- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [PATCH 4.14 000/159] 4.14.9-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.9 release. There are 159 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 24 08:45:36 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.9-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.9-rc1 Peter Hutterer <peter.hutterer(a)who-t.net> platform/x86: asus-wireless: send an EV_SYN/SYN_REPORT between state changes Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/drivers/hisi: Fix multiple alarm interrupts firing Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/drivers/hisi: Simplify the temperature/step computation Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/drivers/hisi: Fix kernel panic on alarm interrupt Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/drivers/hisi: Fix missing interrupt enablement Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> IB/opa_vnic: Properly return the total MACs in UC MAC list Scott Franco <safranco(a)intel.com> IB/opa_vnic: Properly clear Mac Table Digest Eric Anholt <eric(a)anholt.net> drm/vc4: Avoid using vrefresh==0 mode in DSI htotal math. Nicholas Piggin <npiggin(a)gmail.com> cpuidle: fix broadcast control when broadcast can not be entered Alexandre Belloni <alexandre.belloni(a)free-electrons.com> rtc: set the alarm to the next expiring timer Hoang Tran <tranviethoang.vn(a)gmail.com> tcp: fix under-evaluated ssthresh in TCP Vegas Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision Arvind Yadav <arvind.yadav.cs(a)gmail.com> staging: greybus: light: Release memory obtained by kasprintf Wei Hu(Xavier) <xavier.huwei(a)huawei.com> RDMA/hns: Avoid NULL pointer exception Mike Manning <mmanning(a)brocade.com> net: ipv6: send NS for DAD when link operationally up Mick Tarsel <mjtarsel(a)linux.vnet.ibm.com> ibmvnic: Set state UP Jacob Keller <jacob.e.keller(a)intel.com> fm10k: ensure we process SM mbx when processing VF mbx Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: exynos_defconfig: Enable UAS support for Odroid HC1 board Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Payload Size Alan Brady <alan.brady(a)intel.com> i40e: fix client notify of VF reset Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix warning messages when NVME_TARGET_FC not defined Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: PLOGI failures during NPIV testing Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix secure firmware updates Jacob Keller <jacob.e.keller(a)intel.com> fm10k: fix mis-ordered parameters in declaration for .ndo_set_vf_bw Nicolas Dechesne <nicolas.dechesne(a)linaro.org> ASoC: codecs: msm8916-wcd-analog: fix module autoload Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: silence warns on sctp_stream_init allocations Nicholas Piggin <npiggin(a)gmail.com> powerpc/watchdog: Do not trigger SMP crash from touch_nmi_watchdog Nicholas Piggin <npiggin(a)gmail.com> powerpc/xmon: Avoid tripping SMP hardlockup watchdog Ed Blake <ed.blake(a)sondrel.com> ASoC: img-parallel-out: Add pm_runtime_get/put to set_fmt callback Jean-François Têtu <jean-francois.tetu(a)savoirfairelinux.com> ASoC: codecs: msm8916-wcd-analog: fix micbias level Tom Zanussi <tom.zanussi(a)linux.intel.com> tracing: Exclude 'generic fields' from histograms Gabriele Paoloni <gabriele.paoloni(a)huawei.com> PCI/AER: Report non-fatal errors only to the affected endpoint Jacob Keller <jacob.e.keller(a)intel.com> i40e/i40evf: spread CPU affinity hints across online CPUs only Hans de Goede <hdegoede(a)redhat.com> Bluetooth: hci_bcm: Fix setting of irq trigger type Hans de Goede <hdegoede(a)redhat.com> Bluetooth: hci_uart_set_flow_control: Fix NULL deref when using serdev Andrew Jeffery <andrew(a)aj.id.au> leds: pca955x: Don't invert requested value in pca955x_gpio_set_value() Wei Wang <weiwan(a)google.com> ipv6: grab rt->rt6i_ref before allocating pcpu rt William Tu <u9012063(a)gmail.com> ip_gre: check packet length and mtu correctly in erspan tx Guoqing Jiang <gqjiang(a)suse.com> md: always set THREAD_WAKEUP and wake up wqueue if thread existed Luca Miccio <lucmiccio(a)gmail.com> block,bfq: Disable writeback throttling Colin Ian King <colin.king(a)canonical.com> IB/rxe: check for allocation failure on elem Emil Tantilov <emil.s.tantilov(a)intel.com> ixgbe: fix use of uninitialized padding Lorenzo Bianconi <lorenzo.bianconi83(a)gmail.com> iio: st_sensors: add register mask for status register Lihong Yang <lihong.yang(a)intel.com> i40e: use the safe hash table iterator when deleting mac filters Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> igb: check memory allocation failure Fabio Estevam <fabio.estevam(a)nxp.com> PM / OPP: Move error message to debug level Stuart Hayes <stuart.w.hayes(a)gmail.com> PCI: Create SR-IOV virtfn/physfn links before attaching driver Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive Varun Prakash <varun(a)chelsio.com> scsi: cxgb4i: fix Tx skb leak David Daney <david.daney(a)cavium.com> PCI: Avoid bus reset if bridge itself is broken Dan Murphy <dmurphy(a)ti.com> net: phy: at803x: Change error to EINVAL for invalid MAC Shakeel Butt <shakeelb(a)google.com> kvm, mm: account kvm related kmem slabs to kmemcg Russell King <rmk+kernel(a)armlinux.org.uk> rtc: pl031: make interrupt optional Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> crypto: lrw - Fix an error handling path in 'create()' Christian Lamparter <chunkeey(a)gmail.com> crypto: crypto4xx - increase context and scatter ring buffer elements Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: sun5i: Fix bit offset of audio PLL post-divider Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: nm: Check if requested rate is supported by fractional clock Shashank Sharma <shashank.sharma(a)intel.com> drm: Add retries for lspcon mode detection Derek Basehore <dbasehore(a)chromium.org> backlight: pwm_bl: Fix overflow condition Jens Wiklander <jens.wiklander(a)linaro.org> optee: fix invalid of_node_put() in optee_driver_init() Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Make CPU bugs sticky Thomas Gleixner <tglx(a)linutronix.de> x86/paravirt: Provide a way to check for hypervisors Thomas Gleixner <tglx(a)linutronix.de> x86/paravirt: Dont patch flush_tlb_single Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Make cpu_entry_area.tss read-only Andy Lutomirski <luto(a)kernel.org> x86/entry: Clean up the SYSENTER_stack code Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove the SYSENTER stack canary Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Move the IST stacks into struct cpu_entry_area Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Create a per-CPU SYSCALL entry trampoline Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Return to userspace from the trampoline stack Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Use a per-CPU trampoline stack for IDT entries Andy Lutomirski <luto(a)kernel.org> x86/espfix/64: Stop assuming that pt_regs is on the entry stack Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0 Andy Lutomirski <luto(a)kernel.org> x86/entry: Remap the TSS into the CPU entry area Andy Lutomirski <luto(a)kernel.org> x86/entry: Move SYSENTER_stack to the beginning of struct tss_struct Andy Lutomirski <luto(a)kernel.org> x86/dumpstack: Handle stack overflow on all stacks Andy Lutomirski <luto(a)kernel.org> x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss Andy Lutomirski <luto(a)kernel.org> x86/kasan/64: Teach KASAN about the cpu_entry_area Andy Lutomirski <luto(a)kernel.org> x86/mm/fixmap: Generalize the GDT fixmap mechanism, introduce struct cpu_entry_area Andy Lutomirski <luto(a)kernel.org> x86/entry/gdt: Put per-CPU GDT remaps in ascending order Andy Lutomirski <luto(a)kernel.org> x86/dumpstack: Add get_stack_info() support for the SYSENTER stack Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Allocate and enable the SYSENTER stack Andy Lutomirski <luto(a)kernel.org> x86/irq/64: Print the offending IP in the stack overflow warning Andy Lutomirski <luto(a)kernel.org> x86/irq: Remove an old outdated comment about context tracking races Josh Poimboeuf <jpoimboe(a)redhat.com> x86/unwinder: Handle stack overflows more gracefully Andy Lutomirski <luto(a)kernel.org> x86/unwinder/orc: Dont bail on stack overflow Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/entry/64/paravirt: Use paravirt-safe macro to access eflags Andrey Ryabinin <aryabinin(a)virtuozzo.com> x86/mm/kasan: Don't use vmemmap_populate() to initialize shadow Will Deacon <will.deacon(a)arm.com> locking/barriers: Convert users of lockless_dereference() to READ_ONCE() Will Deacon <will.deacon(a)arm.com> locking/barriers: Add implicit smp_read_barrier_depends() to READ_ONCE() Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix build issues on um due to mising bpf_perf_event.h Andi Kleen <ak(a)linux.intel.com> perf/x86: Enable free running PEBS for REGS_USER/INTR Rudolf Marek <r.marek(a)assembler.cz> x86: Make X86_BUG_FXSAVE_LEAK detectable in CPUID on AMD Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> x86/cpufeature: Add User-Mode Instruction Prevention definitions Ingo Molnar <mingo(a)kernel.org> drivers/misc/intel/pti: Rename the header file to free up the namespace Juergen Gross <jgross(a)suse.com> x86/virt: Add enum for hypervisors to replace x86_hyper Juergen Gross <jgross(a)suse.com> x86/virt, x86/platform: Merge 'struct x86_hyper' into 'struct x86_platform' and 'struct x86_init' James Morse <james.morse(a)arm.com> ACPI / APEI: Replace ioremap_page_range() with fixmap Andy Lutomirski <luto(a)kernel.org> selftests/x86/ldt_gdt: Run most existing LDT test cases against the GDT as well Andy Lutomirski <luto(a)kernel.org> selftests/x86/ldt_gdt: Add infrastructure to test set_thread_area() Ingo Molnar <mingo(a)kernel.org> x86/cpufeatures: Fix various details in the feature definitions Ingo Molnar <mingo(a)kernel.org> x86/cpufeatures: Re-tabulate the X86_FEATURE definitions Borislav Petkov <bp(a)suse.de> x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE Thomas Gleixner <tglx(a)linutronix.de> bitops: Revert cbe96375025e ("bitops: Add clear/set_bit32() to linux/bitops.h") Thomas Gleixner <tglx(a)linutronix.de> x86/cpuid: Replace set/clear_bit32() Borislav Petkov <bp(a)suse.de> x86/entry/64: Shorten TEST instructions Andy Lutomirski <luto(a)kernel.org> x86/traps: Use a new on_thread_stack() helper to clean up an assertion Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove thread_struct::sp0 Andy Lutomirski <luto(a)kernel.org> x86/entry/32: Fix cpu_current_top_of_stack initialization at boot Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove all remaining direct thread_struct::sp0 reads Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Stop initializing TSS.sp0 at boot Andy Lutomirski <luto(a)kernel.org> x86/xen/64, x86/entry/64: Clean up SP code in cpu_initialize_context() Andy Lutomirski <luto(a)kernel.org> x86/entry: Add task_top_of_stack() to find the top of a task's stack Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Pass SP0 directly to load_sp0() Andy Lutomirski <luto(a)kernel.org> x86/entry/32: Pull the MSR_IA32_SYSENTER_CS update code out of native_load_sp0() Andy Lutomirski <luto(a)kernel.org> x86/entry/64: De-Xen-ify our NMI code Juergen Gross <jgross(a)suse.com> xen, x86/entry/64: Add xen NMI trap entry Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove the RESTORE_..._REGS infrastructure Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Use POP instead of MOV to restore regs on NMI return Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Merge the fast and slow SYSRET paths Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Use pop instead of movq in syscall_return_via_sysret Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Shrink paranoid_exit_restore and make labels local Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Simplify reg restore code in the standard IRET paths Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Move SWAPGS into the common IRET-to-usermode path Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Split the IRET-to-user and IRET-to-kernel paths Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove the restore_c_regs_and_iret label Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> ptrace,x86: Make user_64bit_mode() available to 32-bit builds Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> x86/boot: Relocate definition of the initial state of CR0 Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> x86/mm: Relocate page fault error codes to traps.h Gayatri Kammela <gayatri.kammela(a)intel.com> x86/cpufeatures: Enable new SSE/AVX/AVX512 CPU features Baoquan He <bhe(a)redhat.com> x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' Masahiro Yamada <yamada.masahiro(a)socionext.com> x86/build: Beautify build log of syscall headers Josh Poimboeuf <jpoimboe(a)redhat.com> x86/asm: Don't use the confusing '.ifeq' directive Dongjiu Geng <gengdongjiu(a)huawei.com> ACPI / APEI: remove the unused dead-code for SEA/NMI notification type Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/xen: Drop 5-level paging support code from the XEN_PV code Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/xen: Provide pre-built page tables only for CONFIG_XEN_PV=y and CONFIG_XEN_PVH=y Andrey Ryabinin <aryabinin(a)virtuozzo.com> x86/kasan: Use the same shadow offset for 4- and 5-level paging Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y Thomas Gleixner <tglx(a)linutronix.de> x86/cpuid: Prevent out of bound access in do_clear_cpu_cap() Kamalesh Babulal <kamalesh(a)linux.vnet.ibm.com> objtool: Print top level commands on incorrect usage Kees Cook <keescook(a)chromium.org> x86/platform/UV: Convert timers to use timer_setup() Andi Kleen <ak(a)linux.intel.com> x86/fpu: Remove the explicit clearing of XSAVE dependent features Andi Kleen <ak(a)linux.intel.com> x86/fpu: Make XSAVE check the base CPUID features before enabling Andi Kleen <ak(a)linux.intel.com> x86/fpu: Parse clearcpuid= as early XSAVE argument Andi Kleen <ak(a)linux.intel.com> x86/cpuid: Add generic table for CPUID dependencies Andi Kleen <ak(a)linux.intel.com> bitops: Add clear/set_bit32() to linux/bitops.h Josh Poimboeuf <jpoimboe(a)redhat.com> x86/unwind: Make CONFIG_UNWINDER_ORC=y the default in kconfig for 64-bit Josh Poimboeuf <jpoimboe(a)redhat.com> x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*' Steven Rostedt (VMware) <rostedt(a)goodmis.org> x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints Ingo Molnar <mingo(a)kernel.org> x86/unwinder: Make CONFIG_UNWINDER_ORC=y the default in the 64-bit defconfig Jan Beulich <JBeulich(a)suse.com> ACPI / APEI: adjust a local variable type in ghes_ioremap_pfn_irq() Josh Poimboeuf <jpoimboe(a)redhat.com> x86/head: Add unwind hint annotations Josh Poimboeuf <jpoimboe(a)redhat.com> x86/xen: Add unwind hint annotations Josh Poimboeuf <jpoimboe(a)redhat.com> x86/xen: Fix xen head ELF annotations Josh Poimboeuf <jpoimboe(a)redhat.com> x86/boot: Annotate verify_cpu() as a callable function Josh Poimboeuf <jpoimboe(a)redhat.com> x86/head: Fix head ELF function annotations Josh Poimboeuf <jpoimboe(a)redhat.com> x86/head: Remove unused 'bad_address' code Josh Poimboeuf <jpoimboe(a)redhat.com> x86/head: Remove confusing comment Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Don't report end of section error after an empty unwind hint Uros Bizjak <ubizjak(a)gmail.com> x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates ------------- Diffstat: Documentation/x86/orc-unwinder.txt | 2 +- Documentation/x86/x86_64/mm.txt | 2 +- Makefile | 8 +- arch/arm/configs/exynos_defconfig | 2 +- arch/arm64/include/asm/fixmap.h | 7 + arch/powerpc/kernel/watchdog.c | 7 +- arch/powerpc/xmon/xmon.c | 17 +- arch/um/include/asm/Kbuild | 1 + arch/x86/Kconfig | 5 +- arch/x86/Kconfig.debug | 39 +- arch/x86/configs/tiny.config | 4 +- arch/x86/configs/x86_64_defconfig | 1 + arch/x86/entry/calling.h | 69 +-- arch/x86/entry/entry_32.S | 6 +- arch/x86/entry/entry_64.S | 322 +++++++++--- arch/x86/entry/entry_64_compat.S | 10 +- arch/x86/entry/syscalls/Makefile | 4 +- arch/x86/events/core.c | 2 +- arch/x86/events/intel/core.c | 4 + arch/x86/events/perf_event.h | 24 +- arch/x86/hyperv/hv_init.c | 2 +- arch/x86/include/asm/archrandom.h | 8 +- arch/x86/include/asm/bitops.h | 10 +- arch/x86/include/asm/compat.h | 1 + arch/x86/include/asm/cpufeature.h | 11 +- arch/x86/include/asm/cpufeatures.h | 538 +++++++++++---------- arch/x86/include/asm/desc.h | 11 +- arch/x86/include/asm/fixmap.h | 74 ++- arch/x86/include/asm/hypervisor.h | 53 +- arch/x86/include/asm/irqflags.h | 3 + arch/x86/include/asm/kdebug.h | 1 + arch/x86/include/asm/mmu_context.h | 4 +- arch/x86/include/asm/module.h | 2 +- arch/x86/include/asm/paravirt.h | 14 +- arch/x86/include/asm/paravirt_types.h | 2 +- arch/x86/include/asm/percpu.h | 2 +- arch/x86/include/asm/pgtable_types.h | 3 +- arch/x86/include/asm/processor.h | 109 +++-- arch/x86/include/asm/ptrace.h | 6 +- arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/stacktrace.h | 3 + arch/x86/include/asm/switch_to.h | 26 + arch/x86/include/asm/thread_info.h | 2 +- arch/x86/include/asm/trace/fpu.h | 10 - arch/x86/include/asm/traps.h | 21 +- arch/x86/include/asm/unwind.h | 15 +- arch/x86/include/asm/x86_init.h | 24 + arch/x86/include/uapi/asm/processor-flags.h | 3 + arch/x86/kernel/Makefile | 10 +- arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/apic/x2apic_uv_x.c | 5 +- arch/x86/kernel/asm-offsets.c | 6 + arch/x86/kernel/asm-offsets_32.c | 9 +- arch/x86/kernel/asm-offsets_64.c | 4 + arch/x86/kernel/cpu/Makefile | 1 + arch/x86/kernel/cpu/amd.c | 7 +- arch/x86/kernel/cpu/common.c | 195 +++++--- arch/x86/kernel/cpu/cpuid-deps.c | 121 +++++ arch/x86/kernel/cpu/hypervisor.c | 64 +-- arch/x86/kernel/cpu/mshyperv.c | 6 +- arch/x86/kernel/cpu/vmware.c | 8 +- arch/x86/kernel/doublefault.c | 36 +- arch/x86/kernel/dumpstack.c | 74 ++- arch/x86/kernel/dumpstack_32.c | 6 + arch/x86/kernel/dumpstack_64.c | 6 + arch/x86/kernel/fpu/init.c | 11 + arch/x86/kernel/fpu/xstate.c | 43 +- arch/x86/kernel/head_32.S | 5 +- arch/x86/kernel/head_64.S | 45 +- arch/x86/kernel/ioport.c | 2 +- arch/x86/kernel/irq.c | 12 - arch/x86/kernel/irq_64.c | 4 +- arch/x86/kernel/kvm.c | 6 +- arch/x86/kernel/ldt.c | 2 +- arch/x86/kernel/paravirt_patch_64.c | 2 - arch/x86/kernel/process.c | 27 +- arch/x86/kernel/process_32.c | 8 +- arch/x86/kernel/process_64.c | 19 +- arch/x86/kernel/smpboot.c | 3 +- arch/x86/kernel/traps.c | 72 +-- arch/x86/kernel/unwind_orc.c | 88 ++-- arch/x86/kernel/verify_cpu.S | 3 +- arch/x86/kernel/vm86_32.c | 20 +- arch/x86/kernel/vmlinux.lds.S | 9 + arch/x86/kernel/x86_init.c | 9 + arch/x86/kvm/mmu.c | 4 +- arch/x86/kvm/vmx.c | 2 +- arch/x86/lib/delay.c | 4 +- arch/x86/mm/fault.c | 88 ++-- arch/x86/mm/init.c | 2 +- arch/x86/mm/init_64.c | 10 +- arch/x86/mm/kasan_init_64.c | 262 ++++++++-- arch/x86/power/cpu.c | 16 +- arch/x86/xen/enlighten_hvm.c | 12 +- arch/x86/xen/enlighten_pv.c | 15 +- arch/x86/xen/mmu_pv.c | 161 +++--- arch/x86/xen/smp_pv.c | 17 +- arch/x86/xen/xen-asm_64.S | 2 +- arch/x86/xen/xen-head.S | 11 +- block/bfq-iosched.c | 3 +- block/blk-wbt.c | 2 +- crypto/lrw.c | 6 +- drivers/acpi/apei/ghes.c | 78 +-- drivers/base/power/opp/core.c | 2 +- drivers/bluetooth/hci_bcm.c | 23 +- drivers/bluetooth/hci_ldisc.c | 7 + drivers/clk/sunxi-ng/ccu-sun5i.c | 4 +- drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 2 +- drivers/clk/sunxi-ng/ccu_nm.c | 3 + drivers/cpuidle/cpuidle.c | 1 + drivers/crypto/amcc/crypto4xx_core.h | 10 +- drivers/gpu/drm/drm_dp_dual_mode_helper.c | 16 +- drivers/gpu/drm/vc4/vc4_dsi.c | 3 +- drivers/hv/vmbus_drv.c | 2 +- drivers/iio/accel/st_accel_core.c | 35 +- drivers/iio/common/st_sensors/st_sensors_core.c | 2 +- drivers/iio/common/st_sensors/st_sensors_trigger.c | 16 +- drivers/iio/gyro/st_gyro_core.c | 15 +- drivers/iio/magnetometer/st_magn_core.c | 10 +- drivers/iio/pressure/st_pressure_core.c | 15 +- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 5 + drivers/infiniband/sw/rxe/rxe_pool.c | 2 + drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c | 1 + .../infiniband/ulp/opa_vnic/opa_vnic_vema_iface.c | 8 +- drivers/input/mouse/vmmouse.c | 10 +- drivers/leds/leds-pca955x.c | 17 +- drivers/md/dm-mpath.c | 20 +- drivers/md/md.c | 4 +- drivers/misc/pti.c | 2 +- drivers/misc/vmw_balloon.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 2 + drivers/net/ethernet/intel/fm10k/fm10k.h | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_iov.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 7 +- drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 2 + drivers/net/phy/at803x.c | 2 +- drivers/pci/iov.c | 3 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aer/aerdrv_core.c | 9 +- drivers/platform/x86/asus-wireless.c | 1 + drivers/rtc/interface.c | 2 +- drivers/rtc/rtc-pl031.c | 14 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 1 + drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_hw4.h | 2 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 5 + drivers/staging/greybus/light.c | 2 + drivers/tee/optee/core.c | 1 - drivers/thermal/hisi_thermal.c | 74 ++- drivers/vfio/pci/vfio_pci_config.c | 6 +- drivers/video/backlight/pwm_bl.c | 7 +- fs/dcache.c | 4 +- fs/overlayfs/ovl_entry.h | 2 +- fs/overlayfs/readdir.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/compiler.h | 1 + include/linux/hypervisor.h | 8 +- include/linux/iio/common/st_sensors.h | 7 +- include/linux/{pti.h => intel-pti.h} | 6 +- include/linux/mm.h | 2 +- include/linux/mmzone.h | 6 +- include/linux/rculist.h | 4 +- include/linux/rcupdate.h | 4 +- kernel/events/core.c | 4 +- kernel/seccomp.c | 2 +- kernel/task_work.c | 2 +- kernel/trace/trace_events_hist.c | 4 +- lib/Kconfig.debug | 2 +- mm/page_alloc.c | 10 + mm/slab.h | 2 +- mm/sparse.c | 17 +- net/ipv4/ip_gre.c | 8 +- net/ipv4/tcp_vegas.c | 2 +- net/ipv6/addrconf.c | 12 +- net/ipv6/route.c | 58 +-- net/sctp/stream.c | 8 +- scripts/Makefile.build | 2 +- sound/soc/codecs/msm8916-wcd-analog.c | 9 +- sound/soc/img/img-parallel-out.c | 2 + tools/objtool/check.c | 7 +- tools/objtool/objtool.c | 6 +- tools/testing/selftests/x86/ldt_gdt.c | 61 ++- virt/kvm/kvm_main.c | 2 +- 188 files changed, 2414 insertions(+), 1428 deletions(-)

7 years, 4 months

19
229
0 0

[Linux-stable-mirror] Patch "x86/retpoline: Remove the esp/rsp thunk" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/retpoline: Remove the esp/rsp thunk to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-retpoline-remove-the-esp-rsp-thunk.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: Waiman Long <longman(a)redhat.com> Date: Mon, 22 Jan 2018 17:09:34 -0500 Subject: x86/retpoline: Remove the esp/rsp thunk From: Waiman Long <longman(a)redhat.com> (cherry picked from commit 1df37383a8aeabb9b418698f0bcdffea01f4b1b2) It doesn't make sense to have an indirect call thunk with esp/rsp as retpoline code won't work correctly with the stack pointer register. Removing it will help compiler writers to catch error in case such a thunk call is emitted incorrectly. Fixes: 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Suggested-by: Jeff Law <law(a)redhat.com> Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Kees Cook <keescook(a)google.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linux-foundation.org> Cc: Paul Turner <pjt(a)google.com> Link: https://lkml.kernel.org/r/1516658974-27852-1-git-send-email-longman@redhat.… Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/asm-prototypes.h | 1 - arch/x86/lib/retpoline.S | 1 - 2 files changed, 2 deletions(-) --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -37,5 +37,4 @@ INDIRECT_THUNK(dx) INDIRECT_THUNK(si) INDIRECT_THUNK(di) INDIRECT_THUNK(bp) -INDIRECT_THUNK(sp) #endif /* CONFIG_RETPOLINE */ --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -36,7 +36,6 @@ GENERATE_THUNK(_ASM_DX) GENERATE_THUNK(_ASM_SI) GENERATE_THUNK(_ASM_DI) GENERATE_THUNK(_ASM_BP) -GENERATE_THUNK(_ASM_SP) #ifdef CONFIG_64BIT GENERATE_THUNK(r8) GENERATE_THUNK(r9) Patches currently in stable-queue which might be from longman(a)redhat.com are queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 25 Jan 2018 16:14:13 +0000 Subject: x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown From: David Woodhouse <dwmw(a)amazon.co.uk> (cherry picked from commit fec9434a12f38d3aeafeb75711b71d8a1fdef621) Also, for CPUs which don't speculate at all, don't report that they're vulnerable to the Spectre variants either. Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it for now, even though that could be done with a simple comparison, on the assumption that we'll have more to add. Based on suggestions from Dave Hansen and Alan Cox. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Borislav Petkov <bp(a)suse.de> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: ak(a)linux.intel.com Cc: ashok.raj(a)intel.com Cc: karahmed(a)amazon.de Cc: arjan(a)linux.intel.com Cc: torvalds(a)linux-foundation.org Cc: peterz(a)infradead.org Cc: bp(a)alien8.de Cc: pbonzini(a)redhat.com Cc: tim.c.chen(a)linux.intel.com Cc: gregkh(a)linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-6-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/common.c | 48 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -44,6 +44,8 @@ #include <asm/pat.h> #include <asm/microcode.h> #include <asm/microcode_intel.h> +#include <asm/intel-family.h> +#include <asm/cpu_device_id.h> #ifdef CONFIG_X86_LOCAL_APIC #include <asm/uv/uv.h> @@ -838,6 +840,41 @@ static void identify_cpu_without_cpuid(s #endif } +static const __initdata struct x86_cpu_id cpu_no_speculation[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_CENTAUR, 5 }, + { X86_VENDOR_INTEL, 5 }, + { X86_VENDOR_NSC, 5 }, + { X86_VENDOR_ANY, 4 }, + {} +}; + +static const __initdata struct x86_cpu_id cpu_no_meltdown[] = { + { X86_VENDOR_AMD }, + {} +}; + +static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c) +{ + u64 ia32_cap = 0; + + if (x86_match_cpu(cpu_no_meltdown)) + return false; + + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); + + /* Rogue Data Cache Load? No! */ + if (ia32_cap & ARCH_CAP_RDCL_NO) + return false; + + return true; +} + /* * Do minimum CPU detection early. * Fields really needed: vendor, cpuid_level, family, model, mask, @@ -884,11 +921,12 @@ static void __init early_identify_cpu(st setup_force_cpu_cap(X86_FEATURE_ALWAYS); - if (c->x86_vendor != X86_VENDOR_AMD) - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + if (!x86_match_cpu(cpu_no_speculation)) { + if (cpu_vulnerable_to_meltdown(c)) + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + } fpu__init_system(c); Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/kvm-vmx-introduce-alloc_loaded_vmcs.patch queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kvm-vmx-make-msr-bitmaps-per-vcpu.patch queue-4.9/kvm-nvmx-mark-vmcs12-pages-dirty-on-l2-exit.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/msr: Add definitions for new speculation control MSRs" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/msr: Add definitions for new speculation control MSRs to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-msr-add-definitions-for-new-speculation-control-msrs.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 25 Jan 2018 16:14:12 +0000 Subject: x86/msr: Add definitions for new speculation control MSRs From: David Woodhouse <dwmw(a)amazon.co.uk> (cherry picked from commit 1e340c60d0dd3ae07b5bedc16a0469c14b9f3410) Add MSR and bit definitions for SPEC_CTRL, PRED_CMD and ARCH_CAPABILITIES. See Intel's 336996-Speculative-Execution-Side-Channel-Mitigations.pdf Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: ak(a)linux.intel.com Cc: ashok.raj(a)intel.com Cc: dave.hansen(a)intel.com Cc: karahmed(a)amazon.de Cc: arjan(a)linux.intel.com Cc: torvalds(a)linux-foundation.org Cc: peterz(a)infradead.org Cc: bp(a)alien8.de Cc: pbonzini(a)redhat.com Cc: tim.c.chen(a)linux.intel.com Cc: gregkh(a)linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-5-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/msr-index.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -37,6 +37,13 @@ #define EFER_FFXSR (1<<_EFER_FFXSR) /* Intel MSRs. Some also available on other CPUs */ +#define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ +#define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ +#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */ + +#define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ +#define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ + #define MSR_IA32_PERFCTR0 0x000000c1 #define MSR_IA32_PERFCTR1 0x000000c2 #define MSR_FSB_FREQ 0x000000cd @@ -50,6 +57,11 @@ #define SNB_C3_AUTO_UNDEMOTE (1UL << 28) #define MSR_MTRRcap 0x000000fe + +#define MSR_IA32_ARCH_CAPABILITIES 0x0000010a +#define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */ +#define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */ + #define MSR_IA32_BBL_CR_CTL 0x00000119 #define MSR_IA32_BBL_CR_CTL3 0x0000011e Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/kvm-vmx-introduce-alloc_loaded_vmcs.patch queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kvm-vmx-make-msr-bitmaps-per-vcpu.patch queue-4.9/kvm-nvmx-mark-vmcs12-pages-dirty-on-l2-exit.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeatures: Add Intel feature bits for Speculation Control" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeatures: Add Intel feature bits for Speculation Control to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 25 Jan 2018 16:14:10 +0000 Subject: x86/cpufeatures: Add Intel feature bits for Speculation Control From: David Woodhouse <dwmw(a)amazon.co.uk> (cherry picked from commit fc67dd70adb711a45d2ef34e12d1a8be75edde61) Add three feature bits exposed by new microcode on Intel CPUs for speculation control. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: ak(a)linux.intel.com Cc: ashok.raj(a)intel.com Cc: dave.hansen(a)intel.com Cc: karahmed(a)amazon.de Cc: arjan(a)linux.intel.com Cc: torvalds(a)linux-foundation.org Cc: peterz(a)infradead.org Cc: bp(a)alien8.de Cc: pbonzini(a)redhat.com Cc: tim.c.chen(a)linux.intel.com Cc: gregkh(a)linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-3-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeatures.h | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -296,6 +296,9 @@ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ +#define X86_FEATURE_SPEC_CTRL (18*32+26) /* Speculation Control (IBRS + IBPB) */ +#define X86_FEATURE_STIBP (18*32+27) /* Single Thread Indirect Branch Predictors */ +#define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ /* * BUG word(s) Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/kvm-vmx-introduce-alloc_loaded_vmcs.patch queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kvm-vmx-make-msr-bitmaps-per-vcpu.patch queue-4.9/kvm-nvmx-mark-vmcs12-pages-dirty-on-l2-exit.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeatures: Add CPUID_7_EDX CPUID leaf" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeatures: Add CPUID_7_EDX CPUID leaf to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 25 Jan 2018 16:14:09 +0000 Subject: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf From: David Woodhouse <dwmw(a)amazon.co.uk> (cherry picked from commit 95ca0ee8636059ea2800dfbac9ecac6212d6b38f) This is a pure feature bits leaf. There are two AVX512 feature bits in it already which were handled as scattered bits, and three more from this leaf are going to be added for speculation control features. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: ak(a)linux.intel.com Cc: ashok.raj(a)intel.com Cc: dave.hansen(a)intel.com Cc: karahmed(a)amazon.de Cc: arjan(a)linux.intel.com Cc: torvalds(a)linux-foundation.org Cc: peterz(a)infradead.org Cc: bp(a)alien8.de Cc: pbonzini(a)redhat.com Cc: tim.c.chen(a)linux.intel.com Cc: gregkh(a)linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-2-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeature.h | 7 +++++-- arch/x86/include/asm/cpufeatures.h | 10 ++++++---- arch/x86/include/asm/disabled-features.h | 3 ++- arch/x86/include/asm/required-features.h | 3 ++- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/scattered.c | 2 -- 6 files changed, 16 insertions(+), 10 deletions(-) --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -28,6 +28,7 @@ enum cpuid_leafs CPUID_8000_000A_EDX, CPUID_7_ECX, CPUID_8000_0007_EBX, + CPUID_7_EDX, }; #ifdef CONFIG_X86_FEATURE_NAMES @@ -78,8 +79,9 @@ extern const char * const x86_bug_flags[ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 15, feature_bit) || \ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 16, feature_bit) || \ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) || \ + CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) || \ REQUIRED_MASK_CHECK || \ - BUILD_BUG_ON_ZERO(NCAPINTS != 18)) + BUILD_BUG_ON_ZERO(NCAPINTS != 19)) #define DISABLED_MASK_BIT_SET(feature_bit) \ ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) || \ @@ -100,8 +102,9 @@ extern const char * const x86_bug_flags[ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 15, feature_bit) || \ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 16, feature_bit) || \ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) || \ + CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) || \ DISABLED_MASK_CHECK || \ - BUILD_BUG_ON_ZERO(NCAPINTS != 18)) + BUILD_BUG_ON_ZERO(NCAPINTS != 19)) #define cpu_has(c, bit) \ (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \ --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -12,7 +12,7 @@ /* * Defines x86 CPU feature bits */ -#define NCAPINTS 18 /* N 32-bit words worth of info */ +#define NCAPINTS 19 /* N 32-bit words worth of info */ #define NBUGINTS 1 /* N 32-bit bug flags */ /* @@ -197,9 +197,7 @@ #define X86_FEATURE_RETPOLINE ( 7*32+12) /* Generic Retpoline mitigation for Spectre variant 2 */ #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */ -#define X86_FEATURE_AVX512_4VNNIW (7*32+16) /* AVX-512 Neural Network Instructions */ -#define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */ -#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ +#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ #define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ @@ -295,6 +293,10 @@ #define X86_FEATURE_SUCCOR (17*32+1) /* Uncorrectable error containment and recovery */ #define X86_FEATURE_SMCA (17*32+3) /* Scalable MCA */ +/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ +#define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ +#define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ + /* * BUG word(s) */ --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -59,6 +59,7 @@ #define DISABLED_MASK15 0 #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE) #define DISABLED_MASK17 0 -#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 18) +#define DISABLED_MASK18 0 +#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 19) #endif /* _ASM_X86_DISABLED_FEATURES_H */ --- a/arch/x86/include/asm/required-features.h +++ b/arch/x86/include/asm/required-features.h @@ -100,6 +100,7 @@ #define REQUIRED_MASK15 0 #define REQUIRED_MASK16 0 #define REQUIRED_MASK17 0 -#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 18) +#define REQUIRED_MASK18 0 +#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 19) #endif /* _ASM_X86_REQUIRED_FEATURES_H */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -737,6 +737,7 @@ void get_cpu_cap(struct cpuinfo_x86 *c) cpuid_count(0x00000007, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[CPUID_7_0_EBX] = ebx; c->x86_capability[CPUID_7_ECX] = ecx; + c->x86_capability[CPUID_7_EDX] = edx; } /* Extended state features: level 0x0000000d */ --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -31,8 +31,6 @@ void init_scattered_cpuid_features(struc const struct cpuid_bit *cb; static const struct cpuid_bit cpuid_bits[] = { - { X86_FEATURE_AVX512_4VNNIW, CR_EDX, 2, 0x00000007, 0 }, - { X86_FEATURE_AVX512_4FMAPS, CR_EDX, 3, 0x00000007, 0 }, { X86_FEATURE_APERFMPERF, CR_ECX, 0, 0x00000006, 0 }, { X86_FEATURE_EPB, CR_ECX, 3, 0x00000006, 0 }, { X86_FEATURE_HW_PSTATE, CR_EDX, 7, 0x80000007, 0 }, Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/kvm-vmx-introduce-alloc_loaded_vmcs.patch queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kvm-vmx-make-msr-bitmaps-per-vcpu.patch queue-4.9/kvm-nvmx-mark-vmcs12-pages-dirty-on-l2-exit.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeatures: Add AMD feature bits for Speculation Control" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeatures: Add AMD feature bits for Speculation Control to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 25 Jan 2018 16:14:11 +0000 Subject: x86/cpufeatures: Add AMD feature bits for Speculation Control From: David Woodhouse <dwmw(a)amazon.co.uk> (cherry picked from commit 5d10cbc91d9eb5537998b65608441b592eec65e7) AMD exposes the PRED_CMD/SPEC_CTRL MSRs slightly differently to Intel. See http://lkml.kernel.org/r/2b3e25cc-286d-8bd0-aeaf-9ac4aae39de8@amd.com Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: ak(a)linux.intel.com Cc: ashok.raj(a)intel.com Cc: dave.hansen(a)intel.com Cc: karahmed(a)amazon.de Cc: arjan(a)linux.intel.com Cc: torvalds(a)linux-foundation.org Cc: peterz(a)infradead.org Cc: bp(a)alien8.de Cc: pbonzini(a)redhat.com Cc: tim.c.chen(a)linux.intel.com Cc: gregkh(a)linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-4-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/cpufeatures.h | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -258,6 +258,9 @@ /* AMD-defined CPU features, CPUID level 0x80000008 (ebx), word 13 */ #define X86_FEATURE_CLZERO (13*32+0) /* CLZERO instruction */ #define X86_FEATURE_IRPERF (13*32+1) /* Instructions Retired Count */ +#define X86_FEATURE_AMD_PRED_CMD (13*32+12) /* Prediction Command MSR (AMD) */ +#define X86_FEATURE_AMD_SPEC_CTRL (13*32+14) /* Speculation Control MSR only (AMD) */ +#define X86_FEATURE_AMD_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors (AMD) */ /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */ #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */ Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/kvm-vmx-introduce-alloc_loaded_vmcs.patch queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kvm-vmx-make-msr-bitmaps-per-vcpu.patch queue-4.9/kvm-nvmx-mark-vmcs12-pages-dirty-on-l2-exit.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: David Woodhouse <dwmw(a)amazon.co.uk> Date: Thu, 25 Jan 2018 16:14:14 +0000 Subject: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes From: David Woodhouse <dwmw(a)amazon.co.uk> (cherry picked from commit a5b2966364538a0e68c9fa29bc0a3a1651799035) This doesn't refuse to load the affected microcodes; it just refuses to use the Spectre v2 mitigation features if they're detected, by clearing the appropriate feature bits. The AMD CPUID bits are handled here too, because hypervisors *may* have been exposing those bits even on Intel chips, for fine-grained control of what's available. It is non-trivial to use x86_match_cpu() for this table because that doesn't handle steppings. And the approach taken in commit bd9240a18 almost made me lose my lunch. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: gnomes(a)lxorguk.ukuu.org.uk Cc: ak(a)linux.intel.com Cc: ashok.raj(a)intel.com Cc: dave.hansen(a)intel.com Cc: karahmed(a)amazon.de Cc: arjan(a)linux.intel.com Cc: torvalds(a)linux-foundation.org Cc: peterz(a)infradead.org Cc: bp(a)alien8.de Cc: pbonzini(a)redhat.com Cc: tim.c.chen(a)linux.intel.com Cc: gregkh(a)linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-7-git-send-email-dwmw@amazon.co.uk Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/intel-family.h | 7 ++- arch/x86/kernel/cpu/intel.c | 66 ++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/intel-family.h +++ b/arch/x86/include/asm/intel-family.h @@ -12,6 +12,7 @@ */ #define INTEL_FAM6_CORE_YONAH 0x0E + #define INTEL_FAM6_CORE2_MEROM 0x0F #define INTEL_FAM6_CORE2_MEROM_L 0x16 #define INTEL_FAM6_CORE2_PENRYN 0x17 @@ -21,6 +22,7 @@ #define INTEL_FAM6_NEHALEM_G 0x1F /* Auburndale / Havendale */ #define INTEL_FAM6_NEHALEM_EP 0x1A #define INTEL_FAM6_NEHALEM_EX 0x2E + #define INTEL_FAM6_WESTMERE 0x25 #define INTEL_FAM6_WESTMERE_EP 0x2C #define INTEL_FAM6_WESTMERE_EX 0x2F @@ -36,9 +38,9 @@ #define INTEL_FAM6_HASWELL_GT3E 0x46 #define INTEL_FAM6_BROADWELL_CORE 0x3D -#define INTEL_FAM6_BROADWELL_XEON_D 0x56 #define INTEL_FAM6_BROADWELL_GT3E 0x47 #define INTEL_FAM6_BROADWELL_X 0x4F +#define INTEL_FAM6_BROADWELL_XEON_D 0x56 #define INTEL_FAM6_SKYLAKE_MOBILE 0x4E #define INTEL_FAM6_SKYLAKE_DESKTOP 0x5E @@ -57,9 +59,10 @@ #define INTEL_FAM6_ATOM_SILVERMONT2 0x4D /* Avaton/Rangely */ #define INTEL_FAM6_ATOM_AIRMONT 0x4C /* CherryTrail / Braswell */ #define INTEL_FAM6_ATOM_MERRIFIELD 0x4A /* Tangier */ -#define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Annidale */ +#define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Anniedale */ #define INTEL_FAM6_ATOM_GOLDMONT 0x5C #define INTEL_FAM6_ATOM_DENVERTON 0x5F /* Goldmont Microserver */ +#define INTEL_FAM6_ATOM_GEMINI_LAKE 0x7A /* Xeon Phi */ --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -61,6 +61,59 @@ void check_mpx_erratum(struct cpuinfo_x8 } } +/* + * Early microcode releases for the Spectre v2 mitigation were broken. + * Information taken from; + * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-up… + * - https://kb.vmware.com/s/article/52345 + * - Microcode revisions observed in the wild + * - Release note from 20180108 microcode release + */ +struct sku_microcode { + u8 model; + u8 stepping; + u32 microcode; +}; +static const struct sku_microcode spectre_bad_microcodes[] = { + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0B, 0x84 }, + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0A, 0x84 }, + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x84 }, + { INTEL_FAM6_KABYLAKE_MOBILE, 0x0A, 0x84 }, + { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x84 }, + { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, + { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c }, + { INTEL_FAM6_SKYLAKE_MOBILE, 0x03, 0xc2 }, + { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, + { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, + { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b }, + { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 }, + { INTEL_FAM6_BROADWELL_XEON_D, 0x03, 0x07000011 }, + { INTEL_FAM6_BROADWELL_X, 0x01, 0x0b000025 }, + { INTEL_FAM6_HASWELL_ULT, 0x01, 0x21 }, + { INTEL_FAM6_HASWELL_GT3E, 0x01, 0x18 }, + { INTEL_FAM6_HASWELL_CORE, 0x03, 0x23 }, + { INTEL_FAM6_HASWELL_X, 0x02, 0x3b }, + { INTEL_FAM6_HASWELL_X, 0x04, 0x10 }, + { INTEL_FAM6_IVYBRIDGE_X, 0x04, 0x42a }, + /* Updated in the 20180108 release; blacklist until we know otherwise */ + { INTEL_FAM6_ATOM_GEMINI_LAKE, 0x01, 0x22 }, + /* Observed in the wild */ + { INTEL_FAM6_SANDYBRIDGE_X, 0x06, 0x61b }, + { INTEL_FAM6_SANDYBRIDGE_X, 0x07, 0x712 }, +}; + +static bool bad_spectre_microcode(struct cpuinfo_x86 *c) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { + if (c->x86_model == spectre_bad_microcodes[i].model && + c->x86_mask == spectre_bad_microcodes[i].stepping) + return (c->microcode <= spectre_bad_microcodes[i].microcode); + } + return false; +} + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -87,6 +140,19 @@ static void early_init_intel(struct cpui rdmsr(MSR_IA32_UCODE_REV, lower_word, c->microcode); } + if ((cpu_has(c, X86_FEATURE_SPEC_CTRL) || + cpu_has(c, X86_FEATURE_STIBP) || + cpu_has(c, X86_FEATURE_AMD_SPEC_CTRL) || + cpu_has(c, X86_FEATURE_AMD_PRED_CMD) || + cpu_has(c, X86_FEATURE_AMD_STIBP)) && bad_spectre_microcode(c)) { + pr_warn("Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL\n"); + clear_cpu_cap(c, X86_FEATURE_SPEC_CTRL); + clear_cpu_cap(c, X86_FEATURE_STIBP); + clear_cpu_cap(c, X86_FEATURE_AMD_SPEC_CTRL); + clear_cpu_cap(c, X86_FEATURE_AMD_PRED_CMD); + clear_cpu_cap(c, X86_FEATURE_AMD_STIBP); + } + /* * Atom erratum AAE44/AAF40/AAG38/AAH41: * Patches currently in stable-queue which might be from dwmw(a)amazon.co.uk are queue-4.9/kvm-vmx-introduce-alloc_loaded_vmcs.patch queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kvm-vmx-make-msr-bitmaps-per-vcpu.patch queue-4.9/kvm-nvmx-mark-vmcs12-pages-dirty-on-l2-exit.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "module/retpoline: Warn about missing retpoline in module" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled module/retpoline: Warn about missing retpoline in module to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: module-retpoline-warn-about-missing-retpoline-in-module.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: Andi Kleen <ak(a)linux.intel.com> Date: Thu, 25 Jan 2018 15:50:28 -0800 Subject: module/retpoline: Warn about missing retpoline in module From: Andi Kleen <ak(a)linux.intel.com> (cherry picked from commit caf7501a1b4ec964190f31f9c3f163de252273b8) There's a risk that a kernel which has full retpoline mitigations becomes vulnerable when a module gets loaded that hasn't been compiled with the right compiler or the right option. To enable detection of that mismatch at module load time, add a module info string "retpoline" at build time when the module was compiled with retpoline support. This only covers compiled C source, but assembler source or prebuilt object files are not checked. If a retpoline enabled kernel detects a non retpoline protected module at load time, print a warning and report it in the sysfs vulnerability file. [ tglx: Massaged changelog ] Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: gregkh(a)linuxfoundation.org Cc: torvalds(a)linux-foundation.org Cc: jeyu(a)kernel.org Cc: arjan(a)linux.intel.com Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++- include/linux/module.h | 9 +++++++++ kernel/module.c | 11 +++++++++++ scripts/mod/modpost.c | 9 +++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -10,6 +10,7 @@ #include <linux/init.h> #include <linux/utsname.h> #include <linux/cpu.h> +#include <linux/module.h> #include <asm/nospec-branch.h> #include <asm/cmdline.h> @@ -92,6 +93,19 @@ static const char *spectre_v2_strings[] #define pr_fmt(fmt) "Spectre V2 mitigation: " fmt static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; +static bool spectre_v2_bad_module; + +#ifdef RETPOLINE +bool retpoline_module_ok(bool has_retpoline) +{ + if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline) + return true; + + pr_err("System may be vunerable to spectre v2\n"); + spectre_v2_bad_module = true; + return false; +} +#endif static void __init spec2_print_if_insecure(const char *reason) { @@ -277,6 +291,7 @@ ssize_t cpu_show_spectre_v2(struct devic if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) return sprintf(buf, "Not affected\n"); - return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]); + return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled], + spectre_v2_bad_module ? " - vulnerable module loaded" : ""); } #endif --- a/include/linux/module.h +++ b/include/linux/module.h @@ -791,6 +791,15 @@ static inline void module_bug_finalize(c static inline void module_bug_cleanup(struct module *mod) {} #endif /* CONFIG_GENERIC_BUG */ +#ifdef RETPOLINE +extern bool retpoline_module_ok(bool has_retpoline); +#else +static inline bool retpoline_module_ok(bool has_retpoline) +{ + return true; +} +#endif + #ifdef CONFIG_MODULE_SIG static inline bool module_sig_ok(struct module *module) { --- a/kernel/module.c +++ b/kernel/module.c @@ -2817,6 +2817,15 @@ static int check_modinfo_livepatch(struc } #endif /* CONFIG_LIVEPATCH */ +static void check_modinfo_retpoline(struct module *mod, struct load_info *info) +{ + if (retpoline_module_ok(get_modinfo(info, "retpoline"))) + return; + + pr_warn("%s: loading module not compiled with retpoline compiler.\n", + mod->name); +} + /* Sets info->hdr and info->len. */ static int copy_module_from_user(const void __user *umod, unsigned long len, struct load_info *info) @@ -2969,6 +2978,8 @@ static int check_modinfo(struct module * add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); } + check_modinfo_retpoline(mod, info); + if (get_modinfo(info, "staging")) { add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK); pr_warn("%s: module is from the staging directory, the quality " --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -2130,6 +2130,14 @@ static void add_intree_flag(struct buffe buf_printf(b, "\nMODULE_INFO(intree, \"Y\");\n"); } +/* Cannot check for assembler */ +static void add_retpoline(struct buffer *b) +{ + buf_printf(b, "\n#ifdef RETPOLINE\n"); + buf_printf(b, "MODULE_INFO(retpoline, \"Y\");\n"); + buf_printf(b, "#endif\n"); +} + static void add_staging_flag(struct buffer *b, const char *name) { static const char *staging_dir = "drivers/staging"; @@ -2474,6 +2482,7 @@ int main(int argc, char **argv) add_header(&buf, mod); add_intree_flag(&buf, !external_module); + add_retpoline(&buf); add_staging_flag(&buf, mod->name); err |= add_versions(&buf, mod); add_depends(&buf, mod, modules); Patches currently in stable-queue which might be from ak(a)linux.intel.com are queue-4.9/kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/kvm-svm-allow-direct-access-to-msr_ia32_spec_ctrl.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/kvm-vmx-emulate-msr_ia32_arch_capabilities.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] Patch "KVM: x86: Make indirect calls in emulator speculation safe" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KVM: x86: Make indirect calls in emulator speculation safe to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 7 19:38:23 CST 2018 From: Peter Zijlstra <peterz(a)infradead.org> Date: Thu, 25 Jan 2018 10:58:13 +0100 Subject: KVM: x86: Make indirect calls in emulator speculation safe From: Peter Zijlstra <peterz(a)infradead.org> (cherry picked from commit 1a29b5b7f347a1a9230c1e0af5b37e3e571588ab) Replace the indirect calls with CALL_NOSPEC. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Ashok Raj <ashok.raj(a)intel.com> Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: Jun Nakajima <jun.nakajima(a)intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: rga(a)amazon.de Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Asit Mallick <asit.k.mallick(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Jason Baron <jbaron(a)akamai.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Arjan Van De Ven <arjan.van.de.ven(a)intel.com> Cc: Tim Chen <tim.c.chen(a)linux.intel.com> Link: https://lkml.kernel.org/r/20180125095843.595615683@infradead.org [dwmw2: Use ASM_CALL_CONSTRAINT like upstream, now we have it] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kvm/emulate.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -25,6 +25,7 @@ #include <asm/kvm_emulate.h> #include <linux/stringify.h> #include <asm/debugreg.h> +#include <asm/nospec-branch.h> #include "x86.h" #include "tss.h" @@ -1012,8 +1013,8 @@ static __always_inline u8 test_cc(unsign void (*fop)(void) = (void *)em_setcc + 4 * (condition & 0xf); flags = (flags & EFLAGS_MASK) | X86_EFLAGS_IF; - asm("push %[flags]; popf; call *%[fastop]" - : "=a"(rc) : [fastop]"r"(fop), [flags]"r"(flags)); + asm("push %[flags]; popf; " CALL_NOSPEC + : "=a"(rc) : [thunk_target]"r"(fop), [flags]"r"(flags)); return rc; } @@ -5306,15 +5307,14 @@ static void fetch_possible_mmx_operand(s static int fastop(struct x86_emulate_ctxt *ctxt, void (*fop)(struct fastop *)) { - register void *__sp asm(_ASM_SP); ulong flags = (ctxt->eflags & EFLAGS_MASK) | X86_EFLAGS_IF; if (!(ctxt->d & ByteOp)) fop += __ffs(ctxt->dst.bytes) * FASTOP_SIZE; - asm("push %[flags]; popf; call *%[fastop]; pushf; pop %[flags]\n" + asm("push %[flags]; popf; " CALL_NOSPEC " ; pushf; pop %[flags]\n" : "+a"(ctxt->dst.val), "+d"(ctxt->src.val), [flags]"+D"(flags), - [fastop]"+S"(fop), "+r"(__sp) + [thunk_target]"+S"(fop), ASM_CALL_CONSTRAINT : "c"(ctxt->src2.val)); ctxt->eflags = (ctxt->eflags & ~EFLAGS_MASK) | (flags & EFLAGS_MASK); Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.9/kvm-x86-add-ibpb-support.patch queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.9/x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch queue-4.9/x86-asm-fix-inline-asm-call-constraints-for-gcc-4.4.patch queue-4.9/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.9/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch queue-4.9/x86-msr-add-definitions-for-new-speculation-control-msrs.patch queue-4.9/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.9/kaiser-fix-intel_bts-perf-crashes.patch queue-4.9/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror