- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [PATCH v5] RFT: mmc: sdhci: Implement an SDHCI-specific bounce buffer

by Linus Walleij

The bounce buffer is gone from the MMC core, and now we found out that there are some (crippled) i.MX boards out there that have broken ADMA (cannot do scatter-gather), and broken PIO so they must use SDMA. Closer examination shows a less significant slowdown also on SDMA-only capable Laptop hosts. SDMA sets down the number of segments to one, so that each segment gets turned into a singular request that ping-pongs to the block layer before the next request/segment is issued. Apparently it happens a lot that the block layer send requests that include a lot of physically discontigous segments. My guess is that this phenomenon is coming from the file system. These devices that cannot handle scatterlists in hardware can see major benefits from a DMA-contigous bounce buffer. This patch accumulates those fragmented scatterlists in a physically contigous bounce buffer so that we can issue bigger DMA data chunks to/from the card. When tested with thise PCI-integrated host (1217:8221) that only supports SDMA: 0b:00.0 SD Host controller: O2 Micro, Inc. OZ600FJ0/OZ900FJ0/OZ600FJS SD/MMC Card Reader Controller (rev 05) This patch gave ~1Mbyte/s improved throughput on large reads and writes when testing using iozone than without the patch. On the i.MX SDHCI controllers on the crippled i.MX 25 and i.MX 35 the patch restores the performance to what it was before we removed the bounce buffers, and then some: performance is better than ever because we now allocate a bounce buffer the size of the maximum single request the SDMA engine can handle. On the PCI laptop this is 256K, whereas with the old bounce buffer code it was 64K max. Cc: Benjamin Beckmeyer <beckmeyer.b(a)rittal.de> Cc: Pierre Ossman <pierre(a)ossman.eu> Cc: Benoît Thébaudeau <benoit(a)wsystem.com> Cc: Fabio Estevam <fabio.estevam(a)nxp.com> Cc: stable(a)vger.kernel.org Fixes: de3ee99b097d ("mmc: Delete bounce buffer handling") Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- ChangeLog v4->v5: - Go back to dma_alloc_coherent() as this apparently works better. - Keep the other changes, cap for 64KB, fall back to single segments. - Requesting a test of this on i.MX. (Sorry Benjamin.) ChangeLog v3->v4: - Cap the bounce buffer to 64KB instead of the biggest segment as we experience diminishing returns with buffers > 64KB. - Instead of using dma_alloc_coherent(), use good old devm_kmalloc() and issue dma_sync_single_for*() to explicitly switch ownership between CPU and the device. This way we exercise the cache better and may consume less CPU. - Bail out with single segments if we cannot allocate a bounce buffer. - Tested on the PCI SDHCI on my laptop: requesting a new test on i.MX from Benjamin. (Please!) ChangeLog v2->v3: - Rewrite the commit message a bit - Add Benjamin's Tested-by - Add Fixes and stable tags ChangeLog v1->v2: - Skip the remapping and fiddling with the buffer, instead use dma_alloc_coherent() and use a simple, coherent bounce buffer. - Couple kernel messages to ->parent of the mmc_host as it relates to the hardware characteristics. --- drivers/mmc/host/sdhci.c | 105 +++++++++++++++++++++++++++++++++++++++++++---- drivers/mmc/host/sdhci.h | 3 ++ 2 files changed, 100 insertions(+), 8 deletions(-) diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c index e9290a3439d5..4e594d5e3185 100644 --- a/drivers/mmc/host/sdhci.c +++ b/drivers/mmc/host/sdhci.c @@ -19,6 +19,7 @@ #include <linux/io.h> #include <linux/module.h> #include <linux/dma-mapping.h> +#include <linux/sizes.h> #include <linux/slab.h> #include <linux/scatterlist.h> #include <linux/swiotlb.h> @@ -502,8 +503,22 @@ static int sdhci_pre_dma_transfer(struct sdhci_host *host, if (data->host_cookie == COOKIE_PRE_MAPPED) return data->sg_count; - sg_count = dma_map_sg(mmc_dev(host->mmc), data->sg, data->sg_len, - mmc_get_dma_dir(data)); + /* Bounce write requests to the bounce buffer */ + if (host->bounce_buffer) { + if (mmc_get_dma_dir(data) == DMA_TO_DEVICE) { + /* Copy the data to the bounce buffer */ + sg_copy_to_buffer(data->sg, data->sg_len, + host->bounce_buffer, + host->bounce_buffer_size); + } + /* Just a dummy value */ + sg_count = 1; + } else { + /* Just access the data directly from memory */ + sg_count = dma_map_sg(mmc_dev(host->mmc), data->sg, + data->sg_len, + mmc_get_dma_dir(data)); + } if (sg_count == 0) return -ENOSPC; @@ -858,8 +873,13 @@ static void sdhci_prepare_data(struct sdhci_host *host, struct mmc_command *cmd) SDHCI_ADMA_ADDRESS_HI); } else { WARN_ON(sg_cnt != 1); - sdhci_writel(host, sg_dma_address(data->sg), - SDHCI_DMA_ADDRESS); + /* Bounce buffer goes to work */ + if (host->bounce_buffer) + sdhci_writel(host, host->bounce_addr, + SDHCI_DMA_ADDRESS); + else + sdhci_writel(host, sg_dma_address(data->sg), + SDHCI_DMA_ADDRESS); } } @@ -2248,7 +2268,12 @@ static void sdhci_pre_req(struct mmc_host *mmc, struct mmc_request *mrq) mrq->data->host_cookie = COOKIE_UNMAPPED; - if (host->flags & SDHCI_REQ_USE_DMA) + /* + * No pre-mapping in the pre hook if we're using the bounce buffer, + * for that we would need two bounce buffers since one buffer is + * in flight when this is getting called. + */ + if (host->flags & SDHCI_REQ_USE_DMA && !host->bounce_buffer) sdhci_pre_dma_transfer(host, mrq->data, COOKIE_PRE_MAPPED); } @@ -2352,8 +2377,23 @@ static bool sdhci_request_done(struct sdhci_host *host) struct mmc_data *data = mrq->data; if (data && data->host_cookie == COOKIE_MAPPED) { - dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, - mmc_get_dma_dir(data)); + if (host->bounce_buffer) { + /* + * On reads, copy the bounced data into the + * sglist + */ + if (mmc_get_dma_dir(data) == DMA_FROM_DEVICE) { + sg_copy_from_buffer(data->sg, + data->sg_len, + host->bounce_buffer, + host->bounce_buffer_size); + } + } else { + /* Unmap the raw data */ + dma_unmap_sg(mmc_dev(host->mmc), data->sg, + data->sg_len, + mmc_get_dma_dir(data)); + } data->host_cookie = COOKIE_UNMAPPED; } } @@ -2636,7 +2676,12 @@ static void sdhci_data_irq(struct sdhci_host *host, u32 intmask) */ if (intmask & SDHCI_INT_DMA_END) { u32 dmastart, dmanow; - dmastart = sg_dma_address(host->data->sg); + + if (host->bounce_buffer) + dmastart = host->bounce_addr; + else + dmastart = sg_dma_address(host->data->sg); + dmanow = dmastart + host->data->bytes_xfered; /* * Force update to the next DMA block boundary. @@ -3713,6 +3758,47 @@ int sdhci_setup_host(struct sdhci_host *host) */ mmc->max_blk_count = (host->quirks & SDHCI_QUIRK_NO_MULTIBLOCK) ? 1 : 65535; + if (mmc->max_segs == 1) { + unsigned int max_blocks; + unsigned int max_seg_size; + + max_seg_size = SZ_64K; + if (mmc->max_req_size < max_seg_size) + max_seg_size = mmc->max_req_size; + max_blocks = max_seg_size / 512; + dev_info(mmc->parent, + "host only supports SDMA, activate bounce buffer\n"); + + /* + * When we just support one segment, we can get significant + * speedup by the help of a bounce buffer to group scattered + * reads/writes together. + */ + host->bounce_buffer = dma_alloc_coherent(mmc->parent, + max_seg_size, + &host->bounce_addr, + GFP_KERNEL); + if (!host->bounce_buffer) { + dev_err(mmc->parent, + "failed to allocate %u bytes for bounce buffer, falling back to single segments\n", + max_seg_size); + /* + * Exiting with zero here makes sure we proceed with + * mmc->max_segs == 1. + */ + return 0; + } + host->bounce_buffer_size = max_seg_size; + + /* Lie about this since we're bouncing */ + mmc->max_segs = max_blocks; + mmc->max_seg_size = max_seg_size; + + dev_info(mmc->parent, + "bounce buffer: bounce up to %u segments into one, max segment size %u bytes\n", + max_blocks, max_seg_size); + } + return 0; unreg: @@ -3743,6 +3829,9 @@ void sdhci_cleanup_host(struct sdhci_host *host) host->align_addr); host->adma_table = NULL; host->align_buffer = NULL; + if (host->bounce_buffer) + dma_free_coherent(mmc->parent, host->bounce_buffer_size, + host->bounce_buffer, host->bounce_addr); } EXPORT_SYMBOL_GPL(sdhci_cleanup_host); diff --git a/drivers/mmc/host/sdhci.h b/drivers/mmc/host/sdhci.h index 54bc444c317f..865e09618d22 100644 --- a/drivers/mmc/host/sdhci.h +++ b/drivers/mmc/host/sdhci.h @@ -440,6 +440,9 @@ struct sdhci_host { int irq; /* Device IRQ */ void __iomem *ioaddr; /* Mapped address */ + char *bounce_buffer; /* For packing SDMA reads/writes */ + dma_addr_t bounce_addr; + size_t bounce_buffer_size; const struct sdhci_ops *ops; /* Low level hw interface */ -- 2.14.3

7 years, 9 months

3
5
0 0

[Linux-stable-mirror] [PATCH 2/3] tracing: make sure the parsed string always terminates with '\0'

by changbin.du＠intel.com

From: Changbin Du <changbin.du(a)intel.com> The parser parse every string into parser.buffer. And some of the callers assume that parser.buffer contains a C string. So it is dangerous that the parser returns a unterminated string. The userspace can leverage this to attack the kernel. Signed-off-by: Changbin Du <changbin.du(a)intel.com> Cc: stable(a)vger.kernel.org --- kernel/trace/trace.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 18526a1..e1baca0 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -530,8 +530,6 @@ int trace_pid_write(struct trace_pid_list *filtered_pids, ubuf += ret; cnt -= ret; - parser.buffer[parser.idx] = 0; - ret = -EINVAL; if (kstrtoul(parser.buffer, 0, &val)) break; @@ -1253,7 +1251,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, /* read the non-space input */ while (cnt && !is_space_or_zero(ch)) { - if (parser->idx < parser->size - 1) + if (parser->idx < parser->size - 2) parser->buffer[parser->idx++] = ch; else { ret = -EINVAL; @@ -1270,9 +1268,11 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, if (is_space_or_zero(ch)) { parser->buffer[parser->idx] = 0; parser->cont = false; - } else if (parser->idx < parser->size - 1) { + } else if (parser->idx < parser->size - 2) { parser->cont = true; parser->buffer[parser->idx++] = ch; + /* Make sure the parsed string always terminates with '\0'. */ + parser->buffer[parser->idx] = 0; } else { ret = -EINVAL; goto out; -- 2.7.4

7 years, 9 months

3
4
0 0

[Linux-stable-mirror] Patch "x86/spectre: Add boot time option to select Spectre v2 mitigation" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/spectre: Add boot time option to select Spectre v2 mitigation to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From da285121560e769cc31797bba6422eea71d473e0 Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:26 +0000 Subject: x86/spectre: Add boot time option to select Spectre v2 mitigation From: David Woodhouse <dwmw(a)amazon.co.uk> commit da285121560e769cc31797bba6422eea71d473e0 upstream. Add a spectre_v2= option to select the mitigation used for the indirect branch speculation vulnerability. Currently, the only option available is retpoline, in its various forms. This will be expanded to cover the new IBRS/IBPB microcode features. The RETPOLINE_AMD feature relies on a serializing LFENCE for speculation control. For AMD hardware, only set RETPOLINE_AMD if LFENCE is a serializing instruction, which is indicated by the LFENCE_RDTSC feature. [ tglx: Folded back the LFENCE/AMD fixes and reworked it so IBRS integration becomes simple ] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-5-git-send-email-dwmw@amazon.co.… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/kernel-parameters.txt | 28 ++++++ arch/x86/include/asm/nospec-branch.h | 10 ++ arch/x86/kernel/cpu/bugs.c | 158 ++++++++++++++++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 4 4 files changed, 195 insertions(+), 5 deletions(-) --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2691,6 +2691,11 @@ bytes respectively. Such letter suffixes nosmt [KNL,S390] Disable symmetric multithreading (SMT). Equivalent to smt=1. + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 + (indirect branch prediction) vulnerability. System may + allow data leaks with this option, which is equivalent + to spectre_v2=off. + noxsave [BUGS=X86] Disables x86 extended register state save and restore using xsave. The kernel will fallback to enabling legacy floating-point and sse state. @@ -3944,6 +3949,29 @@ bytes respectively. Such letter suffixes sonypi.*= [HW] Sony Programmable I/O Control Device driver See Documentation/laptops/sonypi.txt + spectre_v2= [X86] Control mitigation of Spectre variant 2 + (indirect branch speculation) vulnerability. + + on - unconditionally enable + off - unconditionally disable + auto - kernel detects whether your CPU model is + vulnerable + + Selecting 'on' will, and 'auto' may, choose a + mitigation method at run time according to the + CPU, the available microcode, the setting of the + CONFIG_RETPOLINE configuration option, and the + compiler with which the kernel was built. + + Specific mitigations can also be selected manually: + + retpoline - replace indirect branches + retpoline,generic - google's original retpoline + retpoline,amd - AMD-specific minimal thunk + + Not specifying this option is equivalent to + spectre_v2=auto. + spia_io_base= [HW,MTD] spia_fio_base= spia_pedr= --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -124,5 +124,15 @@ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) #endif +/* The Spectre V2 mitigation variants */ +enum spectre_v2_mitigation { + SPECTRE_V2_NONE, + SPECTRE_V2_RETPOLINE_MINIMAL, + SPECTRE_V2_RETPOLINE_MINIMAL_AMD, + SPECTRE_V2_RETPOLINE_GENERIC, + SPECTRE_V2_RETPOLINE_AMD, + SPECTRE_V2_IBRS, +}; + #endif /* __ASSEMBLY__ */ #endif /* __NOSPEC_BRANCH_H__ */ --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -10,6 +10,9 @@ #include <linux/init.h> #include <linux/utsname.h> #include <linux/cpu.h> + +#include <asm/nospec-branch.h> +#include <asm/cmdline.h> #include <asm/bugs.h> #include <asm/processor.h> #include <asm/processor-flags.h> @@ -20,6 +23,8 @@ #include <asm/pgtable.h> #include <asm/cacheflush.h> +static void __init spectre_v2_select_mitigation(void); + void __init check_bugs(void) { identify_boot_cpu(); @@ -29,6 +34,9 @@ void __init check_bugs(void) print_cpu_info(&boot_cpu_data); } + /* Select the proper spectre mitigation before patching alternatives */ + spectre_v2_select_mitigation(); + #ifdef CONFIG_X86_32 /* * Check whether we are able to run this kernel safely on SMP. @@ -61,6 +69,153 @@ void __init check_bugs(void) #endif } +/* The kernel command line selection */ +enum spectre_v2_mitigation_cmd { + SPECTRE_V2_CMD_NONE, + SPECTRE_V2_CMD_AUTO, + SPECTRE_V2_CMD_FORCE, + SPECTRE_V2_CMD_RETPOLINE, + SPECTRE_V2_CMD_RETPOLINE_GENERIC, + SPECTRE_V2_CMD_RETPOLINE_AMD, +}; + +static const char *spectre_v2_strings[] = { + [SPECTRE_V2_NONE] = "Vulnerable", + [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", + [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", + [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", + [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", +}; + +#undef pr_fmt +#define pr_fmt(fmt) "Spectre V2 mitigation: " fmt + +static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; + +static void __init spec2_print_if_insecure(const char *reason) +{ + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) + pr_info("%s\n", reason); +} + +static void __init spec2_print_if_secure(const char *reason) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) + pr_info("%s\n", reason); +} + +static inline bool retp_compiler(void) +{ + return __is_defined(RETPOLINE); +} + +static inline bool match_option(const char *arg, int arglen, const char *opt) +{ + int len = strlen(opt); + + return len == arglen && !strncmp(arg, opt, len); +} + +static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) +{ + char arg[20]; + int ret; + + ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, + sizeof(arg)); + if (ret > 0) { + if (match_option(arg, ret, "off")) { + goto disable; + } else if (match_option(arg, ret, "on")) { + spec2_print_if_secure("force enabled on command line."); + return SPECTRE_V2_CMD_FORCE; + } else if (match_option(arg, ret, "retpoline")) { + spec2_print_if_insecure("retpoline selected on command line."); + return SPECTRE_V2_CMD_RETPOLINE; + } else if (match_option(arg, ret, "retpoline,amd")) { + if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) { + pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); + return SPECTRE_V2_CMD_AUTO; + } + spec2_print_if_insecure("AMD retpoline selected on command line."); + return SPECTRE_V2_CMD_RETPOLINE_AMD; + } else if (match_option(arg, ret, "retpoline,generic")) { + spec2_print_if_insecure("generic retpoline selected on command line."); + return SPECTRE_V2_CMD_RETPOLINE_GENERIC; + } else if (match_option(arg, ret, "auto")) { + return SPECTRE_V2_CMD_AUTO; + } + } + + if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2")) + return SPECTRE_V2_CMD_AUTO; +disable: + spec2_print_if_insecure("disabled on command line."); + return SPECTRE_V2_CMD_NONE; +} + +static void __init spectre_v2_select_mitigation(void) +{ + enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); + enum spectre_v2_mitigation mode = SPECTRE_V2_NONE; + + /* + * If the CPU is not affected and the command line mode is NONE or AUTO + * then nothing to do. + */ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && + (cmd == SPECTRE_V2_CMD_NONE || cmd == SPECTRE_V2_CMD_AUTO)) + return; + + switch (cmd) { + case SPECTRE_V2_CMD_NONE: + return; + + case SPECTRE_V2_CMD_FORCE: + /* FALLTRHU */ + case SPECTRE_V2_CMD_AUTO: + goto retpoline_auto; + + case SPECTRE_V2_CMD_RETPOLINE_AMD: + if (IS_ENABLED(CONFIG_RETPOLINE)) + goto retpoline_amd; + break; + case SPECTRE_V2_CMD_RETPOLINE_GENERIC: + if (IS_ENABLED(CONFIG_RETPOLINE)) + goto retpoline_generic; + break; + case SPECTRE_V2_CMD_RETPOLINE: + if (IS_ENABLED(CONFIG_RETPOLINE)) + goto retpoline_auto; + break; + } + pr_err("kernel not compiled with retpoline; no mitigation available!"); + return; + +retpoline_auto: + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { + retpoline_amd: + if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { + pr_err("LFENCE not serializing. Switching to generic retpoline\n"); + goto retpoline_generic; + } + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : + SPECTRE_V2_RETPOLINE_MINIMAL_AMD; + setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); + } else { + retpoline_generic: + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : + SPECTRE_V2_RETPOLINE_MINIMAL; + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); + } + + spectre_v2_enabled = mode; + pr_info("%s\n", spectre_v2_strings[mode]); +} + +#undef pr_fmt + #ifdef CONFIG_SYSFS ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) @@ -85,6 +240,7 @@ ssize_t cpu_show_spectre_v2(struct devic { if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) return sprintf(buf, "Not affected\n"); - return sprintf(buf, "Vulnerable\n"); + + return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]); } #endif --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -889,10 +889,6 @@ static void __init early_identify_cpu(st setup_force_cpu_bug(X86_BUG_SPECTRE_V1); setup_force_cpu_bug(X86_BUG_SPECTRE_V2); -#ifdef CONFIG_RETPOLINE - setup_force_cpu_cap(X86_FEATURE_RETPOLINE); -#endif - fpu__init_system(c); #ifdef CONFIG_X86_32 Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/xen: Convert Xen hypercall indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/xen: Convert Xen hypercall indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ea08816d5b185ab3d09e95e393f265af54560350 Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:31 +0000 Subject: x86/retpoline/xen: Convert Xen hypercall indirect jumps From: David Woodhouse <dwmw(a)amazon.co.uk> commit ea08816d5b185ab3d09e95e393f265af54560350 upstream. Convert indirect call in Xen hypercall to use non-speculative sequence, when CONFIG_RETPOLINE is enabled. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Juergen Gross <jgross(a)suse.com> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-10-git-send-email-dwmw@amazon.co… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/xen/hypercall.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/xen/hypercall.h +++ b/arch/x86/include/asm/xen/hypercall.h @@ -44,6 +44,7 @@ #include <asm/page.h> #include <asm/pgtable.h> #include <asm/smap.h> +#include <asm/nospec-branch.h> #include <xen/interface/xen.h> #include <xen/interface/sched.h> @@ -216,9 +217,9 @@ privcmd_call(unsigned call, __HYPERCALL_5ARG(a1, a2, a3, a4, a5); stac(); - asm volatile("call *%[call]" + asm volatile(CALL_NOSPEC : __HYPERCALL_5PARAM - : [call] "a" (&hypercall_page[call]) + : [thunk_target] "a" (&hypercall_page[call]) : __HYPERCALL_CLOBBER5); clac(); Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline: Remove compile time warning" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline: Remove compile time warning to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-remove-compile-time-warning.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b8b9ce4b5aec8de9e23cabb0a26b78641f9ab1d6 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Sun, 14 Jan 2018 22:13:29 +0100 Subject: x86/retpoline: Remove compile time warning From: Thomas Gleixner <tglx(a)linutronix.de> commit b8b9ce4b5aec8de9e23cabb0a26b78641f9ab1d6 upstream. Remove the compile time warning when CONFIG_RETPOLINE=y and the compiler does not have retpoline support. Linus rationale for this is: It's wrong because it will just make people turn off RETPOLINE, and the asm updates - and return stack clearing - that are independent of the compiler are likely the most important parts because they are likely the ones easiest to target. And it's annoying because most people won't be able to do anything about it. The number of people building their own compiler? Very small. So if their distro hasn't got a compiler yet (and pretty much nobody does), the warning is just annoying crap. It is already properly reported as part of the sysfs interface. The compile-time warning only encourages bad things. Fixes: 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Requested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Link: https://lkml.kernel.org/r/CA+55aFzWgquv4i6Mab6bASqYXg3ErV3XDFEYf=GEcCDQg5uA… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/Makefile | 2 -- 1 file changed, 2 deletions(-) --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -187,8 +187,6 @@ ifdef CONFIG_RETPOLINE RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register) ifneq ($(RETPOLINE_CFLAGS),) KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE - else - $(warning CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.) endif endif Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-acpi-handle-sci-interrupts-above-legacy-space-gracefully.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-acpi-reduce-code-duplication-in-mp_override_legacy_irq.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/irq32: Convert assembler indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/irq32: Convert assembler indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-irq32-convert-assembler-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7614e913db1f40fff819b36216484dc3808995d4 Mon Sep 17 00:00:00 2001 From: Andi Kleen <ak(a)linux.intel.com> Date: Thu, 11 Jan 2018 21:46:33 +0000 Subject: x86/retpoline/irq32: Convert assembler indirect jumps From: Andi Kleen <ak(a)linux.intel.com> commit 7614e913db1f40fff819b36216484dc3808995d4 upstream. Convert all indirect jumps in 32bit irq inline asm code to use non speculative sequences. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-12-git-send-email-dwmw@amazon.co… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/irq_32.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c @@ -19,6 +19,7 @@ #include <linux/mm.h> #include <asm/apic.h> +#include <asm/nospec-branch.h> #ifdef CONFIG_DEBUG_STACKOVERFLOW @@ -54,11 +55,11 @@ DEFINE_PER_CPU(struct irq_stack *, softi static void call_on_stack(void *func, void *stack) { asm volatile("xchgl %%ebx,%%esp \n" - "call *%%edi \n" + CALL_NOSPEC "movl %%ebx,%%esp \n" : "=b" (stack) : "0" (stack), - "D"(func) + [thunk_target] "D"(func) : "memory", "cc", "edx", "ecx", "eax"); } @@ -94,11 +95,11 @@ static inline int execute_on_irq_stack(i call_on_stack(print_stack_overflow, isp); asm volatile("xchgl %%ebx,%%esp \n" - "call *%%edi \n" + CALL_NOSPEC "movl %%ebx,%%esp \n" : "=a" (arg1), "=b" (isp) : "0" (desc), "1" (isp), - "D" (desc->handle_irq) + [thunk_target] "D" (desc->handle_irq) : "memory", "cc", "ecx"); return 1; } Patches currently in stable-queue which might be from ak(a)linux.intel.com are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/hyperv: Convert assembler indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/hyperv: Convert assembler indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e70e5892b28c18f517f29ab6e83bd57705104b31 Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:30 +0000 Subject: x86/retpoline/hyperv: Convert assembler indirect jumps From: David Woodhouse <dwmw(a)amazon.co.uk> commit e70e5892b28c18f517f29ab6e83bd57705104b31 upstream. Convert all indirect jumps in hyperv inline asm code to use non-speculative sequences when CONFIG_RETPOLINE is enabled. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-9-git-send-email-dwmw@amazon.co.… [ backport to 4.9, hopefully correct, not tested... - gregkh ] Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -31,6 +31,7 @@ #include <linux/clockchips.h> #include <asm/hyperv.h> #include <asm/mshyperv.h> +#include <asm/nospec-branch.h> #include "hyperv_vmbus.h" /* The one and only */ @@ -103,9 +104,10 @@ u64 hv_do_hypercall(u64 control, void *i return (u64)ULLONG_MAX; __asm__ __volatile__("mov %0, %%r8" : : "r" (output_address) : "r8"); - __asm__ __volatile__("call *%3" : "=a" (hv_status) : + __asm__ __volatile__(CALL_NOSPEC : + "=a" (hv_status) : "c" (control), "d" (input_address), - "m" (hypercall_page)); + THUNK_TARGET(hypercall_page)); return hv_status; @@ -123,11 +125,12 @@ u64 hv_do_hypercall(u64 control, void *i if (!hypercall_page) return (u64)ULLONG_MAX; - __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), + __asm__ __volatile__ (CALL_NOSPEC : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), "a" (control_lo), "b" (input_address_hi), "c" (input_address_lo), "D"(output_address_hi), - "S"(output_address_lo), "m" (hypercall_page)); + "S"(output_address_lo), + THUNK_TARGET(hypercall_page)); return hv_status_lo | ((u64)hv_status_hi << 32); #endif /* !x86_64 */ Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/ftrace: Convert ftrace assembler indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/ftrace: Convert ftrace assembler indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9351803bd803cdbeb9b5a7850b7b6f464806e3db Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:29 +0000 Subject: x86/retpoline/ftrace: Convert ftrace assembler indirect jumps From: David Woodhouse <dwmw(a)amazon.co.uk> commit 9351803bd803cdbeb9b5a7850b7b6f464806e3db upstream. Convert all indirect jumps in ftrace assembler code to use non-speculative sequences when CONFIG_RETPOLINE is enabled. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-8-git-send-email-dwmw@amazon.co.… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/entry/entry_32.S | 5 +++-- arch/x86/kernel/mcount_64.S | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -985,7 +985,8 @@ trace: movl 0x4(%ebp), %edx subl $MCOUNT_INSN_SIZE, %eax - call *ftrace_trace_function + movl ftrace_trace_function, %ecx + CALL_NOSPEC %ecx popl %edx popl %ecx @@ -1021,7 +1022,7 @@ return_to_handler: movl %eax, %ecx popl %edx popl %eax - jmp *%ecx + JMP_NOSPEC %ecx #endif #ifdef CONFIG_TRACING --- a/arch/x86/kernel/mcount_64.S +++ b/arch/x86/kernel/mcount_64.S @@ -8,7 +8,7 @@ #include <asm/ptrace.h> #include <asm/ftrace.h> #include <asm/export.h> - +#include <asm/nospec-branch.h> .code64 .section .entry.text, "ax" @@ -290,8 +290,9 @@ trace: * ip and parent ip are used and the list function is called when * function tracing is enabled. */ - call *ftrace_trace_function + movq ftrace_trace_function, %r8 + CALL_NOSPEC %r8 restore_mcount_regs jmp fgraph_trace @@ -334,5 +335,5 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp - jmp *%rdi + JMP_NOSPEC %rdi #endif Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline: Fill return stack buffer on vmexit" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline: Fill return stack buffer on vmexit to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-fill-return-stack-buffer-on-vmexit.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 117cc7a908c83697b0b737d15ae1eb5943afe35b Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Fri, 12 Jan 2018 11:11:27 +0000 Subject: x86/retpoline: Fill return stack buffer on vmexit From: David Woodhouse <dwmw(a)amazon.co.uk> commit 117cc7a908c83697b0b737d15ae1eb5943afe35b upstream. In accordance with the Intel and AMD documentation, we need to overwrite all entries in the RSB on exiting a guest, to prevent malicious branch target predictions from affecting the host kernel. This is needed both for retpoline and for IBRS. [ak: numbers again for the RSB stuffing labels] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515755487-8524-1-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/nospec-branch.h | 78 ++++++++++++++++++++++++++++++++++- arch/x86/kvm/svm.c | 4 + arch/x86/kvm/vmx.c | 4 + 3 files changed, 85 insertions(+), 1 deletion(-) --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -7,6 +7,48 @@ #include <asm/alternative-asm.h> #include <asm/cpufeatures.h> +/* + * Fill the CPU return stack buffer. + * + * Each entry in the RSB, if used for a speculative 'ret', contains an + * infinite 'pause; jmp' loop to capture speculative execution. + * + * This is required in various cases for retpoline and IBRS-based + * mitigations for the Spectre variant 2 vulnerability. Sometimes to + * eliminate potentially bogus entries from the RSB, and sometimes + * purely to ensure that it doesn't get empty, which on some CPUs would + * allow predictions from other (unwanted!) sources to be used. + * + * We define a CPP macro such that it can be used from both .S files and + * inline assembly. It's possible to do a .macro and then include that + * from C via asm(".include <asm/nospec-branch.h>") but let's not go there. + */ + +#define RSB_CLEAR_LOOPS 32 /* To forcibly overwrite all entries */ +#define RSB_FILL_LOOPS 16 /* To avoid underflow */ + +/* + * Google experimented with loop-unrolling and this turned out to be + * the optimal version — two calls, each with their own speculation + * trap should their return address end up getting used, in a loop. + */ +#define __FILL_RETURN_BUFFER(reg, nr, sp) \ + mov $(nr/2), reg; \ +771: \ + call 772f; \ +773: /* speculation trap */ \ + pause; \ + jmp 773b; \ +772: \ + call 774f; \ +775: /* speculation trap */ \ + pause; \ + jmp 775b; \ +774: \ + dec reg; \ + jnz 771b; \ + add $(BITS_PER_LONG/8) * nr, sp; + #ifdef __ASSEMBLY__ /* @@ -76,6 +118,20 @@ #endif .endm + /* + * A simpler FILL_RETURN_BUFFER macro. Don't make people use the CPP + * monstrosity above, manually. + */ +.macro FILL_RETURN_BUFFER reg:req nr:req ftr:req +#ifdef CONFIG_RETPOLINE + ANNOTATE_NOSPEC_ALTERNATIVE + ALTERNATIVE "jmp .Lskip_rsb_\@", \ + __stringify(__FILL_RETURN_BUFFER(\reg,\nr,%_ASM_SP)) \ + \ftr +.Lskip_rsb_\@: +#endif +.endm + #else /* __ASSEMBLY__ */ #define ANNOTATE_NOSPEC_ALTERNATIVE \ @@ -119,7 +175,7 @@ X86_FEATURE_RETPOLINE) # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) -#else /* No retpoline */ +#else /* No retpoline for C / inline asm */ # define CALL_NOSPEC "call *%[thunk_target]\n" # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) #endif @@ -134,5 +190,25 @@ enum spectre_v2_mitigation { SPECTRE_V2_IBRS, }; +/* + * On VMEXIT we must ensure that no RSB predictions learned in the guest + * can be followed in the host, by overwriting the RSB completely. Both + * retpoline and IBRS mitigations for Spectre v2 need this; only on future + * CPUs with IBRS_ATT *might* it be avoided. + */ +static inline void vmexit_fill_RSB(void) +{ +#ifdef CONFIG_RETPOLINE + unsigned long loops = RSB_CLEAR_LOOPS / 2; + + asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE + ALTERNATIVE("jmp 910f", + __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)), + X86_FEATURE_RETPOLINE) + "910:" + : "=&r" (loops), ASM_CALL_CONSTRAINT + : "r" (loops) : "memory" ); +#endif +} #endif /* __ASSEMBLY__ */ #endif /* __NOSPEC_BRANCH_H__ */ --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -44,6 +44,7 @@ #include <asm/debugreg.h> #include <asm/kvm_para.h> #include <asm/irq_remapping.h> +#include <asm/nospec-branch.h> #include <asm/virtext.h> #include "trace.h" @@ -4917,6 +4918,9 @@ static void svm_vcpu_run(struct kvm_vcpu #endif ); + /* Eliminate branch target predictions from guest mode */ + vmexit_fill_RSB(); + #ifdef CONFIG_X86_64 wrmsrl(MSR_GS_BASE, svm->host.gs_base); #else --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -48,6 +48,7 @@ #include <asm/kexec.h> #include <asm/apic.h> #include <asm/irq_remapping.h> +#include <asm/nospec-branch.h> #include "trace.h" #include "pmu.h" @@ -9026,6 +9027,9 @@ static void __noclone vmx_vcpu_run(struc #endif ); + /* Eliminate branch target predictions from guest mode */ + vmexit_fill_RSB(); + /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ if (debugctlmsr) update_debugctlmsr(debugctlmsr); Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/entry: Convert entry assembler indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/entry: Convert entry assembler indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 2641f08bb7fc63a636a2b18173221d7040a3512e Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:28 +0000 Subject: x86/retpoline/entry: Convert entry assembler indirect jumps From: David Woodhouse <dwmw(a)amazon.co.uk> commit 2641f08bb7fc63a636a2b18173221d7040a3512e upstream. Convert indirect jumps in core 32/64bit entry assembler code to use non-speculative sequences when CONFIG_RETPOLINE is enabled. Don't use CALL_NOSPEC in entry_SYSCALL_64_fastpath because the return address after the 'call' instruction must be *precisely* at the .Lentry_SYSCALL_64_after_fastpath label for stub_ptregs_64 to work, and the use of alternatives will mess that up unless we play horrid games to prepend with NOPs and make the variants the same length. It's not worth it; in the case where we ALTERNATIVE out the retpoline, the first instruction at __x86.indirect_thunk.rax is going to be a bare jmp *%rax anyway. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-7-git-send-email-dwmw@amazon.co.… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/entry/entry_32.S | 5 +++-- arch/x86/entry/entry_64.S | 10 ++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -45,6 +45,7 @@ #include <asm/asm.h> #include <asm/smap.h> #include <asm/export.h> +#include <asm/nospec-branch.h> .section .entry.text, "ax" @@ -260,7 +261,7 @@ ENTRY(ret_from_fork) /* kernel thread */ 1: movl %edi, %eax - call *%ebx + CALL_NOSPEC %ebx /* * A kernel thread is allowed to return here after successfully * calling do_execve(). Exit to userspace to complete the execve() @@ -1062,7 +1063,7 @@ error_code: movl %ecx, %es TRACE_IRQS_OFF movl %esp, %eax # pt_regs pointer - call *%edi + CALL_NOSPEC %edi jmp ret_from_exception END(page_fault) --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -37,6 +37,7 @@ #include <asm/pgtable_types.h> #include <asm/export.h> #include <asm/kaiser.h> +#include <asm/nospec-branch.h> #include <linux/err.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ @@ -208,7 +209,12 @@ entry_SYSCALL_64_fastpath: * It might end up jumping to the slow path. If it jumps, RAX * and all argument registers are clobbered. */ +#ifdef CONFIG_RETPOLINE + movq sys_call_table(, %rax, 8), %rax + call __x86_indirect_thunk_rax +#else call *sys_call_table(, %rax, 8) +#endif .Lentry_SYSCALL_64_after_fastpath_call: movq %rax, RAX(%rsp) @@ -380,7 +386,7 @@ ENTRY(stub_ptregs_64) jmp entry_SYSCALL64_slow_path 1: - jmp *%rax /* Called from C */ + JMP_NOSPEC %rax /* Called from C */ END(stub_ptregs_64) .macro ptregs_stub func @@ -457,7 +463,7 @@ ENTRY(ret_from_fork) 1: /* kernel thread */ movq %r12, %rdi - call *%rbx + CALL_NOSPEC %rbx /* * A kernel thread is allowed to return here after successfully * calling do_execve(). Exit to userspace to complete the execve() Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/crypto: Convert crypto assembler indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/crypto: Convert crypto assembler indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9697fa39efd3fc3692f2949d4045f393ec58450b Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:27 +0000 Subject: x86/retpoline/crypto: Convert crypto assembler indirect jumps From: David Woodhouse <dwmw(a)amazon.co.uk> commit 9697fa39efd3fc3692f2949d4045f393ec58450b upstream. Convert all indirect jumps in crypto assembler code to use non-speculative sequences when CONFIG_RETPOLINE is enabled. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-6-git-send-email-dwmw@amazon.co.… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/crypto/aesni-intel_asm.S | 5 +++-- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 ++- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 ++- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 ++- 4 files changed, 9 insertions(+), 5 deletions(-) --- a/arch/x86/crypto/aesni-intel_asm.S +++ b/arch/x86/crypto/aesni-intel_asm.S @@ -32,6 +32,7 @@ #include <linux/linkage.h> #include <asm/inst.h> #include <asm/frame.h> +#include <asm/nospec-branch.h> /* * The following macros are used to move an (un)aligned 16 byte value to/from @@ -2734,7 +2735,7 @@ ENTRY(aesni_xts_crypt8) pxor INC, STATE4 movdqu IV, 0x30(OUTP) - call *%r11 + CALL_NOSPEC %r11 movdqu 0x00(OUTP), INC pxor INC, STATE1 @@ -2779,7 +2780,7 @@ ENTRY(aesni_xts_crypt8) _aesni_gf128mul_x_ble() movups IV, (IVP) - call *%r11 + CALL_NOSPEC %r11 movdqu 0x40(OUTP), INC pxor INC, STATE1 --- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S +++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S @@ -17,6 +17,7 @@ #include <linux/linkage.h> #include <asm/frame.h> +#include <asm/nospec-branch.h> #define CAMELLIA_TABLE_BYTE_LEN 272 @@ -1224,7 +1225,7 @@ camellia_xts_crypt_16way: vpxor 14 * 16(%rax), %xmm15, %xmm14; vpxor 15 * 16(%rax), %xmm15, %xmm15; - call *%r9; + CALL_NOSPEC %r9; addq $(16 * 16), %rsp; --- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S +++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S @@ -12,6 +12,7 @@ #include <linux/linkage.h> #include <asm/frame.h> +#include <asm/nospec-branch.h> #define CAMELLIA_TABLE_BYTE_LEN 272 @@ -1337,7 +1338,7 @@ camellia_xts_crypt_32way: vpxor 14 * 32(%rax), %ymm15, %ymm14; vpxor 15 * 32(%rax), %ymm15, %ymm15; - call *%r9; + CALL_NOSPEC %r9; addq $(16 * 32), %rsp; --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -45,6 +45,7 @@ #include <asm/inst.h> #include <linux/linkage.h> +#include <asm/nospec-branch.h> ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction @@ -172,7 +173,7 @@ continue_block: movzxw (bufp, %rax, 2), len lea crc_array(%rip), bufp lea (bufp, len, 1), bufp - jmp *bufp + JMP_NOSPEC bufp ################################################################ ## 2a) PROCESS FULL BLOCKS: Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline/checksum32: Convert assembler indirect jumps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline/checksum32: Convert assembler indirect jumps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5096732f6f695001fa2d6f1335a2680b37912c69 Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:32 +0000 Subject: x86/retpoline/checksum32: Convert assembler indirect jumps From: David Woodhouse <dwmw(a)amazon.co.uk> commit 5096732f6f695001fa2d6f1335a2680b37912c69 upstream. Convert all indirect jumps in 32bit checksum assembler code to use non-speculative sequences when CONFIG_RETPOLINE is enabled. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-11-git-send-email-dwmw@amazon.co… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/lib/checksum_32.S | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/arch/x86/lib/checksum_32.S +++ b/arch/x86/lib/checksum_32.S @@ -29,7 +29,8 @@ #include <asm/errno.h> #include <asm/asm.h> #include <asm/export.h> - +#include <asm/nospec-branch.h> + /* * computes a partial checksum, e.g. for TCP/UDP fragments */ @@ -156,7 +157,7 @@ ENTRY(csum_partial) negl %ebx lea 45f(%ebx,%ebx,2), %ebx testl %esi, %esi - jmp *%ebx + JMP_NOSPEC %ebx # Handle 2-byte-aligned regions 20: addw (%esi), %ax @@ -439,7 +440,7 @@ ENTRY(csum_partial_copy_generic) andl $-32,%edx lea 3f(%ebx,%ebx), %ebx testl %esi, %esi - jmp *%ebx + JMP_NOSPEC %ebx 1: addl $64,%esi addl $64,%edi SRC(movb -32(%edx),%bl) ; SRC(movb (%edx),%bl) Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/retpoline: Add initial retpoline support" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline: Add initial retpoline support to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-add-initial-retpoline-support.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 76b043848fd22dbf7f8bf3a1452f8c70d557b860 Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 11 Jan 2018 21:46:25 +0000 Subject: x86/retpoline: Add initial retpoline support From: David Woodhouse <dwmw(a)amazon.co.uk> commit 76b043848fd22dbf7f8bf3a1452f8c70d557b860 upstream. Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide the corresponding thunks. Provide assembler macros for invoking the thunks in the same way that GCC does, from native and inline assembler. This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In some circumstances, IBRS microcode features may be used instead, and the retpoline can be disabled. On AMD CPUs if lfence is serialising, the retpoline can be dramatically simplified to a simple "lfence; jmp *\reg". A future patch, after it has been verified that lfence really is serialising in all circumstances, can enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition to X86_FEATURE_RETPOLINE. Do not align the retpoline in the altinstr section, because there is no guarantee that it stays aligned when it's copied over the oldinstr during alternative patching. [ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks] [ tglx: Put actual function CALL/JMP in front of the macros, convert to symbolic labels ] [ dwmw2: Convert back to numeric labels, merge objtool fixes ] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Arjan van de Ven <arjan(a)linux.intel.com> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: thomas.lendacky(a)amd.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/Kconfig | 13 +++ arch/x86/Makefile | 10 ++ arch/x86/include/asm/asm-prototypes.h | 25 ++++++ arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/nospec-branch.h | 128 ++++++++++++++++++++++++++++++++++ arch/x86/kernel/cpu/common.c | 4 + arch/x86/lib/Makefile | 1 arch/x86/lib/retpoline.S | 48 ++++++++++++ 8 files changed, 232 insertions(+) create mode 100644 arch/x86/include/asm/nospec-branch.h create mode 100644 arch/x86/lib/retpoline.S --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -408,6 +408,19 @@ config GOLDFISH def_bool y depends on X86_GOLDFISH +config RETPOLINE + bool "Avoid speculative indirect branches in kernel" + default y + ---help--- + Compile kernel with the retpoline compiler options to guard against + kernel-to-user data leaks by avoiding speculative indirect + branches. Requires a compiler with -mindirect-branch=thunk-extern + support for full protection. The kernel may run slower. + + Without compiler support, at least indirect branches in assembler + code are eliminated. Since this includes the syscall entry path, + it is not entirely pointless. + if X86_32 config X86_EXTENDED_PLATFORM bool "Support for extended (non-PC) x86 platforms" --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -182,6 +182,16 @@ KBUILD_CFLAGS += -fno-asynchronous-unwin KBUILD_CFLAGS += $(mflags-y) KBUILD_AFLAGS += $(mflags-y) +# Avoid indirect branches in kernel to deal with Spectre +ifdef CONFIG_RETPOLINE + RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register) + ifneq ($(RETPOLINE_CFLAGS),) + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE + else + $(warning CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.) + endif +endif + archscripts: scripts_basic $(Q)$(MAKE) $(build)=arch/x86/tools relocs --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -10,7 +10,32 @@ #include <asm/pgtable.h> #include <asm/special_insns.h> #include <asm/preempt.h> +#include <asm/asm.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); #endif + +#ifdef CONFIG_RETPOLINE +#ifdef CONFIG_X86_32 +#define INDIRECT_THUNK(reg) extern asmlinkage void __x86_indirect_thunk_e ## reg(void); +#else +#define INDIRECT_THUNK(reg) extern asmlinkage void __x86_indirect_thunk_r ## reg(void); +INDIRECT_THUNK(8) +INDIRECT_THUNK(9) +INDIRECT_THUNK(10) +INDIRECT_THUNK(11) +INDIRECT_THUNK(12) +INDIRECT_THUNK(13) +INDIRECT_THUNK(14) +INDIRECT_THUNK(15) +#endif +INDIRECT_THUNK(ax) +INDIRECT_THUNK(bx) +INDIRECT_THUNK(cx) +INDIRECT_THUNK(dx) +INDIRECT_THUNK(si) +INDIRECT_THUNK(di) +INDIRECT_THUNK(bp) +INDIRECT_THUNK(sp) +#endif /* CONFIG_RETPOLINE */ --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -194,6 +194,9 @@ #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ +#define X86_FEATURE_RETPOLINE ( 7*32+12) /* Generic Retpoline mitigation for Spectre variant 2 */ +#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */ + #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ #define X86_FEATURE_AVX512_4VNNIW (7*32+16) /* AVX-512 Neural Network Instructions */ #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */ --- /dev/null +++ b/arch/x86/include/asm/nospec-branch.h @@ -0,0 +1,128 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef __NOSPEC_BRANCH_H__ +#define __NOSPEC_BRANCH_H__ + +#include <asm/alternative.h> +#include <asm/alternative-asm.h> +#include <asm/cpufeatures.h> + +#ifdef __ASSEMBLY__ + +/* + * This should be used immediately before a retpoline alternative. It tells + * objtool where the retpolines are so that it can make sense of the control + * flow by just reading the original instruction(s) and ignoring the + * alternatives. + */ +.macro ANNOTATE_NOSPEC_ALTERNATIVE + .Lannotate_\@: + .pushsection .discard.nospec + .long .Lannotate_\@ - . + .popsection +.endm + +/* + * These are the bare retpoline primitives for indirect jmp and call. + * Do not use these directly; they only exist to make the ALTERNATIVE + * invocation below less ugly. + */ +.macro RETPOLINE_JMP reg:req + call .Ldo_rop_\@ +.Lspec_trap_\@: + pause + jmp .Lspec_trap_\@ +.Ldo_rop_\@: + mov \reg, (%_ASM_SP) + ret +.endm + +/* + * This is a wrapper around RETPOLINE_JMP so the called function in reg + * returns to the instruction after the macro. + */ +.macro RETPOLINE_CALL reg:req + jmp .Ldo_call_\@ +.Ldo_retpoline_jmp_\@: + RETPOLINE_JMP \reg +.Ldo_call_\@: + call .Ldo_retpoline_jmp_\@ +.endm + +/* + * JMP_NOSPEC and CALL_NOSPEC macros can be used instead of a simple + * indirect jmp/call which may be susceptible to the Spectre variant 2 + * attack. + */ +.macro JMP_NOSPEC reg:req +#ifdef CONFIG_RETPOLINE + ANNOTATE_NOSPEC_ALTERNATIVE + ALTERNATIVE_2 __stringify(jmp *\reg), \ + __stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \ + __stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD +#else + jmp *\reg +#endif +.endm + +.macro CALL_NOSPEC reg:req +#ifdef CONFIG_RETPOLINE + ANNOTATE_NOSPEC_ALTERNATIVE + ALTERNATIVE_2 __stringify(call *\reg), \ + __stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\ + __stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD +#else + call *\reg +#endif +.endm + +#else /* __ASSEMBLY__ */ + +#define ANNOTATE_NOSPEC_ALTERNATIVE \ + "999:\n\t" \ + ".pushsection .discard.nospec\n\t" \ + ".long 999b - .\n\t" \ + ".popsection\n\t" + +#if defined(CONFIG_X86_64) && defined(RETPOLINE) + +/* + * Since the inline asm uses the %V modifier which is only in newer GCC, + * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE. + */ +# define CALL_NOSPEC \ + ANNOTATE_NOSPEC_ALTERNATIVE \ + ALTERNATIVE( \ + "call *%[thunk_target]\n", \ + "call __x86_indirect_thunk_%V[thunk_target]\n", \ + X86_FEATURE_RETPOLINE) +# define THUNK_TARGET(addr) [thunk_target] "r" (addr) + +#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE) +/* + * For i386 we use the original ret-equivalent retpoline, because + * otherwise we'll run out of registers. We don't care about CET + * here, anyway. + */ +# define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n", \ + " jmp 904f;\n" \ + " .align 16\n" \ + "901: call 903f;\n" \ + "902: pause;\n" \ + " jmp 902b;\n" \ + " .align 16\n" \ + "903: addl $4, %%esp;\n" \ + " pushl %[thunk_target];\n" \ + " ret;\n" \ + " .align 16\n" \ + "904: call 901b;\n", \ + X86_FEATURE_RETPOLINE) + +# define THUNK_TARGET(addr) [thunk_target] "rm" (addr) +#else /* No retpoline */ +# define CALL_NOSPEC "call *%[thunk_target]\n" +# define THUNK_TARGET(addr) [thunk_target] "rm" (addr) +#endif + +#endif /* __ASSEMBLY__ */ +#endif /* __NOSPEC_BRANCH_H__ */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -889,6 +889,10 @@ static void __init early_identify_cpu(st setup_force_cpu_bug(X86_BUG_SPECTRE_V1); setup_force_cpu_bug(X86_BUG_SPECTRE_V2); +#ifdef CONFIG_RETPOLINE + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); +#endif + fpu__init_system(c); #ifdef CONFIG_X86_32 --- a/arch/x86/lib/Makefile +++ b/arch/x86/lib/Makefile @@ -25,6 +25,7 @@ lib-y += memcpy_$(BITS).o lib-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += rwsem.o lib-$(CONFIG_INSTRUCTION_DECODER) += insn.o inat.o lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o +lib-$(CONFIG_RETPOLINE) += retpoline.o obj-y += msr.o msr-reg.o msr-reg-export.o hweight.o --- /dev/null +++ b/arch/x86/lib/retpoline.S @@ -0,0 +1,48 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#include <linux/stringify.h> +#include <linux/linkage.h> +#include <asm/dwarf2.h> +#include <asm/cpufeatures.h> +#include <asm/alternative-asm.h> +#include <asm/export.h> +#include <asm/nospec-branch.h> + +.macro THUNK reg + .section .text.__x86.indirect_thunk.\reg + +ENTRY(__x86_indirect_thunk_\reg) + CFI_STARTPROC + JMP_NOSPEC %\reg + CFI_ENDPROC +ENDPROC(__x86_indirect_thunk_\reg) +.endm + +/* + * Despite being an assembler file we can't just use .irp here + * because __KSYM_DEPS__ only uses the C preprocessor and would + * only see one instance of "__x86_indirect_thunk_\reg" rather + * than one per register with the correct names. So we do it + * the simple and nasty way... + */ +#define EXPORT_THUNK(reg) EXPORT_SYMBOL(__x86_indirect_thunk_ ## reg) +#define GENERATE_THUNK(reg) THUNK reg ; EXPORT_THUNK(reg) + +GENERATE_THUNK(_ASM_AX) +GENERATE_THUNK(_ASM_BX) +GENERATE_THUNK(_ASM_CX) +GENERATE_THUNK(_ASM_DX) +GENERATE_THUNK(_ASM_SI) +GENERATE_THUNK(_ASM_DI) +GENERATE_THUNK(_ASM_BP) +GENERATE_THUNK(_ASM_SP) +#ifdef CONFIG_64BIT +GENERATE_THUNK(r8) +GENERATE_THUNK(r9) +GENERATE_THUNK(r10) +GENERATE_THUNK(r11) +GENERATE_THUNK(r12) +GENERATE_THUNK(r13) +GENERATE_THUNK(r14) +GENERATE_THUNK(r15) +#endif Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From de791821c295cc61419a06fe5562288417d1bc58 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Fri, 5 Jan 2018 15:27:34 +0100 Subject: x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN From: Thomas Gleixner <tglx(a)linutronix.de> commit de791821c295cc61419a06fe5562288417d1bc58 upstream. Use the name associated with the particular attack which needs page table isolation for mitigation. Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Alan Cox <gnomes(a)lxorguk.ukuu.org.uk> Cc: Jiri Koshina <jikos(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Andi Lutomirski <luto(a)amacapital.net> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Paul Turner <pjt(a)google.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Greg KH <gregkh(a)linux-foundation.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801051525300.1724@nanos Signed-off-by: Razvan Ghitulete <rga(a)amazon.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/kernel/cpu/common.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -316,6 +316,6 @@ #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ -#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ +#define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ #endif /* _ASM_X86_CPUFEATURES_H */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -884,7 +884,7 @@ static void __init early_identify_cpu(st setup_force_cpu_cap(X86_FEATURE_ALWAYS); /* Assume for now that ALL x86 CPUs are insecure */ - setup_force_cpu_bug(X86_BUG_CPU_INSECURE); + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); fpu__init_system(c); } Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-acpi-handle-sci-interrupts-above-legacy-space-gracefully.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-acpi-reduce-code-duplication-in-mp_override_legacy_irq.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b8b7abaed7a49b350f8ba659ddc264b04931d581 Mon Sep 17 00:00:00 2001 From: Andy Lutomirski <luto(a)kernel.org> Date: Sun, 17 Sep 2017 09:03:50 -0700 Subject: x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier From: Andy Lutomirski <luto(a)kernel.org> commit b8b7abaed7a49b350f8ba659ddc264b04931d581 upstream. Otherwise we might have the PCID feature bit set during cpu_init(). This is just for robustness. I haven't seen any actual bugs here. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: cba4671af755 ("x86/mm: Disable PCID on 32-bit kernels") Link: http://lkml.kernel.org/r/b16dae9d6b0db5d9801ddbebbfd83384097c61f3.150566353… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/bugs.c | 8 -------- arch/x86/kernel/cpu/common.c | 8 ++++++++ 2 files changed, 8 insertions(+), 8 deletions(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -22,14 +22,6 @@ void __init check_bugs(void) { -#ifdef CONFIG_X86_32 - /* - * Regardless of whether PCID is enumerated, the SDM says - * that it can't be enabled in 32-bit mode. - */ - setup_clear_cpu_cap(X86_FEATURE_PCID); -#endif - identify_boot_cpu(); if (!IS_ENABLED(CONFIG_SMP)) { --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -890,6 +890,14 @@ static void __init early_identify_cpu(st setup_force_cpu_bug(X86_BUG_SPECTRE_V2); fpu__init_system(c); + +#ifdef CONFIG_X86_32 + /* + * Regardless of whether PCID is enumerated, the SDM says + * that it can't be enabled in 32-bit mode. + */ + setup_clear_cpu_cap(X86_FEATURE_PCID); +#endif } void __init early_cpu_init(void) Patches currently in stable-queue which might be from luto(a)kernel.org are queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeatures: Make CPU bugs sticky" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeatures: Make CPU bugs sticky to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeatures-make-cpu-bugs-sticky.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6cbd2171e89b13377261d15e64384df60ecb530e Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Mon, 4 Dec 2017 15:07:32 +0100 Subject: x86/cpufeatures: Make CPU bugs sticky From: Thomas Gleixner <tglx(a)linutronix.de> commit 6cbd2171e89b13377261d15e64384df60ecb530e upstream. There is currently no way to force CPU bug bits like CPU feature bits. That makes it impossible to set a bug bit once at boot and have it stick for all upcoming CPUs. Extend the force set/clear arrays to handle bug bits as well. Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Laight <David.Laight(a)aculab.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: Eduardo Valentin <eduval(a)amazon.com> Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Rik van Riel <riel(a)redhat.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: aliguori(a)amazon.com Cc: daniel.gruss(a)iaik.tugraz.at Cc: hughd(a)google.com Cc: keescook(a)google.com Link: https://lkml.kernel.org/r/20171204150606.992156574@linutronix.de Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeature.h | 2 ++ arch/x86/include/asm/processor.h | 4 ++-- arch/x86/kernel/cpu/common.c | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -135,6 +135,8 @@ extern const char * const x86_bug_flags[ set_bit(bit, (unsigned long *)cpu_caps_set); \ } while (0) +#define setup_force_cpu_bug(bit) setup_force_cpu_cap(bit) + #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_X86_FAST_FEATURE_TESTS) /* * Static testing of CPU features. Used the same as boot_cpu_has(). --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -156,8 +156,8 @@ extern struct cpuinfo_x86 boot_cpu_data; extern struct cpuinfo_x86 new_cpu_data; extern struct tss_struct doublefault_tss; -extern __u32 cpu_caps_cleared[NCAPINTS]; -extern __u32 cpu_caps_set[NCAPINTS]; +extern __u32 cpu_caps_cleared[NCAPINTS + NBUGINTS]; +extern __u32 cpu_caps_set[NCAPINTS + NBUGINTS]; #ifdef CONFIG_SMP DECLARE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info); --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -480,8 +480,8 @@ static const char *table_lookup_model(st return NULL; /* Not found */ } -__u32 cpu_caps_cleared[NCAPINTS]; -__u32 cpu_caps_set[NCAPINTS]; +__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS]; +__u32 cpu_caps_set[NCAPINTS + NBUGINTS]; void load_percpu_segment(int cpu) { @@ -710,7 +710,7 @@ static void apply_forced_caps(struct cpu { int i; - for (i = 0; i < NCAPINTS; i++) { + for (i = 0; i < NCAPINTS + NBUGINTS; i++) { c->x86_capability[i] &= ~cpu_caps_cleared[i]; c->x86_capability[i] |= cpu_caps_set[i]; } Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-acpi-handle-sci-interrupts-above-legacy-space-gracefully.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-acpi-reduce-code-duplication-in-mp_override_legacy_irq.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeatures-add-x86_bug_spectre_v.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 99c6fa2511d8a683e61468be91b83f85452115fa Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Sat, 6 Jan 2018 11:49:23 +0000 Subject: x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] From: David Woodhouse <dwmw(a)amazon.co.uk> commit 99c6fa2511d8a683e61468be91b83f85452115fa upstream. Add the bug bits for spectre v1/2 and force them unconditionally for all cpus. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: Rik van Riel <riel(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Kees Cook <keescook(a)google.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/1515239374-23361-2-git-send-email-dwmw@amazon.co.… Signed-off-by: Razvan Ghitulete <rga(a)amazon.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kernel/cpu/common.c | 3 +++ 2 files changed, 5 insertions(+) --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -317,5 +317,7 @@ #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ #define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ +#define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */ +#define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */ #endif /* _ASM_X86_CPUFEATURES_H */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -886,6 +886,9 @@ static void __init early_identify_cpu(st /* Assume for now that ALL x86 CPUs are insecure */ setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + fpu__init_system(c); } Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeatures: Add X86_BUG_CPU_INSECURE" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeatures: Add X86_BUG_CPU_INSECURE to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeatures-add-x86_bug_cpu_insecure.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a89f040fa34ec9cd682aed98b8f04e3c47d998bd Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Mon, 4 Dec 2017 15:07:33 +0100 Subject: x86/cpufeatures: Add X86_BUG_CPU_INSECURE From: Thomas Gleixner <tglx(a)linutronix.de> commit a89f040fa34ec9cd682aed98b8f04e3c47d998bd upstream. Many x86 CPUs leak information to user space due to missing isolation of user space and kernel space page tables. There are many well documented ways to exploit that. The upcoming software migitation of isolating the user and kernel space page tables needs a misfeature flag so code can be made runtime conditional. Add the BUG bits which indicates that the CPU is affected and add a feature bit which indicates that the software migitation is enabled. Assume for now that _ALL_ x86 CPUs are affected by this. Exceptions can be made later. Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Laight <David.Laight(a)aculab.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: Eduardo Valentin <eduval(a)amazon.com> Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: aliguori(a)amazon.com Cc: daniel.gruss(a)iaik.tugraz.at Cc: hughd(a)google.com Cc: keescook(a)google.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/common.c | 4 ++++ 2 files changed, 5 insertions(+) --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -316,5 +316,6 @@ #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ +#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ #endif /* _ASM_X86_CPUFEATURES_H */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -882,6 +882,10 @@ static void __init early_identify_cpu(st } setup_force_cpu_cap(X86_FEATURE_ALWAYS); + + /* Assume for now that ALL x86 CPUs are insecure */ + setup_force_cpu_bug(X86_BUG_CPU_INSECURE); + fpu__init_system(c); } Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-acpi-handle-sci-interrupts-above-legacy-space-gracefully.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-acpi-reduce-code-duplication-in-mp_override_legacy_irq.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpu: Merge bugs.c and bugs_64.c" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpu: Merge bugs.c and bugs_64.c to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpu-merge-bugs.c-and-bugs_64.c.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 62a67e123e058a67db58bc6a14354dd037bafd0a Mon Sep 17 00:00:00 2001 From: Borislav Petkov <bp(a)suse.de> Date: Mon, 24 Oct 2016 19:38:43 +0200 Subject: x86/cpu: Merge bugs.c and bugs_64.c From: Borislav Petkov <bp(a)suse.de> commit 62a67e123e058a67db58bc6a14354dd037bafd0a upstream. Should be easier when following boot paths. It probably is a left over from the x86 unification eons ago. No functionality change. Signed-off-by: Borislav Petkov <bp(a)suse.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/20161024173844.23038-3-bp@alien8.de Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Razvan Ghitulete <rga(a)amazon.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/Makefile | 4 +--- arch/x86/kernel/cpu/bugs.c | 26 ++++++++++++++++++++++---- arch/x86/kernel/cpu/bugs_64.c | 33 --------------------------------- 3 files changed, 23 insertions(+), 40 deletions(-) delete mode 100644 arch/x86/kernel/cpu/bugs_64.c --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -20,13 +20,11 @@ obj-y := intel_cacheinfo.o scattered.o obj-y += common.o obj-y += rdrand.o obj-y += match.o +obj-y += bugs.o obj-$(CONFIG_PROC_FS) += proc.o obj-$(CONFIG_X86_FEATURE_NAMES) += capflags.o powerflags.o -obj-$(CONFIG_X86_32) += bugs.o -obj-$(CONFIG_X86_64) += bugs_64.o - obj-$(CONFIG_CPU_SUP_INTEL) += intel.o obj-$(CONFIG_CPU_SUP_AMD) += amd.o obj-$(CONFIG_CPU_SUP_CYRIX_32) += cyrix.o --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -17,6 +17,8 @@ #include <asm/msr.h> #include <asm/paravirt.h> #include <asm/alternative.h> +#include <asm/pgtable.h> +#include <asm/cacheflush.h> void __init check_bugs(void) { @@ -29,11 +31,13 @@ void __init check_bugs(void) #endif identify_boot_cpu(); -#ifndef CONFIG_SMP - pr_info("CPU: "); - print_cpu_info(&boot_cpu_data); -#endif + if (!IS_ENABLED(CONFIG_SMP)) { + pr_info("CPU: "); + print_cpu_info(&boot_cpu_data); + } + +#ifdef CONFIG_X86_32 /* * Check whether we are able to run this kernel safely on SMP. * @@ -49,6 +53,20 @@ void __init check_bugs(void) alternative_instructions(); fpu__init_check_bugs(); +#else /* CONFIG_X86_64 */ + alternative_instructions(); + + /* + * Make sure the first 2MB area is not mapped by huge pages + * There are typically fixed size MTRRs in there and overlapping + * MTRRs into large pages causes slow downs. + * + * Right now we don't do that with gbpages because there seems + * very little benefit for that case. + */ + if (!direct_gbpages) + set_memory_4k((unsigned long)__va(0), 1); +#endif } #ifdef CONFIG_SYSFS --- a/arch/x86/kernel/cpu/bugs_64.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (C) 1994 Linus Torvalds - * Copyright (C) 2000 SuSE - */ - -#include <linux/kernel.h> -#include <linux/init.h> -#include <asm/alternative.h> -#include <asm/bugs.h> -#include <asm/processor.h> -#include <asm/mtrr.h> -#include <asm/cacheflush.h> - -void __init check_bugs(void) -{ - identify_boot_cpu(); -#if !defined(CONFIG_SMP) - pr_info("CPU: "); - print_cpu_info(&boot_cpu_data); -#endif - alternative_instructions(); - - /* - * Make sure the first 2MB area is not mapped by huge pages - * There are typically fixed size MTRRs in there and overlapping - * MTRRs into large pages causes slow downs. - * - * Right now we don't do that with gbpages because there seems - * very little benefit for that case. - */ - if (!direct_gbpages) - set_memory_4k((unsigned long)__va(0), 1); -} Patches currently in stable-queue which might be from bp(a)suse.de are queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpu: Implement CPU vulnerabilites sysfs functions" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpu: Implement CPU vulnerabilites sysfs functions to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 61dc0f555b5c761cdafb0ba5bd41ecf22d68a4c4 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Sun, 7 Jan 2018 22:48:01 +0100 Subject: x86/cpu: Implement CPU vulnerabilites sysfs functions From: Thomas Gleixner <tglx(a)linutronix.de> commit 61dc0f555b5c761cdafb0ba5bd41ecf22d68a4c4 upstream. Implement the CPU vulnerabilty show functions for meltdown, spectre_v1 and spectre_v2. Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: David Woodhouse <dwmw(a)amazon.co.uk> Link: https://lkml.kernel.org/r/20180107214913.177414879@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/Kconfig | 1 + arch/x86/kernel/cpu/bugs.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -64,6 +64,7 @@ config X86 select GENERIC_CLOCKEVENTS_MIN_ADJUST select GENERIC_CMOS_UPDATE select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_FIND_FIRST_BIT select GENERIC_IOMAP --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -9,6 +9,7 @@ */ #include <linux/init.h> #include <linux/utsname.h> +#include <linux/cpu.h> #include <asm/bugs.h> #include <asm/processor.h> #include <asm/processor-flags.h> @@ -49,3 +50,31 @@ void __init check_bugs(void) fpu__init_check_bugs(); } + +#ifdef CONFIG_SYSFS +ssize_t cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) + return sprintf(buf, "Not affected\n"); + if (boot_cpu_has(X86_FEATURE_PTI)) + return sprintf(buf, "Mitigation: PTI\n"); + return sprintf(buf, "Vulnerable\n"); +} + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Vulnerable\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Vulnerable\n"); +} +#endif Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-acpi-handle-sci-interrupts-above-legacy-space-gracefully.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/sysfs-cpu-add-vulnerability-folder.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-acpi-reduce-code-duplication-in-mp_override_legacy_irq.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpu: Factor out application of forced CPU caps" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpu: Factor out application of forced CPU caps to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpu-factor-out-application-of-forced-cpu-caps.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 8bf1ebca215c262e48c15a4a15f175991776f57f Mon Sep 17 00:00:00 2001 From: Andy Lutomirski <luto(a)kernel.org> Date: Wed, 18 Jan 2017 11:15:38 -0800 Subject: x86/cpu: Factor out application of forced CPU caps From: Andy Lutomirski <luto(a)kernel.org> commit 8bf1ebca215c262e48c15a4a15f175991776f57f upstream. There are multiple call sites that apply forced CPU caps. Factor them into a helper. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Fenghua Yu <fenghua.yu(a)intel.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Whitehead <tedheadster(a)gmail.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: One Thousand Gnomes <gnomes(a)lxorguk.ukuu.org.uk> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Rik van Riel <riel(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Yu-cheng Yu <yu-cheng.yu(a)intel.com> Link: http://lkml.kernel.org/r/623ff7555488122143e4417de09b18be2085ad06.148470501… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/common.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -706,6 +706,16 @@ void cpu_detect(struct cpuinfo_x86 *c) } } +static void apply_forced_caps(struct cpuinfo_x86 *c) +{ + int i; + + for (i = 0; i < NCAPINTS; i++) { + c->x86_capability[i] &= ~cpu_caps_cleared[i]; + c->x86_capability[i] |= cpu_caps_set[i]; + } +} + void get_cpu_cap(struct cpuinfo_x86 *c) { u32 eax, ebx, ecx, edx; @@ -1086,10 +1096,7 @@ static void identify_cpu(struct cpuinfo_ this_cpu->c_identify(c); /* Clear/Set all flags overridden by options, after probe */ - for (i = 0; i < NCAPINTS; i++) { - c->x86_capability[i] &= ~cpu_caps_cleared[i]; - c->x86_capability[i] |= cpu_caps_set[i]; - } + apply_forced_caps(c); #ifdef CONFIG_X86_64 c->apicid = apic->phys_pkg_id(c->initial_apicid, 0); @@ -1151,10 +1158,7 @@ static void identify_cpu(struct cpuinfo_ * Clear/Set all flags overridden by options, need do it * before following smp all cpus cap AND. */ - for (i = 0; i < NCAPINTS; i++) { - c->x86_capability[i] &= ~cpu_caps_cleared[i]; - c->x86_capability[i] |= cpu_caps_set[i]; - } + apply_forced_caps(c); /* * On SMP, boot_cpu_data holds the common feature set between Patches currently in stable-queue which might be from luto(a)kernel.org are queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-documentation-add-pti-description.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/selftests-x86-add-test_vsyscall.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f Mon Sep 17 00:00:00 2001 From: Tom Lendacky <thomas.lendacky(a)amd.com> Date: Mon, 8 Jan 2018 16:09:32 -0600 Subject: x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC From: Tom Lendacky <thomas.lendacky(a)amd.com> commit 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f upstream. With LFENCE now a serializing instruction, use LFENCE_RDTSC in preference to MFENCE_RDTSC. However, since the kernel could be running under a hypervisor that does not support writing that MSR, read the MSR back and verify that the bit has been set successfully. If the MSR can be read and the bit is set, then set the LFENCE_RDTSC feature, otherwise set the MFENCE_RDTSC feature. Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/20180108220932.12580.52458.stgit@tlendack-t1.amdo… Signed-off-by: Razvan Ghitulete <rga(a)amazon.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -332,6 +332,7 @@ #define MSR_FAM10H_NODE_ID 0xc001100c #define MSR_F10H_DECFG 0xc0011029 #define MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT 1 +#define MSR_F10H_DECFG_LFENCE_SERIALIZE BIT_ULL(MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT) /* K8 MSRs */ #define MSR_K8_TOP_MEM1 0xc001001a --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -782,6 +782,9 @@ static void init_amd(struct cpuinfo_x86 set_cpu_cap(c, X86_FEATURE_K8); if (cpu_has(c, X86_FEATURE_XMM2)) { + unsigned long long val; + int ret; + /* * A serializing LFENCE has less overhead than MFENCE, so * use it for execution serialization. On families which @@ -792,8 +795,19 @@ static void init_amd(struct cpuinfo_x86 msr_set_bit(MSR_F10H_DECFG, MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT); - /* MFENCE stops RDTSC speculation */ - set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC); + /* + * Verify that the MSR write was successful (could be running + * under a hypervisor) and only then assume that LFENCE is + * serializing. + */ + ret = rdmsrl_safe(MSR_F10H_DECFG, &val); + if (!ret && (val & MSR_F10H_DECFG_LFENCE_SERIALIZE)) { + /* A serializing LFENCE stops RDTSC speculation */ + set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC); + } else { + /* MFENCE stops RDTSC speculation */ + set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC); + } } /* Patches currently in stable-queue which might be from thomas.lendacky(a)amd.com are queue-4.9/kvm-vmx-scrub-hardware-gprs-at-vm-exit.patch queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpu/AMD: Make LFENCE a serializing instruction" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpu/AMD: Make LFENCE a serializing instruction to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpu-amd-make-lfence-a-serializing-instruction.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e4d0e84e490790798691aaa0f2e598637f1867ec Mon Sep 17 00:00:00 2001 From: Tom Lendacky <thomas.lendacky(a)amd.com> Date: Mon, 8 Jan 2018 16:09:21 -0600 Subject: x86/cpu/AMD: Make LFENCE a serializing instruction From: Tom Lendacky <thomas.lendacky(a)amd.com> commit e4d0e84e490790798691aaa0f2e598637f1867ec upstream. To aid in speculation control, make LFENCE a serializing instruction since it has less overhead than MFENCE. This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families that support LFENCE do not have this MSR. For these families, the LFENCE instruction is already serializing. Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/20180108220921.12580.71694.stgit@tlendack-t1.amdo… Signed-off-by: Razvan Ghitulete <rga(a)amazon.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kernel/cpu/amd.c | 10 ++++++++++ 2 files changed, 12 insertions(+) --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -330,6 +330,8 @@ #define FAM10H_MMIO_CONF_BASE_MASK 0xfffffffULL #define FAM10H_MMIO_CONF_BASE_SHIFT 20 #define MSR_FAM10H_NODE_ID 0xc001100c +#define MSR_F10H_DECFG 0xc0011029 +#define MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT 1 /* K8 MSRs */ #define MSR_K8_TOP_MEM1 0xc001001a --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -782,6 +782,16 @@ static void init_amd(struct cpuinfo_x86 set_cpu_cap(c, X86_FEATURE_K8); if (cpu_has(c, X86_FEATURE_XMM2)) { + /* + * A serializing LFENCE has less overhead than MFENCE, so + * use it for execution serialization. On families which + * don't have that MSR, LFENCE is already serializing. + * msr_set_bit() uses the safe accessors, too, even if the MSR + * is not present. + */ + msr_set_bit(MSR_F10H_DECFG, + MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT); + /* MFENCE stops RDTSC speculation */ set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC); } Patches currently in stable-queue which might be from thomas.lendacky(a)amd.com are queue-4.9/kvm-vmx-scrub-hardware-gprs-at-vm-exit.patch queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.9/objtool-allow-alternatives-to-be-ignored.patch queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch queue-4.9/x86-retpoline-remove-compile-time-warning.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/asm: Use register variable to get stack pointer value" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/asm: Use register variable to get stack pointer value to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-asm-use-register-variable-to-get-stack-pointer-value.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 196bd485ee4f03ce4c690bfcf38138abfcd0a4bc Mon Sep 17 00:00:00 2001 From: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Date: Fri, 29 Sep 2017 17:15:36 +0300 Subject: x86/asm: Use register variable to get stack pointer value From: Andrey Ryabinin <aryabinin(a)virtuozzo.com> commit 196bd485ee4f03ce4c690bfcf38138abfcd0a4bc upstream. Currently we use current_stack_pointer() function to get the value of the stack pointer register. Since commit: f5caf621ee35 ("x86/asm: Fix inline asm call constraints for Clang") ... we have a stack register variable declared. It can be used instead of current_stack_pointer() function which allows to optimize away some excessive "mov %rsp, %<dst>" instructions: -mov %rsp,%rdx -sub %rdx,%rax -cmp $0x3fff,%rax -ja ffffffff810722fd <ist_begin_non_atomic+0x2d> +sub %rsp,%rax +cmp $0x3fff,%rax +ja ffffffff810722fa <ist_begin_non_atomic+0x2a> Remove current_stack_pointer(), rename __asm_call_sp to current_stack_pointer and use it instead of the removed function. Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Reviewed-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/20170929141537.29167-1-aryabinin@virtuozzo.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> [dwmw2: We want ASM_CALL_CONSTRAINT for retpoline] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.ku> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/asm.h | 11 +++++++++++ arch/x86/include/asm/thread_info.h | 11 ----------- arch/x86/kernel/irq_32.c | 6 +++--- arch/x86/kernel/traps.c | 2 +- arch/x86/mm/tlb.c | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) --- a/arch/x86/include/asm/asm.h +++ b/arch/x86/include/asm/asm.h @@ -125,4 +125,15 @@ /* For C file, we already have NOKPROBE_SYMBOL macro */ #endif +#ifndef __ASSEMBLY__ +/* + * This output constraint should be used for any inline asm which has a "call" + * instruction. Otherwise the asm may be inserted before the frame pointer + * gets set up by the containing function. If you forget to do this, objtool + * may print a "call without frame pointer save/setup" warning. + */ +register unsigned long current_stack_pointer asm(_ASM_SP); +#define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer) +#endif + #endif /* _ASM_X86_ASM_H */ --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -152,17 +152,6 @@ struct thread_info { */ #ifndef __ASSEMBLY__ -static inline unsigned long current_stack_pointer(void) -{ - unsigned long sp; -#ifdef CONFIG_X86_64 - asm("mov %%rsp,%0" : "=g" (sp)); -#else - asm("mov %%esp,%0" : "=g" (sp)); -#endif - return sp; -} - /* * Walks up the stack frames to make sure that the specified object is * entirely contained by a single stack frame. --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c @@ -64,7 +64,7 @@ static void call_on_stack(void *func, vo static inline void *current_stack(void) { - return (void *)(current_stack_pointer() & ~(THREAD_SIZE - 1)); + return (void *)(current_stack_pointer & ~(THREAD_SIZE - 1)); } static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc) @@ -88,7 +88,7 @@ static inline int execute_on_irq_stack(i /* Save the next esp at the bottom of the stack */ prev_esp = (u32 *)irqstk; - *prev_esp = current_stack_pointer(); + *prev_esp = current_stack_pointer; if (unlikely(overflow)) call_on_stack(print_stack_overflow, isp); @@ -139,7 +139,7 @@ void do_softirq_own_stack(void) /* Push the previous esp onto the stack */ prev_esp = (u32 *)irqstk; - *prev_esp = current_stack_pointer(); + *prev_esp = current_stack_pointer; call_on_stack(__do_softirq, isp); } --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -153,7 +153,7 @@ void ist_begin_non_atomic(struct pt_regs * from double_fault. */ BUG_ON((unsigned long)(current_top_of_stack() - - current_stack_pointer()) >= THREAD_SIZE); + current_stack_pointer) >= THREAD_SIZE); preempt_enable_no_resched(); } --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -110,7 +110,7 @@ void switch_mm_irqs_off(struct mm_struct * mapped in the new pgd, we'll double-fault. Forcibly * map it. */ - unsigned int stack_pgd_index = pgd_index(current_stack_pointer()); + unsigned int stack_pgd_index = pgd_index(current_stack_pointer); pgd_t *pgd = next->pgd + stack_pgd_index; Patches currently in stable-queue which might be from aryabinin(a)virtuozzo.com are queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/alternatives: Fix optimize_nops() checking" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/alternatives: Fix optimize_nops() checking to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-alternatives-fix-optimize_nops-checking.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 612e8e9350fd19cae6900cf36ea0c6892d1a0dca Mon Sep 17 00:00:00 2001 From: Borislav Petkov <bp(a)suse.de> Date: Wed, 10 Jan 2018 12:28:16 +0100 Subject: x86/alternatives: Fix optimize_nops() checking From: Borislav Petkov <bp(a)suse.de> commit 612e8e9350fd19cae6900cf36ea0c6892d1a0dca upstream. The alternatives code checks only the first byte whether it is a NOP, but with NOPs in front of the payload and having actual instructions after it breaks the "optimized' test. Make sure to scan all bytes before deciding to optimize the NOPs in there. Reported-by: David Woodhouse <dwmw2(a)infradead.org> Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: Andrew Lutomirski <luto(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/20180110112815.mgciyf5acwacphkq@pd.tnic Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/alternative.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -340,9 +340,12 @@ done: static void __init_or_module optimize_nops(struct alt_instr *a, u8 *instr) { unsigned long flags; + int i; - if (instr[0] != 0x90) - return; + for (i = 0; i < a->padlen; i++) { + if (instr[i] != 0x90) + return; + } local_irq_save(flags); add_nops(instr + (a->instrlen - a->padlen), a->padlen); Patches currently in stable-queue which might be from bp(a)suse.de are queue-4.9/x86-microcode-intel-extend-bdw-late-loading-with-a-revision-check.patch queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch

7 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror