rebase patches on top of Ubuntu-6.2.0-32.32
(generated with debian/scripts/import-upstream-tag) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
parent
2d2b1d0218
commit
77b18ac62e
@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|||||||
2 files changed, 111 insertions(+)
|
2 files changed, 111 insertions(+)
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
index c06b0d7abcbb..c0d8867359bc 100644
|
index 2698999c2aed..5fef2f65f634 100644
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -4188,6 +4188,15 @@
|
@@ -4209,6 +4209,15 @@
|
||||||
Also, it enforces the PCI Local Bus spec
|
Also, it enforces the PCI Local Bus spec
|
||||||
rule that those bits should be 0 in system reset
|
rule that those bits should be 0 in system reset
|
||||||
events (useful for kexec/kdump cases).
|
events (useful for kexec/kdump cases).
|
||||||
|
@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
||||||
index 07aae60288f9..949b7204cf52 100644
|
index ba827a450103..dd2b2b0ce3a5 100644
|
||||||
--- a/virt/kvm/kvm_main.c
|
--- a/virt/kvm/kvm_main.c
|
||||||
+++ b/virt/kvm/kvm_main.c
|
+++ b/virt/kvm/kvm_main.c
|
||||||
@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
|
@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
|
||||||
|
@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/net/core/dev.c b/net/core/dev.c
|
diff --git a/net/core/dev.c b/net/core/dev.c
|
||||||
index 404125e7a57a..365707a07058 100644
|
index e1ea81afe37f..6ae53bede3b2 100644
|
||||||
--- a/net/core/dev.c
|
--- a/net/core/dev.c
|
||||||
+++ b/net/core/dev.c
|
+++ b/net/core/dev.c
|
||||||
@@ -10258,7 +10258,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
|
@@ -10260,7 +10260,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
|
||||||
if (time_after(jiffies, warning_time +
|
if (time_after(jiffies, warning_time +
|
||||||
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
|
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
|
||||||
list_for_each_entry(dev, list, todo_list) {
|
list_for_each_entry(dev, list, todo_list) {
|
||||||
|
@ -108,10 +108,10 @@ index b1658c0de847..12a02851ff57 100644
|
|||||||
|
|
||||||
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
|
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||||
index 327890b2e0c5..1c5775d51495 100644
|
index ef53767fb7c8..7d8b14f8807e 100644
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -5330,6 +5330,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
|
@@ -5335,6 +5335,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
|
||||||
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
|
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -1,182 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Borislav Petkov (AMD)" <bp@alien8.de>
|
|
||||||
Date: Sat, 15 Jul 2023 13:31:32 +0200
|
|
||||||
Subject: [PATCH] x86/cpu/amd: Move the errata checking functionality up
|
|
||||||
|
|
||||||
Upstream commit: 8b6f687743dacce83dbb0c7cfacf88bab00f808a
|
|
||||||
|
|
||||||
Avoid new and remove old forward declarations.
|
|
||||||
|
|
||||||
No functional changes.
|
|
||||||
|
|
||||||
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
|
||||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
||||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/kernel/cpu/amd.c | 139 ++++++++++++++++++--------------------
|
|
||||||
1 file changed, 67 insertions(+), 72 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
|
||||||
index 06f2ede1544f..57181b9c0474 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/amd.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/amd.c
|
|
||||||
@@ -27,11 +27,6 @@
|
|
||||||
|
|
||||||
#include "cpu.h"
|
|
||||||
|
|
||||||
-static const int amd_erratum_383[];
|
|
||||||
-static const int amd_erratum_400[];
|
|
||||||
-static const int amd_erratum_1054[];
|
|
||||||
-static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum);
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* nodes_per_socket: Stores the number of nodes per socket.
|
|
||||||
* Refer to Fam15h Models 00-0fh BKDG - CPUID Fn8000_001E_ECX
|
|
||||||
@@ -39,6 +34,73 @@ static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum);
|
|
||||||
*/
|
|
||||||
static u32 nodes_per_socket = 1;
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * AMD errata checking
|
|
||||||
+ *
|
|
||||||
+ * Errata are defined as arrays of ints using the AMD_LEGACY_ERRATUM() or
|
|
||||||
+ * AMD_OSVW_ERRATUM() macros. The latter is intended for newer errata that
|
|
||||||
+ * have an OSVW id assigned, which it takes as first argument. Both take a
|
|
||||||
+ * variable number of family-specific model-stepping ranges created by
|
|
||||||
+ * AMD_MODEL_RANGE().
|
|
||||||
+ *
|
|
||||||
+ * Example:
|
|
||||||
+ *
|
|
||||||
+ * const int amd_erratum_319[] =
|
|
||||||
+ * AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0x4, 0x2),
|
|
||||||
+ * AMD_MODEL_RANGE(0x10, 0x8, 0x0, 0x8, 0x0),
|
|
||||||
+ * AMD_MODEL_RANGE(0x10, 0x9, 0x0, 0x9, 0x0));
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#define AMD_LEGACY_ERRATUM(...) { -1, __VA_ARGS__, 0 }
|
|
||||||
+#define AMD_OSVW_ERRATUM(osvw_id, ...) { osvw_id, __VA_ARGS__, 0 }
|
|
||||||
+#define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \
|
|
||||||
+ ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end))
|
|
||||||
+#define AMD_MODEL_RANGE_FAMILY(range) (((range) >> 24) & 0xff)
|
|
||||||
+#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
|
|
||||||
+#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
|
|
||||||
+
|
|
||||||
+static const int amd_erratum_400[] =
|
|
||||||
+ AMD_OSVW_ERRATUM(1, AMD_MODEL_RANGE(0xf, 0x41, 0x2, 0xff, 0xf),
|
|
||||||
+ AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0xff, 0xf));
|
|
||||||
+
|
|
||||||
+static const int amd_erratum_383[] =
|
|
||||||
+ AMD_OSVW_ERRATUM(3, AMD_MODEL_RANGE(0x10, 0, 0, 0xff, 0xf));
|
|
||||||
+
|
|
||||||
+/* #1054: Instructions Retired Performance Counter May Be Inaccurate */
|
|
||||||
+static const int amd_erratum_1054[] =
|
|
||||||
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
|
|
||||||
+
|
|
||||||
+static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
|
|
||||||
+{
|
|
||||||
+ int osvw_id = *erratum++;
|
|
||||||
+ u32 range;
|
|
||||||
+ u32 ms;
|
|
||||||
+
|
|
||||||
+ if (osvw_id >= 0 && osvw_id < 65536 &&
|
|
||||||
+ cpu_has(cpu, X86_FEATURE_OSVW)) {
|
|
||||||
+ u64 osvw_len;
|
|
||||||
+
|
|
||||||
+ rdmsrl(MSR_AMD64_OSVW_ID_LENGTH, osvw_len);
|
|
||||||
+ if (osvw_id < osvw_len) {
|
|
||||||
+ u64 osvw_bits;
|
|
||||||
+
|
|
||||||
+ rdmsrl(MSR_AMD64_OSVW_STATUS + (osvw_id >> 6),
|
|
||||||
+ osvw_bits);
|
|
||||||
+ return osvw_bits & (1ULL << (osvw_id & 0x3f));
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* OSVW unavailable or ID unknown, match family-model-stepping range */
|
|
||||||
+ ms = (cpu->x86_model << 4) | cpu->x86_stepping;
|
|
||||||
+ while ((range = *erratum++))
|
|
||||||
+ if ((cpu->x86 == AMD_MODEL_RANGE_FAMILY(range)) &&
|
|
||||||
+ (ms >= AMD_MODEL_RANGE_START(range)) &&
|
|
||||||
+ (ms <= AMD_MODEL_RANGE_END(range)))
|
|
||||||
+ return true;
|
|
||||||
+
|
|
||||||
+ return false;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static inline int rdmsrl_amd_safe(unsigned msr, unsigned long long *p)
|
|
||||||
{
|
|
||||||
u32 gprs[8] = { 0 };
|
|
||||||
@@ -1100,73 +1162,6 @@ static const struct cpu_dev amd_cpu_dev = {
|
|
||||||
|
|
||||||
cpu_dev_register(amd_cpu_dev);
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * AMD errata checking
|
|
||||||
- *
|
|
||||||
- * Errata are defined as arrays of ints using the AMD_LEGACY_ERRATUM() or
|
|
||||||
- * AMD_OSVW_ERRATUM() macros. The latter is intended for newer errata that
|
|
||||||
- * have an OSVW id assigned, which it takes as first argument. Both take a
|
|
||||||
- * variable number of family-specific model-stepping ranges created by
|
|
||||||
- * AMD_MODEL_RANGE().
|
|
||||||
- *
|
|
||||||
- * Example:
|
|
||||||
- *
|
|
||||||
- * const int amd_erratum_319[] =
|
|
||||||
- * AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0x4, 0x2),
|
|
||||||
- * AMD_MODEL_RANGE(0x10, 0x8, 0x0, 0x8, 0x0),
|
|
||||||
- * AMD_MODEL_RANGE(0x10, 0x9, 0x0, 0x9, 0x0));
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#define AMD_LEGACY_ERRATUM(...) { -1, __VA_ARGS__, 0 }
|
|
||||||
-#define AMD_OSVW_ERRATUM(osvw_id, ...) { osvw_id, __VA_ARGS__, 0 }
|
|
||||||
-#define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \
|
|
||||||
- ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end))
|
|
||||||
-#define AMD_MODEL_RANGE_FAMILY(range) (((range) >> 24) & 0xff)
|
|
||||||
-#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
|
|
||||||
-#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
|
|
||||||
-
|
|
||||||
-static const int amd_erratum_400[] =
|
|
||||||
- AMD_OSVW_ERRATUM(1, AMD_MODEL_RANGE(0xf, 0x41, 0x2, 0xff, 0xf),
|
|
||||||
- AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0xff, 0xf));
|
|
||||||
-
|
|
||||||
-static const int amd_erratum_383[] =
|
|
||||||
- AMD_OSVW_ERRATUM(3, AMD_MODEL_RANGE(0x10, 0, 0, 0xff, 0xf));
|
|
||||||
-
|
|
||||||
-/* #1054: Instructions Retired Performance Counter May Be Inaccurate */
|
|
||||||
-static const int amd_erratum_1054[] =
|
|
||||||
- AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
|
|
||||||
-
|
|
||||||
-static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
|
|
||||||
-{
|
|
||||||
- int osvw_id = *erratum++;
|
|
||||||
- u32 range;
|
|
||||||
- u32 ms;
|
|
||||||
-
|
|
||||||
- if (osvw_id >= 0 && osvw_id < 65536 &&
|
|
||||||
- cpu_has(cpu, X86_FEATURE_OSVW)) {
|
|
||||||
- u64 osvw_len;
|
|
||||||
-
|
|
||||||
- rdmsrl(MSR_AMD64_OSVW_ID_LENGTH, osvw_len);
|
|
||||||
- if (osvw_id < osvw_len) {
|
|
||||||
- u64 osvw_bits;
|
|
||||||
-
|
|
||||||
- rdmsrl(MSR_AMD64_OSVW_STATUS + (osvw_id >> 6),
|
|
||||||
- osvw_bits);
|
|
||||||
- return osvw_bits & (1ULL << (osvw_id & 0x3f));
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* OSVW unavailable or ID unknown, match family-model-stepping range */
|
|
||||||
- ms = (cpu->x86_model << 4) | cpu->x86_stepping;
|
|
||||||
- while ((range = *erratum++))
|
|
||||||
- if ((cpu->x86 == AMD_MODEL_RANGE_FAMILY(range)) &&
|
|
||||||
- (ms >= AMD_MODEL_RANGE_START(range)) &&
|
|
||||||
- (ms <= AMD_MODEL_RANGE_END(range)))
|
|
||||||
- return true;
|
|
||||||
-
|
|
||||||
- return false;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
void set_dr_addr_mask(unsigned long mask, int dr)
|
|
||||||
{
|
|
||||||
if (!boot_cpu_has(X86_FEATURE_BPEXT))
|
|
@ -1,170 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Borislav Petkov (AMD)" <bp@alien8.de>
|
|
||||||
Date: Sat, 15 Jul 2023 13:41:28 +0200
|
|
||||||
Subject: [PATCH] x86/cpu/amd: Add a Zenbleed fix
|
|
||||||
|
|
||||||
Upstream commit: 522b1d69219d8f083173819fde04f994aa051a98
|
|
||||||
|
|
||||||
Add a fix for the Zen2 VZEROUPPER data corruption bug where under
|
|
||||||
certain circumstances executing VZEROUPPER can cause register
|
|
||||||
corruption or leak data.
|
|
||||||
|
|
||||||
The optimal fix is through microcode but in the case the proper
|
|
||||||
microcode revision has not been applied, enable a fallback fix using
|
|
||||||
a chicken bit.
|
|
||||||
|
|
||||||
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
|
||||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
||||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/include/asm/microcode.h | 1 +
|
|
||||||
arch/x86/include/asm/microcode_amd.h | 2 +
|
|
||||||
arch/x86/include/asm/msr-index.h | 1 +
|
|
||||||
arch/x86/kernel/cpu/amd.c | 60 ++++++++++++++++++++++++++++
|
|
||||||
arch/x86/kernel/cpu/common.c | 2 +
|
|
||||||
5 files changed, 66 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
|
|
||||||
index 320566a0443d..66dbba181bd9 100644
|
|
||||||
--- a/arch/x86/include/asm/microcode.h
|
|
||||||
+++ b/arch/x86/include/asm/microcode.h
|
|
||||||
@@ -5,6 +5,7 @@
|
|
||||||
#include <asm/cpu.h>
|
|
||||||
#include <linux/earlycpio.h>
|
|
||||||
#include <linux/initrd.h>
|
|
||||||
+#include <asm/microcode_amd.h>
|
|
||||||
|
|
||||||
struct ucode_patch {
|
|
||||||
struct list_head plist;
|
|
||||||
diff --git a/arch/x86/include/asm/microcode_amd.h b/arch/x86/include/asm/microcode_amd.h
|
|
||||||
index e6662adf3af4..9675c621c1ca 100644
|
|
||||||
--- a/arch/x86/include/asm/microcode_amd.h
|
|
||||||
+++ b/arch/x86/include/asm/microcode_amd.h
|
|
||||||
@@ -48,11 +48,13 @@ extern void __init load_ucode_amd_bsp(unsigned int family);
|
|
||||||
extern void load_ucode_amd_ap(unsigned int family);
|
|
||||||
extern int __init save_microcode_in_initrd_amd(unsigned int family);
|
|
||||||
void reload_ucode_amd(unsigned int cpu);
|
|
||||||
+extern void amd_check_microcode(void);
|
|
||||||
#else
|
|
||||||
static inline void __init load_ucode_amd_bsp(unsigned int family) {}
|
|
||||||
static inline void load_ucode_amd_ap(unsigned int family) {}
|
|
||||||
static inline int __init
|
|
||||||
save_microcode_in_initrd_amd(unsigned int family) { return -EINVAL; }
|
|
||||||
static inline void reload_ucode_amd(unsigned int cpu) {}
|
|
||||||
+static inline void amd_check_microcode(void) {}
|
|
||||||
#endif
|
|
||||||
#endif /* _ASM_X86_MICROCODE_AMD_H */
|
|
||||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
|
||||||
index 978a3e203cdb..52a09dbc2c26 100644
|
|
||||||
--- a/arch/x86/include/asm/msr-index.h
|
|
||||||
+++ b/arch/x86/include/asm/msr-index.h
|
|
||||||
@@ -538,6 +538,7 @@
|
|
||||||
#define MSR_AMD64_DE_CFG 0xc0011029
|
|
||||||
#define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT 1
|
|
||||||
#define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE BIT_ULL(MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT)
|
|
||||||
+#define MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT 9
|
|
||||||
|
|
||||||
#define MSR_AMD64_BU_CFG2 0xc001102a
|
|
||||||
#define MSR_AMD64_IBSFETCHCTL 0xc0011030
|
|
||||||
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
|
||||||
index 57181b9c0474..c03b066aaa54 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/amd.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/amd.c
|
|
||||||
@@ -70,6 +70,11 @@ static const int amd_erratum_383[] =
|
|
||||||
static const int amd_erratum_1054[] =
|
|
||||||
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
|
|
||||||
|
|
||||||
+static const int amd_zenbleed[] =
|
|
||||||
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x30, 0x0, 0x4f, 0xf),
|
|
||||||
+ AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf),
|
|
||||||
+ AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf));
|
|
||||||
+
|
|
||||||
static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
|
|
||||||
{
|
|
||||||
int osvw_id = *erratum++;
|
|
||||||
@@ -978,6 +983,47 @@ static void init_amd_zn(struct cpuinfo_x86 *c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+static bool cpu_has_zenbleed_microcode(void)
|
|
||||||
+{
|
|
||||||
+ u32 good_rev = 0;
|
|
||||||
+
|
|
||||||
+ switch (boot_cpu_data.x86_model) {
|
|
||||||
+ case 0x30 ... 0x3f: good_rev = 0x0830107a; break;
|
|
||||||
+ case 0x60 ... 0x67: good_rev = 0x0860010b; break;
|
|
||||||
+ case 0x68 ... 0x6f: good_rev = 0x08608105; break;
|
|
||||||
+ case 0x70 ... 0x7f: good_rev = 0x08701032; break;
|
|
||||||
+ case 0xa0 ... 0xaf: good_rev = 0x08a00008; break;
|
|
||||||
+
|
|
||||||
+ default:
|
|
||||||
+ return false;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (boot_cpu_data.microcode < good_rev)
|
|
||||||
+ return false;
|
|
||||||
+
|
|
||||||
+ return true;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void zenbleed_check(struct cpuinfo_x86 *c)
|
|
||||||
+{
|
|
||||||
+ if (!cpu_has_amd_erratum(c, amd_zenbleed))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (cpu_has(c, X86_FEATURE_HYPERVISOR))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (!cpu_has(c, X86_FEATURE_AVX))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (!cpu_has_zenbleed_microcode()) {
|
|
||||||
+ pr_notice_once("Zenbleed: please update your microcode for the most optimal fix\n");
|
|
||||||
+ msr_set_bit(MSR_AMD64_DE_CFG, MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT);
|
|
||||||
+ } else {
|
|
||||||
+ msr_clear_bit(MSR_AMD64_DE_CFG, MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT);
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void init_amd(struct cpuinfo_x86 *c)
|
|
||||||
{
|
|
||||||
early_init_amd(c);
|
|
||||||
@@ -1067,6 +1113,8 @@ static void init_amd(struct cpuinfo_x86 *c)
|
|
||||||
msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT);
|
|
||||||
|
|
||||||
check_null_seg_clears_base(c);
|
|
||||||
+
|
|
||||||
+ zenbleed_check(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef CONFIG_X86_32
|
|
||||||
@@ -1196,3 +1244,15 @@ u32 amd_get_highest_perf(void)
|
|
||||||
return 255;
|
|
||||||
}
|
|
||||||
EXPORT_SYMBOL_GPL(amd_get_highest_perf);
|
|
||||||
+
|
|
||||||
+static void zenbleed_check_cpu(void *unused)
|
|
||||||
+{
|
|
||||||
+ struct cpuinfo_x86 *c = &cpu_data(smp_processor_id());
|
|
||||||
+
|
|
||||||
+ zenbleed_check(c);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void amd_check_microcode(void)
|
|
||||||
+{
|
|
||||||
+ on_each_cpu(zenbleed_check_cpu, NULL, 1);
|
|
||||||
+}
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 6a25e93f2a87..2ac8ceae0ed1 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -2337,6 +2337,8 @@ void microcode_check(struct cpuinfo_x86 *prev_info)
|
|
||||||
|
|
||||||
perf_check_microcode();
|
|
||||||
|
|
||||||
+ amd_check_microcode();
|
|
||||||
+
|
|
||||||
store_cpu_caps(&curr_info);
|
|
||||||
|
|
||||||
if (!memcmp(&prev_info->x86_capability, &curr_info.x86_capability,
|
|
@ -1,85 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:22 +0200
|
|
||||||
Subject: [PATCH] init: Provide arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() has become a dumping ground for all sorts of activities to
|
|
||||||
finalize the CPU initialization before running the rest of the init code.
