From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A628C433EF for ; Mon, 21 Mar 2022 13:58:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348460AbiCUN5z (ORCPT ); Mon, 21 Mar 2022 09:57:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348332AbiCUN4c (ORCPT ); Mon, 21 Mar 2022 09:56:32 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB90316F06E; Mon, 21 Mar 2022 06:54:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 28B00B81644; Mon, 21 Mar 2022 13:54:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B6A4C340E8; Mon, 21 Mar 2022 13:54:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870895; bh=wRlbELFcSaNKD9S2F10d7gbg4M2/MDxgsTY8gQvkjOM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JwoUBJZBlQL4uf5Zk5YJ+Dos/CzvSGY9UGnoICiS0X4u1xs4UCBVY/XJZj+z1qrCz BfAL9ZBICIKcfKWLQd4gYLpIPkZQKX0OBQ5bbKCt7555wWQ+E1OS8wMjLXT+8Jve29 jJYxkJ/Qu2wtN+4Xg5LrwdLxy9aX4V1ko/Ltxosg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kai Lueke , Steffen Klassert Subject: [PATCH 4.19 01/57] Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" Date: Mon, 21 Mar 2022 14:51:42 +0100 Message-Id: <20220321133222.028331018@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kai Lueke commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see https://github.com/cilium/cilium/pull/18789 and https://github.com/cilium/cilium/pull/19019). Signed-off-by: Kai Lueke Signed-off-by: Steffen Klassert Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/xfrm/xfrm_user.c | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -620,13 +620,8 @@ static struct xfrm_state *xfrm_state_con =20 xfrm_smark_init(attrs, &x->props.smark); =20 - if (attrs[XFRMA_IF_ID]) { + if (attrs[XFRMA_IF_ID]) x->if_id =3D nla_get_u32(attrs[XFRMA_IF_ID]); - if (!x->if_id) { - err =3D -EINVAL; - goto error; - } - } =20 err =3D __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]); if (err) @@ -1332,13 +1327,8 @@ static int xfrm_alloc_userspi(struct sk_ =20 mark =3D xfrm_mark_get(attrs, &m); =20 - if (attrs[XFRMA_IF_ID]) { + if (attrs[XFRMA_IF_ID]) if_id =3D nla_get_u32(attrs[XFRMA_IF_ID]); - if (!if_id) { - err =3D -EINVAL; - goto out_noput; - } - } =20 if (p->info.seq) { x =3D xfrm_find_acq_byseq(net, mark, p->info.seq); @@ -1640,13 +1630,8 @@ static struct xfrm_policy *xfrm_policy_c =20 xfrm_mark_get(attrs, &xp->mark); =20 - if (attrs[XFRMA_IF_ID]) { + if (attrs[XFRMA_IF_ID]) xp->if_id =3D nla_get_u32(attrs[XFRMA_IF_ID]); - if (!xp->if_id) { - err =3D -EINVAL; - goto error; - } - } =20 return xp; error: From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D89B3C433EF for ; Mon, 21 Mar 2022 13:59:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348489AbiCUOA2 (ORCPT ); Mon, 21 Mar 2022 10:00:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348452AbiCUN5y (ORCPT ); Mon, 21 Mar 2022 09:57:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B07B1770B6; Mon, 21 Mar 2022 06:55:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8B132612AB; Mon, 21 Mar 2022 13:55:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9B6AFC340E8; Mon, 21 Mar 2022 13:55:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870927; bh=dy8PW5AEdiEoildx1nD3DQnzreCRWT9CJl1QM0+Tp1I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OM2YaGYAfGEjaOG8WW30BFWO170YeTm5G8LuVOGKH6j6MR10KbD0QraKpNxkynjjn 7PCNq8m6YoOyzj4k/MkbTF4VPMnck1M6yoFkhzdmwXpj2sB0ccIiDgPPt3s00Nq+Gz GkkpJxuDnBvAbqjr7GGYietd9IEDNdCpY2slx4tY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Marcelo Ricardo Leitner , Jakub Kicinski , Ovidiu Panait Subject: [PATCH 4.19 02/57] sctp: fix the processing for INIT chunk Date: Mon, 21 Mar 2022 14:51:43 +0100 Message-Id: <20220321133222.057634450@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Xin Long commit eae5783908042a762c24e1bd11876edb91d314b1 upstream. This patch fixes the problems below: 1. In non-shutdown_ack_sent states: in sctp_sf_do_5_1B_init() and sctp_sf_do_5_2_2_dupinit(): chunk length check should be done before any checks that may cause to send abort, as making packet for abort will access the init_tag from init_hdr in sctp_ootb_pkt_new(). 2. In shutdown_ack_sent state: in sctp_sf_do_9_2_reshutack(): The same checks as does in sctp_sf_do_5_2_2_dupinit() is needed for sctp_sf_do_9_2_reshutack(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: Jakub Kicinski Signed-off-by: Ovidiu Panait Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/sctp/sm_statefuns.c | 71 +++++++++++++++++++++++++++++++------------= ----- 1 file changed, 46 insertions(+), 25 deletions(-) --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -164,6 +164,12 @@ static enum sctp_disposition __sctp_sf_d void *arg, struct sctp_cmd_seq *commands); =20 +static enum sctp_disposition +__sctp_sf_do_9_2_reshutack(struct net *net, const struct sctp_endpoint *ep, + const struct sctp_association *asoc, + const union sctp_subtype type, void *arg, + struct sctp_cmd_seq *commands); + /* Small helper function that checks if the chunk length * is of the appropriate length. The 'required_length' argument * is set to be the size of a specific chunk we are testing. @@ -345,6 +351,14 @@ enum sctp_disposition sctp_sf_do_5_1B_in if (!chunk->singleton) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 + /* Make sure that the INIT chunk has a valid length. + * Normally, this would cause an ABORT with a Protocol Violation + * error, but since we don't have an association, we'll + * just discard the packet. + */ + if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_init_chunk))) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* If the packet is an OOTB packet which is temporarily on the * control endpoint, respond with an ABORT. */ @@ -359,14 +373,6 @@ enum sctp_disposition sctp_sf_do_5_1B_in if (chunk->sctp_hdr->vtag !=3D 0) return sctp_sf_tabort_8_4_8(net, ep, asoc, type, arg, commands); =20 - /* Make sure that the INIT chunk has a valid length. - * Normally, this would cause an ABORT with a Protocol Violation - * error, but since we don't have an association, we'll - * just discard the packet. - */ - if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_init_chunk))) - return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); - /* If the INIT is coming toward a closing socket, we'll send back * and ABORT. Essentially, this catches the race of INIT being * backloged to the socket at the same time as the user isses close(). @@ -1499,19 +1505,16 @@ static enum sctp_disposition sctp_sf_do_ if (!chunk->singleton) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 + /* Make sure that the INIT chunk has a valid length. */ + if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_init_chunk))) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* 3.1 A packet containing an INIT chunk MUST have a zero Verification * Tag. */ if (chunk->sctp_hdr->vtag !=3D 0) return sctp_sf_tabort_8_4_8(net, ep, asoc, type, arg, commands); =20 - /* Make sure that the INIT chunk has a valid length. - * In this case, we generate a protocol violation since we have - * an association established. - */ - if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_init_chunk))) - return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, - commands); /* Grab the INIT header. */ chunk->subh.init_hdr =3D (struct sctp_inithdr *)chunk->skb->data; =20 @@ -1829,9 +1832,9 @@ static enum sctp_disposition sctp_sf_do_ * its peer. */ if (sctp_state(asoc, SHUTDOWN_ACK_SENT)) { - disposition =3D sctp_sf_do_9_2_reshutack(net, ep, asoc, - SCTP_ST_CHUNK(chunk->chunk_hdr->type), - chunk, commands); + disposition =3D __sctp_sf_do_9_2_reshutack(net, ep, asoc, + SCTP_ST_CHUNK(chunk->chunk_hdr->type), + chunk, commands); if (SCTP_DISPOSITION_NOMEM =3D=3D disposition) goto nomem; =20 @@ -2930,13 +2933,11 @@ enum sctp_disposition sctp_sf_do_9_2_shu * that belong to this association, it should discard the INIT chunk and * retransmit the SHUTDOWN ACK chunk. */ -enum sctp_disposition sctp_sf_do_9_2_reshutack( - struct net *net, - const struct sctp_endpoint *ep, - const struct sctp_association *asoc, - const union sctp_subtype type, - void *arg, - struct sctp_cmd_seq *commands) +static enum sctp_disposition +__sctp_sf_do_9_2_reshutack(struct net *net, const struct sctp_endpoint *ep, + const struct sctp_association *asoc, + const union sctp_subtype type, void *arg, + struct sctp_cmd_seq *commands) { struct sctp_chunk *chunk =3D arg; struct sctp_chunk *reply; @@ -2970,6 +2971,26 @@ nomem: return SCTP_DISPOSITION_NOMEM; } =20 +enum sctp_disposition +sctp_sf_do_9_2_reshutack(struct net *net, const struct sctp_endpoint *ep, + const struct sctp_association *asoc, + const union sctp_subtype type, void *arg, + struct sctp_cmd_seq *commands) +{ + struct sctp_chunk *chunk =3D arg; + + if (!chunk->singleton) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + + if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_init_chunk))) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + + if (chunk->sctp_hdr->vtag !=3D 0) + return sctp_sf_tabort_8_4_8(net, ep, asoc, type, arg, commands); + + return __sctp_sf_do_9_2_reshutack(net, ep, asoc, type, arg, commands); +} + /* * sctp_sf_do_ecn_cwr * From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCD83C433EF for ; Mon, 21 Mar 2022 14:05:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346451AbiCUOGc (ORCPT ); Mon, 21 Mar 2022 10:06:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348763AbiCUN6R (ORCPT ); Mon, 21 Mar 2022 09:58:17 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 748CB17A2F2; Mon, 21 Mar 2022 06:56:26 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B0715B816D9; Mon, 21 Mar 2022 13:55:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1886DC340ED; Mon, 21 Mar 2022 13:55:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870957; bh=kK/F+vYxZ+uksPmumGW61gK5DR/BLBFZmWV0K6jQ9VM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fhABuBVL4azGmTl/Vj39wq5D9+Yu5Q1kqwC7GMepjemqWaJd5MKEaMjjFD5XYgfg2 AnRk+50oW3WGzDkG+pK1qyOiP3QK9wChQgMJHffVLIwx5mL4OR2YSleYM98UsaKFtm 0CBh3kQZi3CeFuT66HNymd5F0osXr62cWdf1DrbU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Marcelo Ricardo Leitner , Jakub Kicinski , Ovidiu Panait Subject: [PATCH 4.19 03/57] sctp: fix the processing for INIT_ACK chunk Date: Mon, 21 Mar 2022 14:51:44 +0100 Message-Id: <20220321133222.085585303@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Xin Long commit 438b95a7c98f77d51cbf4db021f41b602d750a3f upstream. Currently INIT_ACK chunk in non-cookie_echoed state is processed in sctp_sf_discard_chunk() to send an abort with the existent asoc's vtag if the chunk length is not valid. But the vtag in the chunk's sctphdr is not verified, which may be exploited by one to cook a malicious chunk to terminal a SCTP asoc. sctp_sf_discard_chunk() also is called in many other places to send an abort, and most of those have this problem. This patch is to fix it by sending abort with the existent asoc's vtag only if the vtag from the chunk's sctphdr is verified in sctp_sf_discard_chunk(). Note on sctp_sf_do_9_1_abort() and sctp_sf_shutdown_pending_abort(), the chunk length has been verified before sctp_sf_discard_chunk(), so replace it with sctp_sf_discard(). On sctp_sf_do_asconf_ack() and sctp_sf_do_asconf(), move the sctp_chunk_length_valid check ahead of sctp_sf_discard_chunk(), then replace it with sctp_sf_discard(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: Jakub Kicinski Signed-off-by: Ovidiu Panait Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/sctp/sm_statefuns.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -2304,7 +2304,7 @@ enum sctp_disposition sctp_sf_shutdown_p */ if (SCTP_ADDR_DEL =3D=3D sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) - return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands); + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 if (!sctp_err_chunk_valid(chunk)) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); @@ -2350,7 +2350,7 @@ enum sctp_disposition sctp_sf_shutdown_s */ if (SCTP_ADDR_DEL =3D=3D sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) - return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands); + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 if (!sctp_err_chunk_valid(chunk)) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); @@ -2620,7 +2620,7 @@ enum sctp_disposition sctp_sf_do_9_1_abo */ if (SCTP_ADDR_DEL =3D=3D sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) - return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands); + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 if (!sctp_err_chunk_valid(chunk)) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); @@ -3787,6 +3787,11 @@ enum sctp_disposition sctp_sf_do_asconf( return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); } =20 + /* Make sure that the ASCONF ADDIP chunk has a valid length. */ + if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_addip_chunk))) + return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, + commands); + /* ADD-IP: Section 4.1.1 * This chunk MUST be sent in an authenticated way by using * the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk @@ -3794,13 +3799,7 @@ enum sctp_disposition sctp_sf_do_asconf( * described in [I-D.ietf-tsvwg-sctp-auth]. */ if (!net->sctp.addip_noauth && !chunk->auth) - return sctp_sf_discard_chunk(net, ep, asoc, type, arg, - commands); - - /* Make sure that the ASCONF ADDIP chunk has a valid length. */ - if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_addip_chunk))) - return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, - commands); + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 hdr =3D (struct sctp_addiphdr *)chunk->skb->data; serial =3D ntohl(hdr->serial); @@ -3929,6 +3928,12 @@ enum sctp_disposition sctp_sf_do_asconf_ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); } =20 + /* Make sure that the ADDIP chunk has a valid length. */ + if (!sctp_chunk_length_valid(asconf_ack, + sizeof(struct sctp_addip_chunk))) + return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, + commands); + /* ADD-IP, Section 4.1.2: * This chunk MUST be sent in an authenticated way by using * the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk @@ -3936,14 +3941,7 @@ enum sctp_disposition sctp_sf_do_asconf_ * described in [I-D.ietf-tsvwg-sctp-auth]. */ if (!net->sctp.addip_noauth && !asconf_ack->auth) - return sctp_sf_discard_chunk(net, ep, asoc, type, arg, - commands); - - /* Make sure that the ADDIP chunk has a valid length. */ - if (!sctp_chunk_length_valid(asconf_ack, - sizeof(struct sctp_addip_chunk))) - return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, - commands); + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); =20 addip_hdr =3D (struct sctp_addiphdr *)asconf_ack->skb->data; rcvd_serial =3D ntohl(addip_hdr->serial); @@ -4515,6 +4513,9 @@ enum sctp_disposition sctp_sf_discard_ch { struct sctp_chunk *chunk =3D arg; =20 + if (asoc && !sctp_vtag_verify(chunk, asoc)) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* Make sure that the chunk has a valid length. * Since we don't know the chunk type, we use a general * chunkhdr structure to make a comparison. From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81E1EC433F5 for ; Mon, 21 Mar 2022 14:00:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348604AbiCUOBl (ORCPT ); Mon, 21 Mar 2022 10:01:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348794AbiCUN6S (ORCPT ); Mon, 21 Mar 2022 09:58:18 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6613F173F54; Mon, 21 Mar 2022 06:56:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 934656126E; Mon, 21 Mar 2022 13:56:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9F8FBC340E8; Mon, 21 Mar 2022 13:56:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870963; bh=10wANgwzmiNzFyQP4bLaTsKFebgCJe7LYW36iJXwyCE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bzkI5e3Xa7W87kdWEc1psIt6Blrlp7vZuQLydx3tluHtwVigdlwY/+XAXsox7lspK qt1jYQ6pqpExYK3pOWFuz5wjaKK0g3yAFLcPYDwT7fW+vmhR5g5VeIsE7i6zBWxWlM OO4fUQG5W2n14CFA3e1dhixjw64UTHijaoe0bsGs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yan Yan , Steffen Klassert , Sasha Levin Subject: [PATCH 4.19 04/57] xfrm: Check if_id in xfrm_migrate Date: Mon, 21 Mar 2022 14:51:45 +0100 Message-Id: <20220321133222.115204973@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Yan Yan [ Upstream commit c1aca3080e382886e2e58e809787441984a2f89b ] This patch enables distinguishing SAs and SPs based on if_id during the xfrm_migrate flow. This ensures support for xfrm interfaces throughout the SA/SP lifecycle. When there are multiple existing SPs with the same direction, the same xfrm_selector and different endpoint addresses, xfrm_migrate might fail with ENODATA. Specifically, the code path for performing xfrm_migrate is: Stage 1: find policy to migrate with xfrm_migrate_policy_find(sel, dir, type, net) Stage 2: find and update state(s) with xfrm_migrate_state_find(mp, net) Stage 3: update endpoint address(es) of template(s) with xfrm_policy_migrate(pol, m, num_migrate) Currently "Stage 1" always returns the first xfrm_policy that matches, and "Stage 3" looks for the xfrm_tmpl that matches the old endpoint address. Thus if there are multiple xfrm_policy with same selector, direction, type and net, "Stage 1" might rertun a wrong xfrm_policy and "Stage 3" will fail with ENODATA because it cannot find a xfrm_tmpl with the matching endpoint address. The fix is to allow userspace to pass an if_id and add if_id to the matching rule in Stage 1 and Stage 2 since if_id is a unique ID for xfrm_policy and xfrm_state. For compatibility, if_id will only be checked if the attribute is set. Tested with additions to Android's kernel unit test suite: https://android-review.googlesource.com/c/kernel/tests/+/1668886 Signed-off-by: Yan Yan Signed-off-by: Steffen Klassert Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- include/net/xfrm.h | 5 +++-- net/key/af_key.c | 2 +- net/xfrm/xfrm_policy.c | 14 ++++++++------ net/xfrm/xfrm_state.c | 7 ++++++- net/xfrm/xfrm_user.c | 6 +++++- 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index fe8bed557691..a8aa2bb74ad6 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1763,14 +1763,15 @@ int km_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, const struct xfrm_migrate *m, int num_bundles, const struct xfrm_kmaddress *k, const struct xfrm_encap_tmpl *encap); -struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net); +struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, + u32 if_id); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, struct xfrm_encap_tmpl *encap); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k, struct net *net, - struct xfrm_encap_tmpl *encap); + struct xfrm_encap_tmpl *encap, u32 if_id); #endif =20 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sp= ort); diff --git a/net/key/af_key.c b/net/key/af_key.c index c7d5a6015389..388910cf0978 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2633,7 +2633,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_b= uff *skb, } =20 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i, - kma ? &k : NULL, net, NULL); + kma ? &k : NULL, net, NULL, 0); =20 out: return err; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index e9aea82f370d..ab6d0c6576a6 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -3050,7 +3050,7 @@ static bool xfrm_migrate_selector_match(const struct = xfrm_selector *sel_cmp, } =20 static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_sele= ctor *sel, - u8 dir, u8 type, struct net *net) + u8 dir, u8 type, struct net *net, u32 if_id) { struct xfrm_policy *pol, *ret =3D NULL; struct hlist_head *chain; @@ -3059,7 +3059,8 @@ static struct xfrm_policy *xfrm_migrate_policy_find(c= onst struct xfrm_selector * spin_lock_bh(&net->xfrm.xfrm_policy_lock); chain =3D policy_hash_direct(net, &sel->daddr, &sel->saddr, sel->family, = dir); hlist_for_each_entry(pol, chain, bydst) { - if (xfrm_migrate_selector_match(sel, &pol->selector) && + if ((if_id =3D=3D 0 || pol->if_id =3D=3D if_id) && + xfrm_migrate_selector_match(sel, &pol->selector) && pol->type =3D=3D type) { ret =3D pol; priority =3D ret->priority; @@ -3071,7 +3072,8 @@ static struct xfrm_policy *xfrm_migrate_policy_find(c= onst struct xfrm_selector * if ((pol->priority >=3D priority) && ret) break; =20 - if (xfrm_migrate_selector_match(sel, &pol->selector) && + if ((if_id =3D=3D 0 || pol->if_id =3D=3D if_id) && + xfrm_migrate_selector_match(sel, &pol->selector) && pol->type =3D=3D type) { ret =3D pol; break; @@ -3187,7 +3189,7 @@ static int xfrm_migrate_check(const struct xfrm_migra= te *m, int num_migrate) int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_migrate, struct xfrm_kmaddress *k, struct net *net, - struct xfrm_encap_tmpl *encap) + struct xfrm_encap_tmpl *encap, u32 if_id) { int i, err, nx_cur =3D 0, nx_new =3D 0; struct xfrm_policy *pol =3D NULL; @@ -3206,14 +3208,14 @@ int xfrm_migrate(const struct xfrm_selector *sel, u= 8 dir, u8 type, } =20 /* Stage 1 - find policy */ - if ((pol =3D xfrm_migrate_policy_find(sel, dir, type, net)) =3D=3D NULL) { + if ((pol =3D xfrm_migrate_policy_find(sel, dir, type, net, if_id)) =3D=3D= NULL) { err =3D -ENOENT; goto out; } =20 /* Stage 2 - find and update state(s) */ for (i =3D 0, mp =3D m; i < num_migrate; i++, mp++) { - if ((x =3D xfrm_migrate_state_find(mp, net))) { + if ((x =3D xfrm_migrate_state_find(mp, net, if_id))) { x_cur[nx_cur] =3D x; nx_cur++; xc =3D xfrm_state_migrate(x, mp, encap); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 44acc724122b..0fd67d1acbfb 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1466,7 +1466,8 @@ static struct xfrm_state *xfrm_state_clone(struct xfr= m_state *orig, return NULL; } =20 -struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net) +struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, + u32 if_id) { unsigned int h; struct xfrm_state *x =3D NULL; @@ -1482,6 +1483,8 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfr= m_migrate *m, struct net *n continue; if (m->reqid && x->props.reqid !=3D m->reqid) continue; + if (if_id !=3D 0 && x->if_id !=3D if_id) + continue; if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, m->old_family) || !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, @@ -1497,6 +1500,8 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfr= m_migrate *m, struct net *n if (x->props.mode !=3D m->mode || x->id.proto !=3D m->proto) continue; + if (if_id !=3D 0 && x->if_id !=3D if_id) + continue; if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, m->old_family) || !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 87932f6ad9d7..3db5cd70b16a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2369,6 +2369,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struc= t nlmsghdr *nlh, int n =3D 0; struct net *net =3D sock_net(skb->sk); struct xfrm_encap_tmpl *encap =3D NULL; + u32 if_id =3D 0; =20 if (attrs[XFRMA_MIGRATE] =3D=3D NULL) return -EINVAL; @@ -2393,7 +2394,10 @@ static int xfrm_do_migrate(struct sk_buff *skb, stru= ct nlmsghdr *nlh, return 0; } =20 - err =3D xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap); + if (attrs[XFRMA_IF_ID]) + if_id =3D nla_get_u32(attrs[XFRMA_IF_ID]); + + err =3D xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap, if_i= d); =20 kfree(encap); =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB24DC433FE for ; Mon, 21 Mar 2022 14:00:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348587AbiCUOCH (ORCPT ); Mon, 21 Mar 2022 10:02:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348668AbiCUN6J (ORCPT ); Mon, 21 Mar 2022 09:58:09 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7321116D8CD; Mon, 21 Mar 2022 06:56:07 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6D7036126A; Mon, 21 Mar 2022 13:56:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B37DC340E8; Mon, 21 Mar 2022 13:56:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870965; bh=hMg970VvUb5PCKUGsZQd1ROHCFa98Z3h1jv5K4b88c0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FVoSCaze05A3jeX0yPYQ1s/sFiWavSAzpqj+0E8xXGmE3KtXOgEggRSt3mfDHcCke K8W6gyT2baJuYSxv0JW9e0RH/DfVefk7uAznQGqa7bb8AxiDmZJ/bF/5RDGpQOdf7t 5tWrkTDen7EBCwQa91pPgl9C6OV5JMNx3dj/AFB8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yan Yan , Steffen Klassert , Sasha Levin Subject: [PATCH 4.19 05/57] xfrm: Fix xfrm migrate issues when address family changes Date: Mon, 21 Mar 2022 14:51:46 +0100 Message-Id: <20220321133222.143439763@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Yan Yan [ Upstream commit e03c3bba351f99ad932e8f06baa9da1afc418e02 ] xfrm_migrate cannot handle address family change of an xfrm_state. The symptons are the xfrm_state will be migrated to a wrong address, and sending as well as receiving packets wil be broken. This commit fixes it by breaking the original xfrm_state_clone method into two steps so as to update the props.family before running xfrm_init_state. As the result, xfrm_state's inner mode, outer mode, type and IP header length in xfrm_state_migrate can be updated with the new address family. Tested with additions to Android's kernel unit test suite: https://android-review.googlesource.com/c/kernel/tests/+/1885354 Signed-off-by: Yan Yan Signed-off-by: Steffen Klassert Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/xfrm/xfrm_state.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 0fd67d1acbfb..cf147e1837a9 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1442,9 +1442,6 @@ static struct xfrm_state *xfrm_state_clone(struct xfr= m_state *orig, memcpy(&x->mark, &orig->mark, sizeof(x->mark)); memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); =20 - if (xfrm_init_state(x) < 0) - goto error; - x->props.flags =3D orig->props.flags; x->props.extra_flags =3D orig->props.extra_flags; =20 @@ -1528,6 +1525,11 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_st= ate *x, if (!xc) return NULL; =20 + xc->props.family =3D m->new_family; + + if (xfrm_init_state(xc) < 0) + goto error; + memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49D0BC433F5 for ; Mon, 21 Mar 2022 14:00:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348512AbiCUOBw (ORCPT ); Mon, 21 Mar 2022 10:01:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348697AbiCUN6L (ORCPT ); Mon, 21 Mar 2022 09:58:11 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36E1B174B95; Mon, 21 Mar 2022 06:56:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 34558B816DA; Mon, 21 Mar 2022 13:56:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 66DF6C340E8; Mon, 21 Mar 2022 13:56:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870968; bh=i0Qo3fX/ApQqEBwCQ21tsIoIkznHhRd0w9qXkrP3dvg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xRwxjBIgz1DZMSohBg+H6dUqC6DUUeR1428WXwpZ/m1qIoqTOGx0OPXEJkL39Gdql bHR0tstl6DNhd8KKaXPj4Jieqw0pxDQADFsSohxXeK/Y8ZarwApYSlOYgH+Jg0kEUE +1P/o/5VlyLp/RloznbAuCaRaPtt61mvSgLcLJ68= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Quentin Schulz , Jakob Unterwurzacher , Quentin Schulz , Heiko Stuebner , Sasha Levin Subject: [PATCH 4.19 06/57] arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity Date: Mon, 21 Mar 2022 14:51:47 +0100 Message-Id: <20220321133222.172580326@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jakob Unterwurzacher [ Upstream commit 62966cbdda8a92f82d966a45aa671e788b2006f7 ] There are signal integrity issues running the eMMC at 200MHz on Puma RK3399-Q7. Similar to the work-around found for RK3399 Gru boards, lowering the frequency to 100MHz made the eMMC much more stable, so let's lower the frequency to 100MHz. It might be possible to run at 150MHz as on RK3399 Gru boards but only 100MHz was extensively tested. Cc: Quentin Schulz Signed-off-by: Jakob Unterwurzacher Signed-off-by: Quentin Schulz Link: https://lore.kernel.org/r/20220119134948.1444965-1-quentin.schulz@the= obroma-systems.com Signed-off-by: Heiko Stuebner Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boo= t/dts/rockchip/rk3399-puma.dtsi index b155f657292b..ce1320e4c106 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -468,6 +468,12 @@ }; =20 &sdhci { + /* + * Signal integrity isn't great at 200MHz but 100MHz has proven stable + * enough. + */ + max-frequency =3D <100000000>; + bus-width =3D <8>; mmc-hs400-1_8v; mmc-hs400-enhanced-strobe; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50F6EC433F5 for ; Mon, 21 Mar 2022 14:00:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345127AbiCUOCS (ORCPT ); Mon, 21 Mar 2022 10:02:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348835AbiCUN62 (ORCPT ); Mon, 21 Mar 2022 09:58:28 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58F211770A6; Mon, 21 Mar 2022 06:56:39 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5ACB3B816D8; Mon, 21 Mar 2022 13:56:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7C280C340E8; Mon, 21 Mar 2022 13:56:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870972; bh=xDifcOZm/t+j0w7VnqLN/RyYOdMC6/vrJJ7hnnIM74w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QpwmqLbRIkYwxZ7xP/VZyVjtgNj8JIqH7orSrYspdmdEd+6npg++OKh9DJVg8X6vi nMkheFOXsvc+5aRWkPix/xwTsjzsRbg8xRYoYuDyXd92NZvjC2oW2GrNSesYb6twEP yurDyaBytROlS7ecFerQ/b65KpvciaZ6hKr7RvmM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sascha Hauer , Heiko Stuebner , Sasha Levin Subject: [PATCH 4.19 07/57] arm64: dts: rockchip: reorder rk3399 hdmi clocks Date: Mon, 21 Mar 2022 14:51:48 +0100 Message-Id: <20220321133222.200939366@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sascha Hauer [ Upstream commit 2e8a8b5955a000cc655f7e368670518cbb77fe58 ] The binding specifies the clock order to "cec", "grf", "vpll". Reorder the clocks accordingly. Signed-off-by: Sascha Hauer Link: https://lore.kernel.org/r/20220126145549.617165-19-s.hauer@pengutroni= x.de Signed-off-by: Heiko Stuebner Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts= /rockchip/rk3399.dtsi index f70c05332686..5a60faa8e999 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi @@ -1686,10 +1686,10 @@ interrupts =3D ; clocks =3D <&cru PCLK_HDMI_CTRL>, <&cru SCLK_HDMI_SFR>, - <&cru PLL_VPLL>, + <&cru SCLK_HDMI_CEC>, <&cru PCLK_VIO_GRF>, - <&cru SCLK_HDMI_CEC>; - clock-names =3D "iahb", "isfr", "vpll", "grf", "cec"; + <&cru PLL_VPLL>; + clock-names =3D "iahb", "isfr", "cec", "grf", "vpll"; power-domains =3D <&power RK3399_PD_HDCP>; reg-io-width =3D <4>; rockchip,grf =3D <&grf>; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3511C433F5 for ; Mon, 21 Mar 2022 14:01:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348637AbiCUOC1 (ORCPT ); Mon, 21 Mar 2022 10:02:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348873AbiCUN6g (ORCPT ); Mon, 21 Mar 2022 09:58:36 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BF791770B2; Mon, 21 Mar 2022 06:56:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 47A87B816CC; Mon, 21 Mar 2022 13:56:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A3E46C340E8; Mon, 21 Mar 2022 13:56:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870975; bh=qJT4S2NpLywZTACbQpnZJg65a0QaJjD7XoQ2qhPl1hQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xQDs0Y5Au1AdiEXl57EunV1lX3NRFhn2xKOyZjT3cMltgY32HB4h8bcssvbUZb4/9 HmyFWEi7aV4sO2xMCuHM//XMMuiILPx0+ju/Iwm3C7A0gd1bdZJ8J+xFnwwTuSouxN FK5Kw+75N0GPAJ58uiLFqLpOquDAuYazkABl8oMQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Corentin Labbe , Krzysztof Kozlowski , Heiko Stuebner , Sasha Levin Subject: [PATCH 4.19 08/57] ARM: dts: rockchip: fix a typo on rk3288 crypto-controller Date: Mon, 21 Mar 2022 14:51:49 +0100 Message-Id: <20220321133222.229128337@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Corentin Labbe [ Upstream commit 3916c3619599a3970d3e6f98fb430b7c46266ada ] crypto-controller had a typo, fix it. In the same time, rename it to just crypto Signed-off-by: Corentin Labbe Acked-by: Krzysztof Kozlowski Link: https://lore.kernel.org/r/20220209120355.1985707-1-clabbe@baylibre.com Signed-off-by: Heiko Stuebner Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm/boot/dts/rk3288.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi index 2ff81f3736c8..e442bf7427ae 100644 --- a/arch/arm/boot/dts/rk3288.dtsi +++ b/arch/arm/boot/dts/rk3288.dtsi @@ -957,7 +957,7 @@ status =3D "disabled"; }; =20 - crypto: cypto-controller@ff8a0000 { + crypto: crypto@ff8a0000 { compatible =3D "rockchip,rk3288-crypto"; reg =3D <0x0 0xff8a0000 0x0 0x4000>; interrupts =3D ; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B54D5C433F5 for ; Mon, 21 Mar 2022 13:59:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348689AbiCUOBD (ORCPT ); Mon, 21 Mar 2022 10:01:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348736AbiCUN6O (ORCPT ); Mon, 21 Mar 2022 09:58:14 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 796E1179436; Mon, 21 Mar 2022 06:56:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 814F4612BC; Mon, 21 Mar 2022 13:56:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8BB49C340ED; Mon, 21 Mar 2022 13:56:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870977; bh=tegnjstHRZ4PFUmQDBGU4OOYTLpKn/6uFKjMgDVgs8Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LjxHZg68b7iWYIm4wOPdnYPAyoF9U6WBXvo9KX29+wSAugIKgJiBqKEtvifumFitS HfVSj0Q0R0R7U5aIp6M8Tpt/w6XwsHAefvGD9L3Ot+pdAKsy8nAbzpuUhLzmNzuzSy OOfPxdpjkAy46pltqAUmGJz+3EM6vs6JPy0nTP8w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexander Lobakin , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Thomas Bogendoerfer , Sasha Levin Subject: [PATCH 4.19 09/57] MIPS: smp: fill in sibling and core maps earlier Date: Mon, 21 Mar 2022 14:51:50 +0100 Message-Id: <20220321133222.257739684@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alexander Lobakin [ Upstream commit f2703def339c793674010cc9f01bfe4980231808 ] After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), 2-core 2-thread-per-core interAptiv (CPS-driven) started emitting the following: [ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi)) [ 0.048183] ------------[ cut here ]------------ [ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_cor= e_cpu_starting+0x198/0x240 [ 0.048220] Modules linked in: [ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7= b319f24073fd9a3c2aa7ad15fb7993eec0b26f [ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 0000000= 4 00000000 c314fdd1 [ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 0000000= 1 830cbd08 00000000 [ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 0000000= 0 00000000 00000000 [ 0.048334] 00000000 00000000 00000000 00000000 817f0000 0000000= 0 00000000 817f6f34 [ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 0000000= 0 4dc33260 0018c933 [ 0.048389] ... [ 0.048396] Call Trace: [ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140 [ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80 [ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4 [ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c [ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240 [ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80 [ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140 [ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140 [ 0.048523] [<8106593c>] start_secondary+0xbc/0x280 [ 0.048539] [ 0.048543] ---[ end trace 0000000000000000 ]--- [ 0.048636] Synchronize counters for CPU 1: done. ...for each but CPU 0/boot. Basic debug printks right before the mentioned line say: [ 0.048170] CPU: 1, smt_mask: So smt_mask, which is sibling mask obviously, is empty when entering the function. This is critical, as sched_core_cpu_starting() calculates core-scheduling parameters only once per CPU start, and it's crucial to have all the parameters filled in at that moment (at least it uses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` on MIPS). A bit of debugging led me to that set_cpu_sibling_map() performing the actual map calculation, was being invocated after notify_cpu_start(), and exactly the latter function starts CPU HP callback round (sched_core_cpu_starting() is basically a CPU HP callback). While the flow is same on ARM64 (maps after the notifier, although before calling set_cpu_online()), x86 started calculating sibling maps earlier than starting the CPU HP callbacks in Linux 4.14 (see [0] for the reference). Neither me nor my brief tests couldn't find any potential caveats in calculating the maps right after performing delay calibration, but the WARN splat is now gone. The very same debug prints now yield exactly what I expected from them: [ 0.048433] CPU: 1, smt_mask: 0-1 [0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?= id=3D76ce7cfe35ef Signed-off-by: Alexander Lobakin Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Thomas Bogendoerfer Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/mips/kernel/smp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/mips/kernel/smp.c b/arch/mips/kernel/smp.c index d84b9066b465..7206a6977be9 100644 --- a/arch/mips/kernel/smp.c +++ b/arch/mips/kernel/smp.c @@ -372,6 +372,9 @@ asmlinkage void start_secondary(void) cpu =3D smp_processor_id(); cpu_data[cpu].udelay_val =3D loops_per_jiffy; =20 + set_cpu_sibling_map(cpu); + set_cpu_core_map(cpu); + cpumask_set_cpu(cpu, &cpu_coherent_mask); notify_cpu_starting(cpu); =20 @@ -383,9 +386,6 @@ asmlinkage void start_secondary(void) /* The CPU is running and counters synchronised, now mark it online */ set_cpu_online(cpu, true); =20 - set_cpu_sibling_map(cpu); - set_cpu_core_map(cpu); - calculate_cpu_foreign_map(); =20 /* --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC5FAC433EF for ; Mon, 21 Mar 2022 13:56:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348407AbiCUN5t (ORCPT ); Mon, 21 Mar 2022 09:57:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45342 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348283AbiCUN4j (ORCPT ); Mon, 21 Mar 2022 09:56:39 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 893D016F6EC; Mon, 21 Mar 2022 06:55:01 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 123B3B816CA; Mon, 21 Mar 2022 13:55:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C1E5C340E8; Mon, 21 Mar 2022 13:54:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870898; bh=QmAjkaZnhFHuR7kAkoLnEzj2gPYIjIZ2GVveWQKSXBg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i2lxoQTEYlEHivooToTrTtUxOPSWqep/f/P54Ar1hl8RUp5gdAc5ERrtLgmxT1cLP EvHEpjB59B4458SyB5p6ZAc+I+rIQVsytFKFNMHP6NlNSsefOf3T7+dMDGNWF6PMnm KEoxYEXrM3UUQJebxzr0BAfPUgSSQsQpX1ZvDoA8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Julian Braha , "Russell King (Oracle)" , Sasha Levin Subject: [PATCH 4.19 10/57] ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE Date: Mon, 21 Mar 2022 14:51:51 +0100 Message-Id: <20220321133222.285203419@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Julian Braha [ Upstream commit 11c57c3ba94da74c3446924260e34e0b1950b5d7 ] Resending this to properly add it to the patch tracker - thanks for letting me know, Arnd :) When ARM is enabled, and BITREVERSE is disabled, Kbuild gives the following warning: WARNING: unmet direct dependencies detected for HAVE_ARCH_BITREVERSE Depends on [n]: BITREVERSE [=3Dn] Selected by [y]: - ARM [=3Dy] && (CPU_32v7M [=3Dn] || CPU_32v7 [=3Dy]) && !CPU_32v6 [=3Dn] This is because ARM selects HAVE_ARCH_BITREVERSE without selecting BITREVERSE, despite HAVE_ARCH_BITREVERSE depending on BITREVERSE. This unmet dependency bug was found by Kismet, a static analysis tool for Kconfig. Please advise if this is not the appropriate solution. Signed-off-by: Julian Braha Signed-off-by: Russell King (Oracle) Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- lib/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/Kconfig b/lib/Kconfig index a3928d4438b5..714ec2f50bb1 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -16,7 +16,6 @@ config BITREVERSE config HAVE_ARCH_BITREVERSE bool default n - depends on BITREVERSE help This option enables the use of hardware bit-reversal instructions on architectures which support such operations. --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EF53C4332F for ; Mon, 21 Mar 2022 13:58:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348532AbiCUN57 (ORCPT ); Mon, 21 Mar 2022 09:57:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348404AbiCUN4p (ORCPT ); Mon, 21 Mar 2022 09:56:45 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94CEE1728A0; Mon, 21 Mar 2022 06:55:02 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 48EED611F4; Mon, 21 Mar 2022 13:55:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C70DC340E8; Mon, 21 Mar 2022 13:55:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870901; bh=nJtRHfaLe5NTL07RaKpu2Xj7ndP+2DVwsE9w+qaCDaI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Tdr9XGqmt/xit/lJIkGy3b+lRHSF5ig/kgWXsJTnvVqDOuNJelrsLxWY6WjLvHHa2 0MG+uy+xAGW9uMgIbYG4Q4pJkKV6GdKWhdCn0aPoEZxc/cunzv2/UVcb5roow/qv1d 0Uku1Kc5dp6Xbxup6Cz8Yv7iEIVTcXwy6sQ2gjoY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Machek , Lad Prabhakar , Ulrich Hecht , Marc Kleine-Budde , Sasha Levin Subject: [PATCH 4.19 11/57] can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready Date: Mon, 21 Mar 2022 14:51:52 +0100 Message-Id: <20220321133222.313434020@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lad Prabhakar [ Upstream commit c5048a7b2c23ab589f3476a783bd586b663eda5b ] Register the CAN device only when all the necessary initialization is completed. This patch makes sure all the data structures and locks are initialized before registering the CAN device. Link: https://lore.kernel.org/all/20220221225935.12300-1-prabhakar.mahadev-= lad.rj@bp.renesas.com Reported-by: Pavel Machek Signed-off-by: Lad Prabhakar Reviewed-by: Pavel Machek Reviewed-by: Ulrich Hecht Signed-off-by: Marc Kleine-Budde Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/net/can/rcar/rcar_canfd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/can/rcar/rcar_canfd.c b/drivers/net/can/rcar/rcar_= canfd.c index 786d852a70d5..a1634834b640 100644 --- a/drivers/net/can/rcar/rcar_canfd.c +++ b/drivers/net/can/rcar/rcar_canfd.c @@ -1602,15 +1602,15 @@ static int rcar_canfd_channel_probe(struct rcar_can= fd_global *gpriv, u32 ch, =20 netif_napi_add(ndev, &priv->napi, rcar_canfd_rx_poll, RCANFD_NAPI_WEIGHT); + spin_lock_init(&priv->tx_lock); + devm_can_led_init(ndev); + gpriv->ch[priv->channel] =3D priv; err =3D register_candev(ndev); if (err) { dev_err(&pdev->dev, "register_candev() failed, error %d\n", err); goto fail_candev; } - spin_lock_init(&priv->tx_lock); - devm_can_led_init(ndev); - gpriv->ch[priv->channel] =3D priv; dev_info(&pdev->dev, "device registered (channel %u)\n", priv->channel); return 0; =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92631C433FE for ; Mon, 21 Mar 2022 13:58:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348598AbiCUN6F (ORCPT ); Mon, 21 Mar 2022 09:58:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348431AbiCUN5A (ORCPT ); Mon, 21 Mar 2022 09:57:00 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 328F115DAB2; Mon, 21 Mar 2022 06:55:07 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 98E99B816C7; Mon, 21 Mar 2022 13:55:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E78BC340E8; Mon, 21 Mar 2022 13:55:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870904; bh=TkkZj9aVcrLNI81bYLasKDlzB/c1Awu5HVrJX/PLp48=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=v+Z0uuKWxZvEuAmP2beHhgWT9T7N6jZrqoRQZH5XSyy9CmS04t3VwgWHCRJhxhVDE TeEE/L+ALD9ucbFbJeaZKIzGkd8GJCMIfTP+wzwoTp1M34lC6ym3TLVRz6sfvwdeCU 6xDndbqlLBdOwvuVSsGGvUJcyaThDEUKbtnspTIA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, TOTE Robot , Jia-Ju Bai , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 12/57] atm: firestream: check the return value of ioremap() in fs_init() Date: Mon, 21 Mar 2022 14:51:53 +0100 Message-Id: <20220321133222.342173946@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jia-Ju Bai [ Upstream commit d4e26aaea7f82ba884dcb4acfe689406bc092dc3 ] The function ioremap() in fs_init() can fail, so its return value should be checked. Reported-by: TOTE Robot Signed-off-by: Jia-Ju Bai Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/atm/firestream.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c index ef395b238816..f7880012b9a0 100644 --- a/drivers/atm/firestream.c +++ b/drivers/atm/firestream.c @@ -1692,6 +1692,8 @@ static int fs_init(struct fs_dev *dev) dev->hw_base =3D pci_resource_start(pci_dev, 0); =20 dev->base =3D ioremap(dev->hw_base, 0x1000); + if (!dev->base) + return 1; =20 reset_chip (dev); =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD60FC4332F for ; Mon, 21 Mar 2022 13:58:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348343AbiCUOAB (ORCPT ); Mon, 21 Mar 2022 10:00:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348435AbiCUN5A (ORCPT ); Mon, 21 Mar 2022 09:57:00 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 042EE16D8CD; Mon, 21 Mar 2022 06:55:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 95795B816CE; Mon, 21 Mar 2022 13:55:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E49FBC340E8; Mon, 21 Mar 2022 13:55:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870907; bh=588xbUtmPZNqqQ0O0bWiHhkKzSzqqyaIEJxroH93rbk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uswr1S+olRcPRYlYYPIi87IGgK5CDMxuo0crBK1efnbCM0Et7ss4t0er1modK3Aae A85A+MsaHpnQDoov+bkp3bDteoTP7SUcdlfcnM55l/ABDHfVDfe9IE94rxxa5+O6Ww 7HQ8eCJEgLuZ+IyjX1PTcxODEtYYJ2usDys+YbQw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sreeramya Soratkal , Johannes Berg , Sasha Levin Subject: [PATCH 4.19 13/57] nl80211: Update bss channel on channel switch for P2P_CLIENT Date: Mon, 21 Mar 2022 14:51:54 +0100 Message-Id: <20220321133222.370531005@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sreeramya Soratkal [ Upstream commit e50b88c4f076242358b66ddb67482b96947438f2 ] The wdev channel information is updated post channel switch only for the station mode and not for the other modes. Due to this, the P2P client still points to the old value though it moved to the new channel when the channel change is induced from the P2P GO. Update the bss channel after CSA channel switch completion for P2P client interface as well. Signed-off-by: Sreeramya Soratkal Link: https://lore.kernel.org/r/1646114600-31479-1-git-send-email-quic_ssra= mya@quicinc.com Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/wireless/nl80211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index c5806f46f6c9..2799ff117f5a 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -15518,7 +15518,8 @@ void cfg80211_ch_switch_notify(struct net_device *d= ev, wdev->chandef =3D *chandef; wdev->preset_chandef =3D *chandef; =20 - if (wdev->iftype =3D=3D NL80211_IFTYPE_STATION && + if ((wdev->iftype =3D=3D NL80211_IFTYPE_STATION || + wdev->iftype =3D=3D NL80211_IFTYPE_P2P_CLIENT) && !WARN_ON(!wdev->current_bss)) wdev->current_bss->pub.channel =3D chandef->chan; =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9442CC433FE for ; Mon, 21 Mar 2022 13:58:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348437AbiCUOAG (ORCPT ); Mon, 21 Mar 2022 10:00:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348458AbiCUN5E (ORCPT ); Mon, 21 Mar 2022 09:57:04 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03ED5174B84; Mon, 21 Mar 2022 06:55:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7C414B816CA; Mon, 21 Mar 2022 13:55:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B9732C340E8; Mon, 21 Mar 2022 13:55:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870910; bh=xAX3loMR5mPRaq31kqGAqN9kE+3WU6JXu+F/CbN4ztE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tgTOEtqHuMrJhvM+kGt4uhVYwvPefH+t4k3P1saWhxS4AIGjNd53DD7VTkmYh/VNt m/fQPTg12PWnRMNAtI3EhQV+7/NsWyeQzMApZuLxs0d0KSBl9J5Xf2vexsJ+IIeYyz MZi0uNUPOLVhyinVAmFrg/0mO9TTqeqmNjVnEIgg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , John Fastabend , Jakub Sitnicki , Daniel Borkmann , Jakub Kicinski , Sasha Levin Subject: [PATCH 4.19 14/57] tcp: make tcp_read_sock() more robust Date: Mon, 21 Mar 2022 14:51:55 +0100 Message-Id: <20220321133222.399251012@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Eric Dumazet [ Upstream commit e3d5ea2c011ecb16fb94c56a659364e6b30fac94 ] If recv_actor() returns an incorrect value, tcp_read_sock() might loop forever. Instead, issue a one time warning and make sure to make progress. Signed-off-by: Eric Dumazet Acked-by: John Fastabend Acked-by: Jakub Sitnicki Acked-by: Daniel Borkmann Link: https://lore.kernel.org/r/20220302161723.3910001-2-eric.dumazet@gmail= .com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/ipv4/tcp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 4dce1b418acc..f7795488b0ad 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1669,11 +1669,13 @@ int tcp_read_sock(struct sock *sk, read_descriptor_= t *desc, if (!copied) copied =3D used; break; - } else if (used <=3D len) { - seq +=3D used; - copied +=3D used; - offset +=3D used; } + if (WARN_ON_ONCE(used > len)) + used =3D len; + seq +=3D used; + copied +=3D used; + offset +=3D used; + /* If recv_actor drops the lock (e.g. TCP splice * receive) the skb pointer might be invalid when * getting here: tcp_collapse might have deleted it --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7999EC433F5 for ; Mon, 21 Mar 2022 13:58:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343811AbiCUOAM (ORCPT ); Mon, 21 Mar 2022 10:00:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348465AbiCUN5L (ORCPT ); Mon, 21 Mar 2022 09:57:11 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05B31174BA1; Mon, 21 Mar 2022 06:55:15 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4958CB816CC; Mon, 21 Mar 2022 13:55:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB58AC340E8; Mon, 21 Mar 2022 13:55:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870913; bh=XKxEb4u9yF8670TRoc9orT5QTT3LlhhvaaE0wk54nhg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=01oShItsAVfAr/4OI3wYlluZljKpPF1DSBrWUe0v1GRiRzLCOXBc4LqCqT/zRV/cs S19cxU+dQqcNOmLHFhty918QKDEfF0h7oK27m+tnueYEui3SwkSCO6rh8lV5iFR9y9 3Y/lfK2HTSsTIB0bGhHqnSB9tpi8S0/2RZGihLz8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Niels Dossche , Martin Habets , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 15/57] sfc: extend the locking on mcdi->seqno Date: Mon, 21 Mar 2022 14:51:56 +0100 Message-Id: <20220321133222.428160717@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Niels Dossche [ Upstream commit f1fb205efb0ccca55626fd4ef38570dd16b44719 ] seqno could be read as a stale value outside of the lock. The lock is already acquired to protect the modification of seqno against a possible race condition. Place the reading of this value also inside this locking to protect it against a possible race condition. Signed-off-by: Niels Dossche Acked-by: Martin Habets Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/net/ethernet/sfc/mcdi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcd= i.c index dfad93fca0a6..0fa64b8b79bf 100644 --- a/drivers/net/ethernet/sfc/mcdi.c +++ b/drivers/net/ethernet/sfc/mcdi.c @@ -166,9 +166,9 @@ static void efx_mcdi_send_request(struct efx_nic *efx, = unsigned cmd, /* Serialise with efx_mcdi_ev_cpl() and efx_mcdi_ev_death() */ spin_lock_bh(&mcdi->iface_lock); ++mcdi->seqno; + seqno =3D mcdi->seqno & SEQ_MASK; spin_unlock_bh(&mcdi->iface_lock); =20 - seqno =3D mcdi->seqno & SEQ_MASK; xflags =3D 0; if (mcdi->mode =3D=3D MCDI_MODE_EVENTS) xflags |=3D MCDI_HEADER_XFLAGS_EVREQ; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16C5AC433EF for ; Mon, 21 Mar 2022 14:05:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348922AbiCUOG2 (ORCPT ); Mon, 21 Mar 2022 10:06:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44038 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348481AbiCUN5M (ORCPT ); Mon, 21 Mar 2022 09:57:12 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DB52174BBF; Mon, 21 Mar 2022 06:55:18 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1954CB81644; Mon, 21 Mar 2022 13:55:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 69454C340E8; Mon, 21 Mar 2022 13:55:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870915; bh=wtBMbSUCfuXVWS0RoBupiBILo/cK+7+qvUHKeR1eerY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lWRqrciVW5cfcVt2t5DPrDmcMjEFGWW9+SWGYRxLGmbq494nSm9Njby3JxBbEzfqx zFHEhxipgr6KrN+3SNdh2SxYZnXmqlD1T3Wl+mqH3Jbk6Vvtug7Rda0A4UO0ad8g6z v6cvixByz/yvkkfrl5qbbaqNjI770qaWb+9KYF8c= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chengming Zhou , Shuah Khan , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.19 16/57] kselftest/vm: fix tests build with old libc Date: Mon, 21 Mar 2022 14:51:57 +0100 Message-Id: <20220321133222.457059192@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Chengming Zhou [ Upstream commit b773827e361952b3f53ac6fa4c4e39ccd632102e ] The error message when I build vm tests on debian10 (GLIBC 2.28): userfaultfd.c: In function `userfaultfd_pagemap_test': userfaultfd.c:1393:37: error: `MADV_PAGEOUT' undeclared (first use in this function); did you mean `MADV_RANDOM'? if (madvise(area_dst, test_pgsize, MADV_PAGEOUT)) ^~~~~~~~~~~~ MADV_RANDOM This patch includes these newer definitions from UAPI linux/mman.h, is useful to fix tests build on systems without these definitions in glibc sys/mman.h. Link: https://lkml.kernel.org/r/20220227055330.43087-2-zhouchengming@byteda= nce.com Signed-off-by: Chengming Zhou Reviewed-by: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- tools/testing/selftests/vm/userfaultfd.c | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/vm/userfaultfd.c +++ b/tools/testing/selftests/vm/userfaultfd.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E93F7C433EF for ; Mon, 21 Mar 2022 14:03:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348684AbiCUOEc (ORCPT ); Mon, 21 Mar 2022 10:04:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348369AbiCUN5Y (ORCPT ); Mon, 21 Mar 2022 09:57:24 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D4F517584A; Mon, 21 Mar 2022 06:55:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EABE0611CF; Mon, 21 Mar 2022 13:55:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 073DBC340E8; Mon, 21 Mar 2022 13:55:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870918; bh=gw27gFzAhBnBV+UypLRu5IfxJHjufI1qJ25YslvMYZI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I0gf5ma6wR+yCLGSkBMX58sjZ+zU1638P/mOrji33ySnq2REDBk9Z7HkQ6MMJk0e6 93U4sbyM/CYU3hjsAjB+LcamlVGe/F5sQ6/6Pr7M2mH4DSFG2HPZ+P0LN2tpCEQQsp Vq3Q7rkEl7PSuj9G4drElNbgYDlOu8M5eo/ymg9E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Valentin Schneider , "Peter Zijlstra (Intel)" , dann frazier Subject: [PATCH 4.19 17/57] sched/topology: Make sched_init_numa() use a set for the deduplicating sort Date: Mon, 21 Mar 2022 14:51:58 +0100 Message-Id: <20220321133222.485936257@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Valentin Schneider commit 620a6dc40754dc218f5b6389b5d335e9a107fd29 upstream. The deduplicating sort in sched_init_numa() assumes that the first line in the distance table contains all unique values in the entire table. I've been trying to pen what this exactly means for the topology, but it's not straightforward. For instance, topology.c uses this example: node 0 1 2 3 0: 10 20 20 30 1: 20 10 20 20 2: 20 20 10 20 3: 30 20 20 10 0 ----- 1 | / | | / | | / | 2 ----- 3 Which works out just fine. However, if we swap nodes 0 and 1: 1 ----- 0 | / | | / | | / | 2 ----- 3 we get this distance table: node 0 1 2 3 0: 10 20 20 20 1: 20 10 20 30 2: 20 20 10 20 3: 20 30 20 10 Which breaks the deduplicating sort (non-representative first line). In this case this would just be a renumbering exercise, but it so happens that we can have a deduplicating sort that goes through the whole table in O(n= =C2=B2) at the extra cost of a temporary memory allocation (i.e. any form of set). The ACPI spec (SLIT) mentions distances are encoded on 8 bits. Following this, implement the set as a 256-bits bitmap. Should this not be satisfactory (i.e. we want to support 32-bit values), then we'll have to go for some other sparse set implementation. This has the added benefit of letting us allocate just the right amount of memory for sched_domains_numa_distance[], rather than an arbitrary (nr_node_ids + 1). Note: DT binding equivalent (distance-map) decodes distances as 32-bit values. Signed-off-by: Valentin Schneider Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20210122123943.1217-2-valentin.schneider@ar= m.com Signed-off-by: dann frazier Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- include/linux/topology.h | 1=20 kernel/sched/topology.c | 99 ++++++++++++++++++++++--------------------= ----- 2 files changed, 49 insertions(+), 51 deletions(-) --- a/include/linux/topology.h +++ b/include/linux/topology.h @@ -47,6 +47,7 @@ int arch_update_cpu_topology(void); /* Conform to ACPI 2.0 SLIT distance definitions */ #define LOCAL_DISTANCE 10 #define REMOTE_DISTANCE 20 +#define DISTANCE_BITS 8 #ifndef node_distance #define node_distance(from,to) ((from) =3D=3D (to) ? LOCAL_DISTANCE : REMO= TE_DISTANCE) #endif --- a/kernel/sched/topology.c +++ b/kernel/sched/topology.c @@ -1322,66 +1322,58 @@ static void init_numa_topology_type(void } } =20 + +#define NR_DISTANCE_VALUES (1 << DISTANCE_BITS) + void sched_init_numa(void) { - int next_distance, curr_distance =3D node_distance(0, 0); struct sched_domain_topology_level *tl; - int level =3D 0; - int i, j, k; - - sched_domains_numa_distance =3D kzalloc(sizeof(int) * (nr_node_ids + 1), = GFP_KERNEL); - if (!sched_domains_numa_distance) - return; - - /* Includes NUMA identity node at level 0. */ - sched_domains_numa_distance[level++] =3D curr_distance; - sched_domains_numa_levels =3D level; + unsigned long *distance_map; + int nr_levels =3D 0; + int i, j; =20 /* * O(nr_nodes^2) deduplicating selection sort -- in order to find the * unique distances in the node_distance() table. - * - * Assumes node_distance(0,j) includes all distances in - * node_distance(i,j) in order to avoid cubic time. */ - next_distance =3D curr_distance; + distance_map =3D bitmap_alloc(NR_DISTANCE_VALUES, GFP_KERNEL); + if (!distance_map) + return; + + bitmap_zero(distance_map, NR_DISTANCE_VALUES); for (i =3D 0; i < nr_node_ids; i++) { for (j =3D 0; j < nr_node_ids; j++) { - for (k =3D 0; k < nr_node_ids; k++) { - int distance =3D node_distance(i, k); + int distance =3D node_distance(i, j); =20 - if (distance > curr_distance && - (distance < next_distance || - next_distance =3D=3D curr_distance)) - next_distance =3D distance; - - /* - * While not a strong assumption it would be nice to know - * about cases where if node A is connected to B, B is not - * equally connected to A. - */ - if (sched_debug() && node_distance(k, i) !=3D distance) - sched_numa_warn("Node-distance not symmetric"); - - if (sched_debug() && i && !find_numa_distance(distance)) - sched_numa_warn("Node-0 not representative"); + if (distance < LOCAL_DISTANCE || distance >=3D NR_DISTANCE_VALUES) { + sched_numa_warn("Invalid distance value range"); + return; } - if (next_distance !=3D curr_distance) { - sched_domains_numa_distance[level++] =3D next_distance; - sched_domains_numa_levels =3D level; - curr_distance =3D next_distance; - } else break; + + bitmap_set(distance_map, distance, 1); } + } + /* + * We can now figure out how many unique distance values there are and + * allocate memory accordingly. + */ + nr_levels =3D bitmap_weight(distance_map, NR_DISTANCE_VALUES); =20 - /* - * In case of sched_debug() we verify the above assumption. - */ - if (!sched_debug()) - break; + sched_domains_numa_distance =3D kcalloc(nr_levels, sizeof(int), GFP_KERNE= L); + if (!sched_domains_numa_distance) { + bitmap_free(distance_map); + return; } =20 + for (i =3D 0, j =3D 0; i < nr_levels; i++, j++) { + j =3D find_next_bit(distance_map, NR_DISTANCE_VALUES, j); + sched_domains_numa_distance[i] =3D j; + } + + bitmap_free(distance_map); + /* - * 'level' contains the number of unique distances + * 'nr_levels' contains the number of unique distances * * The sched_domains_numa_distance[] array includes the actual distance * numbers. @@ -1390,15 +1382,15 @@ void sched_init_numa(void) /* * Here, we should temporarily reset sched_domains_numa_levels to 0. * If it fails to allocate memory for array sched_domains_numa_masks[][], - * the array will contain less then 'level' members. This could be + * the array will contain less then 'nr_levels' members. This could be * dangerous when we use it to iterate array sched_domains_numa_masks[][] * in other functions. * - * We reset it to 'level' at the end of this function. + * We reset it to 'nr_levels' at the end of this function. */ sched_domains_numa_levels =3D 0; =20 - sched_domains_numa_masks =3D kzalloc(sizeof(void *) * level, GFP_KERNEL); + sched_domains_numa_masks =3D kzalloc(sizeof(void *) * nr_levels, GFP_KERN= EL); if (!sched_domains_numa_masks) return; =20 @@ -1406,7 +1398,7 @@ void sched_init_numa(void) * Now for each level, construct a mask per node which contains all * CPUs of nodes that are that many hops away from us. */ - for (i =3D 0; i < level; i++) { + for (i =3D 0; i < nr_levels; i++) { sched_domains_numa_masks[i] =3D kzalloc(nr_node_ids * sizeof(void *), GFP_KERNEL); if (!sched_domains_numa_masks[i]) @@ -1414,12 +1406,17 @@ void sched_init_numa(void) =20 for (j =3D 0; j < nr_node_ids; j++) { struct cpumask *mask =3D kzalloc(cpumask_size(), GFP_KERNEL); + int k; + if (!mask) return; =20 sched_domains_numa_masks[i][j] =3D mask; =20 for_each_node(k) { + if (sched_debug() && (node_distance(j, k) !=3D node_distance(k, j))) + sched_numa_warn("Node-distance not symmetric"); + if (node_distance(j, k) > sched_domains_numa_distance[i]) continue; =20 @@ -1431,7 +1428,7 @@ void sched_init_numa(void) /* Compute default topology size */ for (i =3D 0; sched_domain_topology[i].mask; i++); =20 - tl =3D kzalloc((i + level + 1) * + tl =3D kzalloc((i + nr_levels) * sizeof(struct sched_domain_topology_level), GFP_KERNEL); if (!tl) return; @@ -1454,7 +1451,7 @@ void sched_init_numa(void) /* * .. and append 'j' levels of NUMA goodness. */ - for (j =3D 1; j < level; i++, j++) { + for (j =3D 1; j < nr_levels; i++, j++) { tl[i] =3D (struct sched_domain_topology_level){ .mask =3D sd_numa_mask, .sd_flags =3D cpu_numa_flags, @@ -1466,8 +1463,8 @@ void sched_init_numa(void) =20 sched_domain_topology =3D tl; =20 - sched_domains_numa_levels =3D level; - sched_max_numa_distance =3D sched_domains_numa_distance[level - 1]; + sched_domains_numa_levels =3D nr_levels; + sched_max_numa_distance =3D sched_domains_numa_distance[nr_levels - 1]; =20 init_numa_topology_type(); } From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6132AC433FE for ; Mon, 21 Mar 2022 14:03:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348912AbiCUOEY (ORCPT ); Mon, 21 Mar 2022 10:04:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43452 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348427AbiCUN5c (ORCPT ); Mon, 21 Mar 2022 09:57:32 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19EA0176D3A; Mon, 21 Mar 2022 06:55:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id BC92CB816C7; Mon, 21 Mar 2022 13:55:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0E2CC340E8; Mon, 21 Mar 2022 13:55:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870921; bh=4Hl79FCH9ex4jb0RPlHaXMWBQreyKU+jduSJMcs8qDE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RbBu5k/ozqf9Ea1qG4Vn5EqEsJmk0b+JkHBQvvop/X5kb/gdgaEeLeh3UVkXUhI9/ GOYlo6dljaH9fMBhBwTIJgaWMbcaVTCdnJAAG6zumIlUlg8O03Qy7d4Hy68P7NdUve pw104+knRx6SwLi6Qod3lwooZ4PwIVkrF2mRsFFw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dietmar Eggemann , "Peter Zijlstra (Intel)" , Ingo Molnar , Vincent Guittot , Barry Song , dann frazier Subject: [PATCH 4.19 18/57] sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() Date: Mon, 21 Mar 2022 14:51:59 +0100 Message-Id: <20220321133222.515538128@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Dietmar Eggemann commit 71e5f6644fb2f3304fcb310145ded234a37e7cc1 upstream. Commit "sched/topology: Make sched_init_numa() use a set for the deduplicating sort" allocates 'i + nr_levels (level)' instead of 'i + nr_levels + 1' sched_domain_topology_level. This led to an Oops (on Arm64 juno with CONFIG_SCHED_DEBUG): sched_init_domains build_sched_domains() __free_domain_allocs() __sdt_free() { ... for_each_sd_topology(tl) ... sd =3D *per_cpu_ptr(sdd->sd, j); <-- ... } Signed-off-by: Dietmar Eggemann Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Tested-by: Vincent Guittot Tested-by: Barry Song Link: https://lkml.kernel.org/r/6000e39e-7d28-c360-9cd6-8798fd22a9bf@arm.com Signed-off-by: dann frazier Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- kernel/sched/topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/sched/topology.c +++ b/kernel/sched/topology.c @@ -1428,7 +1428,7 @@ void sched_init_numa(void) /* Compute default topology size */ for (i =3D 0; sched_domain_topology[i].mask; i++); =20 - tl =3D kzalloc((i + nr_levels) * + tl =3D kzalloc((i + nr_levels + 1) * sizeof(struct sched_domain_topology_level), GFP_KERNEL); if (!tl) return; From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78530C433EF for ; Mon, 21 Mar 2022 13:59:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348299AbiCUOAZ (ORCPT ); Mon, 21 Mar 2022 10:00:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348391AbiCUN5m (ORCPT ); Mon, 21 Mar 2022 09:57:42 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 734F1177094; Mon, 21 Mar 2022 06:55:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E55EF612A1; Mon, 21 Mar 2022 13:55:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B84A6C340E8; Mon, 21 Mar 2022 13:55:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870924; bh=ie2mKoXRPtnkgOIBTSNvK44GyHrmwv3sc63OLsGAZew=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rdrxHT7CTG4uBQAeeMnm0hmZkE3zAwNDX5kxco5hZnN4SiA7UIRxEyQpl1ow+hNz+ WYmwf9Oq5mqN3hlVOFRK2C9emfgRWJeQwsPQba6SodyhFSb9dZSAEEw30a0GYV+8f2 4sMXXNni2f0niRRVkc/01Vd50iXSX+MqN77OyP+w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Valentin Schneider , John Paul Adrian Glaubitz , Sergei Trofimovich , "Peter Zijlstra (Intel)" , Ingo Molnar , Vincent Guittot , Dietmar Eggemann , Anatoly Pugachev , Andrew Morton , Linus Torvalds , dann frazier Subject: [PATCH 4.19 19/57] ia64: ensure proper NUMA distance and possible map initialization Date: Mon, 21 Mar 2022 14:52:00 +0100 Message-Id: <20220321133222.544166895@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Valentin Schneider commit b22a8f7b4bde4e4ab73b64908ffd5d90ecdcdbfd upstream. John Paul reported a warning about bogus NUMA distance values spurred by commit: 620a6dc40754 ("sched/topology: Make sched_init_numa() use a set for the d= eduplicating sort") In this case, the afflicted machine comes up with a reported 256 possible nodes, all of which are 0 distance away from one another. This was previously silently ignored, but is now caught by the aforementioned commit. The culprit is ia64's node_possible_map which remains unchanged from its initialization value of NODE_MASK_ALL. In John's case, the machine doesn't have any SRAT nor SLIT table, but AIUI the possible map remains untouched regardless of what ACPI tables end up being parsed. Thus, !online && possible nodes remain with a bogus distance of 0 (distances \in [0, 9] are "reserved and have no meaning" as per the ACPI spec). Follow x86 / drivers/base/arch_numa's example and set the possible map to the parsed map, which in this case seems to be the online map. Link: http://lore.kernel.org/r/255d6b5d-194e-eb0e-ecdd-97477a534441@physik.= fu-berlin.de Link: https://lkml.kernel.org/r/20210318130617.896309-1-valentin.schneider@= arm.com Fixes: 620a6dc40754 ("sched/topology: Make sched_init_numa() use a set for = the deduplicating sort") Signed-off-by: Valentin Schneider Reported-by: John Paul Adrian Glaubitz Tested-by: John Paul Adrian Glaubitz Tested-by: Sergei Trofimovich Cc: "Peter Zijlstra (Intel)" Cc: Ingo Molnar Cc: Vincent Guittot Cc: Dietmar Eggemann Cc: Anatoly Pugachev Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds [ dannf: Use node_distance instead of slit_distance since this is before the rename that occurred in commit ef78e5ec9214 ("ia64: export node_distance function"), plus a minor context adjustment ] Signed-off-by: dann frazier Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/ia64/kernel/acpi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/arch/ia64/kernel/acpi.c +++ b/arch/ia64/kernel/acpi.c @@ -537,7 +537,8 @@ void __init acpi_numa_fixup(void) if (srat_num_cpus =3D=3D 0) { node_set_online(0); node_cpuid[0].phys_id =3D hard_smp_processor_id(); - return; + node_distance(0, 0) =3D LOCAL_DISTANCE; + goto out; } =20 /* @@ -580,7 +581,7 @@ void __init acpi_numa_fixup(void) for (j =3D 0; j < MAX_NUMNODES; j++) node_distance(i, j) =3D i =3D=3D j ? LOCAL_DISTANCE : REMOTE_DISTANCE; - return; + goto out; } =20 memset(numa_slit, -1, sizeof(numa_slit)); @@ -605,6 +606,8 @@ void __init acpi_numa_fixup(void) printk("\n"); } #endif +out: + node_possible_map =3D node_online_map; } #endif /* CONFIG_ACPI_NUMA */ From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35685C43219 for ; Mon, 21 Mar 2022 13:59:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348540AbiCUOAf (ORCPT ); Mon, 21 Mar 2022 10:00:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348495AbiCUN54 (ORCPT ); Mon, 21 Mar 2022 09:57:56 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB76D192AA; Mon, 21 Mar 2022 06:55:33 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3BA9F612BC; Mon, 21 Mar 2022 13:55:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C1E8C340E8; Mon, 21 Mar 2022 13:55:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870929; bh=4Pp+1U9O3buGlY5y0hV1jvev/KrdW88xCml6dpUJnLs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GcOl2N6e6a0MMQwRVuFmbRXFS70UWdjN/IDhPzsCAGV2Cu/UX7yO9A7JcHQKzrr0q HnByi3JMuR1HleL5YGu6FUgzPYRYJ21znbwurrbCeSE++xBjX7+eYrTZFKJZFQimPI 79+bBCkYOws61WtpVUdBy5V0cwQXprO55pVNa6+8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Michal=20Koutn=C3=BD?= , Zhang Qiao Subject: [PATCH 4.19 20/57] cpuset: Fix unsafe lock order between cpuset lock and cpuslock Date: Mon, 21 Mar 2022 14:52:01 +0100 Message-Id: <20220321133222.573355878@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhang Qiao The backport commit 4eec5fe1c680a ("cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug") looks suspicious since it comes before commit d74b27d63a8b ("cgroup/cpuset: Change cpuset_rwsem and hotplug lock order") v5.4-rc1~176^2~30 when the locking order was: cpuset lock, cpus lock. Fix it with the correct locking order and reduce the cpus locking range because only set_cpus_allowed_ptr() needs the protection of cpus lock. Fixes: 4eec5fe1c680a ("cgroup/cpuset: Fix a race between cpuset_attach() an= d cpu hotplug") Reported-by: Michal Koutn=C3=BD Signed-off-by: Zhang Qiao Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- kernel/cgroup/cpuset.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -1528,9 +1528,13 @@ static void cpuset_attach(struct cgroup_ cgroup_taskset_first(tset, &css); cs =3D css_cs(css); =20 - cpus_read_lock(); mutex_lock(&cpuset_mutex); =20 + /* + * It should hold cpus lock because a cpu offline event can + * cause set_cpus_allowed_ptr() failed. + */ + get_online_cpus(); /* prepare for attach */ if (cs =3D=3D &top_cpuset) cpumask_copy(cpus_attach, cpu_possible_mask); @@ -1549,6 +1553,7 @@ static void cpuset_attach(struct cgroup_ cpuset_change_task_nodemask(task, &cpuset_attach_nodemask_to); cpuset_update_task_spread_flag(cs, task); } + put_online_cpus(); =20 /* * Change mm for all threadgroup leaders. This is expensive and may @@ -1584,7 +1589,6 @@ static void cpuset_attach(struct cgroup_ wake_up(&cpuset_attach_wq); =20 mutex_unlock(&cpuset_mutex); - cpus_read_unlock(); } =20 /* The various types of files and directories in a cpuset file system */ From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC340C433EF for ; Mon, 21 Mar 2022 14:02:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348829AbiCUOD7 (ORCPT ); Mon, 21 Mar 2022 10:03:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348509AbiCUN55 (ORCPT ); Mon, 21 Mar 2022 09:57:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDCBF30F66; Mon, 21 Mar 2022 06:55:36 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DD9586126A; Mon, 21 Mar 2022 13:55:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F0168C340E8; Mon, 21 Mar 2022 13:55:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870932; bh=MyxEPHJ/yrzATKXwkG2a916fXqChGg9FQQ7ePpmg8v4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nkaBK5pnszL4BOJWNdzKeuL3BfXKqtQL6ru85ZgltDCtNmy6K/pCLFXxtNkLGsm5T TPfdoUwNEFVZebtOQ2Z7zxbj0XSlUreWrlpBXzdfRefMSTDDdH1FrNIM9Lhjx6Oa/f 921Tnm6u8kK+iAMHx39Zq9iFWuBkQyNy9qs7Lxfk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, liqiong Subject: [PATCH 4.19 21/57] mm: fix dereference a null pointer in migrate[_huge]_page_move_mapping() Date: Mon, 21 Mar 2022 14:52:02 +0100 Message-Id: <20220321133222.602567121@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: liqiong Upstream doesn't use radix tree any more in migrate.c, no need this patch. The two functions look up a slot and dereference the pointer, If the pointer is null, the kernel would crash and dump. The 'numad' service calls 'migrate_pages' periodically. If some slots being replaced (Cache Eviction), the radix_tree_lookup_slot() returns a null pointer that causes kernel crash. "numad": crash> bt [exception RIP: migrate_page_move_mapping+337] Introduce pointer checking to avoid dereference a null pointer. Cc: # linux-4.19.y Signed-off-by: liqiong Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- mm/migrate.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/migrate.c +++ b/mm/migrate.c @@ -472,6 +472,10 @@ int migrate_page_move_mapping(struct add =20 pslot =3D radix_tree_lookup_slot(&mapping->i_pages, page_index(page)); + if (pslot =3D=3D NULL) { + xa_unlock_irq(&mapping->i_pages); + return -EAGAIN; + } =20 expected_count +=3D hpage_nr_pages(page) + page_has_private(page); if (page_count(page) !=3D expected_count || @@ -590,6 +594,10 @@ int migrate_huge_page_move_mapping(struc xa_lock_irq(&mapping->i_pages); =20 pslot =3D radix_tree_lookup_slot(&mapping->i_pages, page_index(page)); + if (pslot =3D=3D NULL) { + xa_unlock_irq(&mapping->i_pages); + return -EAGAIN; + } =20 expected_count =3D 2 + page_has_private(page); if (page_count(page) !=3D expected_count || From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC51AC43219 for ; Mon, 21 Mar 2022 13:59:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348563AbiCUOAw (ORCPT ); Mon, 21 Mar 2022 10:00:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348584AbiCUN6E (ORCPT ); Mon, 21 Mar 2022 09:58:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 212C215DABC; Mon, 21 Mar 2022 06:55:49 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A51DF612E7; Mon, 21 Mar 2022 13:55:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0619C340E8; Mon, 21 Mar 2022 13:55:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870935; bh=YxizQVir2MiOV58U+ZMYBGDDtJL9oDimqsdgBqpeyys=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZBCkKnDtRtQALYVwLc4FRorWqpOjRLK73DeSokKHkNRcS5ZxJLDmXtTdRFGPz92er WaaeaaLdN7YByk7M1ZBLmBYmJmfM6xm5EHurVqXFrMYCbgwSoh2vgvcGqzxoQZwF0Q b42E9HqslZx5SFmG1WgjegJ8ruCTsBa+oaheDjXY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lucas Wei Subject: [PATCH 4.19 22/57] fs: sysfs_emit: Remove PAGE_SIZE alignment check Date: Mon, 21 Mar 2022 14:52:03 +0100 Message-Id: <20220321133222.632387689@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lucas Wei For kernel releases older than 4.20, using the SLUB alloctor will cause this alignment check to fail as that allocator did NOT align kmalloc allocations on a PAGE_SIZE boundry. Remove the check for these older kernels as it is a false-positive and causes problems on many devices. Signed-off-by: Lucas Wei Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- fs/sysfs/file.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -572,8 +572,7 @@ int sysfs_emit(char *buf, const char *fm va_list args; int len; =20 - if (WARN(!buf || offset_in_page(buf), - "invalid sysfs_emit: buf:%p\n", buf)) + if (WARN(!buf, "invalid sysfs_emit: buf:%p\n", buf)) return 0; =20 va_start(args, fmt); From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07926C4332F for ; Mon, 21 Mar 2022 13:59:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348549AbiCUOAl (ORCPT ); Mon, 21 Mar 2022 10:00:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46016 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348566AbiCUN6C (ORCPT ); Mon, 21 Mar 2022 09:58:02 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1FC41704ED; Mon, 21 Mar 2022 06:55:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 18324B816CE; Mon, 21 Mar 2022 13:55:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7ADD2C340E8; Mon, 21 Mar 2022 13:55:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870937; bh=av1wBTGi2Bqzs0fqYUm4yaRE7NXDuiItpGaxgqopqBs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JoE+Hc/C907RRn/qsZHX61+JAI9qhbe++bx3a/VlSvxnmcQvyJLwsdv+RNFTZVTWP W74QwJCDkqfs8M2txY7TvGIHSgAMVsAUh8XUcfDVqFrEwlQYhFwy9W3R0vLWx2RqK+ CxIvgfDhFWQuWJ3Cv+7o2/RUd4zfjYYD5i1Q8xFU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Rob Herring , Catalin Marinas , Will Deacon , James Morse Subject: [PATCH 4.19 23/57] arm64: Add part number for Arm Cortex-A77 Date: Mon, 21 Mar 2022 14:52:04 +0100 Message-Id: <20220321133222.663078651@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Rob Herring commit 8a6b88e66233f5f1779b0a1342aa9dc030dddcd5 upstream. Add the MIDR part number info for the Arm Cortex-A77. Signed-off-by: Rob Herring Acked-by: Catalin Marinas Cc: Catalin Marinas Cc: Will Deacon Link: https://lore.kernel.org/r/20201028182839.166037-1-robh@kernel.org Signed-off-by: Will Deacon Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/cputype.h | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -81,6 +81,7 @@ #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D =20 #define APM_CPU_PART_POTENZA 0x000 =20 @@ -109,6 +110,7 @@ #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A55) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A77) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_T= HUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_83XX) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37389C433EF for ; Mon, 21 Mar 2022 13:59:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348564AbiCUOA5 (ORCPT ); Mon, 21 Mar 2022 10:00:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348597AbiCUN6F (ORCPT ); Mon, 21 Mar 2022 09:58:05 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF9001728A0; Mon, 21 Mar 2022 06:55:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 0B38CB816CC; Mon, 21 Mar 2022 13:55:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6E1D5C340E8; Mon, 21 Mar 2022 13:55:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870940; bh=PzmYSgWZkELd99M65RtOTO6/E7gWCRnyDqQwdqjWnb8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hmsKa6G8twaFppVuhyOMb60INqY3H1RHIFEHRBLsaIp9adBtE198VMl3STtWr4t5k RYWyrpE7pNVh3GiogW1MHurmmKN6QKmH/DUyxanBJW7vdEtRAGmlsm3vgGt5+Ac1yU kjYK9OtC2StqsR4PAfQapinE6PLAu0sgei41hpQg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , Mark Rutland , Will Deacon , Anshuman Khandual , Suzuki K Poulose , James Morse Subject: [PATCH 4.19 24/57] arm64: Add Neoverse-N2, Cortex-A710 CPU part definition Date: Mon, 21 Mar 2022 14:52:05 +0100 Message-Id: <20220321133222.691732418@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Suzuki K Poulose commit 2d0d656700d67239a57afaf617439143d8dac9be upstream. Add the CPU Partnumbers for the new Arm designs. Cc: Catalin Marinas Cc: Mark Rutland Cc: Will Deacon Acked-by: Catalin Marinas Reviewed-by: Anshuman Khandual Signed-off-by: Suzuki K Poulose Link: https://lore.kernel.org/r/20211019163153.3692640-2-suzuki.poulose@arm= .com Signed-off-by: Will Deacon Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/cputype.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -82,6 +82,8 @@ #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C #define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 =20 #define APM_CPU_PART_POTENZA 0x000 =20 @@ -111,6 +113,8 @@ #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N1) #define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A77) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORT= EX_A710) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N2) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_T= HUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_83XX) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF80C433EF for ; Mon, 21 Mar 2022 14:05:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233506AbiCUOHM (ORCPT ); Mon, 21 Mar 2022 10:07:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348608AbiCUN6G (ORCPT ); Mon, 21 Mar 2022 09:58:06 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA9062FE67; Mon, 21 Mar 2022 06:55:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 348FE612B4; Mon, 21 Mar 2022 13:55:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42CB7C340E8; Mon, 21 Mar 2022 13:55:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870943; bh=jQnvciqMssQJWWHd/eRipa+vSVz7DKfjPsR+k7XIDc4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G9mw/Wga9V7HOM812goqxW1e9jWEiajlQfHN4N/S4kEA2xaLYoHAbwq7dSFdU1iuk n1uTX1NdA/30WiIgNfG3cOFKRBpR2TRzjw1wPqxCOOgfUwoYPbbHyKX8Vr8AjTUmnK PY88n1kXq3wdg3MqBtfO9otvLZWmPOG/koZ8KJkU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Will Deacon , Suzuki Poulose , linux-arm-kernel@lists.infradead.org, Anshuman Khandual , Catalin Marinas , James Morse Subject: [PATCH 4.19 25/57] arm64: Add Cortex-X2 CPU part definition Date: Mon, 21 Mar 2022 14:52:06 +0100 Message-Id: <20220321133222.720600064@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Anshuman Khandual commit 72bb9dcb6c33cfac80282713c2b4f2b254cd24d1 upstream. Add the CPU Partnumbers for the new Arm designs. Cc: Will Deacon Cc: Suzuki Poulose Cc: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Anshuman Khandual Reviewed-by: Suzuki K Poulose Link: https://lore.kernel.org/r/1642994138-25887-2-git-send-email-anshuman.= khandual@arm.com Signed-off-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/cputype.h | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -83,6 +83,7 @@ #define ARM_CPU_PART_NEOVERSE_N1 0xD0C #define ARM_CPU_PART_CORTEX_A77 0xD0D #define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 #define ARM_CPU_PART_NEOVERSE_N2 0xD49 =20 #define APM_CPU_PART_POTENZA 0x000 @@ -114,6 +115,7 @@ #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N1) #define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A77) #define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORT= EX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX= _X2) #define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N2) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_T= HUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_81XX) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4BE0C433EF for ; Mon, 21 Mar 2022 14:01:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348729AbiCUOCX (ORCPT ); Mon, 21 Mar 2022 10:02:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348664AbiCUN6J (ORCPT ); Mon, 21 Mar 2022 09:58:09 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D97461788FA; Mon, 21 Mar 2022 06:56:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BFEC0611D5; Mon, 21 Mar 2022 13:55:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7016C340E8; Mon, 21 Mar 2022 13:55:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870946; bh=VtHrv/zsTXGAwqk5EXwLsRYqtaKkf9P3FsT6vhWFhxw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bsVfQI9rlW++p8rpPLsjr5FCTBZMt0tqVvB4Sz9+3YdJVJCQwbtKXJquPk+1gfwz6 y0nUqKJT3FA4hnEr19RSyZwfLGCp49Huo3jEUxxT+ivLdsv+pZrmnVXrKN+fQVzoLr k0vC97W0j0QM6A/lf5kVPLdkVX/X2wG2sIUgZZLc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 26/57] arm64: entry.S: Add ventry overflow sanity checks Date: Mon, 21 Mar 2022 14:52:07 +0100 Message-Id: <20220321133222.749786677@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit 4330e2c5c04c27bebf89d34e0bc14e6943413067 upstream. Subsequent patches add even more code to the ventry slots. Ensure kernels that overflow a ventry slot don't get built. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -70,6 +70,7 @@ =20 .macro kernel_ventry, el, label, regsize =3D 64 .align 7 +.Lventry_start\@: #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el =3D=3D 0 @@ -127,6 +128,7 @@ alternative_else_nop_endif mrs x0, tpidrro_el0 #endif b el\()\el\()_\label +.org .Lventry_start\@ + 128 // Did we overflow the ventry slot? .endm =20 .macro tramp_alias, dst, sym @@ -984,6 +986,7 @@ alternative_insn isb, nop, ARM64_WORKARO add x30, x30, #(1b - tramp_vectors) isb ret +.org 1b + 128 // Did we overflow the ventry slot? .endm =20 .macro tramp_exit, regsize =3D 64 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC359C433F5 for ; Mon, 21 Mar 2022 14:02:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348760AbiCUODv (ORCPT ); Mon, 21 Mar 2022 10:03:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348626AbiCUN6H (ORCPT ); Mon, 21 Mar 2022 09:58:07 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1083917869F; Mon, 21 Mar 2022 06:55:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 574D1B816D2; Mon, 21 Mar 2022 13:55:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 854B5C340E8; Mon, 21 Mar 2022 13:55:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870948; bh=1cGeZM7lyVNRB7mTnf78tGm3xMRJ021aoldxZLHfTog=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zCoSJLGsKDtOIrE5ZuWASGtgwkK3dcapgXRy4xUS7s+meaLcLgkBYe0Mz2eMgtHgz 7A/l8+uzGgn6F28EG44atnhqqKsagvnlLYAJQo0qxZrYwrcLRDyZWpGccmjizgn47v D7nurBGDjxj5AkuA+kOAguHmyYwsWz84nZ9MSItE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 27/57] arm64: entry: Make the trampoline cleanup optional Date: Mon, 21 Mar 2022 14:52:08 +0100 Message-Id: <20220321133222.779722505@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit d739da1694a0eaef0358a42b76904b611539b77b upstream. Subsequent patches will add additional sets of vectors that use the same tricks as the kpti vectors to reach the full-fat vectors. The full-fat vectors contain some cleanup for kpti that is patched in by alternatives when kpti is in use. Once there are additional vectors, the cleanup will be needed in more cases. But on big/little systems, the cleanup would be harmful if no trampoline vector were in use. Instead of forcing CPUs that don't need a trampoline vector to use one, make the trampoline cleanup optional. Entry at the top of the vectors will skip the cleanup. The trampoline vectors can then skip the first instruction, triggering the cleanup to run. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -72,16 +72,20 @@ .align 7 .Lventry_start\@: #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el =3D=3D 0 + /* + * This must be the first instruction of the EL0 vector entries. It is + * skipped by the trampoline vectors, to trigger the cleanup. + */ + b .Lskip_tramp_vectors_cleanup\@ .if \regsize =3D=3D 64 mrs x30, tpidrro_el0 msr tpidrro_el0, xzr .else mov x30, xzr .endif +.Lskip_tramp_vectors_cleanup\@: .endif -alternative_else_nop_endif #endif =20 sub sp, sp, #S_FRAME_SIZE @@ -983,7 +987,7 @@ alternative_insn isb, nop, ARM64_WORKARO #endif prfm plil1strm, [x30, #(1b - tramp_vectors)] msr vbar_el1, x30 - add x30, x30, #(1b - tramp_vectors) + add x30, x30, #(1b - tramp_vectors + 4) isb ret .org 1b + 128 // Did we overflow the ventry slot? From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF77AC43219 for ; Mon, 21 Mar 2022 13:59:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348501AbiCUOBO (ORCPT ); Mon, 21 Mar 2022 10:01:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348707AbiCUN6L (ORCPT ); Mon, 21 Mar 2022 09:58:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEE94179420; Mon, 21 Mar 2022 06:56:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3EC36612A0; Mon, 21 Mar 2022 13:55:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4BFACC340E8; Mon, 21 Mar 2022 13:55:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870951; bh=iqOckIo6jhfcvNG2gMBYFRi7xPN+WjyixetCij8eTRI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QGg8CD2YprMP16ZkequPUhyBvHFYSGBhgtG57kPMRzDLLflxc+yM3rcgVboFcTa7I t3Gdkhot+aTZaqvfxnIDkzQrHVH8k1Q3QjGSMagYg6BkJFPTtSJU7pUfV1Gmjr4WfM PitQRwoNhmf0f+nT/HqUU6x7i5re+tVVJdK9vUss= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 28/57] arm64: entry: Free up another register on kptis tramp_exit path Date: Mon, 21 Mar 2022 14:52:09 +0100 Message-Id: <20220321133222.807964635@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit 03aff3a77a58b5b52a77e00537a42090ad57b80b upstream. Kpti stashes x30 in far_el1 while it uses x30 for all its work. Making the vectors a per-cpu data structure will require a second register. Allow tramp_exit two registers before it unmaps the kernel, by leaving x30 on the stack, and stashing x29 in far_el1. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -348,18 +348,20 @@ alternative_else_nop_endif ldp x24, x25, [sp, #16 * 12] ldp x26, x27, [sp, #16 * 13] ldp x28, x29, [sp, #16 * 14] - ldr lr, [sp, #S_LR] - add sp, sp, #S_FRAME_SIZE // restore sp /* * ARCH_HAS_MEMBARRIER_SYNC_CORE rely on eret context synchronization * when returning from IPI handler, and when returning to user-space. */ =20 .if \el =3D=3D 0 -alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0 + ldr lr, [sp, #S_LR] + add sp, sp, #S_FRAME_SIZE // restore sp + eret +alternative_else_nop_endif #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f - msr far_el1, x30 + msr far_el1, x29 tramp_alias x30, tramp_exit_native br x30 4: @@ -367,6 +369,8 @@ alternative_insn eret, nop, ARM64_UNMAP_ br x30 #endif .else + ldr lr, [sp, #S_LR] + add sp, sp, #S_FRAME_SIZE // restore sp eret .endif .endm @@ -996,10 +1000,12 @@ alternative_insn isb, nop, ARM64_WORKARO .macro tramp_exit, regsize =3D 64 adr x30, tramp_vectors msr vbar_el1, x30 - tramp_unmap_kernel x30 + ldr lr, [sp, #S_LR] + tramp_unmap_kernel x29 .if \regsize =3D=3D 64 - mrs x30, far_el1 + mrs x29, far_el1 .endif + add sp, sp, #S_FRAME_SIZE // restore sp eret .endm From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45B48C43219 for ; Mon, 21 Mar 2022 13:59:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345686AbiCUOBJ (ORCPT ); Mon, 21 Mar 2022 10:01:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348731AbiCUN6M (ORCPT ); Mon, 21 Mar 2022 09:58:12 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47828177D38; Mon, 21 Mar 2022 06:56:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 35F1D611F4; Mon, 21 Mar 2022 13:55:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2AE19C340E8; Mon, 21 Mar 2022 13:55:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870954; bh=Awlc6VWiACZ6yM2JV3UQLlzhaKrqPsfPUekWk3jViqI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GGJKbw/TSA6nMS09CCktOQiCSeXeZ1AWsAx4rZEL2cxbsbyAB8BLK1/deOTH9Lux6 bdxQfhffOTjOp45uaZvKgNIThPbvo2orsBNMKS1+FIKet0vZft8o1iKFgGr0niGa8+ qtRo/iU5EvBPQHZCgntEeKQWLDw6j3UPReoMJ2zw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 29/57] arm64: entry: Move the trampoline data page before the text page Date: Mon, 21 Mar 2022 14:52:10 +0100 Message-Id: <20220321133222.837064918@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit c091fb6ae059cda563b2a4d93fdbc548ef34e1d6 upstream. The trampoline code has a data page that holds the address of the vectors, which is unmapped when running in user-space. This ensures that with CONFIG_RANDOMIZE_BASE, the randomised address of the kernel can't be discovered until after the kernel has been mapped. If the trampoline text page is extended to include multiple sets of vectors, it will be larger than a single page, making it tricky to find the data page without knowing the size of the trampoline text pages, which will vary with PAGE_SIZE. Move the data page to appear before the text page. This allows the data page to be found without knowing the size of the trampoline text pages. 'tramp_vectors' is used to refer to the beginning of the .entry.tramp.text section, do that explicitly. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/fixmap.h | 2 +- arch/arm64/kernel/entry.S | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -59,8 +59,8 @@ enum fixed_addresses { #endif /* CONFIG_ACPI_APEI_GHES */ =20 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 - FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, + FIX_ENTRY_TRAMP_DATA, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -967,6 +967,11 @@ alternative_else_nop_endif */ .endm =20 + .macro tramp_data_page dst + adr \dst, .entry.tramp.text + sub \dst, \dst, PAGE_SIZE + .endm + .macro tramp_ventry, regsize =3D 64 .align 7 1: @@ -983,7 +988,7 @@ alternative_else_nop_endif 2: tramp_map_kernel x30 #ifdef CONFIG_RANDOMIZE_BASE - adr x30, tramp_vectors + PAGE_SIZE + tramp_data_page x30 alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 ldr x30, [x30] #else @@ -1131,7 +1136,7 @@ ENTRY(__sdei_asm_entry_trampoline) 1: str x4, [x1, #(SDEI_EVENT_INTREGS + S_ORIG_ADDR_LIMIT)] =20 #ifdef CONFIG_RANDOMIZE_BASE - adr x4, tramp_vectors + PAGE_SIZE + tramp_data_page x4 add x4, x4, #:lo12:__sdei_asm_trampoline_next_handler ldr x4, [x4] #else From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5423FC433EF for ; Mon, 21 Mar 2022 14:00:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348616AbiCUOBq (ORCPT ); Mon, 21 Mar 2022 10:01:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348778AbiCUN6R (ORCPT ); Mon, 21 Mar 2022 09:58:17 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5FE317A594; Mon, 21 Mar 2022 06:56:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 811A7B816DD; Mon, 21 Mar 2022 13:56:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C5995C340ED; Mon, 21 Mar 2022 13:55:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870960; bh=vACVCzk77C9AxEkQB5NVVBVP/DprcViXPn2JpwnA3Uk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=A7D+rVnWAfYjNi3EWSqzx2rPgtnxnzo9GXlYH+S29YMowDUunwqYaeVrdE6J2bvMD Vqsr/Rc7ILLI5pv23+P2u/YgE9xzpg9FiYojqm8wfNSPgEQN/RXc1PVUBKEzwL6vJ0 3qaJIjLrxJe7p2ymtgxMCq6/WlVxAZqGpylo7ywE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 30/57] arm64: entry: Allow tramp_alias to access symbols after the 4K boundary Date: Mon, 21 Mar 2022 14:52:11 +0100 Message-Id: <20220321133222.866193712@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit 6c5bf79b69f911560fbf82214c0971af6e58e682 upstream. Systems using kpti enter and exit the kernel through a trampoline mapping that is always mapped, even when the kernel is not. tramp_valias is a macro to find the address of a symbol in the trampoline mapping. Adding extra sets of vectors will expand the size of the entry.tramp.text section to beyond 4K. tramp_valias will be unable to generate addresses for symbols beyond 4K as it uses the 12 bit immediate of the add instruction. As there are now two registers available when tramp_alias is called, use the extra register to avoid the 4K limit of the 12 bit immediate. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -135,9 +135,12 @@ .org .Lventry_start\@ + 128 // Did we overflow the ventry slot? .endm =20 - .macro tramp_alias, dst, sym + .macro tramp_alias, dst, sym, tmp mov_q \dst, TRAMP_VALIAS - add \dst, \dst, #(\sym - .entry.tramp.text) + adr_l \tmp, \sym + add \dst, \dst, \tmp + adr_l \tmp, .entry.tramp.text + sub \dst, \dst, \tmp .endm =20 // This macro corrupts x0-x3. It is the caller's duty @@ -362,10 +365,10 @@ alternative_else_nop_endif #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x29 - tramp_alias x30, tramp_exit_native + tramp_alias x30, tramp_exit_native, x29 br x30 4: - tramp_alias x30, tramp_exit_compat + tramp_alias x30, tramp_exit_compat, x29 br x30 #endif .else @@ -1265,7 +1268,7 @@ alternative_if_not ARM64_UNMAP_KERNEL_AT alternative_else_nop_endif =20 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 - tramp_alias dst=3Dx5, sym=3D__sdei_asm_exit_trampoline + tramp_alias dst=3Dx5, sym=3D__sdei_asm_exit_trampoline, tmp=3Dx3 br x5 #endif ENDPROC(__sdei_asm_handler) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C33EC433FE for ; Mon, 21 Mar 2022 14:02:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348841AbiCUOEF (ORCPT ); Mon, 21 Mar 2022 10:04:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349098AbiCUN7F (ORCPT ); Mon, 21 Mar 2022 09:59:05 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B0E0BC34; Mon, 21 Mar 2022 06:57:40 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 176A9B81675; Mon, 21 Mar 2022 13:57:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64778C340E8; Mon, 21 Mar 2022 13:57:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871057; bh=EzheYmDy2+VssoBOahjX4ulkqPougU5Hjlom28RAad4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aQhTydu3hm5uAYhEk7f+QzmPViIEEheHUYSSwwXmpmMsb2vRhvWOAnp2LBjlkO8Va Y+57tOVdQRF8rzgrTV7a0WoWzVSY1wwFDEpKikq1dDT0rzbPG+hju75Pk4sYmkG3TJ FimN7Yt/odTIvWJFmQXHTIt59/spN3UckY31qLZI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 31/57] arm64: entry: Dont assume tramp_vectors is the start of the vectors Date: Mon, 21 Mar 2022 14:52:12 +0100 Message-Id: <20220321133222.894855879@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit ed50da7764535f1e24432ded289974f2bf2b0c5a upstream. The tramp_ventry macro uses tramp_vectors as the address of the vectors when calculating which ventry in the 'full fat' vectors to branch to. While there is one set of tramp_vectors, this will be true. Adding multiple sets of vectors will break this assumption. Move the generation of the vectors to a macro, and pass the start of the vectors as an argument to tramp_ventry. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -975,7 +975,7 @@ alternative_else_nop_endif sub \dst, \dst, PAGE_SIZE .endm =20 - .macro tramp_ventry, regsize =3D 64 + .macro tramp_ventry, vector_start, regsize .align 7 1: .if \regsize =3D=3D 64 @@ -997,9 +997,9 @@ alternative_insn isb, nop, ARM64_WORKARO #else ldr x30, =3Dvectors #endif - prfm plil1strm, [x30, #(1b - tramp_vectors)] + prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30 - add x30, x30, #(1b - tramp_vectors + 4) + add x30, x30, #(1b - \vector_start + 4) isb ret .org 1b + 128 // Did we overflow the ventry slot? @@ -1017,19 +1017,21 @@ alternative_insn isb, nop, ARM64_WORKARO eret .endm =20 - .align 11 -ENTRY(tramp_vectors) + .macro generate_tramp_vector +.Lvector_start\@: .space 0x400 =20 - tramp_ventry - tramp_ventry - tramp_ventry - tramp_ventry - - tramp_ventry 32 - tramp_ventry 32 - tramp_ventry 32 - tramp_ventry 32 + .rept 4 + tramp_ventry .Lvector_start\@, 64 + .endr + .rept 4 + tramp_ventry .Lvector_start\@, 32 + .endr + .endm + + .align 11 +ENTRY(tramp_vectors) + generate_tramp_vector END(tramp_vectors) =20 ENTRY(tramp_exit_native) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14931C433F5 for ; Mon, 21 Mar 2022 14:00:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345366AbiCUOB2 (ORCPT ); Mon, 21 Mar 2022 10:01:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348783AbiCUN6R (ORCPT ); Mon, 21 Mar 2022 09:58:17 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39530174BB6; Mon, 21 Mar 2022 06:56:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2A45A612F2; Mon, 21 Mar 2022 13:56:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 354B3C340ED; Mon, 21 Mar 2022 13:56:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870983; bh=+cRuOoNDmwzag37vcUqbENMSP0FdPJl8YdzMLuF3ymE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZSrzieM7IyerEpI7KKdHSiW1CqAN83gGzcjT169/Z0skJ3pvv4PJbi+OcTh7y7oNB iE6kzbEiZhW+dn6q7EeCtwNGOxpyDk+bXgk1VYuj9us4QGHGDPxi51jMnGpIOTBo/2 VAdaPw+PVSKbX0nCYMJ9H0hIz2bGVz0qnKgc7nvQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 32/57] arm64: entry: Move trampoline macros out of ifdefd section Date: Mon, 21 Mar 2022 14:52:13 +0100 Message-Id: <20220321133222.925652530@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit 13d7a08352a83ef2252aeb464a5e08dfc06b5dfd upstream. The macros for building the kpti trampoline are all behind CONFIG_UNMAP_KERNEL_AT_EL0, and in a region that outputs to the .entry.tramp.text section. Move the macros out so they can be used to generate other kinds of trampoline. Only the symbols need to be guarded by CONFIG_UNMAP_KERNEL_AT_EL0 and appear in the .entry.tramp.text section. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -933,12 +933,7 @@ ENDPROC(el0_svc) =20 .popsection // .entry.text =20 -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -/* - * Exception vectors trampoline. - */ - .pushsection ".entry.tramp.text", "ax" - + // Move from tramp_pg_dir to swapper_pg_dir .macro tramp_map_kernel, tmp mrs \tmp, ttbr1_el1 add \tmp, \tmp, #(PAGE_SIZE + RESERVED_TTBR0_SIZE) @@ -1029,6 +1024,11 @@ alternative_insn isb, nop, ARM64_WORKARO .endr .endm =20 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +/* + * Exception vectors trampoline. + */ + .pushsection ".entry.tramp.text", "ax" .align 11 ENTRY(tramp_vectors) generate_tramp_vector From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 878B3C4321E for ; Mon, 21 Mar 2022 14:02:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348800AbiCUOC7 (ORCPT ); Mon, 21 Mar 2022 10:02:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348978AbiCUN6p (ORCPT ); Mon, 21 Mar 2022 09:58:45 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 814582251A; Mon, 21 Mar 2022 06:56:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0BE2C6126A; Mon, 21 Mar 2022 13:56:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F813C340E8; Mon, 21 Mar 2022 13:56:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871015; bh=ZTei38FhRF4iI1M4iWEEN8aEVK/yf7EhkkEDNtbJyZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G8yBhR6oCFLsq1fxXFCy6VvD/KMREc5NCLSNxX6khq8F15XPg451bPvrqkDTzkXhO AHpTi/StkPBSIix1gZJTjRb077gaH2c8Sujaxc0lacBcW37NPPe69ryhlfQtTWUl3v uSKvnfR+w8YrNWxF9ESI8XXx0FV8tbilhwB7OpfQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 33/57] arm64: entry: Make the kpti trampolines kpti sequence optional Date: Mon, 21 Mar 2022 14:52:14 +0100 Message-Id: <20220321133222.954903592@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit c47e4d04ba0f1ea17353d85d45f611277507e07a upstream. Spectre-BHB needs to add sequences to the vectors. Having one global set of vectors is a problem for big/little systems where the sequence is costly on cpus that are not vulnerable. Making the vectors per-cpu in the style of KVM's bh_harden_hyp_vecs requires the vectors to be generated by macros. Make the kpti re-mapping of the kernel optional, so the macros can be used without kpti. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -970,9 +970,10 @@ alternative_else_nop_endif sub \dst, \dst, PAGE_SIZE .endm =20 - .macro tramp_ventry, vector_start, regsize + .macro tramp_ventry, vector_start, regsize, kpti .align 7 1: + .if \kpti =3D=3D 1 .if \regsize =3D=3D 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif @@ -994,8 +995,12 @@ alternative_insn isb, nop, ARM64_WORKARO #endif prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30 - add x30, x30, #(1b - \vector_start + 4) isb + .else + ldr x30, =3Dvectors + .endif // \kpti =3D=3D 1 + + add x30, x30, #(1b - \vector_start + 4) ret .org 1b + 128 // Did we overflow the ventry slot? .endm @@ -1012,15 +1017,15 @@ alternative_insn isb, nop, ARM64_WORKARO eret .endm =20 - .macro generate_tramp_vector + .macro generate_tramp_vector, kpti .Lvector_start\@: .space 0x400 =20 .rept 4 - tramp_ventry .Lvector_start\@, 64 + tramp_ventry .Lvector_start\@, 64, \kpti .endr .rept 4 - tramp_ventry .Lvector_start\@, 32 + tramp_ventry .Lvector_start\@, 32, \kpti .endr .endm =20 @@ -1031,7 +1036,7 @@ alternative_insn isb, nop, ARM64_WORKARO .pushsection ".entry.tramp.text", "ax" .align 11 ENTRY(tramp_vectors) - generate_tramp_vector + generate_tramp_vector kpti=3D1 END(tramp_vectors) =20 ENTRY(tramp_exit_native) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1034C4167D for ; Mon, 21 Mar 2022 14:02:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349421AbiCUODo (ORCPT ); Mon, 21 Mar 2022 10:03:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349055AbiCUN6u (ORCPT ); Mon, 21 Mar 2022 09:58:50 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D75011A28; Mon, 21 Mar 2022 06:57:20 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EB356B81598; Mon, 21 Mar 2022 13:57:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59BBCC340F2; Mon, 21 Mar 2022 13:57:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871037; bh=tgUC/Zb/Fbht90I11E77UQls0609OoEFUCn8uha4TNE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=X+5C8o+wA8xlbI4PKfqYeqs4Cwsf3ZqMtZWTzZbku7MUuQnpmlBhtutPVBdiR6gtG AoX4rkoGCHWtM0RS8NlV7IZkXWiKI8mY5eRrLkL/Ji0r/ugnGBp7+Y8FZCmOKwgpeK 2WCmXupZCA0bEf2Rtduarf6NKmZJZFrSE30qM0Mg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , James Morse Subject: [PATCH 4.19 34/57] arm64: entry: Allow the trampoline text to occupy multiple pages Date: Mon, 21 Mar 2022 14:52:15 +0100 Message-Id: <20220321133222.983223662@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit a9c406e6462ff14956d690de7bbe5131a5677dc9 upstream. Adding a second set of vectors to .entry.tramp.text will make it larger than a single 4K page. Allow the trampoline text to occupy up to three pages by adding two more fixmap slots. Previous changes to tramp_valias allowed it to reach beyond a single page. Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/fixmap.h | 6 ++++-- arch/arm64/include/asm/sections.h | 5 +++++ arch/arm64/kernel/entry.S | 2 +- arch/arm64/kernel/vmlinux.lds.S | 2 +- arch/arm64/mm/mmu.c | 12 +++++++++--- 5 files changed, 20 insertions(+), 7 deletions(-) --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -59,9 +59,11 @@ enum fixed_addresses { #endif /* CONFIG_ACPI_APEI_GHES */ =20 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 - FIX_ENTRY_TRAMP_TEXT, + FIX_ENTRY_TRAMP_TEXT3, + FIX_ENTRY_TRAMP_TEXT2, + FIX_ENTRY_TRAMP_TEXT1, FIX_ENTRY_TRAMP_DATA, -#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT1)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, =20 --- a/arch/arm64/include/asm/sections.h +++ b/arch/arm64/include/asm/sections.h @@ -30,4 +30,9 @@ extern char __irqentry_text_start[], __i extern char __mmuoff_data_start[], __mmuoff_data_end[]; extern char __entry_tramp_text_start[], __entry_tramp_text_end[]; =20 +static inline size_t entry_tramp_text_size(void) +{ + return __entry_tramp_text_end - __entry_tramp_text_start; +} + #endif /* __ASM_SECTIONS_H */ --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -966,7 +966,7 @@ alternative_else_nop_endif .endm =20 .macro tramp_data_page dst - adr \dst, .entry.tramp.text + adr_l \dst, .entry.tramp.text sub \dst, \dst, PAGE_SIZE .endm =20 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -259,7 +259,7 @@ ASSERT(__hibernate_exit_text_end - (__hi <=3D SZ_4K, "Hibernate exit text too big or misaligned") #endif #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) =3D=3D PAGE_SIZ= E, +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) <=3D 3*PAGE_SIZ= E, "Entry trampoline text too big") #endif /* --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -541,6 +541,8 @@ early_param("rodata", parse_rodata); #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __init map_entry_trampoline(void) { + int i; + pgprot_t prot =3D rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; phys_addr_t pa_start =3D __pa_symbol(__entry_tramp_text_start); =20 @@ -549,11 +551,15 @@ static int __init map_entry_trampoline(v =20 /* Map only the text into the trampoline page table */ memset(tramp_pg_dir, 0, PGD_SIZE); - __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, - prot, pgd_pgtable_alloc, 0); + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, + entry_tramp_text_size(), prot, pgd_pgtable_alloc, + 0); =20 /* Map both the text and data into the kernel page table */ - __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + for (i =3D 0; i < DIV_ROUND_UP(entry_tramp_text_size(), PAGE_SIZE); i++) + __set_fixmap(FIX_ENTRY_TRAMP_TEXT1 - i, + pa_start + i * PAGE_SIZE, prot); + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { extern char __entry_tramp_data_start[]; From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEFE2C4167B for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349371AbiCUODl (ORCPT ); Mon, 21 Mar 2022 10:03:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349059AbiCUN6u (ORCPT ); Mon, 21 Mar 2022 09:58:50 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46308DFF7; Mon, 21 Mar 2022 06:57:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E4F31B81675; Mon, 21 Mar 2022 13:57:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 58A92C340E8; Mon, 21 Mar 2022 13:57:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871040; bh=HlGkgNSNfKrZo9qmVZdnTmwZ3y/ZvnDrnxwheSXkUnU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0iIyyELeg1YEgXNfmHr0OvMrsjksEh8B18QjeWlmnijjd2pWG/SMV+WfknOS4Lldn wtxym9cdFmYU6/Jo3annn7FA16uEy53FhDgASObYnOOvfYwdKNzwhFxtrRKVv7zP7H UtxdyKf967UffeWF5thyys9pS52wj7ZDb7pH9J9g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 35/57] arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations Date: Mon, 21 Mar 2022 14:52:16 +0100 Message-Id: <20220321133223.011769990@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit aff65393fa1401e034656e349abd655cfe272de0 upstream. kpti is an optional feature, for systems not using kpti a set of vectors for the spectre-bhb mitigations is needed. Add another set of vectors, __bp_harden_el1_vectors, that will be used if a mitigation is needed and kpti is not in use. The EL1 ventries are repeated verbatim as there is no additional work needed for entry from EL1. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -973,10 +973,11 @@ alternative_else_nop_endif .macro tramp_ventry, vector_start, regsize, kpti .align 7 1: - .if \kpti =3D=3D 1 .if \regsize =3D=3D 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif + + .if \kpti =3D=3D 1 /* * Defend against branch aliasing attacks by pushing a dummy * entry onto the return stack and using a RET instruction to @@ -1060,6 +1061,38 @@ __entry_tramp_data_start: #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ =20 /* + * Exception vectors for spectre mitigations on entry from EL1 when + * kpti is not in use. + */ + .macro generate_el1_vector +.Lvector_start\@: + kernel_ventry 1, sync_invalid // Synchronous EL1t + kernel_ventry 1, irq_invalid // IRQ EL1t + kernel_ventry 1, fiq_invalid // FIQ EL1t + kernel_ventry 1, error_invalid // Error EL1t + + kernel_ventry 1, sync // Synchronous EL1h + kernel_ventry 1, irq // IRQ EL1h + kernel_ventry 1, fiq_invalid // FIQ EL1h + kernel_ventry 1, error // Error EL1h + + .rept 4 + tramp_ventry .Lvector_start\@, 64, kpti=3D0 + .endr + .rept 4 + tramp_ventry .Lvector_start\@, 32, kpti=3D0 + .endr + .endm + + .pushsection ".entry.text", "ax" + .align 11 +ENTRY(__bp_harden_el1_vectors) + generate_el1_vector +END(__bp_harden_el1_vectors) + .popsection + + +/* * Register switch for AArch64. The callee-saved registers need to be saved * and restored. On entry: * x0 =3D previous task_struct (must be preserved across the switch) From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70D5EC433F5 for ; Mon, 21 Mar 2022 14:05:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349035AbiCUOHJ (ORCPT ); Mon, 21 Mar 2022 10:07:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349062AbiCUN6w (ORCPT ); Mon, 21 Mar 2022 09:58:52 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29D18FD39; Mon, 21 Mar 2022 06:57:26 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id CCAB4B81598; Mon, 21 Mar 2022 13:57:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 21FDFC340E8; Mon, 21 Mar 2022 13:57:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871043; bh=xGZSVzk2bexNu4b3gZ6mc/Xdqx3E3gYsoo2DtmDaq58=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RmzwD/5yLEVhKpYwzFAQyN666XIXUMHGF3JMiyiOKLqQpK5O4EKmL6adktqjkUVHZ SK6EP7ENv+SlBiwqMarsREEES3H7QEPgDAn7kPg++cb0CuiDYs9C4L8JE9/HrqkSBa OGc6TeKvBIPSo18QyfnVSOCeyPoyCPngrfH2gqDE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , James Morse Subject: [PATCH 4.19 36/57] arm64: entry: Add vectors that have the bhb mitigation sequences Date: Mon, 21 Mar 2022 14:52:17 +0100 Message-Id: <20220321133223.041475329@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit ba2689234be92024e5635d30fe744f4853ad97db upstream. Some CPUs affected by Spectre-BHB need a sequence of branches, or a firmware call to be run before any indirect branch. This needs to go in the vectors. No CPU needs both. While this can be patched in, it would run on all CPUs as there is a single set of vectors. If only one part of a big/little combination is affected, the unaffected CPUs have to run the mitigation too. Create extra vectors that include the sequence. Subsequent patches will allow affected CPUs to select this set of vectors. Later patches will modify the loop count to match what the CPU requires. Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/assembler.h | 25 +++++++++++++++++ arch/arm64/include/asm/vectors.h | 34 +++++++++++++++++++++++ arch/arm64/kernel/entry.S | 53 ++++++++++++++++++++++++++++++--= ----- include/linux/arm-smccc.h | 7 ++++ 4 files changed, 110 insertions(+), 9 deletions(-) create mode 100644 arch/arm64/include/asm/vectors.h --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -711,4 +711,29 @@ USER(\label, ic ivau, \tmp2) // invali .Lyield_out_\@ : .endm =20 + .macro __mitigate_spectre_bhb_loop tmp +#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY + mov \tmp, #32 +.Lspectre_bhb_loop\@: + b . + 4 + subs \tmp, \tmp, #1 + b.ne .Lspectre_bhb_loop\@ + dsb nsh + isb +#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ + .endm + + /* Save/restores x0-x3 to the stack */ + .macro __mitigate_spectre_bhb_fw +#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY + stp x0, x1, [sp, #-16]! + stp x2, x3, [sp, #-16]! + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_3 +alternative_cb arm64_update_smccc_conduit + nop // Patched to SMC/HVC #0 +alternative_cb_end + ldp x2, x3, [sp], #16 + ldp x0, x1, [sp], #16 +#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ + .endm #endif /* __ASM_ASSEMBLER_H */ --- /dev/null +++ b/arch/arm64/include/asm/vectors.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2022 ARM Ltd. + */ +#ifndef __ASM_VECTORS_H +#define __ASM_VECTORS_H + +/* + * Note: the order of this enum corresponds to two arrays in entry.S: + * tramp_vecs and __bp_harden_el1_vectors. By default the canonical + * 'full fat' vectors are used directly. + */ +enum arm64_bp_harden_el1_vectors { +#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY + /* + * Perform the BHB loop mitigation, before branching to the canonical + * vectors. + */ + EL1_VECTOR_BHB_LOOP, + + /* + * Make the SMC call for firmware mitigation, before branching to the + * canonical vectors. + */ + EL1_VECTOR_BHB_FW, +#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ + + /* + * Remap the kernel before branching to the canonical vectors. + */ + EL1_VECTOR_KPTI, +}; + +#endif /* __ASM_VECTORS_H */ --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -970,13 +970,26 @@ alternative_else_nop_endif sub \dst, \dst, PAGE_SIZE .endm =20 - .macro tramp_ventry, vector_start, regsize, kpti + +#define BHB_MITIGATION_NONE 0 +#define BHB_MITIGATION_LOOP 1 +#define BHB_MITIGATION_FW 2 + + .macro tramp_ventry, vector_start, regsize, kpti, bhb .align 7 1: .if \regsize =3D=3D 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif =20 + .if \bhb =3D=3D BHB_MITIGATION_LOOP + /* + * This sequence must appear before the first indirect branch. i.e. the + * ret out of tramp_ventry. It appears here because x30 is free. + */ + __mitigate_spectre_bhb_loop x30 + .endif // \bhb =3D=3D BHB_MITIGATION_LOOP + .if \kpti =3D=3D 1 /* * Defend against branch aliasing attacks by pushing a dummy @@ -1001,6 +1014,15 @@ alternative_insn isb, nop, ARM64_WORKARO ldr x30, =3Dvectors .endif // \kpti =3D=3D 1 =20 + .if \bhb =3D=3D BHB_MITIGATION_FW + /* + * The firmware sequence must appear before the first indirect branch. + * i.e. the ret out of tramp_ventry. But it also needs the stack to be + * mapped to save/restore the registers the SMC clobbers. + */ + __mitigate_spectre_bhb_fw + .endif // \bhb =3D=3D BHB_MITIGATION_FW + add x30, x30, #(1b - \vector_start + 4) ret .org 1b + 128 // Did we overflow the ventry slot? @@ -1008,6 +1030,9 @@ alternative_insn isb, nop, ARM64_WORKARO =20 .macro tramp_exit, regsize =3D 64 adr x30, tramp_vectors +#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY + add x30, x30, SZ_4K +#endif msr vbar_el1, x30 ldr lr, [sp, #S_LR] tramp_unmap_kernel x29 @@ -1018,26 +1043,32 @@ alternative_insn isb, nop, ARM64_WORKARO eret .endm =20 - .macro generate_tramp_vector, kpti + .macro generate_tramp_vector, kpti, bhb .Lvector_start\@: .space 0x400 =20 .rept 4 - tramp_ventry .Lvector_start\@, 64, \kpti + tramp_ventry .Lvector_start\@, 64, \kpti, \bhb .endr .rept 4 - tramp_ventry .Lvector_start\@, 32, \kpti + tramp_ventry .Lvector_start\@, 32, \kpti, \bhb .endr .endm =20 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 /* * Exception vectors trampoline. + * The order must match __bp_harden_el1_vectors and the + * arm64_bp_harden_el1_vectors enum. */ .pushsection ".entry.tramp.text", "ax" .align 11 ENTRY(tramp_vectors) - generate_tramp_vector kpti=3D1 +#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY + generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_LOOP + generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_FW +#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ + generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_NONE END(tramp_vectors) =20 ENTRY(tramp_exit_native) @@ -1064,7 +1095,7 @@ __entry_tramp_data_start: * Exception vectors for spectre mitigations on entry from EL1 when * kpti is not in use. */ - .macro generate_el1_vector + .macro generate_el1_vector, bhb .Lvector_start\@: kernel_ventry 1, sync_invalid // Synchronous EL1t kernel_ventry 1, irq_invalid // IRQ EL1t @@ -1077,17 +1108,21 @@ __entry_tramp_data_start: kernel_ventry 1, error // Error EL1h =20 .rept 4 - tramp_ventry .Lvector_start\@, 64, kpti=3D0 + tramp_ventry .Lvector_start\@, 64, 0, \bhb .endr .rept 4 - tramp_ventry .Lvector_start\@, 32, kpti=3D0 + tramp_ventry .Lvector_start\@, 32, 0, \bhb .endr .endm =20 +/* The order must match tramp_vecs and the arm64_bp_harden_el1_vectors enu= m. */ .pushsection ".entry.text", "ax" .align 11 ENTRY(__bp_harden_el1_vectors) - generate_el1_vector +#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY + generate_el1_vector bhb=3DBHB_MITIGATION_LOOP + generate_el1_vector bhb=3DBHB_MITIGATION_FW +#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ END(__bp_harden_el1_vectors) .popsection =20 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -85,6 +85,13 @@ ARM_SMCCC_SMC_32, \ 0, 0x7fff) =20 +#define ARM_SMCCC_ARCH_WORKAROUND_3 \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 0x3fff) + +#define SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED 1 + #ifndef __ASSEMBLY__ =20 #include From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6852DC433F5 for ; Mon, 21 Mar 2022 14:05:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238598AbiCUOHF (ORCPT ); Mon, 21 Mar 2022 10:07:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349068AbiCUN6z (ORCPT ); Mon, 21 Mar 2022 09:58:55 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC37710FE4; Mon, 21 Mar 2022 06:57:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 98ADDB81675; Mon, 21 Mar 2022 13:57:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 07BB9C340E8; Mon, 21 Mar 2022 13:57:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871046; bh=2ZwFpI+wDLBpmHQSH1fw6SGZf/nBWgyhZbm7P1A0tns=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WKtZ+z0cNfo/kH8oJw0noYKRs2Hz8uXzjq8506xlslBzrIFvARCqWHY1pzO5PKxAn c7MpD/804e51lXkt9WTWlJ1OOx93z7g5WDzQO7n+If322PKeoAcR9i6xwngu9INQkg mLRSlC5gR+ZUzijYVwkAnyFWUqmrBhJ0nWSJ299k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , James Morse Subject: [PATCH 4.19 37/57] arm64: entry: Add macro for reading symbol addresses from the trampoline Date: Mon, 21 Mar 2022 14:52:18 +0100 Message-Id: <20220321133223.070748131@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit b28a8eebe81c186fdb1a0078263b30576c8e1f42 upstream. The trampoline code needs to use the address of symbols in the wider kernel, e.g. vectors. PC-relative addressing wouldn't work as the trampoline code doesn't run at the address the linker expected. tramp_ventry uses a literal pool, unless CONFIG_RANDOMIZE_BASE is set, in which case it uses the data page as a literal pool because the data page can be unmapped when running in user-space, which is required for CPUs vulnerable to meltdown. Pull this logic out as a macro, instead of adding a third copy of it. Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/kernel/entry.S | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -970,6 +970,15 @@ alternative_else_nop_endif sub \dst, \dst, PAGE_SIZE .endm =20 + .macro tramp_data_read_var dst, var +#ifdef CONFIG_RANDOMIZE_BASE + tramp_data_page \dst + add \dst, \dst, #:lo12:__entry_tramp_data_\var + ldr \dst, [\dst] +#else + ldr \dst, =3D\var +#endif + .endm =20 #define BHB_MITIGATION_NONE 0 #define BHB_MITIGATION_LOOP 1 @@ -1000,13 +1009,8 @@ alternative_else_nop_endif b . 2: tramp_map_kernel x30 -#ifdef CONFIG_RANDOMIZE_BASE - tramp_data_page x30 alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 - ldr x30, [x30] -#else - ldr x30, =3Dvectors -#endif + tramp_data_read_var x30, vectors prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30 isb @@ -1086,7 +1090,12 @@ END(tramp_exit_compat) .align PAGE_SHIFT .globl __entry_tramp_data_start __entry_tramp_data_start: +__entry_tramp_data_vectors: .quad vectors +#ifdef CONFIG_ARM_SDE_INTERFACE +__entry_tramp_data___sdei_asm_handler: + .quad __sdei_asm_handler +#endif /* CONFIG_ARM_SDE_INTERFACE */ .popsection // .rodata #endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ @@ -1213,13 +1222,7 @@ ENTRY(__sdei_asm_entry_trampoline) */ 1: str x4, [x1, #(SDEI_EVENT_INTREGS + S_ORIG_ADDR_LIMIT)] =20 -#ifdef CONFIG_RANDOMIZE_BASE - tramp_data_page x4 - add x4, x4, #:lo12:__sdei_asm_trampoline_next_handler - ldr x4, [x4] -#else - ldr x4, =3D__sdei_asm_handler -#endif + tramp_data_read_var x4, __sdei_asm_handler br x4 ENDPROC(__sdei_asm_entry_trampoline) NOKPROBE(__sdei_asm_entry_trampoline) @@ -1242,12 +1245,6 @@ ENDPROC(__sdei_asm_exit_trampoline) NOKPROBE(__sdei_asm_exit_trampoline) .ltorg .popsection // .entry.tramp.text -#ifdef CONFIG_RANDOMIZE_BASE -.pushsection ".rodata", "a" -__sdei_asm_trampoline_next_handler: - .quad __sdei_asm_handler -.popsection // .rodata -#endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ =20 /* From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E01D5C433F5 for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349294AbiCUODg (ORCPT ); Mon, 21 Mar 2022 10:03:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349069AbiCUN6z (ORCPT ); Mon, 21 Mar 2022 09:58:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60606764C; Mon, 21 Mar 2022 06:57:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F07BC6125C; Mon, 21 Mar 2022 13:57:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0716FC340E8; Mon, 21 Mar 2022 13:57:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871049; bh=vequwRd1eHlLFmd4IVJYLDGwGKy3Cw+YOfO+evt8qtc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MIqZKjfJ5rTD+xIN2tiyPWy1KBoUnKx+MvlY+a8sB+oyhAMOCfRN5lC2C+5EXiPY5 29GRZE6ThLTqh/M1O01sYTsURkISXzM/vbpGpuNfaTWR8FbiI8JERhPzUFsCIYr5kc RmPDlGZ71zyRqyYDfqVttgXTTey9QFArXrEaGjo0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , James Morse Subject: [PATCH 4.19 38/57] arm64: Add percpu vectors for EL1 Date: Mon, 21 Mar 2022 14:52:19 +0100 Message-Id: <20220321133223.098833153@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit bd09128d16fac3c34b80bd6a29088ac632e8ce09 upstream. The Spectre-BHB workaround adds a firmware call to the vectors. This is needed on some CPUs, but not others. To avoid the unaffected CPU in a big/little pair from making the firmware call, create per cpu vectors. The per-cpu vectors only apply when returning from EL0. Systems using KPTI can use the canonical 'full-fat' vectors directly at EL1, the trampoline exit code will switch to this_cpu_vector on exit to EL0. Systems not using KPTI should always use this_cpu_vector. this_cpu_vector will point at a vector in tramp_vecs or __bp_harden_el1_vectors, depending on whether KPTI is in use. Reviewed-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/include/asm/vectors.h | 27 +++++++++++++++++++++++++++ arch/arm64/kernel/cpufeature.c | 11 +++++++++++ arch/arm64/kernel/entry.S | 16 ++++++++++------ arch/arm64/kvm/hyp/switch.c | 8 ++++++-- 5 files changed, 55 insertions(+), 9 deletions(-) --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -38,7 +38,7 @@ typedef struct { */ #define ASID(mm) ((mm)->context.id.counter & 0xffff) =20 -static inline bool arm64_kernel_unmapped_at_el0(void) +static __always_inline bool arm64_kernel_unmapped_at_el0(void) { return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); --- a/arch/arm64/include/asm/vectors.h +++ b/arch/arm64/include/asm/vectors.h @@ -5,6 +5,15 @@ #ifndef __ASM_VECTORS_H #define __ASM_VECTORS_H =20 +#include +#include + +#include + +extern char vectors[]; +extern char tramp_vectors[]; +extern char __bp_harden_el1_vectors[]; + /* * Note: the order of this enum corresponds to two arrays in entry.S: * tramp_vecs and __bp_harden_el1_vectors. By default the canonical @@ -31,4 +40,22 @@ enum arm64_bp_harden_el1_vectors { EL1_VECTOR_KPTI, }; =20 +/* The vectors to use on return from EL0. e.g. to remap the kernel */ +DECLARE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector); + +#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 +#define TRAMP_VALIAS 0 +#endif + +static inline const char * +arm64_get_bp_hardening_vector(enum arm64_bp_harden_el1_vectors slot) +{ + if (arm64_kernel_unmapped_at_el0()) + return (char *)TRAMP_VALIAS + SZ_2K * slot; + + WARN_ON_ONCE(slot =3D=3D EL1_VECTOR_KPTI); + + return __bp_harden_el1_vectors + SZ_2K * slot; +} + #endif /* __ASM_VECTORS_H */ --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -20,11 +20,13 @@ =20 #include #include +#include #include #include #include #include #include + #include #include #include @@ -33,6 +35,7 @@ #include #include #include +#include #include =20 unsigned long elf_hwcap __read_mostly; @@ -51,6 +54,8 @@ unsigned int compat_elf_hwcap2 __read_mo DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS); EXPORT_SYMBOL(cpu_hwcaps); =20 +DEFINE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector) =3D vectors; + /* * Flag to indicate if we have computed the system wide * capabilities based on the boot time active CPUs. This @@ -963,6 +968,12 @@ kpti_install_ng_mappings(const struct ar static bool kpti_applied =3D false; int cpu =3D smp_processor_id(); =20 + if (__this_cpu_read(this_cpu_vector) =3D=3D vectors) { + const char *v =3D arm64_get_bp_hardening_vector(EL1_VECTOR_KPTI); + + __this_cpu_write(this_cpu_vector, v); + } + if (kpti_applied) return; =20 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -71,7 +71,6 @@ .macro kernel_ventry, el, label, regsize =3D 64 .align 7 .Lventry_start\@: -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 .if \el =3D=3D 0 /* * This must be the first instruction of the EL0 vector entries. It is @@ -86,7 +85,6 @@ .endif .Lskip_tramp_vectors_cleanup\@: .endif -#endif =20 sub sp, sp, #S_FRAME_SIZE #ifdef CONFIG_VMAP_STACK @@ -1033,10 +1031,14 @@ alternative_insn isb, nop, ARM64_WORKARO .endm =20 .macro tramp_exit, regsize =3D 64 - adr x30, tramp_vectors -#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY - add x30, x30, SZ_4K -#endif + tramp_data_read_var x30, this_cpu_vector +alternative_if_not ARM64_HAS_VIRT_HOST_EXTN + mrs x29, tpidr_el1 +alternative_else + mrs x29, tpidr_el2 +alternative_endif + ldr x30, [x30, x29] + msr vbar_el1, x30 ldr lr, [sp, #S_LR] tramp_unmap_kernel x29 @@ -1096,6 +1098,8 @@ __entry_tramp_data_vectors: __entry_tramp_data___sdei_asm_handler: .quad __sdei_asm_handler #endif /* CONFIG_ARM_SDE_INTERFACE */ +__entry_tramp_data_this_cpu_vector: + .quad this_cpu_vector .popsection // .rodata #endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -34,6 +34,7 @@ #include #include #include +#include =20 extern struct exception_table_entry __start___kvm_ex_table; extern struct exception_table_entry __stop___kvm_ex_table; @@ -155,10 +156,13 @@ static void __hyp_text __activate_traps( =20 static void deactivate_traps_vhe(void) { - extern char vectors[]; /* kernel exception vectors */ + const char *host_vectors =3D vectors; write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2); write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1); - write_sysreg(vectors, vbar_el1); + + if (!arm64_kernel_unmapped_at_el0()) + host_vectors =3D __this_cpu_read(this_cpu_vector); + write_sysreg(host_vectors, vbar_el1); } NOKPROBE_SYMBOL(deactivate_traps_vhe); From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADCDCC4332F for ; Mon, 21 Mar 2022 14:05:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348756AbiCUOHB (ORCPT ); Mon, 21 Mar 2022 10:07:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349075AbiCUN66 (ORCPT ); Mon, 21 Mar 2022 09:58:58 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BF95167DC; Mon, 21 Mar 2022 06:57:33 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 068986126A; Mon, 21 Mar 2022 13:57:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EBAD8C340E8; Mon, 21 Mar 2022 13:57:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871052; bh=F1OKv2zVmxntwE+H8MI0xZ4B1cw69ymeTKPUc/fkqzU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n1Rzz36iPBcFi7wlxWA4GGCeW4uM9YzfApkNmlMhtefJlNzsyfBqLVI2McirgZyt9 Ahk5xu4kD3dchqz/cROjjMJyZF+fg3LR3FbPXgLujXcTCszyFUF+HODpWF+RTlY3yG 602yhGeXFyENttaGUIyG7wGzYLlzlcWn5yP+8XmY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , James Morse Subject: [PATCH 4.19 39/57] arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 Date: Mon, 21 Mar 2022 14:52:20 +0100 Message-Id: <20220321133223.127503240@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit dee435be76f4117410bbd90573a881fd33488f37 upstream. Speculation attacks against some high-performance processors can make use of branch history to influence future speculation as part of a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that previously reported 'Not affected' are now moderately mitigated by CSV2. Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2 to also show the state of the BHB mitigation. Reviewed-by: Catalin Marinas [ code move to cpu_errata.c for backport ] Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/cpufeature.h | 8 +++++++ arch/arm64/kernel/cpu_errata.c | 38 +++++++++++++++++++++++++++++++= ++--- 2 files changed, 43 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -527,6 +527,14 @@ static inline int arm64_get_ssbd_state(v =20 void arm64_set_ssbd_mitigation(bool state); =20 +/* Watch out, ordering is important here. */ +enum mitigation_state { + SPECTRE_UNAFFECTED, + SPECTRE_MITIGATED, + SPECTRE_VULNERABLE, +}; + +enum mitigation_state arm64_get_spectre_bhb_state(void); #endif /* __ASSEMBLY__ */ =20 #endif --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -875,14 +875,39 @@ ssize_t cpu_show_spectre_v1(struct devic return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } =20 +static const char *get_bhb_affected_string(enum mitigation_state bhb_state) +{ + switch (bhb_state) { + case SPECTRE_UNAFFECTED: + return ""; + default: + case SPECTRE_VULNERABLE: + return ", but not BHB"; + case SPECTRE_MITIGATED: + return ", BHB"; + } +} + ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *a= ttr, char *buf) { - if (__spectrev2_safe) - return sprintf(buf, "Not affected\n"); + enum mitigation_state bhb_state =3D arm64_get_spectre_bhb_state(); + const char *bhb_str =3D get_bhb_affected_string(bhb_state); + const char *v2_str =3D "Branch predictor hardening"; + + if (__spectrev2_safe) { + if (bhb_state =3D=3D SPECTRE_UNAFFECTED) + return sprintf(buf, "Not affected\n"); + + /* + * Platforms affected by Spectre-BHB can't report + * "Not affected" for Spectre-v2. + */ + v2_str =3D "CSV2"; + } =20 if (__hardenbp_enab) - return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); =20 return sprintf(buf, "Vulnerable\n"); } @@ -903,3 +928,10 @@ ssize_t cpu_show_spec_store_bypass(struc =20 return sprintf(buf, "Vulnerable\n"); } + +static enum mitigation_state spectre_bhb_state; + +enum mitigation_state arm64_get_spectre_bhb_state(void) +{ + return spectre_bhb_state; +} From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFB7CC41535 for ; Mon, 21 Mar 2022 14:02:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242220AbiCUODq (ORCPT ); Mon, 21 Mar 2022 10:03:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349085AbiCUN7B (ORCPT ); Mon, 21 Mar 2022 09:59:01 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1646E10CC; Mon, 21 Mar 2022 06:57:36 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9BD8D611D5; Mon, 21 Mar 2022 13:57:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2678C340E8; Mon, 21 Mar 2022 13:57:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871055; bh=0bmJK8z0fj0E3oh/iZJlbDdOWYBHggOw8AGflckOr1Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0Y9VwbqXJ8DGaVRpZQUgFCCGfoCN37CStpxXiTBAifgaZznBSKYXuWnRs+rU5Z28Z GN3oKbho1Md+a39xByXmMiiuloetaeOAfFbCua+MNGo+pKaohgUSnkyrtBAZLuDWr1 kA7d6ElhPpjtTqnExs1aFhfts7jch/GSrOZ9qMms= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , James Morse Subject: [PATCH 4.19 40/57] KVM: arm64: Add templates for BHB mitigation sequences Date: Mon, 21 Mar 2022 14:52:21 +0100 Message-Id: <20220321133223.156318885@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse KVM writes the Spectre-v2 mitigation template at the beginning of each vector when a CPU requires a specific sequence to run. Because the template is copied, it can not be modified by the alternatives at runtime. As the KVM template code is intertwined with the bp-hardening callbacks, all templates must have a bp-hardening callback. Add templates for calling ARCH_WORKAROUND_3 and one for each value of K in the brancy-loop. Identify these sequences by a new parameter template_start, and add a copy of install_bp_hardening_cb() that is able to install them. Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/cpucaps.h | 3 + arch/arm64/include/asm/kvm_mmu.h | 6 ++- arch/arm64/include/asm/mmu.h | 6 +++ arch/arm64/kernel/cpu_errata.c | 65 ++++++++++++++++++++++++++++++++++= ++++- arch/arm64/kvm/hyp/hyp-entry.S | 54 ++++++++++++++++++++++++++++++++ 5 files changed, 130 insertions(+), 4 deletions(-) --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -54,7 +54,8 @@ #define ARM64_WORKAROUND_1463225 33 #define ARM64_SSBS 34 #define ARM64_WORKAROUND_1542419 35 +#define ARM64_SPECTRE_BHB 36 =20 -#define ARM64_NCAPS 36 +#define ARM64_NCAPS 37 =20 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/kvm_mmu.h +++ b/arch/arm64/include/asm/kvm_mmu.h @@ -438,7 +438,8 @@ static inline void *kvm_get_hyp_vector(v void *vect =3D kern_hyp_va(kvm_ksym_ref(__kvm_hyp_vector)); int slot =3D -1; =20 - if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) && data->fn) { + if ((cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) || + cpus_have_const_cap(ARM64_SPECTRE_BHB)) && data->template_start) { vect =3D kern_hyp_va(kvm_ksym_ref(__bp_harden_hyp_vecs_start)); slot =3D data->hyp_vectors_slot; } @@ -467,7 +468,8 @@ static inline int kvm_map_vectors(void) * !HBP + HEL2 -> allocate one vector slot and use exec mapping * HBP + HEL2 -> use hardened vertors and use exec mapping */ - if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) { + if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) || + cpus_have_const_cap(ARM64_SPECTRE_BHB)) { __kvm_bp_vect_base =3D kvm_ksym_ref(__bp_harden_hyp_vecs_start); __kvm_bp_vect_base =3D kern_hyp_va(__kvm_bp_vect_base); } --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -49,6 +49,12 @@ typedef void (*bp_hardening_cb_t)(void); struct bp_hardening_data { int hyp_vectors_slot; bp_hardening_cb_t fn; + + /* + * template_start is only used by the BHB mitigation to identify the + * hyp_vectors_slot sequence. + */ + const char *template_start; }; =20 #if (defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || \ --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -97,6 +97,14 @@ DEFINE_PER_CPU_READ_MOSTLY(struct bp_har #ifdef CONFIG_KVM_INDIRECT_VECTORS extern char __smccc_workaround_1_smc_start[]; extern char __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_3_smc_start[]; +extern char __smccc_workaround_3_smc_end[]; +extern char __spectre_bhb_loop_k8_start[]; +extern char __spectre_bhb_loop_k8_end[]; +extern char __spectre_bhb_loop_k24_start[]; +extern char __spectre_bhb_loop_k24_end[]; +extern char __spectre_bhb_loop_k32_start[]; +extern char __spectre_bhb_loop_k32_end[]; =20 static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -110,11 +118,11 @@ static void __copy_hyp_vect_bpi(int slot __flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K); } =20 +static DEFINE_SPINLOCK(bp_lock); static void install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, const char *hyp_vecs_end) { - static DEFINE_SPINLOCK(bp_lock); int cpu, slot =3D -1; =20 spin_lock(&bp_lock); @@ -133,6 +141,7 @@ static void install_bp_hardening_cb(bp_h =20 __this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot); __this_cpu_write(bp_hardening_data.fn, fn); + __this_cpu_write(bp_hardening_data.template_start, hyp_vecs_start); spin_unlock(&bp_lock); } #else @@ -935,3 +944,57 @@ enum mitigation_state arm64_get_spectre_ { return spectre_bhb_state; } + +#ifdef CONFIG_KVM_INDIRECT_VECTORS +static const char *kvm_bhb_get_vecs_end(const char *start) +{ + if (start =3D=3D __smccc_workaround_3_smc_start) + return __smccc_workaround_3_smc_end; + else if (start =3D=3D __spectre_bhb_loop_k8_start) + return __spectre_bhb_loop_k8_end; + else if (start =3D=3D __spectre_bhb_loop_k24_start) + return __spectre_bhb_loop_k24_end; + else if (start =3D=3D __spectre_bhb_loop_k32_start) + return __spectre_bhb_loop_k32_end; + + return NULL; +} + +void kvm_setup_bhb_slot(const char *hyp_vecs_start) +{ + int cpu, slot =3D -1; + const char *hyp_vecs_end; + + if (!IS_ENABLED(CONFIG_KVM) || !is_hyp_mode_available()) + return; + + hyp_vecs_end =3D kvm_bhb_get_vecs_end(hyp_vecs_start); + if (WARN_ON_ONCE(!hyp_vecs_start || !hyp_vecs_end)) + return; + + spin_lock(&bp_lock); + for_each_possible_cpu(cpu) { + if (per_cpu(bp_hardening_data.template_start, cpu) =3D=3D hyp_vecs_start= ) { + slot =3D per_cpu(bp_hardening_data.hyp_vectors_slot, cpu); + break; + } + } + + if (slot =3D=3D -1) { + slot =3D atomic_inc_return(&arm64_el2_vector_last_slot); + BUG_ON(slot >=3D BP_HARDEN_EL2_SLOTS); + __copy_hyp_vect_bpi(slot, hyp_vecs_start, hyp_vecs_end); + } + + __this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot); + __this_cpu_write(bp_hardening_data.template_start, hyp_vecs_start); + spin_unlock(&bp_lock); +} +#else +#define __smccc_workaround_3_smc_start NULL +#define __spectre_bhb_loop_k8_start NULL +#define __spectre_bhb_loop_k24_start NULL +#define __spectre_bhb_loop_k32_start NULL + +void kvm_setup_bhb_slot(const char *hyp_vecs_start) { }; +#endif --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -334,4 +334,58 @@ ENTRY(__smccc_workaround_1_smc_start) ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) ENTRY(__smccc_workaround_1_smc_end) + +ENTRY(__smccc_workaround_3_smc_start) + esb + sub sp, sp, #(8 * 4) + stp x2, x3, [sp, #(8 * 0)] + stp x0, x1, [sp, #(8 * 2)] + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_3 + smc #0 + ldp x2, x3, [sp, #(8 * 0)] + ldp x0, x1, [sp, #(8 * 2)] + add sp, sp, #(8 * 4) +ENTRY(__smccc_workaround_3_smc_end) + +ENTRY(__spectre_bhb_loop_k8_start) + esb + sub sp, sp, #(8 * 2) + stp x0, x1, [sp, #(8 * 0)] + mov x0, #8 +2: b . + 4 + subs x0, x0, #1 + b.ne 2b + dsb nsh + isb + ldp x0, x1, [sp, #(8 * 0)] + add sp, sp, #(8 * 2) +ENTRY(__spectre_bhb_loop_k8_end) + +ENTRY(__spectre_bhb_loop_k24_start) + esb + sub sp, sp, #(8 * 2) + stp x0, x1, [sp, #(8 * 0)] + mov x0, #24 +2: b . + 4 + subs x0, x0, #1 + b.ne 2b + dsb nsh + isb + ldp x0, x1, [sp, #(8 * 0)] + add sp, sp, #(8 * 2) +ENTRY(__spectre_bhb_loop_k24_end) + +ENTRY(__spectre_bhb_loop_k32_start) + esb + sub sp, sp, #(8 * 2) + stp x0, x1, [sp, #(8 * 0)] + mov x0, #32 +2: b . + 4 + subs x0, x0, #1 + b.ne 2b + dsb nsh + isb + ldp x0, x1, [sp, #(8 * 0)] + add sp, sp, #(8 * 2) +ENTRY(__spectre_bhb_loop_k32_end) #endif From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23DB7C433FE for ; Mon, 21 Mar 2022 13:59:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347855AbiCUOBT (ORCPT ); Mon, 21 Mar 2022 10:01:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348765AbiCUN6R (ORCPT ); Mon, 21 Mar 2022 09:58:17 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3027317A58E; Mon, 21 Mar 2022 06:56:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0214C6126A; Mon, 21 Mar 2022 13:56:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0A16EC340E8; Mon, 21 Mar 2022 13:56:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870986; bh=lmgxCoznovutuuc9t4YDBQy3NrfvCPh2DH3uIaHuwEE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YydGK+V56V7hxObvDxKMYn5yS+7tiGejnSoFsehaeZmaT4w7bZ4eF9+DR8kGx1NLj STGJK0o6yCNM7A/tJR0UC0hpV8tvR6WxDvXbMBPnd/gy+TCwYI+sN0Y/PLRncVCmAk ayNL8nm1GMMNeeVGpBlezfzlCQcIbh/fwtbeJHqI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Catalin Marinas , James Morse , stable@kernel.org Subject: [PATCH 4.19 41/57] arm64: Mitigate spectre style branch history side channels Date: Mon, 21 Mar 2022 14:52:22 +0100 Message-Id: <20220321133223.185186911@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit 558c303c9734af5a813739cd284879227f7297d2 upstream. Speculation attacks against some high-performance processors can make use of branch history to influence future speculation. When taking an exception from user-space, a sequence of branches or a firmware call overwrites or invalidates the branch history. The sequence of branches is added to the vectors, and should appear before the first indirect branch. For systems using KPTI the sequence is added to the kpti trampoline where it has a free register as the exit from the trampoline is via a 'ret'. For systems not using KPTI, the same register tricks are used to free up a register in the vectors. For the firmware call, arch-workaround-3 clobbers 4 registers, so there is no choice but to save them to the EL1 stack. This only happens for entry from EL0, so if we take an exception due to the stack access, it will not become re-entrant. For KVM, the existing branch-predictor-hardening vectors are used. When a spectre version of these vectors is in use, the firmware call is sufficient to mitigate against Spectre-BHB. For the non-spectre versions, the sequence of branches is added to the indirect vector. Reviewed-by: Catalin Marinas Cc: # # # Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/Kconfig | 9 + arch/arm64/include/asm/assembler.h | 4=20 arch/arm64/include/asm/cpufeature.h | 18 ++ arch/arm64/include/asm/cputype.h | 8 + arch/arm64/include/asm/sysreg.h | 1=20 arch/arm64/include/asm/vectors.h | 6=20 arch/arm64/kernel/cpu_errata.c | 268 +++++++++++++++++++++++++++++++= ++++- arch/arm64/kvm/hyp/hyp-entry.S | 4=20 8 files changed, 315 insertions(+), 3 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -979,6 +979,15 @@ config ARM64_SSBD =20 If unsure, say Y. =20 +config MITIGATE_SPECTRE_BRANCH_HISTORY + bool "Mitigate Spectre style attacks against branch history" if EXPERT + default y + help + Speculation attacks against some high-performance processors can + make use of branch history to influence future speculation. + When taking an exception from user-space, a sequence of branches + or a firmware call overwrites the branch history. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -713,7 +713,9 @@ USER(\label, ic ivau, \tmp2) // invali =20 .macro __mitigate_spectre_bhb_loop tmp #ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY - mov \tmp, #32 +alternative_cb spectre_bhb_patch_loop_iter + mov \tmp, #32 // Patched to correct the immediate +alternative_cb_end .Lspectre_bhb_loop\@: b . + 4 subs \tmp, \tmp, #1 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -482,6 +482,21 @@ static inline bool cpu_supports_mixed_en return id_aa64mmfr0_mixed_endian_el0(read_cpuid(ID_AA64MMFR0_EL1)); } =20 +static inline bool supports_csv2p3(int scope) +{ + u64 pfr0; + u8 csv2_val; + + if (scope =3D=3D SCOPE_LOCAL_CPU) + pfr0 =3D read_sysreg_s(SYS_ID_AA64PFR0_EL1); + else + pfr0 =3D read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); + + csv2_val =3D cpuid_feature_extract_unsigned_field(pfr0, + ID_AA64PFR0_CSV2_SHIFT); + return csv2_val =3D=3D 3; +} + static inline bool system_supports_32bit_el0(void) { return cpus_have_const_cap(ARM64_HAS_32BIT_EL0); @@ -535,6 +550,9 @@ enum mitigation_state { }; =20 enum mitigation_state arm64_get_spectre_bhb_state(void); +bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, i= nt scope); +u8 spectre_bhb_loop_affected(int scope); +void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__= unused); #endif /* __ASSEMBLY__ */ =20 #endif --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -82,9 +82,13 @@ #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C #define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 #define ARM_CPU_PART_CORTEX_A710 0xD47 #define ARM_CPU_PART_CORTEX_X2 0xD48 #define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B =20 #define APM_CPU_PART_POTENZA 0x000 =20 @@ -114,9 +118,13 @@ #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N1) #define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTE= X_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX= _X1) #define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORT= EX_A710) #define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX= _X2) #define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOV= ERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORT= EX_A78C) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_T= HUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_P= ART_THUNDERX_83XX) --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -583,6 +583,7 @@ #endif =20 /* id_aa64mmfr1 */ +#define ID_AA64MMFR1_ECBHB_SHIFT 60 #define ID_AA64MMFR1_PAN_SHIFT 20 #define ID_AA64MMFR1_LOR_SHIFT 16 #define ID_AA64MMFR1_HPD_SHIFT 12 --- a/arch/arm64/include/asm/vectors.h +++ b/arch/arm64/include/asm/vectors.h @@ -9,6 +9,7 @@ #include =20 #include +#include =20 extern char vectors[]; extern char tramp_vectors[]; @@ -40,6 +41,11 @@ enum arm64_bp_harden_el1_vectors { EL1_VECTOR_KPTI, }; =20 +#ifndef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY +#define EL1_VECTOR_BHB_LOOP -1 +#define EL1_VECTOR_BHB_FW -1 +#endif /* !CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ + /* The vectors to use on return from EL0. e.g. to remap the kernel */ DECLARE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector); =20 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -24,6 +24,7 @@ #include #include #include +#include =20 static bool __maybe_unused is_affected_midr_range(const struct arm64_cpu_capabilities *entry, int sco= pe) @@ -848,6 +849,13 @@ const struct arm64_cpu_capabilities arm6 .matches =3D has_ssbd_mitigation, .midr_range_list =3D arm64_ssb_cpus, }, + { + .desc =3D "Spectre-BHB", + .capability =3D ARM64_SPECTRE_BHB, + .type =3D ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches =3D is_spectre_bhb_affected, + .cpu_enable =3D spectre_bhb_enable_mitigation, + }, #ifdef CONFIG_ARM64_ERRATUM_1463225 { .desc =3D "ARM erratum 1463225", @@ -938,6 +946,33 @@ ssize_t cpu_show_spec_store_bypass(struc return sprintf(buf, "Vulnerable\n"); } =20 +/* + * We try to ensure that the mitigation state can never change as the resu= lt of + * onlining a late CPU. + */ +static void update_mitigation_state(enum mitigation_state *oldp, + enum mitigation_state new) +{ + enum mitigation_state state; + + do { + state =3D READ_ONCE(*oldp); + if (new <=3D state) + break; + } while (cmpxchg_relaxed(oldp, state, new) !=3D state); +} + +/* + * Spectre BHB. + * + * A CPU is either: + * - Mitigated by a branchy loop a CPU specific number of times, and listed + * in our "loop mitigated list". + * - Mitigated in software by the firmware Spectre v2 call. + * - Has the 'Exception Clears Branch History Buffer' (ECBHB) feature, so = no + * software mitigation in the vectors is needed. + * - Has CSV2.3, so is unaffected. + */ static enum mitigation_state spectre_bhb_state; =20 enum mitigation_state arm64_get_spectre_bhb_state(void) @@ -945,6 +980,163 @@ enum mitigation_state arm64_get_spectre_ return spectre_bhb_state; } =20 +/* + * This must be called with SCOPE_LOCAL_CPU for each type of CPU, before a= ny + * SCOPE_SYSTEM call will give the right answer. + */ +u8 spectre_bhb_loop_affected(int scope) +{ + u8 k =3D 0; + static u8 max_bhb_k; + + if (scope =3D=3D SCOPE_LOCAL_CPU) { + static const struct midr_range spectre_bhb_k32_list[] =3D { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + {}, + }; + static const struct midr_range spectre_bhb_k24_list[] =3D { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + {}, + }; + static const struct midr_range spectre_bhb_k8_list[] =3D { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), + {}, + }; + + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + k =3D 32; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) + k =3D 24; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k8_list)) + k =3D 8; + + max_bhb_k =3D max(max_bhb_k, k); + } else { + k =3D max_bhb_k; + } + + return k; +} + +static enum mitigation_state spectre_bhb_get_cpu_fw_mitigation_state(void) +{ + int ret; + struct arm_smccc_res res; + + if (psci_ops.smccc_version =3D=3D SMCCC_VERSION_1_0) + return SPECTRE_VULNERABLE; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_3, &res); + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_3, &res); + break; + + default: + return SPECTRE_VULNERABLE; + } + + ret =3D res.a0; + switch (ret) { + case SMCCC_RET_SUCCESS: + return SPECTRE_MITIGATED; + case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED: + return SPECTRE_UNAFFECTED; + default: + case SMCCC_RET_NOT_SUPPORTED: + return SPECTRE_VULNERABLE; + } +} + +static bool is_spectre_bhb_fw_affected(int scope) +{ + static bool system_affected; + enum mitigation_state fw_state; + bool has_smccc =3D (psci_ops.smccc_version >=3D SMCCC_VERSION_1_1); + static const struct midr_range spectre_bhb_firmware_mitigated_list[] =3D { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), + {}, + }; + bool cpu_in_list =3D is_midr_in_range_list(read_cpuid_id(), + spectre_bhb_firmware_mitigated_list); + + if (scope !=3D SCOPE_LOCAL_CPU) + return system_affected; + + fw_state =3D spectre_bhb_get_cpu_fw_mitigation_state(); + if (cpu_in_list || (has_smccc && fw_state =3D=3D SPECTRE_MITIGATED)) { + system_affected =3D true; + return true; + } + + return false; +} + +static bool supports_ecbhb(int scope) +{ + u64 mmfr1; + + if (scope =3D=3D SCOPE_LOCAL_CPU) + mmfr1 =3D read_sysreg_s(SYS_ID_AA64MMFR1_EL1); + else + mmfr1 =3D read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1); + + return cpuid_feature_extract_unsigned_field(mmfr1, + ID_AA64MMFR1_ECBHB_SHIFT); +} + +bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, + int scope) +{ + WARN_ON(scope !=3D SCOPE_LOCAL_CPU || preemptible()); + + if (supports_csv2p3(scope)) + return false; + + if (spectre_bhb_loop_affected(scope)) + return true; + + if (is_spectre_bhb_fw_affected(scope)) + return true; + + return false; +} + +static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot) +{ + const char *v =3D arm64_get_bp_hardening_vector(slot); + + if (slot < 0) + return; + + __this_cpu_write(this_cpu_vector, v); + + /* + * When KPTI is in use, the vectors are switched when exiting to + * user-space. + */ + if (arm64_kernel_unmapped_at_el0()) + return; + + write_sysreg(v, vbar_el1); + isb(); +} + #ifdef CONFIG_KVM_INDIRECT_VECTORS static const char *kvm_bhb_get_vecs_end(const char *start) { @@ -960,7 +1152,7 @@ static const char *kvm_bhb_get_vecs_end( return NULL; } =20 -void kvm_setup_bhb_slot(const char *hyp_vecs_start) +static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { int cpu, slot =3D -1; const char *hyp_vecs_end; @@ -996,5 +1188,77 @@ void kvm_setup_bhb_slot(const char *hyp_ #define __spectre_bhb_loop_k24_start NULL #define __spectre_bhb_loop_k32_start NULL =20 -void kvm_setup_bhb_slot(const char *hyp_vecs_start) { }; +static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { }; #endif + +void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *en= try) +{ + enum mitigation_state fw_state, state =3D SPECTRE_VULNERABLE; + + if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU)) + return; + + if (!__spectrev2_safe && !__hardenbp_enab) { + /* No point mitigating Spectre-BHB alone. */ + } else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) { + pr_info_once("spectre-bhb mitigation disabled by compile time option\n"); + } else if (cpu_mitigations_off()) { + pr_info_once("spectre-bhb mitigation disabled by command line option\n"); + } else if (supports_ecbhb(SCOPE_LOCAL_CPU)) { + state =3D SPECTRE_MITIGATED; + } else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) { + switch (spectre_bhb_loop_affected(SCOPE_SYSTEM)) { + case 8: + kvm_setup_bhb_slot(__spectre_bhb_loop_k8_start); + break; + case 24: + kvm_setup_bhb_slot(__spectre_bhb_loop_k24_start); + break; + case 32: + kvm_setup_bhb_slot(__spectre_bhb_loop_k32_start); + break; + default: + WARN_ON_ONCE(1); + } + this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP); + + state =3D SPECTRE_MITIGATED; + } else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) { + fw_state =3D spectre_bhb_get_cpu_fw_mitigation_state(); + if (fw_state =3D=3D SPECTRE_MITIGATED) { + kvm_setup_bhb_slot(__smccc_workaround_3_smc_start); + this_cpu_set_vectors(EL1_VECTOR_BHB_FW); + + /* + * With WA3 in the vectors, the WA1 calls can be + * removed. + */ + __this_cpu_write(bp_hardening_data.fn, NULL); + + state =3D SPECTRE_MITIGATED; + } + } + + update_mitigation_state(&spectre_bhb_state, state); +} + +/* Patched to correct the immediate */ +void __init spectre_bhb_patch_loop_iter(struct alt_instr *alt, + __le32 *origptr, __le32 *updptr, int nr_inst) +{ + u8 rd; + u32 insn; + u16 loop_count =3D spectre_bhb_loop_affected(SCOPE_SYSTEM); + + BUG_ON(nr_inst !=3D 1); /* MOV -> MOV */ + + if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) + return; + + insn =3D le32_to_cpu(*origptr); + rd =3D aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn); + insn =3D aarch64_insn_gen_movewide(rd, loop_count, 0, + AARCH64_INSN_VARIANT_64BIT, + AARCH64_INSN_MOVEWIDE_ZERO); + *updptr++ =3D cpu_to_le32(insn); +} --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -135,6 +135,10 @@ el1_hvc_guest: /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ eor w1, w1, #(ARM_SMCCC_ARCH_WORKAROUND_1 ^ \ ARM_SMCCC_ARCH_WORKAROUND_2) + cbz w1, wa_epilogue + + eor w1, w1, #(ARM_SMCCC_ARCH_WORKAROUND_2 ^ \ + ARM_SMCCC_ARCH_WORKAROUND_3) cbnz w1, el1_trap =20 #ifdef CONFIG_ARM64_SSBD From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AADD7C433EF for ; Mon, 21 Mar 2022 14:00:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348567AbiCUOBg (ORCPT ); Mon, 21 Mar 2022 10:01:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348789AbiCUN6R (ORCPT ); Mon, 21 Mar 2022 09:58:17 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF9BE174BAA; Mon, 21 Mar 2022 06:56:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 909FCB81598; Mon, 21 Mar 2022 13:56:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D02C2C340E8; Mon, 21 Mar 2022 13:56:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870989; bh=LaU3vxjYoNBfirEwBHnRQFnFf8IXd9iO7q8zwVVXGiQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=js0+YGF7ps8RUY4QiGXDTx+dqNLjHVZtHFrTslvDeUjWV6ZCxmAYd0kOIUKBNC3IG ERWXonu6dxuuS/mwnnBcjylXxyq3UfzsewIVAo6kdId0UnC9813xxxrMrNg8D/0x3E XGa3zIExo7dYQdStFBdy5F6LTNLjZG5KjFXLhmdQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 42/57] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated Date: Mon, 21 Mar 2022 14:52:23 +0100 Message-Id: <20220321133223.213391721@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit a5905d6af492ee6a4a2205f0d550b3f931b03d03 upstream. KVM allows the guest to discover whether the ARCH_WORKAROUND SMCCC are implemented, and to preserve that state during migration through its firmware register interface. Add the necessary boiler plate for SMCCC_ARCH_WORKAROUND_3. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas [ kvm code moved to virt/kvm/arm, removed fw regs ABI. Added 32bit stub ] Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm/include/asm/kvm_host.h | 7 +++++++ arch/arm64/include/asm/kvm_host.h | 5 +++++ virt/kvm/arm/psci.c | 12 ++++++++++++ 3 files changed, 24 insertions(+) --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -26,6 +26,7 @@ #include #include #include +#include #include =20 #define __KVM_HAVE_ARCH_INTC_INITIALIZED @@ -367,4 +368,10 @@ void kvm_arch_free_vm(struct kvm *kvm); =20 #define kvm_arm_vcpu_loaded(vcpu) (false) =20 +static inline int kvm_arm_get_spectre_bhb_state(void) +{ + /* 32bit guests don't need firmware for this */ + return SPECTRE_VULNERABLE; /* aka SMCCC_RET_NOT_SUPPORTED */ +} + #endif /* __ARM_KVM_HOST_H__ */ --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -542,4 +542,9 @@ void kvm_arch_free_vm(struct kvm *kvm); =20 #define kvm_arm_vcpu_loaded(vcpu) ((vcpu)->arch.sysregs_loaded_on_cpu) =20 +static inline enum mitigation_state kvm_arm_get_spectre_bhb_state(void) +{ + return arm64_get_spectre_bhb_state(); +} + #endif /* __ARM64_KVM_HOST_H__ */ --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -429,6 +429,18 @@ int kvm_hvc_call_handler(struct kvm_vcpu break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3: + switch (kvm_arm_get_spectre_bhb_state()) { + case SPECTRE_VULNERABLE: + break; + case SPECTRE_MITIGATED: + val =3D SMCCC_RET_SUCCESS; + break; + case SPECTRE_UNAFFECTED: + val =3D SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED; + break; + } + break; } break; default: From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD3E8C433F5 for ; Mon, 21 Mar 2022 14:05:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237391AbiCUOGh (ORCPT ); Mon, 21 Mar 2022 10:06:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348924AbiCUN6k (ORCPT ); Mon, 21 Mar 2022 09:58:40 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6384160149; Mon, 21 Mar 2022 06:56:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6F65FB81675; Mon, 21 Mar 2022 13:56:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C19C5C340E8; Mon, 21 Mar 2022 13:56:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870992; bh=P4ItllVK1Q99xOMEu8UZUZ1sPP00zrEDI+e/7a0d0jM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rrsLlycvX/83IosmDWalpTCccMwKV6vhf3wnOyAJb7Me9ok85/f9eFZ4b59ctsMD3 edrP8RhpB2y4zrC46/mr3Xmu1rKjVYJ6T00TexvG8mVmxdRARlzZZqgBTyJv7N5H1K idkxcq4Lm0VbyugJOjr9BdpMW0MI9habMULav/I4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Joey Gouly , Will Deacon , Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , Reiji Watanabe , Catalin Marinas Subject: [PATCH 4.19 43/57] arm64: add ID_AA64ISAR2_EL1 sys register Date: Mon, 21 Mar 2022 14:52:24 +0100 Message-Id: <20220321133223.241904559@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Joey Gouly commit 9e45365f1469ef2b934f9d035975dbc9ad352116 upstream. This is a new ID register, introduced in 8.7. Signed-off-by: Joey Gouly Cc: Will Deacon Cc: Marc Zyngier Cc: James Morse Cc: Alexandru Elisei Cc: Suzuki K Poulose Cc: Reiji Watanabe Acked-by: Marc Zyngier Link: https://lore.kernel.org/r/20211210165432.8106-3-joey.gouly@arm.com Signed-off-by: Catalin Marinas Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/cpu.h | 1 + arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 9 +++++++++ arch/arm64/kernel/cpuinfo.c | 1 + arch/arm64/kvm/sys_regs.c | 2 +- 5 files changed, 13 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/cpu.h +++ b/arch/arm64/include/asm/cpu.h @@ -36,6 +36,7 @@ struct cpuinfo_arm64 { u64 reg_id_aa64dfr1; u64 reg_id_aa64isar0; u64 reg_id_aa64isar1; + u64 reg_id_aa64isar2; u64 reg_id_aa64mmfr0; u64 reg_id_aa64mmfr1; u64 reg_id_aa64mmfr2; --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -161,6 +161,7 @@ =20 #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0) #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1) +#define SYS_ID_AA64ISAR2_EL1 sys_reg(3, 0, 0, 6, 2) =20 #define SYS_ID_AA64MMFR0_EL1 sys_reg(3, 0, 0, 7, 0) #define SYS_ID_AA64MMFR1_EL1 sys_reg(3, 0, 0, 7, 1) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -150,6 +150,10 @@ static const struct arm64_ftr_bits ftr_i ARM64_FTR_END, }; =20 +static const struct arm64_ftr_bits ftr_id_aa64isar2[] =3D { + ARM64_FTR_END, +}; + static const struct arm64_ftr_bits ftr_id_aa64pfr0[] =3D { ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV= 3_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV= 2_SHIFT, 4, 0), @@ -396,6 +400,7 @@ static const struct __ftr_reg_entry { /* Op1 =3D 0, CRn =3D 0, CRm =3D 6 */ ARM64_FTR_REG(SYS_ID_AA64ISAR0_EL1, ftr_id_aa64isar0), ARM64_FTR_REG(SYS_ID_AA64ISAR1_EL1, ftr_id_aa64isar1), + ARM64_FTR_REG(SYS_ID_AA64ISAR2_EL1, ftr_id_aa64isar2), =20 /* Op1 =3D 0, CRn =3D 0, CRm =3D 7 */ ARM64_FTR_REG(SYS_ID_AA64MMFR0_EL1, ftr_id_aa64mmfr0), @@ -544,6 +549,7 @@ void __init init_cpu_features(struct cpu init_cpu_ftr_reg(SYS_ID_AA64DFR1_EL1, info->reg_id_aa64dfr1); init_cpu_ftr_reg(SYS_ID_AA64ISAR0_EL1, info->reg_id_aa64isar0); init_cpu_ftr_reg(SYS_ID_AA64ISAR1_EL1, info->reg_id_aa64isar1); + init_cpu_ftr_reg(SYS_ID_AA64ISAR2_EL1, info->reg_id_aa64isar2); init_cpu_ftr_reg(SYS_ID_AA64MMFR0_EL1, info->reg_id_aa64mmfr0); init_cpu_ftr_reg(SYS_ID_AA64MMFR1_EL1, info->reg_id_aa64mmfr1); init_cpu_ftr_reg(SYS_ID_AA64MMFR2_EL1, info->reg_id_aa64mmfr2); @@ -661,6 +667,8 @@ void update_cpu_features(int cpu, info->reg_id_aa64isar0, boot->reg_id_aa64isar0); taint |=3D check_update_ftr_reg(SYS_ID_AA64ISAR1_EL1, cpu, info->reg_id_aa64isar1, boot->reg_id_aa64isar1); + taint |=3D check_update_ftr_reg(SYS_ID_AA64ISAR2_EL1, cpu, + info->reg_id_aa64isar2, boot->reg_id_aa64isar2); =20 /* * Differing PARange support is fine as long as all peripherals and @@ -794,6 +802,7 @@ static u64 __read_sysreg_by_encoding(u32 read_sysreg_case(SYS_ID_AA64MMFR2_EL1); read_sysreg_case(SYS_ID_AA64ISAR0_EL1); read_sysreg_case(SYS_ID_AA64ISAR1_EL1); + read_sysreg_case(SYS_ID_AA64ISAR2_EL1); =20 read_sysreg_case(SYS_CNTFRQ_EL0); read_sysreg_case(SYS_CTR_EL0); --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -334,6 +334,7 @@ static void __cpuinfo_store_cpu(struct c info->reg_id_aa64dfr1 =3D read_cpuid(ID_AA64DFR1_EL1); info->reg_id_aa64isar0 =3D read_cpuid(ID_AA64ISAR0_EL1); info->reg_id_aa64isar1 =3D read_cpuid(ID_AA64ISAR1_EL1); + info->reg_id_aa64isar2 =3D read_cpuid(ID_AA64ISAR2_EL1); info->reg_id_aa64mmfr0 =3D read_cpuid(ID_AA64MMFR0_EL1); info->reg_id_aa64mmfr1 =3D read_cpuid(ID_AA64MMFR1_EL1); info->reg_id_aa64mmfr2 =3D read_cpuid(ID_AA64MMFR2_EL1); --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1289,7 +1289,7 @@ static const struct sys_reg_desc sys_reg /* CRm=3D6 */ ID_SANITISED(ID_AA64ISAR0_EL1), ID_SANITISED(ID_AA64ISAR1_EL1), - ID_UNALLOCATED(6,2), + ID_SANITISED(ID_AA64ISAR2_EL1), ID_UNALLOCATED(6,3), ID_UNALLOCATED(6,4), ID_UNALLOCATED(6,5), From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B995C433F5 for ; Mon, 21 Mar 2022 14:00:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348693AbiCUOB7 (ORCPT ); Mon, 21 Mar 2022 10:01:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348821AbiCUN6V (ORCPT ); Mon, 21 Mar 2022 09:58:21 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F0BB3176D01; Mon, 21 Mar 2022 06:56:35 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BC8D66125C; Mon, 21 Mar 2022 13:56:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C9F06C340E8; Mon, 21 Mar 2022 13:56:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870995; bh=Vko4cyW+Nw/R5I8IKKXg5qbSfnjAOoJNf4fSsUB6sdI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Di1oo2VSFklBzNou0mDHe9zXYJR2hjtFYnVGEUCYkL4gJIA1BF75Rzkjw25VZVB+j JdUy26Zl+W1RNHt3LXPAmdrftKW0rWRX4hoM7b/uMqsxk9CL8IRz/vS/yOE+L8wzT2 vgqiMvPu060NlVdvC0ZwUbLjeZs8/jun2Zs8fRso= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Russell King (Oracle)" , Catalin Marinas , James Morse Subject: [PATCH 4.19 44/57] arm64: Use the clearbhb instruction in mitigations Date: Mon, 21 Mar 2022 14:52:25 +0100 Message-Id: <20220321133223.270158349@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: James Morse commit 228a26b912287934789023b4132ba76065d9491c upstream. Future CPUs may implement a clearbhb instruction that is sufficient to mitigate SpectreBHB. CPUs that implement this instruction, but not CSV2.3 must be affected by Spectre-BHB. Add support to use this instruction as the BHB mitigation on CPUs that support it. The instruction is in the hint space, so it will be treated by a NOP as older CPUs. Reviewed-by: Russell King (Oracle) Reviewed-by: Catalin Marinas [ modified for stable: Use a KVM vector template instead of alternatives ] Signed-off-by: James Morse Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- arch/arm64/include/asm/assembler.h | 7 +++++++ arch/arm64/include/asm/cpufeature.h | 13 +++++++++++++ arch/arm64/include/asm/sysreg.h | 3 +++ arch/arm64/include/asm/vectors.h | 7 +++++++ arch/arm64/kernel/cpu_errata.c | 14 ++++++++++++++ arch/arm64/kernel/cpufeature.c | 1 + arch/arm64/kernel/entry.S | 8 ++++++++ arch/arm64/kvm/hyp/hyp-entry.S | 6 ++++++ 8 files changed, 59 insertions(+) --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -127,6 +127,13 @@ .endm =20 /* + * Clear Branch History instruction + */ + .macro clearbhb + hint #22 + .endm + +/* * Sanitise a 64-bit bounded index wrt speculation, returning zero if out * of bounds. */ --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -497,6 +497,19 @@ static inline bool supports_csv2p3(int s return csv2_val =3D=3D 3; } =20 +static inline bool supports_clearbhb(int scope) +{ + u64 isar2; + + if (scope =3D=3D SCOPE_LOCAL_CPU) + isar2 =3D read_sysreg_s(SYS_ID_AA64ISAR2_EL1); + else + isar2 =3D read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1); + + return cpuid_feature_extract_unsigned_field(isar2, + ID_AA64ISAR2_CLEARBHB_SHIFT); +} + static inline bool system_supports_32bit_el0(void) { return cpus_have_const_cap(ARM64_HAS_32BIT_EL0); --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -527,6 +527,9 @@ #define ID_AA64ISAR1_JSCVT_SHIFT 12 #define ID_AA64ISAR1_DPB_SHIFT 0 =20 +/* id_aa64isar2 */ +#define ID_AA64ISAR2_CLEARBHB_SHIFT 28 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 --- a/arch/arm64/include/asm/vectors.h +++ b/arch/arm64/include/asm/vectors.h @@ -33,6 +33,12 @@ enum arm64_bp_harden_el1_vectors { * canonical vectors. */ EL1_VECTOR_BHB_FW, + + /* + * Use the ClearBHB instruction, before branching to the canonical + * vectors. + */ + EL1_VECTOR_BHB_CLEAR_INSN, #endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ =20 /* @@ -44,6 +50,7 @@ enum arm64_bp_harden_el1_vectors { #ifndef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY #define EL1_VECTOR_BHB_LOOP -1 #define EL1_VECTOR_BHB_FW -1 +#define EL1_VECTOR_BHB_CLEAR_INSN -1 #endif /* !CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ =20 /* The vectors to use on return from EL0. e.g. to remap the kernel */ --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -106,6 +106,8 @@ extern char __spectre_bhb_loop_k24_start extern char __spectre_bhb_loop_k24_end[]; extern char __spectre_bhb_loop_k32_start[]; extern char __spectre_bhb_loop_k32_end[]; +extern char __spectre_bhb_clearbhb_start[]; +extern char __spectre_bhb_clearbhb_end[]; =20 static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, const char *hyp_vecs_end) @@ -969,6 +971,7 @@ static void update_mitigation_state(enum * - Mitigated by a branchy loop a CPU specific number of times, and listed * in our "loop mitigated list". * - Mitigated in software by the firmware Spectre v2 call. + * - Has the ClearBHB instruction to perform the mitigation. * - Has the 'Exception Clears Branch History Buffer' (ECBHB) feature, so = no * software mitigation in the vectors is needed. * - Has CSV2.3, so is unaffected. @@ -1108,6 +1111,9 @@ bool is_spectre_bhb_affected(const struc if (supports_csv2p3(scope)) return false; =20 + if (supports_clearbhb(scope)) + return true; + if (spectre_bhb_loop_affected(scope)) return true; =20 @@ -1148,6 +1154,8 @@ static const char *kvm_bhb_get_vecs_end( return __spectre_bhb_loop_k24_end; else if (start =3D=3D __spectre_bhb_loop_k32_start) return __spectre_bhb_loop_k32_end; + else if (start =3D=3D __spectre_bhb_clearbhb_start) + return __spectre_bhb_clearbhb_end; =20 return NULL; } @@ -1187,6 +1195,7 @@ static void kvm_setup_bhb_slot(const cha #define __spectre_bhb_loop_k8_start NULL #define __spectre_bhb_loop_k24_start NULL #define __spectre_bhb_loop_k32_start NULL +#define __spectre_bhb_clearbhb_start NULL =20 static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { }; #endif @@ -1206,6 +1215,11 @@ void spectre_bhb_enable_mitigation(const pr_info_once("spectre-bhb mitigation disabled by command line option\n"); } else if (supports_ecbhb(SCOPE_LOCAL_CPU)) { state =3D SPECTRE_MITIGATED; + } else if (supports_clearbhb(SCOPE_LOCAL_CPU)) { + kvm_setup_bhb_slot(__spectre_bhb_clearbhb_start); + this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN); + + state =3D SPECTRE_MITIGATED; } else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) { switch (spectre_bhb_loop_affected(SCOPE_SYSTEM)) { case 8: --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -151,6 +151,7 @@ static const struct arm64_ftr_bits ftr_i }; =20 static const struct arm64_ftr_bits ftr_id_aa64isar2[] =3D { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_HIGHER_SAFE, ID_AA64ISAR2_CLEA= RBHB_SHIFT, 4, 0), ARM64_FTR_END, }; =20 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -981,6 +981,7 @@ alternative_else_nop_endif #define BHB_MITIGATION_NONE 0 #define BHB_MITIGATION_LOOP 1 #define BHB_MITIGATION_FW 2 +#define BHB_MITIGATION_INSN 3 =20 .macro tramp_ventry, vector_start, regsize, kpti, bhb .align 7 @@ -997,6 +998,11 @@ alternative_else_nop_endif __mitigate_spectre_bhb_loop x30 .endif // \bhb =3D=3D BHB_MITIGATION_LOOP =20 + .if \bhb =3D=3D BHB_MITIGATION_INSN + clearbhb + isb + .endif // \bhb =3D=3D BHB_MITIGATION_INSN + .if \kpti =3D=3D 1 /* * Defend against branch aliasing attacks by pushing a dummy @@ -1073,6 +1079,7 @@ ENTRY(tramp_vectors) #ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_LOOP generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_FW + generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_INSN #endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ generate_tramp_vector kpti=3D1, bhb=3DBHB_MITIGATION_NONE END(tramp_vectors) @@ -1135,6 +1142,7 @@ ENTRY(__bp_harden_el1_vectors) #ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY generate_el1_vector bhb=3DBHB_MITIGATION_LOOP generate_el1_vector bhb=3DBHB_MITIGATION_FW + generate_el1_vector bhb=3DBHB_MITIGATION_INSN #endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ END(__bp_harden_el1_vectors) .popsection --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -392,4 +392,10 @@ ENTRY(__spectre_bhb_loop_k32_start) ldp x0, x1, [sp, #(8 * 0)] add sp, sp, #(8 * 2) ENTRY(__spectre_bhb_loop_k32_end) + +ENTRY(__spectre_bhb_clearbhb_start) + esb + clearbhb + isb +ENTRY(__spectre_bhb_clearbhb_end) #endif From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B95DC433F5 for ; Mon, 21 Mar 2022 14:00:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245561AbiCUOCM (ORCPT ); Mon, 21 Mar 2022 10:02:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348847AbiCUN6d (ORCPT ); Mon, 21 Mar 2022 09:58:33 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 933521770A7; Mon, 21 Mar 2022 06:56:39 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3241DB81674; Mon, 21 Mar 2022 13:56:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97C1FC340E8; Mon, 21 Mar 2022 13:56:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647870998; bh=5yEzG5mCcTVSwH9OiUgBrwqHfwd0OfKOqGsA5QmuISQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Qff1XiLbwz28RP47e1aMgdGNUDTr6vs5BeLGVJDCEJltH/r+8PlFPZRogQlJvwoGW +dOq7TPsu78wyYXBRwwuy0oul3V+pOLQQUpt9GhqJT95Ftd3FlO21u89nflvVUvI+e BO0ebkxB6ajpkSY+E8Ub6JRFqTGxwmgteL+tQFZU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Brian Masney , Bjorn Andersson , Andrew Halaney , Herbert Xu Subject: [PATCH 4.19 45/57] crypto: qcom-rng - ensure buffer for generate is completely filled Date: Mon, 21 Mar 2022 14:52:26 +0100 Message-Id: <20220321133223.299042775@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Brian Masney commit a680b1832ced3b5fa7c93484248fd221ea0d614b upstream. The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcom_rng_generate() doesn't check the return value. This issue can be reproduced by running the following from libkcapi: kcapi-rng -b 9000000 > OUTFILE The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test 'val & PRNG_STATUS_DATA_AVAIL' fails. Let's fix this issue by ensuring that qcom_rng_read() always returns with a full buffer if the function returns success. Let's also have qcom_rng_generate() return the correct value. Here's some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers: $ ent -c qcom-random-before Value Char Occurrences Fraction 0 606748 0.067416 1 33104 0.003678 2 33001 0.003667 ... 253 =EF=BF=BD 32883 0.003654 254 =EF=BF=BD 33035 0.003671 255 =EF=BF=BD 33239 0.003693 Total: 9000000 1.000000 Entropy =3D 7.811590 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 2 percent. Chi square distribution for 9000000 samples is 9329962.81, and randomly would exceed this value less than 0.01 percent of the times. Arithmetic mean value of data bytes is 119.3731 (127.5 =3D random). Monte Carlo value for Pi is 3.197293333 (error 1.77 percent). Serial correlation coefficient is 0.159130 (totally uncorrelated =3D 0.0). Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ent's project page. The results improve with this patch: $ ent -c qcom-random-after Value Char Occurrences Fraction 0 35432 0.003937 1 35127 0.003903 2 35424 0.003936 ... 253 =EF=BF=BD 35201 0.003911 254 =EF=BF=BD 34835 0.003871 255 =EF=BF=BD 35368 0.003930 Total: 9000000 1.000000 Entropy =3D 7.999979 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 0 percent. Chi square distribution for 9000000 samples is 258.77, and randomly would exceed this value 42.24 percent of the times. Arithmetic mean value of data bytes is 127.5006 (127.5 =3D random). Monte Carlo value for Pi is 3.141277333 (error 0.01 percent). Serial correlation coefficient is 0.000468 (totally uncorrelated =3D 0.0). This change was tested on a Nexus 5 phone (msm8974 SoC). Signed-off-by: Brian Masney Fixes: ceec5f5b5988 ("crypto: qcom-rng - Add Qcom prng driver") Cc: stable@vger.kernel.org # 4.19+ Reviewed-by: Bjorn Andersson Reviewed-by: Andrew Halaney Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/crypto/qcom-rng.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) --- a/drivers/crypto/qcom-rng.c +++ b/drivers/crypto/qcom-rng.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -42,16 +43,19 @@ static int qcom_rng_read(struct qcom_rng { unsigned int currsize =3D 0; u32 val; + int ret; =20 /* read random data from hardware */ do { - val =3D readl_relaxed(rng->base + PRNG_STATUS); - if (!(val & PRNG_STATUS_DATA_AVAIL)) - break; + ret =3D readl_poll_timeout(rng->base + PRNG_STATUS, val, + val & PRNG_STATUS_DATA_AVAIL, + 200, 10000); + if (ret) + return ret; =20 val =3D readl_relaxed(rng->base + PRNG_DATA_OUT); if (!val) - break; + return -EINVAL; =20 if ((max - currsize) >=3D WORD_SZ) { memcpy(data, &val, WORD_SZ); @@ -60,11 +64,10 @@ static int qcom_rng_read(struct qcom_rng } else { /* copy only remaining bytes */ memcpy(data, &val, max - currsize); - break; } } while (currsize < max); =20 - return currsize; + return 0; } =20 static int qcom_rng_generate(struct crypto_rng *tfm, @@ -86,7 +89,7 @@ static int qcom_rng_generate(struct cryp mutex_unlock(&rng->lock); clk_disable_unprepare(rng->clk); =20 - return 0; + return ret; } =20 static int qcom_rng_seed(struct crypto_rng *tfm, const u8 *seed, From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51792C433EF for ; Mon, 21 Mar 2022 14:01:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348671AbiCUOCk (ORCPT ); Mon, 21 Mar 2022 10:02:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348885AbiCUN6h (ORCPT ); Mon, 21 Mar 2022 09:58:37 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67CB31777D6; Mon, 21 Mar 2022 06:56:42 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 0E6D1B816CE; Mon, 21 Mar 2022 13:56:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3CEB1C340ED; Mon, 21 Mar 2022 13:56:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871000; bh=L3iDTjTDAzuYE7KT7FKragVUvH8KipAdzWbbl09LOjg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GU7kGdajQjRNR8piiH1t/tVg56pR3OcacJ1WeoFSKfSquIvAJq7hL+W5LoP2Na2y2 Mp1K4da8UD99Zj+EdOcwppUBallXlV8rjPBh0xBjwc9PP+tV1Lg4rt7cYSdctE0Axs Dlf9+10D93uCvlTajeLRgLkbd23cpa3l21eklFU8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Joseph Qi , Mark Fasheh , Joel Becker , Junxiao Bi , Changwei Ge , Gang He , Jun Piao , Andrew Morton , Linus Torvalds Subject: [PATCH 4.19 46/57] ocfs2: fix crash when initialize filecheck kobj fails Date: Mon, 21 Mar 2022 14:52:27 +0100 Message-Id: <20220321133223.327033287@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Joseph Qi commit 7b0b1332cfdb94489836b67d088a779699f8e47e upstream. Once s_root is set, genric_shutdown_super() will be called if fill_super() fails. That means, we will call ocfs2_dismount_volume() twice in such case, which can lead to kernel crash. Fix this issue by initializing filecheck kobj before setting s_root. Link: https://lkml.kernel.org/r/20220310081930.86305-1-joseph.qi@linux.alib= aba.com Fixes: 5f483c4abb50 ("ocfs2: add kobject for online file check") Signed-off-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- fs/ocfs2/super.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -1150,17 +1150,6 @@ static int ocfs2_fill_super(struct super goto read_super_error; } =20 - root =3D d_make_root(inode); - if (!root) { - status =3D -ENOMEM; - mlog_errno(status); - goto read_super_error; - } - - sb->s_root =3D root; - - ocfs2_complete_mount_recovery(osb); - osb->osb_dev_kset =3D kset_create_and_add(sb->s_id, NULL, &ocfs2_kset->kobj); if (!osb->osb_dev_kset) { @@ -1178,6 +1167,17 @@ static int ocfs2_fill_super(struct super goto read_super_error; } =20 + root =3D d_make_root(inode); + if (!root) { + status =3D -ENOMEM; + mlog_errno(status); + goto read_super_error; + } + + sb->s_root =3D root; + + ocfs2_complete_mount_recovery(osb); + if (ocfs2_mount_local(osb)) snprintf(nodestr, sizeof(nodestr), "local"); else From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E91CC433EF for ; Mon, 21 Mar 2022 14:01:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345631AbiCUOCr (ORCPT ); Mon, 21 Mar 2022 10:02:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348944AbiCUN6m (ORCPT ); Mon, 21 Mar 2022 09:58:42 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EA04160140; Mon, 21 Mar 2022 06:56:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E664FB81598; Mon, 21 Mar 2022 13:56:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CB84C340F2; Mon, 21 Mar 2022 13:56:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871003; bh=xtTh4I9hVgdpR1VDucgu0Zv5fcwvFPkzhUf7+w9kffs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GGN3zof5/LYJ1j2RBy5QBIRbl87xwjR2jWov0Jx0RusR2qloVPaITVYdIq8sClsIZ 17XXBrsNcgObcDMcepvtcaz5JdZvnLWVbnlmhPw67xel5XyHKt0cfPKrL+No2lcJ+N J6f5X7vpUFCd0UxqhAV4eO5pNASEcM9ANtwcYRZc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Randy Dunlap , Igor Zhbanov , Ard Biesheuvel , linux-efi@vger.kernel.org, Lukas Wunner , Octavian Purdila , "Rafael J. Wysocki" , Matt Fleming , Sasha Levin Subject: [PATCH 4.19 47/57] efi: fix return value of __setup handlers Date: Mon, 21 Mar 2022 14:52:28 +0100 Message-Id: <20220321133223.354570592@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Randy Dunlap [ Upstream commit 9feaf8b387ee0ece9c1d7add308776b502a35d0c ] When "dump_apple_properties" is used on the kernel boot command line, it causes an Unknown parameter message and the string is added to init's argument strings: Unknown kernel command line parameters "dump_apple_properties BOOT_IMAGE=3D/boot/bzImage-517rc6 efivar_ssdt=3Dnewcpu_ssdt", will be passed to user space. Run /sbin/init as init process with arguments: /sbin/init dump_apple_properties with environment: HOME=3D/ TERM=3Dlinux BOOT_IMAGE=3D/boot/bzImage-517rc6 efivar_ssdt=3Dnewcpu_ssdt Similarly when "efivar_ssdt=3Dsomestring" is used, it is added to the Unknown parameter message and to init's environment strings, polluting them (see examples above). Change the return value of the __setup functions to 1 to indicate that the __setup options have been handled. Fixes: 58c5475aba67 ("x86/efi: Retrieve and assign Apple device properties") Fixes: 475fb4e8b2f4 ("efi / ACPI: load SSTDs from EFI variables") Signed-off-by: Randy Dunlap Reported-by: Igor Zhbanov Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru Cc: Ard Biesheuvel Cc: linux-efi@vger.kernel.org Cc: Lukas Wunner Cc: Octavian Purdila Cc: "Rafael J. Wysocki" Cc: Matt Fleming Link: https://lore.kernel.org/r/20220301041851.12459-1-rdunlap@infradead.org Signed-off-by: Ard Biesheuvel Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/firmware/efi/apple-properties.c | 2 +- drivers/firmware/efi/efi.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/apple-properties.c b/drivers/firmware/efi= /apple-properties.c index 60a95719ecb8..726a23d45da4 100644 --- a/drivers/firmware/efi/apple-properties.c +++ b/drivers/firmware/efi/apple-properties.c @@ -34,7 +34,7 @@ static bool dump_properties __initdata; static int __init dump_properties_enable(char *arg) { dump_properties =3D true; - return 0; + return 1; } =20 __setup("dump_apple_properties", dump_properties_enable); diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index a8180f9090fa..7098744f9276 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -245,7 +245,7 @@ static int __init efivar_ssdt_setup(char *str) memcpy(efivar_ssdt, str, strlen(str)); else pr_warn("efivar_ssdt: name too long: %s\n", str); - return 0; + return 1; } __setup("efivar_ssdt=3D", efivar_ssdt_setup); =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0CCEC433F5 for ; Mon, 21 Mar 2022 14:02:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348666AbiCUOCy (ORCPT ); Mon, 21 Mar 2022 10:02:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348946AbiCUN6m (ORCPT ); Mon, 21 Mar 2022 09:58:42 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33A5216E23D; Mon, 21 Mar 2022 06:56:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 12E7E612A1; Mon, 21 Mar 2022 13:56:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D2B6C340ED; Mon, 21 Mar 2022 13:56:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871006; bh=Vlbi/71df3r/y6mBXosrGrz2c6QEq1f6ZrOZeNoJUIg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cmhzH1XGKSq0rbA+WHQYpQsLuI++T9U8uYd6WPmYZ359OJgA/AjFN0PAB9WYzrWlI 5gq/b2PpEwTC4D3nX17Ec3Yx2F88TSLuEn/HUanZ2qFFx8WuCmI8A03uxPsaJrxwec 3MHpXVgnL9HwzvHe7+lccqCve9lknAdbhf13IFmI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , syzbot , Jakub Kicinski , Sasha Levin Subject: [PATCH 4.19 48/57] net/packet: fix slab-out-of-bounds access in packet_recvmsg() Date: Mon, 21 Mar 2022 14:52:29 +0100 Message-Id: <20220321133223.382568013@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Eric Dumazet [ Upstream commit c700525fcc06b05adfea78039de02628af79e07a ] syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[], triggering a too big copy [1] Presumably, users of af_packet using mmap() already gets correct metadata from the mapped buffer, we can simply make sure to clear 12 bytes that might be copied to user space later. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:22= 5 [inline] BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/a= f_packet.c:3489 Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631 CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-023= 96-g0b3660695e80 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Goo= gle 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x39/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:225 [inline] packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_recvmsg net/socket.c:962 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632 ___sys_recvmsg+0x127/0x200 net/socket.c:2674 __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fdfd5954c29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 = 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff f= f 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005 RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60 R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54 addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at o= ffset 32 in frame: ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246 this frame has 1 object: [32, 160) 'addr' Memory state around the buggy address: ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 >ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 ^ ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Fixes: 0fb375fb9b93 ("[AF_PACKET]: Allow for > 8 byte hardware addresses.") Signed-off-by: Eric Dumazet Reported-by: syzbot Link: https://lore.kernel.org/r/20220312232958.3535620-1-eric.dumazet@gmail= .com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/packet/af_packet.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index bd7e8d406c71..d65051959f85 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2246,8 +2246,11 @@ static int tpacket_rcv(struct sk_buff *skb, struct n= et_device *dev, copy_skb =3D skb_get(skb); skb_head =3D skb->data; } - if (copy_skb) + if (copy_skb) { + memset(&PACKET_SKB_CB(copy_skb)->sa.ll, 0, + sizeof(PACKET_SKB_CB(copy_skb)->sa.ll)); skb_set_owner_r(copy_skb, sk); + } } snaplen =3D po->rx_ring.frame_size - macoff; if ((int)snaplen < 0) { @@ -3406,6 +3409,8 @@ static int packet_recvmsg(struct socket *sock, struct= msghdr *msg, size_t len, sock_recv_ts_and_drops(msg, sk, skb); =20 if (msg->msg_name) { + const size_t max_len =3D min(sizeof(skb->cb), + sizeof(struct sockaddr_storage)); int copy_len; =20 /* If the address length field is there to be filled @@ -3428,6 +3433,10 @@ static int packet_recvmsg(struct socket *sock, struc= t msghdr *msg, size_t len, msg->msg_namelen =3D sizeof(struct sockaddr_ll); } } + if (WARN_ON_ONCE(copy_len > max_len)) { + copy_len =3D max_len; + msg->msg_namelen =3D copy_len; + } memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len); } =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7462BC433EF for ; Mon, 21 Mar 2022 14:05:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349000AbiCUOGt (ORCPT ); Mon, 21 Mar 2022 10:06:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348968AbiCUN6o (ORCPT ); Mon, 21 Mar 2022 09:58:44 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 820C116068F; Mon, 21 Mar 2022 06:56:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A98C2B81674; Mon, 21 Mar 2022 13:56:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 05612C340ED; Mon, 21 Mar 2022 13:56:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871009; bh=R1mmyF3W66JcYlAvZpdgAFCo4BLEqOwTQIP0aFl0cmw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xAmYFkcXoedm4ZPHPRPDMZDyAIFxbh959xhdPylZZ3r72dJ3EmEINi3wbcJx6WpaK d81U9rGf0n+iqLxBegjBpeY2zpKQVLnHFPSs79D5kDmiLA8dEs4OiQRO9CqWEC16OT My5DRnbl0gYXyxXPJhqRnII2gXL9DK3wrnjLmS3E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jiasheng Jiang , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 49/57] atm: eni: Add check for dma_map_single Date: Mon, 21 Mar 2022 14:52:30 +0100 Message-Id: <20220321133223.409660032@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jiasheng Jiang [ Upstream commit 0f74b29a4f53627376cf5a5fb7b0b3fa748a0b2b ] As the potential failure of the dma_map_single(), it should be better to check it and return error if fails. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jiasheng Jiang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/atm/eni.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c index 1409d48affb7..f256aeeac1b3 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -1114,6 +1114,8 @@ DPRINTK("iovcnt =3D %d\n",skb_shinfo(skb)->nr_frags); } paddr =3D dma_map_single(&eni_dev->pci_dev->dev,skb->data,skb->len, DMA_TO_DEVICE); + if (dma_mapping_error(&eni_dev->pci_dev->dev, paddr)) + return enq_next; ENI_PRV_PADDR(skb) =3D paddr; /* prepare DMA queue entries */ j =3D 0; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CE94C433F5 for ; Mon, 21 Mar 2022 14:05:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348989AbiCUOGo (ORCPT ); Mon, 21 Mar 2022 10:06:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348973AbiCUN6p (ORCPT ); Mon, 21 Mar 2022 09:58:45 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A4BF1717A9; Mon, 21 Mar 2022 06:56:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id CED88B816D2; Mon, 21 Mar 2022 13:56:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8BD0C340E8; Mon, 21 Mar 2022 13:56:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871012; bh=rTpAFxWKjUXl+FS6u1hAIHGN6xs3GKhIshiVpQ53tVk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Irc7t7SrXzQ0UNxCyDTNR1BQSkhPNXjy3IbFiqrI2NzqfDOboxVERMh1wCgQEUnGG rWbCA9JWLFmZrWADrWfqJYeF8z/NCkv9NDDLKo8BA9UaUrMjXbctUBIn6QMYJxk1PF eKK6F83G0WDTV7fjKHWHHqPQf29xOzYgifj7InGM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jiasheng Jiang , Jakub Kicinski , Sasha Levin Subject: [PATCH 4.19 50/57] hv_netvsc: Add check for kvmalloc_array Date: Mon, 21 Mar 2022 14:52:31 +0100 Message-Id: <20220321133223.437365137@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jiasheng Jiang [ Upstream commit 886e44c9298a6b428ae046e2fa092ca52e822e6a ] As the potential failure of the kvmalloc_array(), it should be better to check and restore the 'data' if fails in order to avoid the dereference of the NULL pointer. Fixes: 6ae746711263 ("hv_netvsc: Add per-cpu ethtool stats for netvsc") Signed-off-by: Jiasheng Jiang Link: https://lore.kernel.org/r/20220314020125.2365084-1-jiasheng@iscas.ac.= cn Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/net/hyperv/netvsc_drv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_dr= v.c index 2dff0e110c6f..f094e4bc2175 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -1454,6 +1454,9 @@ static void netvsc_get_ethtool_stats(struct net_devic= e *dev, pcpu_sum =3D kvmalloc_array(num_possible_cpus(), sizeof(struct netvsc_ethtool_pcpu_stats), GFP_KERNEL); + if (!pcpu_sum) + return; + netvsc_get_pcpu_stats(dev, pcpu_sum); for_each_present_cpu(cpu) { struct netvsc_ethtool_pcpu_stats *this_sum =3D &pcpu_sum[cpu]; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FE38C433FE for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348942AbiCUODM (ORCPT ); Mon, 21 Mar 2022 10:03:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348995AbiCUN6r (ORCPT ); Mon, 21 Mar 2022 09:58:47 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 263BE17336B; Mon, 21 Mar 2022 06:56:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B8780611CF; Mon, 21 Mar 2022 13:56:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A4657C340E8; Mon, 21 Mar 2022 13:56:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871018; bh=9JTt34aHZeSuDuvlZZThhxWsuMi1zHKindJey8xLQd8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ITXrwND0OqGfPFPonDBnQJIO3dhsxN/z6PZ/qQGjnKt0iwUf7iGTlI1ITddNXXjrQ YzpClG6vwfnptVYg+JPXhBQZWGcABfzbMyGGHh2v7V8TcQItJNGAMBvLaep4XOzZL1 9sXFgV7zVWxWxgoKmlXsrY+nO7uDgc7bpQ4km5oM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Marek Vasut , Christoph Fritz , Laurent Pinchart , Maxime Ripard , Sam Ravnborg , Thomas Zimmermann , Laurent Pinchart , Maarten Lankhorst , Sasha Levin Subject: [PATCH 4.19 51/57] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings Date: Mon, 21 Mar 2022 14:52:32 +0100 Message-Id: <20220321133223.465843785@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Marek Vasut [ Upstream commit fc1b6ef7bfb3d1d4df868b1c3e0480cacda6cd81 ] The Innolux G070Y2-L01 supports two modes of operation: 1) FRC=3DLow/NC ... MEDIA_BUS_FMT_RGB666_1X7X3_SPWG ... BPP=3D6 2) FRC=3DHigh ..... MEDIA_BUS_FMT_RGB888_1X7X4_SPWG ... BPP=3D8 Currently the panel description mixes both, BPP from 1) and bus format from 2), which triggers a warning at panel-simple.c:615. Pick the later, set bpp=3D8, fix the warning. Fixes: a5d2ade627dca ("drm/panel: simple: Add support for Innolux G070Y2-L0= 1") Signed-off-by: Marek Vasut Cc: Christoph Fritz Cc: Laurent Pinchart Cc: Maxime Ripard Cc: Sam Ravnborg Cc: Thomas Zimmermann Reviewed-by: Laurent Pinchart Link: https://patchwork.freedesktop.org/patch/msgid/20220220040718.532866-1= -marex@denx.de Signed-off-by: Maarten Lankhorst Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/gpu/drm/panel/panel-simple.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/p= anel-simple.c index 8814aa38c5e7..a424afdcc77a 100644 --- a/drivers/gpu/drm/panel/panel-simple.c +++ b/drivers/gpu/drm/panel/panel-simple.c @@ -1244,7 +1244,7 @@ static const struct display_timing innolux_g070y2_l01= _timing =3D { static const struct panel_desc innolux_g070y2_l01 =3D { .timings =3D &innolux_g070y2_l01_timing, .num_timings =3D 1, - .bpc =3D 6, + .bpc =3D 8, .size =3D { .width =3D 152, .height =3D 91, --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81FADC433EF for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348891AbiCUODI (ORCPT ); Mon, 21 Mar 2022 10:03:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348999AbiCUN6r (ORCPT ); Mon, 21 Mar 2022 09:58:47 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72B79173F52; Mon, 21 Mar 2022 06:57:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1693BB816CA; Mon, 21 Mar 2022 13:57:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7F01EC340E8; Mon, 21 Mar 2022 13:57:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871020; bh=FYpFfcMKB0U9h+drkG6si0gEshcqAsYe4UtPcLV7Jk0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VX4ArVebMAmxbTzXuWJareCZzT5oMFkwKtbfcXyl/NEZtHbs5YBYtQc2jZq4n26uh 2vRsMLq+vKJGyWl1Z7ma2Chqs365qdei1C0BsJs3Rnw7BQZVTQRkJniTcCURz58jnG wk4Bn74FuPfnZt/jcSgnqVLvb1XJWc99wFOnXlcs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nicolas Dichtel , Jakub Kicinski , Sasha Levin Subject: [PATCH 4.19 52/57] net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() Date: Mon, 21 Mar 2022 14:52:33 +0100 Message-Id: <20220321133223.493213592@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Nicolas Dichtel [ Upstream commit 4ee06de7729d795773145692e246a06448b1eb7a ] This kind of interface doesn't have a mac header. This patch fixes bpf_redirect() to a PIM interface. Fixes: 27b29f63058d ("bpf: add bpf_redirect() helper") Signed-off-by: Nicolas Dichtel Link: https://lore.kernel.org/r/20220315092008.31423-1-nicolas.dichtel@6win= d.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- include/linux/if_arp.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/if_arp.h b/include/linux/if_arp.h index e44746de95cd..c697a0524273 100644 --- a/include/linux/if_arp.h +++ b/include/linux/if_arp.h @@ -55,6 +55,7 @@ static inline bool dev_is_mac_header_xmit(const struct ne= t_device *dev) case ARPHRD_VOID: case ARPHRD_NONE: case ARPHRD_RAWIP: + case ARPHRD_PIMREG: return false; default: return true; --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C9E6C433F5 for ; Mon, 21 Mar 2022 14:05:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349017AbiCUOGx (ORCPT ); Mon, 21 Mar 2022 10:06:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349009AbiCUN6r (ORCPT ); Mon, 21 Mar 2022 09:58:47 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3DA2173F72; Mon, 21 Mar 2022 06:57:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 358A06125C; Mon, 21 Mar 2022 13:57:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4D906C340E8; Mon, 21 Mar 2022 13:57:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871023; bh=4eqieXDYNFS9cksTph0yiFqzYytb0whZ/l9AHeJgR9c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MpEpNejE/dPBPxMABLXK+LBFoP6iFQjQvjM/TPao+YMzigy+KxfZP8tBEWLetRUcF o9Ob3jXm+eFhnEg2aKXBqw9+c9vag5bX48n5Uqpkx69K1kRz96cT0lw6dyoE6AdZdt EIuNr7wUkNDJpFxbTAe5G3YnDEllzm7coGaEnDt4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Miaoqian Lin , Paolo Abeni , Sasha Levin Subject: [PATCH 4.19 53/57] net: dsa: Add missing of_node_put() in dsa_port_parse_of Date: Mon, 21 Mar 2022 14:52:34 +0100 Message-Id: <20220321133223.520348360@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Miaoqian Lin [ Upstream commit cb0b430b4e3acc88c85e0ad2e25f2a25a5765262 ] The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. Fixes: 6d4e5c570c2d ("net: dsa: get port type at parse time") Signed-off-by: Miaoqian Lin Link: https://lore.kernel.org/r/20220316082602.10785-1-linmq006@gmail.com Signed-off-by: Paolo Abeni Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- net/dsa/dsa2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c index 7c10bc4dacd3..05aadb25e294 100644 --- a/net/dsa/dsa2.c +++ b/net/dsa/dsa2.c @@ -596,6 +596,7 @@ static int dsa_port_parse_of(struct dsa_port *dp, struc= t device_node *dn) struct net_device *master; =20 master =3D of_find_net_device_by_node(ethernet); + of_node_put(ethernet); if (!master) return -EPROBE_DEFER; =20 --=20 2.34.1 From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C5BDC4167E for ; Mon, 21 Mar 2022 14:02:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349015AbiCUODP (ORCPT ); Mon, 21 Mar 2022 10:03:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349041AbiCUN6t (ORCPT ); Mon, 21 Mar 2022 09:58:49 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF5D91777F8; Mon, 21 Mar 2022 06:57:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9B1DBB81674; Mon, 21 Mar 2022 13:57:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15CF4C340F2; Mon, 21 Mar 2022 13:57:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871026; bh=JBwT2FpWuW+DXrzrhNxMCQ2pX1GZUCBphhPILV5OTbU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DFngkhzieF3ZQp/I5AMKG/rBhmzQC8G18SEAgLfv2z9CRALApJfQ3J6zelaGhC/tS U+4qmITblVukjv5B0bwgUEjIz/mLtF6tf4ZbQvdSVp3SfMiwl/qBlbW/BhfW6pBcz6 Q5l1Q7HNs21mT7aCQbSu5D1ugCUMo8cPPDNGRzPw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Dan Carpenter Subject: [PATCH 4.19 54/57] usb: gadget: rndis: prevent integer overflow in rndis_set_response() Date: Mon, 21 Mar 2022 14:52:35 +0100 Message-Id: <20220321133223.547619657@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Dan Carpenter commit 65f3324f4b6fed78b8761c3b74615ecf0ffa81fa upstream. If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow. Cc: stable@kernel.org Fixes: 38ea1eac7d88 ("usb: gadget: rndis: check size of RNDIS_MSG_SET comma= nd") Signed-off-by: Dan Carpenter Link: https://lore.kernel.org/r/20220301080424.GA17208@kili Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/usb/gadget/function/rndis.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/usb/gadget/function/rndis.c +++ b/drivers/usb/gadget/function/rndis.c @@ -640,6 +640,7 @@ static int rndis_set_response(struct rnd BufLength =3D le32_to_cpu(buf->InformationBufferLength); BufOffset =3D le32_to_cpu(buf->InformationBufferOffset); if ((BufLength > RNDIS_MAX_TOTAL_SIZE) || + (BufOffset > RNDIS_MAX_TOTAL_SIZE) || (BufOffset + 8 >=3D RNDIS_MAX_TOTAL_SIZE)) return -EINVAL; From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1DD3C43217 for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349220AbiCUODc (ORCPT ); Mon, 21 Mar 2022 10:03:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349048AbiCUN6u (ORCPT ); Mon, 21 Mar 2022 09:58:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64117174B8D; Mon, 21 Mar 2022 06:57:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EED8D611D5; Mon, 21 Mar 2022 13:57:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0653BC340E8; Mon, 21 Mar 2022 13:57:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871029; bh=hEnXSXsF12xuYbzJLH4q7s0j+f4DoWhrVmOI/kJV8so=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aKSUCc7kqHxKZgExH6CsyFVQ1k6GhcBmmlh6bha6A4JzfYy7FpOePvXl+dxgHFISO Ad54jY9qMdCArU1ljQQwL13H4kwKHS/39ey63/GI8C+s/Cc4dTtFToP4iu5zgql2C5 RG1SZa09ib3LcHkEmNpUgKMweuEsicceQo72hugY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alan Stern , syzbot+348b571beb5eeb70a582@syzkaller.appspotmail.com Subject: [PATCH 4.19 55/57] usb: gadget: Fix use-after-free bug by not setting udc->dev.driver Date: Mon, 21 Mar 2022 14:52:36 +0100 Message-Id: <20220321133223.575783577@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Alan Stern commit 16b1941eac2bd499f065a6739a40ce0011a3d740 upstream. The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:23= 20 Read of size 8 at addr ffff88802b934098 by task udevd/3689 CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b7= 42eb2b #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 dev_uevent+0x712/0x780 drivers/base/core.c:2320 uevent_show+0x1b8/0x380 drivers/base/core.c:2391 dev_attr_show+0x4b/0x90 drivers/base/core.c:2094 Although the bug manifested in the driver core, the real cause was a race with the gadget core. dev_uevent() does: if (dev->driver) add_uevent_var(env, "DRIVER=3D%s", dev->driver->name); and between the test and the dereference of dev->driver, the gadget core sets dev->driver to NULL. The race wouldn't occur if the gadget core registered its devices on a real bus, using the standard synchronization techniques of the driver core. However, it's not necessary to make such a large change in order to fix this bug; all we need to do is make sure that udc->dev.driver is always NULL. In fact, there is no reason for udc->dev.driver ever to be set to anything, let alone to the value it currently gets: the address of the gadget's driver. After all, a gadget driver only knows how to manage a gadget, not how to manage a UDC. This patch simply removes the statements in the gadget core that touch udc->dev.driver. Fixes: 2ccea03a8f7e ("usb: gadget: introduce UDC Class") CC: Reported-and-tested-by: syzbot+348b571beb5eeb70a582@syzkaller.appspotmail.c= om Signed-off-by: Alan Stern Link: https://lore.kernel.org/r/YiQgukfFFbBnwJ/9@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/usb/gadget/udc/core.c | 3 --- 1 file changed, 3 deletions(-) --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1297,7 +1297,6 @@ static void usb_gadget_remove_driver(str usb_gadget_udc_stop(udc); =20 udc->driver =3D NULL; - udc->dev.driver =3D NULL; udc->gadget->dev.driver =3D NULL; } =20 @@ -1346,7 +1345,6 @@ static int udc_bind_to_driver(struct usb driver->function); =20 udc->driver =3D driver; - udc->dev.driver =3D &driver->driver; udc->gadget->dev.driver =3D &driver->driver; =20 usb_gadget_udc_set_speed(udc, driver->max_speed); @@ -1368,7 +1366,6 @@ err1: dev_err(&udc->dev, "failed to start %s: %d\n", udc->driver->function, ret); udc->driver =3D NULL; - udc->dev.driver =3D NULL; udc->gadget->dev.driver =3D NULL; return ret; } From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE644C4332F for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349083AbiCUODT (ORCPT ); Mon, 21 Mar 2022 10:03:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349053AbiCUN6u (ORCPT ); Mon, 21 Mar 2022 09:58:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EE114C420; Mon, 21 Mar 2022 06:57:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BF708611D5; Mon, 21 Mar 2022 13:57:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D345AC340E8; Mon, 21 Mar 2022 13:57:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871032; bh=6bMyHUGse5xr9hy/8HpOJoLVzlqHAA1nWa58gZ/xo00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n2FkUxln0CMt0dPqA2iyG02qVirNytc3RrREgjNdalAaHf26FkeYcD01+LemJx8QU Rign1qqciwBHyvjAvL61KSLz2hf3YbJulS/Ik1yuFXe3mgNlX4sedpT1tDuZbTJg6h 5jTv+e4BgIRlpiLOCNL2yZCrXjhHlI4qN+qp2qF0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Skripkin , Dmitry Torokhov , syzbot+75cccf2b7da87fb6f84b@syzkaller.appspotmail.com Subject: [PATCH 4.19 56/57] Input: aiptek - properly check endpoint type Date: Mon, 21 Mar 2022 14:52:37 +0100 Message-Id: <20220321133223.604010519@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Pavel Skripkin commit 5600f6986628dde8881734090588474f54a540a8 upstream. Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old desc.bNumEndpoints check with usb_find_common_endpoints() helper for finding endpoints Fail log: usb 5-1: BOGUS urb xfer, pipe 1 !=3D type 3 WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/= 0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07= ebd38a0da2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Workqueue: usb_hub_wq hub_event ... Call Trace: aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830 input_open_device+0x1bb/0x320 drivers/input/input.c:629 kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593 Fixes: 8e20cf2bce12 ("Input: aiptek - fix crash on detecting device without= endpoints") Reported-and-tested-by: syzbot+75cccf2b7da87fb6f84b@syzkaller.appspotmail.c= om Signed-off-by: Pavel Skripkin Link: https://lore.kernel.org/r/20220308194328.26220-1-paskripkin@gmail.com Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- drivers/input/tablet/aiptek.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/drivers/input/tablet/aiptek.c +++ b/drivers/input/tablet/aiptek.c @@ -1814,15 +1814,13 @@ aiptek_probe(struct usb_interface *intf, input_set_abs_params(inputdev, ABS_TILT_Y, AIPTEK_TILT_MIN, AIPTEK_TILT_M= AX, 0, 0); input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_= MAX - 1, 0, 0); =20 - /* Verify that a device really has an endpoint */ - if (intf->cur_altsetting->desc.bNumEndpoints < 1) { + err =3D usb_find_common_endpoints(intf->cur_altsetting, + NULL, NULL, &endpoint, NULL); + if (err) { dev_err(&intf->dev, - "interface has %d endpoints, but must have minimum 1\n", - intf->cur_altsetting->desc.bNumEndpoints); - err =3D -EINVAL; + "interface has no int in endpoints, but must have minimum 1\n"); goto fail3; } - endpoint =3D &intf->cur_altsetting->endpoint[0].desc; =20 /* Go set up our URB, which is called when the tablet receives * input. From nobody Mon Jun 22 15:38:41 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD3DCC43219 for ; Mon, 21 Mar 2022 14:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349159AbiCUOD0 (ORCPT ); Mon, 21 Mar 2022 10:03:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349052AbiCUN6u (ORCPT ); Mon, 21 Mar 2022 09:58:50 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B52671697B4; Mon, 21 Mar 2022 06:57:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5437EB81674; Mon, 21 Mar 2022 13:57:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90165C340E8; Mon, 21 Mar 2022 13:57:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1647871034; bh=mfCp1mtz3uOt21T0deEAqDDBiGLGy+OX7/+Z896l5P4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E4JrmtfbnDVywKLg4cDnpdqAVHdMiAPZUDxiLB9mzoo+BjQoimn5AQ+ziCKmYhCYO riaWRZu/ZaSN1dt8/HQcJpNK1ZAmETcmuhQtRjHRQdVtmedRIfeWlep9ZZ4529NFk3 toegV0kuO1uLr4b20ovBF9Gib0lzsmsYKjbUCKn4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Michael Petlan , Athira Jajeev , Jiri Olsa , Kajol Jain , Madhavan Srinivasan , Arnaldo Carvalho de Melo Subject: [PATCH 4.19 57/57] perf symbols: Fix symbol size calculation condition Date: Mon, 21 Mar 2022 14:52:38 +0100 Message-Id: <20220321133223.631843972@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220321133221.984120927@linuxfoundation.org> References: <20220321133221.984120927@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Michael Petlan commit 3cf6a32f3f2a45944dd5be5c6ac4deb46bcd3bee upstream. Before this patch, the symbol end address fixup to be called, needed two conditions being met: if (prev->end =3D=3D prev->start && prev->end !=3D curr->start) Where "prev->end =3D=3D prev->start" means that prev is zero-long (and thus needs a fixup) and "prev->end !=3D curr->start" means that fixup hasn't been applied yet However, this logic is incorrect in the following situation: *curr =3D {rb_node =3D {__rb_parent_color =3D 278218928, rb_right =3D 0x0, rb_left =3D 0x0}, start =3D 0xc000000000062354, end =3D 0xc000000000062354, namelen =3D 40, type =3D 2 '\002', binding =3D 0 '\000', idle =3D 0 '\000', ignore =3D 0 '\000', inlined =3D 0 '\000', arch_sym =3D 0 '\000', annotate2 =3D false, name =3D 0x1159739e "kprobe_optinsn_page\t[__builtin__kprobes]"} *prev =3D {rb_node =3D {__rb_parent_color =3D 278219041, rb_right =3D 0x109548b0, rb_left =3D 0x109547c0}, start =3D 0xc000000000062354, end =3D 0xc000000000062354, namelen =3D 12, type =3D 2 '\002', binding =3D 1 '\001', idle =3D 0 '\000', ignore =3D 0 '\000', inlined =3D 0 '\000', arch_sym =3D 0 '\000', annotate2 =3D false, name =3D 0x1095486e "optinsn_slot"} In this case, prev->start =3D=3D prev->end =3D=3D curr->start =3D=3D curr->= end, thus the condition above thinks that "we need a fixup due to zero length of prev symbol, but it has been probably done, since the prev->end =3D=3D curr->start", which is wrong. After the patch, the execution path proceeds to arch__symbols__fixup_end function which fixes up the size of prev symbol by adding page_size to its end offset. Fixes: 3b01a413c196c910 ("perf symbols: Improve kallsyms symbol end addr ca= lculation") Signed-off-by: Michael Petlan Cc: Athira Jajeev Cc: Jiri Olsa Cc: Kajol Jain Cc: Madhavan Srinivasan Link: http://lore.kernel.org/lkml/20220317135536.805-1-mpetlan@redhat.com Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Pavel Machek (CIP) Tested-by: Shuah Khan --- tools/perf/util/symbol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -217,7 +217,7 @@ void symbols__fixup_end(struct rb_root * prev =3D curr; curr =3D rb_entry(nd, struct symbol, rb_node); =20 - if (prev->end =3D=3D prev->start && prev->end !=3D curr->start) + if (prev->end =3D=3D prev->start || prev->end !=3D curr->start) arch__symbols__fixup_end(prev, curr); }