March 2018 - Linux-stable-mirror

[PATCH] Fix NULL pointer exception in find_bio_stripe()

by Dmitriy Gorokh

On detaching of a disk which is a part of a RAID6 filesystem, the following kernel OOPS may happen: [63122.680461] BTRFS error (device sdo): bdev /dev/sdo errs: wr 0, rd 0, flush 1, corrupt 0, gen 0 [63122.719584] BTRFS warning (device sdo): lost page write due to IO error on /dev/sdo [63122.719587] BTRFS error (device sdo): bdev /dev/sdo errs: wr 1, rd 0, flush 1, corrupt 0, gen 0 [63122.803516] BTRFS warning (device sdo): lost page write due to IO error on /dev/sdo [63122.803519] BTRFS error (device sdo): bdev /dev/sdo errs: wr 2, rd 0, flush 1, corrupt 0, gen 0 [63122.863902] BTRFS critical (device sdo): fatal error on device /dev/sdo [63122.935338] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [63122.946554] IP: fail_bio_stripe+0x58/0xa0 [btrfs] [63122.958185] PGD 9ecda067 P4D 9ecda067 PUD b2b37067 PMD 0 [63122.971202] Oops: 0000 [#1] SMP [63122.990786] Modules linked in: libcrc32c dlm configfs cpufreq_userspace cpufreq_powersave cpufreq_conservative softdog nfsd auth_rpcgss nfs_acl nfs lockd grace fscache sunrpc bonding ipmi_devintf ipmi_msghandler joydev snd_intel8x0 snd_ac97_codec snd_pcm snd_timer snd psmouse evdev parport_pc soundcore serio_raw battery pcspkr video ac97_bus ac parport ohci_pci ohci_hcd i2c_piix4 button crc32c_generic crc32c_intel btrfs xor zstd_decompress zstd_compress xxhash raid6_pq dm_mod dax raid1 md_mod hid_generic usbhid hid xhci_pci xhci_hcd ehci_pci ehci_hcd usbcore sg sd_mod sr_mod cdrom ata_generic ahci libahci ata_piix libata e1000 scsi_mod [last unloaded: scst] [63123.006760] CPU: 0 PID: 3979 Comm: kworker/u8:9 Tainted: G W 4.14.2-16-scst34x+ #8 [63123.007091] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [63123.007402] Workqueue: btrfs-worker btrfs_worker_helper [btrfs] [63123.007595] task: ffff880036ea4040 task.stack: ffffc90006384000 [63123.007796] RIP: 0010:fail_bio_stripe+0x58/0xa0 [btrfs] [63123.007968] RSP: 0018:ffffc90006387ad8 EFLAGS: 00010287 [63123.008140] RAX: 0000000000000002 RBX: ffff88004beaa0b8 RCX: ffff8800b2bd5690 [63123.008359] RDX: 0000000000000000 RSI: ffff88007bb43500 RDI: ffff88004beaa000 [63123.008621] RBP: ffffc90006387ae8 R08: 0000000099100000 R09: ffff8800b2bd5600 [63123.008840] R10: 0000000000000004 R11: 0000000000010000 R12: ffff88007bb43500 [63123.009059] R13: 00000000fffffffb R14: ffff880036fc5180 R15: 0000000000000004 [63123.009278] FS: 0000000000000000(0000) GS:ffff8800b7000000(0000) knlGS:0000000000000000 [63123.009564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [63123.009748] CR2: 0000000000000080 CR3: 00000000b0866000 CR4: 00000000000406f0 [63123.009969] Call Trace: [63123.010085] raid_write_end_io+0x7e/0x80 [btrfs] [63123.010251] bio_endio+0xa1/0x120 [63123.010378] generic_make_request+0x218/0x270 [63123.010921] submit_bio+0x66/0x130 [63123.011073] finish_rmw+0x3fc/0x5b0 [btrfs] [63123.011245] full_stripe_write+0x96/0xc0 [btrfs] [63123.011428] raid56_parity_write+0x117/0x170 [btrfs] [63123.011604] btrfs_map_bio+0x2ec/0x320 [btrfs] [63123.011759] ? ___cache_free+0x1c5/0x300 [63123.011909] __btrfs_submit_bio_done+0x26/0x50 [btrfs] [63123.012087] run_one_async_done+0x9c/0xc0 [btrfs] [63123.012257] normal_work_helper+0x19e/0x300 [btrfs] [63123.012429] btrfs_worker_helper+0x12/0x20 [btrfs] [63123.012656] process_one_work+0x14d/0x350 [63123.012888] worker_thread+0x4d/0x3a0 [63123.013026] ? _raw_spin_unlock_irqrestore+0x15/0x20 [63123.013192] kthread+0x109/0x140 [63123.013315] ? process_scheduled_works+0x40/0x40 [63123.013472] ? kthread_stop+0x110/0x110 [63123.013610] ret_from_fork+0x25/0x30 [63123.013741] Code: 7e 43 31 c0 48 63 d0 48 8d 14 52 49 8d 4c d1 60 48 8b 51 08 49 39 d0 72 1f 4c 63 1b 4c 01 da 49 39 d0 73 14 48 8b 11 48 8b 52 68 <48> 8b 8a 80 00 00 00 48 39 4e 08 74 14 83 c0 01 44 39 d0 75 c4 [63123.014469] RIP: fail_bio_stripe+0x58/0xa0 [btrfs] RSP: ffffc90006387ad8 [63123.014678] CR2: 0000000000000080 [63123.016590] ---[ end trace a295ea7259c17880 ]— This is reproducible in a cycle, where a series of writes is followed by SCSI device delete command. The test may take up to few minutes. Fixes: commit 74d46992e0d9dee7f1f376de0d56d31614c8a17a ("block: replace bi_bdev with a gendisk pointer and partitions index") --- fs/btrfs/raid56.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c index dec0907dfb8a..fcfc20de2df3 100644 --- a/fs/btrfs/raid56.c +++ b/fs/btrfs/raid56.c @@ -1370,6 +1370,7 @@ static int find_bio_stripe(struct btrfs_raid_bio *rbio, stripe_start = stripe->physical; if (physical >= stripe_start && physical < stripe_start + rbio->stripe_len && + stripe->dev->bdev && bio->bi_disk == stripe->dev->bdev->bd_disk && bio->bi_partno == stripe->dev->bdev->bd_partno) { return i; -- 2.14.2