|
|
||||||
|
|
||||||
Most are empty, a few do actual bug checks, some do alternative patching
|
|
||||||
and some cobble a CPU advertisement string together....
|
|
||||||
|
|
||||||
Aside of that the current implementation requires duplicated function
|
|
||||||
declaration and mostly empty header files for them.
|
|
||||||
|
|
||||||
Provide a new function arch_cpu_finalize_init(). Provide a generic
|
|
||||||
declaration if CONFIG_ARCH_HAS_CPU_FINALIZE_INIT is selected and a stub
|
|
||||||
inline otherwise.
|
|
||||||
|
|
||||||
This requires a temporary #ifdef in start_kernel() which will be removed
|
|
||||||
along with check_bugs() once the architectures are converted over.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224544.957805717@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 7725acaa4f0c04fbefb0e0d342635b967bb7d414)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit c765faa80041002c513c6b356826e11cb78308b3)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/Kconfig | 3 +++
|
|
||||||
include/linux/cpu.h | 6 ++++++
|
|
||||||
init/main.c | 4 ++++
|
|
||||||
3 files changed, 13 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/arch/Kconfig b/arch/Kconfig
|
|
||||||
index 12e3ddabac9d..9a75f8457283 100644
|
|
||||||
--- a/arch/Kconfig
|
|
||||||
+++ b/arch/Kconfig
|
|
||||||
@@ -285,6 +285,9 @@ config ARCH_HAS_DMA_SET_UNCACHED
|
|
||||||
config ARCH_HAS_DMA_CLEAR_UNCACHED
|
|
||||||
bool
|
|
||||||
|
|
||||||
+config ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
+ bool
|
|
||||||
+
|
|
||||||
# Select if arch init_task must go in the __init_task_data section
|
|
||||||
config ARCH_TASK_STRUCT_ON_STACK
|
|
||||||
bool
|
|
||||||
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
|
|
||||||
index 314802f98b9d..43b0b7950e33 100644
|
|
||||||
--- a/include/linux/cpu.h
|
|
||||||
+++ b/include/linux/cpu.h
|
|
||||||
@@ -187,6 +187,12 @@ void arch_cpu_idle_enter(void);
|
|
||||||
void arch_cpu_idle_exit(void);
|
|
||||||
void arch_cpu_idle_dead(void);
|
|
||||||
|
|
||||||
+#ifdef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
+void arch_cpu_finalize_init(void);
|
|
||||||
+#else
|
|
||||||
+static inline void arch_cpu_finalize_init(void) { }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
int cpu_report_state(int cpu);
|
|
||||||
int cpu_check_up_prepare(int cpu);
|
|
||||||
void cpu_set_state_online(int cpu);
|
|
||||||
diff --git a/init/main.c b/init/main.c
|
|
||||||
index e1c3911d7c70..e39055c8698f 100644
|
|
||||||
--- a/init/main.c
|
|
||||||
+++ b/init/main.c
|
|
||||||
@@ -1138,7 +1138,11 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
|
|
||||||
taskstats_init_early();
|
|
||||||
delayacct_init();
|
|
||||||
|
|
||||||
+ arch_cpu_finalize_init();
|
|
||||||
+ /* Temporary conditional until everything has been converted */
|
|
||||||
+#ifndef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
check_bugs();
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
acpi_subsystem_init();
|
|
||||||
arch_post_acpi_subsys_init();
|
|
@ -1,235 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:24 +0200
|
|
||||||
Subject: [PATCH] x86/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is a dumping ground for finalizing the CPU bringup. Only parts of
|
|
||||||
it has to do with actual CPU bugs.
|
|
||||||
|
|
||||||
Split it apart into arch_cpu_finalize_init() and cpu_select_mitigations().
|
|
||||||
|
|
||||||
Fixup the bogus 32bit comments while at it.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.019583869@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 7c7077a72674402654f3291354720cd73cdf649e)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit d839524be6ba339640b7729353ff14156fad42a7)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/Kconfig | 1 +
|
|
||||||
arch/x86/include/asm/bugs.h | 2 --
|
|
||||||
arch/x86/kernel/cpu/bugs.c | 51 +---------------------------------
|
|
||||||
arch/x86/kernel/cpu/common.c | 53 ++++++++++++++++++++++++++++++++++++
|
|
||||||
arch/x86/kernel/cpu/cpu.h | 1 +
|
|
||||||
5 files changed, 56 insertions(+), 52 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
|
||||||
index df9e15bcf6d1..598a303819da 100644
|
|
||||||
--- a/arch/x86/Kconfig
|
|
||||||
+++ b/arch/x86/Kconfig
|
|
||||||
@@ -70,6 +70,7 @@ config X86
|
|
||||||
select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
|
|
||||||
select ARCH_HAS_CACHE_LINE_SIZE
|
|
||||||
select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
select ARCH_HAS_CURRENT_STACK_POINTER
|
|
||||||
select ARCH_HAS_DEBUG_VIRTUAL
|
|
||||||
select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE
|
|
||||||
diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h
|
|
||||||
index 92ae28389940..f25ca2d709d4 100644
|
|
||||||
--- a/arch/x86/include/asm/bugs.h
|
|
||||||
+++ b/arch/x86/include/asm/bugs.h
|
|
||||||
@@ -4,8 +4,6 @@
|
|
||||||
|
|
||||||
#include <asm/processor.h>
|
|
||||||
|
|
||||||
-extern void check_bugs(void);
|
|
||||||
-
|
|
||||||
#if defined(CONFIG_CPU_SUP_INTEL) && defined(CONFIG_X86_32)
|
|
||||||
int ppro_with_ram_bug(void);
|
|
||||||
#else
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index daad10e7665b..edb670b77294 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
@@ -9,7 +9,6 @@
|
|
||||||
* - Andrew D. Balsa (code cleanup).
|
|
||||||
*/
|
|
||||||
#include <linux/init.h>
|
|
||||||
-#include <linux/utsname.h>
|
|
||||||
#include <linux/cpu.h>
|
|
||||||
#include <linux/module.h>
|
|
||||||
#include <linux/nospec.h>
|
|
||||||
@@ -27,8 +26,6 @@
|
|
||||||
#include <asm/msr.h>
|
|
||||||
#include <asm/vmx.h>
|
|
||||||
#include <asm/paravirt.h>
|
|
||||||
-#include <asm/alternative.h>
|
|
||||||
-#include <asm/set_memory.h>
|
|
||||||
#include <asm/intel-family.h>
|
|
||||||
#include <asm/e820/api.h>
|
|
||||||
#include <asm/hypervisor.h>
|
|
||||||
@@ -124,21 +121,8 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush);
|
|
||||||
DEFINE_STATIC_KEY_FALSE(mmio_stale_data_clear);
|
|
||||||
EXPORT_SYMBOL_GPL(mmio_stale_data_clear);
|
|
||||||
|
|
||||||
-void __init check_bugs(void)
|
|
||||||
+void __init cpu_select_mitigations(void)
|
|
||||||
{
|
|
||||||
- identify_boot_cpu();
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * identify_boot_cpu() initialized SMT support information, let the
|
|
||||||
- * core code know.
|
|
||||||
- */
|
|
||||||
- cpu_smt_check_topology();
|
|
||||||
-
|
|
||||||
- if (!IS_ENABLED(CONFIG_SMP)) {
|
|
||||||
- pr_info("CPU: ");
|
|
||||||
- print_cpu_info(&boot_cpu_data);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* Read the SPEC_CTRL MSR to account for reserved bits which may
|
|
||||||
* have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
|
|
||||||
@@ -175,39 +159,6 @@ void __init check_bugs(void)
|
|
||||||
md_clear_select_mitigation();
|
|
||||||
srbds_select_mitigation();
|
|
||||||
l1d_flush_select_mitigation();
|
|
||||||
-
|
|
||||||
- arch_smt_update();
|
|
||||||
-
|
|
||||||
-#ifdef CONFIG_X86_32
|
|
||||||
- /*
|
|
||||||
- * Check whether we are able to run this kernel safely on SMP.
|
|
||||||
- *
|
|
||||||
- * - i386 is no longer supported.
|
|
||||||
- * - In order to run on anything without a TSC, we need to be
|
|
||||||
- * compiled for a i486.
|
|
||||||
- */
|
|
||||||
- if (boot_cpu_data.x86 < 4)
|
|
||||||
- panic("Kernel requires i486+ for 'invlpg' and other features");
|
|
||||||
-
|
|
||||||
- init_utsname()->machine[1] =
|
|
||||||
- '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
|
|
||||||
- alternative_instructions();
|
|
||||||
-
|
|
||||||
- fpu__init_check_bugs();
|
|
||||||
-#else /* CONFIG_X86_64 */
|
|
||||||
- alternative_instructions();
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Make sure the first 2MB area is not mapped by huge pages
|
|
||||||
- * There are typically fixed size MTRRs in there and overlapping
|
|
||||||
- * MTRRs into large pages causes slow downs.
|
|
||||||
- *
|
|
||||||
- * Right now we don't do that with gbpages because there seems
|
|
||||||
- * very little benefit for that case.
|
|
||||||
- */
|
|
||||||
- if (!direct_gbpages)
|
|
||||||
- set_memory_4k((unsigned long)__va(0), 1);
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 2ac8ceae0ed1..0f32ecfbdeb1 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -19,11 +19,14 @@
|
|
||||||
#include <linux/kprobes.h>
|
|
||||||
#include <linux/kgdb.h>
|
|
||||||
#include <linux/smp.h>
|
|
||||||
+#include <linux/cpu.h>
|
|
||||||
#include <linux/io.h>
|
|
||||||
#include <linux/syscore_ops.h>
|
|
||||||
#include <linux/pgtable.h>
|
|
||||||
#include <linux/stackprotector.h>
|
|
||||||
+#include <linux/utsname.h>
|
|
||||||
|
|
||||||
+#include <asm/alternative.h>
|
|
||||||
#include <asm/cmdline.h>
|
|
||||||
#include <asm/perf_event.h>
|
|
||||||
#include <asm/mmu_context.h>
|
|
||||||
@@ -59,6 +62,7 @@
|
|
||||||
#include <asm/intel-family.h>
|
|
||||||
#include <asm/cpu_device_id.h>
|
|
||||||
#include <asm/uv/uv.h>
|
|
||||||
+#include <asm/set_memory.h>
|
|
||||||
#include <asm/sigframe.h>
|
|
||||||
#include <asm/traps.h>
|
|
||||||
#include <asm/sev.h>
|
|
||||||
@@ -2360,3 +2364,52 @@ void arch_smt_update(void)
|
|
||||||
/* Check whether IPI broadcasting can be enabled */
|
|
||||||
apic_smt_update();
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
+{
|
|
||||||
+ identify_boot_cpu();
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * identify_boot_cpu() initialized SMT support information, let the
|
|
||||||
+ * core code know.
|
|
||||||
+ */
|
|
||||||
+ cpu_smt_check_topology();
|
|
||||||
+
|
|
||||||
+ if (!IS_ENABLED(CONFIG_SMP)) {
|
|
||||||
+ pr_info("CPU: ");
|
|
||||||
+ print_cpu_info(&boot_cpu_data);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ cpu_select_mitigations();
|
|
||||||
+
|
|
||||||
+ arch_smt_update();
|
|
||||||
+
|
|
||||||
+ if (IS_ENABLED(CONFIG_X86_32)) {
|
|
||||||
+ /*
|
|
||||||
+ * Check whether this is a real i386 which is not longer
|
|
||||||
+ * supported and fixup the utsname.
|
|
||||||
+ */
|
|
||||||
+ if (boot_cpu_data.x86 < 4)
|
|
||||||
+ panic("Kernel requires i486+ for 'invlpg' and other features");
|
|
||||||
+
|
|
||||||
+ init_utsname()->machine[1] =
|
|
||||||
+ '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ alternative_instructions();
|
|
||||||
+
|
|
||||||
+ if (IS_ENABLED(CONFIG_X86_64)) {
|
|
||||||
+ /*
|
|
||||||
+ * Make sure the first 2MB area is not mapped by huge pages
|
|
||||||
+ * There are typically fixed size MTRRs in there and overlapping
|
|
||||||
+ * MTRRs into large pages causes slow downs.
|
|
||||||
+ *
|
|
||||||
+ * Right now we don't do that with gbpages because there seems
|
|
||||||
+ * very little benefit for that case.
|
|
||||||
+ */
|
|
||||||
+ if (!direct_gbpages)
|
|
||||||
+ set_memory_4k((unsigned long)__va(0), 1);
|
|
||||||
+ } else {
|
|
||||||
+ fpu__init_check_bugs();
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
|
|
||||||
index 7c9b5893c30a..61dbb9b216e6 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/cpu.h
|
|
||||||
+++ b/arch/x86/kernel/cpu/cpu.h
|
|
||||||
@@ -79,6 +79,7 @@ extern void detect_ht(struct cpuinfo_x86 *c);
|
|
||||||
extern void check_null_seg_clears_base(struct cpuinfo_x86 *c);
|
|
||||||
|
|
||||||
unsigned int aperfmperf_get_khz(int cpu);
|
|
||||||
+void cpu_select_mitigations(void);
|
|
||||||
|
|
||||||
extern void x86_spec_ctrl_setup_ap(void);
|
|
||||||
extern void update_srbds_msr(void);
|
|
@ -1,82 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:25 +0200
|
|
||||||
Subject: [PATCH] ARM: cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.078124882@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit ee31bb0524a2e7c99b03f50249a411cc1eaa411f)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 57b198863efe8ec2e2c898f8f3d501734c18afb7)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/arm/Kconfig | 1 +
|
|
||||||
arch/arm/include/asm/bugs.h | 4 ----
|
|
||||||
arch/arm/kernel/bugs.c | 3 ++-
|
|
||||||
3 files changed, 3 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
|
|
||||||
index 1938a2a957bc..eac5314702b0 100644
|
|
||||||
--- a/arch/arm/Kconfig
|
|
||||||
+++ b/arch/arm/Kconfig
|
|
||||||
@@ -5,6 +5,7 @@ config ARM
|
|
||||||
select ARCH_32BIT_OFF_T
|
|
||||||
select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE if HAVE_KRETPROBES && FRAME_POINTER && !ARM_UNWIND
|
|
||||||
select ARCH_HAS_BINFMT_FLAT
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT if MMU
|
|
||||||
select ARCH_HAS_CURRENT_STACK_POINTER
|
|
||||||
select ARCH_HAS_DEBUG_VIRTUAL if MMU
|
|
||||||
select ARCH_HAS_DMA_WRITE_COMBINE if !ARM_DMA_MEM_BUFFERABLE
|
|
||||||
diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h
|
|
||||||
index 97a312ba0840..fe385551edec 100644
|
|
||||||
--- a/arch/arm/include/asm/bugs.h
|
|
||||||
+++ b/arch/arm/include/asm/bugs.h
|
|
||||||
@@ -1,7 +1,5 @@
|
|
||||||
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
||||||
/*
|
|
||||||
- * arch/arm/include/asm/bugs.h
|
|
||||||
- *
|
|
||||||
* Copyright (C) 1995-2003 Russell King
|
|
||||||
*/
|
|
||||||
#ifndef __ASM_BUGS_H
|
|
||||||
@@ -10,10 +8,8 @@
|
|
||||||
extern void check_writebuffer_bugs(void);
|
|
||||||
|
|
||||||
#ifdef CONFIG_MMU
|
|
||||||
-extern void check_bugs(void);
|
|
||||||
extern void check_other_bugs(void);
|
|
||||||
#else
|
|
||||||
-#define check_bugs() do { } while (0)
|
|
||||||
#define check_other_bugs() do { } while (0)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c
|
|
||||||
index 14c8dbbb7d2d..087bce6ec8e9 100644
|
|
||||||
--- a/arch/arm/kernel/bugs.c
|
|
||||||
+++ b/arch/arm/kernel/bugs.c
|
|
||||||
@@ -1,5 +1,6 @@
|
|
||||||
// SPDX-License-Identifier: GPL-2.0
|
|
||||||
#include <linux/init.h>
|
|
||||||
+#include <linux/cpu.h>
|
|
||||||
#include <asm/bugs.h>
|
|
||||||
#include <asm/proc-fns.h>
|
|
||||||
|
|
||||||
@@ -11,7 +12,7 @@ void check_other_bugs(void)
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
-void __init check_bugs(void)
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
{
|
|
||||||
check_writebuffer_bugs();
|
|
||||||
check_other_bugs();
|
|
@ -1,80 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:27 +0200
|
|
||||||
Subject: [PATCH] ia64/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.137045745@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 6c38e3005621800263f117fb00d6787a76e16de7)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 7b593af98529e22ee2b54dda992a205bd8935a97)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/ia64/Kconfig | 1 +
|
|
||||||
arch/ia64/include/asm/bugs.h | 20 --------------------
|
|
||||||
arch/ia64/kernel/setup.c | 3 +--
|
|
||||||
3 files changed, 2 insertions(+), 22 deletions(-)
|
|
||||||
delete mode 100644 arch/ia64/include/asm/bugs.h
|
|
||||||
|
|
||||||
diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
|
|
||||||
index d7e4a24e8644..25ebc90b3ec3 100644
|
|
||||||
--- a/arch/ia64/Kconfig
|
|
||||||
+++ b/arch/ia64/Kconfig
|
|
||||||
@@ -9,6 +9,7 @@ menu "Processor type and features"
|
|
||||||
config IA64
|
|
||||||
bool
|
|
||||||
select ARCH_BINFMT_ELF_EXTRA_PHDRS
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
select ARCH_HAS_DMA_MARK_CLEAN
|
|
||||||
select ARCH_HAS_STRNCPY_FROM_USER
|
|
||||||
select ARCH_HAS_STRNLEN_USER
|
|
||||||
diff --git a/arch/ia64/include/asm/bugs.h b/arch/ia64/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 0d6b9bded56c..000000000000
|
|
||||||
--- a/arch/ia64/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,20 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-/*
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
- * Needs:
|
|
||||||
- * void check_bugs(void);
|
|
||||||
- *
|
|
||||||
- * Based on <asm-alpha/bugs.h>.
|
|
||||||
- *
|
|
||||||
- * Modified 1998, 1999, 2003
|
|
||||||
- * David Mosberger-Tang <davidm@hpl.hp.com>, Hewlett-Packard Co.
|
|
||||||
- */
|
|
||||||
-#ifndef _ASM_IA64_BUGS_H
|
|
||||||
-#define _ASM_IA64_BUGS_H
|
|
||||||
-
|
|
||||||
-#include <asm/processor.h>
|
|
||||||
-
|
|
||||||
-extern void check_bugs (void);
|
|
||||||
-
|
|
||||||
-#endif /* _ASM_IA64_BUGS_H */
|
|
||||||
diff --git a/arch/ia64/kernel/setup.c b/arch/ia64/kernel/setup.c
|
|
||||||
index c05728044272..9009f1871e3b 100644
|
|
||||||
--- a/arch/ia64/kernel/setup.c
|
|
||||||
+++ b/arch/ia64/kernel/setup.c
|
|
||||||
@@ -1067,8 +1067,7 @@ cpu_init (void)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
-void __init
|
|
||||||
-check_bugs (void)
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
{
|
|
||||||
ia64_patch_mckinley_e9((unsigned long) __start___mckinley_e9_bundles,
|
|
||||||
(unsigned long) __end___mckinley_e9_bundles);
|
|
@ -1,89 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:30 +0200
|
|
||||||
Subject: [PATCH] m68k/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.254342916@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 9ceecc2589b9d7cef6b321339ed8de484eac4b20)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 51d4827f4d3adf26415b6447d88611a35738e062)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/m68k/Kconfig | 1 +
|
|
||||||
arch/m68k/include/asm/bugs.h | 21 ---------------------
|
|
||||||
arch/m68k/kernel/setup_mm.c | 3 ++-
|
|
||||||
3 files changed, 3 insertions(+), 22 deletions(-)
|
|
||||||
delete mode 100644 arch/m68k/include/asm/bugs.h
|
|
||||||
|
|
||||||
diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
|
|
||||||
index 7bff88118507..1fe5b2018745 100644
|
|
||||||
--- a/arch/m68k/Kconfig
|
|
||||||
+++ b/arch/m68k/Kconfig
|
|
||||||
@@ -4,6 +4,7 @@ config M68K
|
|
||||||
default y
|
|
||||||
select ARCH_32BIT_OFF_T
|
|
||||||
select ARCH_HAS_BINFMT_FLAT
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT if MMU
|
|
||||||
select ARCH_HAS_CURRENT_STACK_POINTER
|
|
||||||
select ARCH_HAS_DMA_PREP_COHERENT if HAS_DMA && MMU && !COLDFIRE
|
|
||||||
select ARCH_HAS_SYNC_DMA_FOR_DEVICE if HAS_DMA
|
|
||||||
diff --git a/arch/m68k/include/asm/bugs.h b/arch/m68k/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 745530651e0b..000000000000
|
|
||||||
--- a/arch/m68k/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,21 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-/*
|
|
||||||
- * include/asm-m68k/bugs.h
|
|
||||||
- *
|
|
||||||
- * Copyright (C) 1994 Linus Torvalds
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
- * Needs:
|
|
||||||
- * void check_bugs(void);
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#ifdef CONFIG_MMU
|
|
||||||
-extern void check_bugs(void); /* in arch/m68k/kernel/setup.c */
|
|
||||||
-#else
|
|
||||||
-static void check_bugs(void)
|
|
||||||
-{
|
|
||||||
-}
|
|
||||||
-#endif
|
|
||||||
diff --git a/arch/m68k/kernel/setup_mm.c b/arch/m68k/kernel/setup_mm.c
|
|
||||||
index fbff1cea62ca..6f1ae01f322c 100644
|
|
||||||
--- a/arch/m68k/kernel/setup_mm.c
|
|
||||||
+++ b/arch/m68k/kernel/setup_mm.c
|
|
||||||
@@ -10,6 +10,7 @@
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <linux/kernel.h>
|
|
||||||
+#include <linux/cpu.h>
|
|
||||||
#include <linux/mm.h>
|
|
||||||
#include <linux/sched.h>
|
|
||||||
#include <linux/delay.h>
|
|
||||||
@@ -504,7 +505,7 @@ static int __init proc_hardware_init(void)
|
|
||||||
module_init(proc_hardware_init);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-void check_bugs(void)
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
{
|
|
||||||
#if defined(CONFIG_FPU) && !defined(CONFIG_M68KFPU_EMU)
|
|
||||||
if (m68k_fputype == 0) {
|
|
@ -1,108 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:32 +0200
|
|
||||||
Subject: [PATCH] mips/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.312438573@linutronix.de
|
|
||||||
|
|
||||||
(backported from commit 7f066a22fe353a827a402ee2835e81f045b1574d)
|
|
||||||
[cascardo: only removed check_bugs from arch/mips/include/asm/bugs.h]
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 7753934cdd362695ffbc0f1db941ff6d4c72fa96)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/mips/Kconfig | 1 +
|
|
||||||
arch/mips/include/asm/bugs.h | 17 -----------------
|
|
||||||
arch/mips/kernel/setup.c | 13 +++++++++++++
|
|
||||||
3 files changed, 14 insertions(+), 17 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
|
|
||||||
index f11dda15aa54..fcf59a375c5b 100644
|
|
||||||
--- a/arch/mips/Kconfig
|
|
||||||
+++ b/arch/mips/Kconfig
|
|
||||||
@@ -4,6 +4,7 @@ config MIPS
|
|
||||||
default y
|
|
||||||
select ARCH_32BIT_OFF_T if !64BIT
|
|
||||||
select ARCH_BINFMT_ELF_STATE if MIPS_FP_SUPPORT
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
select ARCH_HAS_CURRENT_STACK_POINTER if !CC_IS_CLANG || CLANG_VERSION >= 140000
|
|
||||||
select ARCH_HAS_DEBUG_VIRTUAL if !64BIT
|
|
||||||
select ARCH_HAS_FORTIFY_SOURCE
|
|
||||||
diff --git a/arch/mips/include/asm/bugs.h b/arch/mips/include/asm/bugs.h
|
|
||||||
index d72dc6e1cf3c..8d4cf29861b8 100644
|
|
||||||
--- a/arch/mips/include/asm/bugs.h
|
|
||||||
+++ b/arch/mips/include/asm/bugs.h
|
|
||||||
@@ -1,17 +1,11 @@
|
|
||||||
/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
/*
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
* Copyright (C) 2007 Maciej W. Rozycki
|
|
||||||
- *
|
|
||||||
- * Needs:
|
|
||||||
- * void check_bugs(void);
|
|
||||||
*/
|
|
||||||
#ifndef _ASM_BUGS_H
|
|
||||||
#define _ASM_BUGS_H
|
|
||||||
|
|
||||||
#include <linux/bug.h>
|
|
||||||
-#include <linux/delay.h>
|
|
||||||
#include <linux/smp.h>
|
|
||||||
|
|
||||||
#include <asm/cpu.h>
|
|
||||||
@@ -30,17 +24,6 @@ static inline void check_bugs_early(void)
|
|
||||||
check_bugs64_early();
|
|
||||||
}
|
|
||||||
|
|
||||||
-static inline void check_bugs(void)
|
|
||||||
-{
|
|
||||||
- unsigned int cpu = smp_processor_id();
|
|
||||||
-
|
|
||||||
- cpu_data[cpu].udelay_val = loops_per_jiffy;
|
|
||||||
- check_bugs32();
|
|
||||||
-
|
|
||||||
- if (IS_ENABLED(CONFIG_CPU_R4X00_BUGS64))
|
|
||||||
- check_bugs64();
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
static inline int r4k_daddiu_bug(void)
|
|
||||||
{
|
|
||||||
if (!IS_ENABLED(CONFIG_CPU_R4X00_BUGS64))
|
|
||||||
diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c
|
|
||||||
index f1c88f8a1dc5..4d950f666ef6 100644
|
|
||||||
--- a/arch/mips/kernel/setup.c
|
|
||||||
+++ b/arch/mips/kernel/setup.c
|
|
||||||
@@ -11,6 +11,8 @@
|
|
||||||
* Copyright (C) 2000, 2001, 2002, 2007 Maciej W. Rozycki
|
|
||||||
*/
|
|
||||||
#include <linux/init.h>
|
|
||||||
+#include <linux/cpu.h>
|
|
||||||
+#include <linux/delay.h>
|
|
||||||
#include <linux/ioport.h>
|
|
||||||
#include <linux/export.h>
|
|
||||||
#include <linux/screen_info.h>
|
|
||||||
@@ -839,3 +841,14 @@ static int __init setnocoherentio(char *str)
|
|
||||||
}
|
|
||||||
early_param("nocoherentio", setnocoherentio);
|
|
||||||
#endif
|
|
||||||
+
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
+{
|
|
||||||
+ unsigned int cpu = smp_processor_id();
|
|
||||||
+
|
|
||||||
+ cpu_data[cpu].udelay_val = loops_per_jiffy;
|
|
||||||
+ check_bugs32();
|
|
||||||
+
|
|
||||||
+ if (IS_ENABLED(CONFIG_CPU_R4X00_BUGS64))
|
|
||||||
+ check_bugs64();
|
|
||||||
+}
|
|
@ -1,217 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:33 +0200
|
|
||||||
Subject: [PATCH] sh/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.371697797@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 01eb454e9bfe593f320ecbc9aaec60bf87cd453d)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 5228732d7ec3b9d13ee33b613dd3ed9c7f6a4695)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/sh/Kconfig | 1 +
|
|
||||||
arch/sh/include/asm/bugs.h | 74 ---------------------------------
|
|
||||||
arch/sh/include/asm/processor.h | 2 +
|
|
||||||
arch/sh/kernel/idle.c | 1 +
|
|
||||||
arch/sh/kernel/setup.c | 55 ++++++++++++++++++++++++
|
|
||||||
5 files changed, 59 insertions(+), 74 deletions(-)
|
|
||||||
delete mode 100644 arch/sh/include/asm/bugs.h
|
|
||||||
|
|
||||||
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
|
|
||||||
index 101a0d094a66..b0284730e761 100644
|
|
||||||
--- a/arch/sh/Kconfig
|
|
||||||
+++ b/arch/sh/Kconfig
|
|
||||||
@@ -7,6 +7,7 @@ config SUPERH
|
|
||||||
select ARCH_HAVE_CUSTOM_GPIO_H
|
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG if (GUSA_RB || CPU_SH4A)
|
|
||||||
select ARCH_HAS_BINFMT_FLAT if !MMU
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
select ARCH_HAS_CURRENT_STACK_POINTER
|
|
||||||
select ARCH_HAS_GIGANTIC_PAGE
|
|
||||||
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
||||||
diff --git a/arch/sh/include/asm/bugs.h b/arch/sh/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index fe52abb69cea..000000000000
|
|
||||||
--- a/arch/sh/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,74 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-#ifndef __ASM_SH_BUGS_H
|
|
||||||
-#define __ASM_SH_BUGS_H
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
- * Needs:
|
|
||||||
- * void check_bugs(void);
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * I don't know of any Super-H bugs yet.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#include <asm/processor.h>
|
|
||||||
-
|
|
||||||
-extern void select_idle_routine(void);
|
|
||||||
-
|
|
||||||
-static void __init check_bugs(void)
|
|
||||||
-{
|
|
||||||
- extern unsigned long loops_per_jiffy;
|
|
||||||
- char *p = &init_utsname()->machine[2]; /* "sh" */
|
|
||||||
-
|
|
||||||
- select_idle_routine();
|
|
||||||
-
|
|
||||||
- current_cpu_data.loops_per_jiffy = loops_per_jiffy;
|
|
||||||
-
|
|
||||||
- switch (current_cpu_data.family) {
|
|
||||||
- case CPU_FAMILY_SH2:
|
|
||||||
- *p++ = '2';
|
|
||||||
- break;
|
|
||||||
- case CPU_FAMILY_SH2A:
|
|
||||||
- *p++ = '2';
|
|
||||||
- *p++ = 'a';
|
|
||||||
- break;
|
|
||||||
- case CPU_FAMILY_SH3:
|
|
||||||
- *p++ = '3';
|
|
||||||
- break;
|
|
||||||
- case CPU_FAMILY_SH4:
|
|
||||||
- *p++ = '4';
|
|
||||||
- break;
|
|
||||||
- case CPU_FAMILY_SH4A:
|
|
||||||
- *p++ = '4';
|
|
||||||
- *p++ = 'a';
|
|
||||||
- break;
|
|
||||||
- case CPU_FAMILY_SH4AL_DSP:
|
|
||||||
- *p++ = '4';
|
|
||||||
- *p++ = 'a';
|
|
||||||
- *p++ = 'l';
|
|
||||||
- *p++ = '-';
|
|
||||||
- *p++ = 'd';
|
|
||||||
- *p++ = 's';
|
|
||||||
- *p++ = 'p';
|
|
||||||
- break;
|
|
||||||
- case CPU_FAMILY_UNKNOWN:
|
|
||||||
- /*
|
|
||||||
- * Specifically use CPU_FAMILY_UNKNOWN rather than
|
|
||||||
- * default:, so we're able to have the compiler whine
|
|
||||||
- * about unhandled enumerations.
|
|
||||||
- */
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- printk("CPU: %s\n", get_cpu_subtype(¤t_cpu_data));
|
|
||||||
-
|
|
||||||
-#ifndef __LITTLE_ENDIAN__
|
|
||||||
- /* 'eb' means 'Endian Big' */
|
|
||||||
- *p++ = 'e';
|
|
||||||
- *p++ = 'b';
|
|
||||||
-#endif
|
|
||||||
- *p = '\0';
|
|
||||||
-}
|
|
||||||
-#endif /* __ASM_SH_BUGS_H */
|
|
||||||
diff --git a/arch/sh/include/asm/processor.h b/arch/sh/include/asm/processor.h
|
|
||||||
index 85a6c1c3c16e..73fba7c922f9 100644
|
|
||||||
--- a/arch/sh/include/asm/processor.h
|
|
||||||
+++ b/arch/sh/include/asm/processor.h
|
|
||||||
@@ -166,6 +166,8 @@ extern unsigned int instruction_size(unsigned int insn);
|
|
||||||
#define instruction_size(insn) (2)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+void select_idle_routine(void);
|
|
||||||
+
|
|
||||||
#endif /* __ASSEMBLY__ */
|
|
||||||
|
|
||||||
#include <asm/processor_32.h>
|
|
||||||
diff --git a/arch/sh/kernel/idle.c b/arch/sh/kernel/idle.c
|
|
||||||
index f59814983bd5..a80b2a5b25c7 100644
|
|
||||||
--- a/arch/sh/kernel/idle.c
|
|
||||||
+++ b/arch/sh/kernel/idle.c
|
|
||||||
@@ -14,6 +14,7 @@
|
|
||||||
#include <linux/irqflags.h>
|
|
||||||
#include <linux/smp.h>
|
|
||||||
#include <linux/atomic.h>
|
|
||||||
+#include <asm/processor.h>
|
|
||||||
#include <asm/smp.h>
|
|
||||||
#include <asm/bl_bit.h>
|
|
||||||
|
|
||||||
diff --git a/arch/sh/kernel/setup.c b/arch/sh/kernel/setup.c
|
|
||||||
index af977ec4ca5e..cf7c0f72f293 100644
|
|
||||||
--- a/arch/sh/kernel/setup.c
|
|
||||||
+++ b/arch/sh/kernel/setup.c
|
|
||||||
@@ -43,6 +43,7 @@
|
|
||||||
#include <asm/smp.h>
|
|
||||||
#include <asm/mmu_context.h>
|
|
||||||
#include <asm/mmzone.h>
|
|
||||||
+#include <asm/processor.h>
|
|
||||||
#include <asm/sparsemem.h>
|
|
||||||
#include <asm/platform_early.h>
|
|
||||||
|
|
||||||
@@ -354,3 +355,57 @@ int test_mode_pin(int pin)
|
|
||||||
{
|
|
||||||
return sh_mv.mv_mode_pins() & pin;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
+{
|
|
||||||
+ char *p = &init_utsname()->machine[2]; /* "sh" */
|
|
||||||
+
|
|
||||||
+ select_idle_routine();
|
|
||||||
+
|
|
||||||
+ current_cpu_data.loops_per_jiffy = loops_per_jiffy;
|
|
||||||
+
|
|
||||||
+ switch (current_cpu_data.family) {
|
|
||||||
+ case CPU_FAMILY_SH2:
|
|
||||||
+ *p++ = '2';
|
|
||||||
+ break;
|
|
||||||
+ case CPU_FAMILY_SH2A:
|
|
||||||
+ *p++ = '2';
|
|
||||||
+ *p++ = 'a';
|
|
||||||
+ break;
|
|
||||||
+ case CPU_FAMILY_SH3:
|
|
||||||
+ *p++ = '3';
|
|
||||||
+ break;
|
|
||||||
+ case CPU_FAMILY_SH4:
|
|
||||||
+ *p++ = '4';
|
|
||||||
+ break;
|
|
||||||
+ case CPU_FAMILY_SH4A:
|
|
||||||
+ *p++ = '4';
|
|
||||||
+ *p++ = 'a';
|
|
||||||
+ break;
|
|
||||||
+ case CPU_FAMILY_SH4AL_DSP:
|
|
||||||
+ *p++ = '4';
|
|
||||||
+ *p++ = 'a';
|
|
||||||
+ *p++ = 'l';
|
|
||||||
+ *p++ = '-';
|
|
||||||
+ *p++ = 'd';
|
|
||||||
+ *p++ = 's';
|
|
||||||
+ *p++ = 'p';
|
|
||||||
+ break;
|
|
||||||
+ case CPU_FAMILY_UNKNOWN:
|
|
||||||
+ /*
|
|
||||||
+ * Specifically use CPU_FAMILY_UNKNOWN rather than
|
|
||||||
+ * default:, so we're able to have the compiler whine
|
|
||||||
+ * about unhandled enumerations.
|
|
||||||
+ */
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ pr_info("CPU: %s\n", get_cpu_subtype(¤t_cpu_data));
|
|
||||||
+
|
|
||||||
+#ifndef __LITTLE_ENDIAN__
|
|
||||||
+ /* 'eb' means 'Endian Big' */
|
|
||||||
+ *p++ = 'e';
|
|
||||||
+ *p++ = 'b';
|
|
||||||
+#endif
|
|
||||||
+ *p = '\0';
|
|
||||||
+}
|
|
@ -1,80 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:35 +0200
|
|
||||||
Subject: [PATCH] sparc/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.431995857@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 44ade508e3bfac45ae97864587de29eb1a881ec0)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 5f02f99c6d6fd4f2c7b77f6d01bac14cc6fae2f6)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/sparc/Kconfig | 1 +
|
|
||||||
arch/sparc/include/asm/bugs.h | 18 ------------------
|
|
||||||
arch/sparc/kernel/setup_32.c | 7 +++++++
|
|
||||||
3 files changed, 8 insertions(+), 18 deletions(-)
|
|
||||||
delete mode 100644 arch/sparc/include/asm/bugs.h
|
|
||||||
|
|
||||||
diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
|
|
||||||
index dbb1760cbe8c..b67d96e3392e 100644
|
|
||||||
--- a/arch/sparc/Kconfig
|
|
||||||
+++ b/arch/sparc/Kconfig
|
|
||||||
@@ -51,6 +51,7 @@ config SPARC
|
|
||||||
config SPARC32
|
|
||||||
def_bool !64BIT
|
|
||||||
select ARCH_32BIT_OFF_T
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT if !SMP
|
|
||||||
select ARCH_HAS_SYNC_DMA_FOR_CPU
|
|
||||||
select CLZ_TAB
|
|
||||||
select DMA_DIRECT_REMAP
|
|
||||||
diff --git a/arch/sparc/include/asm/bugs.h b/arch/sparc/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 02fa369b9c21..000000000000
|
|
||||||
--- a/arch/sparc/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,18 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-/* include/asm/bugs.h: Sparc probes for various bugs.
|
|
||||||
- *
|
|
||||||
- * Copyright (C) 1996, 2007 David S. Miller (davem@davemloft.net)
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#ifdef CONFIG_SPARC32
|
|
||||||
-#include <asm/cpudata.h>
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-extern unsigned long loops_per_jiffy;
|
|
||||||
-
|
|
||||||
-static void __init check_bugs(void)
|
|
||||||
-{
|
|
||||||
-#if defined(CONFIG_SPARC32) && !defined(CONFIG_SMP)
|
|
||||||
- cpu_data(0).udelay_val = loops_per_jiffy;
|
|
||||||
-#endif
|
|
||||||
-}
|
|
||||||
diff --git a/arch/sparc/kernel/setup_32.c b/arch/sparc/kernel/setup_32.c
|
|
||||||
index c8e0dd99f370..c9d1ba4f311b 100644
|
|
||||||
--- a/arch/sparc/kernel/setup_32.c
|
|
||||||
+++ b/arch/sparc/kernel/setup_32.c
|
|
||||||
@@ -412,3 +412,10 @@ static int __init topology_init(void)
|
|
||||||
}
|
|
||||||
|
|
||||||
subsys_initcall(topology_init);
|
|
||||||
+
|
|
||||||
+#if defined(CONFIG_SPARC32) && !defined(CONFIG_SMP)
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
+{
|
|
||||||
+ cpu_data(0).udelay_val = loops_per_jiffy;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
@ -1,75 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:36 +0200
|
|
||||||
Subject: [PATCH] um/cpu: Switch to arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
check_bugs() is about to be phased out. Switch over to the new
|
|
||||||
arch_cpu_finalize_init() implementation.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Acked-by: Richard Weinberger <richard@nod.at>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.493148694@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 9349b5cd0908f8afe95529fc7a8cbb1417df9b0c)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 37d44a1fca2e73fabeaf042a5bcdff3bd8e03224)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/um/Kconfig | 1 +
|
|
||||||
arch/um/include/asm/bugs.h | 7 -------
|
|
||||||
arch/um/kernel/um_arch.c | 3 ++-
|
|
||||||
3 files changed, 3 insertions(+), 8 deletions(-)
|
|
||||||
delete mode 100644 arch/um/include/asm/bugs.h
|
|
||||||
|
|
||||||
diff --git a/arch/um/Kconfig b/arch/um/Kconfig
|
|
||||||
index ad4ff3b0e91e..82709bc36df7 100644
|
|
||||||
--- a/arch/um/Kconfig
|
|
||||||
+++ b/arch/um/Kconfig
|
|
||||||
@@ -6,6 +6,7 @@ config UML
|
|
||||||
bool
|
|
||||||
default y
|
|
||||||
select ARCH_EPHEMERAL_INODES
|
|
||||||
+ select ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
select ARCH_HAS_FORTIFY_SOURCE
|
|
||||||
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
||||||
select ARCH_HAS_KCOV
|
|
||||||
diff --git a/arch/um/include/asm/bugs.h b/arch/um/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 4473942a0839..000000000000
|
|
||||||
--- a/arch/um/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,7 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-#ifndef __UM_BUGS_H
|
|
||||||
-#define __UM_BUGS_H
|
|
||||||
-
|
|
||||||
-void check_bugs(void);
|
|
||||||
-
|
|
||||||
-#endif
|
|
||||||
diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c
|
|
||||||
index 786b44dc20c9..664f477fe084 100644
|
|
||||||
--- a/arch/um/kernel/um_arch.c
|
|
||||||
+++ b/arch/um/kernel/um_arch.c
|
|
||||||
@@ -3,6 +3,7 @@
|
|
||||||
* Copyright (C) 2000 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
|
|
||||||
*/
|
|
||||||
|
|
||||||
+#include <linux/cpu.h>
|
|
||||||
#include <linux/delay.h>
|
|
||||||
#include <linux/init.h>
|
|
||||||
#include <linux/mm.h>
|
|
||||||
@@ -426,7 +427,7 @@ void __init setup_arch(char **cmdline_p)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
-void __init check_bugs(void)
|
|
||||||
+void __init arch_cpu_finalize_init(void)
|
|
||||||
{
|
|
||||||
arch_check_bugs();
|
|
||||||
os_check_bugs();
|
|
@ -1,172 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:38 +0200
|
|
||||||
Subject: [PATCH] init: Remove check_bugs() leftovers
|
|
||||||
|
|
||||||
Everything is converted over to arch_cpu_finalize_init(). Remove the
|
|
||||||
check_bugs() leftovers including the empty stubs in asm-generic, alpha,
|
|
||||||
parisc, powerpc and xtensa.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.553215951@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 61235b24b9cb37c13fcad5b9596d59a1afdcec30)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit f6914d2bea4df361881adc56f02dde9bddfa1b0a)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/alpha/include/asm/bugs.h | 20 --------------------
|
|
||||||
arch/parisc/include/asm/bugs.h | 20 --------------------
|
|
||||||
arch/powerpc/include/asm/bugs.h | 15 ---------------
|
|
||||||
arch/xtensa/include/asm/bugs.h | 18 ------------------
|
|
||||||
include/asm-generic/bugs.h | 11 -----------
|
|
||||||
init/main.c | 5 -----
|
|
||||||
6 files changed, 89 deletions(-)
|
|
||||||
delete mode 100644 arch/alpha/include/asm/bugs.h
|
|
||||||
delete mode 100644 arch/parisc/include/asm/bugs.h
|
|
||||||
delete mode 100644 arch/powerpc/include/asm/bugs.h
|
|
||||||
delete mode 100644 arch/xtensa/include/asm/bugs.h
|
|
||||||
delete mode 100644 include/asm-generic/bugs.h
|
|
||||||
|
|
||||||
diff --git a/arch/alpha/include/asm/bugs.h b/arch/alpha/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 78030d1c7e7e..000000000000
|
|
||||||
--- a/arch/alpha/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,20 +0,0 @@
|
|
||||||
-/*
|
|
||||||
- * include/asm-alpha/bugs.h
|
|
||||||
- *
|
|
||||||
- * Copyright (C) 1994 Linus Torvalds
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
- * Needs:
|
|
||||||
- * void check_bugs(void);
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * I don't know of any alpha bugs yet.. Nice chip
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-static void check_bugs(void)
|
|
||||||
-{
|
|
||||||
-}
|
|
||||||
diff --git a/arch/parisc/include/asm/bugs.h b/arch/parisc/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 0a7f9db6bd1c..000000000000
|
|
||||||
--- a/arch/parisc/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,20 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-/*
|
|
||||||
- * include/asm-parisc/bugs.h
|
|
||||||
- *
|
|
||||||
- * Copyright (C) 1999 Mike Shaver
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
- * Needs:
|
|
||||||
- * void check_bugs(void);
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#include <asm/processor.h>
|
|
||||||
-
|
|
||||||
-static inline void check_bugs(void)
|
|
||||||
-{
|
|
||||||
-// identify_cpu(&boot_cpu_data);
|
|
||||||
-}
|
|
||||||
diff --git a/arch/powerpc/include/asm/bugs.h b/arch/powerpc/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 01b8f6ca4dbb..000000000000
|
|
||||||
--- a/arch/powerpc/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,15 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
||||||
-#ifndef _ASM_POWERPC_BUGS_H
|
|
||||||
-#define _ASM_POWERPC_BUGS_H
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * This file is included by 'init/main.c' to check for
|
|
||||||
- * architecture-dependent bugs.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-static inline void check_bugs(void) { }
|
|
||||||
-
|
|
||||||
-#endif /* _ASM_POWERPC_BUGS_H */
|
|
||||||
diff --git a/arch/xtensa/include/asm/bugs.h b/arch/xtensa/include/asm/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 69b29d198249..000000000000
|
|
||||||
--- a/arch/xtensa/include/asm/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,18 +0,0 @@
|
|
||||||
-/*
|
|
||||||
- * include/asm-xtensa/bugs.h
|
|
||||||
- *
|
|
||||||
- * This is included by init/main.c to check for architecture-dependent bugs.
|
|
||||||
- *
|
|
||||||
- * Xtensa processors don't have any bugs. :)
|
|
||||||
- *
|
|
||||||
- * This file is subject to the terms and conditions of the GNU General
|
|
||||||
- * Public License. See the file "COPYING" in the main directory of
|
|
||||||
- * this archive for more details.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#ifndef _XTENSA_BUGS_H
|
|
||||||
-#define _XTENSA_BUGS_H
|
|
||||||
-
|
|
||||||
-static void check_bugs(void) { }
|
|
||||||
-
|
|
||||||
-#endif /* _XTENSA_BUGS_H */
|
|
||||||
diff --git a/include/asm-generic/bugs.h b/include/asm-generic/bugs.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 69021830f078..000000000000
|
|
||||||
--- a/include/asm-generic/bugs.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,11 +0,0 @@
|
|
||||||
-/* SPDX-License-Identifier: GPL-2.0 */
|
|
||||||
-#ifndef __ASM_GENERIC_BUGS_H
|
|
||||||
-#define __ASM_GENERIC_BUGS_H
|
|
||||||
-/*
|
|
||||||
- * This file is included by 'init/main.c' to check for
|
|
||||||
- * architecture-dependent bugs.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-static inline void check_bugs(void) { }
|
|
||||||
-
|
|
||||||
-#endif /* __ASM_GENERIC_BUGS_H */
|
|
||||||
diff --git a/init/main.c b/init/main.c
|
|
||||||
index e39055c8698f..0370df27746f 100644
|
|
||||||
--- a/init/main.c
|
|
||||||
+++ b/init/main.c
|
|
||||||
@@ -104,7 +104,6 @@
|
|
||||||
#include <net/net_namespace.h>
|
|
||||||
|
|
||||||
#include <asm/io.h>
|
|
||||||
-#include <asm/bugs.h>
|
|
||||||
#include <asm/setup.h>
|
|
||||||
#include <asm/sections.h>
|
|
||||||
#include <asm/cacheflush.h>
|
|
||||||
@@ -1139,10 +1138,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
|
|
||||||
delayacct_init();
|
|
||||||
|
|
||||||
arch_cpu_finalize_init();
|
|
||||||
- /* Temporary conditional until everything has been converted */
|
|
||||||
-#ifndef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT
|
|
||||||
- check_bugs();
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
acpi_subsystem_init();
|
|
||||||
arch_post_acpi_subsys_init();
|
|
@ -1,64 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:39 +0200
|
|
||||||
Subject: [PATCH] init: Invoke arch_cpu_finalize_init() earlier
|
|
||||||
|
|
||||||
X86 is reworking the boot process so that initializations which are not
|
|
||||||
required during early boot can be moved into the late boot process and out
|
|
||||||
of the fragile and restricted initial boot phase.
|
|
||||||
|
|
||||||
arch_cpu_finalize_init() is the obvious place to do such initializations,
|
|
||||||
but arch_cpu_finalize_init() is invoked too late in start_kernel() e.g. for
|
|
||||||
initializing the FPU completely. fork_init() requires that the FPU is
|
|
||||||
initialized as the size of task_struct on X86 depends on the size of the
|
|
||||||
required FPU register buffer.
|
|
||||||
|
|
||||||
Fortunately none of the init calls between calibrate_delay() and
|
|
||||||
arch_cpu_finalize_init() is relevant for the functionality of
|
|
||||||
arch_cpu_finalize_init().
|
|
||||||
|
|
||||||
Invoke it right after calibrate_delay() where everything which is relevant
|
|
||||||
for arch_cpu_finalize_init() has been set up already.
|
|
||||||
|
|
||||||
No functional change intended.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.612182854@linutronix.de
|
|
||||||
|
|
||||||
(backported from commit 9df9d2f0471b4c4702670380b8d8a45b40b23a7d)
|
|
||||||
[cascardo: fixed conflict due to call to mem_encrypt_init]
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 919915fc47211940789c8bde231b2f15d1b8d427)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
init/main.c | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/init/main.c b/init/main.c
|
|
||||||
index 0370df27746f..967584e8c3af 100644
|
|
||||||
--- a/init/main.c
|
|
||||||
+++ b/init/main.c
|
|
||||||
@@ -1111,6 +1111,9 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
|
|
||||||
late_time_init();
|
|
||||||
sched_clock_init();
|
|
||||||
calibrate_delay();
|
|
||||||
+
|
|
||||||
+ arch_cpu_finalize_init();
|
|
||||||
+
|
|
||||||
pid_idr_init();
|
|
||||||
anon_vma_init();
|
|
||||||
#ifdef CONFIG_X86
|
|
||||||
@@ -1137,8 +1140,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
|
|
||||||
taskstats_init_early();
|
|
||||||
delayacct_init();
|
|
||||||
|
|
||||||
- arch_cpu_finalize_init();
|
|
||||||
-
|
|
||||||
acpi_subsystem_init();
|
|
||||||
arch_post_acpi_subsys_init();
|
|
||||||
kcsan_init();
|
|
@ -1,121 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:41 +0200
|
|
||||||
Subject: [PATCH] init, x86: Move mem_encrypt_init() into
|
|
||||||
arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
Invoke the X86ism mem_encrypt_init() from X86 arch_cpu_finalize_init() and
|
|
||||||
remove the weak fallback from the core code.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.670360645@linutronix.de
|
|
||||||
|
|
||||||
(backported from commit 439e17576eb47f26b78c5bbc72e344d4206d2327)
|
|
||||||
[cascardo: really remove mem_encrypt_init from init/main.c]
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 439b49f26bc9ee74a3ac4b356c12d41f68c49cbd)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/include/asm/mem_encrypt.h | 7 ++++---
|
|
||||||
arch/x86/kernel/cpu/common.c | 11 +++++++++++
|
|
||||||
init/main.c | 11 -----------
|
|
||||||
3 files changed, 15 insertions(+), 14 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
|
|
||||||
index 72ca90552b6a..a95914f479b8 100644
|
|
||||||
--- a/arch/x86/include/asm/mem_encrypt.h
|
|
||||||
+++ b/arch/x86/include/asm/mem_encrypt.h
|
|
||||||
@@ -51,6 +51,8 @@ void __init mem_encrypt_free_decrypted_mem(void);
|
|
||||||
|
|
||||||
void __init sev_es_init_vc_handling(void);
|
|
||||||
|
|
||||||
+void __init mem_encrypt_init(void);
|
|
||||||
+
|
|
||||||
#define __bss_decrypted __section(".bss..decrypted")
|
|
||||||
|
|
||||||
#else /* !CONFIG_AMD_MEM_ENCRYPT */
|
|
||||||
@@ -82,13 +84,12 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}
|
|
||||||
|
|
||||||
static inline void mem_encrypt_free_decrypted_mem(void) { }
|
|
||||||
|
|
||||||
+static inline void mem_encrypt_init(void) { }
|
|
||||||
+
|
|
||||||
#define __bss_decrypted
|
|
||||||
|
|
||||||
#endif /* CONFIG_AMD_MEM_ENCRYPT */
|
|
||||||
|
|
||||||
-/* Architecture __weak replacement functions */
|
|
||||||
-void __init mem_encrypt_init(void);
|
|
||||||
-
|
|
||||||
void add_encrypt_protection_map(void);
|
|
||||||
|
|
||||||
/*
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 0f32ecfbdeb1..637817d0d819 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -18,6 +18,7 @@
|
|
||||||
#include <linux/init.h>
|
|
||||||
#include <linux/kprobes.h>
|
|
||||||
#include <linux/kgdb.h>
|
|
||||||
+#include <linux/mem_encrypt.h>
|
|
||||||
#include <linux/smp.h>
|
|
||||||
#include <linux/cpu.h>
|
|
||||||
#include <linux/io.h>
|
|
||||||
@@ -2412,4 +2413,14 @@ void __init arch_cpu_finalize_init(void)
|
|
||||||
} else {
|
|
||||||
fpu__init_check_bugs();
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * This needs to be called before any devices perform DMA
|
|
||||||
+ * operations that might use the SWIOTLB bounce buffers. It will
|
|
||||||
+ * mark the bounce buffers as decrypted so that their usage will
|
|
||||||
+ * not cause "plain-text" data to be decrypted when accessed. It
|
|
||||||
+ * must be called after late_time_init() so that Hyper-V x86/x64
|
|
||||||
+ * hypercalls work when the SWIOTLB bounce buffers are decrypted.
|
|
||||||
+ */
|
|
||||||
+ mem_encrypt_init();
|
|
||||||
}
|
|
||||||
diff --git a/init/main.c b/init/main.c
|
|
||||||
index 967584e8c3af..7533b4da4fb2 100644
|
|
||||||
--- a/init/main.c
|
|
||||||
+++ b/init/main.c
|
|
||||||
@@ -96,7 +96,6 @@
|
|
||||||
#include <linux/cache.h>
|
|
||||||
#include <linux/rodata_test.h>
|
|
||||||
#include <linux/jump_label.h>
|
|
||||||
-#include <linux/mem_encrypt.h>
|
|
||||||
#include <linux/kcsan.h>
|
|
||||||
#include <linux/init_syscalls.h>
|
|
||||||
#include <linux/stackdepot.h>
|
|
||||||
@@ -783,8 +782,6 @@ void __init __weak thread_stack_cache_init(void)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-void __init __weak mem_encrypt_init(void) { }
|
|
||||||
-
|
|
||||||
void __init __weak poking_init(void) { }
|
|
||||||
|
|
||||||
void __init __weak pgtable_cache_init(void) { }
|
|
||||||
@@ -1087,14 +1084,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
|
|
||||||
*/
|
|
||||||
locking_selftest();
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * This needs to be called before any devices perform DMA
|
|
||||||
- * operations that might use the SWIOTLB bounce buffers. It will
|
|
||||||
- * mark the bounce buffers as decrypted so that their usage will
|
|
||||||
- * not cause "plain-text" data to be decrypted when accessed.
|
|
||||||
- */
|
|
||||||
- mem_encrypt_init();
|
|
||||||
-
|
|
||||||
#ifdef CONFIG_BLK_DEV_INITRD
|
|
||||||
if (initrd_start && !initrd_below_start_ok &&
|
|
||||||
page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) {
|
|
@ -1,81 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:42 +0200
|
|
||||||
Subject: [PATCH] x86/init: Initialize signal frame size late
|
|
||||||
|
|
||||||
No point in doing this during really early boot. Move it to an early
|
|
||||||
initcall so that it is set up before possible user mode helpers are started
|
|
||||||
during device initialization.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.727330699@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 54d9a91a3d6713d1332e93be13b4eaf0fa54349d)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit cae51198acf57beecfe60bd11710d15b0f0a2856)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/include/asm/sigframe.h | 2 --
|
|
||||||
arch/x86/kernel/cpu/common.c | 3 ---
|
|
||||||
arch/x86/kernel/signal.c | 4 +++-
|
|
||||||
3 files changed, 3 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/sigframe.h b/arch/x86/include/asm/sigframe.h
|
|
||||||
index 5b1ed650b124..84eab2724875 100644
|
|
||||||
--- a/arch/x86/include/asm/sigframe.h
|
|
||||||
+++ b/arch/x86/include/asm/sigframe.h
|
|
||||||
@@ -85,6 +85,4 @@ struct rt_sigframe_x32 {
|
|
||||||
|
|
||||||
#endif /* CONFIG_X86_64 */
|
|
||||||
|
|
||||||
-void __init init_sigframe_size(void);
|
|
||||||
-
|
|
||||||
#endif /* _ASM_X86_SIGFRAME_H */
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 637817d0d819..256083661fb2 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -64,7 +64,6 @@
|
|
||||||
#include <asm/cpu_device_id.h>
|
|
||||||
#include <asm/uv/uv.h>
|
|
||||||
#include <asm/set_memory.h>
|
|
||||||
-#include <asm/sigframe.h>
|
|
||||||
#include <asm/traps.h>
|
|
||||||
#include <asm/sev.h>
|
|
||||||
|
|
||||||
@@ -1599,8 +1598,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
|
|
||||||
|
|
||||||
fpu__init_system(c);
|
|
||||||
|
|
||||||
- init_sigframe_size();
|
|
||||||
-
|
|
||||||
#ifdef CONFIG_X86_32
|
|
||||||
/*
|
|
||||||
* Regardless of whether PCID is enumerated, the SDM says
|
|
||||||
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
|
|
||||||
index 004cb30b7419..cfeec3ee877e 100644
|
|
||||||
--- a/arch/x86/kernel/signal.c
|
|
||||||
+++ b/arch/x86/kernel/signal.c
|
|
||||||
@@ -182,7 +182,7 @@ get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size,
|
|
||||||
static unsigned long __ro_after_init max_frame_size;
|
|
||||||
static unsigned int __ro_after_init fpu_default_state_size;
|
|
||||||
|
|
||||||
-void __init init_sigframe_size(void)
|
|
||||||
+static int __init init_sigframe_size(void)
|
|
||||||
{
|
|
||||||
fpu_default_state_size = fpu__get_fpstate_size();
|
|
||||||
|
|
||||||
@@ -194,7 +194,9 @@ void __init init_sigframe_size(void)
|
|
||||||
max_frame_size = round_up(max_frame_size, FRAME_ALIGNMENT);
|
|
||||||
|
|
||||||
pr_info("max sigframe size: %lu\n", max_frame_size);
|
|
||||||
+ return 0;
|
|
||||||
}
|
|
||||||
+early_initcall(init_sigframe_size);
|
|
||||||
|
|
||||||
unsigned long get_sigframe_size(void)
|
|
||||||
{
|
|
@ -1,76 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:43 +0200
|
|
||||||
Subject: [PATCH] x86/fpu: Remove cpuinfo argument from init functions
|
|
||||||
|
|
||||||
Nothing in the call chain requires it
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.783704297@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 1f34bb2a24643e0087652d81078e4f616562738d)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit df2f3fc430e187551eb4aaa14aa21640d7ef44ca)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/include/asm/fpu/api.h | 2 +-
|
|
||||||
arch/x86/kernel/cpu/common.c | 2 +-
|
|
||||||
arch/x86/kernel/fpu/init.c | 6 +++---
|
|
||||||
3 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h
|
|
||||||
index 503a577814b2..b475d9a582b8 100644
|
|
||||||
--- a/arch/x86/include/asm/fpu/api.h
|
|
||||||
+++ b/arch/x86/include/asm/fpu/api.h
|
|
||||||
@@ -109,7 +109,7 @@ extern void fpu_reset_from_exception_fixup(void);
|
|
||||||
|
|
||||||
/* Boot, hotplug and resume */
|
|
||||||
extern void fpu__init_cpu(void);
|
|
||||||
-extern void fpu__init_system(struct cpuinfo_x86 *c);
|
|
||||||
+extern void fpu__init_system(void);
|
|
||||||
extern void fpu__init_check_bugs(void);
|
|
||||||
extern void fpu__resume_cpu(void);
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 256083661fb2..794eb851cb0d 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -1596,7 +1596,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
|
|
||||||
|
|
||||||
sld_setup(c);
|
|
||||||
|
|
||||||
- fpu__init_system(c);
|
|
||||||
+ fpu__init_system();
|
|
||||||
|
|
||||||
#ifdef CONFIG_X86_32
|
|
||||||
/*
|
|
||||||
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
|
|
||||||
index 851eb13edc01..5001df943828 100644
|
|
||||||
--- a/arch/x86/kernel/fpu/init.c
|
|
||||||
+++ b/arch/x86/kernel/fpu/init.c
|
|
||||||
@@ -71,7 +71,7 @@ static bool fpu__probe_without_cpuid(void)
|
|
||||||
return fsw == 0 && (fcw & 0x103f) == 0x003f;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void fpu__init_system_early_generic(struct cpuinfo_x86 *c)
|
|
||||||
+static void fpu__init_system_early_generic(void)
|
|
||||||
{
|
|
||||||
if (!boot_cpu_has(X86_FEATURE_CPUID) &&
|
|
||||||
!test_bit(X86_FEATURE_FPU, (unsigned long *)cpu_caps_cleared)) {
|
|
||||||
@@ -211,10 +211,10 @@ static void __init fpu__init_system_xstate_size_legacy(void)
|
|
||||||
* Called on the boot CPU once per system bootup, to set up the initial
|
|
||||||
* FPU state that is later cloned into all processes:
|
|
||||||
*/
|
|
||||||
-void __init fpu__init_system(struct cpuinfo_x86 *c)
|
|
||||||
+void __init fpu__init_system(void)
|
|
||||||
{
|
|
||||||
fpstate_reset(¤t->thread.fpu);
|
|
||||||
- fpu__init_system_early_generic(c);
|
|
||||||
+ fpu__init_system_early_generic();
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The FPU has to be operational for some of the
|
|
@ -1,44 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:45 +0200
|
|
||||||
Subject: [PATCH] x86/fpu: Mark init functions __init
|
|
||||||
|
|
||||||
No point in keeping them around.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.841685728@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit 1703db2b90c91b2eb2d699519fc505fe431dde0e)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 368569c00f730c2f530d3d5431fd3fe8ca81cba3)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/kernel/fpu/init.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
|
|
||||||
index 5001df943828..998a08f17e33 100644
|
|
||||||
--- a/arch/x86/kernel/fpu/init.c
|
|
||||||
+++ b/arch/x86/kernel/fpu/init.c
|
|
||||||
@@ -53,7 +53,7 @@ void fpu__init_cpu(void)
|
|
||||||
fpu__init_cpu_xstate();
|
|
||||||
}
|
|
||||||
|
|
||||||
-static bool fpu__probe_without_cpuid(void)
|
|
||||||
+static bool __init fpu__probe_without_cpuid(void)
|
|
||||||
{
|
|
||||||
unsigned long cr0;
|
|
||||||
u16 fsw, fcw;
|
|
||||||
@@ -71,7 +71,7 @@ static bool fpu__probe_without_cpuid(void)
|
|
||||||
return fsw == 0 && (fcw & 0x103f) == 0x003f;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void fpu__init_system_early_generic(void)
|
|
||||||
+static void __init fpu__init_system_early_generic(void)
|
|
||||||
{
|
|
||||||
if (!boot_cpu_has(X86_FEATURE_CPUID) &&
|
|
||||||
!test_bit(X86_FEATURE_FPU, (unsigned long *)cpu_caps_cleared)) {
|
|
@ -1,80 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Wed, 14 Jun 2023 01:39:46 +0200
|
|
||||||
Subject: [PATCH] x86/fpu: Move FPU initialization into
|
|
||||||
arch_cpu_finalize_init()
|
|
||||||
|
|
||||||
Initializing the FPU during the early boot process is a pointless
|
|
||||||
exercise. Early boot is convoluted and fragile enough.
|
|
||||||
|
|
||||||
Nothing requires that the FPU is set up early. It has to be initialized
|
|
||||||
before fork_init() because the task_struct size depends on the FPU register
|
|
||||||
buffer size.
|
|
||||||
|
|
||||||
Move the initialization to arch_cpu_finalize_init() which is the perfect
|
|
||||||
place to do so.
|
|
||||||
|
|
||||||
No functional change.
|
|
||||||
|
|
||||||
This allows to remove quite some of the custom early command line parsing,
|
|
||||||
but that's subject to the next installment.
|
|
||||||
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230613224545.902376621@linutronix.de
|
|
||||||
|
|
||||||
(cherry picked from commit b81fac906a8f9e682e513ddd95697ec7a20878d4)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 010f3814ec351195c9d0a9a408798f9c66fdb906)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/kernel/cpu/common.c | 12 ++++++++----
|
|
||||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 794eb851cb0d..9b53d1cb424d 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -1596,8 +1596,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
|
|
||||||
|
|
||||||
sld_setup(c);
|
|
||||||
|
|
||||||
- fpu__init_system();
|
|
||||||
-
|
|
||||||
#ifdef CONFIG_X86_32
|
|
||||||
/*
|
|
||||||
* Regardless of whether PCID is enumerated, the SDM says
|
|
||||||
@@ -2283,8 +2281,6 @@ void cpu_init(void)
|
|
||||||
|
|
||||||
doublefault_init_cpu_tss();
|
|
||||||
|
|
||||||
- fpu__init_cpu();
|
|
||||||
-
|
|
||||||
if (is_uv_system())
|
|
||||||
uv_cpu_init();
|
|
||||||
|
|
||||||
@@ -2300,6 +2296,7 @@ void cpu_init_secondary(void)
|
|
||||||
*/
|
|
||||||
cpu_init_exception_handling();
|
|
||||||
cpu_init();
|
|
||||||
+ fpu__init_cpu();
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@@ -2394,6 +2391,13 @@ void __init arch_cpu_finalize_init(void)
|
|
||||||
'0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * Must be before alternatives because it might set or clear
|
|
||||||
+ * feature bits.
|
|
||||||
+ */
|
|
||||||
+ fpu__init_system();
|
|
||||||
+ fpu__init_cpu();
|
|
||||||
+
|
|
||||||
alternative_instructions();
|
|
||||||
|
|
||||||
if (IS_ENABLED(CONFIG_X86_64)) {
|
|
@ -1,69 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Date: Fri, 16 Jun 2023 22:15:31 +0200
|
|
||||||
Subject: [PATCH] x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
|
|
||||||
|
|
||||||
Moving mem_encrypt_init() broke the AMD_MEM_ENCRYPT=n because the
|
|
||||||
declaration of that function was under #ifdef CONFIG_AMD_MEM_ENCRYPT and
|
|
||||||
the obvious placement for the inline stub was the #else path.
|
|
||||||
|
|
||||||
This is a leftover of commit 20f07a044a76 ("x86/sev: Move common memory
|
|
||||||
encryption code to mem_encrypt.c") which made mem_encrypt_init() depend on
|
|
||||||
X86_MEM_ENCRYPT without moving the prototype. That did not fail back then
|
|
||||||
because there was no stub inline as the core init code had a weak function.
|
|
||||||
|
|
||||||
Move both the declaration and the stub out of the CONFIG_AMD_MEM_ENCRYPT
|
|
||||||
section and guard it with CONFIG_X86_MEM_ENCRYPT.
|
|
||||||
|
|
||||||
Fixes: 439e17576eb4 ("init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()")
|
|
||||||
Reported-by: kernel test robot <lkp@intel.com>
|
|
||||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Closes: https://lore.kernel.org/oe-kbuild-all/202306170247.eQtCJPE8-lkp@intel.com/
|
|
||||||
|
|
||||||
(cherry picked from commit 0a9567ac5e6a40cdd9c8cd15b19a62a15250f450)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 305ba9053fdf1503a6717e3a96a7d9e0cd48ef15)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/include/asm/mem_encrypt.h | 10 ++++++----
|
|
||||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
|
|
||||||
index a95914f479b8..8f513372cd8d 100644
|
|
||||||
--- a/arch/x86/include/asm/mem_encrypt.h
|
|
||||||
+++ b/arch/x86/include/asm/mem_encrypt.h
|
|
||||||
@@ -17,6 +17,12 @@
|
|
||||||
|
|
||||||
#include <asm/bootparam.h>
|
|
||||||
|
|
||||||
+#ifdef CONFIG_X86_MEM_ENCRYPT
|
|
||||||
+void __init mem_encrypt_init(void);
|
|
||||||
+#else
|
|
||||||
+static inline void mem_encrypt_init(void) { }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#ifdef CONFIG_AMD_MEM_ENCRYPT
|
|
||||||
|
|
||||||
extern u64 sme_me_mask;
|
|
||||||
@@ -51,8 +57,6 @@ void __init mem_encrypt_free_decrypted_mem(void);
|
|
||||||
|
|
||||||
void __init sev_es_init_vc_handling(void);
|
|
||||||
|
|
||||||
-void __init mem_encrypt_init(void);
|
|
||||||
-
|
|
||||||
#define __bss_decrypted __section(".bss..decrypted")
|
|
||||||
|
|
||||||
#else /* !CONFIG_AMD_MEM_ENCRYPT */
|
|
||||||
@@ -84,8 +88,6 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}
|
|
||||||
|
|
||||||
static inline void mem_encrypt_free_decrypted_mem(void) { }
|
|
||||||
|
|
||||||
-static inline void mem_encrypt_init(void) { }
|
|
||||||
-
|
|
||||||
#define __bss_decrypted
|
|
||||||
|
|
||||||
#endif /* CONFIG_AMD_MEM_ENCRYPT */
|
|
@ -1,42 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Juergen Gross <jgross@suse.com>
|
|
||||||
Date: Mon, 3 Jul 2023 15:00:32 +0200
|
|
||||||
Subject: [PATCH] x86/xen: Fix secondary processors' FPU initialization
|
|
||||||
|
|
||||||
Moving the call of fpu__init_cpu() from cpu_init() to start_secondary()
|
|
||||||
broke Xen PV guests, as those don't call start_secondary() for APs.
|
|
||||||
|
|
||||||
Call fpu__init_cpu() in Xen's cpu_bringup(), which is the Xen PV
|
|
||||||
replacement of start_secondary().
|
|
||||||
|
|
||||||
Fixes: b81fac906a8f ("x86/fpu: Move FPU initialization into arch_cpu_finalize_init()")
|
|
||||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
|
||||||
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
|
||||||
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
|
||||||
Acked-by: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Link: https://lore.kernel.org/r/20230703130032.22916-1-jgross@suse.com
|
|
||||||
|
|
||||||
(cherry picked from commit fe3e0a13e597c1c8617814bf9b42ab732db5c26e)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 96617ee9a5943f6c58fa503257e18b191e84d117)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/xen/smp_pv.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
|
|
||||||
index 6175f2c5c822..e97bab7b0010 100644
|
|
||||||
--- a/arch/x86/xen/smp_pv.c
|
|
||||||
+++ b/arch/x86/xen/smp_pv.c
|
|
||||||
@@ -63,6 +63,7 @@ static void cpu_bringup(void)
|
|
||||||
|
|
||||||
cr4_init();
|
|
||||||
cpu_init();
|
|
||||||
+ fpu__init_cpu();
|
|
||||||
touch_softlockup_watchdog();
|
|
||||||
|
|
||||||
/* PVH runs in ring 0 and allows us to do native syscalls. Yay! */
|
|
@ -1,595 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Date: Wed, 12 Jul 2023 19:43:11 -0700
|
|
||||||
Subject: [PATCH] x86/speculation: Add Gather Data Sampling mitigation
|
|
||||||
|
|
||||||
Gather Data Sampling (GDS) is a hardware vulnerability which allows
|
|
||||||
unprivileged speculative access to data which was previously stored in
|
|
||||||
vector registers.
|
|
||||||
|
|
||||||
Intel processors that support AVX2 and AVX512 have gather instructions
|
|
||||||
that fetch non-contiguous data elements from memory. On vulnerable
|
|
||||||
hardware, when a gather instruction is transiently executed and
|
|
||||||
encounters a fault, stale data from architectural or internal vector
|
|
||||||
registers may get transiently stored to the destination vector
|
|
||||||
register allowing an attacker to infer the stale data using typical
|
|
||||||
side channel techniques like cache timing attacks.
|
|
||||||
|
|
||||||
This mitigation is different from many earlier ones for two reasons.
|
|
||||||
First, it is enabled by default and a bit must be set to *DISABLE* it.
|
|
||||||
This is the opposite of normal mitigation polarity. This means GDS can
|
|
||||||
be mitigated simply by updating microcode and leaving the new control
|
|
||||||
bit alone.
|
|
||||||
|
|
||||||
Second, GDS has a "lock" bit. This lock bit is there because the
|
|
||||||
mitigation affects the hardware security features KeyLocker and SGX.
|
|
||||||
It needs to be enabled and *STAY* enabled for these features to be
|
|
||||||
mitigated against GDS.
|
|
||||||
|
|
||||||
The mitigation is enabled in the microcode by default. Disable it by
|
|
||||||
setting gather_data_sampling=off or by disabling all mitigations with
|
|
||||||
mitigations=off. The mitigation status can be checked by reading:
|
|
||||||
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/gather_data_sampling
|
|
||||||
|
|
||||||
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
|
|
||||||
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
|
|
||||||
|
|
||||||
(cherry picked from commit 8974eb588283b7d44a7c91fa09fcbaf380339f3a)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit a82fd9ff16b574fc42677c7b5f9e05b2f965d709)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
.../ABI/testing/sysfs-devices-system-cpu | 13 +-
|
|
||||||
.../hw-vuln/gather_data_sampling.rst | 99 ++++++++++++++
|
|
||||||
Documentation/admin-guide/hw-vuln/index.rst | 1 +
|
|
||||||
.../admin-guide/kernel-parameters.txt | 41 ++++--
|
|
||||||
arch/x86/include/asm/cpufeatures.h | 1 +
|
|
||||||
arch/x86/include/asm/msr-index.h | 11 ++
|
|
||||||
arch/x86/kernel/cpu/bugs.c | 129 ++++++++++++++++++
|
|
||||||
arch/x86/kernel/cpu/common.c | 34 +++--
|
|
||||||
arch/x86/kernel/cpu/cpu.h | 1 +
|
|
||||||
drivers/base/cpu.c | 8 ++
|
|
||||||
10 files changed, 310 insertions(+), 28 deletions(-)
|
|
||||||
create mode 100644 Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
|
|
||||||
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
|
||||||
index f54867cadb0f..13c01b641dc7 100644
|
|
||||||
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
|
||||||
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
|
||||||
@@ -513,17 +513,18 @@ Description: information about CPUs heterogeneity.
|
|
||||||
cpu_capacity: capacity of cpuX.
|
|
||||||
|
|
||||||
What: /sys/devices/system/cpu/vulnerabilities
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/gather_data_sampling
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/l1tf
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/mds
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/meltdown
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/retbleed
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/spectre_v1
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/spectre_v2
|
|
||||||
- /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
|
|
||||||
- /sys/devices/system/cpu/vulnerabilities/l1tf
|
|
||||||
- /sys/devices/system/cpu/vulnerabilities/mds
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/srbds
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
|
||||||
- /sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
|
||||||
- /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
|
|
||||||
- /sys/devices/system/cpu/vulnerabilities/retbleed
|
|
||||||
Date: January 2018
|
|
||||||
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
|
||||||
Description: Information about CPU vulnerabilities
|
|
||||||
diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000000..74dab6af7fe1
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
@@ -0,0 +1,99 @@
|
|
||||||
+.. SPDX-License-Identifier: GPL-2.0
|
|
||||||
+
|
|
||||||
+GDS - Gather Data Sampling
|
|
||||||
+==========================
|
|
||||||
+
|
|
||||||
+Gather Data Sampling is a hardware vulnerability which allows unprivileged
|
|
||||||
+speculative access to data which was previously stored in vector registers.
|
|
||||||
+
|
|
||||||
+Problem
|
|
||||||
+-------
|
|
||||||
+When a gather instruction performs loads from memory, different data elements
|
|
||||||
+are merged into the destination vector register. However, when a gather
|
|
||||||
+instruction that is transiently executed encounters a fault, stale data from
|
|
||||||
+architectural or internal vector registers may get transiently forwarded to the
|
|
||||||
+destination vector register instead. This will allow a malicious attacker to
|
|
||||||
+infer stale data using typical side channel techniques like cache timing
|
|
||||||
+attacks. GDS is a purely sampling-based attack.
|
|
||||||
+
|
|
||||||
+The attacker uses gather instructions to infer the stale vector register data.
|
|
||||||
+The victim does not need to do anything special other than use the vector
|
|
||||||
+registers. The victim does not need to use gather instructions to be
|
|
||||||
+vulnerable.
|
|
||||||
+
|
|
||||||
+Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
|
|
||||||
+are possible.
|
|
||||||
+
|
|
||||||
+Attack scenarios
|
|
||||||
+----------------
|
|
||||||
+Without mitigation, GDS can infer stale data across virtually all
|
|
||||||
+permission boundaries:
|
|
||||||
+
|
|
||||||
+ Non-enclaves can infer SGX enclave data
|
|
||||||
+ Userspace can infer kernel data
|
|
||||||
+ Guests can infer data from hosts
|
|
||||||
+ Guest can infer guest from other guests
|
|
||||||
+ Users can infer data from other users
|
|
||||||
+
|
|
||||||
+Because of this, it is important to ensure that the mitigation stays enabled in
|
|
||||||
+lower-privilege contexts like guests and when running outside SGX enclaves.
|
|
||||||
+
|
|
||||||
+The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure
|
|
||||||
+that guests are not allowed to disable the GDS mitigation. If a host erred and
|
|
||||||
+allowed this, a guest could theoretically disable GDS mitigation, mount an
|
|
||||||
+attack, and re-enable it.
|
|
||||||
+
|
|
||||||
+Mitigation mechanism
|
|
||||||
+--------------------
|
|
||||||
+This issue is mitigated in microcode. The microcode defines the following new
|
|
||||||
+bits:
|
|
||||||
+
|
|
||||||
+ ================================ === ============================
|
|
||||||
+ IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability
|
|
||||||
+ and mitigation support.
|
|
||||||
+ IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable.
|
|
||||||
+ IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation
|
|
||||||
+ 0 by default.
|
|
||||||
+ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes
|
|
||||||
+ to GDS_MITG_DIS are ignored
|
|
||||||
+ Can't be cleared once set.
|
|
||||||
+ ================================ === ============================
|
|
||||||
+
|
|
||||||
+GDS can also be mitigated on systems that don't have updated microcode by
|
|
||||||
+disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel
|
|
||||||
+command-line.
|
|
||||||
+
|
|
||||||
+Mitigation control on the kernel command line
|
|
||||||
+---------------------------------------------
|
|
||||||
+The mitigation can be disabled by setting "gather_data_sampling=off" or
|
|
||||||
+"mitigations=off" on the kernel command line. Not specifying either will
|
|
||||||
+default to the mitigation being enabled.
|
|
||||||
+
|
|
||||||
+GDS System Information
|
|
||||||
+------------------------
|
|
||||||
+The kernel provides vulnerability status information through sysfs. For
|
|
||||||
+GDS this can be accessed by the following sysfs file:
|
|
||||||
+
|
|
||||||
+/sys/devices/system/cpu/vulnerabilities/gather_data_sampling
|
|
||||||
+
|
|
||||||
+The possible values contained in this file are:
|
|
||||||
+
|
|
||||||
+ ============================== =============================================
|
|
||||||
+ Not affected Processor not vulnerable.
|
|
||||||
+ Vulnerable Processor vulnerable and mitigation disabled.
|
|
||||||
+ Vulnerable: No microcode Processor vulnerable and microcode is missing
|
|
||||||
+ mitigation.
|
|
||||||
+ Mitigation: Microcode Processor is vulnerable and mitigation is in
|
|
||||||
+ effect.
|
|
||||||
+ Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
|
|
||||||
+ effect and cannot be disabled.
|
|
||||||
+ Unknown: Dependent on
|
|
||||||
+ hypervisor status Running on a virtual guest processor that is
|
|
||||||
+ affected but with no way to know if host
|
|
||||||
+ processor is mitigated or vulnerable.
|
|
||||||
+ ============================== =============================================
|
|
||||||
+
|
|
||||||
+GDS Default mitigation
|
|
||||||
+----------------------
|
|
||||||
+The updated microcode will enable the mitigation by default. The kernel's
|
|
||||||
+default action is to leave the mitigation enabled.
|
|
||||||
diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
|
|
||||||
index e0614760a99e..436fac0bd9c3 100644
|
|
||||||
--- a/Documentation/admin-guide/hw-vuln/index.rst
|
|
||||||
+++ b/Documentation/admin-guide/hw-vuln/index.rst
|
|
||||||
@@ -19,3 +19,4 @@ are configurable at compile, boot or run time.
|
|
||||||
l1d_flush.rst
|
|
||||||
processor_mmio_stale_data.rst
|
|
||||||
cross-thread-rsb.rst
|
|
||||||
+ gather_data_sampling.rst
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index c0d8867359bc..380e1e46ffa1 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
@@ -1610,6 +1610,20 @@
|
|
||||||
Format: off | on
|
|
||||||
default: on
|
|
||||||
|
|
||||||
+ gather_data_sampling=
|
|
||||||
+ [X86,INTEL] Control the Gather Data Sampling (GDS)
|
|
||||||
+ mitigation.
|
|
||||||
+
|
|
||||||
+ Gather Data Sampling is a hardware vulnerability which
|
|
||||||
+ allows unprivileged speculative access to data which was
|
|
||||||
+ previously stored in vector registers.
|
|
||||||
+
|
|
||||||
+ This issue is mitigated by default in updated microcode.
|
|
||||||
+ The mitigation may have a performance impact but can be
|
|
||||||
+ disabled.
|
|
||||||
+
|
|
||||||
+ off: Disable GDS mitigation.
|
|
||||||
+
|
|
||||||
gcov_persist= [GCOV] When non-zero (default), profiling data for
|
|
||||||
kernel modules is saved and remains accessible via
|
|
||||||
debugfs, even when the module is unloaded/reloaded.
|
|
||||||
@@ -3245,24 +3259,25 @@
|
|
||||||
Disable all optional CPU mitigations. This
|
|
||||||
improves system performance, but it may also
|
|
||||||
expose users to several CPU vulnerabilities.
|
|
||||||
- Equivalent to: nopti [X86,PPC]
|
|
||||||
- if nokaslr then kpti=0 [ARM64]
|
|
||||||
- nospectre_v1 [X86,PPC]
|
|
||||||
- nobp=0 [S390]
|
|
||||||
- nospectre_v2 [X86,PPC,S390,ARM64]
|
|
||||||
- spectre_v2_user=off [X86]
|
|
||||||
- spec_store_bypass_disable=off [X86,PPC]
|
|
||||||
- ssbd=force-off [ARM64]
|
|
||||||
- nospectre_bhb [ARM64]
|
|
||||||
+ Equivalent to: if nokaslr then kpti=0 [ARM64]
|
|
||||||
+ gather_data_sampling=off [X86]
|
|
||||||
+ kvm.nx_huge_pages=off [X86]
|
|
||||||
l1tf=off [X86]
|
|
||||||
mds=off [X86]
|
|
||||||
- tsx_async_abort=off [X86]
|
|
||||||
- kvm.nx_huge_pages=off [X86]
|
|
||||||
- srbds=off [X86,INTEL]
|
|
||||||
+ mmio_stale_data=off [X86]
|
|
||||||
no_entry_flush [PPC]
|
|
||||||
no_uaccess_flush [PPC]
|
|
||||||
- mmio_stale_data=off [X86]
|
|
||||||
+ nobp=0 [S390]
|
|
||||||
+ nopti [X86,PPC]
|
|
||||||
+ nospectre_bhb [ARM64]
|
|
||||||
+ nospectre_v1 [X86,PPC]
|
|
||||||
+ nospectre_v2 [X86,PPC,S390,ARM64]
|
|
||||||
retbleed=off [X86]
|
|
||||||
+ spec_store_bypass_disable=off [X86,PPC]
|
|
||||||
+ spectre_v2_user=off [X86]
|
|
||||||
+ srbds=off [X86,INTEL]
|
|
||||||
+ ssbd=force-off [ARM64]
|
|
||||||
+ tsx_async_abort=off [X86]
|
|
||||||
|
|
||||||
Exceptions:
|
|
||||||
This does not have any effect on
|
|
||||||
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
|
|
||||||
index 8f39c46197b8..93f232eb9786 100644
|
|
||||||
--- a/arch/x86/include/asm/cpufeatures.h
|
|
||||||
+++ b/arch/x86/include/asm/cpufeatures.h
|
|
||||||
@@ -467,5 +467,6 @@
|
|
||||||
#define X86_BUG_RETBLEED X86_BUG(27) /* CPU is affected by RETBleed */
|
|
||||||
#define X86_BUG_EIBRS_PBRSB X86_BUG(28) /* EIBRS is vulnerable to Post Barrier RSB Predictions */
|
|
||||||
#define X86_BUG_SMT_RSB X86_BUG(29) /* CPU is vulnerable to Cross-Thread Return Address Predictions */
|
|
||||||
+#define X86_BUG_GDS X86_BUG(30) /* CPU is affected by Gather Data Sampling */
|
|
||||||
|
|
||||||
#endif /* _ASM_X86_CPUFEATURES_H */
|
|
||||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
|
||||||
index 52a09dbc2c26..b030a03ca8d6 100644
|
|
||||||
--- a/arch/x86/include/asm/msr-index.h
|
|
||||||
+++ b/arch/x86/include/asm/msr-index.h
|
|
||||||
@@ -153,6 +153,15 @@
|
|
||||||
* Not susceptible to Post-Barrier
|
|
||||||
* Return Stack Buffer Predictions.
|
|
||||||
*/
|
|
||||||
+#define ARCH_CAP_GDS_CTRL BIT(25) /*
|
|
||||||
+ * CPU is vulnerable to Gather
|
|
||||||
+ * Data Sampling (GDS) and
|
|
||||||
+ * has controls for mitigation.
|
|
||||||
+ */
|
|
||||||
+#define ARCH_CAP_GDS_NO BIT(26) /*
|
|
||||||
+ * CPU is not vulnerable to Gather
|
|
||||||
+ * Data Sampling (GDS).
|
|
||||||
+ */
|
|
||||||
|
|
||||||
#define ARCH_CAP_XAPIC_DISABLE BIT(21) /*
|
|
||||||
* IA32_XAPIC_DISABLE_STATUS MSR
|
|
||||||
@@ -176,6 +185,8 @@
|
|
||||||
#define RNGDS_MITG_DIS BIT(0) /* SRBDS support */
|
|
||||||
#define RTM_ALLOW BIT(1) /* TSX development mode */
|
|
||||||
#define FB_CLEAR_DIS BIT(3) /* CPU Fill buffer clear disable */
|
|
||||||
+#define GDS_MITG_DIS BIT(4) /* Disable GDS mitigation */
|
|
||||||
+#define GDS_MITG_LOCKED BIT(5) /* GDS mitigation locked */
|
|
||||||
|
|
||||||
#define MSR_IA32_SYSENTER_CS 0x00000174
|
|
||||||
#define MSR_IA32_SYSENTER_ESP 0x00000175
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index edb670b77294..a1c1c8e4995c 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
@@ -46,6 +46,7 @@ static void __init taa_select_mitigation(void);
|
|
||||||
static void __init mmio_select_mitigation(void);
|
|
||||||
static void __init srbds_select_mitigation(void);
|
|
||||||
static void __init l1d_flush_select_mitigation(void);
|
|
||||||
+static void __init gds_select_mitigation(void);
|
|
||||||
|
|
||||||
/* The base value of the SPEC_CTRL MSR without task-specific bits set */
|
|
||||||
u64 x86_spec_ctrl_base;
|
|
||||||
@@ -159,6 +160,7 @@ void __init cpu_select_mitigations(void)
|
|
||||||
md_clear_select_mitigation();
|
|
||||||
srbds_select_mitigation();
|
|
||||||
l1d_flush_select_mitigation();
|
|
||||||
+ gds_select_mitigation();
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -644,6 +646,120 @@ static int __init l1d_flush_parse_cmdline(char *str)
|
|
||||||
}
|
|
||||||
early_param("l1d_flush", l1d_flush_parse_cmdline);
|
|
||||||
|
|
||||||
+#undef pr_fmt
|
|
||||||
+#define pr_fmt(fmt) "GDS: " fmt
|
|
||||||
+
|
|
||||||
+enum gds_mitigations {
|
|
||||||
+ GDS_MITIGATION_OFF,
|
|
||||||
+ GDS_MITIGATION_UCODE_NEEDED,
|
|
||||||
+ GDS_MITIGATION_FULL,
|
|
||||||
+ GDS_MITIGATION_FULL_LOCKED,
|
|
||||||
+ GDS_MITIGATION_HYPERVISOR,
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL;
|
|
||||||
+
|
|
||||||
+static const char * const gds_strings[] = {
|
|
||||||
+ [GDS_MITIGATION_OFF] = "Vulnerable",
|
|
||||||
+ [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
|
|
||||||
+ [GDS_MITIGATION_FULL] = "Mitigation: Microcode",
|
|
||||||
+ [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)",
|
|
||||||
+ [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+void update_gds_msr(void)
|
|
||||||
+{
|
|
||||||
+ u64 mcu_ctrl_after;
|
|
||||||
+ u64 mcu_ctrl;
|
|
||||||
+
|
|
||||||
+ switch (gds_mitigation) {
|
|
||||||
+ case GDS_MITIGATION_OFF:
|
|
||||||
+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
|
|
||||||
+ mcu_ctrl |= GDS_MITG_DIS;
|
|
||||||
+ break;
|
|
||||||
+ case GDS_MITIGATION_FULL_LOCKED:
|
|
||||||
+ /*
|
|
||||||
+ * The LOCKED state comes from the boot CPU. APs might not have
|
|
||||||
+ * the same state. Make sure the mitigation is enabled on all
|
|
||||||
+ * CPUs.
|
|
||||||
+ */
|
|
||||||
+ case GDS_MITIGATION_FULL:
|
|
||||||
+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
|
|
||||||
+ mcu_ctrl &= ~GDS_MITG_DIS;
|
|
||||||
+ break;
|
|
||||||
+ case GDS_MITIGATION_UCODE_NEEDED:
|
|
||||||
+ case GDS_MITIGATION_HYPERVISOR:
|
|
||||||
+ return;
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+ wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Check to make sure that the WRMSR value was not ignored. Writes to
|
|
||||||
+ * GDS_MITG_DIS will be ignored if this processor is locked but the boot
|
|
||||||
+ * processor was not.
|
|
||||||
+ */
|
|
||||||
+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl_after);
|
|
||||||
+ WARN_ON_ONCE(mcu_ctrl != mcu_ctrl_after);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void __init gds_select_mitigation(void)
|
|
||||||
+{
|
|
||||||
+ u64 mcu_ctrl;
|
|
||||||
+
|
|
||||||
+ if (!boot_cpu_has_bug(X86_BUG_GDS))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_HYPERVISOR;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (cpu_mitigations_off())
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_OFF;
|
|
||||||
+ /* Will verify below that mitigation _can_ be disabled */
|
|
||||||
+
|
|
||||||
+ /* No microcode */
|
|
||||||
+ if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) {
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
|
|
||||||
+ if (mcu_ctrl & GDS_MITG_LOCKED) {
|
|
||||||
+ if (gds_mitigation == GDS_MITIGATION_OFF)
|
|
||||||
+ pr_warn("Mitigation locked. Disable failed.\n");
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * The mitigation is selected from the boot CPU. All other CPUs
|
|
||||||
+ * _should_ have the same state. If the boot CPU isn't locked
|
|
||||||
+ * but others are then update_gds_msr() will WARN() of the state
|
|
||||||
+ * mismatch. If the boot CPU is locked update_gds_msr() will
|
|
||||||
+ * ensure the other CPUs have the mitigation enabled.
|
|
||||||
+ */
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_FULL_LOCKED;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ update_gds_msr();
|
|
||||||
+out:
|
|
||||||
+ pr_info("%s\n", gds_strings[gds_mitigation]);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int __init gds_parse_cmdline(char *str)
|
|
||||||
+{
|
|
||||||
+ if (!str)
|
|
||||||
+ return -EINVAL;
|
|
||||||
+
|
|
||||||
+ if (!boot_cpu_has_bug(X86_BUG_GDS))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (!strcmp(str, "off"))
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_OFF;
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+early_param("gather_data_sampling", gds_parse_cmdline);
|
|
||||||
+
|
|
||||||
#undef pr_fmt
|
|
||||||
#define pr_fmt(fmt) "Spectre V1 : " fmt
|
|
||||||
|
|
||||||
@@ -2385,6 +2501,11 @@ static ssize_t retbleed_show_state(char *buf)
|
|
||||||
return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static ssize_t gds_show_state(char *buf)
|
|
||||||
+{
|
|
||||||
+ return sysfs_emit(buf, "%s\n", gds_strings[gds_mitigation]);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
|
|
||||||
char *buf, unsigned int bug)
|
|
||||||
{
|
|
||||||
@@ -2434,6 +2555,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
|
|
||||||
case X86_BUG_RETBLEED:
|
|
||||||
return retbleed_show_state(buf);
|
|
||||||
|
|
||||||
+ case X86_BUG_GDS:
|
|
||||||
+ return gds_show_state(buf);
|
|
||||||
+
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
@@ -2498,4 +2622,9 @@ ssize_t cpu_show_retbleed(struct device *dev, struct device_attribute *attr, cha
|
|
||||||
{
|
|
||||||
return cpu_show_common(dev, attr, buf, X86_BUG_RETBLEED);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ssize_t cpu_show_gds(struct device *dev, struct device_attribute *attr, char *buf)
|
|
||||||
+{
|
|
||||||
+ return cpu_show_common(dev, attr, buf, X86_BUG_GDS);
|
|
||||||
+}
|
|
||||||
#endif
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 9b53d1cb424d..d950fb5ac0b4 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
|
||||||
@@ -1262,6 +1262,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
|
|
||||||
#define RETBLEED BIT(3)
|
|
||||||
/* CPU is affected by SMT (cross-thread) return predictions */
|
|
||||||
#define SMT_RSB BIT(4)
|
|
||||||
+/* CPU is affected by GDS */
|
|
||||||
+#define GDS BIT(5)
|
|
||||||
|
|
||||||
static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
|
|
||||||
VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS),
|
|
||||||
@@ -1274,19 +1276,21 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
|
|
||||||
VULNBL_INTEL_STEPPINGS(BROADWELL_X, X86_STEPPING_ANY, MMIO),
|
|
||||||
VULNBL_INTEL_STEPPINGS(BROADWELL, X86_STEPPING_ANY, SRBDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(SKYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED | GDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(SKYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(CANNONLAKE_L, X86_STEPPING_ANY, RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPING_ANY, MMIO),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(COMETLAKE, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO | GDS),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPING_ANY, MMIO | GDS),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(COMETLAKE, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO | RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(TIGERLAKE_L, X86_STEPPING_ANY, GDS),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(TIGERLAKE, X86_STEPPING_ANY, GDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
|
|
||||||
- VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED),
|
|
||||||
+ VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS),
|
|
||||||
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO),
|
|
||||||
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS),
|
|
||||||
@@ -1415,6 +1419,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
|
|
||||||
if (cpu_matches(cpu_vuln_blacklist, SMT_RSB))
|
|
||||||
setup_force_cpu_bug(X86_BUG_SMT_RSB);
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * Check if CPU is vulnerable to GDS. If running in a virtual machine on
|
|
||||||
+ * an affected processor, the VMM may have disabled the use of GATHER by
|
|
||||||
+ * disabling AVX2. The only way to do this in HW is to clear XCR0[2],
|
|
||||||
+ * which means that AVX will be disabled.
|
|
||||||
+ */
|
|
||||||
+ if (cpu_matches(cpu_vuln_blacklist, GDS) && !(ia32_cap & ARCH_CAP_GDS_NO) &&
|
|
||||||
+ boot_cpu_has(X86_FEATURE_AVX))
|
|
||||||
+ setup_force_cpu_bug(X86_BUG_GDS);
|
|
||||||
+
|
|
||||||
if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
|
|
||||||
return;
|
|
||||||
|
|
||||||
@@ -1977,6 +1991,8 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c)
|
|
||||||
validate_apic_and_package_id(c);
|
|
||||||
x86_spec_ctrl_setup_ap();
|
|
||||||
update_srbds_msr();
|
|
||||||
+ if (boot_cpu_has_bug(X86_BUG_GDS))
|
|
||||||
+ update_gds_msr();
|
|
||||||
|
|
||||||
tsx_ap_init();
|
|
||||||
}
|
|
||||||
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
|
|
||||||
index 61dbb9b216e6..d9aeb335002d 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/cpu.h
|
|
||||||
+++ b/arch/x86/kernel/cpu/cpu.h
|
|
||||||
@@ -83,6 +83,7 @@ void cpu_select_mitigations(void);
|
|
||||||
|
|
||||||
extern void x86_spec_ctrl_setup_ap(void);
|
|
||||||
extern void update_srbds_msr(void);
|
|
||||||
+extern void update_gds_msr(void);
|
|
||||||
|
|
||||||
extern u64 x86_read_arch_cap_msr(void);
|
|
||||||
|
|
||||||
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
|
|
||||||
index 7af8e33735a3..cc6cf06ce88e 100644
|
|
||||||
--- a/drivers/base/cpu.c
|
|
||||||
+++ b/drivers/base/cpu.c
|
|
||||||
@@ -577,6 +577,12 @@ ssize_t __weak cpu_show_retbleed(struct device *dev,
|
|
||||||
return sysfs_emit(buf, "Not affected\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
+ssize_t __weak cpu_show_gds(struct device *dev,
|
|
||||||
+ struct device_attribute *attr, char *buf)
|
|
||||||
+{
|
|
||||||
+ return sysfs_emit(buf, "Not affected\n");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
|
|
||||||
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
|
|
||||||
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
|
|
||||||
@@ -588,6 +594,7 @@ static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
|
|
||||||
static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL);
|
|
||||||
static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL);
|
|
||||||
static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL);
|
|
||||||
+static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL);
|
|
||||||
|
|
||||||
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
|
||||||
&dev_attr_meltdown.attr,
|
|
||||||
@@ -601,6 +608,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
|
||||||
&dev_attr_srbds.attr,
|
|
||||||
&dev_attr_mmio_stale_data.attr,
|
|
||||||
&dev_attr_retbleed.attr,
|
|
||||||
+ &dev_attr_gather_data_sampling.attr,
|
|
||||||
NULL
|
|
||||||
};
|
|
||||||
|
|
@ -1,172 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Date: Wed, 12 Jul 2023 19:43:12 -0700
|
|
||||||
Subject: [PATCH] x86/speculation: Add force option to GDS mitigation
|
|
||||||
|
|
||||||
The Gather Data Sampling (GDS) vulnerability allows malicious software
|
|
||||||
to infer stale data previously stored in vector registers. This may
|
|
||||||
include sensitive data such as cryptographic keys. GDS is mitigated in
|
|
||||||
microcode, and systems with up-to-date microcode are protected by
|
|
||||||
default. However, any affected system that is running with older
|
|
||||||
microcode will still be vulnerable to GDS attacks.
|
|
||||||
|
|
||||||
Since the gather instructions used by the attacker are part of the
|
|
||||||
AVX2 and AVX512 extensions, disabling these extensions prevents gather
|
|
||||||
instructions from being executed, thereby mitigating the system from
|
|
||||||
GDS. Disabling AVX2 is sufficient, but we don't have the granularity
|
|
||||||
to do this. The XCR0[2] disables AVX, with no option to just disable
|
|
||||||
AVX2.
|
|
||||||
|
|
||||||
Add a kernel parameter gather_data_sampling=force that will enable the
|
|
||||||
microcode mitigation if available, otherwise it will disable AVX on
|
|
||||||
affected systems.
|
|
||||||
|
|
||||||
This option will be ignored if cmdline mitigations=off.
|
|
||||||
|
|
||||||
This is a *big* hammer. It is known to break buggy userspace that
|
|
||||||
uses incomplete, buggy AVX enumeration. Unfortunately, such userspace
|
|
||||||
does exist in the wild:
|
|
||||||
|
|
||||||
https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html
|
|
||||||
|
|
||||||
[ dhansen: add some more ominous warnings about disabling AVX ]
|
|
||||||
|
|
||||||
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
|
|
||||||
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
|
|
||||||
|
|
||||||
(cherry picked from commit 553a5c03e90a6087e88f8ff878335ef0621536fb)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit b73421edcd9b8f1b1db51168e4568667d74422db)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
.../hw-vuln/gather_data_sampling.rst | 18 +++++++++++++----
|
|
||||||
.../admin-guide/kernel-parameters.txt | 8 +++++++-
|
|
||||||
arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++-
|
|
||||||
3 files changed, 40 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
index 74dab6af7fe1..40b7a6260010 100644
|
|
||||||
--- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
@@ -60,14 +60,21 @@ bits:
|
|
||||||
================================ === ============================
|
|
||||||
|
|
||||||
GDS can also be mitigated on systems that don't have updated microcode by
|
|
||||||
-disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel
|
|
||||||
-command-line.
|
|
||||||
+disabling AVX. This can be done by setting gather_data_sampling="force" or
|
|
||||||
+"clearcpuid=avx" on the kernel command-line.
|
|
||||||
+
|
|
||||||
+If used, these options will disable AVX use by turning on XSAVE YMM support.
|
|
||||||
+However, the processor will still enumerate AVX support. Userspace that
|
|
||||||
+does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
|
|
||||||
+support will break.
|
|
||||||
|
|
||||||
Mitigation control on the kernel command line
|
|
||||||
---------------------------------------------
|
|
||||||
The mitigation can be disabled by setting "gather_data_sampling=off" or
|
|
||||||
-"mitigations=off" on the kernel command line. Not specifying either will
|
|
||||||
-default to the mitigation being enabled.
|
|
||||||
+"mitigations=off" on the kernel command line. Not specifying either will default
|
|
||||||
+to the mitigation being enabled. Specifying "gather_data_sampling=force" will
|
|
||||||
+use the microcode mitigation when available or disable AVX on affected systems
|
|
||||||
+where the microcode hasn't been updated to include the mitigation.
|
|
||||||
|
|
||||||
GDS System Information
|
|
||||||
------------------------
|
|
||||||
@@ -83,6 +90,9 @@ The possible values contained in this file are:
|
|
||||||
Vulnerable Processor vulnerable and mitigation disabled.
|
|
||||||
Vulnerable: No microcode Processor vulnerable and microcode is missing
|
|
||||||
mitigation.
|
|
||||||
+ Mitigation: AVX disabled,
|
|
||||||
+ no microcode Processor is vulnerable and microcode is missing
|
|
||||||
+ mitigation. AVX disabled as mitigation.
|
|
||||||
Mitigation: Microcode Processor is vulnerable and mitigation is in
|
|
||||||
effect.
|
|
||||||
Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index 380e1e46ffa1..5fef2f65f634 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
@@ -1620,7 +1620,13 @@
|
|
||||||
|
|
||||||
This issue is mitigated by default in updated microcode.
|
|
||||||
The mitigation may have a performance impact but can be
|
|
||||||
- disabled.
|
|
||||||
+ disabled. On systems without the microcode mitigation
|
|
||||||
+ disabling AVX serves as a mitigation.
|
|
||||||
+
|
|
||||||
+ force: Disable AVX to mitigate systems without
|
|
||||||
+ microcode mitigation. No effect if the microcode
|
|
||||||
+ mitigation is present. Known to cause crashes in
|
|
||||||
+ userspace with buggy AVX enumeration.
|
|
||||||
|
|
||||||
off: Disable GDS mitigation.
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index a1c1c8e4995c..0cc3c4f09dd7 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
@@ -652,6 +652,7 @@ early_param("l1d_flush", l1d_flush_parse_cmdline);
|
|
||||||
enum gds_mitigations {
|
|
||||||
GDS_MITIGATION_OFF,
|
|
||||||
GDS_MITIGATION_UCODE_NEEDED,
|
|
||||||
+ GDS_MITIGATION_FORCE,
|
|
||||||
GDS_MITIGATION_FULL,
|
|
||||||
GDS_MITIGATION_FULL_LOCKED,
|
|
||||||
GDS_MITIGATION_HYPERVISOR,
|
|
||||||
@@ -662,6 +663,7 @@ static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL
|
|
||||||
static const char * const gds_strings[] = {
|
|
||||||
[GDS_MITIGATION_OFF] = "Vulnerable",
|
|
||||||
[GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
|
|
||||||
+ [GDS_MITIGATION_FORCE] = "Mitigation: AVX disabled, no microcode",
|
|
||||||
[GDS_MITIGATION_FULL] = "Mitigation: Microcode",
|
|
||||||
[GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)",
|
|
||||||
[GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
|
|
||||||
@@ -687,6 +689,7 @@ void update_gds_msr(void)
|
|
||||||
rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
|
|
||||||
mcu_ctrl &= ~GDS_MITG_DIS;
|
|
||||||
break;
|
|
||||||
+ case GDS_MITIGATION_FORCE:
|
|
||||||
case GDS_MITIGATION_UCODE_NEEDED:
|
|
||||||
case GDS_MITIGATION_HYPERVISOR:
|
|
||||||
return;
|
|
||||||
@@ -721,10 +724,23 @@ static void __init gds_select_mitigation(void)
|
|
||||||
|
|
||||||
/* No microcode */
|
|
||||||
if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) {
|
|
||||||
- gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
|
|
||||||
+ if (gds_mitigation == GDS_MITIGATION_FORCE) {
|
|
||||||
+ /*
|
|
||||||
+ * This only needs to be done on the boot CPU so do it
|
|
||||||
+ * here rather than in update_gds_msr()
|
|
||||||
+ */
|
|
||||||
+ setup_clear_cpu_cap(X86_FEATURE_AVX);
|
|
||||||
+ pr_warn("Microcode update needed! Disabling AVX as mitigation.\n");
|
|
||||||
+ } else {
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
|
|
||||||
+ }
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* Microcode has mitigation, use it */
|
|
||||||
+ if (gds_mitigation == GDS_MITIGATION_FORCE)
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_FULL;
|
|
||||||
+
|
|
||||||
rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
|
|
||||||
if (mcu_ctrl & GDS_MITG_LOCKED) {
|
|
||||||
if (gds_mitigation == GDS_MITIGATION_OFF)
|
|
||||||
@@ -755,6 +771,8 @@ static int __init gds_parse_cmdline(char *str)
|
|
||||||
|
|
||||||
if (!strcmp(str, "off"))
|
|
||||||
gds_mitigation = GDS_MITIGATION_OFF;
|
|
||||||
+ else if (!strcmp(str, "force"))
|
|
||||||
+ gds_mitigation = GDS_MITIGATION_FORCE;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,75 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Date: Wed, 12 Jul 2023 19:43:13 -0700
|
|
||||||
Subject: [PATCH] x86/speculation: Add Kconfig option for GDS
|
|
||||||
|
|
||||||
Gather Data Sampling (GDS) is mitigated in microcode. However, on
|
|
||||||
systems that haven't received the updated microcode, disabling AVX
|
|
||||||
can act as a mitigation. Add a Kconfig option that uses the microcode
|
|
||||||
mitigation if available and disables AVX otherwise. Setting this
|
|
||||||
option has no effect on systems not affected by GDS. This is the
|
|
||||||
equivalent of setting gather_data_sampling=force.
|
|
||||||
|
|
||||||
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
|
|
||||||
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
|
|
||||||
|
|
||||||
(cherry picked from commit 53cf5797f114ba2bd86d23a862302119848eff19)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit 92bd969bbe475c5bca376d007ed6558085b237ba)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/Kconfig | 19 +++++++++++++++++++
|
|
||||||
arch/x86/kernel/cpu/bugs.c | 4 ++++
|
|
||||||
2 files changed, 23 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
|
||||||
index 598a303819da..8451e0f36c66 100644
|
|
||||||
--- a/arch/x86/Kconfig
|
|
||||||
+++ b/arch/x86/Kconfig
|
|
||||||
@@ -2640,6 +2640,25 @@ config SLS
|
|
||||||
against straight line speculation. The kernel image might be slightly
|
|
||||||
larger.
|
|
||||||
|
|
||||||
+config GDS_FORCE_MITIGATION
|
|
||||||
+ bool "Force GDS Mitigation"
|
|
||||||
+ depends on CPU_SUP_INTEL
|
|
||||||
+ default n
|
|
||||||
+ help
|
|
||||||
+ Gather Data Sampling (GDS) is a hardware vulnerability which allows
|
|
||||||
+ unprivileged speculative access to data which was previously stored in
|
|
||||||
+ vector registers.
|
|
||||||
+
|
|
||||||
+ This option is equivalent to setting gather_data_sampling=force on the
|
|
||||||
+ command line. The microcode mitigation is used if present, otherwise
|
|
||||||
+ AVX is disabled as a mitigation. On affected systems that are missing
|
|
||||||
+ the microcode any userspace code that unconditionally uses AVX will
|
|
||||||
+ break with this option set.
|
|
||||||
+
|
|
||||||
+ Setting this option on systems not vulnerable to GDS has no effect.
|
|
||||||
+
|
|
||||||
+ If in doubt, say N.
|
|
||||||
+
|
|
||||||
endif
|
|
||||||
|
|
||||||
config ARCH_HAS_ADD_PAGES
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index 0cc3c4f09dd7..819a8aa0c706 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
@@ -658,7 +658,11 @@ enum gds_mitigations {
|
|
||||||
GDS_MITIGATION_HYPERVISOR,
|
|
||||||
};
|
|
||||||
|
|
||||||
+#if IS_ENABLED(CONFIG_GDS_FORCE_MITIGATION)
|
|
||||||
+static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE;
|
|
||||||
+#else
|
|
||||||
static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
static const char * const gds_strings[] = {
|
|
||||||
[GDS_MITIGATION_OFF] = "Vulnerable",
|
|
@ -1,85 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Date: Wed, 12 Jul 2023 19:43:14 -0700
|
|
||||||
Subject: [PATCH] KVM: Add GDS_NO support to KVM
|
|
||||||
|
|
||||||
Gather Data Sampling (GDS) is a transient execution attack using
|
|
||||||
gather instructions from the AVX2 and AVX512 extensions. This attack
|
|
||||||
allows malicious code to infer data that was previously stored in
|
|
||||||
vector registers. Systems that are not vulnerable to GDS will set the
|
|
||||||
GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
|
|
||||||
guests that may think they are on vulnerable systems that are, in
|
|
||||||
fact, not affected. Guests that are running on affected hosts where
|
|
||||||
the mitigation is enabled are protected as if they were running
|
|
||||||
on an unaffected system.
|
|
||||||
|
|
||||||
On all hosts that are not affected or that are mitigated, set the
|
|
||||||
GDS_NO bit.
|
|
||||||
|
|
||||||
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
|
|
||||||
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
|
|
||||||
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
|
|
||||||
|
|
||||||
(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit cd25885269804c59063c52ef587bde0d8fe17131)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
arch/x86/kernel/cpu/bugs.c | 7 +++++++
|
|
||||||
arch/x86/kvm/x86.c | 7 ++++++-
|
|
||||||
2 files changed, 13 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index 819a8aa0c706..63ec50ef7d7c 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
@@ -673,6 +673,13 @@ static const char * const gds_strings[] = {
|
|
||||||
[GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
|
|
||||||
};
|
|
||||||
|
|
||||||
+bool gds_ucode_mitigated(void)
|
|
||||||
+{
|
|
||||||
+ return (gds_mitigation == GDS_MITIGATION_FULL ||
|
|
||||||
+ gds_mitigation == GDS_MITIGATION_FULL_LOCKED);
|
|
||||||
+}
|
|
||||||
+EXPORT_SYMBOL_GPL(gds_ucode_mitigated);
|
|
||||||
+
|
|
||||||
void update_gds_msr(void)
|
|
||||||
{
|
|
||||||
u64 mcu_ctrl_after;
|
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
||||||
index 1c5775d51495..7d8b14f8807e 100644
|
|
||||||
--- a/arch/x86/kvm/x86.c
|
|
||||||
+++ b/arch/x86/kvm/x86.c
|
|
||||||
@@ -310,6 +310,8 @@ u64 __read_mostly host_xcr0;
|
|
||||||
|
|
||||||
static struct kmem_cache *x86_emulator_cache;
|
|
||||||
|
|
||||||
+extern bool gds_ucode_mitigated(void);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* When called, it means the previous get/set msr reached an invalid msr.
|
|
||||||
* Return true if we want to ignore/silent this failed msr access.
|
|
||||||
@@ -1598,7 +1600,7 @@ static unsigned int num_msr_based_features;
|
|
||||||
ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \
|
|
||||||
ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \
|
|
||||||
ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \
|
|
||||||
- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO)
|
|
||||||
+ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO)
|
|
||||||
|
|
||||||
static u64 kvm_get_arch_capabilities(void)
|
|
||||||
{
|
|
||||||
@@ -1655,6 +1657,9 @@ static u64 kvm_get_arch_capabilities(void)
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (!boot_cpu_has_bug(X86_BUG_GDS) || gds_ucode_mitigated())
|
|
||||||
+ data |= ARCH_CAP_GDS_NO;
|
|
||||||
+
|
|
||||||
return data;
|
|
||||||
}
|
|
||||||
|
|
@ -1,38 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dave Hansen <dave.hansen@linux.intel.com>
|
|
||||||
Date: Tue, 1 Aug 2023 07:31:07 -0700
|
|
||||||
Subject: [PATCH] Documentation/x86: Fix backwards on/off logic about YMM
|
|
||||||
support
|
|
||||||
|
|
||||||
These options clearly turn *off* XSAVE YMM support. Correct the
|
|
||||||
typo.
|
|
||||||
|
|
||||||
Reported-by: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Fixes: 553a5c03e90a ("x86/speculation: Add force option to GDS mitigation")
|
|
||||||
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
|
|
||||||
|
|
||||||
(cherry picked from commit 1b0fc0345f2852ffe54fb9ae0e12e2ee69ad6a20)
|
|
||||||
CVE-2022-40982
|
|
||||||
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
||||||
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
||||||
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
||||||
(cherry picked from commit f88fa53e3623291b52b8a6656c1ea9a5d6f6f284)
|
|
||||||
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
||||||
---
|
|
||||||
Documentation/admin-guide/hw-vuln/gather_data_sampling.rst | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
index 40b7a6260010..264bfa937f7d 100644
|
|
||||||
--- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
|
|
||||||
@@ -63,7 +63,7 @@ GDS can also be mitigated on systems that don't have updated microcode by
|
|
||||||
disabling AVX. This can be done by setting gather_data_sampling="force" or
|
|
||||||
"clearcpuid=avx" on the kernel command-line.
|
|
||||||
|
|
||||||
-If used, these options will disable AVX use by turning on XSAVE YMM support.
|
|
||||||
+If used, these options will disable AVX use by turning off XSAVE YMM support.
|
|
||||||
However, the processor will still enumerate AVX support. Userspace that
|
|
||||||
does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
|
|
||||||
support will break.
|
|
Loading…
Reference in New Issue
Block a user