Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'x86-urgent-2023-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull misc x86 fixes from Ingo Molnar:
- Fix a kexec bug
- Fix an UML build bug
- Fix a handful of SRSO related bugs
- Fix a shadow stacks handling bug & robustify related code
* tag 'x86-urgent-2023-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/shstk: Add warning for shadow stack double unmap
x86/shstk: Remove useless clone error handling
x86/shstk: Handle vfork clone failure correctly
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
x86/srso: Don't probe microcode in a guest
x86/srso: Set CPUID feature bits independently of bug or mitigation status
x86/srso: Fix srso_show_state() side effect
x86/asm: Fix build of UML with KASAN
x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
+56
-55
+7
arch/x86/include/asm/linkage.h
+7
arch/x86/include/asm/linkage.h
···
105
105
CFI_POST_PADDING \
106
106
SYM_FUNC_END(__cfi_##name)
107
107
108
+
/* UML needs to be able to override memcpy() and friends for KASAN. */
109
+
#ifdef CONFIG_UML
110
+
# define SYM_FUNC_ALIAS_MEMFUNC SYM_FUNC_ALIAS_WEAK
111
+
#else
112
+
# define SYM_FUNC_ALIAS_MEMFUNC SYM_FUNC_ALIAS
113
+
#endif
114
+
108
115
/* SYM_TYPED_FUNC_START -- use for indirectly called globals, w/ CFI type */
109
116
#define SYM_TYPED_FUNC_START(name) \
110
117
SYM_TYPED_START(name, SYM_L_GLOBAL, SYM_F_ALIGN) \
+1
-2
arch/x86/include/asm/mmu_context.h
+1
-2
arch/x86/include/asm/mmu_context.h
-2
arch/x86/include/asm/processor.h
-2
arch/x86/include/asm/processor.h
···
683
683
#ifdef CONFIG_CPU_SUP_AMD
684
684
extern u32 amd_get_nodes_per_socket(void);
685
685
extern u32 amd_get_highest_perf(void);
686
-
extern bool cpu_has_ibpb_brtype_microcode(void);
687
686
extern void amd_clear_divider(void);
688
687
extern void amd_check_microcode(void);
689
688
#else
690
689
static inline u32 amd_get_nodes_per_socket(void) { return 0; }
691
690
static inline u32 amd_get_highest_perf(void) { return 0; }
692
-
static inline bool cpu_has_ibpb_brtype_microcode(void) { return false; }
693
691
static inline void amd_clear_divider(void) { }
694
692
static inline void amd_check_microcode(void) { }
695
693
#endif
+9
-19
arch/x86/kernel/cpu/amd.c
+9
-19
arch/x86/kernel/cpu/amd.c
···
766
766
767
767
if (cpu_has(c, X86_FEATURE_TOPOEXT))
768
768
smp_num_siblings = ((cpuid_ebx(0x8000001e) >> 8) & 0xff) + 1;
769
+
770
+
if (!cpu_has(c, X86_FEATURE_HYPERVISOR) && !cpu_has(c, X86_FEATURE_IBPB_BRTYPE)) {
771
+
if (c->x86 == 0x17 && boot_cpu_has(X86_FEATURE_AMD_IBPB))
772
+
setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);
773
+
else if (c->x86 >= 0x19 && !wrmsrl_safe(MSR_IA32_PRED_CMD, PRED_CMD_SBPB)) {
774
+
setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);
775
+
setup_force_cpu_cap(X86_FEATURE_SBPB);
776
+
}
777
+
}
769
778
}
770
779
771
780
static void init_amd_k8(struct cpuinfo_x86 *c)
···
1308
1299
void amd_check_microcode(void)
1309
1300
{
1310
1301
on_each_cpu(zenbleed_check_cpu, NULL, 1);
1311
-
}
1312
-
1313
-
bool cpu_has_ibpb_brtype_microcode(void)
1314
-
{
1315
-
switch (boot_cpu_data.x86) {
1316
-
/* Zen1/2 IBPB flushes branch type predictions too. */
1317
-
case 0x17:
1318
-
return boot_cpu_has(X86_FEATURE_AMD_IBPB);
1319
-
case 0x19:
1320
-
/* Poke the MSR bit on Zen3/4 to check its presence. */
1321
-
if (!wrmsrl_safe(MSR_IA32_PRED_CMD, PRED_CMD_SBPB)) {
1322
-
setup_force_cpu_cap(X86_FEATURE_SBPB);
1323
-
return true;
1324
-
} else {
1325
-
return false;
1326
-
}
1327
-
default:
1328
-
return false;
1329
-
}
1330
1302
}
1331
1303
1332
1304
/*
+3
-14
arch/x86/kernel/cpu/bugs.c
+3
-14
arch/x86/kernel/cpu/bugs.c
···
2404
2404
2405
2405
static void __init srso_select_mitigation(void)
2406
2406
{
2407
-
bool has_microcode;
2407
+
bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);
2408
2408
2409
2409
if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off())
2410
2410
goto pred_cmd;
2411
2411
2412
-
/*
2413
-
* The first check is for the kernel running as a guest in order
2414
-
* for guests to verify whether IBPB is a viable mitigation.
2415
-
*/
2416
-
has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE) || cpu_has_ibpb_brtype_microcode();
2417
2412
if (!has_microcode) {
2418
2413
pr_warn("IBPB-extending microcode not applied!\n");
2419
2414
pr_warn(SRSO_NOTICE);
2420
2415
} else {
2421
-
/*
2422
-
* Enable the synthetic (even if in a real CPUID leaf)
2423
-
* flags for guests.
2424
-
*/
2425
-
setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);
2426
-
2427
2416
/*
2428
2417
* Zen1/2 with SMT off aren't vulnerable after the right
2429
2418
* IBPB microcode has been applied.
···
2433
2444
2434
2445
switch (srso_cmd) {
2435
2446
case SRSO_CMD_OFF:
2436
-
return;
2447
+
goto pred_cmd;
2437
2448
2438
2449
case SRSO_CMD_MICROCODE:
2439
2450
if (has_microcode) {
···
2706
2717
2707
2718
return sysfs_emit(buf, "%s%s\n",
2708
2719
srso_strings[srso_mitigation],
2709
-
(cpu_has_ibpb_brtype_microcode() ? "" : ", no microcode"));
2720
+
boot_cpu_has(X86_FEATURE_IBPB_BRTYPE) ? "" : ", no microcode");
2710
2721
}
2711
2722
2712
2723
static ssize_t gds_show_state(char *buf)
-7
arch/x86/kernel/process.c
-7
arch/x86/kernel/process.c
···
257
257
if (!ret && unlikely(test_tsk_thread_flag(current, TIF_IO_BITMAP)))
258
258
io_bitmap_share(p);
259
259
260
-
/*
261
-
* If copy_thread() if failing, don't leak the shadow stack possibly
262
-
* allocated in shstk_alloc_thread_stack() above.
263
-
*/
264
-
if (ret)
265
-
shstk_free(p);
266
-
267
260
return ret;
268
261
}
269
262
+2
-6
arch/x86/kernel/setup.c
+2
-6
arch/x86/kernel/setup.c
···
358
358
#if defined(CONFIG_HAVE_IMA_KEXEC) && !defined(CONFIG_OF_FLATTREE)
359
359
int __init ima_free_kexec_buffer(void)
360
360
{
361
-
int rc;
362
-
363
361
if (!ima_kexec_buffer_size)
364
362
return -ENOENT;
365
363
366
-
rc = memblock_phys_free(ima_kexec_buffer_phys,
367
-
ima_kexec_buffer_size);
368
-
if (rc)
369
-
return rc;
364
+
memblock_free_late(ima_kexec_buffer_phys,
365
+
ima_kexec_buffer_size);
370
366
371
367
ima_kexec_buffer_phys = 0;
372
368
ima_kexec_buffer_size = 0;
+31
-2
arch/x86/kernel/shstk.c
+31
-2
arch/x86/kernel/shstk.c
···
205
205
return 0;
206
206
207
207
/*
208
-
* For CLONE_VM, except vfork, the child needs a separate shadow
208
+
* For CLONE_VFORK the child will share the parents shadow stack.
209
+
* Make sure to clear the internal tracking of the thread shadow
210
+
* stack so the freeing logic run for child knows to leave it alone.
211
+
*/
212
+
if (clone_flags & CLONE_VFORK) {
213
+
shstk->base = 0;
214
+
shstk->size = 0;
215
+
return 0;
216
+
}
217
+
218
+
/*
219
+
* For !CLONE_VM the child will use a copy of the parents shadow
209
220
* stack.
210
221
*/
211
-
if ((clone_flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM)
222
+
if (!(clone_flags & CLONE_VM))
212
223
return 0;
213
224
214
225
size = adjust_shstk_size(stack_size);
···
419
408
if (!tsk->mm || tsk->mm != current->mm)
420
409
return;
421
410
411
+
/*
412
+
* If shstk->base is NULL, then this task is not managing its
413
+
* own shadow stack (CLONE_VFORK). So skip freeing it.
414
+
*/
415
+
if (!shstk->base)
416
+
return;
417
+
418
+
/*
419
+
* shstk->base is NULL for CLONE_VFORK child tasks, and so is
420
+
* normal. But size = 0 on a shstk->base is not normal and
421
+
* indicated an attempt to free the thread shadow stack twice.
422
+
* Warn about it.
423
+
*/
424
+
if (WARN_ON(!shstk->size))
425
+
return;
426
+
422
427
unmap_shadow_stack(shstk->base, shstk->size);
428
+
429
+
shstk->size = 0;
423
430
}
424
431
425
432
static int wrss_control(bool enable)
+1
-1
arch/x86/lib/memcpy_64.S
+1
-1
arch/x86/lib/memcpy_64.S
+1
-1
arch/x86/lib/memmove_64.S
+1
-1
arch/x86/lib/memmove_64.S