6 years, 10 months

3
3
0 0

Patch "x86/paravirt, objtool: Annotate indirect calls" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/paravirt, objtool: Annotate indirect calls to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-paravirt-objtool-annotate-indirect-calls.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3010a0663fd949d122eca0561b06b0a9453f7866 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Wed, 17 Jan 2018 16:58:11 +0100 Subject: x86/paravirt, objtool: Annotate indirect calls From: Peter Zijlstra <peterz(a)infradead.org> commit 3010a0663fd949d122eca0561b06b0a9453f7866 upstream. Paravirt emits indirect calls which get flagged by objtool retpoline checks, annotate it away because all these indirect calls will be patched out before we start userspace. This patching happens through alternative_instructions() -> apply_paravirt() -> pv_init_ops.patch() which will eventually end up in paravirt_patch_default(). This function _will_ write direct alternatives. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/paravirt.h | 16 ++++++++++++---- arch/x86/include/asm/paravirt_types.h | 5 ++++- 2 files changed, 16 insertions(+), 5 deletions(-) --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -6,6 +6,7 @@ #ifdef CONFIG_PARAVIRT #include <asm/pgtable_types.h> #include <asm/asm.h> +#include <asm/nospec-branch.h> #include <asm/paravirt_types.h> @@ -869,23 +870,27 @@ extern void default_banner(void); #define INTERRUPT_RETURN \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_iret), CLBR_NONE, \ - jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_iret)) + ANNOTATE_RETPOLINE_SAFE; \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_iret);) #define DISABLE_INTERRUPTS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_irq_disable), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_irq_disable); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #define ENABLE_INTERRUPTS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_irq_enable), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_irq_enable); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #ifdef CONFIG_X86_32 #define GET_CR0_INTO_EAX \ push %ecx; push %edx; \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ pop %edx; pop %ecx #else /* !CONFIG_X86_32 */ @@ -907,11 +912,13 @@ extern void default_banner(void); */ #define SWAPGS \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_swapgs), CLBR_NONE, \ - call PARA_INDIRECT(pv_cpu_ops+PV_CPU_swapgs) \ + ANNOTATE_RETPOLINE_SAFE; \ + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_swapgs); \ ) #define GET_CR2_INTO_RAX \ - call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr2) + ANNOTATE_RETPOLINE_SAFE; \ + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr2); #define PARAVIRT_ADJUST_EXCEPTION_FRAME \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_adjust_exception_frame), \ @@ -921,7 +928,8 @@ extern void default_banner(void); #define USERGS_SYSRET64 \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \ CLBR_NONE, \ - jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64)) + ANNOTATE_RETPOLINE_SAFE; \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64);) #endif /* CONFIG_X86_32 */ #endif /* __ASSEMBLY__ */ --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -42,6 +42,7 @@ #include <asm/desc_defs.h> #include <asm/kmap_types.h> #include <asm/pgtable_types.h> +#include <asm/nospec-branch.h> struct page; struct thread_struct; @@ -391,7 +392,9 @@ int paravirt_disable_iospace(void); * offset into the paravirt_patch_template structure, and can therefore be * freely converted back into a structure offset. */ -#define PARAVIRT_CALL "call *%c[paravirt_opptr];" +#define PARAVIRT_CALL \ + ANNOTATE_RETPOLINE_SAFE \ + "call *%c[paravirt_opptr];" /* * These macros are intended to wrap calls through one of the paravirt Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.9/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.9/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.9/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.9/nospec-include-asm-barrier.h-dependency.patch queue-4.9/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.9/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.9/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.9/nospec-kill-array_index_nospec_mask_check.patch

6 years, 10 months

1
0
0 0

Patch "x86/boot, objtool: Annotate indirect jump in secondary_startup_64()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/boot, objtool: Annotate indirect jump in secondary_startup_64() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From bd89004f6305cbf7352238f61da093207ee518d6 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 16 Jan 2018 10:38:09 +0100 Subject: x86/boot, objtool: Annotate indirect jump in secondary_startup_64() From: Peter Zijlstra <peterz(a)infradead.org> commit bd89004f6305cbf7352238f61da093207ee518d6 upstream. The objtool retpoline validation found this indirect jump. Seeing how it's on CPU bringup before we run userspace it should be safe, annotate it. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/head_64.S | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -22,6 +22,7 @@ #include <asm/nops.h> #include "../entry/calling.h" #include <asm/export.h> +#include <asm/nospec-branch.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -200,6 +201,7 @@ ENTRY(secondary_startup_64) /* Ensure I am executing from virtual addresses */ movq $1f, %rax + ANNOTATE_RETPOLINE_SAFE jmp *%rax 1: Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.9/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.9/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.9/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.9/nospec-include-asm-barrier.h-dependency.patch queue-4.9/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.9/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.9/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.9/nospec-kill-array_index_nospec_mask_check.patch

6 years, 10 months

1
0
0 0

Patch "x86/paravirt, objtool: Annotate indirect calls" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/paravirt, objtool: Annotate indirect calls to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-paravirt-objtool-annotate-indirect-calls.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3010a0663fd949d122eca0561b06b0a9453f7866 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Wed, 17 Jan 2018 16:58:11 +0100 Subject: x86/paravirt, objtool: Annotate indirect calls From: Peter Zijlstra <peterz(a)infradead.org> commit 3010a0663fd949d122eca0561b06b0a9453f7866 upstream. Paravirt emits indirect calls which get flagged by objtool retpoline checks, annotate it away because all these indirect calls will be patched out before we start userspace. This patching happens through alternative_instructions() -> apply_paravirt() -> pv_init_ops.patch() which will eventually end up in paravirt_patch_default(). This function _will_ write direct alternatives. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/paravirt.h | 17 +++++++++++++---- arch/x86/include/asm/paravirt_types.h | 5 ++++- 2 files changed, 17 insertions(+), 5 deletions(-) --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -7,6 +7,7 @@ #ifdef CONFIG_PARAVIRT #include <asm/pgtable_types.h> #include <asm/asm.h> +#include <asm/nospec-branch.h> #include <asm/paravirt_types.h> @@ -879,23 +880,27 @@ extern void default_banner(void); #define INTERRUPT_RETURN \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_iret), CLBR_NONE, \ - jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_iret)) + ANNOTATE_RETPOLINE_SAFE; \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_iret);) #define DISABLE_INTERRUPTS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_irq_disable), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_irq_disable); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #define ENABLE_INTERRUPTS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_irq_enable), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_irq_enable); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #ifdef CONFIG_X86_32 #define GET_CR0_INTO_EAX \ push %ecx; push %edx; \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ pop %edx; pop %ecx #else /* !CONFIG_X86_32 */ @@ -917,21 +922,25 @@ extern void default_banner(void); */ #define SWAPGS \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_swapgs), CLBR_NONE, \ - call PARA_INDIRECT(pv_cpu_ops+PV_CPU_swapgs) \ + ANNOTATE_RETPOLINE_SAFE; \ + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_swapgs); \ ) #define GET_CR2_INTO_RAX \ - call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr2) + ANNOTATE_RETPOLINE_SAFE; \ + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr2); #define USERGS_SYSRET64 \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \ CLBR_NONE, \ - jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64)) + ANNOTATE_RETPOLINE_SAFE; \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64);) #ifdef CONFIG_DEBUG_ENTRY #define SAVE_FLAGS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_save_fl), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_save_fl); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #endif --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -43,6 +43,7 @@ #include <asm/desc_defs.h> #include <asm/kmap_types.h> #include <asm/pgtable_types.h> +#include <asm/nospec-branch.h> struct page; struct thread_struct; @@ -392,7 +393,9 @@ int paravirt_disable_iospace(void); * offset into the paravirt_patch_template structure, and can therefore be * freely converted back into a structure offset. */ -#define PARAVIRT_CALL "call *%c[paravirt_opptr];" +#define PARAVIRT_CALL \ + ANNOTATE_RETPOLINE_SAFE \ + "call *%c[paravirt_opptr];" /* * These macros are intended to wrap calls through one of the paravirt Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.15/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.15/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.15/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.15/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.15/bug-use-pb-in-bug-and-stack-protector-failure.patch queue-4.15/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.15/nospec-include-asm-barrier.h-dependency.patch queue-4.15/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.15/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.15/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.15/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.15/x86-64-realmode-add-instruction-suffix.patch queue-4.15/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.15/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.15/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.15/nospec-kill-array_index_nospec_mask_check.patch queue-4.15/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch queue-4.15/x86-io-apic-avoid-warning-in-32-bit-builds.patch

6 years, 10 months

1
0
0 0

Patch "x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 531bb52a869a9c6e08c8d17ba955fcbfc18037ad Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 23 Jan 2018 16:18:50 +0100 Subject: x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() From: Peter Zijlstra <peterz(a)infradead.org> commit 531bb52a869a9c6e08c8d17ba955fcbfc18037ad upstream. This is boot code and thus Spectre-safe: we run this _way_ before userspace comes along to have a chance to poison our branch predictor. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/mm/mem_encrypt_boot.S | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -15,6 +15,7 @@ #include <asm/page.h> #include <asm/processor-flags.h> #include <asm/msr-index.h> +#include <asm/nospec-branch.h> .text .code64 @@ -59,6 +60,7 @@ ENTRY(sme_encrypt_execute) movq %rax, %r8 /* Workarea encryption routine */ addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */ + ANNOTATE_RETPOLINE_SAFE call *%rax /* Call the encryption routine */ pop %r12 Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.15/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.15/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.15/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.15/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.15/bug-use-pb-in-bug-and-stack-protector-failure.patch queue-4.15/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.15/nospec-include-asm-barrier.h-dependency.patch queue-4.15/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.15/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.15/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.15/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.15/x86-64-realmode-add-instruction-suffix.patch queue-4.15/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.15/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.15/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.15/nospec-kill-array_index_nospec_mask_check.patch queue-4.15/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch queue-4.15/x86-io-apic-avoid-warning-in-32-bit-builds.patch

6 years, 10 months

1
0
0 0

Patch "x86/boot, objtool: Annotate indirect jump in secondary_startup_64()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/boot, objtool: Annotate indirect jump in secondary_startup_64() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From bd89004f6305cbf7352238f61da093207ee518d6 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 16 Jan 2018 10:38:09 +0100 Subject: x86/boot, objtool: Annotate indirect jump in secondary_startup_64() From: Peter Zijlstra <peterz(a)infradead.org> commit bd89004f6305cbf7352238f61da093207ee518d6 upstream. The objtool retpoline validation found this indirect jump. Seeing how it's on CPU bringup before we run userspace it should be safe, annotate it. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/head_64.S | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -23,6 +23,7 @@ #include <asm/nops.h> #include "../entry/calling.h" #include <asm/export.h> +#include <asm/nospec-branch.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -134,6 +135,7 @@ ENTRY(secondary_startup_64) /* Ensure I am executing from virtual addresses */ movq $1f, %rax + ANNOTATE_RETPOLINE_SAFE jmp *%rax 1: UNWIND_HINT_EMPTY Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.15/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.15/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.15/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.15/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.15/bug-use-pb-in-bug-and-stack-protector-failure.patch queue-4.15/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.15/nospec-include-asm-barrier.h-dependency.patch queue-4.15/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.15/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.15/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.15/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.15/x86-64-realmode-add-instruction-suffix.patch queue-4.15/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.15/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.15/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.15/nospec-kill-array_index_nospec_mask_check.patch queue-4.15/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch queue-4.15/x86-io-apic-avoid-warning-in-32-bit-builds.patch

6 years, 10 months

1
0
0 0

Patch "x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 531bb52a869a9c6e08c8d17ba955fcbfc18037ad Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 23 Jan 2018 16:18:50 +0100 Subject: x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() From: Peter Zijlstra <peterz(a)infradead.org> commit 531bb52a869a9c6e08c8d17ba955fcbfc18037ad upstream. This is boot code and thus Spectre-safe: we run this _way_ before userspace comes along to have a chance to poison our branch predictor. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/mm/mem_encrypt_boot.S | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -15,6 +15,7 @@ #include <asm/page.h> #include <asm/processor-flags.h> #include <asm/msr-index.h> +#include <asm/nospec-branch.h> .text .code64 @@ -59,6 +60,7 @@ ENTRY(sme_encrypt_execute) movq %rax, %r8 /* Workarea encryption routine */ addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */ + ANNOTATE_RETPOLINE_SAFE call *%rax /* Call the encryption routine */ pop %r12 Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

6 years, 10 months

1
0
0 0

Patch "x86/paravirt, objtool: Annotate indirect calls" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/paravirt, objtool: Annotate indirect calls to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-paravirt-objtool-annotate-indirect-calls.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3010a0663fd949d122eca0561b06b0a9453f7866 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Wed, 17 Jan 2018 16:58:11 +0100 Subject: x86/paravirt, objtool: Annotate indirect calls From: Peter Zijlstra <peterz(a)infradead.org> commit 3010a0663fd949d122eca0561b06b0a9453f7866 upstream. Paravirt emits indirect calls which get flagged by objtool retpoline checks, annotate it away because all these indirect calls will be patched out before we start userspace. This patching happens through alternative_instructions() -> apply_paravirt() -> pv_init_ops.patch() which will eventually end up in paravirt_patch_default(). This function _will_ write direct alternatives. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/paravirt.h | 17 +++++++++++++---- arch/x86/include/asm/paravirt_types.h | 5 ++++- 2 files changed, 17 insertions(+), 5 deletions(-) --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -7,6 +7,7 @@ #ifdef CONFIG_PARAVIRT #include <asm/pgtable_types.h> #include <asm/asm.h> +#include <asm/nospec-branch.h> #include <asm/paravirt_types.h> @@ -879,23 +880,27 @@ extern void default_banner(void); #define INTERRUPT_RETURN \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_iret), CLBR_NONE, \ - jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_iret)) + ANNOTATE_RETPOLINE_SAFE; \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_iret);) #define DISABLE_INTERRUPTS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_irq_disable), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_irq_disable); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #define ENABLE_INTERRUPTS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_irq_enable), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_irq_enable); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #ifdef CONFIG_X86_32 #define GET_CR0_INTO_EAX \ push %ecx; push %edx; \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ pop %edx; pop %ecx #else /* !CONFIG_X86_32 */ @@ -917,21 +922,25 @@ extern void default_banner(void); */ #define SWAPGS \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_swapgs), CLBR_NONE, \ - call PARA_INDIRECT(pv_cpu_ops+PV_CPU_swapgs) \ + ANNOTATE_RETPOLINE_SAFE; \ + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_swapgs); \ ) #define GET_CR2_INTO_RAX \ - call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr2) + ANNOTATE_RETPOLINE_SAFE; \ + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr2); #define USERGS_SYSRET64 \ PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \ CLBR_NONE, \ - jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64)) + ANNOTATE_RETPOLINE_SAFE; \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64);) #ifdef CONFIG_DEBUG_ENTRY #define SAVE_FLAGS(clobbers) \ PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_save_fl), clobbers, \ PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ + ANNOTATE_RETPOLINE_SAFE; \ call PARA_INDIRECT(pv_irq_ops+PV_IRQ_save_fl); \ PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) #endif --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -43,6 +43,7 @@ #include <asm/desc_defs.h> #include <asm/kmap_types.h> #include <asm/pgtable_types.h> +#include <asm/nospec-branch.h> struct page; struct thread_struct; @@ -392,7 +393,9 @@ int paravirt_disable_iospace(void); * offset into the paravirt_patch_template structure, and can therefore be * freely converted back into a structure offset. */ -#define PARAVIRT_CALL "call *%c[paravirt_opptr];" +#define PARAVIRT_CALL \ + ANNOTATE_RETPOLINE_SAFE \ + "call *%c[paravirt_opptr];" /* * These macros are intended to wrap calls through one of the paravirt Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

6 years, 10 months

1
0
0 0

Patch "x86/boot, objtool: Annotate indirect jump in secondary_startup_64()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/boot, objtool: Annotate indirect jump in secondary_startup_64() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From bd89004f6305cbf7352238f61da093207ee518d6 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 16 Jan 2018 10:38:09 +0100 Subject: x86/boot, objtool: Annotate indirect jump in secondary_startup_64() From: Peter Zijlstra <peterz(a)infradead.org> commit bd89004f6305cbf7352238f61da093207ee518d6 upstream. The objtool retpoline validation found this indirect jump. Seeing how it's on CPU bringup before we run userspace it should be safe, annotate it. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/head_64.S | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -23,6 +23,7 @@ #include <asm/nops.h> #include "../entry/calling.h" #include <asm/export.h> +#include <asm/nospec-branch.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -134,6 +135,7 @@ ENTRY(secondary_startup_64) /* Ensure I am executing from virtual addresses */ movq $1f, %rax + ANNOTATE_RETPOLINE_SAFE jmp *%rax 1: UNWIND_HINT_EMPTY Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

6 years, 10 months

1
0
0 0

[PATCH 3.16 00/76] 3.16.56-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.56 release. There are 76 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 14 12:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Andi Kleen (3): module/retpoline: Warn about missing retpoline in module [caf7501a1b4ec964190f31f9c3f163de252273b8] x86/retpoline/irq32: Convert assembler indirect jumps [7614e913db1f40fff819b36216484dc3808995d4] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB [3f7d875566d8e79c5e0b2c9a413e91b2c29e0854] Andrey Ryabinin (1): x86/asm: Use register variable to get stack pointer value [196bd485ee4f03ce4c690bfcf38138abfcd0a4bc] Andy Lutomirski (3): x86/asm: Make asm/alternative.h safe from assembly [f005f5d860e0231fe212cfda8c1a3148b99609f4] x86/cpu: Factor out application of forced CPU caps [8bf1ebca215c262e48c15a4a15f175991776f57f] x86: Clean up current_stack_pointer [83653c16da91112236292871b820cb8b367220e3] Arnd Bergmann (1): x86: fix build warnign with 32-bit PAE [not upstream; specific to KAISER] Ben Hutchings (1): x86/syscall: Sanitize syscall table de-references under speculation [2fbd7af5af8665d18bcefae3e9700be07e22b681] Borislav Petkov (6): x86/alternatives: Fix ALTERNATIVE_2 padding generation properly [dbe4058a6a44af4ca5d146aebe01b0a1f9b7fd2a] x86/alternatives: Fix optimize_nops() checking [612e8e9350fd19cae6900cf36ea0c6892d1a0dca] x86/alternatives: Guard NOPs optimization [69df353ff305805fc16082d0c5bfa6e20fa8b863] x86/bugs: Drop one "mitigation" from dmesg [55fa19d3e51f33d9cd4056d25836d93abf9438db] x86/cpu: Merge bugs.c and bugs_64.c [62a67e123e058a67db58bc6a14354dd037bafd0a] x86/nospec: Fix header guards names [7a32fc51ca938e67974cbb9db31e1a43f98345a9] Colin Ian King (1): x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" [e698dcdfcda41efd0984de539767b4cddd235f1e] Dan Carpenter (1): x86/spectre: Fix an error message [9de29eac8d2189424d81c0d840cd0469aa3d41c8] Dan Williams (13): array_index_nospec: Sanitize speculative array de-references [f3804203306e098dae9ca51540fcd5eb700d7f40] nl80211: Sanitize array index in parse_txq_params [259d8c1e984318497c84eef547bbb6b1d9f4eb05] nospec: Include <asm/barrier.h> dependency [eb6174f6d1be16b19cfa43dac296bfed003ce1a6] nospec: Kill array_index_nospec_mask_check() [1d91c1d2c80cb70e2e553845e278b87a960c04da] vfs, fdtable: Prevent bounds-check bypass via speculative execution [56c30ba7b348b90484969054d561f711ba196507] x86/get_user: Use pointer masking to limit speculation [c7f631cb07e7da06ac1d231ca178452339e32a94] x86/kvm: Update spectre-v1 mitigation [085331dfc6bbe3501fb936e657331ca943827600] x86/spectre: Report get_user mitigation for spectre_v1 [edfbae53dab8348fca778531be9f4855d2ca0360] x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec [304ec1b050310548db33063e567123fae8fd0301] x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} [b5c4ae4f35325d520b230bab6eb3310613b72ac1] x86: Implement array_index_mask_nospec [babdde2698d482b6c0de1eab4f697cf5856c5859] x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec [b3bbfb3fb5d25776b8e3f361d2eedaabb0b496cd] x86: Introduce barrier_nospec [b3d7ad85b80bbc404635dca80f5b129f6242bc7a] Darren Kenny (1): x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL [af189c95a371b59f493dbe0f50c0a09724868881] Dave Hansen (2): x86/Documentation: Add PTI description [01c9b17bf673b05bb401b76ec763e9730ccf1376] x86/cpu/intel: Introduce macros for Intel family numbers [970442c599b22ccd644ebfe94d1d303bf6f87c05] David Woodhouse (14): sysfs/cpu: Fix typos in vulnerability documentation [9ecccfaa7cb5249bd31bdceb93fcf5bedb8a24d8] x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] [99c6fa2511d8a683e61468be91b83f85452115fa] x86/cpufeatures: Clean up Spectre v2 related CPUID flags [2961298efe1ea1b6fc0d7ee8b76018fa6c0bcef2] x86/retpoline/checksum32: Convert assembler indirect jumps [5096732f6f695001fa2d6f1335a2680b37912c69] x86/retpoline/crypto: Convert crypto assembler indirect jumps [9697fa39efd3fc3692f2949d4045f393ec58450b] x86/retpoline/entry: Convert entry assembler indirect jumps [2641f08bb7fc63a636a2b18173221d7040a3512e] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps [9351803bd803cdbeb9b5a7850b7b6f464806e3db] x86/retpoline/hyperv: Convert assembler indirect jumps [e70e5892b28c18f517f29ab6e83bd57705104b31] x86/retpoline/xen: Convert Xen hypercall indirect jumps [ea08816d5b185ab3d09e95e393f265af54560350] x86/retpoline: Add initial retpoline support [76b043848fd22dbf7f8bf3a1452f8c70d557b860] x86/retpoline: Avoid retpolines for built-in __init functions [66f793099a636862a71c59d4a6ba91387b155e0c] x86/retpoline: Fill RSB on context switch for affected CPUs [c995efd5a740d9cbafbf58bde4973e8b50b4d761] x86/retpoline: Fill return stack buffer on vmexit [117cc7a908c83697b0b737d15ae1eb5943afe35b] x86/spectre: Add boot time option to select Spectre v2 mitigation [da285121560e769cc31797bba6422eea71d473e0] Dou Liyang (1): x86/spectre: Check CONFIG_RETPOLINE in command line parser [9471eee9186a46893726e22ebb54cade3f9bc043] Gustavo A. R. Silva (1): x86/cpu: Change type of x86_cache_size variable to unsigned int [24dbc6000f4b9b0ef5a9daecb161f1907733765a] Jim Mattson (1): kvm: vmx: Scrub hardware GPRs at VM-exit [0cb5b30698fdc8f6b4646012e3acb4ddce430788] Josh Poimboeuf (1): x86/paravirt: Remove 'noreplace-paravirt' cmdline option [12c69f1e94c89d40696e83804dd2f0965b5250cd] KarimAllah Ahmed (1): x86/spectre: Simplify spectre_v2 command line parsing [9005c6834c0ffdfe46afa76656bd9276cca864f6] Linus Torvalds (2): x86: fix SMAP in 32-bit environments [de9e478b9d49f3a0214310d921450cf5bb4a21e6] x86: reorganize SMAP handling in user space accesses [11f1a4b9755f5dbc3e822a96502ebe9b044b14d8] Mark Rutland (1): Documentation: Document array_index_nospec [f84a56f73dddaeac1dba8045b007f742f61cd2da] Masahiro Yamada (1): kconfig.h: use __is_defined() to check if MODULE is defined [4f920843d248946545415c1bf6120942048708ed] Masami Hiramatsu (3): kprobes/x86: Blacklist indirect thunk functions for kprobes [c1804a236894ecc942da7dc6c5abe209e56cba93] kprobes/x86: Disable optimizing on the function jumps to indirect thunk [c86a32c09f8ced67971a2310e3b0dda4d1749007] retpoline: Introduce start/end markers of indirect thunk [736e80a4213e9bbce40a7c050337047128b472ac] Peter Zijlstra (2): KVM: VMX: Make indirect call speculation safe [c940a3fb1e2e9b7d03228ab28f375fb5a47ff699] KVM: x86: Make indirect calls in emulator speculation safe [1a29b5b7f347a1a9230c1e0af5b37e3e571588ab] Thomas Gleixner (8): sysfs/cpu: Add vulnerability folder [87590ce6e373d1a5401f6539f0c59ef92dd924a9] x86/alternatives: Make optimize_nops() interrupt safe and synced [66c117d7fa2ae429911e60d84bf31a90b2b96189] x86/cpu/bugs: Make retpoline module warning conditional [e383095c7fe8d218e00ec0f83e4b95ed4e627b02] x86/cpu: Implement CPU vulnerabilites sysfs functions [61dc0f555b5c761cdafb0ba5bd41ecf22d68a4c4] x86/cpufeatures: Add X86_BUG_CPU_INSECURE [a89f040fa34ec9cd682aed98b8f04e3c47d998bd] x86/cpufeatures: Make CPU bugs sticky [6cbd2171e89b13377261d15e64384df60ecb530e] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN [de791821c295cc61419a06fe5562288417d1bc58] x86/retpoline: Remove compile time warning [b8b9ce4b5aec8de9e23cabb0a26b78641f9ab1d6] Tom Lendacky (4): x86/cpu, x86/pti: Do not enable PTI on AMD processors [694d99d40972f12e59a3696effee8a376b79d7c8] x86/cpu/AMD: Make LFENCE a serializing instruction [e4d0e84e490790798691aaa0f2e598637f1867ec] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC [9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros [28d437d550e1e39f805d99f9f8ac399c778827b7] Waiman Long (1): x86/retpoline: Remove the esp/rsp thunk [1df37383a8aeabb9b418698f0bcdffea01f4b1b2] Will Deacon (1): nospec: Move array_index_nospec() parameter checking into separate macro [8fa80c503b484ddc1abbd10c7cb2ab81f3824a50] Zhenwei.Pi (1): x86/pti: Document fix wrong index [98f0fceec7f84d80bc053e49e596088573086421] Documentation/ABI/testing/sysfs-devices-system-cpu | 16 ++ Documentation/kernel-parameters.txt | 51 +++- Documentation/speculation.txt | 90 +++++++ Documentation/x86/pti.txt | 186 +++++++++++++ Makefile | 4 +- arch/x86/Kconfig | 14 + arch/x86/Makefile | 8 + arch/x86/crypto/aesni-intel_asm.S | 5 +- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +- arch/x86/include/asm/alternative-asm.h | 14 +- arch/x86/include/asm/alternative.h | 20 +- arch/x86/include/asm/asm.h | 11 + arch/x86/include/asm/barrier.h | 31 ++- arch/x86/include/asm/cpufeature.h | 8 + arch/x86/include/asm/intel-family.h | 68 +++++ arch/x86/include/asm/nospec-branch.h | 198 ++++++++++++++ arch/x86/include/asm/processor.h | 6 +- arch/x86/include/asm/switch_to.h | 38 +++ arch/x86/include/asm/uaccess.h | 64 +++-- arch/x86/include/asm/uaccess_32.h | 24 ++ arch/x86/include/asm/uaccess_64.h | 94 +++++-- arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/include/uapi/asm/msr-index.h | 3 + arch/x86/kernel/alternative.c | 29 +- arch/x86/kernel/cpu/Makefile | 4 +- arch/x86/kernel/cpu/amd.c | 28 +- arch/x86/kernel/cpu/bugs.c | 299 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs_64.c | 33 --- arch/x86/kernel/cpu/common.c | 32 ++- arch/x86/kernel/cpu/microcode/intel.c | 2 +- arch/x86/kernel/cpu/proc.c | 4 +- arch/x86/kernel/entry_32.S | 15 +- arch/x86/kernel/entry_64.S | 29 +- arch/x86/kernel/irq_32.c | 16 +- arch/x86/kernel/kprobes/opt.c | 23 +- arch/x86/kernel/mcount_64.S | 8 +- arch/x86/kernel/vmlinux.lds.S | 6 + arch/x86/kvm/emulate.c | 9 +- arch/x86/kvm/svm.c | 23 ++ arch/x86/kvm/vmx.c | 46 ++-- arch/x86/lib/Makefile | 2 + arch/x86/lib/checksum_32.S | 7 +- arch/x86/lib/getuser.S | 10 + arch/x86/lib/retpoline-export.c | 24 ++ arch/x86/lib/retpoline.S | 47 ++++ arch/x86/lib/usercopy_32.c | 20 +- drivers/base/Kconfig | 3 + drivers/base/cpu.c | 48 ++++ drivers/hv/hv.c | 25 +- include/linux/cpu.h | 7 + include/linux/fdtable.h | 5 +- include/linux/init.h | 9 +- include/linux/kaiser.h | 2 +- include/linux/kconfig.h | 9 +- include/linux/module.h | 9 + include/linux/nospec.h | 59 ++++ kernel/module.c | 11 + net/wireless/nl80211.c | 9 +- scripts/mod/modpost.c | 9 + 61 files changed, 1662 insertions(+), 226 deletions(-) -- Ben Hutchings Design a system any fool can use, and only a fool will want to use it.

6 years, 10 months

3
78
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2018