Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'x86-urgent-2020-08-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
"Misc fixes and small updates all around the place:
- Fix mitigation state sysfs output
- Fix an FPU xstate/sxave code assumption bug triggered by
Architectural LBR support
- Fix Lightning Mountain SoC TSC frequency enumeration bug
- Fix kexec debug output
- Fix kexec memory range assumption bug
- Fix a boundary condition in the crash kernel code
- Optimize porgatory.ro generation a bit
- Enable ACRN guests to use X2APIC mode
- Reduce a __text_poke() IRQs-off critical section for the benefit of
PREEMPT_RT"
* tag 'x86-urgent-2020-08-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/alternatives: Acquire pte lock with interrupts enabled
x86/bugs/multihit: Fix mitigation reporting when VMX is not in use
x86/fpu/xstate: Fix an xstate size check warning with architectural LBRs
x86/purgatory: Don't generate debug info for purgatory.ro
x86/tsr: Fix tsc frequency enumeration bug on Lightning Mountain SoC
kexec_file: Correctly output debugging information for the PT_LOAD ELF header
kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges
x86/crash: Correct the address boundary of function parameters
x86/acrn: Remove redundant chars from ACRN signature
x86/acrn: Allow ACRN guest to use X2APIC mode
+88
-32
+4
Documentation/admin-guide/hw-vuln/multihit.rst
+4
Documentation/admin-guide/hw-vuln/multihit.rst
···
80
80
- The processor is not vulnerable.
81
81
* - KVM: Mitigation: Split huge pages
82
82
- Software changes mitigate this issue.
83
+
* - KVM: Mitigation: VMX unsupported
84
+
- KVM is not vulnerable because Virtual Machine Extensions (VMX) is not supported.
85
+
* - KVM: Mitigation: VMX disabled
86
+
- KVM is not vulnerable because Virtual Machine Extensions (VMX) is disabled.
83
87
* - KVM: Vulnerable
84
88
- The processor is vulnerable, but no mitigation enabled
85
89
+3
-3
arch/x86/kernel/alternative.c
+3
-3
arch/x86/kernel/alternative.c
···
875
875
*/
876
876
BUG_ON(!pages[0] || (cross_page_boundary && !pages[1]));
877
877
878
-
local_irq_save(flags);
879
-
880
878
/*
881
879
* Map the page without the global bit, as TLB flushing is done with
882
880
* flush_tlb_mm_range(), which is intended for non-global PTEs.
···
890
892
* This must not fail; preallocated in poking_init().
891
893
*/
892
894
VM_BUG_ON(!ptep);
895
+
896
+
local_irq_save(flags);
893
897
894
898
pte = mk_pte(pages[0], pgprot);
895
899
set_pte_at(poking_mm, poking_addr, ptep, pte);
···
942
942
*/
943
943
BUG_ON(memcmp(addr, opcode, len));
944
944
945
-
pte_unmap_unlock(ptep, ptl);
946
945
local_irq_restore(flags);
946
+
pte_unmap_unlock(ptep, ptl);
947
947
return addr;
948
948
}
949
949
+4
-8
arch/x86/kernel/cpu/acrn.c
+4
-8
arch/x86/kernel/cpu/acrn.c
···
11
11
12
12
#include <linux/interrupt.h>
13
13
#include <asm/apic.h>
14
+
#include <asm/cpufeatures.h>
14
15
#include <asm/desc.h>
15
16
#include <asm/hypervisor.h>
16
17
#include <asm/idtentry.h>
17
18
#include <asm/irq_regs.h>
18
19
19
-
static uint32_t __init acrn_detect(void)
20
+
static u32 __init acrn_detect(void)
20
21
{
21
-
return hypervisor_cpuid_base("ACRNACRNACRN\0\0", 0);
22
+
return hypervisor_cpuid_base("ACRNACRNACRN", 0);
22
23
}
23
24
24
25
static void __init acrn_init_platform(void)
···
30
29
31
30
static bool acrn_x2apic_available(void)
32
31
{
33
-
/*
34
-
* x2apic is not supported for now. Future enablement will have to check
35
-
* X86_FEATURE_X2APIC to determine whether x2apic is supported in the
36
-
* guest.
37
-
*/
38
-
return false;
32
+
return boot_cpu_has(X86_FEATURE_X2APIC);
39
33
}
40
34
41
35
static void (*acrn_intr_handler)(void);
+7
-1
arch/x86/kernel/cpu/bugs.c
+7
-1
arch/x86/kernel/cpu/bugs.c
···
31
31
#include <asm/intel-family.h>
32
32
#include <asm/e820/api.h>
33
33
#include <asm/hypervisor.h>
34
+
#include <asm/tlbflush.h>
34
35
35
36
#include "cpu.h"
36
37
···
1550
1549
1551
1550
static ssize_t itlb_multihit_show_state(char *buf)
1552
1551
{
1553
-
if (itlb_multihit_kvm_mitigation)
1552
+
if (!boot_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) ||
1553
+
!boot_cpu_has(X86_FEATURE_VMX))
1554
+
return sprintf(buf, "KVM: Mitigation: VMX unsupported\n");
1555
+
else if (!(cr4_read_shadow() & X86_CR4_VMXE))
1556
+
return sprintf(buf, "KVM: Mitigation: VMX disabled\n");
1557
+
else if (itlb_multihit_kvm_mitigation)
1554
1558
return sprintf(buf, "KVM: Mitigation: Split huge pages\n");
1555
1559
else
1556
1560
return sprintf(buf, "KVM: Vulnerable\n");
+1
-1
arch/x86/kernel/crash.c
+1
-1
arch/x86/kernel/crash.c
+32
-1
arch/x86/kernel/fpu/xstate.c
+32
-1
arch/x86/kernel/fpu/xstate.c
···
611
611
* This essentially double-checks what the cpu told us about
612
612
* how large the XSAVE buffer needs to be. We are recalculating
613
613
* it to be safe.
614
+
*
615
+
* Dynamic XSAVE features allocate their own buffers and are not
616
+
* covered by these checks. Only the size of the buffer for task->fpu
617
+
* is checked here.
614
618
*/
615
619
static void do_extra_xstate_size_checks(void)
616
620
{
···
677
673
return ebx;
678
674
}
679
675
676
+
/*
677
+
* Get the total size of the enabled xstates without the dynamic supervisor
678
+
* features.
679
+
*/
680
+
static unsigned int __init get_xsaves_size_no_dynamic(void)
681
+
{
682
+
u64 mask = xfeatures_mask_dynamic();
683
+
unsigned int size;
684
+
685
+
if (!mask)
686
+
return get_xsaves_size();
687
+
688
+
/* Disable dynamic features. */
689
+
wrmsrl(MSR_IA32_XSS, xfeatures_mask_supervisor());
690
+
691
+
/*
692
+
* Ask the hardware what size is required of the buffer.
693
+
* This is the size required for the task->fpu buffer.
694
+
*/
695
+
size = get_xsaves_size();
696
+
697
+
/* Re-enable dynamic features so XSAVES will work on them again. */
698
+
wrmsrl(MSR_IA32_XSS, xfeatures_mask_supervisor() | mask);
699
+
700
+
return size;
701
+
}
702
+
680
703
static unsigned int __init get_xsave_size(void)
681
704
{
682
705
unsigned int eax, ebx, ecx, edx;
···
741
710
xsave_size = get_xsave_size();
742
711
743
712
if (boot_cpu_has(X86_FEATURE_XSAVES))
744
-
possible_xstate_size = get_xsaves_size();
713
+
possible_xstate_size = get_xsaves_size_no_dynamic();
745
714
else
746
715
possible_xstate_size = xsave_size;
747
716
+7
-2
arch/x86/kernel/tsc_msr.c
+7
-2
arch/x86/kernel/tsc_msr.c
···
134
134
.mask = 0x0f,
135
135
};
136
136
137
-
/* 24 MHz crystal? : 24 * 13 / 4 = 78 MHz */
137
+
/*
138
+
* 24 MHz crystal? : 24 * 13 / 4 = 78 MHz
139
+
* Frequency step for Lightning Mountain SoC is fixed to 78 MHz,
140
+
* so all the frequency entries are 78000.
141
+
*/
138
142
static const struct freq_desc freq_desc_lgm = {
139
143
.use_msr_plat = true,
140
-
.freqs = { 78000, 78000, 78000, 78000, 78000, 78000, 78000, 78000 },
144
+
.freqs = { 78000, 78000, 78000, 78000, 78000, 78000, 78000, 78000,
145
+
78000, 78000, 78000, 78000, 78000, 78000, 78000, 78000 },
141
146
.mask = 0x0f,
142
147
};
143
148
+4
-1
arch/x86/purgatory/Makefile
+4
-1
arch/x86/purgatory/Makefile
···
32
32
# make up the standalone purgatory.ro
33
33
34
34
PURGATORY_CFLAGS_REMOVE := -mcmodel=kernel
35
-
PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss
35
+
PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss -g0
36
36
PURGATORY_CFLAGS += $(DISABLE_STACKLEAK_PLUGIN) -DDISABLE_BRANCH_PROFILING
37
37
PURGATORY_CFLAGS += -fno-stack-protector
38
38
···
63
63
64
64
CFLAGS_REMOVE_string.o += $(PURGATORY_CFLAGS_REMOVE)
65
65
CFLAGS_string.o += $(PURGATORY_CFLAGS)
66
+
67
+
AFLAGS_REMOVE_setup-x86_$(BITS).o += -Wa,-gdwarf-2
68
+
AFLAGS_REMOVE_entry64.o += -Wa,-gdwarf-2
66
69
67
70
$(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE
68
71
$(call if_changed,ld)
+26
-15
kernel/kexec_file.c
+26
-15
kernel/kexec_file.c
···
1169
1169
unsigned long long mstart, unsigned long long mend)
1170
1170
{
1171
1171
int i, j;
1172
-
unsigned long long start, end;
1172
+
unsigned long long start, end, p_start, p_end;
1173
1173
struct crash_mem_range temp_range = {0, 0};
1174
1174
1175
1175
for (i = 0; i < mem->nr_ranges; i++) {
1176
1176
start = mem->ranges[i].start;
1177
1177
end = mem->ranges[i].end;
1178
+
p_start = mstart;
1179
+
p_end = mend;
1178
1180
1179
1181
if (mstart > end || mend < start)
1180
1182
continue;
1181
1183
1182
1184
/* Truncate any area outside of range */
1183
1185
if (mstart < start)
1184
-
mstart = start;
1186
+
p_start = start;
1185
1187
if (mend > end)
1186
-
mend = end;
1188
+
p_end = end;
1187
1189
1188
1190
/* Found completely overlapping range */
1189
-
if (mstart == start && mend == end) {
1191
+
if (p_start == start && p_end == end) {
1190
1192
mem->ranges[i].start = 0;
1191
1193
mem->ranges[i].end = 0;
1192
1194
if (i < mem->nr_ranges - 1) {
···
1199
1197
mem->ranges[j].end =
1200
1198
mem->ranges[j+1].end;
1201
1199
}
1200
+
1201
+
/*
1202
+
* Continue to check if there are another overlapping ranges
1203
+
* from the current position because of shifting the above
1204
+
* mem ranges.
1205
+
*/
1206
+
i--;
1207
+
mem->nr_ranges--;
1208
+
continue;
1202
1209
}
1203
1210
mem->nr_ranges--;
1204
1211
return 0;
1205
1212
}
1206
1213
1207
-
if (mstart > start && mend < end) {
1214
+
if (p_start > start && p_end < end) {
1208
1215
/* Split original range */
1209
-
mem->ranges[i].end = mstart - 1;
1210
-
temp_range.start = mend + 1;
1216
+
mem->ranges[i].end = p_start - 1;
1217
+
temp_range.start = p_end + 1;
1211
1218
temp_range.end = end;
1212
-
} else if (mstart != start)
1213
-
mem->ranges[i].end = mstart - 1;
1219
+
} else if (p_start != start)
1220
+
mem->ranges[i].end = p_start - 1;
1214
1221
else
1215
-
mem->ranges[i].start = mend + 1;
1222
+
mem->ranges[i].start = p_end + 1;
1216
1223
break;
1217
1224
}
1218
1225
···
1258
1247
unsigned long long notes_addr;
1259
1248
unsigned long mstart, mend;
1260
1249
1261
-
/* extra phdr for vmcoreinfo elf note */
1250
+
/* extra phdr for vmcoreinfo ELF note */
1262
1251
nr_phdr = nr_cpus + 1;
1263
1252
nr_phdr += mem->nr_ranges;
1264
1253
···
1266
1255
* kexec-tools creates an extra PT_LOAD phdr for kernel text mapping
1267
1256
* area (for example, ffffffff80000000 - ffffffffa0000000 on x86_64).
1268
1257
* I think this is required by tools like gdb. So same physical
1269
-
* memory will be mapped in two elf headers. One will contain kernel
1258
+
* memory will be mapped in two ELF headers. One will contain kernel
1270
1259
* text virtual addresses and other will have __va(physical) addresses.
1271
1260
*/
1272
1261
···
1293
1282
ehdr->e_ehsize = sizeof(Elf64_Ehdr);
1294
1283
ehdr->e_phentsize = sizeof(Elf64_Phdr);
1295
1284
1296
-
/* Prepare one phdr of type PT_NOTE for each present cpu */
1285
+
/* Prepare one phdr of type PT_NOTE for each present CPU */
1297
1286
for_each_present_cpu(cpu) {
1298
1287
phdr->p_type = PT_NOTE;
1299
1288
notes_addr = per_cpu_ptr_to_phys(per_cpu_ptr(crash_notes, cpu));
···
1335
1324
phdr->p_filesz = phdr->p_memsz = mend - mstart + 1;
1336
1325
phdr->p_align = 0;
1337
1326
ehdr->e_phnum++;
1338
-
phdr++;
1339
-
pr_debug("Crash PT_LOAD elf header. phdr=%p vaddr=0x%llx, paddr=0x%llx, sz=0x%llx e_phnum=%d p_offset=0x%llx\n",
1327
+
pr_debug("Crash PT_LOAD ELF header. phdr=%p vaddr=0x%llx, paddr=0x%llx, sz=0x%llx e_phnum=%d p_offset=0x%llx\n",
1340
1328
phdr, phdr->p_vaddr, phdr->p_paddr, phdr->p_filesz,
1341
1329
ehdr->e_phnum, phdr->p_offset);
1330
+
phdr++;
1342
1331
}
1343
1332
1344
1333
*addr = buf;