- Linux-stable-mirror - lists.linaro.org

Patch "media: hdpvr: Fix an error handling path in hdpvr_probe()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: hdpvr: Fix an error handling path in hdpvr_probe() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c0f71bbb810237a38734607ca4599632f7f5d47f Mon Sep 17 00:00:00 2001 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Fri, 22 Sep 2017 09:07:06 -0400 Subject: media: hdpvr: Fix an error handling path in hdpvr_probe() From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> commit c0f71bbb810237a38734607ca4599632f7f5d47f upstream. Here, hdpvr_register_videodev() is responsible for setup and register a video device. Also defining and initializing a worker. hdpvr_register_videodev() is calling by hdpvr_probe at last. So no need to flush any work here. Unregister v4l2, free buffers and memory. If hdpvr_probe() will fail. Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/hdpvr/hdpvr-core.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) --- a/drivers/media/usb/hdpvr/hdpvr-core.c +++ b/drivers/media/usb/hdpvr/hdpvr-core.c @@ -292,7 +292,7 @@ static int hdpvr_probe(struct usb_interf /* register v4l2_device early so it can be used for printks */ if (v4l2_device_register(&interface->dev, &dev->v4l2_dev)) { dev_err(&interface->dev, "v4l2_device_register failed\n"); - goto error; + goto error_free_dev; } mutex_init(&dev->io_mutex); @@ -301,7 +301,7 @@ static int hdpvr_probe(struct usb_interf dev->usbc_buf = kmalloc(64, GFP_KERNEL); if (!dev->usbc_buf) { v4l2_err(&dev->v4l2_dev, "Out of memory\n"); - goto error; + goto error_v4l2_unregister; } init_waitqueue_head(&dev->wait_buffer); @@ -339,13 +339,13 @@ static int hdpvr_probe(struct usb_interf } if (!dev->bulk_in_endpointAddr) { v4l2_err(&dev->v4l2_dev, "Could not find bulk-in endpoint\n"); - goto error; + goto error_put_usb; } /* init the device */ if (hdpvr_device_init(dev)) { v4l2_err(&dev->v4l2_dev, "device init failed\n"); - goto error; + goto error_put_usb; } mutex_lock(&dev->io_mutex); @@ -353,7 +353,7 @@ static int hdpvr_probe(struct usb_interf mutex_unlock(&dev->io_mutex); v4l2_err(&dev->v4l2_dev, "allocating transfer buffers failed\n"); - goto error; + goto error_put_usb; } mutex_unlock(&dev->io_mutex); @@ -361,7 +361,7 @@ static int hdpvr_probe(struct usb_interf retval = hdpvr_register_i2c_adapter(dev); if (retval < 0) { v4l2_err(&dev->v4l2_dev, "i2c adapter register failed\n"); - goto error; + goto error_free_buffers; } client = hdpvr_register_ir_rx_i2c(dev); @@ -394,13 +394,17 @@ static int hdpvr_probe(struct usb_interf reg_fail: #if IS_ENABLED(CONFIG_I2C) i2c_del_adapter(&dev->i2c_adapter); +error_free_buffers: #endif + hdpvr_free_buffers(dev); +error_put_usb: + usb_put_dev(dev->udev); + kfree(dev->usbc_buf); +error_v4l2_unregister: + v4l2_device_unregister(&dev->v4l2_dev); +error_free_dev: + kfree(dev); error: - if (dev) { - flush_work(&dev->worker); - /* this frees allocated memory */ - hdpvr_delete(dev); - } return retval; } Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-4.15/media-hdpvr-fix-an-error-handling-path-in-hdpvr_probe.patch

7 years, 8 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7bf7a7116ed313c601307f7e585419369926ab05 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:21 -0400 Subject: media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 7bf7a7116ed313c601307f7e585419369926ab05 upstream. When the tuner was split from m88rs2000 the attach function is in wrong place. Move to dm04_lme2510_tuner to trap errors on failure and removing a call to lme_coldreset. Prevents driver starting up without any tuner connected. Fixes to trap for ts2020 fail. LME2510(C): FE Found M88RS2000 ts2020: probe of 0-0060 failed with error -11 ... LME2510(C): TUN Found RS2000 tuner kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -1076,8 +1076,6 @@ static int dm04_lme2510_frontend_attach( if (adap->fe[0]) { info("FE Found M88RS2000"); - dvb_attach(ts2020_attach, adap->fe[0], &ts2020_config, - &d->i2c_adap); st->i2c_tuner_gate_w = 5; st->i2c_tuner_gate_r = 5; st->i2c_tuner_addr = 0x60; @@ -1143,17 +1141,18 @@ static int dm04_lme2510_tuner(struct dvb ret = st->tuner_config; break; case TUNER_RS2000: - ret = st->tuner_config; + if (dvb_attach(ts2020_attach, adap->fe[0], + &ts2020_config, &d->i2c_adap)) + ret = st->tuner_config; break; default: break; } - if (ret) + if (ret) { info("TUN Found %s tuner", tun_msg[ret]); - else { - info("TUN No tuner found --- resetting device"); - lme_coldreset(d); + } else { + info("TUN No tuner found"); return -ENODEV; } Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.15/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.15/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 8 months

1
0
0 0

Patch "media: dvb-usb-v2: lmedm04: Improve logic checking of warm start" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-usb-v2: lmedm04: Improve logic checking of warm start to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d932ee27e852e4904647f15b64dedca51187ad7 Mon Sep 17 00:00:00 2001 From: Malcolm Priestley <tvboxspy(a)gmail.com> Date: Tue, 26 Sep 2017 17:10:20 -0400 Subject: media: dvb-usb-v2: lmedm04: Improve logic checking of warm start From: Malcolm Priestley <tvboxspy(a)gmail.com> commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream. Warm start has no check as whether a genuine device has connected and proceeds to next execution path. Check device should read 0x47 at offset of 2 on USB descriptor read and it is the amount requested of 6 bytes. Fix for kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access as Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Malcolm Priestley <tvboxspy(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) --- a/drivers/media/usb/dvb-usb-v2/lmedm04.c +++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c @@ -494,18 +494,23 @@ static int lme2510_pid_filter(struct dvb static int lme2510_return_status(struct dvb_usb_device *d) { - int ret = 0; + int ret; u8 *data; - data = kzalloc(10, GFP_KERNEL); + data = kzalloc(6, GFP_KERNEL); if (!data) return -ENOMEM; - ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), - 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200); - info("Firmware Status: %x (%x)", ret , data[2]); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), + 0x06, 0x80, 0x0302, 0x00, + data, 0x6, 200); + if (ret != 6) + ret = -EINVAL; + else + ret = data[2]; + + info("Firmware Status: %6ph", data); - ret = (ret < 0) ? -ENODEV : data[2]; kfree(data); return ret; } @@ -1189,6 +1194,7 @@ static int lme2510_get_adapter_count(str static int lme2510_identify_state(struct dvb_usb_device *d, const char **name) { struct lme2510_state *st = d->priv; + int status; usb_reset_configuration(d->udev); @@ -1197,12 +1203,16 @@ static int lme2510_identify_state(struct st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware; - if (lme2510_return_status(d) == 0x44) { + status = lme2510_return_status(d); + if (status == 0x44) { *name = lme_firmware_switch(d, 0); return COLD; } - return 0; + if (status != 0x47) + return -EINVAL; + + return WARM; } static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type, Patches currently in stable-queue which might be from tvboxspy(a)gmail.com are queue-4.15/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_lme2510_tuner.patch queue-4.15/media-dvb-usb-v2-lmedm04-improve-logic-checking-of-warm-start.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] firmware/psci: Expose PSCI conduit" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] firmware/psci: Expose PSCI conduit to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: firmware-psci-expose-psci-conduit.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:16 +0000 Subject: [Variant 2/Spectre-v2] firmware/psci: Expose PSCI conduit From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 09a8d6d48499 upstream. In order to call into the firmware to apply workarounds, it is useful to find out whether we're using HVC or SMC. Let's expose this through the psci_ops. Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/psci.c | 28 +++++++++++++++++++++++----- include/linux/psci.h | 7 +++++++ 2 files changed, 30 insertions(+), 5 deletions(-) --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c @@ -59,7 +59,9 @@ bool psci_tos_resident_on(int cpu) return cpu == resident_cpu; } -struct psci_operations psci_ops; +struct psci_operations psci_ops = { + .conduit = PSCI_CONDUIT_NONE, +}; typedef unsigned long (psci_fn)(unsigned long, unsigned long, unsigned long, unsigned long); @@ -210,6 +212,22 @@ static unsigned long psci_migrate_info_u 0, 0, 0); } +static void set_conduit(enum psci_conduit conduit) +{ + switch (conduit) { + case PSCI_CONDUIT_HVC: + invoke_psci_fn = __invoke_psci_fn_hvc; + break; + case PSCI_CONDUIT_SMC: + invoke_psci_fn = __invoke_psci_fn_smc; + break; + default: + WARN(1, "Unexpected PSCI conduit %d\n", conduit); + } + + psci_ops.conduit = conduit; +} + static int get_set_conduit_method(struct device_node *np) { const char *method; @@ -222,9 +240,9 @@ static int get_set_conduit_method(struct } if (!strcmp("hvc", method)) { - invoke_psci_fn = __invoke_psci_fn_hvc; + set_conduit(PSCI_CONDUIT_HVC); } else if (!strcmp("smc", method)) { - invoke_psci_fn = __invoke_psci_fn_smc; + set_conduit(PSCI_CONDUIT_SMC); } else { pr_warn("invalid \"method\" property: %s\n", method); return -EINVAL; @@ -654,9 +672,9 @@ int __init psci_acpi_init(void) pr_info("probing for conduit method from ACPI.\n"); if (acpi_psci_use_hvc()) - invoke_psci_fn = __invoke_psci_fn_hvc; + set_conduit(PSCI_CONDUIT_HVC); else - invoke_psci_fn = __invoke_psci_fn_smc; + set_conduit(PSCI_CONDUIT_SMC); return psci_probe(); } --- a/include/linux/psci.h +++ b/include/linux/psci.h @@ -25,6 +25,12 @@ bool psci_tos_resident_on(int cpu); int psci_cpu_init_idle(unsigned int cpu); int psci_cpu_suspend_enter(unsigned long index); +enum psci_conduit { + PSCI_CONDUIT_NONE, + PSCI_CONDUIT_SMC, + PSCI_CONDUIT_HVC, +}; + struct psci_operations { u32 (*get_version)(void); int (*cpu_suspend)(u32 state, unsigned long entry_point); @@ -34,6 +40,7 @@ struct psci_operations { int (*affinity_info)(unsigned long target_affinity, unsigned long lowest_affinity_level); int (*migrate_info_type)(void); + enum psci_conduit conduit; }; extern struct psci_operations psci_ops; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: firmware-psci-expose-smccc-version-through-psci_ops.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 6 Feb 2018 17:56:17 +0000 Subject: [Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops From: Marc Zyngier <marc.zyngier(a)arm.com> Commit e78eef554a91 upstream. Since PSCI 1.0 allows the SMCCC version to be (indirectly) probed, let's do that at boot time, and expose the version of the calling convention as part of the psci_ops structure. Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/psci.c | 27 +++++++++++++++++++++++++++ include/linux/psci.h | 6 ++++++ 2 files changed, 33 insertions(+) --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c @@ -61,6 +61,7 @@ bool psci_tos_resident_on(int cpu) struct psci_operations psci_ops = { .conduit = PSCI_CONDUIT_NONE, + .smccc_version = SMCCC_VERSION_1_0, }; typedef unsigned long (psci_fn)(unsigned long, unsigned long, @@ -511,6 +512,31 @@ static void __init psci_init_migrate(voi pr_info("Trusted OS resident on physical CPU 0x%lx\n", cpuid); } +static void __init psci_init_smccc(void) +{ + u32 ver = ARM_SMCCC_VERSION_1_0; + int feature; + + feature = psci_features(ARM_SMCCC_VERSION_FUNC_ID); + + if (feature != PSCI_RET_NOT_SUPPORTED) { + u32 ret; + ret = invoke_psci_fn(ARM_SMCCC_VERSION_FUNC_ID, 0, 0, 0); + if (ret == ARM_SMCCC_VERSION_1_1) { + psci_ops.smccc_version = SMCCC_VERSION_1_1; + ver = ret; + } + } + + /* + * Conveniently, the SMCCC and PSCI versions are encoded the + * same way. No, this isn't accidental. + */ + pr_info("SMC Calling Convention v%d.%d\n", + PSCI_VERSION_MAJOR(ver), PSCI_VERSION_MINOR(ver)); + +} + static void __init psci_0_2_set_functions(void) { pr_info("Using standard PSCI v0.2 function IDs\n"); @@ -559,6 +585,7 @@ static int __init psci_probe(void) psci_init_migrate(); if (PSCI_VERSION_MAJOR(ver) >= 1) { + psci_init_smccc(); psci_init_cpu_suspend(); psci_init_system_suspend(); } --- a/include/linux/psci.h +++ b/include/linux/psci.h @@ -31,6 +31,11 @@ enum psci_conduit { PSCI_CONDUIT_HVC, }; +enum smccc_version { + SMCCC_VERSION_1_0, + SMCCC_VERSION_1_1, +}; + struct psci_operations { u32 (*get_version)(void); int (*cpu_suspend)(u32 state, unsigned long entry_point); @@ -41,6 +46,7 @@ struct psci_operations { unsigned long lowest_affinity_level); int (*migrate_info_type)(void); enum psci_conduit conduit; + enum smccc_version smccc_version; }; extern struct psci_operations psci_ops; Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 2 Jan 2018 21:45:41 +0000 Subject: [Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure From: Will Deacon <will.deacon(a)arm.com> Commit d68e3ba5303f upstream. Entry into recent versions of ARM Trusted Firmware will invalidate the CPU branch predictor state in order to protect against aliasing attacks. This patch exposes the PSCI "VERSION" function via psci_ops, so that it can be invoked outside of the PSCI driver where necessary. Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/psci.c | 2 ++ include/linux/psci.h | 1 + 2 files changed, 3 insertions(+) --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c @@ -496,6 +496,8 @@ static void __init psci_init_migrate(voi static void __init psci_0_2_set_functions(void) { pr_info("Using standard PSCI v0.2 function IDs\n"); + psci_ops.get_version = psci_get_version; + psci_function_id[PSCI_FN_CPU_SUSPEND] = PSCI_FN_NATIVE(0_2, CPU_SUSPEND); psci_ops.cpu_suspend = psci_cpu_suspend; --- a/include/linux/psci.h +++ b/include/linux/psci.h @@ -26,6 +26,7 @@ int psci_cpu_init_idle(unsigned int cpu) int psci_cpu_suspend_enter(unsigned long index); struct psci_operations { + u32 (*get_version)(void); int (*cpu_suspend)(u32 state, unsigned long entry_point); int (*cpu_off)(u32 state); int (*cpu_on)(unsigned long cpuid, unsigned long entry_point); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "dmaengine: dmatest: fix container_of member in dmatest_callback" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: dmatest: fix container_of member in dmatest_callback to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 66b3bd2356e0a1531c71a3dcf96944621e25c17c Mon Sep 17 00:00:00 2001 From: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> Date: Mon, 29 Jan 2018 14:40:11 +0800 Subject: dmaengine: dmatest: fix container_of member in dmatest_callback From: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> commit 66b3bd2356e0a1531c71a3dcf96944621e25c17c upstream. The type of arg passed to dmatest_callback is struct dmatest_done. It refers to test_done in struct dmatest_thread, not done_wait. Fixes: 6f6a23a213be ("dmaengine: dmatest: move callback wait ...") Signed-off-by: Yang Shunyong <shunyong.yang(a)hxt-semitech.com> Acked-by: Adam Wallis <awallis(a)codeaurora.org> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/dmatest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dma/dmatest.c +++ b/drivers/dma/dmatest.c @@ -355,7 +355,7 @@ static void dmatest_callback(void *arg) { struct dmatest_done *done = arg; struct dmatest_thread *thread = - container_of(arg, struct dmatest_thread, done_wait); + container_of(done, struct dmatest_thread, test_done); if (!thread->done) { done->done = true; wake_up_all(done->wait); Patches currently in stable-queue which might be from shunyong.yang(a)hxt-semitech.com are queue-4.15/dmaengine-dmatest-fix-container_of-member-in-dmatest_callback.patch

7 years, 8 months

1
0
0 0

Patch "cifs: Fix missing put_xid in cifs_file_strict_mmap" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix missing put_xid in cifs_file_strict_mmap to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f04a703c3d613845ae3141bfaf223489de8ab3eb Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <mawilcox(a)microsoft.com> Date: Fri, 15 Dec 2017 12:48:32 -0800 Subject: cifs: Fix missing put_xid in cifs_file_strict_mmap From: Matthew Wilcox <mawilcox(a)microsoft.com> commit f04a703c3d613845ae3141bfaf223489de8ab3eb upstream. If cifs_zap_mapping() returned an error, we would return without putting the xid that we got earlier. Restructure cifs_file_strict_mmap() and cifs_file_mmap() to be more similar to each other and have a single point of return that always puts the xid. Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/file.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -3471,20 +3471,18 @@ static const struct vm_operations_struct int cifs_file_strict_mmap(struct file *file, struct vm_area_struct *vma) { - int rc, xid; + int xid, rc = 0; struct inode *inode = file_inode(file); xid = get_xid(); - if (!CIFS_CACHE_READ(CIFS_I(inode))) { + if (!CIFS_CACHE_READ(CIFS_I(inode))) rc = cifs_zap_mapping(inode); - if (rc) - return rc; - } - - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } @@ -3494,16 +3492,16 @@ int cifs_file_mmap(struct file *file, st int rc, xid; xid = get_xid(); + rc = cifs_revalidate_file(file); - if (rc) { + if (rc) cifs_dbg(FYI, "Validation prior to mmap failed, error=%d\n", rc); - free_xid(xid); - return rc; - } - rc = generic_file_mmap(file, vma); - if (rc == 0) + if (!rc) + rc = generic_file_mmap(file, vma); + if (!rc) vma->vm_ops = &cifs_file_vm_ops; + free_xid(xid); return rc; } Patches currently in stable-queue which might be from mawilcox(a)microsoft.com are queue-4.15/cifs-fix-missing-put_xid-in-cifs_file_strict_mmap.patch

7 years, 8 months

1
0
0 0

Patch "cpufreq: mediatek: add mediatek related projects into blacklist" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cpufreq: mediatek: add mediatek related projects into blacklist to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cpufreq-mediatek-add-mediatek-related-projects-into-blacklist.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6066998cbd2b1012a8d5bc9a2957cfd0ad53150e Mon Sep 17 00:00:00 2001 From: Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> Date: Fri, 8 Dec 2017 14:07:56 +0800 Subject: cpufreq: mediatek: add mediatek related projects into blacklist From: Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> commit 6066998cbd2b1012a8d5bc9a2957cfd0ad53150e upstream. mediatek projects will use mediate-cpufreq.c as cpufreq driver, instead of using cpufreq_dt.c Add mediatek related projects into cpufreq-dt blacklist Signed-off-by: Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/cpufreq/cpufreq-dt-platdev.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/drivers/cpufreq/cpufreq-dt-platdev.c +++ b/drivers/cpufreq/cpufreq-dt-platdev.c @@ -108,6 +108,14 @@ static const struct of_device_id blackli { .compatible = "marvell,armadaxp", }, + { .compatible = "mediatek,mt2701", }, + { .compatible = "mediatek,mt2712", }, + { .compatible = "mediatek,mt7622", }, + { .compatible = "mediatek,mt7623", }, + { .compatible = "mediatek,mt817x", }, + { .compatible = "mediatek,mt8173", }, + { .compatible = "mediatek,mt8176", }, + { .compatible = "nvidia,tegra124", }, { .compatible = "st,stih407", }, Patches currently in stable-queue which might be from andrew-sh.cheng(a)mediatek.com are queue-4.15/cpufreq-mediatek-add-mediatek-related-projects-into-blacklist.patch

7 years, 8 months

1
0
0 0

Patch "CIFS: zero sensitive data when freeing" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled CIFS: zero sensitive data when freeing to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-zero-sensitive-data-when-freeing.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 97f4b7276b829a8927ac903a119bef2f963ccc58 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel <aaptel(a)suse.com> Date: Thu, 25 Jan 2018 15:59:39 +0100 Subject: CIFS: zero sensitive data when freeing From: Aurelien Aptel <aaptel(a)suse.com> commit 97f4b7276b829a8927ac903a119bef2f963ccc58 upstream. also replaces memset()+kfree() by kzfree(). Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Reviewed-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/cifsencrypt.c | 3 +-- fs/cifs/connect.c | 6 +++--- fs/cifs/misc.c | 14 ++++---------- 3 files changed, 8 insertions(+), 15 deletions(-) --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -325,9 +325,8 @@ int calc_lanman_hash(const char *passwor { int i; int rc; - char password_with_pad[CIFS_ENCPWD_SIZE]; + char password_with_pad[CIFS_ENCPWD_SIZE] = {0}; - memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); if (password) strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1707,7 +1707,7 @@ cifs_parse_mount_options(const char *mou tmp_end++; if (!(tmp_end < end && tmp_end[1] == delim)) { /* No it is not. Set the password to NULL */ - kfree(vol->password); + kzfree(vol->password); vol->password = NULL; break; } @@ -1745,7 +1745,7 @@ cifs_parse_mount_options(const char *mou options = end; } - kfree(vol->password); + kzfree(vol->password); /* Now build new password string */ temp_len = strlen(value); vol->password = kzalloc(temp_len+1, GFP_KERNEL); @@ -4235,7 +4235,7 @@ cifs_construct_tcon(struct cifs_sb_info reset_cifs_unix_caps(0, tcon, NULL, vol_info); out: kfree(vol_info->username); - kfree(vol_info->password); + kzfree(vol_info->password); kfree(vol_info); return tcon; --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -98,14 +98,11 @@ sesInfoFree(struct cifs_ses *buf_to_free kfree(buf_to_free->serverOS); kfree(buf_to_free->serverDomain); kfree(buf_to_free->serverNOS); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free->user_name); kfree(buf_to_free->domainName); - kfree(buf_to_free->auth_key.response); - kfree(buf_to_free); + kzfree(buf_to_free->auth_key.response); + kzfree(buf_to_free); } struct cifs_tcon * @@ -136,10 +133,7 @@ tconInfoFree(struct cifs_tcon *buf_to_fr } atomic_dec(&tconInfoAllocCount); kfree(buf_to_free->nativeFileSystem); - if (buf_to_free->password) { - memset(buf_to_free->password, 0, strlen(buf_to_free->password)); - kfree(buf_to_free->password); - } + kzfree(buf_to_free->password); kfree(buf_to_free); } Patches currently in stable-queue which might be from aaptel(a)suse.com are queue-4.15/cifs-zero-sensitive-data-when-freeing.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-use-ret-instruction-for-exiting-the-trampoline.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 16:15:59 +0000 Subject: [Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline From: Will Deacon <will.deacon(a)arm.com> Commit be04a6d1126b upstream. Speculation attacks against the entry trampoline can potentially resteer the speculative instruction stream through the indirect branch and into arbitrary gadgets within the kernel. This patch defends against these attacks by forcing a misprediction through the return stack: a dummy BL instruction loads an entry into the stack, so that the predicted program flow of the subsequent RET instruction is to a branch-to-self instruction which is finally resolved as a branch to the kernel vectors with speculation suppressed. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -1029,6 +1029,14 @@ alternative_else_nop_endif .if \regsize == 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif + /* + * Defend against branch aliasing attacks by pushing a dummy + * entry onto the return stack and using a RET instruction to + * enter the full-fat kernel vectors. + */ + bl 2f + b . +2: tramp_map_kernel x30 #ifdef CONFIG_RANDOMIZE_BASE adr x30, tramp_vectors + PAGE_SIZE @@ -1041,7 +1049,7 @@ alternative_insn isb, nop, ARM64_WORKARO msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) isb - br x30 + ret .endm .macro tramp_exit, regsize = 64 Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "cifs: Fix autonegotiate security settings mismatch" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cifs: Fix autonegotiate security settings mismatch to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-fix-autonegotiate-security-settings-mismatch.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9aca7e454415f7878b28524e76bebe1170911a88 Mon Sep 17 00:00:00 2001 From: Daniel N Pettersson <danielnp(a)axis.com> Date: Thu, 11 Jan 2018 16:00:12 +0100 Subject: cifs: Fix autonegotiate security settings mismatch From: Daniel N Pettersson <danielnp(a)axis.com> commit 9aca7e454415f7878b28524e76bebe1170911a88 upstream. Autonegotiation gives a security settings mismatch error if the SMB server selects an SMBv3 dialect that isn't SMB3.02. The exact error is "protocol revalidation - security settings mismatch". This can be tested using Samba v4.2 or by setting the global Samba setting max protocol = SMB3_00. The check that fails in smb3_validate_negotiate is the dialect verification of the negotiate info response. This is because it tries to verify against the protocol_id in the global smbdefault_values. The protocol_id in smbdefault_values is SMB3.02. In SMB2_negotiate the protocol_id in smbdefault_values isn't updated, it is global so it probably shouldn't be, but server->dialect is. This patch changes the check in smb3_validate_negotiate to use server->dialect instead of server->vals->protocol_id. The patch works with autonegotiate and when using a specific version in the vers mount option. Signed-off-by: Daniel N Pettersson <danielnp(a)axis.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/smb2pdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -733,8 +733,7 @@ int smb3_validate_negotiate(const unsign } /* check validate negotiate info response matches what we got earlier */ - if (pneg_rsp->Dialect != - cpu_to_le16(tcon->ses->server->vals->protocol_id)) + if (pneg_rsp->Dialect != cpu_to_le16(tcon->ses->server->dialect)) goto vneg_out; if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode)) Patches currently in stable-queue which might be from danielnp(a)axis.com are queue-4.15/cifs-fix-autonegotiate-security-settings-mismatch.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: Use pointer masking to limit uaccess speculation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: Use pointer masking to limit uaccess speculation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-use-pointer-masking-to-limit-uaccess-speculation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 5 Feb 2018 15:34:19 +0000 Subject: [Variant 1/Spectre-v1] arm64: Use pointer masking to limit uaccess speculation From: Robin Murphy <robin.murphy(a)arm.com> Commit 4d8efc2d5ee4 upstream. Similarly to x86, mitigate speculation past an access_ok() check by masking the pointer against the address limit before use. Even if we don't expect speculative writes per se, it is plausible that a CPU may still speculate at least as far as fetching a cache line for writing, hence we also harden put_user() and clear_user() for peace of mind. Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -216,6 +216,26 @@ static inline void uaccess_enable_not_ua } /* + * Sanitise a uaccess pointer such that it becomes NULL if above the + * current addr_limit. + */ +#define uaccess_mask_ptr(ptr) (__typeof__(ptr))__uaccess_mask_ptr(ptr) +static inline void __user *__uaccess_mask_ptr(const void __user *ptr) +{ + void __user *safe_ptr; + + asm volatile( + " bics xzr, %1, %2\n" + " csel %0, %1, xzr, eq\n" + : "=&r" (safe_ptr) + : "r" (ptr), "r" (current_thread_info()->addr_limit) + : "cc"); + + csdb(); + return safe_ptr; +} + +/* * The "__xxx" versions of the user access functions do not verify the address * space - it must have been done previously with a separate "access_ok()" * call. @@ -285,7 +305,7 @@ do { \ __typeof__(*(ptr)) __user *__p = (ptr); \ might_fault(); \ access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ - __get_user((x), __p) : \ + __p = uaccess_mask_ptr(__p), __get_user((x), __p) : \ ((x) = 0, -EFAULT); \ }) @@ -349,7 +369,7 @@ do { \ __typeof__(*(ptr)) __user *__p = (ptr); \ might_fault(); \ access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ - __put_user((x), __p) : \ + __p = uaccess_mask_ptr(__p), __put_user((x), __p) : \ -EFAULT; \ }) @@ -365,7 +385,7 @@ extern unsigned long __must_check __clea static inline unsigned long __must_check clear_user(void __user *to, unsigned long n) { if (access_ok(VERIFY_WRITE, to, n)) - n = __clear_user(to, n); + n = __clear_user(__uaccess_mask_ptr(to), n); return n; } Patches currently in stable-queue which might be from robin.murphy(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:22 +0000 Subject: [Variant 1/Spectre-v1] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user From: Will Deacon <will.deacon(a)arm.com> Commit 84624087dd7e upstream. access_ok isn't an expensive operation once the addr_limit for the current thread has been loaded into the cache. Given that the initial access_ok check preceding a sequence of __{get,put}_user operations will take the brunt of the miss, we can make the __* variants identical to the full-fat versions, which brings with it the benefits of address masking. The likely cost in these sequences will be from toggling PAN/UAO, which we can address later by implementing the *_unsafe versions. Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 54 +++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 22 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -294,28 +294,33 @@ do { \ (x) = (__force __typeof__(*(ptr)))__gu_val; \ } while (0) -#define __get_user(x, ptr) \ +#define __get_user_check(x, ptr, err) \ ({ \ - int __gu_err = 0; \ - __get_user_err((x), (ptr), __gu_err); \ - __gu_err; \ + __typeof__(*(ptr)) __user *__p = (ptr); \ + might_fault(); \ + if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \ + __p = uaccess_mask_ptr(__p); \ + __get_user_err((x), __p, (err)); \ + } else { \ + (x) = 0; (err) = -EFAULT; \ + } \ }) #define __get_user_error(x, ptr, err) \ ({ \ - __get_user_err((x), (ptr), (err)); \ + __get_user_check((x), (ptr), (err)); \ (void)0; \ }) -#define get_user(x, ptr) \ +#define __get_user(x, ptr) \ ({ \ - __typeof__(*(ptr)) __user *__p = (ptr); \ - might_fault(); \ - access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ - __p = uaccess_mask_ptr(__p), __get_user((x), __p) : \ - ((x) = 0, -EFAULT); \ + int __gu_err = 0; \ + __get_user_check((x), (ptr), __gu_err); \ + __gu_err; \ }) +#define get_user __get_user + #define __put_user_asm(instr, alt_instr, reg, x, addr, err, feature) \ asm volatile( \ "1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \ @@ -358,28 +363,33 @@ do { \ uaccess_disable_not_uao(); \ } while (0) -#define __put_user(x, ptr) \ +#define __put_user_check(x, ptr, err) \ ({ \ - int __pu_err = 0; \ - __put_user_err((x), (ptr), __pu_err); \ - __pu_err; \ + __typeof__(*(ptr)) __user *__p = (ptr); \ + might_fault(); \ + if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \ + __p = uaccess_mask_ptr(__p); \ + __put_user_err((x), __p, (err)); \ + } else { \ + (err) = -EFAULT; \ + } \ }) #define __put_user_error(x, ptr, err) \ ({ \ - __put_user_err((x), (ptr), (err)); \ + __put_user_check((x), (ptr), (err)); \ (void)0; \ }) -#define put_user(x, ptr) \ +#define __put_user(x, ptr) \ ({ \ - __typeof__(*(ptr)) __user *__p = (ptr); \ - might_fault(); \ - access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ - __p = uaccess_mask_ptr(__p), __put_user((x), __p) : \ - -EFAULT; \ + int __pu_err = 0; \ + __put_user_check((x), (ptr), __pu_err); \ + __pu_err; \ }) +#define put_user __put_user + extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n); #define raw_copy_from_user __arch_copy_from_user extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:23 +0000 Subject: [Variant 1/Spectre-v1] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user From: Will Deacon <will.deacon(a)arm.com> Commit f71c2ffcb20d upstream. Like we've done for get_user and put_user, ensure that user pointers are masked before invoking the underlying __arch_{clear,copy_*}_user operations. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 29 ++++++++++++++++++++++------- arch/arm64/kernel/arm64ksyms.c | 4 ++-- arch/arm64/lib/clear_user.S | 6 +++--- arch/arm64/lib/copy_in_user.S | 5 +++-- 4 files changed, 30 insertions(+), 14 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -391,20 +391,35 @@ do { \ #define put_user __put_user extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n); -#define raw_copy_from_user __arch_copy_from_user +#define raw_copy_from_user(to, from, n) \ +({ \ + __arch_copy_from_user((to), __uaccess_mask_ptr(from), (n)); \ +}) + extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n); -#define raw_copy_to_user __arch_copy_to_user -extern unsigned long __must_check raw_copy_in_user(void __user *to, const void __user *from, unsigned long n); -extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); +#define raw_copy_to_user(to, from, n) \ +({ \ + __arch_copy_to_user(__uaccess_mask_ptr(to), (from), (n)); \ +}) + +extern unsigned long __must_check __arch_copy_in_user(void __user *to, const void __user *from, unsigned long n); +#define raw_copy_in_user(to, from, n) \ +({ \ + __arch_copy_in_user(__uaccess_mask_ptr(to), \ + __uaccess_mask_ptr(from), (n)); \ +}) + #define INLINE_COPY_TO_USER #define INLINE_COPY_FROM_USER -static inline unsigned long __must_check clear_user(void __user *to, unsigned long n) +extern unsigned long __must_check __arch_clear_user(void __user *to, unsigned long n); +static inline unsigned long __must_check __clear_user(void __user *to, unsigned long n) { if (access_ok(VERIFY_WRITE, to, n)) - n = __clear_user(__uaccess_mask_ptr(to), n); + n = __arch_clear_user(__uaccess_mask_ptr(to), n); return n; } +#define clear_user __clear_user extern long strncpy_from_user(char *dest, const char __user *src, long count); @@ -418,7 +433,7 @@ extern unsigned long __must_check __copy static inline int __copy_from_user_flushcache(void *dst, const void __user *src, unsigned size) { kasan_check_write(dst, size); - return __copy_user_flushcache(dst, src, size); + return __copy_user_flushcache(dst, __uaccess_mask_ptr(src), size); } #endif --- a/arch/arm64/kernel/arm64ksyms.c +++ b/arch/arm64/kernel/arm64ksyms.c @@ -37,8 +37,8 @@ EXPORT_SYMBOL(clear_page); /* user mem (segment) */ EXPORT_SYMBOL(__arch_copy_from_user); EXPORT_SYMBOL(__arch_copy_to_user); -EXPORT_SYMBOL(__clear_user); -EXPORT_SYMBOL(raw_copy_in_user); +EXPORT_SYMBOL(__arch_clear_user); +EXPORT_SYMBOL(__arch_copy_in_user); /* physical memory */ EXPORT_SYMBOL(memstart_addr); --- a/arch/arm64/lib/clear_user.S +++ b/arch/arm64/lib/clear_user.S @@ -21,7 +21,7 @@ .text -/* Prototype: int __clear_user(void *addr, size_t sz) +/* Prototype: int __arch_clear_user(void *addr, size_t sz) * Purpose : clear some user memory * Params : addr - user memory address to clear * : sz - number of bytes to clear @@ -29,7 +29,7 @@ * * Alignment fixed up by hardware. */ -ENTRY(__clear_user) +ENTRY(__arch_clear_user) uaccess_enable_not_uao x2, x3, x4 mov x2, x1 // save the size for fixup return subs x1, x1, #8 @@ -52,7 +52,7 @@ uao_user_alternative 9f, strb, sttrb, wz 5: mov x0, #0 uaccess_disable_not_uao x2, x3 ret -ENDPROC(__clear_user) +ENDPROC(__arch_clear_user) .section .fixup,"ax" .align 2 --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -64,14 +64,15 @@ .endm end .req x5 -ENTRY(raw_copy_in_user) + +ENTRY(__arch_copy_in_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 #include "copy_template.S" uaccess_disable_not_uao x3, x4 mov x0, #0 ret -ENDPROC(raw_copy_in_user) +ENDPROC(__arch_copy_in_user) .section .fixup,"ax" .align 2 Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 5 Feb 2018 15:34:21 +0000 Subject: [Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit From: Will Deacon <will.deacon(a)arm.com> Commit c2f0ad4fc089 upstream. A mispredicted conditional call to set_fs could result in the wrong addr_limit being forwarded under speculation to a subsequent access_ok check, potentially forming part of a spectre-v1 attack using uaccess routines. This patch prevents this forwarding from taking place, but putting heavy barriers in set_fs after writing the addr_limit. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/uaccess.h | 7 +++++++ 1 file changed, 7 insertions(+) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -42,6 +42,13 @@ static inline void set_fs(mm_segment_t f { current_thread_info()->addr_limit = fs; + /* + * Prevent a mispredicted conditional call to set_fs from forwarding + * the wrong address limit to access_ok under speculation. + */ + dsb(nsh); + isb(); + /* On user-mode return, check fs is correct */ set_thread_flag(TIF_FSCHECK); Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Turn on KPTI only on CPUs that need it" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Turn on KPTI only on CPUs that need it to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-turn-on-kpti-only-on-cpus-that-need-it.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Fri, 19 Jan 2018 04:22:48 -0800 Subject: [Variant 3/Meltdown] arm64: Turn on KPTI only on CPUs that need it From: Jayachandran C <jnair(a)caviumnetworks.com> Commit 0ba2e29c7fc1 upstream. Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in unmap_kernel_at_el0(). These CPUs are not vulnerable to CVE-2017-5754 and do not need KPTI when KASLR is off. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const st if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; + /* Don't force KPTI for CPUs that are not vulnerable */ + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { + case MIDR_CAVIUM_THUNDERX2: + case MIDR_BRCM_VULCAN: + return false; + } + /* Defer to CPU feature registers */ return !cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV3_SHIFT); Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:33:28 +0000 Subject: [Variant 3/Meltdown] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks From: Will Deacon <will.deacon(a)arm.com> Commit 18011eac28c7 upstream. When unmapping the kernel at EL0, we use tpidrro_el0 as a scratch register during exception entry from native tasks and subsequently zero it in the kernel_ventry macro. We can therefore avoid zeroing tpidrro_el0 in the context-switch path for native tasks using the entry trampoline. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/process.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -370,16 +370,14 @@ void tls_preserve_current_state(void) static void tls_thread_switch(struct task_struct *next) { - unsigned long tpidr, tpidrro; - tls_preserve_current_state(); - tpidr = *task_user_tls(next); - tpidrro = is_compat_thread(task_thread_info(next)) ? - next->thread.tp_value : 0; + if (is_compat_thread(task_thread_info(next))) + write_sysreg(next->thread.tp_value, tpidrro_el0); + else if (!arm64_kernel_unmapped_at_el0()) + write_sysreg(0, tpidrro_el0); - write_sysreg(tpidr, tpidr_el0); - write_sysreg(tpidrro, tpidrro_el0); + write_sysreg(*task_user_tls(next), tpidr_el0); } /* Restore the UAO state depending on next's addr_limit */ Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: Take into account ID_AA64PFR0_EL1.CSV3" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Take into account ID_AA64PFR0_EL1.CSV3 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-take-into-account-id_aa64pfr0_el1.csv3.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Mon, 27 Nov 2017 18:29:30 +0000 Subject: [Variant 3/Meltdown] arm64: Take into account ID_AA64PFR0_EL1.CSV3 From: Will Deacon <will.deacon(a)arm.com> Commit 179a56f6f9fb upstream. For non-KASLR kernels where the KPTI behaviour has not been overridden on the command line we can use ID_AA64PFR0_EL1.CSV3 to determine whether or not we should unmap the kernel whilst running at EL0. Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/kernel/cpufeature.c Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -437,6 +437,7 @@ #define ID_AA64ISAR1_DPB_SHIFT 0 /* id_aa64pfr0 */ +#define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_SVE_SHIFT 32 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -145,6 +145,7 @@ static const struct arm64_ftr_bits ftr_i }; static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_GIC_SHIFT, 4, 0), @@ -852,6 +853,8 @@ static int __kpti_forced; /* 0: not forc static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); + /* Forced on command line? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by command line option\n", @@ -863,7 +866,9 @@ static bool unmap_kernel_at_el0(const st if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - return false; + /* Defer to CPU feature registers */ + return !cpuid_feature_extract_unsigned_field(pfr0, + ID_AA64PFR0_CSV3_SHIFT); } static int __init parse_kpti(char *str) @@ -968,6 +973,7 @@ static const struct arm64_cpu_capabiliti }, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 { + .desc = "Kernel page table isolation (KPTI)", .capability = ARM64_UNMAP_KERNEL_AT_EL0, .def_scope = SCOPE_SYSTEM, .matches = unmap_kernel_at_el0, Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Run enable method for errata work arounds on late CPUs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Run enable method for errata work arounds on late CPUs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 17 Jan 2018 17:42:20 +0000 Subject: [Variant 2/Spectre-v2] arm64: Run enable method for errata work arounds on late CPUs From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Commit 55b35d070c25 upstream. When a CPU is brought up after we have finalised the system wide capabilities (i.e, features and errata), we make sure the new CPU doesn't need a new errata work around which has not been detected already. However we don't run enable() method on the new CPU for the errata work arounds already detected. This could cause the new CPU running without potential work arounds. It is upto the "enable()" method to decide if this CPU should do something about the errata. Fixes: commit 6a6efbb45b7d95c84 ("arm64: Verify CPU errata work arounds on hotplugged CPU") Cc: Will Deacon <will.deacon(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Andre Przywara <andre.przywara(a)arm.com> Cc: Dave Martin <dave.martin(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu_errata.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -221,15 +221,18 @@ void verify_local_cpu_errata_workarounds { const struct arm64_cpu_capabilities *caps = arm64_errata; - for (; caps->matches; caps++) - if (!cpus_have_cap(caps->capability) && - caps->matches(caps, SCOPE_LOCAL_CPU)) { + for (; caps->matches; caps++) { + if (cpus_have_cap(caps->capability)) { + if (caps->enable) + caps->enable((void *)caps); + } else if (caps->matches(caps, SCOPE_LOCAL_CPU)) { pr_crit("CPU%d: Requires work around for %s, not detected" " at boot time\n", smp_processor_id(), caps->desc ? : "an erratum"); cpu_die_early(); } + } } void update_cpu_errata_workarounds(void) Patches currently in stable-queue which might be from suzuki.poulose(a)arm.com are queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Move BP hardening to check_and_switch_context" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Move BP hardening to check_and_switch_context to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-move-bp-hardening-to-check_and_switch_context.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Fri, 19 Jan 2018 15:42:09 +0000 Subject: [Variant 2/Spectre-v2] arm64: Move BP hardening to check_and_switch_context From: Marc Zyngier <marc.zyngier(a)arm.com> Commit a8e4c0a919ae upstream. We call arm64_apply_bp_hardening() from post_ttbr_update_workaround, which has the unexpected consequence of being triggered on every exception return to userspace when ARM64_SW_TTBR0_PAN is selected, even if no context switch actually occured. This is a bit suboptimal, and it would be more logical to only invalidate the branch predictor when we actually switch to a different mm. In order to solve this, move the call to arm64_apply_bp_hardening() into check_and_switch_context(), where we're guaranteed to pick a different mm context. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/mm/context.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -231,6 +231,9 @@ void check_and_switch_context(struct mm_ raw_spin_unlock_irqrestore(&cpu_asid_lock, flags); switch_mm_fastpath: + + arm64_apply_bp_hardening(); + /* * Defer TTBR0_EL1 setting for user threads to uaccess_enable() when * emulating PAN. @@ -246,8 +249,6 @@ asmlinkage void post_ttbr_update_workaro "ic iallu; dsb nsh; isb", ARM64_WORKAROUND_CAVIUM_27456, CONFIG_CAVIUM_ERRATUM_27456)); - - arm64_apply_bp_hardening(); } static int asids_init(void) Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Move post_ttbr_update_workaround to C code" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Move post_ttbr_update_workaround to C code to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-move-post_ttbr_update_workaround-to-c-code.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 2 Jan 2018 18:19:39 +0000 Subject: [Variant 2/Spectre-v2] arm64: Move post_ttbr_update_workaround to C code From: Marc Zyngier <marc.zyngier(a)arm.com> Commit 95e3de3590e3 upstream. We will soon need to invoke a CPU-specific function pointer after changing page tables, so move post_ttbr_update_workaround out into C code to make this possible. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Conflicts: arch/arm64/include/asm/assembler.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 13 ------------- arch/arm64/kernel/entry.S | 2 +- arch/arm64/mm/context.c | 9 +++++++++ arch/arm64/mm/proc.S | 3 +-- 4 files changed, 11 insertions(+), 16 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -494,19 +494,6 @@ alternative_endif mrs \rd, sp_el0 .endm -/* - * Errata workaround post TTBRx_EL1 update. - */ - .macro post_ttbr_update_workaround -#ifdef CONFIG_CAVIUM_ERRATUM_27456 -alternative_if ARM64_WORKAROUND_CAVIUM_27456 - ic iallu - dsb nsh - isb -alternative_else_nop_endif -#endif - .endm - .macro pte_to_phys, phys, pte and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) .endm --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -277,7 +277,7 @@ alternative_else_nop_endif * Cavium erratum 27456 (broadcast TLBI instructions may cause I-cache * corruption). */ - post_ttbr_update_workaround + bl post_ttbr_update_workaround .endif 1: .if \el != 0 --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -239,6 +239,15 @@ switch_mm_fastpath: cpu_switch_mm(mm->pgd, mm); } +/* Errata workaround post TTBRx_EL1 update. */ +asmlinkage void post_ttbr_update_workaround(void) +{ + asm(ALTERNATIVE("nop; nop; nop", + "ic iallu; dsb nsh; isb", + ARM64_WORKAROUND_CAVIUM_27456, + CONFIG_CAVIUM_ERRATUM_27456)); +} + static int asids_init(void) { asid_bits = get_cpu_asid_bits(); --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -148,8 +148,7 @@ ENTRY(cpu_do_switch_mm) isb msr ttbr0_el1, x0 // now update TTBR0 isb - post_ttbr_update_workaround - ret + b post_ttbr_update_workaround // Back to C code... ENDPROC(cpu_do_switch_mm) .pushsection ".idmap.text", "awx" Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Use non-global mappings for kernel space" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Use non-global mappings for kernel space to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-use-non-global-mappings-for-kernel-space.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 12:56:18 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Use non-global mappings for kernel space From: Will Deacon <will.deacon(a)arm.com> Commit e046eb0c9bf2 upstream. In preparation for unmapping the kernel whilst running in userspace, make the kernel mappings non-global so we can avoid expensive TLB invalidation on kernel exit to userspace. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/kernel-pgtable.h | 12 ++++++++++-- arch/arm64/include/asm/pgtable-prot.h | 21 +++++++++++++++------ 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h index 7803343e5881..77a27af01371 100644 --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -78,8 +78,16 @@ /* * Initial memory map attributes. */ -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) +#define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) +#else +#define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS +#define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS +#endif #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 0a5635fb0ef9..22a926825e3f 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -34,8 +34,16 @@ #include <asm/pgtable-types.h> -#define PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_NG) +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_SECT_NG) +#else +#define PROT_DEFAULT _PROT_DEFAULT +#define PROT_SECT_DEFAULT _PROT_SECT_DEFAULT +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) @@ -48,6 +56,7 @@ #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) #define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) +#define _HYP_PAGE_DEFAULT (_PAGE_DEFAULT & ~PTE_NG) #define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE) #define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY) @@ -55,15 +64,15 @@ #define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE) #define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT) -#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) -#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) -#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) +#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) +#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) +#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) #define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) #define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) -#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_PXN | PTE_UXN) +#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) #define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE) #define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) -- 2.16.1 Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Rename post_ttbr0_update_workaround" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Rename post_ttbr0_update_workaround to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-rename-post_ttbr0_update_workaround.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:34:30 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Rename post_ttbr0_update_workaround From: Will Deacon <will.deacon(a)arm.com> Commit 158d495899ce upstream. The post_ttbr0_update_workaround hook applies to any change to TTBRx_EL1. Since we're using TTBR1 for the ASID, rename the hook to make it clearer as to what it's doing. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/assembler.h | 5 ++--- arch/arm64/kernel/entry.S | 2 +- arch/arm64/mm/proc.S | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -477,10 +477,9 @@ alternative_endif .endm /* -/* - * Errata workaround post TTBR0_EL1 update. + * Errata workaround post TTBRx_EL1 update. */ - .macro post_ttbr0_update_workaround + .macro post_ttbr_update_workaround #ifdef CONFIG_CAVIUM_ERRATUM_27456 alternative_if ARM64_WORKAROUND_CAVIUM_27456 ic iallu --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -257,7 +257,7 @@ alternative_else_nop_endif * Cavium erratum 27456 (broadcast TLBI instructions may cause I-cache * corruption). */ - post_ttbr0_update_workaround + post_ttbr_update_workaround .endif 1: .if \el != 0 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -145,7 +145,7 @@ ENTRY(cpu_do_switch_mm) isb msr ttbr0_el1, x0 // now update TTBR0 isb - post_ttbr0_update_workaround + post_ttbr_update_workaround ret ENDPROC(cpu_do_switch_mm) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Thu, 10 Aug 2017 13:04:48 +0100 Subject: [Variant 3/Meltdown] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN From: Will Deacon <will.deacon(a)arm.com> Commit 376133b7edc2 upstream. We're about to rework the way ASIDs are allocated, switch_mm is implemented and low-level kernel entry/exit is handled, so keep the ARM64_SW_TTBR0_PAN code out of the way whilst we do the heavy lifting. It will be re-enabled in a subsequent patch. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -920,6 +920,7 @@ endif config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" + depends on BROKEN # Temporary while switch_mm is reworked help Enabling this option prevents the kernel from accessing user-space memory directly by pointing TTBR0_EL1 to a reserved Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror