trampoline into trampoline and kernel page tables to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:14:17 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Map entry trampoline into trampoline and kernel page tables From: Will Deacon <will.deacon(a)arm.com> Commit 51a0048beb44 upstream. The exception entry trampoline needs to be mapped at the same virtual address in both the trampoline page table (which maps nothing else) and also the kernel page table, so that we can swizzle TTBR1_EL1 on exceptions from and return to EL0. This patch maps the trampoline at a fixed virtual address in the fixmap area of the kernel virtual address space, which allows the kernel proper to be randomized with respect to the trampoline when KASLR is enabled. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/fixmap.h | 4 ++++ arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/kernel/asm-offsets.c | 6 +++++- arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -58,6 +58,10 @@ enum fixed_addresses { FIX_APEI_GHES_NMI, #endif /* CONFIG_ACPI_APEI_GHES */ +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_TEXT, +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, /* --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -683,6 +683,7 @@ static inline void pmdp_set_wrprotect(st extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; extern pgd_t idmap_pg_dir[PTRS_PER_PGD]; +extern pgd_t tramp_pg_dir[PTRS_PER_PGD]; /* * Encode and decode a swap entry: --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -24,6 +24,7 @@ #include <linux/kvm_host.h> #include <linux/suspend.h> #include <asm/cpufeature.h> +#include <asm/fixmap.h> #include <asm/thread_info.h> #include <asm/memory.h> #include <asm/smp_plat.h> @@ -148,11 +149,14 @@ int main(void) DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2)); DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); - BLANK(); DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address)); DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address)); DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next)); DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val)); + BLANK(); +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + DEFINE(TRAMP_VALIAS, TRAMP_VALIAS); +#endif return 0; } --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -525,6 +525,29 @@ static int __init parse_rodata(char *arg } early_param("rodata", parse_rodata); +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __init map_entry_trampoline(void) +{ + extern char __entry_tramp_text_start[]; + + pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; + phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start); + + /* The trampoline is always mapped and can therefore be global */ + pgprot_val(prot) &= ~PTE_NG; + + /* Map only the text into the trampoline page table */ + memset(tramp_pg_dir, 0, PGD_SIZE); + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, + prot, pgd_pgtable_alloc, 0); + + /* ...as well as the kernel page table */ + __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + return 0; +} +core_initcall(map_entry_trampoline); +#endif + /* * Create fine-grained mappings for the kernel. */ Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 14:13:33 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI From: Will Deacon <will.deacon(a)arm.com> Commit 9b0de864b5bc upstream. Since an mm has both a kernel and a user ASID, we need to ensure that broadcast TLB maintenance targets both address spaces so that things like CoW continue to work with the uaccess primitives in the kernel. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/tlbflush.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/tlbflush.h +++ b/arch/arm64/include/asm/tlbflush.h @@ -23,6 +23,7 @@ #include <linux/sched.h> #include <asm/cputype.h> +#include <asm/mmu.h> /* * Raw TLBI operations. @@ -54,6 +55,11 @@ #define __tlbi(op, ...) __TLBI_N(op, ##__VA_ARGS__, 1, 0) +#define __tlbi_user(op, arg) do { \ + if (arm64_kernel_unmapped_at_el0()) \ + __tlbi(op, (arg) | USER_ASID_FLAG); \ +} while (0) + /* * TLB Management * ============== @@ -115,6 +121,7 @@ static inline void flush_tlb_mm(struct m dsb(ishst); __tlbi(aside1is, asid); + __tlbi_user(aside1is, asid); dsb(ish); } @@ -125,6 +132,7 @@ static inline void flush_tlb_page(struct dsb(ishst); __tlbi(vale1is, addr); + __tlbi_user(vale1is, addr); dsb(ish); } @@ -151,10 +159,13 @@ static inline void __flush_tlb_range(str dsb(ishst); for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) { - if (last_level) + if (last_level) { __tlbi(vale1is, addr); - else + __tlbi_user(vale1is, addr); + } else { __tlbi(vae1is, addr); + __tlbi_user(vae1is, addr); + } } dsb(ish); } @@ -194,6 +205,7 @@ static inline void __flush_tlb_pgtable(s unsigned long addr = uaddr >> 12 | (ASID(mm) << 48); __tlbi(vae1is, addr); + __tlbi_user(vae1is, addr); dsb(ish); } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:58:16 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN From: Will Deacon <will.deacon(a)arm.com> Commit 27a921e75711 upstream. With the ASID now installed in TTBR1, we can re-enable ARM64_SW_TTBR0_PAN by ensuring that we switch to a reserved ASID of zero when disabling user access and restore the active user ASID on the uaccess enable path. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 1 - arch/arm64/include/asm/asm-uaccess.h | 25 +++++++++++++++++-------- arch/arm64/include/asm/uaccess.h | 21 +++++++++++++++++---- arch/arm64/kernel/entry.S | 4 ++-- arch/arm64/lib/clear_user.S | 2 +- arch/arm64/lib/copy_from_user.S | 2 +- arch/arm64/lib/copy_in_user.S | 2 +- arch/arm64/lib/copy_to_user.S | 2 +- arch/arm64/mm/cache.S | 2 +- arch/arm64/xen/hypercall.S | 2 +- 10 files changed, 42 insertions(+), 21 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -920,7 +920,6 @@ endif config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" - depends on BROKEN # Temporary while switch_mm is reworked help Enabling this option prevents the kernel from accessing user-space memory directly by pointing TTBR0_EL1 to a reserved --- a/arch/arm64/include/asm/asm-uaccess.h +++ b/arch/arm64/include/asm/asm-uaccess.h @@ -16,11 +16,20 @@ add \tmp1, \tmp1, #SWAPPER_DIR_SIZE // reserved_ttbr0 at the end of swapper_pg_dir msr ttbr0_el1, \tmp1 // set reserved TTBR0_EL1 isb + sub \tmp1, \tmp1, #SWAPPER_DIR_SIZE + bic \tmp1, \tmp1, #(0xffff << 48) + msr ttbr1_el1, \tmp1 // set reserved ASID + isb .endm - .macro __uaccess_ttbr0_enable, tmp1 + .macro __uaccess_ttbr0_enable, tmp1, tmp2 get_thread_info \tmp1 ldr \tmp1, [\tmp1, #TSK_TI_TTBR0] // load saved TTBR0_EL1 + mrs \tmp2, ttbr1_el1 + extr \tmp2, \tmp2, \tmp1, #48 + ror \tmp2, \tmp2, #16 + msr ttbr1_el1, \tmp2 // set the active ASID + isb msr ttbr0_el1, \tmp1 // set the non-PAN TTBR0_EL1 isb .endm @@ -31,18 +40,18 @@ alternative_if_not ARM64_HAS_PAN alternative_else_nop_endif .endm - .macro uaccess_ttbr0_enable, tmp1, tmp2 + .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3 alternative_if_not ARM64_HAS_PAN - save_and_disable_irq \tmp2 // avoid preemption - __uaccess_ttbr0_enable \tmp1 - restore_irq \tmp2 + save_and_disable_irq \tmp3 // avoid preemption + __uaccess_ttbr0_enable \tmp1, \tmp2 + restore_irq \tmp3 alternative_else_nop_endif .endm #else .macro uaccess_ttbr0_disable, tmp1 .endm - .macro uaccess_ttbr0_enable, tmp1, tmp2 + .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3 .endm #endif @@ -56,8 +65,8 @@ alternative_if ARM64_ALT_PAN_NOT_UAO alternative_else_nop_endif .endm - .macro uaccess_enable_not_uao, tmp1, tmp2 - uaccess_ttbr0_enable \tmp1, \tmp2 + .macro uaccess_enable_not_uao, tmp1, tmp2, tmp3 + uaccess_ttbr0_enable \tmp1, \tmp2, \tmp3 alternative_if ARM64_ALT_PAN_NOT_UAO SET_PSTATE_PAN(0) alternative_else_nop_endif --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -107,15 +107,19 @@ static inline void __uaccess_ttbr0_disab { unsigned long ttbr; + ttbr = read_sysreg(ttbr1_el1); /* reserved_ttbr0 placed at the end of swapper_pg_dir */ - ttbr = read_sysreg(ttbr1_el1) + SWAPPER_DIR_SIZE; - write_sysreg(ttbr, ttbr0_el1); + write_sysreg(ttbr + SWAPPER_DIR_SIZE, ttbr0_el1); + isb(); + /* Set reserved ASID */ + ttbr &= ~(0xffffUL << 48); + write_sysreg(ttbr, ttbr1_el1); isb(); } static inline void __uaccess_ttbr0_enable(void) { - unsigned long flags; + unsigned long flags, ttbr0, ttbr1; /* * Disable interrupts to avoid preemption between reading the 'ttbr0' @@ -123,7 +127,16 @@ static inline void __uaccess_ttbr0_enabl * roll-over and an update of 'ttbr0'. */ local_irq_save(flags); - write_sysreg(current_thread_info()->ttbr0, ttbr0_el1); + ttbr0 = current_thread_info()->ttbr0; + + /* Restore active ASID */ + ttbr1 = read_sysreg(ttbr1_el1); + ttbr1 |= ttbr0 & (0xffffUL << 48); + write_sysreg(ttbr1, ttbr1_el1); + isb(); + + /* Restore user page table */ + write_sysreg(ttbr0, ttbr0_el1); isb(); local_irq_restore(flags); } --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -184,7 +184,7 @@ alternative_if ARM64_HAS_PAN alternative_else_nop_endif .if \el != 0 - mrs x21, ttbr0_el1 + mrs x21, ttbr1_el1 tst x21, #0xffff << 48 // Check for the reserved ASID orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR b.eq 1f // TTBR0 access already disabled @@ -248,7 +248,7 @@ alternative_else_nop_endif tbnz x22, #22, 1f // Skip re-enabling TTBR0 access if the PSR_PAN_BIT is set .endif - __uaccess_ttbr0_enable x0 + __uaccess_ttbr0_enable x0, x1 .if \el == 0 /* --- a/arch/arm64/lib/clear_user.S +++ b/arch/arm64/lib/clear_user.S @@ -30,7 +30,7 @@ * Alignment fixed up by hardware. */ ENTRY(__clear_user) - uaccess_enable_not_uao x2, x3 + uaccess_enable_not_uao x2, x3, x4 mov x2, x1 // save the size for fixup return subs x1, x1, #8 b.mi 2f --- a/arch/arm64/lib/copy_from_user.S +++ b/arch/arm64/lib/copy_from_user.S @@ -64,7 +64,7 @@ end .req x5 ENTRY(__arch_copy_from_user) - uaccess_enable_not_uao x3, x4 + uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3 --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -65,7 +65,7 @@ end .req x5 ENTRY(raw_copy_in_user) - uaccess_enable_not_uao x3, x4 + uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3 --- a/arch/arm64/lib/copy_to_user.S +++ b/arch/arm64/lib/copy_to_user.S @@ -63,7 +63,7 @@ end .req x5 ENTRY(__arch_copy_to_user) - uaccess_enable_not_uao x3, x4 + uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3 --- a/arch/arm64/mm/cache.S +++ b/arch/arm64/mm/cache.S @@ -49,7 +49,7 @@ ENTRY(flush_icache_range) * - end - virtual end address of region */ ENTRY(__flush_cache_user_range) - uaccess_ttbr0_enable x2, x3 + uaccess_ttbr0_enable x2, x3, x4 dcache_line_size x2, x3 sub x3, x2, #1 bic x4, x0, x3 --- a/arch/arm64/xen/hypercall.S +++ b/arch/arm64/xen/hypercall.S @@ -101,7 +101,7 @@ ENTRY(privcmd_call) * need the explicit uaccess_enable/disable if the TTBR0 PAN emulation * is enabled (it implies that hardware UAO and PAN disabled). */ - uaccess_ttbr0_enable x6, x7 + uaccess_ttbr0_enable x6, x7, x8 hvc XEN_IMM /* Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 1 Dec 2017 17:33:48 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR From: Will Deacon <will.deacon(a)arm.com> Commit b519538dfefc upstream. There are now a handful of open-coded masks to extract the ASID from a TTBR value, so introduce a TTBR_ASID_MASK and use that instead. Suggested-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/asm-uaccess.h | 3 ++- arch/arm64/include/asm/mmu.h | 1 + arch/arm64/include/asm/uaccess.h | 4 ++-- arch/arm64/kernel/entry.S | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) --- a/arch/arm64/include/asm/asm-uaccess.h +++ b/arch/arm64/include/asm/asm-uaccess.h @@ -4,6 +4,7 @@ #include <asm/alternative.h> #include <asm/kernel-pgtable.h> +#include <asm/mmu.h> #include <asm/sysreg.h> #include <asm/assembler.h> @@ -17,7 +18,7 @@ msr ttbr0_el1, \tmp1 // set reserved TTBR0_EL1 isb sub \tmp1, \tmp1, #SWAPPER_DIR_SIZE - bic \tmp1, \tmp1, #(0xffff << 48) + bic \tmp1, \tmp1, #TTBR_ASID_MASK msr ttbr1_el1, \tmp1 // set reserved ASID isb .endm --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -18,6 +18,7 @@ #define MMCF_AARCH32 0x1 /* mm context flag for AArch32 executables */ #define USER_ASID_FLAG (UL(1) << 48) +#define TTBR_ASID_MASK (UL(0xffff) << 48) #ifndef __ASSEMBLY__ --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -112,7 +112,7 @@ static inline void __uaccess_ttbr0_disab write_sysreg(ttbr + SWAPPER_DIR_SIZE, ttbr0_el1); isb(); /* Set reserved ASID */ - ttbr &= ~(0xffffUL << 48); + ttbr &= ~TTBR_ASID_MASK; write_sysreg(ttbr, ttbr1_el1); isb(); } @@ -131,7 +131,7 @@ static inline void __uaccess_ttbr0_enabl /* Restore active ASID */ ttbr1 = read_sysreg(ttbr1_el1); - ttbr1 |= ttbr0 & (0xffffUL << 48); + ttbr1 |= ttbr0 & TTBR_ASID_MASK; write_sysreg(ttbr1, ttbr1_el1); isb(); --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -205,7 +205,7 @@ alternative_else_nop_endif .if \el != 0 mrs x21, ttbr1_el1 - tst x21, #0xffff << 48 // Check for the reserved ASID + tst x21, #TTBR_ASID_MASK // Check for the reserved ASID orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR b.eq 1f // TTBR0 access already disabled and x23, x23, #~PSR_PAN_BIT // Clear the emulated PAN in the saved SPSR Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Allocate ASIDs in pairs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Allocate ASIDs in pairs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-allocate-asids-in-pairs.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 14:10:28 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Allocate ASIDs in pairs From: Will Deacon <will.deacon(a)arm.com> Commit 0c8ea531b774 upstream. In preparation for separate kernel/user ASIDs, allocate them in pairs for each mm_struct. The bottom bit distinguishes the two: if it is set, then the ASID will map only userspace. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/mmu.h | 1 + arch/arm64/mm/context.c | 25 +++++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -17,6 +17,7 @@ #define __ASM_MMU_H #define MMCF_AARCH32 0x1 /* mm context flag for AArch32 executables */ +#define USER_ASID_FLAG (UL(1) << 48) typedef struct { atomic64_t id; --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -39,7 +39,16 @@ static cpumask_t tlb_flush_pending; #define ASID_MASK (~GENMASK(asid_bits - 1, 0)) #define ASID_FIRST_VERSION (1UL << asid_bits) -#define NUM_USER_ASIDS ASID_FIRST_VERSION + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define NUM_USER_ASIDS (ASID_FIRST_VERSION >> 1) +#define asid2idx(asid) (((asid) & ~ASID_MASK) >> 1) +#define idx2asid(idx) (((idx) << 1) & ~ASID_MASK) +#else +#define NUM_USER_ASIDS (ASID_FIRST_VERSION) +#define asid2idx(asid) ((asid) & ~ASID_MASK) +#define idx2asid(idx) asid2idx(idx) +#endif /* Get the ASIDBits supported by the current CPU */ static u32 get_cpu_asid_bits(void) @@ -98,7 +107,7 @@ static void flush_context(unsigned int c */ if (asid == 0) asid = per_cpu(reserved_asids, i); - __set_bit(asid & ~ASID_MASK, asid_map); + __set_bit(asid2idx(asid), asid_map); per_cpu(reserved_asids, i) = asid; } @@ -153,16 +162,16 @@ static u64 new_context(struct mm_struct * We had a valid ASID in a previous life, so try to re-use * it if possible. */ - asid &= ~ASID_MASK; - if (!__test_and_set_bit(asid, asid_map)) + if (!__test_and_set_bit(asid2idx(asid), asid_map)) return newasid; } /* * Allocate a free ASID. If we can't find one, take a note of the - * currently active ASIDs and mark the TLBs as requiring flushes. - * We always count from ASID #1, as we use ASID #0 when setting a - * reserved TTBR0 for the init_mm. + * currently active ASIDs and mark the TLBs as requiring flushes. We + * always count from ASID #2 (index 1), as we use ASID #0 when setting + * a reserved TTBR0 for the init_mm and we allocate ASIDs in even/odd + * pairs. */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid != NUM_USER_ASIDS) @@ -179,7 +188,7 @@ static u64 new_context(struct mm_struct set_asid: __set_bit(asid, asid_map); cur_idx = asid; - return asid | generation; + return idx2asid(asid) | generation; } void check_and_switch_context(struct mm_struct *mm, unsigned int cpu) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 13:58:08 +0000 Subject: [Variant 3/Meltdown] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper From: Will Deacon <will.deacon(a)arm.com> Commit fc0e1299da54 upstream. In order for code such as TLB invalidation to operate efficiently when the decision to map the kernel at EL0 is determined at runtime, this patch introduces a helper function, arm64_kernel_unmapped_at_el0, to determine whether or not the kernel is mapped whilst running in userspace. Currently, this just reports the value of CONFIG_UNMAP_KERNEL_AT_EL0, but will later be hooked up to a fake CPU capability using a static key. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/mmu.h | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -19,6 +19,8 @@ #define MMCF_AARCH32 0x1 /* mm context flag for AArch32 executables */ #define USER_ASID_FLAG (UL(1) << 48) +#ifndef __ASSEMBLY__ + typedef struct { atomic64_t id; void *vdso; @@ -32,6 +34,11 @@ typedef struct { */ #define ASID(mm) ((mm)->context.id.counter & 0xffff) +static inline bool arm64_kernel_unmapped_at_el0(void) +{ + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); +} + extern void paging_init(void); extern void bootmem_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); @@ -42,4 +49,5 @@ extern void create_pgd_mapping(struct mm extern void *fixmap_remap_fdt(phys_addr_t dt_phys); extern void mark_linear_text_alias_ro(void); +#endif /* !__ASSEMBLY__ */ #endif Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: Make USER_DS an inclusive limit" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: Make USER_DS an inclusive limit to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-make-user_ds-an-inclusive-limit.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 5 Feb 2018 15:34:18 +0000 Subject: [Variant 1/Spectre-v1] arm64: Make USER_DS an inclusive limit From: Robin Murphy <robin.murphy(a)arm.com> Commit 51369e398d0d upstream. Currently, USER_DS represents an exclusive limit while KERNEL_DS is inclusive. In order to do some clever trickery for speculation-safe masking, we need them both to behave equivalently - there aren't enough bits to make KERNEL_DS exclusive, so we have precisely one option. This also happens to correct a longstanding false negative for a range ending on the very top byte of kernel memory. Mark Rutland points out that we've actually got the semantics of addresses vs. segments muddled up in most of the places we need to amend, so shuffle the {USER,KERNEL}_DS definitions around such that we can correct those properly instead of just pasting "-1"s everywhere. Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/processor.h | 3 ++ arch/arm64/include/asm/uaccess.h | 45 +++++++++++++++++++++---------------- arch/arm64/kernel/entry.S | 4 +-- arch/arm64/mm/fault.c | 4 +-- 4 files changed, 33 insertions(+), 23 deletions(-) --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -21,6 +21,9 @@ #define TASK_SIZE_64 (UL(1) << VA_BITS) +#define KERNEL_DS UL(-1) +#define USER_DS (TASK_SIZE_64 - 1) + #ifndef __ASSEMBLY__ /* --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -35,10 +35,7 @@ #include <asm/compiler.h> #include <asm/extable.h> -#define KERNEL_DS (-1UL) #define get_ds() (KERNEL_DS) - -#define USER_DS TASK_SIZE_64 #define get_fs() (current_thread_info()->addr_limit) static inline void set_fs(mm_segment_t fs) @@ -66,22 +63,32 @@ static inline void set_fs(mm_segment_t f * Returns 1 if the range is valid, 0 otherwise. * * This is equivalent to the following test: - * (u65)addr + (u65)size <= current->addr_limit - * - * This needs 65-bit arithmetic. + * (u65)addr + (u65)size <= (u65)current->addr_limit + 1 */ -#define __range_ok(addr, size) \ -({ \ - unsigned long __addr = (unsigned long)(addr); \ - unsigned long flag, roksum; \ - __chk_user_ptr(addr); \ - asm("adds %1, %1, %3; ccmp %1, %4, #2, cc; cset %0, ls" \ - : "=&r" (flag), "=&r" (roksum) \ - : "1" (__addr), "Ir" (size), \ - "r" (current_thread_info()->addr_limit) \ - : "cc"); \ - flag; \ -}) +static inline unsigned long __range_ok(unsigned long addr, unsigned long size) +{ + unsigned long limit = current_thread_info()->addr_limit; + + __chk_user_ptr(addr); + asm volatile( + // A + B <= C + 1 for all A,B,C, in four easy steps: + // 1: X = A + B; X' = X % 2^64 + " adds %0, %0, %2\n" + // 2: Set C = 0 if X > 2^64, to guarantee X' > C in step 4 + " csel %1, xzr, %1, hi\n" + // 3: Set X' = ~0 if X >= 2^64. For X == 2^64, this decrements X' + // to compensate for the carry flag being set in step 4. For + // X > 2^64, X' merely has to remain nonzero, which it does. + " csinv %0, %0, xzr, cc\n" + // 4: For X < 2^64, this gives us X' - C - 1 <= 0, where the -1 + // comes from the carry in being clear. Otherwise, we are + // testing X' - C == 0, subject to the previous adjustments. + " sbcs xzr, %0, %1\n" + " cset %0, ls\n" + : "+r" (addr), "+r" (limit) : "Ir" (size) : "cc"); + + return addr; +} /* * When dealing with data aborts, watchpoints, or instruction traps we may end @@ -90,7 +97,7 @@ static inline void set_fs(mm_segment_t f */ #define untagged_addr(addr) sign_extend64(addr, 55) -#define access_ok(type, addr, size) __range_ok(addr, size) +#define access_ok(type, addr, size) __range_ok((unsigned long)(addr), size) #define user_addr_max get_fs #define _ASM_EXTABLE(from, to) \ --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -167,10 +167,10 @@ alternative_else_nop_endif .else add x21, sp, #S_FRAME_SIZE get_thread_info tsk - /* Save the task's original addr_limit and set USER_DS (TASK_SIZE_64) */ + /* Save the task's original addr_limit and set USER_DS */ ldr x20, [tsk, #TSK_TI_ADDR_LIMIT] str x20, [sp, #S_ORIG_ADDR_LIMIT] - mov x20, #TASK_SIZE_64 + mov x20, #USER_DS str x20, [tsk, #TSK_TI_ADDR_LIMIT] /* No need to reset PSTATE.UAO, hardware's already set it to 0 for us */ .endif /* \el == 0 */ --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -240,7 +240,7 @@ static inline bool is_permission_fault(u if (fsc_type == ESR_ELx_FSC_PERM) return true; - if (addr < USER_DS && system_uses_ttbr0_pan()) + if (addr < TASK_SIZE && system_uses_ttbr0_pan()) return fsc_type == ESR_ELx_FSC_FAULT && (regs->pstate & PSR_PAN_BIT); @@ -414,7 +414,7 @@ static int __kprobes do_page_fault(unsig mm_flags |= FAULT_FLAG_WRITE; } - if (addr < USER_DS && is_permission_fault(esr, regs, addr)) { + if (addr < TASK_SIZE && is_permission_fault(esr, regs, addr)) { /* regs->orig_addr_limit may be 0 if we entered from EL0 */ if (regs->orig_addr_limit == KERNEL_DS) die("Accessing user space memory with fs=KERNEL_DS", regs, esr); Patches currently in stable-queue which might be from robin.murphy(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:14 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 6167ec5c9145 upstream. A new feature of SMCCC 1.1 is that it offers firmware-based CPU workarounds. In particular, SMCCC_ARCH_WORKAROUND_1 provides BP hardening for CVE-2017-5715. If the host has some mitigation for this issue, report that we deal with it using SMCCC_ARCH_WORKAROUND_1, as we apply the host workaround on every guest exit. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Conflicts: arch/arm/include/asm/kvm_host.h arch/arm64/include/asm/kvm_host.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/asm/kvm_host.h | 6 ++++++ arch/arm64/include/asm/kvm_host.h | 5 +++++ include/linux/arm-smccc.h | 5 +++++ virt/kvm/arm/psci.c | 9 ++++++++- 4 files changed, 24 insertions(+), 1 deletion(-) --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -301,4 +301,10 @@ int kvm_arm_vcpu_arch_has_attr(struct kv /* All host FP/SIMD state is restored on guest exit, so nothing to save: */ static inline void kvm_fpsimd_flush_cpu_state(void) {} +static inline bool kvm_arm_harden_branch_predictor(void) +{ + /* No way to detect it yet, pretend it is not there. */ + return false; +} + #endif /* __ARM_KVM_HOST_H__ */ --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -396,4 +396,9 @@ static inline void kvm_fpsimd_flush_cpu_ sve_flush_cpu_state(); } +static inline bool kvm_arm_harden_branch_predictor(void) +{ + return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR); +} + #endif /* __ARM64_KVM_HOST_H__ */ --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -73,6 +73,11 @@ ARM_SMCCC_SMC_32, \ 0, 1) +#define ARM_SMCCC_ARCH_WORKAROUND_1 \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 0x8000) + #ifndef __ASSEMBLY__ #include <linux/linkage.h> --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -405,13 +405,20 @@ int kvm_hvc_call_handler(struct kvm_vcpu { u32 func_id = smccc_get_function(vcpu); u32 val = PSCI_RET_NOT_SUPPORTED; + u32 feature; switch (func_id) { case ARM_SMCCC_VERSION_FUNC_ID: val = ARM_SMCCC_VERSION_1_1; break; case ARM_SMCCC_ARCH_FEATURES_FUNC_ID: - /* Nothing supported yet */ + feature = smccc_get_arg1(vcpu); + switch(feature) { + case ARM_SMCCC_ARCH_WORKAROUND_1: + if (kvm_arm_harden_branch_predictor()) + val = 0; + break; + } break; default: return kvm_psci_call(vcpu); Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Use per-CPU vector when BP hardening is enabled" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Use per-CPU vector when BP hardening is enabled to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Wed, 3 Jan 2018 16:38:35 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Use per-CPU vector when BP hardening is enabled From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 6840bdd73d07 upstream. Now that we have per-CPU vectors, let's plug then in the KVM/arm64 code. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm/include/asm/kvm_mmu.h arch/arm64/include/asm/kvm_mmu.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/asm/kvm_mmu.h | 10 ++++++++++ arch/arm64/include/asm/kvm_mmu.h | 38 ++++++++++++++++++++++++++++++++++++++ arch/arm64/kvm/hyp/switch.c | 2 +- virt/kvm/arm/arm.c | 8 +++++++- 4 files changed, 56 insertions(+), 2 deletions(-) --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -221,6 +221,16 @@ static inline unsigned int kvm_get_vmid_ return 8; } +static inline void *kvm_get_hyp_vector(void) +{ + return kvm_ksym_ref(__kvm_hyp_vector); +} + +static inline int kvm_map_vectors(void) +{ + return 0; +} + #endif /* !__ASSEMBLY__ */ #endif /* __ARM_KVM_MMU_H__ */ --- a/arch/arm64/include/asm/kvm_mmu.h +++ b/arch/arm64/include/asm/kvm_mmu.h @@ -309,5 +309,43 @@ static inline unsigned int kvm_get_vmid_ return (cpuid_feature_extract_unsigned_field(reg, ID_AA64MMFR1_VMIDBITS_SHIFT) == 2) ? 16 : 8; } +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +#include <asm/mmu.h> + +static inline void *kvm_get_hyp_vector(void) +{ + struct bp_hardening_data *data = arm64_get_bp_hardening_data(); + void *vect = kvm_ksym_ref(__kvm_hyp_vector); + + if (data->fn) { + vect = __bp_harden_hyp_vecs_start + + data->hyp_vectors_slot * SZ_2K; + + if (!has_vhe()) + vect = lm_alias(vect); + } + + return vect; +} + +static inline int kvm_map_vectors(void) +{ + return create_hyp_mappings(kvm_ksym_ref(__bp_harden_hyp_vecs_start), + kvm_ksym_ref(__bp_harden_hyp_vecs_end), + PAGE_HYP_EXEC); +} + +#else +static inline void *kvm_get_hyp_vector(void) +{ + return kvm_ksym_ref(__kvm_hyp_vector); +} + +static inline int kvm_map_vectors(void) +{ + return 0; +} +#endif + #endif /* __ASSEMBLY__ */ #endif /* __ARM64_KVM_MMU_H__ */ --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -52,7 +52,7 @@ static void __hyp_text __activate_traps_ val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN); write_sysreg(val, cpacr_el1); - write_sysreg(__kvm_hyp_vector, vbar_el1); + write_sysreg(kvm_get_hyp_vector(), vbar_el1); } static void __hyp_text __activate_traps_nvhe(void) --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -1158,7 +1158,7 @@ static void cpu_init_hyp_mode(void *dumm pgd_ptr = kvm_mmu_get_httbr(); stack_page = __this_cpu_read(kvm_arm_hyp_stack_page); hyp_stack_ptr = stack_page + PAGE_SIZE; - vector_ptr = (unsigned long)kvm_ksym_ref(__kvm_hyp_vector); + vector_ptr = (unsigned long)kvm_get_hyp_vector(); __cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr); __cpu_init_stage2(); @@ -1403,6 +1403,12 @@ static int init_hyp_mode(void) goto out_err; } + err = kvm_map_vectors(); + if (err) { + kvm_err("Cannot map vectors\n"); + goto out_err; + } + /* * Map the Hyp stack pages */ Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Make PSCI_VERSION a fast path" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Make PSCI_VERSION a fast path to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-make-psci_version-a-fast-path.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Wed, 3 Jan 2018 16:38:37 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Make PSCI_VERSION a fast path From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 90348689d500 upstream. For those CPUs that require PSCI to perform a BP invalidation, going all the way to the PSCI code for not much is a waste of precious cycles. Let's terminate that call as early as possible. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/switch.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -17,6 +17,7 @@ #include <linux/types.h> #include <linux/jump_label.h> +#include <uapi/linux/psci.h> #include <asm/kvm_asm.h> #include <asm/kvm_emulate.h> @@ -341,6 +342,18 @@ again: if (exit_code == ARM_EXCEPTION_TRAP && !__populate_fault_info(vcpu)) goto again; + if (exit_code == ARM_EXCEPTION_TRAP && + (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 || + kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32) && + vcpu_get_reg(vcpu, 0) == PSCI_0_2_FN_PSCI_VERSION) { + u64 val = PSCI_RET_NOT_SUPPORTED; + if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) + val = 2; + + vcpu_set_reg(vcpu, 0, val); + goto again; + } + if (static_branch_unlikely(&vgic_v2_cpuif_trap) && exit_code == ARM_EXCEPTION_TRAP) { bool valid; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Increment PC after handling an SMC trap" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Increment PC after handling an SMC trap to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-increment-pc-after-handling-an-smc-trap.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:07 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Increment PC after handling an SMC trap From: Marc Zyngier <marc.zyngier(a)arm.com> Commit f5115e8869e1 upstream. When handling an SMC trap, the "preferred return address" is set to that of the SMC, and not the next PC (which is a departure from the behaviour of an SMC that isn't trapped). Increment PC in the handler, as the guest is otherwise forever stuck... Cc: stable(a)vger.kernel.org Fixes: acfb3b883f6d ("arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls") Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/handle_exit.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -54,7 +54,16 @@ static int handle_hvc(struct kvm_vcpu *v static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run) { + /* + * "If an SMC instruction executed at Non-secure EL1 is + * trapped to EL2 because HCR_EL2.TSC is 1, the exception is a + * Trap exception, not a Secure Monitor Call exception [...]" + * + * We need to advance the PC after the trap, as it would + * otherwise return to the same address... + */ vcpu_set_reg(vcpu, 0, ~0UL); + kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu)); return 1; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:15 +0000 Subject: [Variant 2/Spectre-v2] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling From: Marc Zyngier <marc.zyngier(a)arm.com> Commit f72af90c3783 upstream. We want SMCCC_ARCH_WORKAROUND_1 to be fast. As fast as possible. So let's intercept it as early as we can by testing for the function call number as soon as we've identified a HVC call coming from the guest. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/hyp-entry.S | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -15,6 +15,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <linux/arm-smccc.h> #include <linux/linkage.h> #include <asm/alternative.h> @@ -64,10 +65,11 @@ alternative_endif lsr x0, x1, #ESR_ELx_EC_SHIFT cmp x0, #ESR_ELx_EC_HVC64 + ccmp x0, #ESR_ELx_EC_HVC32, #4, ne b.ne el1_trap - mrs x1, vttbr_el2 // If vttbr is valid, the 64bit guest - cbnz x1, el1_trap // called HVC + mrs x1, vttbr_el2 // If vttbr is valid, the guest + cbnz x1, el1_hvc_guest // called HVC /* Here, we're pretty sure the host called HVC. */ ldp x0, x1, [sp], #16 @@ -100,6 +102,20 @@ alternative_endif eret +el1_hvc_guest: + /* + * Fastest possible path for ARM_SMCCC_ARCH_WORKAROUND_1. + * The workaround has already been applied on the host, + * so let's quickly get back to the guest. We don't bother + * restoring x1, as it can be clobbered anyway. + */ + ldr x1, [sp] // Guest's x0 + eor w1, w1, #ARM_SMCCC_ARCH_WORKAROUND_1 + cbnz w1, el1_trap + mov x0, x1 + add sp, sp, #16 + eret + el1_trap: /* * x0: ESR_EC Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 11:59:53 +0000 Subject: [Variant 3/Meltdown] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() From: Will Deacon <will.deacon(a)arm.com> Commit 41acec624087 upstream. To allow systems which do not require kpti to continue running with global kernel mappings (which appears to be a requirement for Cavium ThunderX due to a CPU erratum), make the use of nG in the kernel page tables dependent on arm64_kernel_unmapped_at_el0(), which is resolved at runtime. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/kernel-pgtable.h | 12 ++---------- arch/arm64/include/asm/pgtable-prot.h | 30 ++++++++++++++---------------- 2 files changed, 16 insertions(+), 26 deletions(-) --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -78,16 +78,8 @@ /* * Initial memory map attributes. */ -#define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) - -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) -#define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) -#else -#define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS -#define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS -#endif +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -37,13 +37,11 @@ #define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define PROT_DEFAULT (_PROT_DEFAULT | PTE_NG) -#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_SECT_NG) -#else -#define PROT_DEFAULT _PROT_DEFAULT -#define PROT_SECT_DEFAULT _PROT_SECT_DEFAULT -#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ +#define PTE_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PTE_NG : 0) +#define PMD_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PMD_SECT_NG : 0) + +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG) +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG) #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) @@ -55,22 +53,22 @@ #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) -#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) -#define _HYP_PAGE_DEFAULT (_PAGE_DEFAULT & ~PTE_NG) +#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) +#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT -#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE) -#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY) -#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY) -#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE) -#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT) +#define PAGE_KERNEL __pgprot(PROT_NORMAL) +#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY) +#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY) +#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN) +#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT) #define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) #define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) #define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) -#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) -#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) +#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) +#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) #define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kpti: Fix the interaction between ASID switching and software PAN" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kpti: Fix the interaction between ASID switching and software PAN to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Catalin Marinas <catalin.marinas(a)arm.com> Date: Wed, 10 Jan 2018 13:18:30 +0000 Subject: [Variant 3/Meltdown] arm64: kpti: Fix the interaction between ASID switching and software PAN From: Catalin Marinas <catalin.marinas(a)arm.com> Commit 6b88a32c7af6 upstream. With ARM64_SW_TTBR0_PAN enabled, the exception entry code checks the active ASID to decide whether user access was enabled (non-zero ASID) when the exception was taken. On return from exception, if user access was previously disabled, it re-instates TTBR0_EL1 from the per-thread saved value (updated in switch_mm() or efi_set_pgd()). Commit 7655abb95386 ("arm64: mm: Move ASID from TTBR0 to TTBR1") makes a TTBR0_EL1 + ASID switching non-atomic. Subsequently, commit 27a921e75711 ("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") changes the __uaccess_ttbr0_disable() function and asm macro to first write the reserved TTBR0_EL1 followed by the ASID=0 update in TTBR1_EL1. If an exception occurs between these two, the exception return code will re-instate a valid TTBR0_EL1. Similar scenario can happen in cpu_switch_mm() between setting the reserved TTBR0_EL1 and the ASID update in cpu_do_switch_mm(). This patch reverts the entry.S check for ASID == 0 to TTBR0_EL1 and disables the interrupts around the TTBR0_EL1 and ASID switching code in __uaccess_ttbr0_disable(). It also ensures that, when returning from the EFI runtime services, efi_set_pgd() doesn't leave a non-zero ASID in TTBR1_EL1 by using uaccess_ttbr0_{enable,disable}. The accesses to current_thread_info()->ttbr0 are updated to use READ_ONCE/WRITE_ONCE. As a safety measure, __uaccess_ttbr0_enable() always masks out any existing non-zero ASID TTBR1_EL1 before writing in the new ASID. Fixes: 27a921e75711 ("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") Acked-by: Will Deacon <will.deacon(a)arm.com> Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: James Morse <james.morse(a)arm.com> Tested-by: James Morse <james.morse(a)arm.com> Co-developed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Conflicts: arch/arm64/include/asm/asm-uaccess.h arch/arm64/include/asm/uaccess.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/asm-uaccess.h | 12 +++++++----- arch/arm64/include/asm/efi.h | 12 +++++++----- arch/arm64/include/asm/mmu_context.h | 3 ++- arch/arm64/include/asm/uaccess.h | 9 ++++++--- arch/arm64/kernel/entry.S | 2 +- arch/arm64/lib/clear_user.S | 2 +- arch/arm64/lib/copy_from_user.S | 2 +- arch/arm64/lib/copy_in_user.S | 2 +- arch/arm64/lib/copy_to_user.S | 2 +- arch/arm64/mm/cache.S | 2 +- arch/arm64/mm/proc.S | 3 +++ arch/arm64/xen/hypercall.S | 2 +- 12 files changed, 32 insertions(+), 21 deletions(-) --- a/arch/arm64/include/asm/asm-uaccess.h +++ b/arch/arm64/include/asm/asm-uaccess.h @@ -14,11 +14,11 @@ #ifdef CONFIG_ARM64_SW_TTBR0_PAN .macro __uaccess_ttbr0_disable, tmp1 mrs \tmp1, ttbr1_el1 // swapper_pg_dir + bic \tmp1, \tmp1, #TTBR_ASID_MASK add \tmp1, \tmp1, #SWAPPER_DIR_SIZE // reserved_ttbr0 at the end of swapper_pg_dir msr ttbr0_el1, \tmp1 // set reserved TTBR0_EL1 isb sub \tmp1, \tmp1, #SWAPPER_DIR_SIZE - bic \tmp1, \tmp1, #TTBR_ASID_MASK msr ttbr1_el1, \tmp1 // set reserved ASID isb .endm @@ -35,9 +35,11 @@ isb .endm - .macro uaccess_ttbr0_disable, tmp1 + .macro uaccess_ttbr0_disable, tmp1, tmp2 alternative_if_not ARM64_HAS_PAN + save_and_disable_irq \tmp2 // avoid preemption __uaccess_ttbr0_disable \tmp1 + restore_irq \tmp2 alternative_else_nop_endif .endm @@ -49,7 +51,7 @@ alternative_if_not ARM64_HAS_PAN alternative_else_nop_endif .endm #else - .macro uaccess_ttbr0_disable, tmp1 + .macro uaccess_ttbr0_disable, tmp1, tmp2 .endm .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3 @@ -59,8 +61,8 @@ alternative_else_nop_endif /* * These macros are no-ops when UAO is present. */ - .macro uaccess_disable_not_uao, tmp1 - uaccess_ttbr0_disable \tmp1 + .macro uaccess_disable_not_uao, tmp1, tmp2 + uaccess_ttbr0_disable \tmp1, \tmp2 alternative_if ARM64_ALT_PAN_NOT_UAO SET_PSTATE_PAN(1) alternative_else_nop_endif --- a/arch/arm64/include/asm/efi.h +++ b/arch/arm64/include/asm/efi.h @@ -121,19 +121,21 @@ static inline void efi_set_pgd(struct mm if (mm != current->active_mm) { /* * Update the current thread's saved ttbr0 since it is - * restored as part of a return from exception. Set - * the hardware TTBR0_EL1 using cpu_switch_mm() - * directly to enable potential errata workarounds. + * restored as part of a return from exception. Enable + * access to the valid TTBR0_EL1 and invoke the errata + * workaround directly since there is no return from + * exception when invoking the EFI run-time services. */ update_saved_ttbr0(current, mm); - cpu_switch_mm(mm->pgd, mm); + uaccess_ttbr0_enable(); + post_ttbr_update_workaround(); } else { /* * Defer the switch to the current thread's TTBR0_EL1 * until uaccess_enable(). Restore the current * thread's saved ttbr0 corresponding to its active_mm */ - cpu_set_reserved_ttbr0(); + uaccess_ttbr0_disable(); update_saved_ttbr0(current, current->active_mm); } } --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -175,7 +175,7 @@ static inline void update_saved_ttbr0(st else ttbr = virt_to_phys(mm->pgd) | ASID(mm) << 48; - task_thread_info(tsk)->ttbr0 = ttbr; + WRITE_ONCE(task_thread_info(tsk)->ttbr0, ttbr); } #else static inline void update_saved_ttbr0(struct task_struct *tsk, @@ -230,6 +230,7 @@ switch_mm(struct mm_struct *prev, struct #define activate_mm(prev,next) switch_mm(prev, next, current) void verify_cpu_asid_bits(void); +void post_ttbr_update_workaround(void); #endif /* !__ASSEMBLY__ */ --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -105,16 +105,18 @@ static inline void set_fs(mm_segment_t f #ifdef CONFIG_ARM64_SW_TTBR0_PAN static inline void __uaccess_ttbr0_disable(void) { - unsigned long ttbr; + unsigned long flags, ttbr; + local_irq_save(flags); ttbr = read_sysreg(ttbr1_el1); + ttbr &= ~TTBR_ASID_MASK; /* reserved_ttbr0 placed at the end of swapper_pg_dir */ write_sysreg(ttbr + SWAPPER_DIR_SIZE, ttbr0_el1); isb(); /* Set reserved ASID */ - ttbr &= ~TTBR_ASID_MASK; write_sysreg(ttbr, ttbr1_el1); isb(); + local_irq_restore(flags); } static inline void __uaccess_ttbr0_enable(void) @@ -127,10 +129,11 @@ static inline void __uaccess_ttbr0_enabl * roll-over and an update of 'ttbr0'. */ local_irq_save(flags); - ttbr0 = current_thread_info()->ttbr0; + ttbr0 = READ_ONCE(current_thread_info()->ttbr0); /* Restore active ASID */ ttbr1 = read_sysreg(ttbr1_el1); + ttbr1 &= ~TTBR_ASID_MASK; /* safety measure */ ttbr1 |= ttbr0 & TTBR_ASID_MASK; write_sysreg(ttbr1, ttbr1_el1); isb(); --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -204,7 +204,7 @@ alternative_if ARM64_HAS_PAN alternative_else_nop_endif .if \el != 0 - mrs x21, ttbr1_el1 + mrs x21, ttbr0_el1 tst x21, #TTBR_ASID_MASK // Check for the reserved ASID orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR b.eq 1f // TTBR0 access already disabled --- a/arch/arm64/lib/clear_user.S +++ b/arch/arm64/lib/clear_user.S @@ -50,7 +50,7 @@ uao_user_alternative 9f, strh, sttrh, wz b.mi 5f uao_user_alternative 9f, strb, sttrb, wzr, x0, 0 5: mov x0, #0 - uaccess_disable_not_uao x2 + uaccess_disable_not_uao x2, x3 ret ENDPROC(__clear_user) --- a/arch/arm64/lib/copy_from_user.S +++ b/arch/arm64/lib/copy_from_user.S @@ -67,7 +67,7 @@ ENTRY(__arch_copy_from_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" - uaccess_disable_not_uao x3 + uaccess_disable_not_uao x3, x4 mov x0, #0 // Nothing to copy ret ENDPROC(__arch_copy_from_user) --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -68,7 +68,7 @@ ENTRY(raw_copy_in_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" - uaccess_disable_not_uao x3 + uaccess_disable_not_uao x3, x4 mov x0, #0 ret ENDPROC(raw_copy_in_user) --- a/arch/arm64/lib/copy_to_user.S +++ b/arch/arm64/lib/copy_to_user.S @@ -66,7 +66,7 @@ ENTRY(__arch_copy_to_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" - uaccess_disable_not_uao x3 + uaccess_disable_not_uao x3, x4 mov x0, #0 ret ENDPROC(__arch_copy_to_user) --- a/arch/arm64/mm/cache.S +++ b/arch/arm64/mm/cache.S @@ -72,7 +72,7 @@ USER(9f, ic ivau, x4 ) // invalidate I isb mov x0, #0 1: - uaccess_ttbr0_disable x1 + uaccess_ttbr0_disable x1, x2 ret 9: mov x0, #-EFAULT --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -140,6 +140,9 @@ ENDPROC(cpu_do_resume) ENTRY(cpu_do_switch_mm) mrs x2, ttbr1_el1 mmid x1, x1 // get mm->context.id +#ifdef CONFIG_ARM64_SW_TTBR0_PAN + bfi x0, x1, #48, #16 // set the ASID field in TTBR0 +#endif bfi x2, x1, #48, #16 // set the ASID msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set) isb --- a/arch/arm64/xen/hypercall.S +++ b/arch/arm64/xen/hypercall.S @@ -107,6 +107,6 @@ ENTRY(privcmd_call) /* * Disable userspace access from kernel once the hyp call completed. */ - uaccess_ttbr0_disable x6 + uaccess_ttbr0_disable x6, x7 ret ENDPROC(privcmd_call); Patches currently in stable-queue which might be from catalin.marinas(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kill-psci_get_version-as-a-variant-2-workaround.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:21 +0000 Subject: [Variant 2/Spectre-v2] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 3a0a397ff5ff upstream. Now that we've standardised on SMCCC v1.1 to perform the branch prediction invalidation, let's drop the previous band-aid. If vendors haven't updated their firmware to do SMCCC 1.1, they haven't updated PSCI either, so we don't loose anything. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/bpi.S | 24 --------------------- arch/arm64/kernel/cpu_errata.c | 45 +++++++++++------------------------------ arch/arm64/kvm/hyp/switch.c | 14 ------------ 3 files changed, 13 insertions(+), 70 deletions(-) --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -54,30 +54,6 @@ ENTRY(__bp_harden_hyp_vecs_start) vectors __kvm_hyp_vector .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__psci_hyp_bp_inval_start) - sub sp, sp, #(8 * 18) - stp x16, x17, [sp, #(16 * 0)] - stp x14, x15, [sp, #(16 * 1)] - stp x12, x13, [sp, #(16 * 2)] - stp x10, x11, [sp, #(16 * 3)] - stp x8, x9, [sp, #(16 * 4)] - stp x6, x7, [sp, #(16 * 5)] - stp x4, x5, [sp, #(16 * 6)] - stp x2, x3, [sp, #(16 * 7)] - stp x0, x1, [sp, #(16 * 8)] - mov x0, #0x84000000 - smc #0 - ldp x16, x17, [sp, #(16 * 0)] - ldp x14, x15, [sp, #(16 * 1)] - ldp x12, x13, [sp, #(16 * 2)] - ldp x10, x11, [sp, #(16 * 3)] - ldp x8, x9, [sp, #(16 * 4)] - ldp x6, x7, [sp, #(16 * 5)] - ldp x4, x5, [sp, #(16 * 6)] - ldp x2, x3, [sp, #(16 * 7)] - ldp x0, x1, [sp, #(16 * 8)] - add sp, sp, #(8 * 18) -ENTRY(__psci_hyp_bp_inval_end) ENTRY(__qcom_hyp_sanitize_link_stack_start) stp x29, x30, [sp, #-16]! --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -67,7 +67,6 @@ static int cpu_enable_trap_ctr_access(vo DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); #ifdef CONFIG_KVM -extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; extern char __qcom_hyp_sanitize_link_stack_start[]; extern char __qcom_hyp_sanitize_link_stack_end[]; extern char __smccc_workaround_1_smc_start[]; @@ -116,8 +115,6 @@ static void __install_bp_hardening_cb(bp spin_unlock(&bp_lock); } #else -#define __psci_hyp_bp_inval_start NULL -#define __psci_hyp_bp_inval_end NULL #define __qcom_hyp_sanitize_link_stack_start NULL #define __qcom_hyp_sanitize_link_stack_end NULL #define __smccc_workaround_1_smc_start NULL @@ -164,24 +161,25 @@ static void call_hvc_arch_workaround_1(v arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); } -static bool check_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +static int enable_smccc_arch_workaround_1(void *data) { + const struct arm64_cpu_capabilities *entry = data; bp_hardening_cb_t cb; void *smccc_start, *smccc_end; struct arm_smccc_res res; if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return false; + return 0; if (psci_ops.smccc_version == SMCCC_VERSION_1_0) - return false; + return 0; switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if (res.a0) - return false; + return 0; cb = call_hvc_arch_workaround_1; smccc_start = __smccc_workaround_1_hvc_start; smccc_end = __smccc_workaround_1_hvc_end; @@ -191,35 +189,18 @@ static bool check_smccc_arch_workaround_ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if (res.a0) - return false; + return 0; cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: - return false; + return 0; } install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); - return true; -} - -static int enable_psci_bp_hardening(void *data) -{ - const struct arm64_cpu_capabilities *entry = data; - - if (psci_ops.get_version) { - if (check_smccc_arch_workaround_1(entry)) - return 0; - - install_bp_hardening_cb(entry, - (bp_hardening_cb_t)psci_ops.get_version, - __psci_hyp_bp_inval_start, - __psci_hyp_bp_inval_end); - } - return 0; } @@ -399,22 +380,22 @@ const struct arm64_cpu_capabilities arm6 { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, @@ -428,12 +409,12 @@ const struct arm64_cpu_capabilities arm6 { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), - .enable = enable_psci_bp_hardening, + .enable = enable_smccc_arch_workaround_1, }, #endif { --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -344,20 +344,6 @@ again: if (exit_code == ARM_EXCEPTION_TRAP && !__populate_fault_info(vcpu)) goto again; - if (exit_code == ARM_EXCEPTION_TRAP && - (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 || - kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32)) { - u32 val = vcpu_get_reg(vcpu, 0); - - if (val == PSCI_0_2_FN_PSCI_VERSION) { - val = kvm_psci_version(vcpu, kern_hyp_va(vcpu->kvm)); - if (unlikely(val == KVM_ARM_PSCI_0_1)) - val = PSCI_RET_NOT_SUPPORTED; - vcpu_set_reg(vcpu, 0, val); - goto again; - } - } - if (static_branch_unlikely(&vgic_v2_cpuif_trap) && exit_code == ARM_EXCEPTION_TRAP) { bool valid; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kpti: Add ->enable callback to remap swapper using nG mappings" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kpti: Add ->enable callback to remap swapper using nG mappings to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 6 Feb 2018 22:22:50 +0000 Subject: [Variant 3/Meltdown] arm64: kpti: Add ->enable callback to remap swapper using nG mappings From: Will Deacon <will.deacon(a)arm.com> Commit f992b4dfd58b upstream. Defaulting to global mappings for kernel space is generally good for performance and appears to be necessary for Cavium ThunderX. If we subsequently decide that we need to enable kpti, then we need to rewrite our existing page table entries to be non-global. This is fiddly, and made worse by the possible use of contiguous mappings, which require a strict break-before-make sequence. Since the enable callback runs on each online CPU from stop_machine context, we can have all CPUs enter the idmap, where secondaries can wait for the primary CPU to rewrite swapper with its MMU off. It's all fairly horrible, but at least it only runs once. Tested-by: Marc Zyngier <marc.zyngier(a)arm.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/mm/proc.S Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 4 arch/arm64/kernel/cpufeature.c | 25 ++++ arch/arm64/mm/proc.S | 202 +++++++++++++++++++++++++++++++++++-- 3 files changed, 224 insertions(+), 7 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -489,6 +489,10 @@ alternative_else_nop_endif #endif .endm + .macro pte_to_phys, phys, pte + and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) + .endm + /** * Errata workaround prior to disable MMU. Insert an ISB immediately prior * to executing the MSR that will change SCTLR_ELn[M] from a value of 1 to 0. --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -878,6 +878,30 @@ static bool unmap_kernel_at_el0(const st ID_AA64PFR0_CSV3_SHIFT); } +static int kpti_install_ng_mappings(void *__unused) +{ + typedef void (kpti_remap_fn)(int, int, phys_addr_t); + extern kpti_remap_fn idmap_kpti_install_ng_mappings; + kpti_remap_fn *remap_fn; + + static bool kpti_applied = false; + int cpu = smp_processor_id(); + + if (kpti_applied) + return 0; + + remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings); + + cpu_install_idmap(); + remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir)); + cpu_uninstall_idmap(); + + if (!cpu) + kpti_applied = true; + + return 0; +} + static int __init parse_kpti(char *str) { bool enabled; @@ -984,6 +1008,7 @@ static const struct arm64_cpu_capabiliti .capability = ARM64_UNMAP_KERNEL_AT_EL0, .def_scope = SCOPE_SYSTEM, .matches = unmap_kernel_at_el0, + .enable = kpti_install_ng_mappings, }, #endif { --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -153,6 +153,16 @@ ENTRY(cpu_do_switch_mm) ENDPROC(cpu_do_switch_mm) .pushsection ".idmap.text", "ax" + +.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 + adrp \tmp1, empty_zero_page + msr ttbr1_el1, \tmp2 + isb + tlbi vmalle1 + dsb nsh + isb +.endm + /* * void idmap_cpu_replace_ttbr1(phys_addr_t new_pgd) * @@ -162,13 +172,7 @@ ENDPROC(cpu_do_switch_mm) ENTRY(idmap_cpu_replace_ttbr1) save_and_disable_daif flags=x2 - adrp x1, empty_zero_page - msr ttbr1_el1, x1 - isb - - tlbi vmalle1 - dsb nsh - isb + __idmap_cpu_set_reserved_ttbr1 x1, x3 msr ttbr1_el1, x0 isb @@ -179,6 +183,190 @@ ENTRY(idmap_cpu_replace_ttbr1) ENDPROC(idmap_cpu_replace_ttbr1) .popsection +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + .pushsection ".idmap.text", "ax" + + .macro __idmap_kpti_get_pgtable_ent, type + dc cvac, cur_\()\type\()p // Ensure any existing dirty + dmb sy // lines are written back before + ldr \type, [cur_\()\type\()p] // loading the entry + tbz \type, #0, next_\()\type // Skip invalid entries + .endm + + .macro __idmap_kpti_put_pgtable_ent_ng, type + orr \type, \type, #PTE_NG // Same bit for blocks and pages + str \type, [cur_\()\type\()p] // Update the entry and ensure it + dc civac, cur_\()\type\()p // is visible to all CPUs. + .endm + +/* + * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper) + * + * Called exactly once from stop_machine context by each CPU found during boot. + */ +__idmap_kpti_flag: + .long 1 +ENTRY(idmap_kpti_install_ng_mappings) + cpu .req w0 + num_cpus .req w1 + swapper_pa .req x2 + swapper_ttb .req x3 + flag_ptr .req x4 + cur_pgdp .req x5 + end_pgdp .req x6 + pgd .req x7 + cur_pudp .req x8 + end_pudp .req x9 + pud .req x10 + cur_pmdp .req x11 + end_pmdp .req x12 + pmd .req x13 + cur_ptep .req x14 + end_ptep .req x15 + pte .req x16 + + mrs swapper_ttb, ttbr1_el1 + adr flag_ptr, __idmap_kpti_flag + + cbnz cpu, __idmap_kpti_secondary + + /* We're the boot CPU. Wait for the others to catch up */ + sevl +1: wfe + ldaxr w18, [flag_ptr] + eor w18, w18, num_cpus + cbnz w18, 1b + + /* We need to walk swapper, so turn off the MMU. */ + pre_disable_mmu_workaround + mrs x18, sctlr_el1 + bic x18, x18, #SCTLR_ELx_M + msr sctlr_el1, x18 + isb + + /* Everybody is enjoying the idmap, so we can rewrite swapper. */ + /* PGD */ + mov cur_pgdp, swapper_pa + add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8) +do_pgd: __idmap_kpti_get_pgtable_ent pgd + tbnz pgd, #1, walk_puds + __idmap_kpti_put_pgtable_ent_ng pgd +next_pgd: + add cur_pgdp, cur_pgdp, #8 + cmp cur_pgdp, end_pgdp + b.ne do_pgd + + /* Publish the updated tables and nuke all the TLBs */ + dsb sy + tlbi vmalle1is + dsb ish + isb + + /* We're done: fire up the MMU again */ + mrs x18, sctlr_el1 + orr x18, x18, #SCTLR_ELx_M + msr sctlr_el1, x18 + isb + + /* Set the flag to zero to indicate that we're all done */ + str wzr, [flag_ptr] + ret + + /* PUD */ +walk_puds: + .if CONFIG_PGTABLE_LEVELS > 3 + pte_to_phys cur_pudp, pgd + add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8) +do_pud: __idmap_kpti_get_pgtable_ent pud + tbnz pud, #1, walk_pmds + __idmap_kpti_put_pgtable_ent_ng pud +next_pud: + add cur_pudp, cur_pudp, 8 + cmp cur_pudp, end_pudp + b.ne do_pud + b next_pgd + .else /* CONFIG_PGTABLE_LEVELS <= 3 */ + mov pud, pgd + b walk_pmds +next_pud: + b next_pgd + .endif + + /* PMD */ +walk_pmds: + .if CONFIG_PGTABLE_LEVELS > 2 + pte_to_phys cur_pmdp, pud + add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8) +do_pmd: __idmap_kpti_get_pgtable_ent pmd + tbnz pmd, #1, walk_ptes + __idmap_kpti_put_pgtable_ent_ng pmd +next_pmd: + add cur_pmdp, cur_pmdp, #8 + cmp cur_pmdp, end_pmdp + b.ne do_pmd + b next_pud + .else /* CONFIG_PGTABLE_LEVELS <= 2 */ + mov pmd, pud + b walk_ptes +next_pmd: + b next_pud + .endif + + /* PTE */ +walk_ptes: + pte_to_phys cur_ptep, pmd + add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8) +do_pte: __idmap_kpti_get_pgtable_ent pte + __idmap_kpti_put_pgtable_ent_ng pte +next_pte: + add cur_ptep, cur_ptep, #8 + cmp cur_ptep, end_ptep + b.ne do_pte + b next_pmd + + /* Secondary CPUs end up here */ +__idmap_kpti_secondary: + /* Uninstall swapper before surgery begins */ + __idmap_cpu_set_reserved_ttbr1 x18, x17 + + /* Increment the flag to let the boot CPU we're ready */ +1: ldxr w18, [flag_ptr] + add w18, w18, #1 + stxr w17, w18, [flag_ptr] + cbnz w17, 1b + + /* Wait for the boot CPU to finish messing around with swapper */ + sevl +1: wfe + ldxr w18, [flag_ptr] + cbnz w18, 1b + + /* All done, act like nothing happened */ + msr ttbr1_el1, swapper_ttb + isb + ret + + .unreq cpu + .unreq num_cpus + .unreq swapper_pa + .unreq swapper_ttb + .unreq flag_ptr + .unreq cur_pgdp + .unreq end_pgdp + .unreq pgd + .unreq cur_pudp + .unreq end_pudp + .unreq pud + .unreq cur_pmdp + .unreq end_pmdp + .unreq pmd + .unreq cur_ptep + .unreq end_ptep + .unreq pte +ENDPROC(idmap_kpti_install_ng_mappings) + .popsection +#endif + /* * __cpu_setup * Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kconfig-add-config_unmap_kernel_at_el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:41:01 +0000 Subject: [Variant 3/Meltdown] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 From: Will Deacon <will.deacon(a)arm.com> Commit 084eb77cd3a8 upstream. Add a Kconfig entry to control use of the entry trampoline, which allows us to unmap the kernel whilst running in userspace and improve the robustness of KASLR. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -843,6 +843,19 @@ config FORCE_MAX_ZONEORDER However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 4M allocations matching the default size used by generic code. +config UNMAP_KERNEL_AT_EL0 + bool "Unmap kernel when running in userspace (aka \"KAISER\")" + default y + help + Some attacks against KASLR make use of the timing difference between + a permission fault which could arise from a page table entry that is + present in the TLB, and a translation fault which always requires a + page table walk. This option defends against these attacks by unmapping + the kernel whilst running in userspace, therefore forcing translation + faults for all of kernel space. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 16:19:39 +0000 Subject: [Variant 3/Meltdown] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry From: Will Deacon <will.deacon(a)arm.com> Commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -844,15 +844,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y. Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: kaslr: Put kernel vectors address in separate data page" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: kaslr: Put kernel vectors address in separate data page to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 6 Dec 2017 11:24:02 +0000 Subject: [Variant 3/Meltdown] arm64: kaslr: Put kernel vectors address in separate data page From: Will Deacon <will.deacon(a)arm.com> Commit 6c27c4082f4f upstream. The literal pool entry for identifying the vectors base is the only piece of information in the trampoline page that identifies the true location of the kernel. This patch moves it into a page-aligned region of the .rodata section and maps this adjacent to the trampoline text via an additional fixmap entry, which protects against any accidental leakage of the trampoline contents. Suggested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/fixmap.h | 1 + arch/arm64/kernel/entry.S | 14 ++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 5 ++++- arch/arm64/mm/mmu.c | 10 +++++++++- 4 files changed, 28 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -59,6 +59,7 @@ enum fixed_addresses { #endif /* CONFIG_ACPI_APEI_GHES */ #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -1030,7 +1030,13 @@ alternative_else_nop_endif msr tpidrro_el0, x30 // Restored in kernel_ventry .endif tramp_map_kernel x30 +#ifdef CONFIG_RANDOMIZE_BASE + adr x30, tramp_vectors + PAGE_SIZE +alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 + ldr x30, [x30] +#else ldr x30, =vectors +#endif prfm plil1strm, [x30, #(1b - tramp_vectors)] msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) @@ -1073,6 +1079,14 @@ END(tramp_exit_compat) .ltorg .popsection // .entry.tramp.text +#ifdef CONFIG_RANDOMIZE_BASE + .pushsection ".rodata", "a" + .align PAGE_SHIFT + .globl __entry_tramp_data_start +__entry_tramp_data_start: + .quad vectors + .popsection // .rodata +#endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -251,7 +251,10 @@ ASSERT(__idmap_text_end - (__idmap_text_ ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) <= SZ_4K, "Hibernate exit text too big or misaligned") #endif - +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE, + "Entry trampoline text too big") +#endif /* * If padding is applied before .head.text, virt<->phys conversions will fail. */ --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -541,8 +541,16 @@ static int __init map_entry_trampoline(v __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, prot, pgd_pgtable_alloc, 0); - /* ...as well as the kernel page table */ + /* Map both the text and data into the kernel page table */ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { + extern char __entry_tramp_data_start[]; + + __set_fixmap(FIX_ENTRY_TRAMP_DATA, + __pa_symbol(__entry_tramp_data_start), + PAGE_KERNEL_RO); + } + return 0; } core_initcall(map_entry_trampoline); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-implement-branch-predictor-hardening-for-falkor.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Shanker Donthineni <shankerd(a)codeaurora.org> Date: Fri, 5 Jan 2018 14:28:59 -0600 Subject: [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor From: Shanker Donthineni <shankerd(a)codeaurora.org> Commit ec82b567a74f upstream. Falkor is susceptible to branch predictor aliasing and can theoretically be attacked by malicious code. This patch implements a mitigation for these attacks, preventing any malicious entries from affecting other victim contexts. Signed-off-by: Shanker Donthineni <shankerd(a)codeaurora.org> [will: fix label name when !CONFIG_KVM and remove references to MIDR_FALKOR] Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/kvm_asm.h | 2 + arch/arm64/kernel/bpi.S | 8 +++++++ arch/arm64/kernel/cpu_errata.c | 40 +++++++++++++++++++++++++++++++++++++-- arch/arm64/kvm/hyp/entry.S | 12 +++++++++++ arch/arm64/kvm/hyp/switch.c | 8 +++++++ 6 files changed, 70 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -43,7 +43,8 @@ #define ARM64_SVE 22 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_HARDEN_BRANCH_PREDICTOR 24 +#define ARM64_HARDEN_BP_POST_GUEST_EXIT 25 -#define ARM64_NCAPS 25 +#define ARM64_NCAPS 26 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/kvm_asm.h +++ b/arch/arm64/include/asm/kvm_asm.h @@ -68,6 +68,8 @@ extern u32 __kvm_get_mdcr_el2(void); extern u32 __init_stage2_translation(void); +extern void __qcom_hyp_sanitize_btac_predictors(void); + #endif #endif /* __ARM_KVM_ASM_H__ */ --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -77,3 +77,11 @@ ENTRY(__psci_hyp_bp_inval_start) ldp x0, x1, [sp, #(16 * 8)] add sp, sp, #(8 * 18) ENTRY(__psci_hyp_bp_inval_end) + +ENTRY(__qcom_hyp_sanitize_link_stack_start) + stp x29, x30, [sp, #-16]! + .rept 16 + bl . + 4 + .endr + ldp x29, x30, [sp], #16 +ENTRY(__qcom_hyp_sanitize_link_stack_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -68,6 +68,8 @@ DEFINE_PER_CPU_READ_MOSTLY(struct bp_har #ifdef CONFIG_KVM extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; +extern char __qcom_hyp_sanitize_link_stack_start[]; +extern char __qcom_hyp_sanitize_link_stack_end[]; static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -110,8 +112,10 @@ static void __install_bp_hardening_cb(bp spin_unlock(&bp_lock); } #else -#define __psci_hyp_bp_inval_start NULL -#define __psci_hyp_bp_inval_end NULL +#define __psci_hyp_bp_inval_start NULL +#define __psci_hyp_bp_inval_end NULL +#define __qcom_hyp_sanitize_link_stack_start NULL +#define __qcom_hyp_sanitize_link_stack_end NULL static void __install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, @@ -152,6 +156,29 @@ static int enable_psci_bp_hardening(void return 0; } + +static void qcom_link_stack_sanitization(void) +{ + u64 tmp; + + asm volatile("mov %0, x30 \n" + ".rept 16 \n" + "bl . + 4 \n" + ".endr \n" + "mov x30, %0 \n" + : "=&r" (tmp)); +} + +static int qcom_enable_link_stack_sanitization(void *data) +{ + const struct arm64_cpu_capabilities *entry = data; + + install_bp_hardening_cb(entry, qcom_link_stack_sanitization, + __qcom_hyp_sanitize_link_stack_start, + __qcom_hyp_sanitize_link_stack_end); + + return 0; +} #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #define MIDR_RANGE(model, min, max) \ @@ -323,6 +350,15 @@ const struct arm64_cpu_capabilities arm6 MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), .enable = enable_psci_bp_hardening, }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), + .enable = qcom_enable_link_stack_sanitization, + }, + { + .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT, + MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), + }, #endif { } --- a/arch/arm64/kvm/hyp/entry.S +++ b/arch/arm64/kvm/hyp/entry.S @@ -196,3 +196,15 @@ alternative_endif eret ENDPROC(__fpsimd_guest_restore) + +ENTRY(__qcom_hyp_sanitize_btac_predictors) + /** + * Call SMC64 with Silicon provider serviceID 23<<8 (0xc2001700) + * 0xC2000000-0xC200FFFF: assigned to SiP Service Calls + * b15-b0: contains SiP functionID + */ + movz x0, #0x1700 + movk x0, #0xc200, lsl #16 + smc #0 + ret +ENDPROC(__qcom_hyp_sanitize_btac_predictors) --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -393,6 +393,14 @@ again: /* 0 falls through to be handled out of EL2 */ } + if (cpus_have_const_cap(ARM64_HARDEN_BP_POST_GUEST_EXIT)) { + u32 midr = read_cpuid_id(); + + /* Apply BTAC predictors mitigation to all Falkor chips */ + if ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1) + __qcom_hyp_sanitize_btac_predictors(); + } + fp_enabled = __fpsimd_enabled(); __sysreg_save_guest_state(guest_ctxt); Patches currently in stable-queue which might be from shankerd(a)codeaurora.org are queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: Implement array_index_mask_nospec()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: Implement array_index_mask_nospec() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-implement-array_index_mask_nospec.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 5 Feb 2018 15:34:17 +0000 Subject: [Variant 1/Spectre-v1] arm64: Implement array_index_mask_nospec() From: Robin Murphy <robin.murphy(a)arm.com> Commit 022620eed3d0 upstream. Provide an optimised, assembly implementation of array_index_mask_nospec() for arm64 so that the compiler is not in a position to transform the code in ways which affect its ability to inhibit speculation (e.g. by introducing conditional branches). This is similar to the sequence used by x86, modulo architectural differences in the carry/borrow flags. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/barrier.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) --- a/arch/arm64/include/asm/barrier.h +++ b/arch/arm64/include/asm/barrier.h @@ -41,6 +41,27 @@ #define dma_rmb() dmb(oshld) #define dma_wmb() dmb(oshst) +/* + * Generate a mask for array_index__nospec() that is ~0UL when 0 <= idx < sz + * and 0 otherwise. + */ +#define array_index_mask_nospec array_index_mask_nospec +static inline unsigned long array_index_mask_nospec(unsigned long idx, + unsigned long sz) +{ + unsigned long mask; + + asm volatile( + " cmp %1, %2\n" + " sbc %0, xzr, xzr\n" + : "=r" (mask) + : "r" (idx), "Ir" (sz) + : "cc"); + + csdb(); + return mask; +} + #define __smp_mb() dmb(ish) #define __smp_rmb() dmb(ishld) #define __smp_wmb() dmb(ishst) Patches currently in stable-queue which might be from robin.murphy(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for affected Cortex-A CPUs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for affected Cortex-A CPUs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 12:46:21 +0000 Subject: [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for affected Cortex-A CPUs From: Will Deacon <will.deacon(a)arm.com> Commit aa6acde65e03 upstream. Cortex-A57, A72, A73 and A75 are susceptible to branch predictor aliasing and can theoretically be attacked by malicious code. This patch implements a PSCI-based mitigation for these CPUs when available. The call into firmware will invalidate the branch predictor state, preventing any malicious entries from affecting other victim contexts. Co-developed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/bpi.S | 24 +++++++++++++++++++++++ arch/arm64/kernel/cpu_errata.c | 42 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -53,3 +53,27 @@ ENTRY(__bp_harden_hyp_vecs_start) vectors __kvm_hyp_vector .endr ENTRY(__bp_harden_hyp_vecs_end) +ENTRY(__psci_hyp_bp_inval_start) + sub sp, sp, #(8 * 18) + stp x16, x17, [sp, #(16 * 0)] + stp x14, x15, [sp, #(16 * 1)] + stp x12, x13, [sp, #(16 * 2)] + stp x10, x11, [sp, #(16 * 3)] + stp x8, x9, [sp, #(16 * 4)] + stp x6, x7, [sp, #(16 * 5)] + stp x4, x5, [sp, #(16 * 6)] + stp x2, x3, [sp, #(16 * 7)] + stp x0, x1, [sp, #(16 * 8)] + mov x0, #0x84000000 + smc #0 + ldp x16, x17, [sp, #(16 * 0)] + ldp x14, x15, [sp, #(16 * 1)] + ldp x12, x13, [sp, #(16 * 2)] + ldp x10, x11, [sp, #(16 * 3)] + ldp x8, x9, [sp, #(16 * 4)] + ldp x6, x7, [sp, #(16 * 5)] + ldp x4, x5, [sp, #(16 * 6)] + ldp x2, x3, [sp, #(16 * 7)] + ldp x0, x1, [sp, #(16 * 8)] + add sp, sp, #(8 * 18) +ENTRY(__psci_hyp_bp_inval_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -67,6 +67,8 @@ static int cpu_enable_trap_ctr_access(vo DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); #ifdef CONFIG_KVM +extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; + static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) { @@ -108,6 +110,9 @@ static void __install_bp_hardening_cb(bp spin_unlock(&bp_lock); } #else +#define __psci_hyp_bp_inval_start NULL +#define __psci_hyp_bp_inval_end NULL + static void __install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -132,6 +137,21 @@ static void install_bp_hardening_cb(con __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); } + +#include <linux/psci.h> + +static int enable_psci_bp_hardening(void *data) +{ + const struct arm64_cpu_capabilities *entry = data; + + if (psci_ops.get_version) + install_bp_hardening_cb(entry, + (bp_hardening_cb_t)psci_ops.get_version, + __psci_hyp_bp_inval_start, + __psci_hyp_bp_inval_end); + + return 0; +} #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #define MIDR_RANGE(model, min, max) \ @@ -282,6 +302,28 @@ const struct arm64_cpu_capabilities arm6 MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), + .enable = enable_psci_bp_hardening, + }, +#endif { } }; Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: futex: Mask __user pointers prior to dereference" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: futex: Mask __user pointers prior to dereference to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-futex-mask-__user-pointers-prior-to-dereference.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:24 +0000 Subject: [Variant 1/Spectre-v1] arm64: futex: Mask __user pointers prior to dereference From: Will Deacon <will.deacon(a)arm.com> Commit 91b2d3442f6a upstream. The arm64 futex code has some explicit dereferencing of user pointers where performing atomic operations in response to a futex command. This patch uses masking to limit any speculative futex operations to within the user address space. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/futex.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/futex.h +++ b/arch/arm64/include/asm/futex.h @@ -48,9 +48,10 @@ do { \ } while (0) static inline int -arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) +arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *_uaddr) { int oldval = 0, ret, tmp; + u32 __user *uaddr = __uaccess_mask_ptr(_uaddr); pagefault_disable(); @@ -88,15 +89,17 @@ arch_futex_atomic_op_inuser(int op, int } static inline int -futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *_uaddr, u32 oldval, u32 newval) { int ret = 0; u32 val, tmp; + u32 __user *uaddr; - if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + if (!access_ok(VERIFY_WRITE, _uaddr, sizeof(u32))) return -EFAULT; + uaddr = __uaccess_mask_ptr(_uaddr); uaccess_enable(); asm volatile("// futex_atomic_cmpxchg_inatomic\n" " prfm pstl1strm, %2\n" Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 12:00:00 +0000 Subject: [Variant 3/Meltdown] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives From: Will Deacon <will.deacon(a)arm.com> Commit 439e70e27a51 upstream. The identity map is mapped as both writeable and executable by the SWAPPER_MM_MMUFLAGS and this is relied upon by the kpti code to manage a synchronisation flag. Update the .pushsection flags to reflect the actual mapping attributes. Reported-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu-reset.S | 2 +- arch/arm64/kernel/head.S | 2 +- arch/arm64/kernel/sleep.S | 2 +- arch/arm64/mm/proc.S | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) --- a/arch/arm64/kernel/cpu-reset.S +++ b/arch/arm64/kernel/cpu-reset.S @@ -16,7 +16,7 @@ #include <asm/virt.h> .text -.pushsection .idmap.text, "ax" +.pushsection .idmap.text, "awx" /* * __cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) - Helper for --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -371,7 +371,7 @@ ENDPROC(__primary_switched) * end early head section, begin head code that is also used for * hotplug and needs to have the same protections as the text region */ - .section ".idmap.text","ax" + .section ".idmap.text","awx" ENTRY(kimage_vaddr) .quad _text - TEXT_OFFSET --- a/arch/arm64/kernel/sleep.S +++ b/arch/arm64/kernel/sleep.S @@ -96,7 +96,7 @@ ENTRY(__cpu_suspend_enter) ret ENDPROC(__cpu_suspend_enter) - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(cpu_resume) bl el2_setup // if in EL2 drop to EL1 cleanly bl __cpu_setup --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -86,7 +86,7 @@ ENDPROC(cpu_do_suspend) * * x0: Address of context pointer */ - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(cpu_do_resume) ldp x2, x3, [x0] ldp x4, x5, [x0, #16] @@ -152,7 +152,7 @@ ENTRY(cpu_do_switch_mm) ret ENDPROC(cpu_do_switch_mm) - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" .macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 adrp \tmp1, empty_zero_page @@ -184,7 +184,7 @@ ENDPROC(idmap_cpu_replace_ttbr1) .popsection #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" .macro __idmap_kpti_get_pgtable_ent, type dc cvac, cur_\()\type\()p // Ensure any existing dirty @@ -373,7 +373,7 @@ ENDPROC(idmap_kpti_install_ng_mappings) * Initialise the processor for turning the MMU on. Return in x0 the * value of the SCTLR_EL1 register. */ - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(__cpu_setup) tlbi vmalle1 // Invalidate local TLB dsb nsh Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:29:19 +0000 Subject: [Variant 3/Meltdown] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code From: Will Deacon <will.deacon(a)arm.com> Commit d1777e686ad1 upstream. We rely on an atomic swizzling of TTBR1 when transitioning from the entry trampoline to the kernel proper on an exception. We can't rely on this atomicity in the face of Falkor erratum #E1003, so on affected cores we can issue a TLB invalidation to invalidate the walk cache prior to jumping into the kernel. There is still the possibility of a TLB conflict here due to conflicting walk cache entries prior to the invalidation, but this doesn't appear to be the case on these CPUs in practice. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 17 +++++------------ arch/arm64/kernel/entry.S | 12 ++++++++++++ 2 files changed, 17 insertions(+), 12 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -522,20 +522,13 @@ config CAVIUM_ERRATUM_30115 config QCOM_FALKOR_ERRATUM_1003 bool "Falkor E1003: Incorrect translation due to ASID change" default y - select ARM64_PAN if ARM64_SW_TTBR0_PAN help On Falkor v1, an incorrect ASID may be cached in the TLB when ASID - and BADDR are changed together in TTBRx_EL1. The workaround for this - issue is to use a reserved ASID in cpu_do_switch_mm() before - switching to the new ASID. Saying Y here selects ARM64_PAN if - ARM64_SW_TTBR0_PAN is selected. This is done because implementing and - maintaining the E1003 workaround in the software PAN emulation code - would be an unnecessary complication. The affected Falkor v1 CPU - implements ARMv8.1 hardware PAN support and using hardware PAN - support versus software PAN emulation is mutually exclusive at - runtime. - - If unsure, say Y. + and BADDR are changed together in TTBRx_EL1. Since we keep the ASID + in TTBR1_EL1, this situation only occurs in the entry trampoline and + then only for entries in the walk cache, since the leaf translation + is unchanged. Work around the erratum by invalidating the walk cache + entries for the trampoline before entering the kernel proper. config QCOM_FALKOR_ERRATUM_1009 bool "Falkor E1009: Prematurely complete a DSB after a TLBI" --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -989,6 +989,18 @@ __ni_sys_trace: sub \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) bic \tmp, \tmp, #USER_ASID_FLAG msr ttbr1_el1, \tmp +#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003 +alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003 + /* ASID already in \tmp[63:48] */ + movk \tmp, #:abs_g2_nc:(TRAMP_VALIAS >> 12) + movk \tmp, #:abs_g1_nc:(TRAMP_VALIAS >> 12) + /* 2MB boundary containing the vectors, so we nobble the walk cache */ + movk \tmp, #:abs_g0_nc:((TRAMP_VALIAS & ~(SZ_2M - 1)) >> 12) + isb + tlbi vae1, \tmp + dsb nsh +alternative_else_nop_endif +#endif /* CONFIG_QCOM_FALKOR_ERRATUM_1003 */ .endm .macro tramp_unmap_kernel, tmp Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Mon, 29 Jan 2018 11:59:56 +0000 Subject: [Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 6dc52b15c4a4 upstream. Cavium ThunderX's erratum 27456 results in a corruption of icache entries that are loaded from memory that is mapped as non-global (i.e. ASID-tagged). As KPTI is based on memory being mapped non-global, let's prevent it from kicking in if this erratum is detected. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> [will: Update comment] Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -853,12 +853,23 @@ static int __kpti_forced; /* 0: not forc static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + char const *str = "command line option"; u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); - /* Forced on command line? */ + /* + * For reasons that aren't entirely clear, enabling KPTI on Cavium + * ThunderX leads to apparent I-cache corruption of kernel text, which + * ends as well as you might imagine. Don't even try. + */ + if (cpus_have_const_cap(ARM64_WORKAROUND_CAVIUM_27456)) { + str = "ARM64_WORKAROUND_CAVIUM_27456"; + __kpti_forced = -1; + } + + /* Forced? */ if (__kpti_forced) { - pr_info_once("kernel page table isolation forced %s by command line option\n", - __kpti_forced > 0 ? "ON" : "OFF"); + pr_info_once("kernel page table isolation forced %s by %s\n", + __kpti_forced > 0 ? "ON" : "OFF", str); return __kpti_forced > 0; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Hook up entry trampoline to exception vectors" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Hook up entry trampoline to exception vectors to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:24:29 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Hook up entry trampoline to exception vectors From: Will Deacon <will.deacon(a)arm.com> Commit 4bf3286d29f3 upstream. Hook up the entry trampoline to our exception vectors so that all exceptions from and returns to EL0 go via the trampoline, which swizzles the vector base register accordingly. Transitioning to and from the kernel clobbers x30, so we use tpidrro_el0 and far_el1 as scratch registers for native tasks. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -73,6 +73,17 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + .if \el == 0 + .if \regsize == 64 + mrs x30, tpidrro_el0 + msr tpidrro_el0, xzr + .else + mov x30, xzr + .endif + .endif +#endif + sub sp, sp, #S_FRAME_SIZE #ifdef CONFIG_VMAP_STACK /* @@ -119,6 +130,11 @@ b el\()\el\()_\label .endm + .macro tramp_alias, dst, sym + mov_q \dst, TRAMP_VALIAS + add \dst, \dst, #(\sym - .entry.tramp.text) + .endm + .macro kernel_entry, el, regsize = 64 .if \regsize == 32 mov w0, w0 // zero upper 32 bits of x0 @@ -271,18 +287,20 @@ alternative_else_nop_endif .if \el == 0 ldr x23, [sp, #S_SP] // load return stack pointer msr sp_el0, x23 + tst x22, #PSR_MODE32_BIT // native task? + b.eq 3f + #ifdef CONFIG_ARM64_ERRATUM_845719 alternative_if ARM64_WORKAROUND_845719 - tbz x22, #4, 1f #ifdef CONFIG_PID_IN_CONTEXTIDR mrs x29, contextidr_el1 msr contextidr_el1, x29 #else msr contextidr_el1, xzr #endif -1: alternative_else_nop_endif #endif +3: .endif msr elr_el1, x21 // set up the return data @@ -304,7 +322,22 @@ alternative_else_nop_endif ldp x28, x29, [sp, #16 * 14] ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp - eret // return to kernel + +#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 + eret +#else + .if \el == 0 + bne 4f + msr far_el1, x30 + tramp_alias x30, tramp_exit_native + br x30 +4: + tramp_alias x30, tramp_exit_compat + br x30 + .else + eret + .endif +#endif .endm .macro irq_stack_entry Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Reword comment about post_ttbr_update_workaround" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Reword comment about post_ttbr_update_workaround to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 29 Jan 2018 11:59:58 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Reword comment about post_ttbr_update_workaround From: Will Deacon <will.deacon(a)arm.com> Commit f167211a93ac upstream. We don't fully understand the Cavium ThunderX erratum, but it appears that mapping the kernel as nG can lead to horrible consequences such as attempting to execute userspace from kernel context. Since kpti isn't enabled for these CPUs anyway, simplify the comment justifying the lack of post_ttbr_update_workaround in the exception trampoline. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -1010,16 +1010,9 @@ alternative_else_nop_endif orr \tmp, \tmp, #USER_ASID_FLAG msr ttbr1_el1, \tmp /* - * We avoid running the post_ttbr_update_workaround here because the - * user and kernel ASIDs don't have conflicting mappings, so any - * "blessing" as described in: - * - * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com - * - * will not hurt correctness. Whilst this may partially defeat the - * point of using split ASIDs in the first place, it avoids - * the hit of invalidating the entire I-cache on every return to - * userspace. + * We avoid running the post_ttbr_update_workaround here because + * it's only needed by Cavium ThunderX, which requires KPTI to be + * disabled. */ .endm Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: entry: Ensure branch through syscall table is bounded under speculation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: entry: Ensure branch through syscall table is bounded under speculation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:20 +0000 Subject: [Variant 1/Spectre-v1] arm64: entry: Ensure branch through syscall table is bounded under speculation From: Will Deacon <will.deacon(a)arm.com> Commit 6314d90e6493 upstream. In a similar manner to array_index_mask_nospec, this patch introduces an assembly macro (mask_nospec64) which can be used to bound a value under speculation. This macro is then used to ensure that the indirect branch through the syscall table is bounded under speculation, with out-of-range addresses speculating as calls to sys_io_setup (0). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 11 +++++++++++ arch/arm64/kernel/entry.S | 2 ++ 2 files changed, 13 insertions(+) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -116,6 +116,17 @@ .endm /* + * Sanitise a 64-bit bounded index wrt speculation, returning zero if out + * of bounds. + */ + .macro mask_nospec64, idx, limit, tmp + sub \tmp, \idx, \limit + bic \tmp, \tmp, \idx + and \idx, \idx, \tmp, asr #63 + csdb + .endm + +/* * NOP sequence */ .macro nops, num --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -378,6 +378,7 @@ alternative_insn eret, nop, ARM64_UNMAP_ * x7 is reserved for the system call number in 32-bit mode. */ wsc_nr .req w25 // number of system calls +xsc_nr .req x25 // number of system calls (zero-extended) wscno .req w26 // syscall number xscno .req x26 // syscall number (zero-extended) stbl .req x27 // syscall table pointer @@ -932,6 +933,7 @@ el0_svc_naked: // compat entry point b.ne __sys_trace cmp wscno, wsc_nr // check upper syscall limit b.hs ni_sys + mask_nospec64 xscno, xsc_nr, x19 // enforce bounds for syscall number ldr x16, [stbl, xscno, lsl #3] // address in the syscall table blr x16 // call sys_* routine b ret_fast_syscall Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Explicitly pass exception level to kernel_ventry macro" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Explicitly pass exception level to kernel_ventry macro to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:20:21 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Explicitly pass exception level to kernel_ventry macro From: Will Deacon <will.deacon(a)arm.com> Commit 5b1f7fe41909 upstream. We will need to treat exceptions from EL0 differently in kernel_ventry, so rework the macro to take the exception level as an argument and construct the branch target using that. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 50 +++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 25 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -71,7 +71,7 @@ #define BAD_FIQ 2 #define BAD_ERROR 3 - .macro kernel_ventry label + .macro kernel_ventry, el, label, regsize = 64 .align 7 sub sp, sp, #S_FRAME_SIZE #ifdef CONFIG_VMAP_STACK @@ -84,7 +84,7 @@ tbnz x0, #THREAD_SHIFT, 0f sub x0, sp, x0 // x0'' = sp' - x0' = (sp + x0) - sp = x0 sub sp, sp, x0 // sp'' = sp' - x0 = (sp + x0) - x0 = sp - b \label + b el\()\el\()_\label 0: /* @@ -116,7 +116,7 @@ sub sp, sp, x0 mrs x0, tpidrro_el0 #endif - b \label + b el\()\el\()_\label .endm .macro kernel_entry, el, regsize = 64 @@ -369,31 +369,31 @@ tsk .req x28 // current thread_info .align 11 ENTRY(vectors) - kernel_ventry el1_sync_invalid // Synchronous EL1t - kernel_ventry el1_irq_invalid // IRQ EL1t - kernel_ventry el1_fiq_invalid // FIQ EL1t - kernel_ventry el1_error_invalid // Error EL1t - - kernel_ventry el1_sync // Synchronous EL1h - kernel_ventry el1_irq // IRQ EL1h - kernel_ventry el1_fiq_invalid // FIQ EL1h - kernel_ventry el1_error // Error EL1h - - kernel_ventry el0_sync // Synchronous 64-bit EL0 - kernel_ventry el0_irq // IRQ 64-bit EL0 - kernel_ventry el0_fiq_invalid // FIQ 64-bit EL0 - kernel_ventry el0_error // Error 64-bit EL0 + kernel_ventry 1, sync_invalid // Synchronous EL1t + kernel_ventry 1, irq_invalid // IRQ EL1t + kernel_ventry 1, fiq_invalid // FIQ EL1t + kernel_ventry 1, error_invalid // Error EL1t + + kernel_ventry 1, sync // Synchronous EL1h + kernel_ventry 1, irq // IRQ EL1h + kernel_ventry 1, fiq_invalid // FIQ EL1h + kernel_ventry 1, error // Error EL1h + + kernel_ventry 0, sync // Synchronous 64-bit EL0 + kernel_ventry 0, irq // IRQ 64-bit EL0 + kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0 + kernel_ventry 0, error // Error 64-bit EL0 #ifdef CONFIG_COMPAT - kernel_ventry el0_sync_compat // Synchronous 32-bit EL0 - kernel_ventry el0_irq_compat // IRQ 32-bit EL0 - kernel_ventry el0_fiq_invalid_compat // FIQ 32-bit EL0 - kernel_ventry el0_error_compat // Error 32-bit EL0 + kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0 + kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0 + kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0 + kernel_ventry 0, error_compat, 32 // Error 32-bit EL0 #else - kernel_ventry el0_sync_invalid // Synchronous 32-bit EL0 - kernel_ventry el0_irq_invalid // IRQ 32-bit EL0 - kernel_ventry el0_fiq_invalid // FIQ 32-bit EL0 - kernel_ventry el0_error_invalid // Error 32-bit EL0 + kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0 + kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0 + kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0 + kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0 #endif END(vectors) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 2 Feb 2018 17:31:40 +0000 Subject: [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 From: Will Deacon <will.deacon(a)arm.com> Commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena <dhettena(a)nvidia.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -828,6 +828,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -707,6 +707,12 @@ asmlinkage void __exception do_mem_abort arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 2 Feb 2018 17:31:39 +0000 Subject: [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions From: Will Deacon <will.deacon(a)arm.com> Commit 5dfc6ed27710 upstream. Software-step and PC alignment fault exceptions have higher priority than instruction abort exceptions, so apply the BP hardening hooks there too if the user PC appears to reside in kernel space. Reported-by: Dan Hettena <dhettena(a)nvidia.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 5 ++++- arch/arm64/mm/fault.c | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -767,7 +767,10 @@ el0_sp_pc: * Stack or PC alignment exception handling */ mrs x26, far_el1 - enable_daif + enable_da_f +#ifdef CONFIG_TRACE_IRQFLAGS + bl trace_hardirqs_off +#endif ct_user_exit mov x0, x26 mov x1, x25 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -731,6 +731,12 @@ asmlinkage void __exception do_sp_pc_abo struct siginfo info; struct task_struct *tsk = current; + if (user_mode(regs)) { + if (instruction_pointer(regs) > TASK_SIZE) + arm64_apply_bp_hardening(); + local_irq_enable(); + } + if (show_unhandled_signals && unhandled_signal(tsk, SIGBUS)) pr_info_ratelimited("%s[%d]: %s exception: pc=%p sp=%p\n", tsk->comm, task_pid_nr(tsk), @@ -790,6 +796,9 @@ asmlinkage int __exception do_debug_exce if (interrupts_enabled(regs)) trace_hardirqs_off(); + if (user_mode(regs) && instruction_pointer(regs) > TASK_SIZE) + arm64_apply_bp_hardening(); + if (!inf->fn(addr, esr, regs)) { rv = 1; } else { Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:38:19 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 From: Will Deacon <will.deacon(a)arm.com> Commit ea1e3de85e94 upstream. Allow explicit disabling of the entry trampoline on the kernel command line (kpti=off) by adding a fake CPU feature (ARM64_UNMAP_KERNEL_AT_EL0) that can be used to toggle the alternative sequences in our entry code and avoid use of the trampoline altogether if desired. This also allows us to make use of a static key in arm64_kernel_unmapped_at_el0(). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/mmu.h | 3 +- arch/arm64/kernel/cpufeature.c | 41 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 9 ++++---- 4 files changed, 50 insertions(+), 6 deletions(-) --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -41,7 +41,8 @@ #define ARM64_WORKAROUND_CAVIUM_30115 20 #define ARM64_HAS_DCPOP 21 #define ARM64_SVE 22 +#define ARM64_UNMAP_KERNEL_AT_EL0 23 -#define ARM64_NCAPS 23 +#define ARM64_NCAPS 24 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -36,7 +36,8 @@ typedef struct { static inline bool arm64_kernel_unmapped_at_el0(void) { - return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && + cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -846,6 +846,40 @@ static bool has_no_fpsimd(const struct a ID_AA64PFR0_FP_SHIFT) < 0; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + /* Forced on command line? */ + if (__kpti_forced) { + pr_info_once("kernel page table isolation forced %s by command line option\n", + __kpti_forced > 0 ? "ON" : "OFF"); + return __kpti_forced > 0; + } + + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) + return true; + + return false; +} + +static int __init parse_kpti(char *str) +{ + bool enabled; + int ret = strtobool(str, &enabled); + + if (ret) + return ret; + + __kpti_forced = enabled ? 1 : -1; + return 0; +} +__setup("kpti=", parse_kpti); +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -932,6 +966,13 @@ static const struct arm64_cpu_capabiliti .def_scope = SCOPE_SYSTEM, .matches = hyp_offset_low, }, +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + { + .capability = ARM64_UNMAP_KERNEL_AT_EL0, + .def_scope = SCOPE_SYSTEM, + .matches = unmap_kernel_at_el0, + }, +#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -74,6 +74,7 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el == 0 .if \regsize == 64 mrs x30, tpidrro_el0 @@ -82,6 +83,7 @@ mov x30, xzr .endif .endif +alternative_else_nop_endif #endif sub sp, sp, #S_FRAME_SIZE @@ -323,10 +325,9 @@ alternative_else_nop_endif ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp -#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 - eret -#else .if \el == 0 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x30 tramp_alias x30, tramp_exit_native @@ -334,10 +335,10 @@ alternative_else_nop_endif 4: tramp_alias x30, tramp_exit_compat br x30 +#endif .else eret .endif -#endif .endm .macro irq_stack_entry Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:07:40 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0 From: Will Deacon <will.deacon(a)arm.com> Commit c7b9adaf85f8 upstream. To allow unmapping of the kernel whilst running at EL0, we need to point the exception vectors at an entry trampoline that can map/unmap the kernel on entry/exit respectively. This patch adds the trampoline page, although it is not yet plugged into the vector table and is therefore unused. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 86 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 17 +++++++ 2 files changed, 103 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -28,6 +28,8 @@ #include <asm/errno.h> #include <asm/esr.h> #include <asm/irq.h> +#include <asm/memory.h> +#include <asm/mmu.h> #include <asm/processor.h> #include <asm/ptrace.h> #include <asm/thread_info.h> @@ -943,6 +945,90 @@ __ni_sys_trace: .popsection // .entry.text +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +/* + * Exception vectors trampoline. + */ + .pushsection ".entry.tramp.text", "ax" + + .macro tramp_map_kernel, tmp + mrs \tmp, ttbr1_el1 + sub \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) + bic \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + .endm + + .macro tramp_unmap_kernel, tmp + mrs \tmp, ttbr1_el1 + add \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) + orr \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + /* + * We avoid running the post_ttbr_update_workaround here because the + * user and kernel ASIDs don't have conflicting mappings, so any + * "blessing" as described in: + * + * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com + * + * will not hurt correctness. Whilst this may partially defeat the + * point of using split ASIDs in the first place, it avoids + * the hit of invalidating the entire I-cache on every return to + * userspace. + */ + .endm + + .macro tramp_ventry, regsize = 64 + .align 7 +1: + .if \regsize == 64 + msr tpidrro_el0, x30 // Restored in kernel_ventry + .endif + tramp_map_kernel x30 + ldr x30, =vectors + prfm plil1strm, [x30, #(1b - tramp_vectors)] + msr vbar_el1, x30 + add x30, x30, #(1b - tramp_vectors) + isb + br x30 + .endm + + .macro tramp_exit, regsize = 64 + adr x30, tramp_vectors + msr vbar_el1, x30 + tramp_unmap_kernel x30 + .if \regsize == 64 + mrs x30, far_el1 + .endif + eret + .endm + + .align 11 +ENTRY(tramp_vectors) + .space 0x400 + + tramp_ventry + tramp_ventry + tramp_ventry + tramp_ventry + + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 +END(tramp_vectors) + +ENTRY(tramp_exit_native) + tramp_exit +END(tramp_exit_native) + +ENTRY(tramp_exit_compat) + tramp_exit 32 +END(tramp_exit_compat) + + .ltorg + .popsection // .entry.tramp.text +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + /* * Special system call wrappers. */ --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -57,6 +57,17 @@ jiffies = jiffies_64; #define HIBERNATE_TEXT #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define TRAMP_TEXT \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \ + *(.entry.tramp.text) \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_end) = .; +#else +#define TRAMP_TEXT +#endif + /* * The size of the PE/COFF section that covers the kernel image, which * runs from stext to _edata, must be a round multiple of the PE/COFF @@ -113,6 +124,7 @@ SECTIONS HYPERVISOR_TEXT IDMAP_TEXT HIBERNATE_TEXT + TRAMP_TEXT *(.fixup) *(.gnu.warning) . = ALIGN(16); @@ -214,6 +226,11 @@ SECTIONS . += RESERVED_TTBR0_SIZE; #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + tramp_pg_dir = .; + . += PAGE_SIZE; +#endif + __pecoff_data_size = ABSOLUTE(. - __initdata_begin); _end = .; Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Sun, 7 Jan 2018 22:53:35 -0800 Subject: [Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs From: Jayachandran C <jnair(a)caviumnetworks.com> Commit 0d90718871fe upstream. Add the older Broadcom ID as well as the new Cavium ID for ThunderX2 CPUs. Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cputype.h | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -87,6 +87,7 @@ #define CAVIUM_CPU_PART_THUNDERX 0x0A1 #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2 #define CAVIUM_CPU_PART_THUNDERX_83XX 0x0A3 +#define CAVIUM_CPU_PART_THUNDERX2 0x0AF #define BRCM_CPU_PART_VULCAN 0x516 @@ -100,6 +101,8 @@ #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) +#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2) +#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN) #define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1) #define MIDR_QCOM_FALKOR MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR) #define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO) Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 11:19:34 +0000 Subject: [Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 From: Will Deacon <will.deacon(a)arm.com> Commit a65d219fe5dc upstream. Hook up MIDR values for the Cortex-A72 and Cortex-A75 CPUs, since they will soon need MIDR matches for hardening the branch predictor. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cputype.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -79,8 +79,10 @@ #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 #define ARM_CPU_PART_CORTEX_A57 0xD07 +#define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A53 0xD03 #define ARM_CPU_PART_CORTEX_A73 0xD09 +#define ARM_CPU_PART_CORTEX_A75 0xD0A #define APM_CPU_PART_POTENZA 0x000 @@ -97,7 +99,9 @@ #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) +#define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) +#define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpufeature-pass-capability-structure-to-enable-callback.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 2 Jan 2018 21:37:25 +0000 Subject: [Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback From: Will Deacon <will.deacon(a)arm.com> Commit 0a0d111d40fd upstream. In order to invoke the CPU capability ->matches callback from the ->enable callback for applying local-CPU workarounds, we need a handle on the capability structure. This patch passes a pointer to the capability structure to the ->enable callback. Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1215,7 +1215,7 @@ void __init enable_cpu_capabilities(cons * uses an IPI, giving us a PSTATE that disappears when * we return. */ - stop_machine(caps->enable, NULL, cpu_online_mask); + stop_machine(caps->enable, (void *)caps, cpu_online_mask); } } } @@ -1259,7 +1259,7 @@ verify_local_cpu_features(const struct a cpu_die_early(); } if (caps->enable) - caps->enable(NULL); + caps->enable((void *)caps); } } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: James Morse <james.morse(a)arm.com> Date: Mon, 15 Jan 2018 19:38:54 +0000 Subject: [Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early From: James Morse <james.morse(a)arm.com> Commit edf298cfce47 upstream. this_cpu_has_cap() tests caps->desc not caps->matches, so it stops walking the list when it finds a 'silent' feature, instead of walking to the end of the list. Prior to v4.6's 644c2ae198412 ("arm64: cpufeature: Test 'matches' pointer to find the end of the list") we always tested desc to find the end of a capability list. This was changed for dubious things like PAN_NOT_UAO. v4.7's e3661b128e53e ("arm64: Allow a capability to be checked on single CPU") added this_cpu_has_cap() using the old desc style test. CC: Suzuki K Poulose <suzuki.poulose(a)arm.com> Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Acked-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: James Morse <james.morse(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1173,9 +1173,8 @@ static bool __this_cpu_has_cap(const str if (WARN_ON(preemptible())) return false; - for (caps = cap_array; caps->desc; caps++) + for (caps = cap_array; caps->matches; caps++) if (caps->capability == cap && - caps->matches && caps->matches(caps, SCOPE_LOCAL_CPU)) return true; return false; Patches currently in stable-queue which might be from james.morse(a)arm.com are queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Stephen Boyd <sboyd(a)codeaurora.org> Date: Wed, 13 Dec 2017 14:19:37 -0800 Subject: [Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata From: Stephen Boyd <sboyd(a)codeaurora.org> Commit bb48711800e6 upstream. The Kryo CPUs are also affected by the Falkor 1003 errata, so we need to do the same workaround on Kryo CPUs. The MIDR is slightly more complicated here, where the PART number is not always the same when looking at all the bits from 15 to 4. Drop the lower 8 bits and just look at the top 4 to see if it's '2' and then consider those as Kryo CPUs. This covers all the combinations without having to list them all out. Fixes: 38fd94b0275c ("arm64: Work around Falkor erratum 1003") Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Conflicts: arch/arm64/include/asm/cputype.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/arm64/silicon-errata.txt | 2 +- arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) --- a/Documentation/arm64/silicon-errata.txt +++ b/Documentation/arm64/silicon-errata.txt @@ -72,7 +72,7 @@ stable kernels. | Hisilicon | Hip0{6,7} | #161010701 | N/A | | Hisilicon | Hip07 | #161600802 | HISILICON_ERRATUM_161600802 | | | | | | -| Qualcomm Tech. | Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | +| Qualcomm Tech. | Kryo/Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | | Qualcomm Tech. | Falkor v1 | E1009 | QCOM_FALKOR_ERRATUM_1009 | | Qualcomm Tech. | QDF2400 ITS | E0065 | QCOM_QDF2400_ERRATUM_0065 | | Qualcomm Tech. | Falkor v{1,2} | E1041 | QCOM_FALKOR_ERRATUM_1041 | --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -92,6 +92,7 @@ #define QCOM_CPU_PART_FALKOR_V1 0x800 #define QCOM_CPU_PART_FALKOR 0xC00 +#define QCOM_CPU_PART_KRYO 0x200 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) @@ -101,6 +102,7 @@ #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) #define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1) #define MIDR_QCOM_FALKOR MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR) +#define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO) #ifndef __ASSEMBLY__ --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -30,6 +30,20 @@ is_affected_midr_range(const struct arm6 entry->midr_range_max); } +static bool __maybe_unused +is_kryo_midr(const struct arm64_cpu_capabilities *entry, int scope) +{ + u32 model; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + model = read_cpuid_id(); + model &= MIDR_IMPLEMENTOR_MASK | (0xf00 << MIDR_PARTNUM_SHIFT) | + MIDR_ARCHITECTURE_MASK; + + return model == entry->midr_model; +} + static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) @@ -169,6 +183,13 @@ const struct arm64_cpu_capabilities arm6 MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(0, 0)), }, + { + .desc = "Qualcomm Technologies Kryo erratum 1003", + .capability = ARM64_WORKAROUND_QCOM_FALKOR_E1003, + .def_scope = SCOPE_LOCAL_CPU, + .midr_model = MIDR_QCOM_KRYO, + .matches = is_kryo_midr, + }, #endif #ifdef CONFIG_QCOM_FALKOR_ERRATUM_1009 { Patches currently in stable-queue which might be from sboyd(a)codeaurora.org are queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-branch-predictor-hardening-for-cavium-thunderx2.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Fri, 19 Jan 2018 04:22:47 -0800 Subject: [Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2 From: Jayachandran C <jnair(a)caviumnetworks.com> Commit f3d795d9b360 upstream. Use PSCI based mitigation for speculative execution attacks targeting the branch predictor. We use the same mechanism as the one used for Cortex-A CPUs, we expect the PSCI version call to have a side effect of clearing the BTBs. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu_errata.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -359,6 +359,16 @@ const struct arm64_cpu_capabilities arm6 .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT, MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), + .enable = enable_psci_bp_hardening, + }, #endif { } Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: capabilities: Handle duplicate entries for a capability" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: capabilities: Handle duplicate entries for a capability to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-capabilities-handle-duplicate-entries-for-a-capability.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Tue, 9 Jan 2018 16:12:18 +0000 Subject: [Variant 3/Meltdown] arm64: capabilities: Handle duplicate entries for a capability From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Commit 67948af41f2e upstream. Sometimes a single capability could be listed multiple times with differing matches(), e.g, CPU errata for different MIDR versions. This breaks verify_local_cpu_feature() and this_cpu_has_cap() as we stop checking for a capability on a CPU with the first entry in the given table, which is not sufficient. Make sure we run the checks for all entries of the same capability. We do this by fixing __this_cpu_has_cap() to run through all the entries in the given table for a match and reuse it for verify_local_cpu_feature(). Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Acked-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 44 +++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 21 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1118,6 +1118,26 @@ static void __init setup_elf_hwcaps(cons cap_set_elf_hwcap(hwcaps); } +/* + * Check if the current CPU has a given feature capability. + * Should be called from non-preemptible context. + */ +static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, + unsigned int cap) +{ + const struct arm64_cpu_capabilities *caps; + + if (WARN_ON(preemptible())) + return false; + + for (caps = cap_array; caps->desc; caps++) + if (caps->capability == cap && + caps->matches && + caps->matches(caps, SCOPE_LOCAL_CPU)) + return true; + return false; +} + void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps, const char *info) { @@ -1181,8 +1201,9 @@ verify_local_elf_hwcaps(const struct arm } static void -verify_local_cpu_features(const struct arm64_cpu_capabilities *caps) +verify_local_cpu_features(const struct arm64_cpu_capabilities *caps_list) { + const struct arm64_cpu_capabilities *caps = caps_list; for (; caps->matches; caps++) { if (!cpus_have_cap(caps->capability)) continue; @@ -1190,7 +1211,7 @@ verify_local_cpu_features(const struct a * If the new CPU misses an advertised feature, we cannot proceed * further, park the cpu. */ - if (!caps->matches(caps, SCOPE_LOCAL_CPU)) { + if (!__this_cpu_has_cap(caps_list, caps->capability)) { pr_crit("CPU%d: missing feature: %s\n", smp_processor_id(), caps->desc); cpu_die_early(); @@ -1272,25 +1293,6 @@ static void __init mark_const_caps_ready static_branch_enable(&arm64_const_caps_ready); } -/* - * Check if the current CPU has a given feature capability. - * Should be called from non-preemptible context. - */ -static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, - unsigned int cap) -{ - const struct arm64_cpu_capabilities *caps; - - if (WARN_ON(preemptible())) - return false; - - for (caps = cap_array; caps->desc; caps++) - if (caps->capability == cap && caps->matches) - return caps->matches(caps, SCOPE_LOCAL_CPU); - - return false; -} - extern const struct arm64_cpu_capabilities arm64_errata[]; bool this_cpu_has_cap(unsigned int cap) Patches currently in stable-queue which might be from suzuki.poulose(a)arm.com are queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: barrier: Add CSDB macros to control data-value prediction" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: barrier: Add CSDB macros to control data-value prediction to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:16 +0000 Subject: [Variant 1/Spectre-v1] arm64: barrier: Add CSDB macros to control data-value prediction From: Will Deacon <will.deacon(a)arm.com> Commit 669474e772b9 upstream. For CPUs capable of data value prediction, CSDB waits for any outstanding predictions to architecturally resolve before allowing speculative execution to continue. Provide macros to expose it to the arch code. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/include/asm/assembler.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 7 +++++++ arch/arm64/include/asm/barrier.h | 1 + 2 files changed, 8 insertions(+) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -109,6 +109,13 @@ .endm /* + * Value prediction barrier + */ + .macro csdb + hint #20 + .endm + +/* * NOP sequence */ .macro nops, num --- a/arch/arm64/include/asm/barrier.h +++ b/arch/arm64/include/asm/barrier.h @@ -32,6 +32,7 @@ #define dsb(opt) asm volatile("dsb " #opt : : : "memory") #define psb_csync() asm volatile("hint #17" : : : "memory") +#define csdb() asm volatile("hint #20" : : : "memory") #define mb() dsb(sy) #define rmb() dsb(ld) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Add skeleton to harden the branch predictor against aliasing attacks" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Add skeleton to harden the branch predictor against aliasing attacks to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 11:17:58 +0000 Subject: [Variant 2/Spectre-v2] arm64: Add skeleton to harden the branch predictor against aliasing attacks From: Will Deacon <will.deacon(a)arm.com> Commit 0f15adbb2861 upstream. Aliasing attacks against CPU branch predictors can allow an attacker to redirect speculative control flow on some CPUs and potentially divulge information from one context to another. This patch adds initial skeleton code behind a new Kconfig option to enable implementation-specific mitigations against these attacks for CPUs that are affected. Co-developed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/kernel/cpufeature.c Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 17 ++++++++ arch/arm64/include/asm/cpucaps.h | 3 + arch/arm64/include/asm/mmu.h | 37 +++++++++++++++++++ arch/arm64/include/asm/sysreg.h | 1 arch/arm64/kernel/Makefile | 4 ++ arch/arm64/kernel/bpi.S | 55 ++++++++++++++++++++++++++++ arch/arm64/kernel/cpu_errata.c | 74 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/cpufeature.c | 1 arch/arm64/kernel/entry.S | 7 ++- arch/arm64/mm/context.c | 2 + arch/arm64/mm/fault.c | 17 ++++++++ 11 files changed, 215 insertions(+), 3 deletions(-) create mode 100644 arch/arm64/kernel/bpi.S --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -855,6 +855,23 @@ config UNMAP_KERNEL_AT_EL0 If unsure, say Y. +config HARDEN_BRANCH_PREDICTOR + bool "Harden the branch predictor against aliasing attacks" if EXPERT + default y + help + Speculation attacks against some high-performance processors rely on + being able to manipulate the branch predictor for a victim context by + executing aliasing branches in the attacker context. Such attacks + can be partially mitigated against by clearing internal branch + predictor state and limiting the prediction logic in some situations. + + This config option will take CPU-specific actions to harden the + branch predictor against aliasing attacks and may rely on specific + instruction sequences or control bits being set by the system + firmware. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -42,7 +42,8 @@ #define ARM64_HAS_DCPOP 21 #define ARM64_SVE 22 #define ARM64_UNMAP_KERNEL_AT_EL0 23 +#define ARM64_HARDEN_BRANCH_PREDICTOR 24 -#define ARM64_NCAPS 24 +#define ARM64_NCAPS 25 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -41,6 +41,43 @@ static inline bool arm64_kernel_unmapped cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } +typedef void (*bp_hardening_cb_t)(void); + +struct bp_hardening_data { + int hyp_vectors_slot; + bp_hardening_cb_t fn; +}; + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[]; + +DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); + +static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) +{ + return this_cpu_ptr(&bp_hardening_data); +} + +static inline void arm64_apply_bp_hardening(void) +{ + struct bp_hardening_data *d; + + if (!cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) + return; + + d = arm64_get_bp_hardening_data(); + if (d->fn) + d->fn(); +} +#else +static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) +{ + return NULL; +} + +static inline void arm64_apply_bp_hardening(void) { } +#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ + extern void paging_init(void); extern void bootmem_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -438,6 +438,7 @@ /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 +#define ID_AA64PFR0_CSV2_SHIFT 56 #define ID_AA64PFR0_SVE_SHIFT 32 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -53,6 +53,10 @@ arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o +ifeq ($(CONFIG_KVM),y) +arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o +endif + obj-y += $(arm64-obj-y) vdso/ probes/ obj-m += $(arm64-obj-m) head-y := head.o --- /dev/null +++ b/arch/arm64/kernel/bpi.S @@ -0,0 +1,55 @@ +/* + * Contains CPU specific branch predictor invalidation sequences + * + * Copyright (C) 2018 ARM Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <linux/linkage.h> + +.macro ventry target + .rept 31 + nop + .endr + b \target +.endm + +.macro vectors target + ventry \target + 0x000 + ventry \target + 0x080 + ventry \target + 0x100 + ventry \target + 0x180 + + ventry \target + 0x200 + ventry \target + 0x280 + ventry \target + 0x300 + ventry \target + 0x380 + + ventry \target + 0x400 + ventry \target + 0x480 + ventry \target + 0x500 + ventry \target + 0x580 + + ventry \target + 0x600 + ventry \target + 0x680 + ventry \target + 0x700 + ventry \target + 0x780 +.endm + + .align 11 +ENTRY(__bp_harden_hyp_vecs_start) + .rept 4 + vectors __kvm_hyp_vector + .endr +ENTRY(__bp_harden_hyp_vecs_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -60,6 +60,80 @@ static int cpu_enable_trap_ctr_access(vo return 0; } +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +#include <asm/mmu_context.h> +#include <asm/cacheflush.h> + +DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); + +#ifdef CONFIG_KVM +static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + void *dst = lm_alias(__bp_harden_hyp_vecs_start + slot * SZ_2K); + int i; + + for (i = 0; i < SZ_2K; i += 0x80) + memcpy(dst + i, hyp_vecs_start, hyp_vecs_end - hyp_vecs_start); + + flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K); +} + +static void __install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + static int last_slot = -1; + static DEFINE_SPINLOCK(bp_lock); + int cpu, slot = -1; + + spin_lock(&bp_lock); + for_each_possible_cpu(cpu) { + if (per_cpu(bp_hardening_data.fn, cpu) == fn) { + slot = per_cpu(bp_hardening_data.hyp_vectors_slot, cpu); + break; + } + } + + if (slot == -1) { + last_slot++; + BUG_ON(((__bp_harden_hyp_vecs_end - __bp_harden_hyp_vecs_start) + / SZ_2K) <= last_slot); + slot = last_slot; + __copy_hyp_vect_bpi(slot, hyp_vecs_start, hyp_vecs_end); + } + + __this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot); + __this_cpu_write(bp_hardening_data.fn, fn); + spin_unlock(&bp_lock); +} +#else +static void __install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + __this_cpu_write(bp_hardening_data.fn, fn); +} +#endif /* CONFIG_KVM */ + +static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, + bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) +{ + u64 pfr0; + + if (!entry->matches(entry, SCOPE_LOCAL_CPU)) + return; + + pfr0 = read_cpuid(ID_AA64PFR0_EL1); + if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT)) + return; + + __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); +} +#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ + #define MIDR_RANGE(model, min, max) \ .def_scope = SCOPE_LOCAL_CPU, \ .matches = is_affected_midr_range, \ --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -146,6 +146,7 @@ static const struct arm64_ftr_bits ftr_i static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV2_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_GIC_SHIFT, 4, 0), --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -722,12 +722,15 @@ el0_ia: * Instruction abort handling */ mrs x26, far_el1 - enable_daif + enable_da_f +#ifdef CONFIG_TRACE_IRQFLAGS + bl trace_hardirqs_off +#endif ct_user_exit mov x0, x26 mov x1, x25 mov x2, sp - bl do_mem_abort + bl do_el0_ia_bp_hardening b ret_to_user el0_fpsimd_acc: /* --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -246,6 +246,8 @@ asmlinkage void post_ttbr_update_workaro "ic iallu; dsb nsh; isb", ARM64_WORKAROUND_CAVIUM_27456, CONFIG_CAVIUM_ERRATUM_27456)); + + arm64_apply_bp_hardening(); } static int asids_init(void) --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -707,6 +707,23 @@ asmlinkage void __exception do_mem_abort arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, + unsigned int esr, + struct pt_regs *regs) +{ + /* + * We've taken an instruction abort from userspace and not yet + * re-enabled IRQs. If the address is a kernel address, apply + * BP hardening prior to enabling IRQs and pre-emption. + */ + if (addr > TASK_SIZE) + arm64_apply_bp_hardening(); + + local_irq_enable(); + do_mem_abort(addr, esr, regs); +} + + asmlinkage void __exception do_sp_pc_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:20 +0000 Subject: [Variant 2/Spectre-v2] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support From: Marc Zyngier <marc.zyngier(a)arm.com> Commit b092201e0020 upstream. Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1. It is lovely. Really. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/bpi.S | 20 ++++++++++++ arch/arm64/kernel/cpu_errata.c | 68 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 87 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -17,6 +17,7 @@ */ #include <linux/linkage.h> +#include <linux/arm-smccc.h> .macro ventry target .rept 31 @@ -85,3 +86,22 @@ ENTRY(__qcom_hyp_sanitize_link_stack_sta .endr ldp x29, x30, [sp], #16 ENTRY(__qcom_hyp_sanitize_link_stack_end) + +.macro smccc_workaround_1 inst + sub sp, sp, #(8 * 4) + stp x2, x3, [sp, #(8 * 0)] + stp x0, x1, [sp, #(8 * 2)] + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1 + \inst #0 + ldp x2, x3, [sp, #(8 * 0)] + ldp x0, x1, [sp, #(8 * 2)] + add sp, sp, #(8 * 4) +.endm + +ENTRY(__smccc_workaround_1_smc_start) + smccc_workaround_1 smc +ENTRY(__smccc_workaround_1_smc_end) + +ENTRY(__smccc_workaround_1_hvc_start) + smccc_workaround_1 hvc +ENTRY(__smccc_workaround_1_hvc_end) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -70,6 +70,10 @@ DEFINE_PER_CPU_READ_MOSTLY(struct bp_har extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; extern char __qcom_hyp_sanitize_link_stack_start[]; extern char __qcom_hyp_sanitize_link_stack_end[]; +extern char __smccc_workaround_1_smc_start[]; +extern char __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_1_hvc_start[]; +extern char __smccc_workaround_1_hvc_end[]; static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -116,6 +120,10 @@ static void __install_bp_hardening_cb(bp #define __psci_hyp_bp_inval_end NULL #define __qcom_hyp_sanitize_link_stack_start NULL #define __qcom_hyp_sanitize_link_stack_end NULL +#define __smccc_workaround_1_smc_start NULL +#define __smccc_workaround_1_smc_end NULL +#define __smccc_workaround_1_hvc_start NULL +#define __smccc_workaround_1_hvc_end NULL static void __install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, @@ -142,17 +150,75 @@ static void install_bp_hardening_cb(con __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); } +#include <uapi/linux/psci.h> +#include <linux/arm-smccc.h> #include <linux/psci.h> +static void call_smc_arch_workaround_1(void) +{ + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static void call_hvc_arch_workaround_1(void) +{ + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static bool check_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +{ + bp_hardening_cb_t cb; + void *smccc_start, *smccc_end; + struct arm_smccc_res res; + + if (!entry->matches(entry, SCOPE_LOCAL_CPU)) + return false; + + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + return false; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if (res.a0) + return false; + cb = call_hvc_arch_workaround_1; + smccc_start = __smccc_workaround_1_hvc_start; + smccc_end = __smccc_workaround_1_hvc_end; + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if (res.a0) + return false; + cb = call_smc_arch_workaround_1; + smccc_start = __smccc_workaround_1_smc_start; + smccc_end = __smccc_workaround_1_smc_end; + break; + + default: + return false; + } + + install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); + + return true; +} + static int enable_psci_bp_hardening(void *data) { const struct arm64_cpu_capabilities *entry = data; - if (psci_ops.get_version) + if (psci_ops.get_version) { + if (check_smccc_arch_workaround_1(entry)) + return 0; + install_bp_hardening_cb(entry, (bp_hardening_cb_t)psci_ops.get_version, __psci_hyp_bp_inval_start, __psci_hyp_bp_inval_end); + } return 0; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: smccc: Make function identifiers an unsigned quantity" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: smccc: Make function identifiers an unsigned quantity to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:18 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: smccc: Make function identifiers an unsigned quantity From: Marc Zyngier <marc.zyngier(a)arm.com> Commit ded4c39e93f3 upstream. Function identifiers are a 32bit, unsigned quantity. But we never tell so to the compiler, resulting in the following: 4ac: b26187e0 mov x0, #0xffffffff80000001 We thus rely on the firmware narrowing it for us, which is not always a reasonable expectation. Cc: stable(a)vger.kernel.org Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/arm-smccc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -14,14 +14,16 @@ #ifndef __LINUX_ARM_SMCCC_H #define __LINUX_ARM_SMCCC_H +#include <uapi/linux/const.h> + /* * This file provides common defines for ARM SMC Calling Convention as * specified in * http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html */ -#define ARM_SMCCC_STD_CALL 0 -#define ARM_SMCCC_FAST_CALL 1 +#define ARM_SMCCC_STD_CALL _AC(0,U) +#define ARM_SMCCC_FAST_CALL _AC(1,U) #define ARM_SMCCC_TYPE_SHIFT 31 #define ARM_SMCCC_SMC_32 0 Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Turn kvm_psci_version into a static inline" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Turn kvm_psci_version into a static inline to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:13 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Turn kvm_psci_version into a static inline From: Marc Zyngier <marc.zyngier(a)arm.com> Commit a4097b351118 upstream. We're about to need kvm_psci_version in HYP too. So let's turn it into a static inline, and pass the kvm structure as a second parameter (so that HYP can do a kern_hyp_va on it). Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/hyp/switch.c | 18 +++++++++++------- include/kvm/arm_psci.h | 21 ++++++++++++++++++++- virt/kvm/arm/psci.c | 12 ++---------- 3 files changed, 33 insertions(+), 18 deletions(-) --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -19,6 +19,8 @@ #include <linux/jump_label.h> #include <uapi/linux/psci.h> +#include <kvm/arm_psci.h> + #include <asm/kvm_asm.h> #include <asm/kvm_emulate.h> #include <asm/kvm_hyp.h> @@ -344,14 +346,16 @@ again: if (exit_code == ARM_EXCEPTION_TRAP && (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 || - kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32) && - vcpu_get_reg(vcpu, 0) == PSCI_0_2_FN_PSCI_VERSION) { - u64 val = PSCI_RET_NOT_SUPPORTED; - if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) - val = 2; + kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32)) { + u32 val = vcpu_get_reg(vcpu, 0); - vcpu_set_reg(vcpu, 0, val); - goto again; + if (val == PSCI_0_2_FN_PSCI_VERSION) { + val = kvm_psci_version(vcpu, kern_hyp_va(vcpu->kvm)); + if (unlikely(val == KVM_ARM_PSCI_0_1)) + val = PSCI_RET_NOT_SUPPORTED; + vcpu_set_reg(vcpu, 0, val); + goto again; + } } if (static_branch_unlikely(&vgic_v2_cpuif_trap) && --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -18,6 +18,7 @@ #ifndef __KVM_ARM_PSCI_H__ #define __KVM_ARM_PSCI_H__ +#include <linux/kvm_host.h> #include <uapi/linux/psci.h> #define KVM_ARM_PSCI_0_1 PSCI_VERSION(0, 1) @@ -26,7 +27,25 @@ #define KVM_ARM_PSCI_LATEST KVM_ARM_PSCI_1_0 -int kvm_psci_version(struct kvm_vcpu *vcpu); +/* + * We need the KVM pointer independently from the vcpu as we can call + * this from HYP, and need to apply kern_hyp_va on it... + */ +static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm) +{ + /* + * Our PSCI implementation stays the same across versions from + * v0.2 onward, only adding the few mandatory functions (such + * as FEATURES with 1.0) that are required by newer + * revisions. It is thus safe to return the latest. + */ + if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) + return KVM_ARM_PSCI_LATEST; + + return KVM_ARM_PSCI_0_1; +} + + int kvm_hvc_call_handler(struct kvm_vcpu *vcpu); #endif /* __KVM_ARM_PSCI_H__ */ --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -123,7 +123,7 @@ static unsigned long kvm_psci_vcpu_on(st if (!vcpu) return PSCI_RET_INVALID_PARAMS; if (!vcpu->arch.power_off) { - if (kvm_psci_version(source_vcpu) != KVM_ARM_PSCI_0_1) + if (kvm_psci_version(source_vcpu, kvm) != KVM_ARM_PSCI_0_1) return PSCI_RET_ALREADY_ON; else return PSCI_RET_INVALID_PARAMS; @@ -232,14 +232,6 @@ static void kvm_psci_system_reset(struct kvm_prepare_system_event(vcpu, KVM_SYSTEM_EVENT_RESET); } -int kvm_psci_version(struct kvm_vcpu *vcpu) -{ - if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) - return KVM_ARM_PSCI_LATEST; - - return KVM_ARM_PSCI_0_1; -} - static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; @@ -397,7 +389,7 @@ static int kvm_psci_0_1_call(struct kvm_ */ static int kvm_psci_call(struct kvm_vcpu *vcpu) { - switch (kvm_psci_version(vcpu)) { + switch (kvm_psci_version(vcpu, vcpu->kvm)) { case KVM_ARM_PSCI_1_0: return kvm_psci_1_0_call(vcpu); case KVM_ARM_PSCI_0_2: Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:19 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive From: Marc Zyngier <marc.zyngier(a)arm.com> Commit f2d3b2e8759a upstream. One of the major improvement of SMCCC v1.1 is that it only clobbers the first 4 registers, both on 32 and 64bit. This means that it becomes very easy to provide an inline version of the SMC call primitive, and avoid performing a function call to stash the registers that would otherwise be clobbered by SMCCC v1.0. Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/arm-smccc.h | 141 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -150,5 +150,146 @@ asmlinkage void __arm_smccc_hvc(unsigned #define arm_smccc_hvc_quirk(...) __arm_smccc_hvc(__VA_ARGS__) +/* SMCCC v1.1 implementation madness follows */ +#ifdef CONFIG_ARM64 + +#define SMCCC_SMC_INST "smc #0" +#define SMCCC_HVC_INST "hvc #0" + +#elif defined(CONFIG_ARM) +#include <asm/opcodes-sec.h> +#include <asm/opcodes-virt.h> + +#define SMCCC_SMC_INST __SMC(0) +#define SMCCC_HVC_INST __HVC(0) + +#endif + +#define ___count_args(_0, _1, _2, _3, _4, _5, _6, _7, _8, x, ...) x + +#define __count_args(...) \ + ___count_args(__VA_ARGS__, 7, 6, 5, 4, 3, 2, 1, 0) + +#define __constraint_write_0 \ + "+r" (r0), "=&r" (r1), "=&r" (r2), "=&r" (r3) +#define __constraint_write_1 \ + "+r" (r0), "+r" (r1), "=&r" (r2), "=&r" (r3) +#define __constraint_write_2 \ + "+r" (r0), "+r" (r1), "+r" (r2), "=&r" (r3) +#define __constraint_write_3 \ + "+r" (r0), "+r" (r1), "+r" (r2), "+r" (r3) +#define __constraint_write_4 __constraint_write_3 +#define __constraint_write_5 __constraint_write_4 +#define __constraint_write_6 __constraint_write_5 +#define __constraint_write_7 __constraint_write_6 + +#define __constraint_read_0 +#define __constraint_read_1 +#define __constraint_read_2 +#define __constraint_read_3 +#define __constraint_read_4 "r" (r4) +#define __constraint_read_5 __constraint_read_4, "r" (r5) +#define __constraint_read_6 __constraint_read_5, "r" (r6) +#define __constraint_read_7 __constraint_read_6, "r" (r7) + +#define __declare_arg_0(a0, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register unsigned long r1 asm("r1"); \ + register unsigned long r2 asm("r2"); \ + register unsigned long r3 asm("r3") + +#define __declare_arg_1(a0, a1, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register typeof(a1) r1 asm("r1") = a1; \ + register unsigned long r2 asm("r2"); \ + register unsigned long r3 asm("r3") + +#define __declare_arg_2(a0, a1, a2, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register typeof(a1) r1 asm("r1") = a1; \ + register typeof(a2) r2 asm("r2") = a2; \ + register unsigned long r3 asm("r3") + +#define __declare_arg_3(a0, a1, a2, a3, res) \ + struct arm_smccc_res *___res = res; \ + register u32 r0 asm("r0") = a0; \ + register typeof(a1) r1 asm("r1") = a1; \ + register typeof(a2) r2 asm("r2") = a2; \ + register typeof(a3) r3 asm("r3") = a3 + +#define __declare_arg_4(a0, a1, a2, a3, a4, res) \ + __declare_arg_3(a0, a1, a2, a3, res); \ + register typeof(a4) r4 asm("r4") = a4 + +#define __declare_arg_5(a0, a1, a2, a3, a4, a5, res) \ + __declare_arg_4(a0, a1, a2, a3, a4, res); \ + register typeof(a5) r5 asm("r5") = a5 + +#define __declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res) \ + __declare_arg_5(a0, a1, a2, a3, a4, a5, res); \ + register typeof(a6) r6 asm("r6") = a6 + +#define __declare_arg_7(a0, a1, a2, a3, a4, a5, a6, a7, res) \ + __declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res); \ + register typeof(a7) r7 asm("r7") = a7 + +#define ___declare_args(count, ...) __declare_arg_ ## count(__VA_ARGS__) +#define __declare_args(count, ...) ___declare_args(count, __VA_ARGS__) + +#define ___constraints(count) \ + : __constraint_write_ ## count \ + : __constraint_read_ ## count \ + : "memory" +#define __constraints(count) ___constraints(count) + +/* + * We have an output list that is not necessarily used, and GCC feels + * entitled to optimise the whole sequence away. "volatile" is what + * makes it stick. + */ +#define __arm_smccc_1_1(inst, ...) \ + do { \ + __declare_args(__count_args(__VA_ARGS__), __VA_ARGS__); \ + asm volatile(inst "\n" \ + __constraints(__count_args(__VA_ARGS__))); \ + if (___res) \ + *___res = (typeof(*___res)){r0, r1, r2, r3}; \ + } while (0) + +/* + * arm_smccc_1_1_smc() - make an SMCCC v1.1 compliant SMC call + * + * This is a variadic macro taking one to eight source arguments, and + * an optional return structure. + * + * @a0-a7: arguments passed in registers 0 to 7 + * @res: result values from registers 0 to 3 + * + * This macro is used to make SMC calls following SMC Calling Convention v1.1. + * The content of the supplied param are copied to registers 0 to 7 prior + * to the SMC instruction. The return values are updated with the content + * from register 0 to 3 on return from the SMC instruction if not NULL. + */ +#define arm_smccc_1_1_smc(...) __arm_smccc_1_1(SMCCC_SMC_INST, __VA_ARGS__) + +/* + * arm_smccc_1_1_hvc() - make an SMCCC v1.1 compliant HVC call + * + * This is a variadic macro taking one to eight source arguments, and + * an optional return structure. + * + * @a0-a7: arguments passed in registers 0 to 7 + * @res: result values from registers 0 to 3 + * + * This macro is used to make HVC calls following SMC Calling Convention v1.1. + * The content of the supplied param are copied to registers 0 to 7 prior + * to the HVC instruction. The return values are updated with the content + * from register 0 to 3 on return from the HVC instruction if not NULL. + */ +#define arm_smccc_1_1_hvc(...) __arm_smccc_1_1(SMCCC_HVC_INST, __VA_ARGS__) + #endif /*__ASSEMBLY__*/ #endif /*__LINUX_ARM_SMCCC_H*/ Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Consolidate the PSCI include files" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Consolidate the PSCI include files to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-consolidate-the-psci-include-files.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:08 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Consolidate the PSCI include files From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 1a2fb94e6a77 upstream. As we're about to update the PSCI support, and because I'm lazy, let's move the PSCI include file to include/kvm so that both ARM architectures can find it. Acked-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/asm/kvm_psci.h | 27 --------------------------- arch/arm/kvm/handle_exit.c | 2 +- arch/arm64/include/asm/kvm_psci.h | 27 --------------------------- arch/arm64/kvm/handle_exit.c | 3 ++- include/kvm/arm_psci.h | 27 +++++++++++++++++++++++++++ virt/kvm/arm/arm.c | 2 +- virt/kvm/arm/psci.c | 3 ++- 7 files changed, 33 insertions(+), 58 deletions(-) delete mode 100644 arch/arm/include/asm/kvm_psci.h rename arch/arm64/include/asm/kvm_psci.h => include/kvm/arm_psci.h (89%) --- a/arch/arm/include/asm/kvm_psci.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2012 - ARM Ltd - * Author: Marc Zyngier <marc.zyngier(a)arm.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef __ARM_KVM_PSCI_H__ -#define __ARM_KVM_PSCI_H__ - -#define KVM_ARM_PSCI_0_1 1 -#define KVM_ARM_PSCI_0_2 2 - -int kvm_psci_version(struct kvm_vcpu *vcpu); -int kvm_psci_call(struct kvm_vcpu *vcpu); - -#endif /* __ARM_KVM_PSCI_H__ */ --- a/arch/arm/kvm/handle_exit.c +++ b/arch/arm/kvm/handle_exit.c @@ -21,7 +21,7 @@ #include <asm/kvm_emulate.h> #include <asm/kvm_coproc.h> #include <asm/kvm_mmu.h> -#include <asm/kvm_psci.h> +#include <kvm/arm_psci.h> #include <trace/events/kvm.h> #include "trace.h" --- a/arch/arm64/include/asm/kvm_psci.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2012,2013 - ARM Ltd - * Author: Marc Zyngier <marc.zyngier(a)arm.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef __ARM64_KVM_PSCI_H__ -#define __ARM64_KVM_PSCI_H__ - -#define KVM_ARM_PSCI_0_1 1 -#define KVM_ARM_PSCI_0_2 2 - -int kvm_psci_version(struct kvm_vcpu *vcpu); -int kvm_psci_call(struct kvm_vcpu *vcpu); - -#endif /* __ARM64_KVM_PSCI_H__ */ --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -22,12 +22,13 @@ #include <linux/kvm.h> #include <linux/kvm_host.h> +#include <kvm/arm_psci.h> + #include <asm/esr.h> #include <asm/kvm_asm.h> #include <asm/kvm_coproc.h> #include <asm/kvm_emulate.h> #include <asm/kvm_mmu.h> -#include <asm/kvm_psci.h> #include <asm/debug-monitors.h> #define CREATE_TRACE_POINTS --- /dev/null +++ b/include/kvm/arm_psci.h @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2012,2013 - ARM Ltd + * Author: Marc Zyngier <marc.zyngier(a)arm.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef __KVM_ARM_PSCI_H__ +#define __KVM_ARM_PSCI_H__ + +#define KVM_ARM_PSCI_0_1 1 +#define KVM_ARM_PSCI_0_2 2 + +int kvm_psci_version(struct kvm_vcpu *vcpu); +int kvm_psci_call(struct kvm_vcpu *vcpu); + +#endif /* __KVM_ARM_PSCI_H__ */ --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -31,6 +31,7 @@ #include <linux/irqbypass.h> #include <trace/events/kvm.h> #include <kvm/arm_pmu.h> +#include <kvm/arm_psci.h> #define CREATE_TRACE_POINTS #include "trace.h" @@ -46,7 +47,6 @@ #include <asm/kvm_mmu.h> #include <asm/kvm_emulate.h> #include <asm/kvm_coproc.h> -#include <asm/kvm_psci.h> #include <asm/sections.h> #ifdef REQUIRES_VIRT --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -21,9 +21,10 @@ #include <asm/cputype.h> #include <asm/kvm_emulate.h> -#include <asm/kvm_psci.h> #include <asm/kvm_host.h> +#include <kvm/arm_psci.h> + #include <uapi/linux/psci.h> /* Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Implement PSCI 1.0 support" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Implement PSCI 1.0 support to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-implement-psci-1.0-support.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:11 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Implement PSCI 1.0 support From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 58e0b2239a4d upstream. PSCI 1.0 can be trivially implemented by providing the FEATURES call on top of PSCI 0.2 and returning 1.0 as the PSCI version. We happily ignore everything else, as they are either optional or are clarifications that do not require any additional change. PSCI 1.0 is now the default until we decide to add a userspace selection API. Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/kvm/arm_psci.h | 3 +++ virt/kvm/arm/psci.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 1 deletion(-) --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -22,6 +22,9 @@ #define KVM_ARM_PSCI_0_1 PSCI_VERSION(0, 1) #define KVM_ARM_PSCI_0_2 PSCI_VERSION(0, 2) +#define KVM_ARM_PSCI_1_0 PSCI_VERSION(1, 0) + +#define KVM_ARM_PSCI_LATEST KVM_ARM_PSCI_1_0 int kvm_psci_version(struct kvm_vcpu *vcpu); int kvm_psci_call(struct kvm_vcpu *vcpu); --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -234,7 +234,7 @@ static void kvm_psci_system_reset(struct int kvm_psci_version(struct kvm_vcpu *vcpu) { if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) - return KVM_ARM_PSCI_0_2; + return KVM_ARM_PSCI_LATEST; return KVM_ARM_PSCI_0_1; } @@ -313,6 +313,47 @@ static int kvm_psci_0_2_call(struct kvm_ return ret; } +static int kvm_psci_1_0_call(struct kvm_vcpu *vcpu) +{ + u32 psci_fn = smccc_get_function(vcpu); + u32 feature; + unsigned long val; + int ret = 1; + + switch(psci_fn) { + case PSCI_0_2_FN_PSCI_VERSION: + val = KVM_ARM_PSCI_1_0; + break; + case PSCI_1_0_FN_PSCI_FEATURES: + feature = smccc_get_arg1(vcpu); + switch(feature) { + case PSCI_0_2_FN_PSCI_VERSION: + case PSCI_0_2_FN_CPU_SUSPEND: + case PSCI_0_2_FN64_CPU_SUSPEND: + case PSCI_0_2_FN_CPU_OFF: + case PSCI_0_2_FN_CPU_ON: + case PSCI_0_2_FN64_CPU_ON: + case PSCI_0_2_FN_AFFINITY_INFO: + case PSCI_0_2_FN64_AFFINITY_INFO: + case PSCI_0_2_FN_MIGRATE_INFO_TYPE: + case PSCI_0_2_FN_SYSTEM_OFF: + case PSCI_0_2_FN_SYSTEM_RESET: + case PSCI_1_0_FN_PSCI_FEATURES: + val = 0; + break; + default: + val = PSCI_RET_NOT_SUPPORTED; + break; + } + break; + default: + return kvm_psci_0_2_call(vcpu); + } + + smccc_set_retval(vcpu, val, 0, 0, 0); + return ret; +} + static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; @@ -355,6 +396,8 @@ static int kvm_psci_0_1_call(struct kvm_ int kvm_psci_call(struct kvm_vcpu *vcpu) { switch (kvm_psci_version(vcpu)) { + case KVM_ARM_PSCI_1_0: + return kvm_psci_1_0_call(vcpu); case KVM_ARM_PSCI_0_2: return kvm_psci_0_2_call(vcpu); case KVM_ARM_PSCI_0_1: Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Advertise SMCCC v1.1" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Advertise SMCCC v1.1 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-advertise-smccc-v1.1.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:12 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Advertise SMCCC v1.1 From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 09e6be12effd upstream. The new SMC Calling Convention (v1.1) allows for a reduced overhead when calling into the firmware, and provides a new feature discovery mechanism. Make it visible to KVM guests. Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/kvm/handle_exit.c | 2 +- arch/arm64/kvm/handle_exit.c | 2 +- include/kvm/arm_psci.h | 2 +- include/linux/arm-smccc.h | 13 +++++++++++++ virt/kvm/arm/psci.c | 24 +++++++++++++++++++++++- 5 files changed, 39 insertions(+), 4 deletions(-) --- a/arch/arm/kvm/handle_exit.c +++ b/arch/arm/kvm/handle_exit.c @@ -36,7 +36,7 @@ static int handle_hvc(struct kvm_vcpu *v kvm_vcpu_hvc_get_imm(vcpu)); vcpu->stat.hvc_exit_stat++; - ret = kvm_psci_call(vcpu); + ret = kvm_hvc_call_handler(vcpu); if (ret < 0) { kvm_inject_undefined(vcpu); return 1; --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -44,7 +44,7 @@ static int handle_hvc(struct kvm_vcpu *v kvm_vcpu_hvc_get_imm(vcpu)); vcpu->stat.hvc_exit_stat++; - ret = kvm_psci_call(vcpu); + ret = kvm_hvc_call_handler(vcpu); if (ret < 0) { vcpu_set_reg(vcpu, 0, ~0UL); return 1; --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -27,6 +27,6 @@ #define KVM_ARM_PSCI_LATEST KVM_ARM_PSCI_1_0 int kvm_psci_version(struct kvm_vcpu *vcpu); -int kvm_psci_call(struct kvm_vcpu *vcpu); +int kvm_hvc_call_handler(struct kvm_vcpu *vcpu); #endif /* __KVM_ARM_PSCI_H__ */ --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -60,6 +60,19 @@ #define ARM_SMCCC_QUIRK_NONE 0 #define ARM_SMCCC_QUIRK_QCOM_A6 1 /* Save/restore register a6 */ +#define ARM_SMCCC_VERSION_1_0 0x10000 +#define ARM_SMCCC_VERSION_1_1 0x10001 + +#define ARM_SMCCC_VERSION_FUNC_ID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 0) + +#define ARM_SMCCC_ARCH_FEATURES_FUNC_ID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 1) + #ifndef __ASSEMBLY__ #include <linux/linkage.h> --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -15,6 +15,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <linux/arm-smccc.h> #include <linux/preempt.h> #include <linux/kvm_host.h> #include <linux/wait.h> @@ -339,6 +340,7 @@ static int kvm_psci_1_0_call(struct kvm_ case PSCI_0_2_FN_SYSTEM_OFF: case PSCI_0_2_FN_SYSTEM_RESET: case PSCI_1_0_FN_PSCI_FEATURES: + case ARM_SMCCC_VERSION_FUNC_ID: val = 0; break; default: @@ -393,7 +395,7 @@ static int kvm_psci_0_1_call(struct kvm_ * Errors: * -EINVAL: Unrecognized PSCI function */ -int kvm_psci_call(struct kvm_vcpu *vcpu) +static int kvm_psci_call(struct kvm_vcpu *vcpu) { switch (kvm_psci_version(vcpu)) { case KVM_ARM_PSCI_1_0: @@ -406,3 +408,23 @@ int kvm_psci_call(struct kvm_vcpu *vcpu) return -EINVAL; }; } + +int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) +{ + u32 func_id = smccc_get_function(vcpu); + u32 val = PSCI_RET_NOT_SUPPORTED; + + switch (func_id) { + case ARM_SMCCC_VERSION_FUNC_ID: + val = ARM_SMCCC_VERSION_1_1; + break; + case ARM_SMCCC_ARCH_FEATURES_FUNC_ID: + /* Nothing supported yet */ + break; + default: + return kvm_psci_call(vcpu); + } + + smccc_set_retval(vcpu, val, 0, 0, 0); + return 1; +} Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Add smccc accessors to PSCI code" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Add smccc accessors to PSCI code to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:10 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Add smccc accessors to PSCI code From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 84684fecd7ea upstream. Instead of open coding the accesses to the various registers, let's add explicit SMCCC accessors. Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- virt/kvm/arm/psci.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 10 deletions(-) --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -32,6 +32,38 @@ #define AFFINITY_MASK(level) ~((0x1UL << ((level) * MPIDR_LEVEL_BITS)) - 1) +static u32 smccc_get_function(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 0); +} + +static unsigned long smccc_get_arg1(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 1); +} + +static unsigned long smccc_get_arg2(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 2); +} + +static unsigned long smccc_get_arg3(struct kvm_vcpu *vcpu) +{ + return vcpu_get_reg(vcpu, 3); +} + +static void smccc_set_retval(struct kvm_vcpu *vcpu, + unsigned long a0, + unsigned long a1, + unsigned long a2, + unsigned long a3) +{ + vcpu_set_reg(vcpu, 0, a0); + vcpu_set_reg(vcpu, 1, a1); + vcpu_set_reg(vcpu, 2, a2); + vcpu_set_reg(vcpu, 3, a3); +} + static unsigned long psci_affinity_mask(unsigned long affinity_level) { if (affinity_level <= 3) @@ -77,7 +109,7 @@ static unsigned long kvm_psci_vcpu_on(st unsigned long context_id; phys_addr_t target_pc; - cpu_id = vcpu_get_reg(source_vcpu, 1) & MPIDR_HWID_BITMASK; + cpu_id = smccc_get_arg1(source_vcpu) & MPIDR_HWID_BITMASK; if (vcpu_mode_is_32bit(source_vcpu)) cpu_id &= ~((u32) 0); @@ -96,8 +128,8 @@ static unsigned long kvm_psci_vcpu_on(st return PSCI_RET_INVALID_PARAMS; } - target_pc = vcpu_get_reg(source_vcpu, 2); - context_id = vcpu_get_reg(source_vcpu, 3); + target_pc = smccc_get_arg2(source_vcpu); + context_id = smccc_get_arg3(source_vcpu); kvm_reset_vcpu(vcpu); @@ -116,7 +148,7 @@ static unsigned long kvm_psci_vcpu_on(st * NOTE: We always update r0 (or x0) because for PSCI v0.1 * the general puspose registers are undefined upon CPU_ON. */ - vcpu_set_reg(vcpu, 0, context_id); + smccc_set_retval(vcpu, context_id, 0, 0, 0); vcpu->arch.power_off = false; smp_mb(); /* Make sure the above is visible */ @@ -136,8 +168,8 @@ static unsigned long kvm_psci_vcpu_affin struct kvm *kvm = vcpu->kvm; struct kvm_vcpu *tmp; - target_affinity = vcpu_get_reg(vcpu, 1); - lowest_affinity_level = vcpu_get_reg(vcpu, 2); + target_affinity = smccc_get_arg1(vcpu); + lowest_affinity_level = smccc_get_arg2(vcpu); /* Determine target affinity mask */ target_affinity_mask = psci_affinity_mask(lowest_affinity_level); @@ -210,7 +242,7 @@ int kvm_psci_version(struct kvm_vcpu *vc static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; - unsigned long psci_fn = vcpu_get_reg(vcpu, 0) & ~((u32) 0); + u32 psci_fn = smccc_get_function(vcpu); unsigned long val; int ret = 1; @@ -277,14 +309,14 @@ static int kvm_psci_0_2_call(struct kvm_ break; } - vcpu_set_reg(vcpu, 0, val); + smccc_set_retval(vcpu, val, 0, 0, 0); return ret; } static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; - unsigned long psci_fn = vcpu_get_reg(vcpu, 0) & ~((u32) 0); + u32 psci_fn = smccc_get_function(vcpu); unsigned long val; switch (psci_fn) { @@ -302,7 +334,7 @@ static int kvm_psci_0_1_call(struct kvm_ break; } - vcpu_set_reg(vcpu, 0, val); + smccc_set_retval(vcpu, val, 0, 0, 0); return 1; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm/arm64: KVM: Add PSCI_VERSION helper" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm/arm64: KVM: Add PSCI_VERSION helper to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-arm64-kvm-add-psci_version-helper.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:09 +0000 Subject: [Variant 2/Spectre-v2] arm/arm64: KVM: Add PSCI_VERSION helper From: Marc Zyngier <marc.zyngier(a)arm.com> Commit d0a144f12a7c upstream. As we're about to trigger a PSCI version explosion, it doesn't hurt to introduce a PSCI_VERSION helper that is going to be used everywhere. Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/kvm/arm_psci.h | 6 ++++-- include/uapi/linux/psci.h | 3 +++ virt/kvm/arm/psci.c | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -18,8 +18,10 @@ #ifndef __KVM_ARM_PSCI_H__ #define __KVM_ARM_PSCI_H__ -#define KVM_ARM_PSCI_0_1 1 -#define KVM_ARM_PSCI_0_2 2 +#include <uapi/linux/psci.h> + +#define KVM_ARM_PSCI_0_1 PSCI_VERSION(0, 1) +#define KVM_ARM_PSCI_0_2 PSCI_VERSION(0, 2) int kvm_psci_version(struct kvm_vcpu *vcpu); int kvm_psci_call(struct kvm_vcpu *vcpu); --- a/include/uapi/linux/psci.h +++ b/include/uapi/linux/psci.h @@ -88,6 +88,9 @@ (((ver) & PSCI_VERSION_MAJOR_MASK) >> PSCI_VERSION_MAJOR_SHIFT) #define PSCI_VERSION_MINOR(ver) \ ((ver) & PSCI_VERSION_MINOR_MASK) +#define PSCI_VERSION(maj, min) \ + ((((maj) << PSCI_VERSION_MAJOR_SHIFT) & PSCI_VERSION_MAJOR_MASK) | \ + ((min) & PSCI_VERSION_MINOR_MASK)) /* PSCI features decoding (>=1.0) */ #define PSCI_1_0_FEATURES_CPU_SUSPEND_PF_SHIFT 1 --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -25,8 +25,6 @@ #include <kvm/arm_psci.h> -#include <uapi/linux/psci.h> - /* * This is an implementation of the Power State Coordination Interface * as described in ARM document number ARM DEN 0022A. @@ -222,7 +220,7 @@ static int kvm_psci_0_2_call(struct kvm_ * Bits[31:16] = Major Version = 0 * Bits[15:0] = Minor Version = 2 */ - val = 2; + val = KVM_ARM_PSCI_0_2; break; case PSCI_0_2_FN_CPU_SUSPEND: case PSCI_0_2_FN64_CPU_SUSPEND: Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "media: hdpvr: Fix an error handling path in hdpvr_probe()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: hdpvr: Fix an error handling path in hdpvr_probe() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c0f71bbb810237a38734607ca4599632f7f5d47f Mon Sep 17 00:00:00 2001 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Fri, 22 Sep 2017 09:07:06 -0400 Subject: media: hdpvr: Fix an error handling path in hdpvr_probe() From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> commit c0f71bbb810237a38734607ca4599632f7f5d47f upstream. Here, hdpvr_register_videodev() is responsible for setup and register a video device. Also defining and initializing a worker. hdpvr_register_videodev() is calling by hdpvr_probe at last. So no need to flush any work here. Unregister v4l2, free buffers and memory. If hdpvr_probe() will fail. Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/hdpvr/hdpvr-core.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) --- a/drivers/media/usb/hdpvr/hdpvr-core.c +++ b/drivers/media/usb/hdpvr/hdpvr-core.c @@ -292,7 +292,7 @@ static int hdpvr_probe(struct usb_interf /* register v4l2_device early so it can be used for printks */ if (v4l2_device_register(&interface->dev, &dev->v4l2_dev)) { dev_err(&interface->dev, "v4l2_device_register failed\n"); - goto error; + goto error_free_dev; } mutex_init(&dev->io_mutex); @@ -301,7 +301,7 @@ static int hdpvr_probe(struct usb_interf dev->usbc_buf = kmalloc(64, GFP_KERNEL); if (!dev->usbc_buf) { v4l2_err(&dev->v4l2_dev, "Out of memory\n"); - goto error; + goto error_v4l2_unregister; } init_waitqueue_head(&dev->wait_buffer); @@ -339,13 +339,13 @@ static int hdpvr_probe(struct usb_interf } if (!dev->bulk_in_endpointAddr) { v4l2_err(&dev->v4l2_dev, "Could not find bulk-in endpoint\n"); - goto error; + goto error_put_usb; } /* init the device */ if (hdpvr_device_init(dev)) { v4l2_err(&dev->v4l2_dev, "device init failed\n"); - goto error; + goto error_put_usb; } mutex_lock(&dev->io_mutex); @@ -353,7 +353,7 @@ static int hdpvr_probe(struct usb_interf mutex_unlock(&dev->io_mutex); v4l2_err(&dev->v4l2_dev, "allocating transfer buffers failed\n"); - goto error; + goto error_put_usb; } mutex_unlock(&dev->io_mutex); @@ -361,7 +361,7 @@ static int hdpvr_probe(struct usb_interf retval = hdpvr_register_i2c_adapter(dev); if (retval < 0) { v4l2_err(&dev->v4l2_dev, "i2c adapter register failed\n"); - goto error; + goto error_free_buffers; } client = hdpvr_register_ir_rx_i2c(dev); @@ -394,13 +394,17 @@ static int hdpvr_probe(struct usb_interf reg_fail: #if IS_ENABLED(CONFIG_I2C) i2c_del_adapter(&dev->i2c_adapter); +error_free_buffers: #endif + hdpvr_free_buffers(dev); +error_put_usb: + usb_put_dev(dev->udev); + kfree(dev->usbc_buf); +error_v4l2_unregister: + v4l2_device_unregister(&dev->v4l2_dev); +error_free_dev: + kfree(dev); error: - if (dev) { - flush_work(&dev->worker); - /* this frees allocated memory */ - hdpvr_delete(dev); - } return retval; } Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-4.14/media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7bf7a7116ed313c601307f7e585419369926ab05 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:21 -0400 Subject: media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 7bf7a7116ed313c601307f7e585419369926ab05 upstream. When the tuner was split from m88rs2000 the attach function is in wrong place. Move to dm04_lme2510_tuner to trap errors on failure and removing a call to lme_coldreset. Prevents driver starting up without any tuner connected. Fixes to trap for ts2020 fail. LME2510(C): FE Found M88RS2000 ts2020: probe of 0-0060 failed with error -11 ... LME2510(C): TUN Found RS2000 tuner kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -1076,8 +1076,6 @@ static int dm04_lme2510_frontend_attach( if (adap->fe[0]) { info("FE Found M88RS2000"); - dvb_attach(ts2020_attach, adap->fe[0], &ts2020_config, - &d->i2c_adap); st->i2c_tuner_gate_w = 5; st->i2c_tuner_gate_r = 5; st->i2c_tuner_addr = 0x60; @@ -1143,17 +1141,18 @@ static int dm04_lme2510_tuner(struct dvb ret = st->tuner_config; break; case TUNER_RS2000: - ret = st->tuner_config; + if (dvb_attach(ts2020_attach, adap->fe[0], + &ts2020_config, &d->i2c_adap)) + ret = st->tuner_config; break; default: break; } - if (ret) + if (ret) { info("TUN Found %s tuner", tun_msg[ret]); - else { - info("TUN No tuner found --- resetting device"); - lme_coldreset(d); + } else { + info("TUN No tuner found"); return -ENODEV; } Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.14/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.14/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: Improve logic checking of warm start" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: Improve logic checking of warm start to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d932ee27e852e4904647f15b64dedca51187ad7 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:20 -0400 Subject: media: dvb-usb-v2: lmedm04: Improve logic checking of warm start From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream. Warm start has no check as whether a genuine device has connected and proceeds to next execution path. Check device should read 0x47 at offset of 2 on USB descriptor read and it is the amount requested of 6 bytes. Fix for kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access as Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -494,18 +494,23 @@ static int lme2510_pid_filter(struct dvb static int lme2510_return_status(struct dvb_usb_device *d) { - int ret = 0; + int ret; u8 *data; - data = kzalloc(10, GFP_KERNEL); + data = kzalloc(6, GFP_KERNEL); if (!data) return -ENOMEM; - ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), - 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200); - info("Firmware Status: %x (%x)", ret , data[2]); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), + 0x06, 0x80, 0x0302, 0x00, + data, 0x6, 200); + if (ret != 6) + ret = -EINVAL; + else + ret = data[2]; + + info("Firmware Status: %6ph", data); - ret = (ret < 0) ? -ENODEV : data[2]; kfree(data); return ret; } @@ -1189,6 +1194,7 @@ static int lme2510_get_adapter_count(str static int lme2510_identify_state(struct dvb_usb_device *d, const char **name) { struct lme2510_state *st = d->priv; + int status; usb_reset_configuration(d->udev); @@ -1197,12 +1203,16 @@ static int lme2510_identify_state(struct st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware; - if (lme2510_return_status(d) == 0x44) { + status = lme2510_return_status(d); + if (status == 0x44) { *name = lme_firmware_switch(d, 0); return COLD; } - return 0; + if (status != 0x47) + return -EINVAL; + + return WARM; } static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type, Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.14/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.14/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "usbip: vhci-hcd: Add USB3 SuperSpeed support" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: vhci-hcd: Add USB3 SuperSpeed support to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-vhci-hcd-add-usb3-superspeed-support.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1c9de5bf428612458427943b724bea51abde520a Mon Sep 17 00:00:00 2001 From: Yuyang Du <yuyang.du(a)intel.com> Date: Thu, 8 Jun 2017 13:04:10 +0800 Subject: usbip: vhci-hcd: Add USB3 SuperSpeed support From: Yuyang Du <yuyang.du(a)intel.com> commit 1c9de5bf428612458427943b724bea51abde520a upstream. This patch adds a USB3 HCD to an existing USB2 HCD and provides the support of SuperSpeed, in case the device can only be enumerated with SuperSpeed. The bulk of the added code in usb3_bos_desc and hub_control to support SuperSpeed is borrowed from the commit 1cd8fd2887e162ad ("usb: gadget: dummy_hcd: add SuperSpeed support"). With this patch, each vhci will have VHCI_HC_PORTS HighSpeed ports and VHCI_HC_PORTS SuperSpeed ports. Suggested-by: Krzysztof Opasiak <k.opasiak(a)samsung.com> Signed-off-by: Yuyang Du <yuyang.du(a)intel.com> Acked-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vhci_hcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -279,7 +279,7 @@ static int vhci_hub_control(struct usb_h case USB_PORT_FEAT_POWER: usbip_dbg_vhci_rh( " ClearPortFeature: USB_PORT_FEAT_POWER\n"); - dum->port_status[rhport] = 0; + dum->port_status[rhport] &= ~USB_PORT_STAT_POWER; dum->resuming = 0; break; case USB_PORT_FEAT_C_RESET: Patches currently in stable-queue which might be from yuyang.du(a)intel.com are queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch

7 years, 4 months

1
0
0 0

Patch "usbip: vhci: stop printing kernel pointer addresses in messages" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: vhci: stop printing kernel pointer addresses in messages to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 8272d099d05f7ab2776cf56a2ab9f9443be18907 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Mon, 18 Dec 2017 17:24:22 -0700 Subject: usbip: vhci: stop printing kernel pointer addresses in messages From: Shuah Khan <shuahkh(a)osg.samsung.com> commit 8272d099d05f7ab2776cf56a2ab9f9443be18907 upstream. Remove and/or change debug, info. and error messages to not print kernel pointer addresses. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vhci_hcd.c | 10 ---------- drivers/usb/usbip/vhci_rx.c | 23 +++++++++++------------ drivers/usb/usbip/vhci_tx.c | 3 ++- 3 files changed, 13 insertions(+), 23 deletions(-) --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -469,9 +469,6 @@ static int vhci_urb_enqueue(struct usb_h struct vhci_device *vdev; unsigned long flags; - usbip_dbg_vhci_hc("enter, usb_hcd %p urb %p mem_flags %d\n", - hcd, urb, mem_flags); - /* patch to usb_sg_init() is in 2.5.60 */ BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length); @@ -630,8 +627,6 @@ static int vhci_urb_dequeue(struct usb_h struct vhci_device *vdev; unsigned long flags; - pr_info("dequeue a urb %p\n", urb); - spin_lock_irqsave(&the_controller->lock, flags); priv = urb->hcpriv; @@ -659,7 +654,6 @@ static int vhci_urb_dequeue(struct usb_h /* tcp connection is closed */ spin_lock(&vdev->priv_lock); - pr_info("device %p seems to be disconnected\n", vdev); list_del(&priv->list); kfree(priv); urb->hcpriv = NULL; @@ -671,8 +665,6 @@ static int vhci_urb_dequeue(struct usb_h * vhci_rx will receive RET_UNLINK and give back the URB. * Otherwise, we give back it here. */ - pr_info("gives back urb %p\n", urb); - usb_hcd_unlink_urb_from_ep(hcd, urb); spin_unlock_irqrestore(&the_controller->lock, flags); @@ -701,8 +693,6 @@ static int vhci_urb_dequeue(struct usb_h unlink->unlink_seqnum = priv->seqnum; - pr_info("device %p seems to be still connected\n", vdev); - /* send cmd_unlink and try to cancel the pending URB in the * peer */ list_add_tail(&unlink->list, &vdev->unlink_tx); --- a/drivers/usb/usbip/vhci_rx.c +++ b/drivers/usb/usbip/vhci_rx.c @@ -37,24 +37,23 @@ struct urb *pickup_urb_and_free_priv(str urb = priv->urb; status = urb->status; - usbip_dbg_vhci_rx("find urb %p vurb %p seqnum %u\n", - urb, priv, seqnum); + usbip_dbg_vhci_rx("find urb seqnum %u\n", seqnum); switch (status) { case -ENOENT: /* fall through */ case -ECONNRESET: - dev_info(&urb->dev->dev, - "urb %p was unlinked %ssynchronuously.\n", urb, - status == -ENOENT ? "" : "a"); + dev_dbg(&urb->dev->dev, + "urb seq# %u was unlinked %ssynchronuously\n", + seqnum, status == -ENOENT ? "" : "a"); break; case -EINPROGRESS: /* no info output */ break; default: - dev_info(&urb->dev->dev, - "urb %p may be in a error, status %d\n", urb, - status); + dev_dbg(&urb->dev->dev, + "urb seq# %u may be in a error, status %d\n", + seqnum, status); } list_del(&priv->list); @@ -79,8 +78,8 @@ static void vhci_recv_ret_submit(struct spin_unlock_irqrestore(&vdev->priv_lock, flags); if (!urb) { - pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); - pr_info("max seqnum %d\n", + pr_err("cannot find a urb of seqnum %u max seqnum %d\n", + pdu->base.seqnum, atomic_read(&the_controller->seqnum)); usbip_event_add(ud, VDEV_EVENT_ERROR_TCP); return; @@ -103,7 +102,7 @@ static void vhci_recv_ret_submit(struct if (usbip_dbg_flag_vhci_rx) usbip_dump_urb(urb); - usbip_dbg_vhci_rx("now giveback urb %p\n", urb); + usbip_dbg_vhci_rx("now giveback urb %u\n", pdu->base.seqnum); spin_lock_irqsave(&the_controller->lock, flags); usb_hcd_unlink_urb_from_ep(vhci_to_hcd(the_controller), urb); @@ -168,7 +167,7 @@ static void vhci_recv_ret_unlink(struct pr_info("the urb (seqnum %d) was already given back\n", pdu->base.seqnum); } else { - usbip_dbg_vhci_rx("now giveback urb %p\n", urb); + usbip_dbg_vhci_rx("now giveback urb %d\n", pdu->base.seqnum); /* If unlink is successful, status is -ECONNRESET */ urb->status = pdu->u.ret_unlink.status; --- a/drivers/usb/usbip/vhci_tx.c +++ b/drivers/usb/usbip/vhci_tx.c @@ -83,7 +83,8 @@ static int vhci_send_cmd_submit(struct v memset(&msg, 0, sizeof(msg)); memset(&iov, 0, sizeof(iov)); - usbip_dbg_vhci_tx("setup txdata urb %p\n", urb); + usbip_dbg_vhci_tx("setup txdata urb seqnum %lu\n", + priv->seqnum); /* 1. setup usbip_header */ setup_cmd_submit_pdu(&pdu_header, urb); Patches currently in stable-queue which might be from shuahkh(a)osg.samsung.com are queue-3.18/usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch queue-3.18/usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch queue-3.18/usbip-prevent-leaking-socket-pointer-address-in-messages.patch queue-3.18/usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch queue-3.18/usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "usbip: stub: stop printing kernel pointer addresses in messages" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: stub: stop printing kernel pointer addresses in messages to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 248a22044366f588d46754c54dfe29ffe4f8b4df Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Mon, 18 Dec 2017 17:23:37 -0700 Subject: usbip: stub: stop printing kernel pointer addresses in messages From: Shuah Khan <shuahkh(a)osg.samsung.com> commit 248a22044366f588d46754c54dfe29ffe4f8b4df upstream. Remove and/or change debug, info. and error messages to not print kernel pointer addresses. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/stub_main.c | 5 +++-- drivers/usb/usbip/stub_rx.c | 7 ++----- drivers/usb/usbip/stub_tx.c | 4 ++-- 3 files changed, 7 insertions(+), 9 deletions(-) --- a/drivers/usb/usbip/stub_main.c +++ b/drivers/usb/usbip/stub_main.c @@ -252,11 +252,12 @@ void stub_device_cleanup_urbs(struct stu struct stub_priv *priv; struct urb *urb; - dev_dbg(&sdev->udev->dev, "free sdev %p\n", sdev); + dev_dbg(&sdev->udev->dev, "Stub device cleaning up urbs\n"); while ((priv = stub_priv_pop(sdev))) { urb = priv->urb; - dev_dbg(&sdev->udev->dev, "free urb %p\n", urb); + dev_dbg(&sdev->udev->dev, "free urb seqnum %lu\n", + priv->seqnum); usb_kill_urb(urb); kmem_cache_free(stub_priv_cache, priv); --- a/drivers/usb/usbip/stub_rx.c +++ b/drivers/usb/usbip/stub_rx.c @@ -230,9 +230,6 @@ static int stub_recv_cmd_unlink(struct s if (priv->seqnum != pdu->u.cmd_unlink.seqnum) continue; - dev_info(&priv->urb->dev->dev, "unlink urb %p\n", - priv->urb); - /* * This matched urb is not completed yet (i.e., be in * flight in usb hcd hardware/driver). Now we are @@ -271,8 +268,8 @@ static int stub_recv_cmd_unlink(struct s ret = usb_unlink_urb(priv->urb); if (ret != -EINPROGRESS) dev_err(&priv->urb->dev->dev, - "failed to unlink a urb %p, ret %d\n", - priv->urb, ret); + "failed to unlink a urb # %lu, ret %d\n", + priv->seqnum, ret); return 0; } --- a/drivers/usb/usbip/stub_tx.c +++ b/drivers/usb/usbip/stub_tx.c @@ -201,8 +201,8 @@ static int stub_send_ret_submit(struct s /* 1. setup usbip_header */ setup_ret_submit_pdu(&pdu_header, urb); - usbip_dbg_stub_tx("setup txdata seqnum: %d urb: %p\n", - pdu_header.base.seqnum, urb); + usbip_dbg_stub_tx("setup txdata seqnum: %d\n", + pdu_header.base.seqnum); usbip_header_correct_endian(&pdu_header, 1); iov[iovnum].iov_base = &pdu_header; Patches currently in stable-queue which might be from shuahkh(a)osg.samsung.com are queue-3.18/usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch queue-3.18/usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch queue-3.18/usbip-prevent-leaking-socket-pointer-address-in-messages.patch queue-3.18/usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch queue-3.18/usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "usbip: prevent vhci_hcd driver from leaking a socket pointer address" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: prevent vhci_hcd driver from leaking a socket pointer address to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Thu, 7 Dec 2017 14:16:49 -0700 Subject: usbip: prevent vhci_hcd driver from leaking a socket pointer address From: Shuah Khan <shuahkh(a)osg.samsung.com> commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 upstream. When a client has a USB device attached over IP, the vhci_hcd driver is locally leaking a socket pointer address via the /sys/devices/platform/vhci_hcd/status file (world-readable) and in debug output when "usbip --debug port" is run. Fix it to not leak. The socket pointer address is not used at the moment and it was made visible as a convenient way to find IP address from socket pointer address by looking up /proc/net/{tcp,tcp6}. As this opens a security hole, the fix replaces socket pointer address with sockfd. Reported-by: Secunia Research <vuln(a)secunia.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/usbip_common.h | 1 + drivers/usb/usbip/vhci_sysfs.c | 26 +++++++++++++++----------- tools/usb/usbip/libsrc/vhci_driver.c | 8 ++++---- 3 files changed, 20 insertions(+), 15 deletions(-) --- a/drivers/usb/usbip/usbip_common.h +++ b/drivers/usb/usbip/usbip_common.h @@ -261,6 +261,7 @@ struct usbip_device { /* lock for status */ spinlock_t lock; + int sockfd; struct socket *tcp_socket; struct task_struct *tcp_rx; --- a/drivers/usb/usbip/vhci_sysfs.c +++ b/drivers/usb/usbip/vhci_sysfs.c @@ -39,16 +39,20 @@ static ssize_t status_show(struct device /* * output example: - * prt sta spd dev socket local_busid - * 000 004 000 000 c5a7bb80 1-2.3 - * 001 004 000 000 d8cee980 2-3.4 + * prt sta spd dev sockfd local_busid + * 0000 004 000 00000000 000003 1-2.3 + * 0001 004 000 00000000 000004 2-3.4 * - * IP address can be retrieved from a socket pointer address by looking - * up /proc/net/{tcp,tcp6}. Also, a userland program may remember a - * port number and its peer IP address. + * Output includes socket fd instead of socket pointer address to + * avoid leaking kernel memory address in: + * /sys/devices/platform/vhci_hcd.0/status and in debug output. + * The socket pointer address is not used at the moment and it was + * made visible as a convenient way to find IP address from socket + * pointer address by looking up /proc/net/{tcp,tcp6}. As this opens + * a security hole, the change is made to use sockfd instead. */ out += sprintf(out, - "prt sta spd bus dev socket local_busid\n"); + "prt sta spd dev sockfd local_busid\n"); for (i = 0; i < VHCI_NPORTS; i++) { struct vhci_device *vdev = port_to_vdev(i); @@ -59,12 +63,11 @@ static ssize_t status_show(struct device if (vdev->ud.status == VDEV_ST_USED) { out += sprintf(out, "%03u %08x ", vdev->speed, vdev->devid); - out += sprintf(out, "%16p ", vdev->ud.tcp_socket); + out += sprintf(out, "%06u ", vdev->ud.sockfd); out += sprintf(out, "%s", dev_name(&vdev->udev->dev)); - } else { - out += sprintf(out, "000 000 000 0000000000000000 0-0"); - } + } else + out += sprintf(out, "000 00000000 000000 0-0"); out += sprintf(out, "\n"); spin_unlock(&vdev->ud.lock); @@ -223,6 +226,7 @@ static ssize_t store_attach(struct devic vdev->devid = devid; vdev->speed = speed; + vdev->ud.sockfd = sockfd; vdev->ud.tcp_socket = socket; vdev->ud.status = VDEV_ST_NOTASSIGNED; --- a/tools/usb/usbip/libsrc/vhci_driver.c +++ b/tools/usb/usbip/libsrc/vhci_driver.c @@ -55,12 +55,12 @@ static int parse_status(const char *valu while (*c != '\0') { int port, status, speed, devid; - unsigned long socket; + int sockfd; char lbusid[SYSFS_BUS_ID_SIZE]; - ret = sscanf(c, "%d %d %d %x %lx %31s\n", + ret = sscanf(c, "%d %d %d %x %u %31s\n", &port, &status, &speed, - &devid, &socket, lbusid); + &devid, &sockfd, lbusid); if (ret < 5) { dbg("sscanf failed: %d", ret); @@ -69,7 +69,7 @@ static int parse_status(const char *valu dbg("port %d status %d speed %d devid %x", port, status, speed, devid); - dbg("socket %lx lbusid %s", socket, lbusid); + dbg("sockfd %u lbusid %s", sockfd, lbusid); /* if a device is connected, look at it */ Patches currently in stable-queue which might be from shuahkh(a)osg.samsung.com are queue-3.18/usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch queue-3.18/usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch queue-3.18/usbip-prevent-leaking-socket-pointer-address-in-messages.patch queue-3.18/usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch queue-3.18/usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "usbip: prevent leaking socket pointer address in messages" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: prevent leaking socket pointer address in messages to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-prevent-leaking-socket-pointer-address-in-messages.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 90120d15f4c397272aaf41077960a157fc4212bf Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Fri, 15 Dec 2017 10:50:09 -0700 Subject: usbip: prevent leaking socket pointer address in messages From: Shuah Khan <shuahkh(a)osg.samsung.com> commit 90120d15f4c397272aaf41077960a157fc4212bf upstream. usbip driver is leaking socket pointer address in messages. Remove the messages that aren't useful and print sockfd in the ones that are useful for debugging. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/stub_dev.c | 3 +-- drivers/usb/usbip/usbip_common.c | 15 ++++----------- drivers/usb/usbip/vhci_hcd.c | 2 +- 3 files changed, 6 insertions(+), 14 deletions(-) --- a/drivers/usb/usbip/stub_dev.c +++ b/drivers/usb/usbip/stub_dev.c @@ -163,8 +163,7 @@ static void stub_shutdown_connection(str * step 1? */ if (ud->tcp_socket) { - dev_dbg(&sdev->udev->dev, "shutdown tcp_socket %p\n", - ud->tcp_socket); + dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd); kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); } --- a/drivers/usb/usbip/usbip_common.c +++ b/drivers/usb/usbip/usbip_common.c @@ -317,18 +317,14 @@ int usbip_recv(struct socket *sock, void struct msghdr msg; struct kvec iov; int total = 0; - /* for blocks of if (usbip_dbg_flag_xmit) */ char *bp = buf; int osize = size; - usbip_dbg_xmit("enter\n"); - - if (!sock || !buf || !size) { - pr_err("invalid arg, sock %p buff %p size %d\n", sock, buf, - size); + if (!sock || !buf || !size) return -EINVAL; - } + + usbip_dbg_xmit("enter\n"); do { sock->sk->sk_allocation = GFP_NOIO; @@ -341,11 +337,8 @@ int usbip_recv(struct socket *sock, void msg.msg_flags = MSG_NOSIGNAL; result = kernel_recvmsg(sock, &msg, &iov, 1, size, MSG_WAITALL); - if (result <= 0) { - pr_debug("receive sock %p buf %p size %u ret %d total %d\n", - sock, buf, size, result, total); + if (result <= 0) goto err; - } size -= result; buf += result; --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -782,7 +782,7 @@ static void vhci_shutdown_connection(str /* need this? see stub_dev.c */ if (ud->tcp_socket) { - pr_debug("shutdown tcp_socket %p\n", ud->tcp_socket); + pr_debug("shutdown sockfd %d\n", ud->sockfd); kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); } Patches currently in stable-queue which might be from shuahkh(a)osg.samsung.com are queue-3.18/usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch queue-3.18/usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch queue-3.18/usbip-prevent-leaking-socket-pointer-address-in-messages.patch queue-3.18/usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch queue-3.18/usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c6688ef9f29762e65bce325ef4acd6c675806366 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Thu, 7 Dec 2017 14:16:48 -0700 Subject: usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input From: Shuah Khan <shuahkh(a)osg.samsung.com> commit c6688ef9f29762e65bce325ef4acd6c675806366 upstream. Harden CMD_SUBMIT path to handle malicious input that could trigger large memory allocations. Add checks to validate transfer_buffer_length and number_of_packets to protect against bad input requesting for unbounded memory allocations. Validate early in get_pipe() and return failure. Reported-by: Secunia Research <vuln(a)secunia.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/stub_rx.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) --- a/drivers/usb/usbip/stub_rx.c +++ b/drivers/usb/usbip/stub_rx.c @@ -341,11 +341,13 @@ static struct stub_priv *stub_priv_alloc return priv; } -static int get_pipe(struct stub_device *sdev, int epnum, int dir) +static int get_pipe(struct stub_device *sdev, struct usbip_header *pdu) { struct usb_device *udev = sdev->udev; struct usb_host_endpoint *ep; struct usb_endpoint_descriptor *epd = NULL; + int epnum = pdu->base.ep; + int dir = pdu->base.direction; if (epnum < 0 || epnum > 15) goto err_ret; @@ -358,6 +360,7 @@ static int get_pipe(struct stub_device * goto err_ret; epd = &ep->desc; + if (usb_endpoint_xfer_control(epd)) { if (dir == USBIP_DIR_OUT) return usb_sndctrlpipe(udev, epnum); @@ -380,6 +383,27 @@ static int get_pipe(struct stub_device * } if (usb_endpoint_xfer_isoc(epd)) { + /* validate packet size and number of packets */ + unsigned int maxp, packets, bytes; + +#define USB_EP_MAXP_MULT_SHIFT 11 +#define USB_EP_MAXP_MULT_MASK (3 << USB_EP_MAXP_MULT_SHIFT) +#define USB_EP_MAXP_MULT(m) \ + (((m) & USB_EP_MAXP_MULT_MASK) >> USB_EP_MAXP_MULT_SHIFT) + + maxp = usb_endpoint_maxp(epd); + maxp *= (USB_EP_MAXP_MULT( + __le16_to_cpu(epd->wMaxPacketSize)) + 1); + bytes = pdu->u.cmd_submit.transfer_buffer_length; + packets = DIV_ROUND_UP(bytes, maxp); + + if (pdu->u.cmd_submit.number_of_packets < 0 || + pdu->u.cmd_submit.number_of_packets > packets) { + dev_err(&sdev->udev->dev, + "CMD_SUBMIT: isoc invalid num packets %d\n", + pdu->u.cmd_submit.number_of_packets); + return -1; + } if (dir == USBIP_DIR_OUT) return usb_sndisocpipe(udev, epnum); else @@ -388,7 +412,7 @@ static int get_pipe(struct stub_device * err_ret: /* NOT REACHED */ - dev_err(&sdev->interface->dev, "get pipe, epnum %d\n", epnum); + dev_err(&sdev->udev->dev, "CMD_SUBMIT: invalid epnum %d\n", epnum); return -1; } @@ -453,7 +477,7 @@ static void stub_recv_cmd_submit(struct struct stub_priv *priv; struct usbip_device *ud = &sdev->ud; struct usb_device *udev = sdev->udev; - int pipe = get_pipe(sdev, pdu->base.ep, pdu->base.direction); + int pipe = get_pipe(sdev, pdu); if (pipe == -1) return; Patches currently in stable-queue which might be from shuahkh(a)osg.samsung.com are queue-3.18/usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch queue-3.18/usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch queue-3.18/usbip-prevent-leaking-socket-pointer-address-in-messages.patch queue-3.18/usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch queue-3.18/usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "usbip: Fix potential format overflow in userspace tools" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: Fix potential format overflow in userspace tools to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-fix-potential-format-overflow-in-userspace-tools.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e5dfa3f902b9a642ae8c6997d57d7c41e384a90b Mon Sep 17 00:00:00 2001 From: Jonathan Dieter <jdieter(a)lesbg.com> Date: Mon, 27 Feb 2017 10:31:03 +0200 Subject: usbip: Fix potential format overflow in userspace tools From: Jonathan Dieter <jdieter(a)lesbg.com> commit e5dfa3f902b9a642ae8c6997d57d7c41e384a90b upstream. The usbip userspace tools call sprintf()/snprintf() and don't check for the return value which can lead the paths to overflow, truncating the final file in the path. More urgently, GCC 7 now warns that these aren't checked with -Wformat-overflow, and with -Werror enabled in configure.ac, that makes these tools unbuildable. This patch fixes these problems by replacing sprintf() with snprintf() in one place and adding checks for the return value of snprintf(). Reviewed-by: Peter Senna Tschudin <peter.senna(a)gmail.com> Signed-off-by: Jonathan Dieter <jdieter(a)lesbg.com> Acked-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/usb/usbip/libsrc/usbip_common.c | 9 ++++++++- tools/usb/usbip/libsrc/usbip_host_driver.c | 27 ++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 6 deletions(-) --- a/tools/usb/usbip/libsrc/usbip_common.c +++ b/tools/usb/usbip/libsrc/usbip_common.c @@ -215,9 +215,16 @@ int read_usb_interface(struct usbip_usb_ struct usbip_usb_interface *uinf) { char busid[SYSFS_BUS_ID_SIZE]; + int size; struct udev_device *sif; - sprintf(busid, "%s:%d.%d", udev->busid, udev->bConfigurationValue, i); + size = snprintf(busid, sizeof(busid), "%s:%d.%d", + udev->busid, udev->bConfigurationValue, i); + if (size < 0 || (unsigned int)size >= sizeof(busid)) { + err("busid length %i >= %lu or < 0", size, + (unsigned long)sizeof(busid)); + return -1; + } sif = udev_device_new_from_subsystem_sysname(udev_context, "usb", busid); if (!sif) { --- a/tools/usb/usbip/libsrc/usbip_host_driver.c +++ b/tools/usb/usbip/libsrc/usbip_host_driver.c @@ -39,13 +39,19 @@ struct udev *udev_context; static int32_t read_attr_usbip_status(struct usbip_usb_device *udev) { char status_attr_path[SYSFS_PATH_MAX]; + int size; int fd; int length; char status; int value = 0; - snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status", - udev->path); + size = snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status", + udev->path); + if (size < 0 || (unsigned int)size >= sizeof(status_attr_path)) { + err("usbip_status path length %i >= %lu or < 0", size, + (unsigned long)sizeof(status_attr_path)); + return -1; + } fd = open(status_attr_path, O_RDONLY); if (fd < 0) { @@ -225,6 +231,7 @@ int usbip_host_export_device(struct usbi { char attr_name[] = "usbip_sockfd"; char sockfd_attr_path[SYSFS_PATH_MAX]; + int size; char sockfd_buff[30]; int ret; @@ -244,10 +251,20 @@ int usbip_host_export_device(struct usbi } /* only the first interface is true */ - snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s", - edev->udev.path, attr_name); + size = snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s", + edev->udev.path, attr_name); + if (size < 0 || (unsigned int)size >= sizeof(sockfd_attr_path)) { + err("exported device path length %i >= %lu or < 0", size, + (unsigned long)sizeof(sockfd_attr_path)); + return -1; + } - snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd); + size = snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd); + if (size < 0 || (unsigned int)size >= sizeof(sockfd_buff)) { + err("socket length %i >= %lu or < 0", size, + (unsigned long)sizeof(sockfd_buff)); + return -1; + } ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff, strlen(sockfd_buff)); Patches currently in stable-queue which might be from jdieter(a)lesbg.com are queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch

7 years, 4 months

1
0
0 0

Patch "usbip: fix stub_rx: get_pipe() to validate endpoint number" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: fix stub_rx: get_pipe() to validate endpoint number to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Thu, 7 Dec 2017 14:16:47 -0700 Subject: usbip: fix stub_rx: get_pipe() to validate endpoint number From: Shuah Khan <shuahkh(a)osg.samsung.com> commit 635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 upstream. get_pipe() routine doesn't validate the input endpoint number and uses to reference ep_in and ep_out arrays. Invalid endpoint number can trigger BUG(). Range check the epnum and returning error instead of calling BUG(). Change caller stub_recv_cmd_submit() to handle the get_pipe() error return. Reported-by: Secunia Research <vuln(a)secunia.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/stub_rx.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- a/drivers/usb/usbip/stub_rx.c +++ b/drivers/usb/usbip/stub_rx.c @@ -347,15 +347,15 @@ static int get_pipe(struct stub_device * struct usb_host_endpoint *ep; struct usb_endpoint_descriptor *epd = NULL; + if (epnum < 0 || epnum > 15) + goto err_ret; + if (dir == USBIP_DIR_IN) ep = udev->ep_in[epnum & 0x7f]; else ep = udev->ep_out[epnum & 0x7f]; - if (!ep) { - dev_err(&sdev->interface->dev, "no such endpoint?, %d\n", - epnum); - BUG(); - } + if (!ep) + goto err_ret; epd = &ep->desc; if (usb_endpoint_xfer_control(epd)) { @@ -386,9 +386,10 @@ static int get_pipe(struct stub_device * return usb_rcvisocpipe(udev, epnum); } +err_ret: /* NOT REACHED */ dev_err(&sdev->interface->dev, "get pipe, epnum %d\n", epnum); - return 0; + return -1; } static void masking_bogus_flags(struct urb *urb) @@ -454,6 +455,9 @@ static void stub_recv_cmd_submit(struct struct usb_device *udev = sdev->udev; int pipe = get_pipe(sdev, pdu->base.ep, pdu->base.direction); + if (pipe == -1) + return; + priv = stub_priv_alloc(sdev, pdu); if (!priv) return; Patches currently in stable-queue which might be from shuahkh(a)osg.samsung.com are queue-3.18/usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch queue-3.18/usbip-vhci-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-fix-potential-format-overflow-in-userspace-tools.patch queue-3.18/usbip-vhci-hcd-add-usb3-superspeed-support.patch queue-3.18/usbip-prevent-leaking-socket-pointer-address-in-messages.patch queue-3.18/usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch queue-3.18/usbip-stub-stop-printing-kernel-pointer-addresses-in-messages.patch queue-3.18/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "usb: usbip: Fix possible deadlocks reported by lockdep" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: usbip: Fix possible deadlocks reported by lockdep to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 21619792d1eca7e772ca190ba68588e57f29595b Mon Sep 17 00:00:00 2001 From: Andrew Goodbody <andrew.goodbody(a)cambrionix.com> Date: Tue, 2 Feb 2016 17:36:39 +0000 Subject: usb: usbip: Fix possible deadlocks reported by lockdep From: Andrew Goodbody <andrew.goodbody(a)cambrionix.com> commit 21619792d1eca7e772ca190ba68588e57f29595b upstream. Change spin_lock calls to spin_lock_irqsave to prevent attmpted recursive lock taking in interrupt context. This patch fixes Bug 109351 https://bugzilla.kernel.org/show_bug.cgi?id=109351 Signed-off-by: Andrew Goodbody <andrew.goodbody(a)cambrionix.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/usbip_event.c | 5 +- drivers/usb/usbip/vhci_hcd.c | 88 +++++++++++++++++++++++----------------- drivers/usb/usbip/vhci_rx.c | 30 +++++++------ drivers/usb/usbip/vhci_sysfs.c | 19 +++++--- drivers/usb/usbip/vhci_tx.c | 14 +++--- 5 files changed, 91 insertions(+), 65 deletions(-) --- a/drivers/usb/usbip/usbip_event.c +++ b/drivers/usb/usbip/usbip_event.c @@ -117,11 +117,12 @@ EXPORT_SYMBOL_GPL(usbip_event_add); int usbip_event_happened(struct usbip_device *ud) { int happened = 0; + unsigned long flags; - spin_lock(&ud->lock); + spin_lock_irqsave(&ud->lock, flags); if (ud->event != 0) happened = 1; - spin_unlock(&ud->lock); + spin_unlock_irqrestore(&ud->lock, flags); return happened; } --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -121,9 +121,11 @@ static void dump_port_status_diff(u32 pr void rh_port_connect(int rhport, enum usb_device_speed speed) { + unsigned long flags; + usbip_dbg_vhci_rh("rh_port_connect %d\n", rhport); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); the_controller->port_status[rhport] |= USB_PORT_STAT_CONNECTION | (1 << USB_PORT_FEAT_C_CONNECTION); @@ -139,22 +141,24 @@ void rh_port_connect(int rhport, enum us break; } - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_poll_rh_status(vhci_to_hcd(the_controller)); } static void rh_port_disconnect(int rhport) { + unsigned long flags; + usbip_dbg_vhci_rh("rh_port_disconnect %d\n", rhport); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); the_controller->port_status[rhport] &= ~USB_PORT_STAT_CONNECTION; the_controller->port_status[rhport] |= (1 << USB_PORT_FEAT_C_CONNECTION); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_poll_rh_status(vhci_to_hcd(the_controller)); } @@ -182,13 +186,14 @@ static int vhci_hub_status(struct usb_hc int retval; int rhport; int changed = 0; + unsigned long flags; retval = DIV_ROUND_UP(VHCI_NPORTS + 1, 8); memset(buf, 0, retval); vhci = hcd_to_vhci(hcd); - spin_lock(&vhci->lock); + spin_lock_irqsave(&vhci->lock, flags); if (!HCD_HW_ACCESSIBLE(hcd)) { usbip_dbg_vhci_rh("hw accessible flag not on?\n"); goto done; @@ -209,7 +214,7 @@ static int vhci_hub_status(struct usb_hc usb_hcd_resume_root_hub(hcd); done: - spin_unlock(&vhci->lock); + spin_unlock_irqrestore(&vhci->lock, flags); return changed ? retval : 0; } @@ -230,6 +235,7 @@ static int vhci_hub_control(struct usb_h struct vhci_hcd *dum; int retval = 0; int rhport; + unsigned long flags; u32 prev_port_status[VHCI_NPORTS]; @@ -248,7 +254,7 @@ static int vhci_hub_control(struct usb_h dum = hcd_to_vhci(hcd); - spin_lock(&dum->lock); + spin_lock_irqsave(&dum->lock, flags); /* store old status and compare now and old later */ if (usbip_dbg_flag_vhci_rh) { @@ -402,7 +408,7 @@ static int vhci_hub_control(struct usb_h } usbip_dbg_vhci_rh(" bye\n"); - spin_unlock(&dum->lock); + spin_unlock_irqrestore(&dum->lock, flags); return retval; } @@ -425,6 +431,7 @@ static void vhci_tx_urb(struct urb *urb) { struct vhci_device *vdev = get_vdev(urb->dev); struct vhci_priv *priv; + unsigned long flags; if (!vdev) { pr_err("could not get virtual device"); @@ -437,7 +444,7 @@ static void vhci_tx_urb(struct urb *urb) return; } - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); priv->seqnum = atomic_inc_return(&the_controller->seqnum); if (priv->seqnum == 0xffff) @@ -451,7 +458,7 @@ static void vhci_tx_urb(struct urb *urb) list_add_tail(&priv->list, &vdev->priv_tx); wake_up(&vdev->waitq_tx); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); } static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, @@ -460,6 +467,7 @@ static int vhci_urb_enqueue(struct usb_h struct device *dev = &urb->dev->dev; int ret = 0; struct vhci_device *vdev; + unsigned long flags; usbip_dbg_vhci_hc("enter, usb_hcd %p urb %p mem_flags %d\n", hcd, urb, mem_flags); @@ -467,11 +475,11 @@ static int vhci_urb_enqueue(struct usb_h /* patch to usb_sg_init() is in 2.5.60 */ BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); if (urb->status != -EINPROGRESS) { dev_err(dev, "URB already unlinked!, status %d\n", urb->status); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return urb->status; } @@ -483,7 +491,7 @@ static int vhci_urb_enqueue(struct usb_h vdev->ud.status == VDEV_ST_ERROR) { dev_err(dev, "enqueue for inactive port %d\n", vdev->rhport); spin_unlock(&vdev->ud.lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return -ENODEV; } spin_unlock(&vdev->ud.lock); @@ -558,14 +566,14 @@ static int vhci_urb_enqueue(struct usb_h out: vhci_tx_urb(urb); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return 0; no_need_xmit: usb_hcd_unlink_urb_from_ep(hcd, urb); no_need_unlink: - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb, urb->status); return ret; } @@ -620,16 +628,17 @@ static int vhci_urb_dequeue(struct usb_h { struct vhci_priv *priv; struct vhci_device *vdev; + unsigned long flags; pr_info("dequeue a urb %p\n", urb); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); priv = urb->hcpriv; if (!priv) { /* URB was never linked! or will be soon given back by * vhci_rx. */ - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return 0; } @@ -638,7 +647,7 @@ static int vhci_urb_dequeue(struct usb_h ret = usb_hcd_check_unlink_urb(hcd, urb, status); if (ret) { - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return ret; } } @@ -666,10 +675,10 @@ static int vhci_urb_dequeue(struct usb_h usb_hcd_unlink_urb_from_ep(hcd, urb); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb, urb->status); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); } else { /* tcp connection is alive */ @@ -681,7 +690,7 @@ static int vhci_urb_dequeue(struct usb_h unlink = kzalloc(sizeof(struct vhci_unlink), GFP_ATOMIC); if (!unlink) { spin_unlock(&vdev->priv_lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usbip_event_add(&vdev->ud, VDEV_EVENT_ERROR_MALLOC); return -ENOMEM; } @@ -702,7 +711,7 @@ static int vhci_urb_dequeue(struct usb_h spin_unlock(&vdev->priv_lock); } - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usbip_dbg_vhci_hc("leave\n"); return 0; @@ -711,8 +720,9 @@ static int vhci_urb_dequeue(struct usb_h static void vhci_device_unlink_cleanup(struct vhci_device *vdev) { struct vhci_unlink *unlink, *tmp; + unsigned long flags; - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); spin_lock(&vdev->priv_lock); list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) { @@ -746,19 +756,19 @@ static void vhci_device_unlink_cleanup(s list_del(&unlink->list); spin_unlock(&vdev->priv_lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb, urb->status); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); spin_lock(&vdev->priv_lock); kfree(unlink); } spin_unlock(&vdev->priv_lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); } /* @@ -825,8 +835,9 @@ static void vhci_shutdown_connection(str static void vhci_device_reset(struct usbip_device *ud) { struct vhci_device *vdev = container_of(ud, struct vhci_device, ud); + unsigned long flags; - spin_lock(&ud->lock); + spin_lock_irqsave(&ud->lock, flags); vdev->speed = 0; vdev->devid = 0; @@ -841,14 +852,16 @@ static void vhci_device_reset(struct usb } ud->status = VDEV_ST_NULL; - spin_unlock(&ud->lock); + spin_unlock_irqrestore(&ud->lock, flags); } static void vhci_device_unusable(struct usbip_device *ud) { - spin_lock(&ud->lock); + unsigned long flags; + + spin_lock_irqsave(&ud->lock, flags); ud->status = VDEV_ST_ERROR; - spin_unlock(&ud->lock); + spin_unlock_irqrestore(&ud->lock, flags); } static void vhci_device_init(struct vhci_device *vdev) @@ -938,12 +951,13 @@ static int vhci_get_frame_number(struct static int vhci_bus_suspend(struct usb_hcd *hcd) { struct vhci_hcd *vhci = hcd_to_vhci(hcd); + unsigned long flags; dev_dbg(&hcd->self.root_hub->dev, "%s\n", __func__); - spin_lock(&vhci->lock); + spin_lock_irqsave(&vhci->lock, flags); hcd->state = HC_STATE_SUSPENDED; - spin_unlock(&vhci->lock); + spin_unlock_irqrestore(&vhci->lock, flags); return 0; } @@ -952,15 +966,16 @@ static int vhci_bus_resume(struct usb_hc { struct vhci_hcd *vhci = hcd_to_vhci(hcd); int rc = 0; + unsigned long flags; dev_dbg(&hcd->self.root_hub->dev, "%s\n", __func__); - spin_lock(&vhci->lock); + spin_lock_irqsave(&vhci->lock, flags); if (!HCD_HW_ACCESSIBLE(hcd)) rc = -ESHUTDOWN; else hcd->state = HC_STATE_RUNNING; - spin_unlock(&vhci->lock); + spin_unlock_irqrestore(&vhci->lock, flags); return rc; } @@ -1058,17 +1073,18 @@ static int vhci_hcd_suspend(struct platf int rhport = 0; int connected = 0; int ret = 0; + unsigned long flags; hcd = platform_get_drvdata(pdev); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); for (rhport = 0; rhport < VHCI_NPORTS; rhport++) if (the_controller->port_status[rhport] & USB_PORT_STAT_CONNECTION) connected += 1; - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); if (connected > 0) { dev_info(&pdev->dev, --- a/drivers/usb/usbip/vhci_rx.c +++ b/drivers/usb/usbip/vhci_rx.c @@ -72,10 +72,11 @@ static void vhci_recv_ret_submit(struct { struct usbip_device *ud = &vdev->ud; struct urb *urb; + unsigned long flags; - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); urb = pickup_urb_and_free_priv(vdev, pdu->base.seqnum); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); if (!urb) { pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); @@ -104,9 +105,9 @@ static void vhci_recv_ret_submit(struct usbip_dbg_vhci_rx("now giveback urb %p\n", urb); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); usb_hcd_unlink_urb_from_ep(vhci_to_hcd(the_controller), urb); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb, urb->status); @@ -117,8 +118,9 @@ static struct vhci_unlink *dequeue_pendi struct usbip_header *pdu) { struct vhci_unlink *unlink, *tmp; + unsigned long flags; - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); list_for_each_entry_safe(unlink, tmp, &vdev->unlink_rx, list) { pr_info("unlink->seqnum %lu\n", unlink->seqnum); @@ -127,12 +129,12 @@ static struct vhci_unlink *dequeue_pendi unlink->seqnum); list_del(&unlink->list); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return unlink; } } - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return NULL; } @@ -142,6 +144,7 @@ static void vhci_recv_ret_unlink(struct { struct vhci_unlink *unlink; struct urb *urb; + unsigned long flags; usbip_dump_header(pdu); @@ -152,9 +155,9 @@ static void vhci_recv_ret_unlink(struct return; } - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); if (!urb) { /* @@ -171,9 +174,9 @@ static void vhci_recv_ret_unlink(struct urb->status = pdu->u.ret_unlink.status; pr_info("urb->status %d\n", urb->status); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); usb_hcd_unlink_urb_from_ep(vhci_to_hcd(the_controller), urb); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb, urb->status); @@ -185,10 +188,11 @@ static void vhci_recv_ret_unlink(struct static int vhci_priv_tx_empty(struct vhci_device *vdev) { int empty = 0; + unsigned long flags; - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); empty = list_empty(&vdev->priv_rx); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return empty; } --- a/drivers/usb/usbip/vhci_sysfs.c +++ b/drivers/usb/usbip/vhci_sysfs.c @@ -32,10 +32,11 @@ static ssize_t status_show(struct device { char *s = out; int i = 0; + unsigned long flags; BUG_ON(!the_controller || !out); - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); /* * output example: @@ -73,7 +74,7 @@ static ssize_t status_show(struct device spin_unlock(&vdev->ud.lock); } - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return out - s; } @@ -83,11 +84,12 @@ static DEVICE_ATTR_RO(status); static int vhci_port_disconnect(__u32 rhport) { struct vhci_device *vdev; + unsigned long flags; usbip_dbg_vhci_sysfs("enter\n"); /* lock */ - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); vdev = port_to_vdev(rhport); @@ -97,14 +99,14 @@ static int vhci_port_disconnect(__u32 rh /* unlock */ spin_unlock(&vdev->ud.lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); return -EINVAL; } /* unlock */ spin_unlock(&vdev->ud.lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); usbip_event_add(&vdev->ud, VDEV_EVENT_DOWN); @@ -180,6 +182,7 @@ static ssize_t store_attach(struct devic int sockfd = 0; __u32 rhport = 0, devid = 0, speed = 0; int err; + unsigned long flags; /* * @rhport: port number of vhci_hcd @@ -205,14 +208,14 @@ static ssize_t store_attach(struct devic /* now need lock until setting vdev status as used */ /* begin a lock */ - spin_lock(&the_controller->lock); + spin_lock_irqsave(&the_controller->lock, flags); vdev = port_to_vdev(rhport); spin_lock(&vdev->ud.lock); if (vdev->ud.status != VDEV_ST_NULL) { /* end of the lock */ spin_unlock(&vdev->ud.lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); sockfd_put(socket); @@ -231,7 +234,7 @@ static ssize_t store_attach(struct devic vdev->ud.status = VDEV_ST_NOTASSIGNED; spin_unlock(&vdev->ud.lock); - spin_unlock(&the_controller->lock); + spin_unlock_irqrestore(&the_controller->lock, flags); /* end the lock */ vdev->ud.tcp_rx = kthread_get_run(vhci_rx_loop, &vdev->ud, "vhci_rx"); --- a/drivers/usb/usbip/vhci_tx.c +++ b/drivers/usb/usbip/vhci_tx.c @@ -47,16 +47,17 @@ static void setup_cmd_submit_pdu(struct static struct vhci_priv *dequeue_from_priv_tx(struct vhci_device *vdev) { struct vhci_priv *priv, *tmp; + unsigned long flags; - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); list_for_each_entry_safe(priv, tmp, &vdev->priv_tx, list) { list_move_tail(&priv->list, &vdev->priv_rx); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return priv; } - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return NULL; } @@ -136,16 +137,17 @@ static int vhci_send_cmd_submit(struct v static struct vhci_unlink *dequeue_from_unlink_tx(struct vhci_device *vdev) { struct vhci_unlink *unlink, *tmp; + unsigned long flags; - spin_lock(&vdev->priv_lock); + spin_lock_irqsave(&vdev->priv_lock, flags); list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) { list_move_tail(&unlink->list, &vdev->unlink_rx); - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return unlink; } - spin_unlock(&vdev->priv_lock); + spin_unlock_irqrestore(&vdev->priv_lock, flags); return NULL; } Patches currently in stable-queue which might be from andrew.goodbody(a)cambrionix.com are queue-3.18/usb-usbip-fix-possible-deadlocks-reported-by-lockdep.patch

7 years, 4 months

1
0
0 0

Patch "posix-timer: Properly check sigevent->sigev_notify" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled posix-timer: Properly check sigevent->sigev_notify to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: posix-timer-properly-check-sigevent-sigev_notify.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From cef31d9af908243421258f1df35a4a644604efbe Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Fri, 15 Dec 2017 10:32:03 +0100 Subject: posix-timer: Properly check sigevent->sigev_notify From: Thomas Gleixner <tglx(a)linutronix.de> commit cef31d9af908243421258f1df35a4a644604efbe upstream. timer_create() specifies via sigevent->sigev_notify the signal delivery for the new timer. The valid modes are SIGEV_NONE, SIGEV_SIGNAL, SIGEV_THREAD and (SIGEV_SIGNAL | SIGEV_THREAD_ID). The sanity check in good_sigevent() is only checking the valid combination for the SIGEV_THREAD_ID bit, i.e. SIGEV_SIGNAL, but if SIGEV_THREAD_ID is not set it accepts any random value. This has no real effects on the posix timer and signal delivery code, but it affects show_timer() which handles the output of /proc/$PID/timers. That function uses a string array to pretty print sigev_notify. The access to that array has no bound checks, so random sigev_notify cause access beyond the array bounds. Add proper checks for the valid notify modes and remove the SIGEV_THREAD_ID masking from various code pathes as SIGEV_NONE can never be set in combination with SIGEV_THREAD_ID. Reported-by: Eric Biggers <ebiggers3(a)gmail.com> Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Reported-by: Alexey Dobriyan <adobriyan(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/time/posix-timers.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -500,17 +500,22 @@ static struct pid *good_sigevent(sigeven { struct task_struct *rtn = current->group_leader; - if ((event->sigev_notify & SIGEV_THREAD_ID ) && - (!(rtn = find_task_by_vpid(event->sigev_notify_thread_id)) || - !same_thread_group(rtn, current) || - (event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_SIGNAL)) + switch (event->sigev_notify) { + case SIGEV_SIGNAL | SIGEV_THREAD_ID: + rtn = find_task_by_vpid(event->sigev_notify_thread_id); + if (!rtn || !same_thread_group(rtn, current)) + return NULL; + /* FALLTHRU */ + case SIGEV_SIGNAL: + case SIGEV_THREAD: + if (event->sigev_signo <= 0 || event->sigev_signo > SIGRTMAX) + return NULL; + /* FALLTHRU */ + case SIGEV_NONE: + return task_pid(rtn); + default: return NULL; - - if (((event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) && - ((event->sigev_signo <= 0) || (event->sigev_signo > SIGRTMAX))) - return NULL; - - return task_pid(rtn); + } } void posix_timers_register_clock(const clockid_t clock_id, @@ -738,8 +743,7 @@ common_timer_get(struct k_itimer *timr, /* interval timer ? */ if (iv.tv64) cur_setting->it_interval = ktime_to_timespec(iv); - else if (!hrtimer_active(timer) && - (timr->it_sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) + else if (!hrtimer_active(timer) && timr->it_sigev_notify != SIGEV_NONE) return; now = timer->base->get_time(); @@ -750,7 +754,7 @@ common_timer_get(struct k_itimer *timr, * expiry is > now. */ if (iv.tv64 && (timr->it_requeue_pending & REQUEUE_PENDING || - (timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) + timr->it_sigev_notify == SIGEV_NONE)) timr->it_overrun += (unsigned int) hrtimer_forward(timer, now, iv); remaining = ktime_sub(hrtimer_get_expires(timer), now); @@ -760,7 +764,7 @@ common_timer_get(struct k_itimer *timr, * A single shot SIGEV_NONE timer must return 0, when * it is expired ! */ - if ((timr->it_sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) + if (timr->it_sigev_notify != SIGEV_NONE) cur_setting->it_value.tv_nsec = 1; } else cur_setting->it_value = ktime_to_timespec(remaining); @@ -858,7 +862,7 @@ common_timer_set(struct k_itimer *timr, timr->it.real.interval = timespec_to_ktime(new_setting->it_interval); /* SIGEV_NONE timers are not queued ! See common_timer_get */ - if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) { + if (timr->it_sigev_notify == SIGEV_NONE) { /* Setup correct expiry time for relative timers */ if (mode == HRTIMER_MODE_REL) { hrtimer_add_expires(timer, timer->base->get_time()); Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-3.18/posix-timer-properly-check-sigevent-sigev_notify.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7bf7a7116ed313c601307f7e585419369926ab05 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:21 -0400 Subject: media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 7bf7a7116ed313c601307f7e585419369926ab05 upstream. When the tuner was split from m88rs2000 the attach function is in wrong place. Move to dm04_lme2510_tuner to trap errors on failure and removing a call to lme_coldreset. Prevents driver starting up without any tuner connected. Fixes to trap for ts2020 fail. LME2510(C): FE Found M88RS2000 ts2020: probe of 0-0060 failed with error -11 ... LME2510(C): TUN Found RS2000 tuner kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -1118,8 +1118,6 @@ static int dm04_lme2510_frontend_attach( if (adap->fe[0]) { info("FE Found M88RS2000"); - dvb_attach(ts2020_attach, adap->fe[0], &ts2020_config, - &d->i2c_adap); st->i2c_tuner_gate_w = 5; st->i2c_tuner_gate_r = 5; st->i2c_tuner_addr = 0x60; @@ -1182,17 +1180,18 @@ static int dm04_lme2510_tuner(struct dvb ret = st->tuner_config; break; case TUNER_RS2000: - ret = st->tuner_config; + if (dvb_attach(ts2020_attach, adap->fe[0], + &ts2020_config, &d->i2c_adap)) + ret = st->tuner_config; break; default: break; } - if (ret) + if (ret) { info("TUN Found %s tuner", tun_msg[ret]); - else { - info("TUN No tuner found --- resetting device"); - lme_coldreset(d); + } else { + info("TUN No tuner found"); return -ENODEV; } Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-3.18/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-3.18/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: Improve logic checking of warm start" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: Improve logic checking of warm start to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d932ee27e852e4904647f15b64dedca51187ad7 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:20 -0400 Subject: media: dvb-usb-v2: lmedm04: Improve logic checking of warm start From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream. Warm start has no check as whether a genuine device has connected and proceeds to next execution path. Check device should read 0x47 at offset of 2 on USB descriptor read and it is the amount requested of 6 bytes. Fix for kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access as Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -438,18 +438,23 @@ static int lme2510_pid_filter(struct dvb static int lme2510_return_status(struct dvb_usb_device *d) { - int ret = 0; + int ret; u8 *data; - data = kzalloc(10, GFP_KERNEL); + data = kzalloc(6, GFP_KERNEL); if (!data) return -ENOMEM; - ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), - 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200); - info("Firmware Status: %x (%x)", ret , data[2]); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), + 0x06, 0x80, 0x0302, 0x00, + data, 0x6, 200); + if (ret != 6) + ret = -EINVAL; + else + ret = data[2]; + + info("Firmware Status: %6ph", data); - ret = (ret < 0) ? -ENODEV : data[2]; kfree(data); return ret; } @@ -1231,6 +1236,7 @@ static int lme2510_get_adapter_count(str static int lme2510_identify_state(struct dvb_usb_device *d, const char **name) { struct lme2510_state *st = d->priv; + int status; usb_reset_configuration(d->udev); @@ -1239,12 +1245,16 @@ static int lme2510_identify_state(struct st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware; - if (lme2510_return_status(d) == 0x44) { + status = lme2510_return_status(d); + if (status == 0x44) { *name = lme_firmware_switch(d, 0); return COLD; } - return 0; + if (status != 0x47) + return -EINVAL; + + return WARM; } static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type, Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-3.18/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-3.18/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "dccp: CVE-2017-8824: use-after-free in DCCP code" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dccp: CVE-2017-8824: use-after-free in DCCP code to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dccp-cve-2017-8824-use-after-free-in-dccp-code.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 Mon Sep 17 00:00:00 2001 From: Mohamed Ghannam <simo.ghannam(a)gmail.com> Date: Tue, 5 Dec 2017 20:58:35 +0000 Subject: dccp: CVE-2017-8824: use-after-free in DCCP code From: Mohamed Ghannam <simo.ghannam(a)gmail.com> commit 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 upstream. Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect() must free dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL. Signed-off-by: Mohamed Ghannam <simo.ghannam(a)gmail.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dccp/proto.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -259,6 +259,7 @@ int dccp_disconnect(struct sock *sk, int { struct inet_connection_sock *icsk = inet_csk(sk); struct inet_sock *inet = inet_sk(sk); + struct dccp_sock *dp = dccp_sk(sk); int err = 0; const int old_state = sk->sk_state; @@ -278,6 +279,10 @@ int dccp_disconnect(struct sock *sk, int sk->sk_err = ECONNRESET; dccp_clear_xmit_timers(sk); + ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); + ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); + dp->dccps_hc_rx_ccid = NULL; + dp->dccps_hc_tx_ccid = NULL; __skb_queue_purge(&sk->sk_receive_queue); __skb_queue_purge(&sk->sk_write_queue); Patches currently in stable-queue which might be from simo.ghannam(a)gmail.com are queue-3.18/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch

7 years, 4 months

1
0
0 0

Patch "cifs: Fix autonegotiate security settings mismatch" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix autonegotiate security settings mismatch to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-autonegotiate-security-settings-mismatch.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9aca7e454415f7878b28524e76bebe1170911a88 Mon Sep 17 00:00:00 2001 From: Daniel N Pettersson <danielnp(a)axis.com> Date: Thu, 11 Jan 2018 16:00:12 +0100 Subject: cifs: Fix autonegotiate security settings mismatch From: Daniel N Pettersson <danielnp(a)axis.com> commit 9aca7e454415f7878b28524e76bebe1170911a88 upstream. Autonegotiation gives a security settings mismatch error if the SMB server selects an SMBv3 dialect that isn't SMB3.02. The exact error is "protocol revalidation - security settings mismatch". This can be tested using Samba v4.2 or by setting the global Samba setting max protocol = SMB3_00. The check that fails in smb3_validate_negotiate is the dialect verification of the negotiate info response. This is because it tries to verify against the protocol_id in the global smbdefault_values. The protocol_id in smbdefault_values is SMB3.02. In SMB2_negotiate the protocol_id in smbdefault_values isn't updated, it is global so it probably shouldn't be, but server->dialect is. This patch changes the check in smb3_validate_negotiate to use server->dialect instead of server->vals->protocol_id. The patch works with autonegotiate and when using a specific version in the vers mount option. Signed-off-by: Daniel N Pettersson <danielnp(a)axis.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/smb2pdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -507,8 +507,7 @@ int smb3_validate_negotiate(const unsign } /* check validate negotiate info response matches what we got earlier */ - if (pneg_rsp->Dialect != - cpu_to_le16(tcon->ses->server->vals->protocol_id)) + if (pneg_rsp->Dialect != cpu_to_le16(tcon->ses->server->dialect)) goto vneg_out; if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode)) Patches currently in stable-queue which might be from danielnp(a)axis.com are queue-3.18/cifs-fix-autonegotiate-security-settings-mismatch.patch

7 years, 4 months

1
0
0 0

Patch "CIFS: zero sensitive data when freeing" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled CIFS: zero sensitive data when freeing to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-zero-sensitive-data-when-freeing.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 97f4b7276b829a8927ac903a119bef2f963ccc58 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Thu, 25 Jan 2018 15:59:39 +0100 Subject: CIFS: zero sensitive data when freeing From: Aurelien Aptel <aaptel(a)suse.com> commit 97f4b7276b829a8927ac903a119bef2f963ccc58 upstream. also replaces memset()+kfree() by kzfree(). Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Reviewed-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/cifsencrypt.c | 3 +-- fs/cifs/connect.c | 6 +++--- fs/cifs/misc.c | 14 ++++---------- 3 files changed, 8 insertions(+), 15 deletions(-) --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -303,9 +303,8 @@ int calc_lanman_hash(const char *passwor { int i; int rc; - char password_with_pad[CIFS_ENCPWD_SIZE]; + char password_with_pad[CIFS_ENCPWD_SIZE] = {0}; - memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); if (password) strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1650,7 +1650,7 @@ cifs_parse_mount_options(const char *mou tmp_end++; if (!(tmp_end < end && tmp_end[1] == delim)) { /* No it is not. Set the password to NULL */ - kfree(vol->password); + kzfree(vol->password); vol->password = NULL; break; } @@ -1688,7 +1688,7 @@ cifs_parse_mount_options(const char *mou options = end; } - kfree(vol->password); + kzfree(vol->password); /* Now build new password string */ temp_len = strlen(value); vol->password = kzalloc(temp_len+1, GFP_KERNEL); @@ -4046,7 +4046,7 @@ cifs_construct_tcon(struct cifs_sb_info reset_cifs_unix_caps(0, tcon, NULL, vol_info); out: kfree(vol_info->username); - kfree(vol_info->password); + kzfree(vol_info->password); kfree(vol_info); return tcon; --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -99,14 +99,11 @@ sesInfoFree(struct cifs_ses *buf_to_free kfree(buf_to_free->serverOS); kfree(buf_to_free->serverDomain); kfree(buf_to_free->serverNOS); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free->user_name); kfree(buf_to_free->domainName); - kfree(buf_to_free->auth_key.response); - kfree(buf_to_free); + kzfree(buf_to_free->auth_key.response); + kzfree(buf_to_free); } struct cifs_tcon * @@ -136,10 +133,7 @@ tconInfoFree(struct cifs_tcon *buf_to_fr } atomic_dec(&tconInfoAllocCount); kfree(buf_to_free->nativeFileSystem); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free); } Patches currently in stable-queue which might be from aaptel(a)suse.com are queue-3.18/cifs-zero-sensitive-data-when-freeing.patch

7 years, 4 months

1
0
0 0

Patch "cifs: Fix missing put_xid in cifs_file_strict_mmap" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix missing put_xid in cifs_file_strict_mmap to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f04a703c3d613845ae3141bfaf223489de8ab3eb Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <mawilcox(a)microsoft.com> Date: Fri, 15 Dec 2017 12:48:32 -0800 Subject: cifs: Fix missing put_xid in cifs_file_strict_mmap From: Matthew Wilcox <mawilcox(a)microsoft.com> commit f04a703c3d613845ae3141bfaf223489de8ab3eb upstream. If cifs_zap_mapping() returned an error, we would return without putting the xid that we got earlier. Restructure cifs_file_strict_mmap() and cifs_file_mmap() to be more similar to each other and have a single point of return that always puts the xid. Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/file.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -3261,20 +3261,18 @@ static struct vm_operations_struct cifs_ int cifs_file_strict_mmap(struct file *file, struct vm_area_struct *vma) { - int rc, xid; + int xid, rc = 0; struct inode *inode = file_inode(file); xid = get_xid(); - if (!CIFS_CACHE_READ(CIFS_I(inode))) { + if (!CIFS_CACHE_READ(CIFS_I(inode))) rc = cifs_zap_mapping(inode); - if (rc) - return rc; - } - - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } @@ -3284,16 +3282,16 @@ int cifs_file_mmap(struct file *file, st int rc, xid; xid = get_xid(); + rc = cifs_revalidate_file(file); - if (rc) { + if (rc) cifs_dbg(FYI, "Validation prior to mmap failed, error=%d\n", rc); - free_xid(xid); - return rc; - } - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } Patches currently in stable-queue which might be from mawilcox(a)microsoft.com are queue-3.18/cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch

7 years, 4 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute

by Kirill Marinushkin

Hello maintainers of <stable(a)vger.kernel.org>, As discussed earlier in this thread, I propose this patch to stable. It fixes the issue, which exists since v2.6.34. Best Regards, Kirill On 02/12/18 09:08, Takashi Iwai wrote: > On Thu, 08 Feb 2018 07:21:36 +0100, > Kirill Marinushkin wrote: >> On 02/07/18 06:45, Takashi Iwai wrote: >>> On Mon, 29 Jan 2018 06:37:55 +0100, >>> Kirill Marinushkin wrote: >>>> The layout of the UAC2 Control request and response varies depending on >>>> the request type. With the current implementation, only the Layout 2 >>>> Parameter Block (with the 2-byte sized RANGE attribute) is handled >>>> properly. For the Control requests with the 1-byte sized RANGE attribute >>>> (Bass Control, Mid Control, Tremble Control), the response is parsed >>>> incorrectly. >>>> >>>> This commit: >>>> * fixes the wLength field value in the request >>>> * fixes parsing the range values from the response >>>> >>>> Fixes: 23caaf19b11e ("ALSA: usb-mixer: Add support for Audio Class v2.0") >>>> Signed-off-by: Kirill Marinushkin <k.marinushkin(a)gmail.com> >>>> Cc: Jaroslav Kysela <perex(a)perex.cz> >>>> Cc: Takashi Iwai <tiwai(a)suse.com> >>>> Cc: Jaejoong Kim <climbbb.kim(a)gmail.com> >>>> Cc: Bhumika Goyal <bhumirks(a)gmail.com> >>>> Cc: Stephen Barber <smbarber(a)chromium.org> >>>> Cc: Julian Scheel <julian(a)jusst.de> >>>> Cc: alsa-devel(a)alsa-project.org >>>> Cc: linux-kernel(a)vger.kernel.org >>> Sorry for the late reply, as I've been (and still) off. >>> >>> Does this bug actually hit on any real devices, or is it only a >>> logical error so far? In the former case, a Cc to stable is >>> mandatory. >>> >>> In anyway, I'll review and merge it properly once after I back to >>> work. >>> >>> >>> thanks, >>> >>> Takashi >> Hello Takashi, >> >> Thank you for your answer. I will wait until you are back to work, don't >> worry about the late replies. >> >> I did not hit the issue on a real device. >> >> During my UAC2 experiments, I reproduced this issue on the development >> board, and then tested my solution on it. > OK, if it happened on a development system, it's a real issue, and we > should put Cc to stable. Now I applied the patch. > > Thanks! > > > Takashi

7 years, 4 months

2
2
0 0

Patch "sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ad0f1d9d65938aec72a698116cd73a980916895e Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 23 Jan 2018 20:45:37 -0500 Subject: sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() From: Steven Rostedt (VMware) <rostedt(a)goodmis.org> commit ad0f1d9d65938aec72a698116cd73a980916895e upstream. When the rto_push_irq_work_func() is called, it looks at the RT overloaded bitmask in the root domain via the runqueue (rq->rd). The problem is that during CPU up and down, nothing here stops rq->rd from changing between taking the rq->rd->rto_lock and releasing it. That means the lock that is released is not the same lock that was taken. Instead of using this_rq()->rd to get the root domain, as the irq work is part of the root domain, we can simply get the root domain from the irq work that is passed to the routine: container_of(work, struct root_domain, rto_push_work) This keeps the root domain consistent. Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/rt.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1895,9 +1895,8 @@ static void push_rt_tasks(struct rq *rq) * the rt_loop_next will cause the iterator to perform another scan. * */ -static int rto_next_cpu(struct rq *rq) +static int rto_next_cpu(struct root_domain *rd) { - struct root_domain *rd = rq->rd; int next; int cpu; @@ -1973,7 +1972,7 @@ static void tell_cpu_to_push(struct rq * * Otherwise it is finishing up and an ipi needs to be sent. */ if (rq->rd->rto_cpu < 0) - cpu = rto_next_cpu(rq); + cpu = rto_next_cpu(rq->rd); raw_spin_unlock(&rq->rd->rto_lock); @@ -1986,6 +1985,8 @@ static void tell_cpu_to_push(struct rq * /* Called from hardirq context */ void rto_push_irq_work_func(struct irq_work *work) { + struct root_domain *rd = + container_of(work, struct root_domain, rto_push_work); struct rq *rq; int cpu; @@ -2001,18 +2002,18 @@ void rto_push_irq_work_func(struct irq_w raw_spin_unlock(&rq->lock); } - raw_spin_lock(&rq->rd->rto_lock); + raw_spin_lock(&rd->rto_lock); /* Pass the IPI to the next rt overloaded queue */ - cpu = rto_next_cpu(rq); + cpu = rto_next_cpu(rd); - raw_spin_unlock(&rq->rd->rto_lock); + raw_spin_unlock(&rd->rto_lock); if (cpu < 0) return; /* Try the next RT overloaded CPU */ - irq_work_queue_on(&rq->rd->rto_push_work, cpu); + irq_work_queue_on(&rd->rto_push_work, cpu); } #endif /* HAVE_RT_PUSH_IPI */ Patches currently in stable-queue which might be from rostedt(a)goodmis.org are queue-4.9/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.9/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "usb: gadget: uvc: Missing files for configfs interface" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: uvc: Missing files for configfs interface to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-uvc-missing-files-for-configfs-interface.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c8cd751060b149997b9de53a494fb1490ded72c5 Mon Sep 17 00:00:00 2001 From: Petr Cvek <petr.cvek(a)tul.cz> Date: Tue, 7 Mar 2017 00:57:20 +0100 Subject: usb: gadget: uvc: Missing files for configfs interface From: Petr Cvek <petr.cvek(a)tul.cz> commit c8cd751060b149997b9de53a494fb1490ded72c5 upstream. Commit 76e0da34c7ce ("usb-gadget/uvc: use per-attribute show and store methods") caused a stringification of an undefined macro argument "aname", so three UVC parameters (streaming_interval, streaming_maxpacket and streaming_maxburst) were named "aname". Add the definition of "aname" to the main macro and name the filenames as originaly intended. Signed-off-by: Petr Cvek <petr.cvek(a)tul.cz> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/uvc_configfs.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/drivers/usb/gadget/function/uvc_configfs.c +++ b/drivers/usb/gadget/function/uvc_configfs.c @@ -2140,7 +2140,7 @@ static struct configfs_item_operations u .release = uvc_attr_release, }; -#define UVCG_OPTS_ATTR(cname, conv, str2u, uxx, vnoc, limit) \ +#define UVCG_OPTS_ATTR(cname, aname, conv, str2u, uxx, vnoc, limit) \ static ssize_t f_uvc_opts_##cname##_show( \ struct config_item *item, char *page) \ { \ @@ -2183,16 +2183,16 @@ end: \ return ret; \ } \ \ -UVC_ATTR(f_uvc_opts_, cname, aname) +UVC_ATTR(f_uvc_opts_, cname, cname) #define identity_conv(x) (x) -UVCG_OPTS_ATTR(streaming_interval, identity_conv, kstrtou8, u8, identity_conv, - 16); -UVCG_OPTS_ATTR(streaming_maxpacket, le16_to_cpu, kstrtou16, u16, le16_to_cpu, - 3072); -UVCG_OPTS_ATTR(streaming_maxburst, identity_conv, kstrtou8, u8, identity_conv, - 15); +UVCG_OPTS_ATTR(streaming_interval, streaming_interval, identity_conv, + kstrtou8, u8, identity_conv, 16); +UVCG_OPTS_ATTR(streaming_maxpacket, streaming_maxpacket, le16_to_cpu, + kstrtou16, u16, le16_to_cpu, 3072); +UVCG_OPTS_ATTR(streaming_maxburst, streaming_maxburst, identity_conv, + kstrtou8, u8, identity_conv, 15); #undef identity_conv Patches currently in stable-queue which might be from petr.cvek(a)tul.cz are queue-4.9/usb-gadget-uvc-missing-files-for-configfs-interface.patch

7 years, 4 months

1
0
0 0

Patch "sched/rt: Up the root domain ref count when passing it around via IPIs" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/rt: Up the root domain ref count when passing it around via IPIs to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 364f56653708ba8bcdefd4f0da2a42904baa8eeb Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 23 Jan 2018 20:45:38 -0500 Subject: sched/rt: Up the root domain ref count when passing it around via IPIs From: Steven Rostedt (VMware) <rostedt(a)goodmis.org> commit 364f56653708ba8bcdefd4f0da2a42904baa8eeb upstream. When issuing an IPI RT push, where an IPI is sent to each CPU that has more than one RT task scheduled on it, it references the root domain's rto_mask, that contains all the CPUs within the root domain that has more than one RT task in the runable state. The problem is, after the IPIs are initiated, the rq->lock is released. This means that the root domain that is associated to the run queue could be freed while the IPIs are going around. Add a sched_get_rd() and a sched_put_rd() that will increment and decrement the root domain's ref count respectively. This way when initiating the IPIs, the scheduler will up the root domain's ref count before releasing the rq->lock, ensuring that the root domain does not go away until the IPI round is complete. Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/core.c | 13 +++++++++++++ kernel/sched/rt.c | 9 +++++++-- kernel/sched/sched.h | 2 ++ 3 files changed, 22 insertions(+), 2 deletions(-) --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5864,6 +5864,19 @@ static void rq_attach_root(struct rq *rq call_rcu_sched(&old_rd->rcu, free_rootdomain); } +void sched_get_rd(struct root_domain *rd) +{ + atomic_inc(&rd->refcount); +} + +void sched_put_rd(struct root_domain *rd) +{ + if (!atomic_dec_and_test(&rd->refcount)) + return; + + call_rcu_sched(&rd->rcu, free_rootdomain); +} + static int init_rootdomain(struct root_domain *rd) { memset(rd, 0, sizeof(*rd)); --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1978,8 +1978,11 @@ static void tell_cpu_to_push(struct rq * rto_start_unlock(&rq->rd->rto_loop_start); - if (cpu >= 0) + if (cpu >= 0) { + /* Make sure the rd does not get freed while pushing */ + sched_get_rd(rq->rd); irq_work_queue_on(&rq->rd->rto_push_work, cpu); + } } /* Called from hardirq context */ @@ -2009,8 +2012,10 @@ void rto_push_irq_work_func(struct irq_w raw_spin_unlock(&rd->rto_lock); - if (cpu < 0) + if (cpu < 0) { + sched_put_rd(rd); return; + } /* Try the next RT overloaded CPU */ irq_work_queue_on(&rd->rto_push_work, cpu); --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -590,6 +590,8 @@ struct root_domain { }; extern struct root_domain def_root_domain; +extern void sched_get_rd(struct root_domain *rd); +extern void sched_put_rd(struct root_domain *rd); #ifdef HAVE_RT_PUSH_IPI extern void rto_push_irq_work_func(struct irq_work *work); Patches currently in stable-queue which might be from rostedt(a)goodmis.org are queue-4.9/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.9/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "powerpc/pseries: include linux/types.h in asm/hvcall.h" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/pseries: include linux/types.h in asm/hvcall.h to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1b689a95ce7427075f9ac9fb4aea1af530742b7f Mon Sep 17 00:00:00 2001 From: Michal Suchanek <msuchanek(a)suse.de> Date: Mon, 15 Jan 2018 14:30:03 +0100 Subject: powerpc/pseries: include linux/types.h in asm/hvcall.h From: Michal Suchanek <msuchanek(a)suse.de> commit 1b689a95ce7427075f9ac9fb4aea1af530742b7f upstream. Commit 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings") uses u64 in asm/hvcall.h without including linux/types.h This breaks hvcall.h users that do not include the header themselves. Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings") Signed-off-by: Michal Suchanek <msuchanek(a)suse.de> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/include/asm/hvcall.h | 1 + 1 file changed, 1 insertion(+) --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -319,6 +319,7 @@ #define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ull << 61) // IBM bit 2 #ifndef __ASSEMBLY__ +#include <linux/types.h> /** * plpar_hcall_norets: - Make a pseries hypervisor call with no return arguments Patches currently in stable-queue which might be from msuchanek(a)suse.de are queue-4.9/powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch

7 years, 4 months

1
0
0 0

Patch "posix-timer: Properly check sigevent->sigev_notify" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled posix-timer: Properly check sigevent->sigev_notify to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: posix-timer-properly-check-sigevent-sigev_notify.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From cef31d9af908243421258f1df35a4a644604efbe Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Fri, 15 Dec 2017 10:32:03 +0100 Subject: posix-timer: Properly check sigevent->sigev_notify From: Thomas Gleixner <tglx(a)linutronix.de> commit cef31d9af908243421258f1df35a4a644604efbe upstream. timer_create() specifies via sigevent->sigev_notify the signal delivery for the new timer. The valid modes are SIGEV_NONE, SIGEV_SIGNAL, SIGEV_THREAD and (SIGEV_SIGNAL | SIGEV_THREAD_ID). The sanity check in good_sigevent() is only checking the valid combination for the SIGEV_THREAD_ID bit, i.e. SIGEV_SIGNAL, but if SIGEV_THREAD_ID is not set it accepts any random value. This has no real effects on the posix timer and signal delivery code, but it affects show_timer() which handles the output of /proc/$PID/timers. That function uses a string array to pretty print sigev_notify. The access to that array has no bound checks, so random sigev_notify cause access beyond the array bounds. Add proper checks for the valid notify modes and remove the SIGEV_THREAD_ID masking from various code pathes as SIGEV_NONE can never be set in combination with SIGEV_THREAD_ID. Reported-by: Eric Biggers <ebiggers3(a)gmail.com> Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Reported-by: Alexey Dobriyan <adobriyan(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/time/posix-timers.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -507,17 +507,22 @@ static struct pid *good_sigevent(sigeven { struct task_struct *rtn = current->group_leader; - if ((event->sigev_notify & SIGEV_THREAD_ID ) && - (!(rtn = find_task_by_vpid(event->sigev_notify_thread_id)) || - !same_thread_group(rtn, current) || - (event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_SIGNAL)) + switch (event->sigev_notify) { + case SIGEV_SIGNAL | SIGEV_THREAD_ID: + rtn = find_task_by_vpid(event->sigev_notify_thread_id); + if (!rtn || !same_thread_group(rtn, current)) + return NULL; + /* FALLTHRU */ + case SIGEV_SIGNAL: + case SIGEV_THREAD: + if (event->sigev_signo <= 0 || event->sigev_signo > SIGRTMAX) + return NULL; + /* FALLTHRU */ + case SIGEV_NONE: + return task_pid(rtn); + default: return NULL; - - if (((event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) && - ((event->sigev_signo <= 0) || (event->sigev_signo > SIGRTMAX))) - return NULL; - - return task_pid(rtn); + } } void posix_timers_register_clock(const clockid_t clock_id, @@ -745,8 +750,7 @@ common_timer_get(struct k_itimer *timr, /* interval timer ? */ if (iv.tv64) cur_setting->it_interval = ktime_to_timespec(iv); - else if (!hrtimer_active(timer) && - (timr->it_sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) + else if (!hrtimer_active(timer) && timr->it_sigev_notify != SIGEV_NONE) return; now = timer->base->get_time(); @@ -757,7 +761,7 @@ common_timer_get(struct k_itimer *timr, * expiry is > now. */ if (iv.tv64 && (timr->it_requeue_pending & REQUEUE_PENDING || - (timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) + timr->it_sigev_notify == SIGEV_NONE)) timr->it_overrun += (unsigned int) hrtimer_forward(timer, now, iv); remaining = __hrtimer_expires_remaining_adjusted(timer, now); @@ -767,7 +771,7 @@ common_timer_get(struct k_itimer *timr, * A single shot SIGEV_NONE timer must return 0, when * it is expired ! */ - if ((timr->it_sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) + if (timr->it_sigev_notify != SIGEV_NONE) cur_setting->it_value.tv_nsec = 1; } else cur_setting->it_value = ktime_to_timespec(remaining); @@ -865,7 +869,7 @@ common_timer_set(struct k_itimer *timr, timr->it.real.interval = timespec_to_ktime(new_setting->it_interval); /* SIGEV_NONE timers are not queued ! See common_timer_get */ - if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) { + if (timr->it_sigev_notify == SIGEV_NONE) { /* Setup correct expiry time for relative timers */ if (mode == HRTIMER_MODE_REL) { hrtimer_add_expires(timer, timer->base->get_time()); Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.9/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.9/posix-timer-properly-check-sigevent-sigev_notify.patch queue-4.9/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch

7 years, 4 months

1
0
0 0

Patch "media: hdpvr: Fix an error handling path in hdpvr_probe()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: hdpvr: Fix an error handling path in hdpvr_probe() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c0f71bbb810237a38734607ca4599632f7f5d47f Mon Sep 17 00:00:00 2001 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Fri, 22 Sep 2017 09:07:06 -0400 Subject: media: hdpvr: Fix an error handling path in hdpvr_probe() From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> commit c0f71bbb810237a38734607ca4599632f7f5d47f upstream. Here, hdpvr_register_videodev() is responsible for setup and register a video device. Also defining and initializing a worker. hdpvr_register_videodev() is calling by hdpvr_probe at last. So no need to flush any work here. Unregister v4l2, free buffers and memory. If hdpvr_probe() will fail. Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/hdpvr/hdpvr-core.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) --- a/drivers/media/usb/hdpvr/hdpvr-core.c +++ b/drivers/media/usb/hdpvr/hdpvr-core.c @@ -295,7 +295,7 @@ static int hdpvr_probe(struct usb_interf /* register v4l2_device early so it can be used for printks */ if (v4l2_device_register(&interface->dev, &dev->v4l2_dev)) { dev_err(&interface->dev, "v4l2_device_register failed\n"); - goto error; + goto error_free_dev; } mutex_init(&dev->io_mutex); @@ -304,7 +304,7 @@ static int hdpvr_probe(struct usb_interf dev->usbc_buf = kmalloc(64, GFP_KERNEL); if (!dev->usbc_buf) { v4l2_err(&dev->v4l2_dev, "Out of memory\n"); - goto error; + goto error_v4l2_unregister; } init_waitqueue_head(&dev->wait_buffer); @@ -342,13 +342,13 @@ static int hdpvr_probe(struct usb_interf } if (!dev->bulk_in_endpointAddr) { v4l2_err(&dev->v4l2_dev, "Could not find bulk-in endpoint\n"); - goto error; + goto error_put_usb; } /* init the device */ if (hdpvr_device_init(dev)) { v4l2_err(&dev->v4l2_dev, "device init failed\n"); - goto error; + goto error_put_usb; } mutex_lock(&dev->io_mutex); @@ -356,7 +356,7 @@ static int hdpvr_probe(struct usb_interf mutex_unlock(&dev->io_mutex); v4l2_err(&dev->v4l2_dev, "allocating transfer buffers failed\n"); - goto error; + goto error_put_usb; } mutex_unlock(&dev->io_mutex); @@ -364,7 +364,7 @@ static int hdpvr_probe(struct usb_interf retval = hdpvr_register_i2c_adapter(dev); if (retval < 0) { v4l2_err(&dev->v4l2_dev, "i2c adapter register failed\n"); - goto error; + goto error_free_buffers; } client = hdpvr_register_ir_rx_i2c(dev); @@ -397,13 +397,17 @@ static int hdpvr_probe(struct usb_interf reg_fail: #if IS_ENABLED(CONFIG_I2C) i2c_del_adapter(&dev->i2c_adapter); +error_free_buffers: #endif + hdpvr_free_buffers(dev); +error_put_usb: + usb_put_dev(dev->udev); + kfree(dev->usbc_buf); +error_v4l2_unregister: + v4l2_device_unregister(&dev->v4l2_dev); +error_free_dev: + kfree(dev); error: - if (dev) { - flush_work(&dev->worker); - /* this frees allocated memory */ - hdpvr_delete(dev); - } return retval; } Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-4.9/media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7bf7a7116ed313c601307f7e585419369926ab05 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:21 -0400 Subject: media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 7bf7a7116ed313c601307f7e585419369926ab05 upstream. When the tuner was split from m88rs2000 the attach function is in wrong place. Move to dm04_lme2510_tuner to trap errors on failure and removing a call to lme_coldreset. Prevents driver starting up without any tuner connected. Fixes to trap for ts2020 fail. LME2510(C): FE Found M88RS2000 ts2020: probe of 0-0060 failed with error -11 ... LME2510(C): TUN Found RS2000 tuner kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -1084,8 +1084,6 @@ static int dm04_lme2510_frontend_attach( if (adap->fe[0]) { info("FE Found M88RS2000"); - dvb_attach(ts2020_attach, adap->fe[0], &ts2020_config, - &d->i2c_adap); st->i2c_tuner_gate_w = 5; st->i2c_tuner_gate_r = 5; st->i2c_tuner_addr = 0x60; @@ -1151,17 +1149,18 @@ static int dm04_lme2510_tuner(struct dvb ret = st->tuner_config; break; case TUNER_RS2000: - ret = st->tuner_config; + if (dvb_attach(ts2020_attach, adap->fe[0], + &ts2020_config, &d->i2c_adap)) + ret = st->tuner_config; break; default: break; } - if (ret) + if (ret) { info("TUN Found %s tuner", tun_msg[ret]); - else { - info("TUN No tuner found --- resetting device"); - lme_coldreset(d); + } else { + info("TUN No tuner found"); return -ENODEV; } Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.9/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.9/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: Improve logic checking of warm start" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: Improve logic checking of warm start to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d932ee27e852e4904647f15b64dedca51187ad7 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:20 -0400 Subject: media: dvb-usb-v2: lmedm04: Improve logic checking of warm start From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream. Warm start has no check as whether a genuine device has connected and proceeds to next execution path. Check device should read 0x47 at offset of 2 on USB descriptor read and it is the amount requested of 6 bytes. Fix for kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access as Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -504,18 +504,23 @@ static int lme2510_pid_filter(struct dvb static int lme2510_return_status(struct dvb_usb_device *d) { - int ret = 0; + int ret; u8 *data; - data = kzalloc(10, GFP_KERNEL); + data = kzalloc(6, GFP_KERNEL); if (!data) return -ENOMEM; - ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), - 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200); - info("Firmware Status: %x (%x)", ret , data[2]); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), + 0x06, 0x80, 0x0302, 0x00, + data, 0x6, 200); + if (ret != 6) + ret = -EINVAL; + else + ret = data[2]; + + info("Firmware Status: %6ph", data); - ret = (ret < 0) ? -ENODEV : data[2]; kfree(data); return ret; } @@ -1200,6 +1205,7 @@ static int lme2510_get_adapter_count(str static int lme2510_identify_state(struct dvb_usb_device *d, const char **name) { struct lme2510_state *st = d->priv; + int status; usb_reset_configuration(d->udev); @@ -1208,12 +1214,16 @@ static int lme2510_identify_state(struct st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware; - if (lme2510_return_status(d) == 0x44) { + status = lme2510_return_status(d); + if (status == 0x44) { *name = lme_firmware_switch(d, 0); return COLD; } - return 0; + if (status != 0x47) + return -EINVAL; + + return WARM; } static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type, Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.9/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.9/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 4 months

1
0
0 0

Patch "kaiser: fix compile error without vsyscall" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kaiser: fix compile error without vsyscall to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kaiser-fix-compile-error-without-vsyscall.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 16:45:20 CET 2018 Date: Tue, 13 Feb 2018 16:45:20 +0100 To: Greg KH <gregkh(a)linuxfoundation.org> From: Hugh Dickins <hughd(a)google.com> Subject: kaiser: fix compile error without vsyscall From: Hugh Dickins <hughd(a)google.com> Tobias noticed a compile error on 4.4.115, and it's the same on 4.9.80: arch/x86/mm/kaiser.c: In function ‘kaiser_init’: arch/x86/mm/kaiser.c:348:8: error: ‘vsyscall_pgprot’ undeclared (first use in this function) It seems like his combination of kernel options doesn't work for KAISER. X86_VSYSCALL_EMULATION is not set on his system, while LEGACY_VSYSCALL is set to NONE (LEGACY_VSYSCALL_NONE=y). He managed to get things compiling again, by moving the 'extern unsigned long vsyscall_pgprot' outside of the preprocessor statement. This works because the optimizer removes that code (vsyscall_enabled() is always false) - and that's how it was done in some older backports. Reported-by: Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Signed-off-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/vsyscall.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -13,7 +13,6 @@ extern void map_vsyscall(void); */ extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address); extern bool vsyscall_enabled(void); -extern unsigned long vsyscall_pgprot; #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) @@ -22,5 +21,6 @@ static inline bool emulate_vsyscall(stru } static inline bool vsyscall_enabled(void) { return false; } #endif +extern unsigned long vsyscall_pgprot; #endif /* _ASM_X86_VSYSCALL_H */ Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.9/media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch queue-4.9/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.9/kaiser-fix-compile-error-without-vsyscall.patch queue-4.9/usb-gadget-uvc-missing-files-for-configfs-interface.patch queue-4.9/dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch queue-4.9/cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch queue-4.9/cifs-fix-autonegotiate-security-settings-mismatch.patch queue-4.9/sched-rt-use-container_of-to-get-root-domain-in-rto_push_irq_work_func.patch queue-4.9/posix-timer-properly-check-sigevent-sigev_notify.patch queue-4.9/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch queue-4.9/powerpc-pseries-include-linux-types.h-in-asm-hvcall.h.patch queue-4.9/cifs-zero-sensitive-data-when-freeing.patch queue-4.9/sched-rt-up-the-root-domain-ref-count-when-passing-it-around-via-ipis.patch queue-4.9/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror