Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Nothing too bad, but the spectre updates to smatch identified a few
places that may need sanitising so we've got those covered.
Details:
- Close some potential spectre-v1 vulnerabilities found by smatch
- Add missing list sentinel for CPUs that don't require KPTI
- Removal of unused 'addr' parameter for I/D cache coherency
- Removal of redundant set_fs(KERNEL_DS) calls in ptrace
- Fix single-stepping state machine handling in response to kernel
traps
- Clang support for 128-bit integers
- Avoid instrumenting our out-of-line atomics in preparation for
enabling LSE atomics by default in 4.18"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: avoid instrumenting atomic_ll_sc.o
KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
arm64: support __int128 with clang
arm64: only advance singlestep for user instruction traps
arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
arm64: ptrace: remove addr_limit manipulation
arm64: mm: drop addr parameter from sync icache and dcache
arm64: add sentinel to kpti_safe_list
+42
-21
+4
arch/arm64/Makefile
+4
arch/arm64/Makefile
···
56
56
KBUILD_CFLAGS += $(call cc-option,-mabi=lp64)
57
57
KBUILD_AFLAGS += $(call cc-option,-mabi=lp64)
58
58
59
+
ifeq ($(cc-name),clang)
60
+
KBUILD_CFLAGS += -DCONFIG_ARCH_SUPPORTS_INT128
61
+
else
59
62
KBUILD_CFLAGS += $(call cc-ifversion, -ge, 0500, -DCONFIG_ARCH_SUPPORTS_INT128)
63
+
endif
60
64
61
65
ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)
62
66
KBUILD_CPPFLAGS += -mbig-endian
+1
-1
arch/arm64/include/asm/module.h
+1
-1
arch/arm64/include/asm/module.h
···
39
39
u64 module_emit_plt_entry(struct module *mod, void *loc, const Elf64_Rela *rela,
40
40
Elf64_Sym *sym);
41
41
42
-
u64 module_emit_adrp_veneer(struct module *mod, void *loc, u64 val);
42
+
u64 module_emit_veneer_for_adrp(struct module *mod, void *loc, u64 val);
43
43
44
44
#ifdef CONFIG_RANDOMIZE_BASE
45
45
extern u64 module_alloc_base;
+2
-2
arch/arm64/include/asm/pgtable.h
+2
-2
arch/arm64/include/asm/pgtable.h
···
230
230
}
231
231
}
232
232
233
-
extern void __sync_icache_dcache(pte_t pteval, unsigned long addr);
233
+
extern void __sync_icache_dcache(pte_t pteval);
234
234
235
235
/*
236
236
* PTE bits configuration in the presence of hardware Dirty Bit Management
···
253
253
pte_t old_pte;
254
254
255
255
if (pte_present(pte) && pte_user_exec(pte) && !pte_special(pte))
256
-
__sync_icache_dcache(pte, addr);
256
+
__sync_icache_dcache(pte);
257
257
258
258
/*
259
259
* If the existing pte is valid, check for potential race with
+1
arch/arm64/kernel/cpufeature.c
+1
arch/arm64/kernel/cpufeature.c
+1
-1
arch/arm64/kernel/module-plts.c
+1
-1
arch/arm64/kernel/module-plts.c
···
43
43
}
44
44
45
45
#ifdef CONFIG_ARM64_ERRATUM_843419
46
-
u64 module_emit_adrp_veneer(struct module *mod, void *loc, u64 val)
46
+
u64 module_emit_veneer_for_adrp(struct module *mod, void *loc, u64 val)
47
47
{
48
48
struct mod_plt_sec *pltsec = !in_init(mod, loc) ? &mod->arch.core :
49
49
&mod->arch.init;
+1
-1
arch/arm64/kernel/module.c
+1
-1
arch/arm64/kernel/module.c
···
215
215
insn &= ~BIT(31);
216
216
} else {
217
217
/* out of range for ADR -> emit a veneer */
218
-
val = module_emit_adrp_veneer(mod, place, val & ~0xfff);
218
+
val = module_emit_veneer_for_adrp(mod, place, val & ~0xfff);
219
219
if (!val)
220
220
return -ENOEXEC;
221
221
insn = aarch64_insn_gen_branch_imm((u64)place, val,
+10
-10
arch/arm64/kernel/ptrace.c
+10
-10
arch/arm64/kernel/ptrace.c
···
25
25
#include <linux/sched/signal.h>
26
26
#include <linux/sched/task_stack.h>
27
27
#include <linux/mm.h>
28
+
#include <linux/nospec.h>
28
29
#include <linux/smp.h>
29
30
#include <linux/ptrace.h>
30
31
#include <linux/user.h>
···
250
249
251
250
switch (note_type) {
252
251
case NT_ARM_HW_BREAK:
253
-
if (idx < ARM_MAX_BRP)
254
-
bp = tsk->thread.debug.hbp_break[idx];
252
+
if (idx >= ARM_MAX_BRP)
253
+
goto out;
254
+
idx = array_index_nospec(idx, ARM_MAX_BRP);
255
+
bp = tsk->thread.debug.hbp_break[idx];
255
256
break;
256
257
case NT_ARM_HW_WATCH:
257
-
if (idx < ARM_MAX_WRP)
258
-
bp = tsk->thread.debug.hbp_watch[idx];
258
+
if (idx >= ARM_MAX_WRP)
259
+
goto out;
260
+
idx = array_index_nospec(idx, ARM_MAX_WRP);
261
+
bp = tsk->thread.debug.hbp_watch[idx];
259
262
break;
260
263
}
261
264
265
+
out:
262
266
return bp;
263
267
}
264
268
···
1464
1458
{
1465
1459
int ret;
1466
1460
u32 kdata;
1467
-
mm_segment_t old_fs = get_fs();
1468
1461
1469
-
set_fs(KERNEL_DS);
1470
1462
/* Watchpoint */
1471
1463
if (num < 0) {
1472
1464
ret = compat_ptrace_hbp_get(NT_ARM_HW_WATCH, tsk, num, &kdata);
···
1475
1471
} else {
1476
1472
ret = compat_ptrace_hbp_get(NT_ARM_HW_BREAK, tsk, num, &kdata);
1477
1473
}
1478
-
set_fs(old_fs);
1479
1474
1480
1475
if (!ret)
1481
1476
ret = put_user(kdata, data);
···
1487
1484
{
1488
1485
int ret;
1489
1486
u32 kdata = 0;
1490
-
mm_segment_t old_fs = get_fs();
1491
1487
1492
1488
if (num == 0)
1493
1489
return 0;
···
1495
1493
if (ret)
1496
1494
return ret;
1497
1495
1498
-
set_fs(KERNEL_DS);
1499
1496
if (num < 0)
1500
1497
ret = compat_ptrace_hbp_set(NT_ARM_HW_WATCH, tsk, num, &kdata);
1501
1498
else
1502
1499
ret = compat_ptrace_hbp_set(NT_ARM_HW_BREAK, tsk, num, &kdata);
1503
-
set_fs(old_fs);
1504
1500
1505
1501
return ret;
1506
1502
}
+2
-1
arch/arm64/kernel/traps.c
+2
-1
arch/arm64/kernel/traps.c
···
277
277
* If we were single stepping, we want to get the step exception after
278
278
* we return from the trap.
279
279
*/
280
-
user_fastforward_single_step(current);
280
+
if (user_mode(regs))
281
+
user_fastforward_single_step(current);
281
282
}
282
283
283
284
static LIST_HEAD(undef_hook);
+4
arch/arm64/lib/Makefile
+4
arch/arm64/lib/Makefile
···
19
19
-fcall-saved-x13 -fcall-saved-x14 -fcall-saved-x15 \
20
20
-fcall-saved-x18 -fomit-frame-pointer
21
21
CFLAGS_REMOVE_atomic_ll_sc.o := -pg
22
+
GCOV_PROFILE_atomic_ll_sc.o := n
23
+
KASAN_SANITIZE_atomic_ll_sc.o := n
24
+
KCOV_INSTRUMENT_atomic_ll_sc.o := n
25
+
UBSAN_SANITIZE_atomic_ll_sc.o := n
22
26
23
27
lib-$(CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE) += uaccess_flushcache.o
+1
-1
arch/arm64/mm/flush.c
+1
-1
arch/arm64/mm/flush.c
+5
virt/kvm/arm/vgic/vgic-mmio-v2.c
+5
virt/kvm/arm/vgic/vgic-mmio-v2.c
···
14
14
#include <linux/irqchip/arm-gic.h>
15
15
#include <linux/kvm.h>
16
16
#include <linux/kvm_host.h>
17
+
#include <linux/nospec.h>
18
+
17
19
#include <kvm/iodev.h>
18
20
#include <kvm/arm_vgic.h>
19
21
···
326
324
327
325
if (n > vgic_v3_max_apr_idx(vcpu))
328
326
return 0;
327
+
328
+
n = array_index_nospec(n, 4);
329
+
329
330
/* GICv3 only uses ICH_AP1Rn for memory mapped (GICv2) guests */
330
331
return vgicv3->vgic_ap1r[n];
331
332
}
+10
-4
virt/kvm/arm/vgic/vgic.c
+10
-4
virt/kvm/arm/vgic/vgic.c
···
14
14
* along with this program. If not, see <http://www.gnu.org/licenses/>.
15
15
*/
16
16
17
+
#include <linux/interrupt.h>
18
+
#include <linux/irq.h>
17
19
#include <linux/kvm.h>
18
20
#include <linux/kvm_host.h>
19
21
#include <linux/list_sort.h>
20
-
#include <linux/interrupt.h>
21
-
#include <linux/irq.h>
22
+
#include <linux/nospec.h>
23
+
22
24
#include <asm/kvm_hyp.h>
23
25
24
26
#include "vgic.h"
···
103
101
u32 intid)
104
102
{
105
103
/* SGIs and PPIs */
106
-
if (intid <= VGIC_MAX_PRIVATE)
104
+
if (intid <= VGIC_MAX_PRIVATE) {
105
+
intid = array_index_nospec(intid, VGIC_MAX_PRIVATE);
107
106
return &vcpu->arch.vgic_cpu.private_irqs[intid];
107
+
}
108
108
109
109
/* SPIs */
110
-
if (intid <= VGIC_MAX_SPI)
110
+
if (intid <= VGIC_MAX_SPI) {
111
+
intid = array_index_nospec(intid, VGIC_MAX_SPI);
111
112
return &kvm->arch.vgic.spis[intid - VGIC_NR_PRIVATE_IRQS];
113
+
}
112
114
113
115
/* LPIs */
114
116
if (intid >= VGIC_MIN_LPI)