From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D296EC0F3 for ; Fri, 11 Aug 2023 18:02:48 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BB626F14A for ; Fri, 11 Aug 2023 18:02:48 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 11 Aug 2023 18:02:45 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CFE8E46167 for ; Fri, 11 Aug 2023 18:02:44 +0200 (CEST) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Date: Fri, 11 Aug 2023 18:02:32 +0200 Message-Id: <20230811160233.478364-2-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230811160233.478364-1-s.ivanov@proxmox.com> References: <20230811160233.478364-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.486 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_ASCII_DIVIDERS 0.8 Email that uses ascii formatting dividers and possible spam tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish PROLO_LEO1 0.1 Meta Catches all Leo drug variations so far SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record X-Mailman-Approved-At: Fri, 11 Aug 2023 18:03:02 +0200 Subject: [pve-devel] [PATCH pve-kernel 1/2] add fixes for downfall X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2023 16:02:48 -0000 by cherry-picking the relevant commits from launchpad/lunar [0]. (relevant commits are based on k.o/stable commits for this) minimally tested by booting my (ryzen) machine with this kernel and skimming through dmesg after boot. [0] git://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/lunar Signed-off-by: Stoiko Ivanov --- ...-init-Provide-arch_cpu_finalize_init.patch | 85 +++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 235 +++++++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 82 +++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 89 +++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 108 ++++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 217 +++++++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 80 +++ ...cpu-Switch-to-arch_cpu_finalize_init.patch | 75 +++ ...022-init-Remove-check_bugs-leftovers.patch | 172 +++++ ...nvoke-arch_cpu_finalize_init-earlier.patch | 64 ++ ...m_encrypt_init-into-arch_cpu_finaliz.patch | 121 ++++ ...it-Initialize-signal-frame-size-late.patch | 81 +++ ...cpuinfo-argument-from-init-functions.patch | 76 +++ ...7-x86-fpu-Mark-init-functions-__init.patch | 44 ++ ...-initialization-into-arch_cpu_finali.patch | 80 +++ ...-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch | 69 ++ ...ondary-processors-FPU-initialization.patch | 42 ++ ...-Add-Gather-Data-Sampling-mitigation.patch | 595 ++++++++++++++++++ ...n-Add-force-option-to-GDS-mitigation.patch | 172 +++++ ...eculation-Add-Kconfig-option-for-GDS.patch | 75 +++ .../0034-KVM-Add-GDS_NO-support-to-KVM.patch | 85 +++ ...6-Fix-backwards-on-off-logic-about-Y.patch | 38 ++ 23 files changed, 2765 insertions(+) create mode 100644 patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch create mode 100644 patches/kernel/0022-init-Remove-check_bugs-leftovers.patch create mode 100644 patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch create mode 100644 patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch create mode 100644 patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch create mode 100644 patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch create mode 100644 patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch create mode 100644 patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch create mode 100644 patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch create mode 100644 patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch create mode 100644 patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch create mode 100644 patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch create mode 100644 patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch create mode 100644 patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch create mode 100644 patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch diff --git a/patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch b/patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..440a7a039576 --- /dev/null +++ b/patches/kernel/0013-init-Provide-arch_cpu_finalize_init.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:22 +0200 +Subject: [PATCH] init: Provide arch_cpu_finalize_init() + +check_bugs() has become a dumping ground for all sorts of activities to +finalize the CPU initialization before running the rest of the init code. + +Most are empty, a few do actual bug checks, some do alternative patching +and some cobble a CPU advertisement string together.... + +Aside of that the current implementation requires duplicated function +declaration and mostly empty header files for them. + +Provide a new function arch_cpu_finalize_init(). Provide a generic +declaration if CONFIG_ARCH_HAS_CPU_FINALIZE_INIT is selected and a stub +inline otherwise. + +This requires a temporary #ifdef in start_kernel() which will be removed +along with check_bugs() once the architectures are converted over. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224544.957805717@linutronix.de + +(cherry picked from commit 7725acaa4f0c04fbefb0e0d342635b967bb7d414) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit c765faa80041002c513c6b356826e11cb78308b3) +Signed-off-by: Stoiko Ivanov +--- + arch/Kconfig | 3 +++ + include/linux/cpu.h | 6 ++++++ + init/main.c | 4 ++++ + 3 files changed, 13 insertions(+) + +diff --git a/arch/Kconfig b/arch/Kconfig +index 12e3ddabac9d..9a75f8457283 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -285,6 +285,9 @@ config ARCH_HAS_DMA_SET_UNCACHED + config ARCH_HAS_DMA_CLEAR_UNCACHED + bool + ++config ARCH_HAS_CPU_FINALIZE_INIT ++ bool ++ + # Select if arch init_task must go in the __init_task_data section + config ARCH_TASK_STRUCT_ON_STACK + bool +diff --git a/include/linux/cpu.h b/include/linux/cpu.h +index 314802f98b9d..43b0b7950e33 100644 +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -187,6 +187,12 @@ void arch_cpu_idle_enter(void); + void arch_cpu_idle_exit(void); + void arch_cpu_idle_dead(void); + ++#ifdef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT ++void arch_cpu_finalize_init(void); ++#else ++static inline void arch_cpu_finalize_init(void) { } ++#endif ++ + int cpu_report_state(int cpu); + int cpu_check_up_prepare(int cpu); + void cpu_set_state_online(int cpu); +diff --git a/init/main.c b/init/main.c +index e1c3911d7c70..e39055c8698f 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -1138,7 +1138,11 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) + taskstats_init_early(); + delayacct_init(); + ++ arch_cpu_finalize_init(); ++ /* Temporary conditional until everything has been converted */ ++#ifndef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT + check_bugs(); ++#endif + + acpi_subsystem_init(); + arch_post_acpi_subsys_init(); diff --git a/patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..73b297ed794a --- /dev/null +++ b/patches/kernel/0014-x86-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,235 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:24 +0200 +Subject: [PATCH] x86/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is a dumping ground for finalizing the CPU bringup. Only parts of +it has to do with actual CPU bugs. + +Split it apart into arch_cpu_finalize_init() and cpu_select_mitigations(). + +Fixup the bogus 32bit comments while at it. + +No functional change. + +Signed-off-by: Thomas Gleixner +Reviewed-by: Borislav Petkov (AMD) +Link: https://lore.kernel.org/r/20230613224545.019583869@linutronix.de + +(cherry picked from commit 7c7077a72674402654f3291354720cd73cdf649e) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit d839524be6ba339640b7729353ff14156fad42a7) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/Kconfig | 1 + + arch/x86/include/asm/bugs.h | 2 -- + arch/x86/kernel/cpu/bugs.c | 51 +--------------------------------- + arch/x86/kernel/cpu/common.c | 53 ++++++++++++++++++++++++++++++++++++ + arch/x86/kernel/cpu/cpu.h | 1 + + 5 files changed, 56 insertions(+), 52 deletions(-) + +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index df9e15bcf6d1..598a303819da 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -70,6 +70,7 @@ config X86 + select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI + select ARCH_HAS_CACHE_LINE_SIZE + select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION ++ select ARCH_HAS_CPU_FINALIZE_INIT + select ARCH_HAS_CURRENT_STACK_POINTER + select ARCH_HAS_DEBUG_VIRTUAL + select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE +diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h +index 92ae28389940..f25ca2d709d4 100644 +--- a/arch/x86/include/asm/bugs.h ++++ b/arch/x86/include/asm/bugs.h +@@ -4,8 +4,6 @@ + + #include + +-extern void check_bugs(void); +- + #if defined(CONFIG_CPU_SUP_INTEL) && defined(CONFIG_X86_32) + int ppro_with_ram_bug(void); + #else +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index daad10e7665b..edb670b77294 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -9,7 +9,6 @@ + * - Andrew D. Balsa (code cleanup). + */ + #include +-#include + #include + #include + #include +@@ -27,8 +26,6 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include +@@ -124,21 +121,8 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); + DEFINE_STATIC_KEY_FALSE(mmio_stale_data_clear); + EXPORT_SYMBOL_GPL(mmio_stale_data_clear); + +-void __init check_bugs(void) ++void __init cpu_select_mitigations(void) + { +- identify_boot_cpu(); +- +- /* +- * identify_boot_cpu() initialized SMT support information, let the +- * core code know. +- */ +- cpu_smt_check_topology(); +- +- if (!IS_ENABLED(CONFIG_SMP)) { +- pr_info("CPU: "); +- print_cpu_info(&boot_cpu_data); +- } +- + /* + * Read the SPEC_CTRL MSR to account for reserved bits which may + * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD +@@ -175,39 +159,6 @@ void __init check_bugs(void) + md_clear_select_mitigation(); + srbds_select_mitigation(); + l1d_flush_select_mitigation(); +- +- arch_smt_update(); +- +-#ifdef CONFIG_X86_32 +- /* +- * Check whether we are able to run this kernel safely on SMP. +- * +- * - i386 is no longer supported. +- * - In order to run on anything without a TSC, we need to be +- * compiled for a i486. +- */ +- if (boot_cpu_data.x86 < 4) +- panic("Kernel requires i486+ for 'invlpg' and other features"); +- +- init_utsname()->machine[1] = +- '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86); +- alternative_instructions(); +- +- fpu__init_check_bugs(); +-#else /* CONFIG_X86_64 */ +- alternative_instructions(); +- +- /* +- * Make sure the first 2MB area is not mapped by huge pages +- * There are typically fixed size MTRRs in there and overlapping +- * MTRRs into large pages causes slow downs. +- * +- * Right now we don't do that with gbpages because there seems +- * very little benefit for that case. +- */ +- if (!direct_gbpages) +- set_memory_4k((unsigned long)__va(0), 1); +-#endif + } + + /* +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 2ac8ceae0ed1..0f32ecfbdeb1 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -19,11 +19,14 @@ + #include + #include + #include ++#include + #include + #include + #include + #include ++#include + ++#include + #include + #include + #include +@@ -59,6 +62,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -2360,3 +2364,52 @@ void arch_smt_update(void) + /* Check whether IPI broadcasting can be enabled */ + apic_smt_update(); + } ++ ++void __init arch_cpu_finalize_init(void) ++{ ++ identify_boot_cpu(); ++ ++ /* ++ * identify_boot_cpu() initialized SMT support information, let the ++ * core code know. ++ */ ++ cpu_smt_check_topology(); ++ ++ if (!IS_ENABLED(CONFIG_SMP)) { ++ pr_info("CPU: "); ++ print_cpu_info(&boot_cpu_data); ++ } ++ ++ cpu_select_mitigations(); ++ ++ arch_smt_update(); ++ ++ if (IS_ENABLED(CONFIG_X86_32)) { ++ /* ++ * Check whether this is a real i386 which is not longer ++ * supported and fixup the utsname. ++ */ ++ if (boot_cpu_data.x86 < 4) ++ panic("Kernel requires i486+ for 'invlpg' and other features"); ++ ++ init_utsname()->machine[1] = ++ '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86); ++ } ++ ++ alternative_instructions(); ++ ++ if (IS_ENABLED(CONFIG_X86_64)) { ++ /* ++ * Make sure the first 2MB area is not mapped by huge pages ++ * There are typically fixed size MTRRs in there and overlapping ++ * MTRRs into large pages causes slow downs. ++ * ++ * Right now we don't do that with gbpages because there seems ++ * very little benefit for that case. ++ */ ++ if (!direct_gbpages) ++ set_memory_4k((unsigned long)__va(0), 1); ++ } else { ++ fpu__init_check_bugs(); ++ } ++} +diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h +index 7c9b5893c30a..61dbb9b216e6 100644 +--- a/arch/x86/kernel/cpu/cpu.h ++++ b/arch/x86/kernel/cpu/cpu.h +@@ -79,6 +79,7 @@ extern void detect_ht(struct cpuinfo_x86 *c); + extern void check_null_seg_clears_base(struct cpuinfo_x86 *c); + + unsigned int aperfmperf_get_khz(int cpu); ++void cpu_select_mitigations(void); + + extern void x86_spec_ctrl_setup_ap(void); + extern void update_srbds_msr(void); diff --git a/patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..af8936213f49 --- /dev/null +++ b/patches/kernel/0015-ARM-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:25 +0200 +Subject: [PATCH] ARM: cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.078124882@linutronix.de + +(cherry picked from commit ee31bb0524a2e7c99b03f50249a411cc1eaa411f) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 57b198863efe8ec2e2c898f8f3d501734c18afb7) +Signed-off-by: Stoiko Ivanov +--- + arch/arm/Kconfig | 1 + + arch/arm/include/asm/bugs.h | 4 ---- + arch/arm/kernel/bugs.c | 3 ++- + 3 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index 1938a2a957bc..eac5314702b0 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -5,6 +5,7 @@ config ARM + select ARCH_32BIT_OFF_T + select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE if HAVE_KRETPROBES && FRAME_POINTER && !ARM_UNWIND + select ARCH_HAS_BINFMT_FLAT ++ select ARCH_HAS_CPU_FINALIZE_INIT if MMU + select ARCH_HAS_CURRENT_STACK_POINTER + select ARCH_HAS_DEBUG_VIRTUAL if MMU + select ARCH_HAS_DMA_WRITE_COMBINE if !ARM_DMA_MEM_BUFFERABLE +diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h +index 97a312ba0840..fe385551edec 100644 +--- a/arch/arm/include/asm/bugs.h ++++ b/arch/arm/include/asm/bugs.h +@@ -1,7 +1,5 @@ + /* SPDX-License-Identifier: GPL-2.0-only */ + /* +- * arch/arm/include/asm/bugs.h +- * + * Copyright (C) 1995-2003 Russell King + */ + #ifndef __ASM_BUGS_H +@@ -10,10 +8,8 @@ + extern void check_writebuffer_bugs(void); + + #ifdef CONFIG_MMU +-extern void check_bugs(void); + extern void check_other_bugs(void); + #else +-#define check_bugs() do { } while (0) + #define check_other_bugs() do { } while (0) + #endif + +diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c +index 14c8dbbb7d2d..087bce6ec8e9 100644 +--- a/arch/arm/kernel/bugs.c ++++ b/arch/arm/kernel/bugs.c +@@ -1,5 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + #include ++#include + #include + #include + +@@ -11,7 +12,7 @@ void check_other_bugs(void) + #endif + } + +-void __init check_bugs(void) ++void __init arch_cpu_finalize_init(void) + { + check_writebuffer_bugs(); + check_other_bugs(); diff --git a/patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..d99392fc0210 --- /dev/null +++ b/patches/kernel/0016-ia64-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,80 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:27 +0200 +Subject: [PATCH] ia64/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.137045745@linutronix.de + +(cherry picked from commit 6c38e3005621800263f117fb00d6787a76e16de7) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 7b593af98529e22ee2b54dda992a205bd8935a97) +Signed-off-by: Stoiko Ivanov +--- + arch/ia64/Kconfig | 1 + + arch/ia64/include/asm/bugs.h | 20 -------------------- + arch/ia64/kernel/setup.c | 3 +-- + 3 files changed, 2 insertions(+), 22 deletions(-) + delete mode 100644 arch/ia64/include/asm/bugs.h + +diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig +index d7e4a24e8644..25ebc90b3ec3 100644 +--- a/arch/ia64/Kconfig ++++ b/arch/ia64/Kconfig +@@ -9,6 +9,7 @@ menu "Processor type and features" + config IA64 + bool + select ARCH_BINFMT_ELF_EXTRA_PHDRS ++ select ARCH_HAS_CPU_FINALIZE_INIT + select ARCH_HAS_DMA_MARK_CLEAN + select ARCH_HAS_STRNCPY_FROM_USER + select ARCH_HAS_STRNLEN_USER +diff --git a/arch/ia64/include/asm/bugs.h b/arch/ia64/include/asm/bugs.h +deleted file mode 100644 +index 0d6b9bded56c..000000000000 +--- a/arch/ia64/include/asm/bugs.h ++++ /dev/null +@@ -1,20 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-/* +- * This is included by init/main.c to check for architecture-dependent bugs. +- * +- * Needs: +- * void check_bugs(void); +- * +- * Based on . +- * +- * Modified 1998, 1999, 2003 +- * David Mosberger-Tang , Hewlett-Packard Co. +- */ +-#ifndef _ASM_IA64_BUGS_H +-#define _ASM_IA64_BUGS_H +- +-#include +- +-extern void check_bugs (void); +- +-#endif /* _ASM_IA64_BUGS_H */ +diff --git a/arch/ia64/kernel/setup.c b/arch/ia64/kernel/setup.c +index c05728044272..9009f1871e3b 100644 +--- a/arch/ia64/kernel/setup.c ++++ b/arch/ia64/kernel/setup.c +@@ -1067,8 +1067,7 @@ cpu_init (void) + } + } + +-void __init +-check_bugs (void) ++void __init arch_cpu_finalize_init(void) + { + ia64_patch_mckinley_e9((unsigned long) __start___mckinley_e9_bundles, + (unsigned long) __end___mckinley_e9_bundles); diff --git a/patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..f1a6e88db0e3 --- /dev/null +++ b/patches/kernel/0017-m68k-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,89 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:30 +0200 +Subject: [PATCH] m68k/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Acked-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20230613224545.254342916@linutronix.de + +(cherry picked from commit 9ceecc2589b9d7cef6b321339ed8de484eac4b20) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 51d4827f4d3adf26415b6447d88611a35738e062) +Signed-off-by: Stoiko Ivanov +--- + arch/m68k/Kconfig | 1 + + arch/m68k/include/asm/bugs.h | 21 --------------------- + arch/m68k/kernel/setup_mm.c | 3 ++- + 3 files changed, 3 insertions(+), 22 deletions(-) + delete mode 100644 arch/m68k/include/asm/bugs.h + +diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig +index 7bff88118507..1fe5b2018745 100644 +--- a/arch/m68k/Kconfig ++++ b/arch/m68k/Kconfig +@@ -4,6 +4,7 @@ config M68K + default y + select ARCH_32BIT_OFF_T + select ARCH_HAS_BINFMT_FLAT ++ select ARCH_HAS_CPU_FINALIZE_INIT if MMU + select ARCH_HAS_CURRENT_STACK_POINTER + select ARCH_HAS_DMA_PREP_COHERENT if HAS_DMA && MMU && !COLDFIRE + select ARCH_HAS_SYNC_DMA_FOR_DEVICE if HAS_DMA +diff --git a/arch/m68k/include/asm/bugs.h b/arch/m68k/include/asm/bugs.h +deleted file mode 100644 +index 745530651e0b..000000000000 +--- a/arch/m68k/include/asm/bugs.h ++++ /dev/null +@@ -1,21 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-/* +- * include/asm-m68k/bugs.h +- * +- * Copyright (C) 1994 Linus Torvalds +- */ +- +-/* +- * This is included by init/main.c to check for architecture-dependent bugs. +- * +- * Needs: +- * void check_bugs(void); +- */ +- +-#ifdef CONFIG_MMU +-extern void check_bugs(void); /* in arch/m68k/kernel/setup.c */ +-#else +-static void check_bugs(void) +-{ +-} +-#endif +diff --git a/arch/m68k/kernel/setup_mm.c b/arch/m68k/kernel/setup_mm.c +index fbff1cea62ca..6f1ae01f322c 100644 +--- a/arch/m68k/kernel/setup_mm.c ++++ b/arch/m68k/kernel/setup_mm.c +@@ -10,6 +10,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -504,7 +505,7 @@ static int __init proc_hardware_init(void) + module_init(proc_hardware_init); + #endif + +-void check_bugs(void) ++void __init arch_cpu_finalize_init(void) + { + #if defined(CONFIG_FPU) && !defined(CONFIG_M68KFPU_EMU) + if (m68k_fputype == 0) { diff --git a/patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..f57d433c4792 --- /dev/null +++ b/patches/kernel/0018-mips-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,108 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:32 +0200 +Subject: [PATCH] mips/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.312438573@linutronix.de + +(backported from commit 7f066a22fe353a827a402ee2835e81f045b1574d) +[cascardo: only removed check_bugs from arch/mips/include/asm/bugs.h] +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 7753934cdd362695ffbc0f1db941ff6d4c72fa96) +Signed-off-by: Stoiko Ivanov +--- + arch/mips/Kconfig | 1 + + arch/mips/include/asm/bugs.h | 17 ----------------- + arch/mips/kernel/setup.c | 13 +++++++++++++ + 3 files changed, 14 insertions(+), 17 deletions(-) + +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig +index f11dda15aa54..fcf59a375c5b 100644 +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -4,6 +4,7 @@ config MIPS + default y + select ARCH_32BIT_OFF_T if !64BIT + select ARCH_BINFMT_ELF_STATE if MIPS_FP_SUPPORT ++ select ARCH_HAS_CPU_FINALIZE_INIT + select ARCH_HAS_CURRENT_STACK_POINTER if !CC_IS_CLANG || CLANG_VERSION >= 140000 + select ARCH_HAS_DEBUG_VIRTUAL if !64BIT + select ARCH_HAS_FORTIFY_SOURCE +diff --git a/arch/mips/include/asm/bugs.h b/arch/mips/include/asm/bugs.h +index d72dc6e1cf3c..8d4cf29861b8 100644 +--- a/arch/mips/include/asm/bugs.h ++++ b/arch/mips/include/asm/bugs.h +@@ -1,17 +1,11 @@ + /* SPDX-License-Identifier: GPL-2.0 */ + /* +- * This is included by init/main.c to check for architecture-dependent bugs. +- * + * Copyright (C) 2007 Maciej W. Rozycki +- * +- * Needs: +- * void check_bugs(void); + */ + #ifndef _ASM_BUGS_H + #define _ASM_BUGS_H + + #include +-#include + #include + + #include +@@ -30,17 +24,6 @@ static inline void check_bugs_early(void) + check_bugs64_early(); + } + +-static inline void check_bugs(void) +-{ +- unsigned int cpu = smp_processor_id(); +- +- cpu_data[cpu].udelay_val = loops_per_jiffy; +- check_bugs32(); +- +- if (IS_ENABLED(CONFIG_CPU_R4X00_BUGS64)) +- check_bugs64(); +-} +- + static inline int r4k_daddiu_bug(void) + { + if (!IS_ENABLED(CONFIG_CPU_R4X00_BUGS64)) +diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c +index f1c88f8a1dc5..4d950f666ef6 100644 +--- a/arch/mips/kernel/setup.c ++++ b/arch/mips/kernel/setup.c +@@ -11,6 +11,8 @@ + * Copyright (C) 2000, 2001, 2002, 2007 Maciej W. Rozycki + */ + #include ++#include ++#include + #include + #include + #include +@@ -839,3 +841,14 @@ static int __init setnocoherentio(char *str) + } + early_param("nocoherentio", setnocoherentio); + #endif ++ ++void __init arch_cpu_finalize_init(void) ++{ ++ unsigned int cpu = smp_processor_id(); ++ ++ cpu_data[cpu].udelay_val = loops_per_jiffy; ++ check_bugs32(); ++ ++ if (IS_ENABLED(CONFIG_CPU_R4X00_BUGS64)) ++ check_bugs64(); ++} diff --git a/patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..6329a3962aa1 --- /dev/null +++ b/patches/kernel/0019-sh-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,217 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:33 +0200 +Subject: [PATCH] sh/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.371697797@linutronix.de + +(cherry picked from commit 01eb454e9bfe593f320ecbc9aaec60bf87cd453d) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 5228732d7ec3b9d13ee33b613dd3ed9c7f6a4695) +Signed-off-by: Stoiko Ivanov +--- + arch/sh/Kconfig | 1 + + arch/sh/include/asm/bugs.h | 74 --------------------------------- + arch/sh/include/asm/processor.h | 2 + + arch/sh/kernel/idle.c | 1 + + arch/sh/kernel/setup.c | 55 ++++++++++++++++++++++++ + 5 files changed, 59 insertions(+), 74 deletions(-) + delete mode 100644 arch/sh/include/asm/bugs.h + +diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig +index 101a0d094a66..b0284730e761 100644 +--- a/arch/sh/Kconfig ++++ b/arch/sh/Kconfig +@@ -7,6 +7,7 @@ config SUPERH + select ARCH_HAVE_CUSTOM_GPIO_H + select ARCH_HAVE_NMI_SAFE_CMPXCHG if (GUSA_RB || CPU_SH4A) + select ARCH_HAS_BINFMT_FLAT if !MMU ++ select ARCH_HAS_CPU_FINALIZE_INIT + select ARCH_HAS_CURRENT_STACK_POINTER + select ARCH_HAS_GIGANTIC_PAGE + select ARCH_HAS_GCOV_PROFILE_ALL +diff --git a/arch/sh/include/asm/bugs.h b/arch/sh/include/asm/bugs.h +deleted file mode 100644 +index fe52abb69cea..000000000000 +--- a/arch/sh/include/asm/bugs.h ++++ /dev/null +@@ -1,74 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef __ASM_SH_BUGS_H +-#define __ASM_SH_BUGS_H +- +-/* +- * This is included by init/main.c to check for architecture-dependent bugs. +- * +- * Needs: +- * void check_bugs(void); +- */ +- +-/* +- * I don't know of any Super-H bugs yet. +- */ +- +-#include +- +-extern void select_idle_routine(void); +- +-static void __init check_bugs(void) +-{ +- extern unsigned long loops_per_jiffy; +- char *p = &init_utsname()->machine[2]; /* "sh" */ +- +- select_idle_routine(); +- +- current_cpu_data.loops_per_jiffy = loops_per_jiffy; +- +- switch (current_cpu_data.family) { +- case CPU_FAMILY_SH2: +- *p++ = '2'; +- break; +- case CPU_FAMILY_SH2A: +- *p++ = '2'; +- *p++ = 'a'; +- break; +- case CPU_FAMILY_SH3: +- *p++ = '3'; +- break; +- case CPU_FAMILY_SH4: +- *p++ = '4'; +- break; +- case CPU_FAMILY_SH4A: +- *p++ = '4'; +- *p++ = 'a'; +- break; +- case CPU_FAMILY_SH4AL_DSP: +- *p++ = '4'; +- *p++ = 'a'; +- *p++ = 'l'; +- *p++ = '-'; +- *p++ = 'd'; +- *p++ = 's'; +- *p++ = 'p'; +- break; +- case CPU_FAMILY_UNKNOWN: +- /* +- * Specifically use CPU_FAMILY_UNKNOWN rather than +- * default:, so we're able to have the compiler whine +- * about unhandled enumerations. +- */ +- break; +- } +- +- printk("CPU: %s\n", get_cpu_subtype(¤t_cpu_data)); +- +-#ifndef __LITTLE_ENDIAN__ +- /* 'eb' means 'Endian Big' */ +- *p++ = 'e'; +- *p++ = 'b'; +-#endif +- *p = '\0'; +-} +-#endif /* __ASM_SH_BUGS_H */ +diff --git a/arch/sh/include/asm/processor.h b/arch/sh/include/asm/processor.h +index 85a6c1c3c16e..73fba7c922f9 100644 +--- a/arch/sh/include/asm/processor.h ++++ b/arch/sh/include/asm/processor.h +@@ -166,6 +166,8 @@ extern unsigned int instruction_size(unsigned int insn); + #define instruction_size(insn) (2) + #endif + ++void select_idle_routine(void); ++ + #endif /* __ASSEMBLY__ */ + + #include +diff --git a/arch/sh/kernel/idle.c b/arch/sh/kernel/idle.c +index f59814983bd5..a80b2a5b25c7 100644 +--- a/arch/sh/kernel/idle.c ++++ b/arch/sh/kernel/idle.c +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + #include + #include + +diff --git a/arch/sh/kernel/setup.c b/arch/sh/kernel/setup.c +index af977ec4ca5e..cf7c0f72f293 100644 +--- a/arch/sh/kernel/setup.c ++++ b/arch/sh/kernel/setup.c +@@ -43,6 +43,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -354,3 +355,57 @@ int test_mode_pin(int pin) + { + return sh_mv.mv_mode_pins() & pin; + } ++ ++void __init arch_cpu_finalize_init(void) ++{ ++ char *p = &init_utsname()->machine[2]; /* "sh" */ ++ ++ select_idle_routine(); ++ ++ current_cpu_data.loops_per_jiffy = loops_per_jiffy; ++ ++ switch (current_cpu_data.family) { ++ case CPU_FAMILY_SH2: ++ *p++ = '2'; ++ break; ++ case CPU_FAMILY_SH2A: ++ *p++ = '2'; ++ *p++ = 'a'; ++ break; ++ case CPU_FAMILY_SH3: ++ *p++ = '3'; ++ break; ++ case CPU_FAMILY_SH4: ++ *p++ = '4'; ++ break; ++ case CPU_FAMILY_SH4A: ++ *p++ = '4'; ++ *p++ = 'a'; ++ break; ++ case CPU_FAMILY_SH4AL_DSP: ++ *p++ = '4'; ++ *p++ = 'a'; ++ *p++ = 'l'; ++ *p++ = '-'; ++ *p++ = 'd'; ++ *p++ = 's'; ++ *p++ = 'p'; ++ break; ++ case CPU_FAMILY_UNKNOWN: ++ /* ++ * Specifically use CPU_FAMILY_UNKNOWN rather than ++ * default:, so we're able to have the compiler whine ++ * about unhandled enumerations. ++ */ ++ break; ++ } ++ ++ pr_info("CPU: %s\n", get_cpu_subtype(¤t_cpu_data)); ++ ++#ifndef __LITTLE_ENDIAN__ ++ /* 'eb' means 'Endian Big' */ ++ *p++ = 'e'; ++ *p++ = 'b'; ++#endif ++ *p = '\0'; ++} diff --git a/patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..032c7db551f5 --- /dev/null +++ b/patches/kernel/0020-sparc-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,80 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:35 +0200 +Subject: [PATCH] sparc/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Reviewed-by: Sam Ravnborg +Link: https://lore.kernel.org/r/20230613224545.431995857@linutronix.de + +(cherry picked from commit 44ade508e3bfac45ae97864587de29eb1a881ec0) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 5f02f99c6d6fd4f2c7b77f6d01bac14cc6fae2f6) +Signed-off-by: Stoiko Ivanov +--- + arch/sparc/Kconfig | 1 + + arch/sparc/include/asm/bugs.h | 18 ------------------ + arch/sparc/kernel/setup_32.c | 7 +++++++ + 3 files changed, 8 insertions(+), 18 deletions(-) + delete mode 100644 arch/sparc/include/asm/bugs.h + +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig +index dbb1760cbe8c..b67d96e3392e 100644 +--- a/arch/sparc/Kconfig ++++ b/arch/sparc/Kconfig +@@ -51,6 +51,7 @@ config SPARC + config SPARC32 + def_bool !64BIT + select ARCH_32BIT_OFF_T ++ select ARCH_HAS_CPU_FINALIZE_INIT if !SMP + select ARCH_HAS_SYNC_DMA_FOR_CPU + select CLZ_TAB + select DMA_DIRECT_REMAP +diff --git a/arch/sparc/include/asm/bugs.h b/arch/sparc/include/asm/bugs.h +deleted file mode 100644 +index 02fa369b9c21..000000000000 +--- a/arch/sparc/include/asm/bugs.h ++++ /dev/null +@@ -1,18 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-/* include/asm/bugs.h: Sparc probes for various bugs. +- * +- * Copyright (C) 1996, 2007 David S. Miller (davem@davemloft.net) +- */ +- +-#ifdef CONFIG_SPARC32 +-#include +-#endif +- +-extern unsigned long loops_per_jiffy; +- +-static void __init check_bugs(void) +-{ +-#if defined(CONFIG_SPARC32) && !defined(CONFIG_SMP) +- cpu_data(0).udelay_val = loops_per_jiffy; +-#endif +-} +diff --git a/arch/sparc/kernel/setup_32.c b/arch/sparc/kernel/setup_32.c +index c8e0dd99f370..c9d1ba4f311b 100644 +--- a/arch/sparc/kernel/setup_32.c ++++ b/arch/sparc/kernel/setup_32.c +@@ -412,3 +412,10 @@ static int __init topology_init(void) + } + + subsys_initcall(topology_init); ++ ++#if defined(CONFIG_SPARC32) && !defined(CONFIG_SMP) ++void __init arch_cpu_finalize_init(void) ++{ ++ cpu_data(0).udelay_val = loops_per_jiffy; ++} ++#endif diff --git a/patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch b/patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch new file mode 100644 index 000000000000..e530cd122a94 --- /dev/null +++ b/patches/kernel/0021-um-cpu-Switch-to-arch_cpu_finalize_init.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:36 +0200 +Subject: [PATCH] um/cpu: Switch to arch_cpu_finalize_init() + +check_bugs() is about to be phased out. Switch over to the new +arch_cpu_finalize_init() implementation. + +No functional change. + +Signed-off-by: Thomas Gleixner +Acked-by: Richard Weinberger +Link: https://lore.kernel.org/r/20230613224545.493148694@linutronix.de + +(cherry picked from commit 9349b5cd0908f8afe95529fc7a8cbb1417df9b0c) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 37d44a1fca2e73fabeaf042a5bcdff3bd8e03224) +Signed-off-by: Stoiko Ivanov +--- + arch/um/Kconfig | 1 + + arch/um/include/asm/bugs.h | 7 ------- + arch/um/kernel/um_arch.c | 3 ++- + 3 files changed, 3 insertions(+), 8 deletions(-) + delete mode 100644 arch/um/include/asm/bugs.h + +diff --git a/arch/um/Kconfig b/arch/um/Kconfig +index ad4ff3b0e91e..82709bc36df7 100644 +--- a/arch/um/Kconfig ++++ b/arch/um/Kconfig +@@ -6,6 +6,7 @@ config UML + bool + default y + select ARCH_EPHEMERAL_INODES ++ select ARCH_HAS_CPU_FINALIZE_INIT + select ARCH_HAS_FORTIFY_SOURCE + select ARCH_HAS_GCOV_PROFILE_ALL + select ARCH_HAS_KCOV +diff --git a/arch/um/include/asm/bugs.h b/arch/um/include/asm/bugs.h +deleted file mode 100644 +index 4473942a0839..000000000000 +--- a/arch/um/include/asm/bugs.h ++++ /dev/null +@@ -1,7 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef __UM_BUGS_H +-#define __UM_BUGS_H +- +-void check_bugs(void); +- +-#endif +diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c +index 786b44dc20c9..664f477fe084 100644 +--- a/arch/um/kernel/um_arch.c ++++ b/arch/um/kernel/um_arch.c +@@ -3,6 +3,7 @@ + * Copyright (C) 2000 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com) + */ + ++#include + #include + #include + #include +@@ -426,7 +427,7 @@ void __init setup_arch(char **cmdline_p) + } + } + +-void __init check_bugs(void) ++void __init arch_cpu_finalize_init(void) + { + arch_check_bugs(); + os_check_bugs(); diff --git a/patches/kernel/0022-init-Remove-check_bugs-leftovers.patch b/patches/kernel/0022-init-Remove-check_bugs-leftovers.patch new file mode 100644 index 000000000000..3d3ddb113612 --- /dev/null +++ b/patches/kernel/0022-init-Remove-check_bugs-leftovers.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:38 +0200 +Subject: [PATCH] init: Remove check_bugs() leftovers + +Everything is converted over to arch_cpu_finalize_init(). Remove the +check_bugs() leftovers including the empty stubs in asm-generic, alpha, +parisc, powerpc and xtensa. + +Signed-off-by: Thomas Gleixner +Reviewed-by: Richard Henderson +Link: https://lore.kernel.org/r/20230613224545.553215951@linutronix.de + +(cherry picked from commit 61235b24b9cb37c13fcad5b9596d59a1afdcec30) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit f6914d2bea4df361881adc56f02dde9bddfa1b0a) +Signed-off-by: Stoiko Ivanov +--- + arch/alpha/include/asm/bugs.h | 20 -------------------- + arch/parisc/include/asm/bugs.h | 20 -------------------- + arch/powerpc/include/asm/bugs.h | 15 --------------- + arch/xtensa/include/asm/bugs.h | 18 ------------------ + include/asm-generic/bugs.h | 11 ----------- + init/main.c | 5 ----- + 6 files changed, 89 deletions(-) + delete mode 100644 arch/alpha/include/asm/bugs.h + delete mode 100644 arch/parisc/include/asm/bugs.h + delete mode 100644 arch/powerpc/include/asm/bugs.h + delete mode 100644 arch/xtensa/include/asm/bugs.h + delete mode 100644 include/asm-generic/bugs.h + +diff --git a/arch/alpha/include/asm/bugs.h b/arch/alpha/include/asm/bugs.h +deleted file mode 100644 +index 78030d1c7e7e..000000000000 +--- a/arch/alpha/include/asm/bugs.h ++++ /dev/null +@@ -1,20 +0,0 @@ +-/* +- * include/asm-alpha/bugs.h +- * +- * Copyright (C) 1994 Linus Torvalds +- */ +- +-/* +- * This is included by init/main.c to check for architecture-dependent bugs. +- * +- * Needs: +- * void check_bugs(void); +- */ +- +-/* +- * I don't know of any alpha bugs yet.. Nice chip +- */ +- +-static void check_bugs(void) +-{ +-} +diff --git a/arch/parisc/include/asm/bugs.h b/arch/parisc/include/asm/bugs.h +deleted file mode 100644 +index 0a7f9db6bd1c..000000000000 +--- a/arch/parisc/include/asm/bugs.h ++++ /dev/null +@@ -1,20 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-/* +- * include/asm-parisc/bugs.h +- * +- * Copyright (C) 1999 Mike Shaver +- */ +- +-/* +- * This is included by init/main.c to check for architecture-dependent bugs. +- * +- * Needs: +- * void check_bugs(void); +- */ +- +-#include +- +-static inline void check_bugs(void) +-{ +-// identify_cpu(&boot_cpu_data); +-} +diff --git a/arch/powerpc/include/asm/bugs.h b/arch/powerpc/include/asm/bugs.h +deleted file mode 100644 +index 01b8f6ca4dbb..000000000000 +--- a/arch/powerpc/include/asm/bugs.h ++++ /dev/null +@@ -1,15 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0-or-later */ +-#ifndef _ASM_POWERPC_BUGS_H +-#define _ASM_POWERPC_BUGS_H +- +-/* +- */ +- +-/* +- * This file is included by 'init/main.c' to check for +- * architecture-dependent bugs. +- */ +- +-static inline void check_bugs(void) { } +- +-#endif /* _ASM_POWERPC_BUGS_H */ +diff --git a/arch/xtensa/include/asm/bugs.h b/arch/xtensa/include/asm/bugs.h +deleted file mode 100644 +index 69b29d198249..000000000000 +--- a/arch/xtensa/include/asm/bugs.h ++++ /dev/null +@@ -1,18 +0,0 @@ +-/* +- * include/asm-xtensa/bugs.h +- * +- * This is included by init/main.c to check for architecture-dependent bugs. +- * +- * Xtensa processors don't have any bugs. :) +- * +- * This file is subject to the terms and conditions of the GNU General +- * Public License. See the file "COPYING" in the main directory of +- * this archive for more details. +- */ +- +-#ifndef _XTENSA_BUGS_H +-#define _XTENSA_BUGS_H +- +-static void check_bugs(void) { } +- +-#endif /* _XTENSA_BUGS_H */ +diff --git a/include/asm-generic/bugs.h b/include/asm-generic/bugs.h +deleted file mode 100644 +index 69021830f078..000000000000 +--- a/include/asm-generic/bugs.h ++++ /dev/null +@@ -1,11 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef __ASM_GENERIC_BUGS_H +-#define __ASM_GENERIC_BUGS_H +-/* +- * This file is included by 'init/main.c' to check for +- * architecture-dependent bugs. +- */ +- +-static inline void check_bugs(void) { } +- +-#endif /* __ASM_GENERIC_BUGS_H */ +diff --git a/init/main.c b/init/main.c +index e39055c8698f..0370df27746f 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -104,7 +104,6 @@ + #include + + #include +-#include + #include + #include + #include +@@ -1139,10 +1138,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) + delayacct_init(); + + arch_cpu_finalize_init(); +- /* Temporary conditional until everything has been converted */ +-#ifndef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT +- check_bugs(); +-#endif + + acpi_subsystem_init(); + arch_post_acpi_subsys_init(); diff --git a/patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch b/patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch new file mode 100644 index 000000000000..14c08bb84d0d --- /dev/null +++ b/patches/kernel/0023-init-Invoke-arch_cpu_finalize_init-earlier.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:39 +0200 +Subject: [PATCH] init: Invoke arch_cpu_finalize_init() earlier + +X86 is reworking the boot process so that initializations which are not +required during early boot can be moved into the late boot process and out +of the fragile and restricted initial boot phase. + +arch_cpu_finalize_init() is the obvious place to do such initializations, +but arch_cpu_finalize_init() is invoked too late in start_kernel() e.g. for +initializing the FPU completely. fork_init() requires that the FPU is +initialized as the size of task_struct on X86 depends on the size of the +required FPU register buffer. + +Fortunately none of the init calls between calibrate_delay() and +arch_cpu_finalize_init() is relevant for the functionality of +arch_cpu_finalize_init(). + +Invoke it right after calibrate_delay() where everything which is relevant +for arch_cpu_finalize_init() has been set up already. + +No functional change intended. + +Signed-off-by: Thomas Gleixner +Reviewed-by: Rick Edgecombe +Link: https://lore.kernel.org/r/20230613224545.612182854@linutronix.de + +(backported from commit 9df9d2f0471b4c4702670380b8d8a45b40b23a7d) +[cascardo: fixed conflict due to call to mem_encrypt_init] +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 919915fc47211940789c8bde231b2f15d1b8d427) +Signed-off-by: Stoiko Ivanov +--- + init/main.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/init/main.c b/init/main.c +index 0370df27746f..967584e8c3af 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -1111,6 +1111,9 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) + late_time_init(); + sched_clock_init(); + calibrate_delay(); ++ ++ arch_cpu_finalize_init(); ++ + pid_idr_init(); + anon_vma_init(); + #ifdef CONFIG_X86 +@@ -1137,8 +1140,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) + taskstats_init_early(); + delayacct_init(); + +- arch_cpu_finalize_init(); +- + acpi_subsystem_init(); + arch_post_acpi_subsys_init(); + kcsan_init(); diff --git a/patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch b/patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch new file mode 100644 index 000000000000..da1720faa29d --- /dev/null +++ b/patches/kernel/0024-init-x86-Move-mem_encrypt_init-into-arch_cpu_finaliz.patch @@ -0,0 +1,121 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:41 +0200 +Subject: [PATCH] init, x86: Move mem_encrypt_init() into + arch_cpu_finalize_init() + +Invoke the X86ism mem_encrypt_init() from X86 arch_cpu_finalize_init() and +remove the weak fallback from the core code. + +No functional change. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.670360645@linutronix.de + +(backported from commit 439e17576eb47f26b78c5bbc72e344d4206d2327) +[cascardo: really remove mem_encrypt_init from init/main.c] +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 439b49f26bc9ee74a3ac4b356c12d41f68c49cbd) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/include/asm/mem_encrypt.h | 7 ++++--- + arch/x86/kernel/cpu/common.c | 11 +++++++++++ + init/main.c | 11 ----------- + 3 files changed, 15 insertions(+), 14 deletions(-) + +diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h +index 72ca90552b6a..a95914f479b8 100644 +--- a/arch/x86/include/asm/mem_encrypt.h ++++ b/arch/x86/include/asm/mem_encrypt.h +@@ -51,6 +51,8 @@ void __init mem_encrypt_free_decrypted_mem(void); + + void __init sev_es_init_vc_handling(void); + ++void __init mem_encrypt_init(void); ++ + #define __bss_decrypted __section(".bss..decrypted") + + #else /* !CONFIG_AMD_MEM_ENCRYPT */ +@@ -82,13 +84,12 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {} + + static inline void mem_encrypt_free_decrypted_mem(void) { } + ++static inline void mem_encrypt_init(void) { } ++ + #define __bss_decrypted + + #endif /* CONFIG_AMD_MEM_ENCRYPT */ + +-/* Architecture __weak replacement functions */ +-void __init mem_encrypt_init(void); +- + void add_encrypt_protection_map(void); + + /* +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 0f32ecfbdeb1..637817d0d819 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -2412,4 +2413,14 @@ void __init arch_cpu_finalize_init(void) + } else { + fpu__init_check_bugs(); + } ++ ++ /* ++ * This needs to be called before any devices perform DMA ++ * operations that might use the SWIOTLB bounce buffers. It will ++ * mark the bounce buffers as decrypted so that their usage will ++ * not cause "plain-text" data to be decrypted when accessed. It ++ * must be called after late_time_init() so that Hyper-V x86/x64 ++ * hypercalls work when the SWIOTLB bounce buffers are decrypted. ++ */ ++ mem_encrypt_init(); + } +diff --git a/init/main.c b/init/main.c +index 967584e8c3af..7533b4da4fb2 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -96,7 +96,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -783,8 +782,6 @@ void __init __weak thread_stack_cache_init(void) + } + #endif + +-void __init __weak mem_encrypt_init(void) { } +- + void __init __weak poking_init(void) { } + + void __init __weak pgtable_cache_init(void) { } +@@ -1087,14 +1084,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) + */ + locking_selftest(); + +- /* +- * This needs to be called before any devices perform DMA +- * operations that might use the SWIOTLB bounce buffers. It will +- * mark the bounce buffers as decrypted so that their usage will +- * not cause "plain-text" data to be decrypted when accessed. +- */ +- mem_encrypt_init(); +- + #ifdef CONFIG_BLK_DEV_INITRD + if (initrd_start && !initrd_below_start_ok && + page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) { diff --git a/patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch b/patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch new file mode 100644 index 000000000000..44958b2e75de --- /dev/null +++ b/patches/kernel/0025-x86-init-Initialize-signal-frame-size-late.patch @@ -0,0 +1,81 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:42 +0200 +Subject: [PATCH] x86/init: Initialize signal frame size late + +No point in doing this during really early boot. Move it to an early +initcall so that it is set up before possible user mode helpers are started +during device initialization. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.727330699@linutronix.de + +(cherry picked from commit 54d9a91a3d6713d1332e93be13b4eaf0fa54349d) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit cae51198acf57beecfe60bd11710d15b0f0a2856) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/include/asm/sigframe.h | 2 -- + arch/x86/kernel/cpu/common.c | 3 --- + arch/x86/kernel/signal.c | 4 +++- + 3 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/include/asm/sigframe.h b/arch/x86/include/asm/sigframe.h +index 5b1ed650b124..84eab2724875 100644 +--- a/arch/x86/include/asm/sigframe.h ++++ b/arch/x86/include/asm/sigframe.h +@@ -85,6 +85,4 @@ struct rt_sigframe_x32 { + + #endif /* CONFIG_X86_64 */ + +-void __init init_sigframe_size(void); +- + #endif /* _ASM_X86_SIGFRAME_H */ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 637817d0d819..256083661fb2 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -64,7 +64,6 @@ + #include + #include + #include +-#include + #include + #include + +@@ -1599,8 +1598,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) + + fpu__init_system(c); + +- init_sigframe_size(); +- + #ifdef CONFIG_X86_32 + /* + * Regardless of whether PCID is enumerated, the SDM says +diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c +index 004cb30b7419..cfeec3ee877e 100644 +--- a/arch/x86/kernel/signal.c ++++ b/arch/x86/kernel/signal.c +@@ -182,7 +182,7 @@ get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size, + static unsigned long __ro_after_init max_frame_size; + static unsigned int __ro_after_init fpu_default_state_size; + +-void __init init_sigframe_size(void) ++static int __init init_sigframe_size(void) + { + fpu_default_state_size = fpu__get_fpstate_size(); + +@@ -194,7 +194,9 @@ void __init init_sigframe_size(void) + max_frame_size = round_up(max_frame_size, FRAME_ALIGNMENT); + + pr_info("max sigframe size: %lu\n", max_frame_size); ++ return 0; + } ++early_initcall(init_sigframe_size); + + unsigned long get_sigframe_size(void) + { diff --git a/patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch b/patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch new file mode 100644 index 000000000000..b73ba2a3e878 --- /dev/null +++ b/patches/kernel/0026-x86-fpu-Remove-cpuinfo-argument-from-init-functions.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:43 +0200 +Subject: [PATCH] x86/fpu: Remove cpuinfo argument from init functions + +Nothing in the call chain requires it + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.783704297@linutronix.de + +(cherry picked from commit 1f34bb2a24643e0087652d81078e4f616562738d) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit df2f3fc430e187551eb4aaa14aa21640d7ef44ca) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/include/asm/fpu/api.h | 2 +- + arch/x86/kernel/cpu/common.c | 2 +- + arch/x86/kernel/fpu/init.c | 6 +++--- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h +index 503a577814b2..b475d9a582b8 100644 +--- a/arch/x86/include/asm/fpu/api.h ++++ b/arch/x86/include/asm/fpu/api.h +@@ -109,7 +109,7 @@ extern void fpu_reset_from_exception_fixup(void); + + /* Boot, hotplug and resume */ + extern void fpu__init_cpu(void); +-extern void fpu__init_system(struct cpuinfo_x86 *c); ++extern void fpu__init_system(void); + extern void fpu__init_check_bugs(void); + extern void fpu__resume_cpu(void); + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 256083661fb2..794eb851cb0d 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1596,7 +1596,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) + + sld_setup(c); + +- fpu__init_system(c); ++ fpu__init_system(); + + #ifdef CONFIG_X86_32 + /* +diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c +index 851eb13edc01..5001df943828 100644 +--- a/arch/x86/kernel/fpu/init.c ++++ b/arch/x86/kernel/fpu/init.c +@@ -71,7 +71,7 @@ static bool fpu__probe_without_cpuid(void) + return fsw == 0 && (fcw & 0x103f) == 0x003f; + } + +-static void fpu__init_system_early_generic(struct cpuinfo_x86 *c) ++static void fpu__init_system_early_generic(void) + { + if (!boot_cpu_has(X86_FEATURE_CPUID) && + !test_bit(X86_FEATURE_FPU, (unsigned long *)cpu_caps_cleared)) { +@@ -211,10 +211,10 @@ static void __init fpu__init_system_xstate_size_legacy(void) + * Called on the boot CPU once per system bootup, to set up the initial + * FPU state that is later cloned into all processes: + */ +-void __init fpu__init_system(struct cpuinfo_x86 *c) ++void __init fpu__init_system(void) + { + fpstate_reset(¤t->thread.fpu); +- fpu__init_system_early_generic(c); ++ fpu__init_system_early_generic(); + + /* + * The FPU has to be operational for some of the diff --git a/patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch b/patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch new file mode 100644 index 000000000000..3c079636e99e --- /dev/null +++ b/patches/kernel/0027-x86-fpu-Mark-init-functions-__init.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:45 +0200 +Subject: [PATCH] x86/fpu: Mark init functions __init + +No point in keeping them around. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.841685728@linutronix.de + +(cherry picked from commit 1703db2b90c91b2eb2d699519fc505fe431dde0e) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 368569c00f730c2f530d3d5431fd3fe8ca81cba3) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/kernel/fpu/init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c +index 5001df943828..998a08f17e33 100644 +--- a/arch/x86/kernel/fpu/init.c ++++ b/arch/x86/kernel/fpu/init.c +@@ -53,7 +53,7 @@ void fpu__init_cpu(void) + fpu__init_cpu_xstate(); + } + +-static bool fpu__probe_without_cpuid(void) ++static bool __init fpu__probe_without_cpuid(void) + { + unsigned long cr0; + u16 fsw, fcw; +@@ -71,7 +71,7 @@ static bool fpu__probe_without_cpuid(void) + return fsw == 0 && (fcw & 0x103f) == 0x003f; + } + +-static void fpu__init_system_early_generic(void) ++static void __init fpu__init_system_early_generic(void) + { + if (!boot_cpu_has(X86_FEATURE_CPUID) && + !test_bit(X86_FEATURE_FPU, (unsigned long *)cpu_caps_cleared)) { diff --git a/patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch b/patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch new file mode 100644 index 000000000000..a753d943730e --- /dev/null +++ b/patches/kernel/0028-x86-fpu-Move-FPU-initialization-into-arch_cpu_finali.patch @@ -0,0 +1,80 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 14 Jun 2023 01:39:46 +0200 +Subject: [PATCH] x86/fpu: Move FPU initialization into + arch_cpu_finalize_init() + +Initializing the FPU during the early boot process is a pointless +exercise. Early boot is convoluted and fragile enough. + +Nothing requires that the FPU is set up early. It has to be initialized +before fork_init() because the task_struct size depends on the FPU register +buffer size. + +Move the initialization to arch_cpu_finalize_init() which is the perfect +place to do so. + +No functional change. + +This allows to remove quite some of the custom early command line parsing, +but that's subject to the next installment. + +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230613224545.902376621@linutronix.de + +(cherry picked from commit b81fac906a8f9e682e513ddd95697ec7a20878d4) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 010f3814ec351195c9d0a9a408798f9c66fdb906) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/kernel/cpu/common.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 794eb851cb0d..9b53d1cb424d 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1596,8 +1596,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) + + sld_setup(c); + +- fpu__init_system(); +- + #ifdef CONFIG_X86_32 + /* + * Regardless of whether PCID is enumerated, the SDM says +@@ -2283,8 +2281,6 @@ void cpu_init(void) + + doublefault_init_cpu_tss(); + +- fpu__init_cpu(); +- + if (is_uv_system()) + uv_cpu_init(); + +@@ -2300,6 +2296,7 @@ void cpu_init_secondary(void) + */ + cpu_init_exception_handling(); + cpu_init(); ++ fpu__init_cpu(); + } + #endif + +@@ -2394,6 +2391,13 @@ void __init arch_cpu_finalize_init(void) + '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86); + } + ++ /* ++ * Must be before alternatives because it might set or clear ++ * feature bits. ++ */ ++ fpu__init_system(); ++ fpu__init_cpu(); ++ + alternative_instructions(); + + if (IS_ENABLED(CONFIG_X86_64)) { diff --git a/patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch b/patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch new file mode 100644 index 000000000000..0b6207bebc71 --- /dev/null +++ b/patches/kernel/0029-x86-mem_encrypt-Unbreak-the-AMD_MEM_ENCRYPT-n-build.patch @@ -0,0 +1,69 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Fri, 16 Jun 2023 22:15:31 +0200 +Subject: [PATCH] x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build + +Moving mem_encrypt_init() broke the AMD_MEM_ENCRYPT=n because the +declaration of that function was under #ifdef CONFIG_AMD_MEM_ENCRYPT and +the obvious placement for the inline stub was the #else path. + +This is a leftover of commit 20f07a044a76 ("x86/sev: Move common memory +encryption code to mem_encrypt.c") which made mem_encrypt_init() depend on +X86_MEM_ENCRYPT without moving the prototype. That did not fail back then +because there was no stub inline as the core init code had a weak function. + +Move both the declaration and the stub out of the CONFIG_AMD_MEM_ENCRYPT +section and guard it with CONFIG_X86_MEM_ENCRYPT. + +Fixes: 439e17576eb4 ("init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()") +Reported-by: kernel test robot +Signed-off-by: Thomas Gleixner +Closes: https://lore.kernel.org/oe-kbuild-all/202306170247.eQtCJPE8-lkp@intel.com/ + +(cherry picked from commit 0a9567ac5e6a40cdd9c8cd15b19a62a15250f450) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 305ba9053fdf1503a6717e3a96a7d9e0cd48ef15) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/include/asm/mem_encrypt.h | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h +index a95914f479b8..8f513372cd8d 100644 +--- a/arch/x86/include/asm/mem_encrypt.h ++++ b/arch/x86/include/asm/mem_encrypt.h +@@ -17,6 +17,12 @@ + + #include + ++#ifdef CONFIG_X86_MEM_ENCRYPT ++void __init mem_encrypt_init(void); ++#else ++static inline void mem_encrypt_init(void) { } ++#endif ++ + #ifdef CONFIG_AMD_MEM_ENCRYPT + + extern u64 sme_me_mask; +@@ -51,8 +57,6 @@ void __init mem_encrypt_free_decrypted_mem(void); + + void __init sev_es_init_vc_handling(void); + +-void __init mem_encrypt_init(void); +- + #define __bss_decrypted __section(".bss..decrypted") + + #else /* !CONFIG_AMD_MEM_ENCRYPT */ +@@ -84,8 +88,6 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {} + + static inline void mem_encrypt_free_decrypted_mem(void) { } + +-static inline void mem_encrypt_init(void) { } +- + #define __bss_decrypted + + #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch b/patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch new file mode 100644 index 000000000000..14105f839b63 --- /dev/null +++ b/patches/kernel/0030-x86-xen-Fix-secondary-processors-FPU-initialization.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Juergen Gross +Date: Mon, 3 Jul 2023 15:00:32 +0200 +Subject: [PATCH] x86/xen: Fix secondary processors' FPU initialization + +Moving the call of fpu__init_cpu() from cpu_init() to start_secondary() +broke Xen PV guests, as those don't call start_secondary() for APs. + +Call fpu__init_cpu() in Xen's cpu_bringup(), which is the Xen PV +replacement of start_secondary(). + +Fixes: b81fac906a8f ("x86/fpu: Move FPU initialization into arch_cpu_finalize_init()") +Signed-off-by: Juergen Gross +Signed-off-by: Borislav Petkov (AMD) +Reviewed-by: Boris Ostrovsky +Acked-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20230703130032.22916-1-jgross@suse.com + +(cherry picked from commit fe3e0a13e597c1c8617814bf9b42ab732db5c26e) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 96617ee9a5943f6c58fa503257e18b191e84d117) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/xen/smp_pv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c +index 6175f2c5c822..e97bab7b0010 100644 +--- a/arch/x86/xen/smp_pv.c ++++ b/arch/x86/xen/smp_pv.c +@@ -63,6 +63,7 @@ static void cpu_bringup(void) + + cr4_init(); + cpu_init(); ++ fpu__init_cpu(); + touch_softlockup_watchdog(); + + /* PVH runs in ring 0 and allows us to do native syscalls. Yay! */ diff --git a/patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch b/patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch new file mode 100644 index 000000000000..9575840e95ad --- /dev/null +++ b/patches/kernel/0031-x86-speculation-Add-Gather-Data-Sampling-mitigation.patch @@ -0,0 +1,595 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Sneddon +Date: Wed, 12 Jul 2023 19:43:11 -0700 +Subject: [PATCH] x86/speculation: Add Gather Data Sampling mitigation + +Gather Data Sampling (GDS) is a hardware vulnerability which allows +unprivileged speculative access to data which was previously stored in +vector registers. + +Intel processors that support AVX2 and AVX512 have gather instructions +that fetch non-contiguous data elements from memory. On vulnerable +hardware, when a gather instruction is transiently executed and +encounters a fault, stale data from architectural or internal vector +registers may get transiently stored to the destination vector +register allowing an attacker to infer the stale data using typical +side channel techniques like cache timing attacks. + +This mitigation is different from many earlier ones for two reasons. +First, it is enabled by default and a bit must be set to *DISABLE* it. +This is the opposite of normal mitigation polarity. This means GDS can +be mitigated simply by updating microcode and leaving the new control +bit alone. + +Second, GDS has a "lock" bit. This lock bit is there because the +mitigation affects the hardware security features KeyLocker and SGX. +It needs to be enabled and *STAY* enabled for these features to be +mitigated against GDS. + +The mitigation is enabled in the microcode by default. Disable it by +setting gather_data_sampling=off or by disabling all mitigations with +mitigations=off. The mitigation status can be checked by reading: + + /sys/devices/system/cpu/vulnerabilities/gather_data_sampling + +Signed-off-by: Daniel Sneddon +Signed-off-by: Dave Hansen +Acked-by: Josh Poimboeuf + +(cherry picked from commit 8974eb588283b7d44a7c91fa09fcbaf380339f3a) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit a82fd9ff16b574fc42677c7b5f9e05b2f965d709) +Signed-off-by: Stoiko Ivanov +--- + .../ABI/testing/sysfs-devices-system-cpu | 13 +- + .../hw-vuln/gather_data_sampling.rst | 99 ++++++++++++++ + Documentation/admin-guide/hw-vuln/index.rst | 1 + + .../admin-guide/kernel-parameters.txt | 41 ++++-- + arch/x86/include/asm/cpufeatures.h | 1 + + arch/x86/include/asm/msr-index.h | 11 ++ + arch/x86/kernel/cpu/bugs.c | 129 ++++++++++++++++++ + arch/x86/kernel/cpu/common.c | 34 +++-- + arch/x86/kernel/cpu/cpu.h | 1 + + drivers/base/cpu.c | 8 ++ + 10 files changed, 310 insertions(+), 28 deletions(-) + create mode 100644 Documentation/admin-guide/hw-vuln/gather_data_sampling.rst + +diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu +index f54867cadb0f..13c01b641dc7 100644 +--- a/Documentation/ABI/testing/sysfs-devices-system-cpu ++++ b/Documentation/ABI/testing/sysfs-devices-system-cpu +@@ -513,17 +513,18 @@ Description: information about CPUs heterogeneity. + cpu_capacity: capacity of cpuX. + + What: /sys/devices/system/cpu/vulnerabilities ++ /sys/devices/system/cpu/vulnerabilities/gather_data_sampling ++ /sys/devices/system/cpu/vulnerabilities/itlb_multihit ++ /sys/devices/system/cpu/vulnerabilities/l1tf ++ /sys/devices/system/cpu/vulnerabilities/mds + /sys/devices/system/cpu/vulnerabilities/meltdown ++ /sys/devices/system/cpu/vulnerabilities/mmio_stale_data ++ /sys/devices/system/cpu/vulnerabilities/retbleed ++ /sys/devices/system/cpu/vulnerabilities/spec_store_bypass + /sys/devices/system/cpu/vulnerabilities/spectre_v1 + /sys/devices/system/cpu/vulnerabilities/spectre_v2 +- /sys/devices/system/cpu/vulnerabilities/spec_store_bypass +- /sys/devices/system/cpu/vulnerabilities/l1tf +- /sys/devices/system/cpu/vulnerabilities/mds + /sys/devices/system/cpu/vulnerabilities/srbds + /sys/devices/system/cpu/vulnerabilities/tsx_async_abort +- /sys/devices/system/cpu/vulnerabilities/itlb_multihit +- /sys/devices/system/cpu/vulnerabilities/mmio_stale_data +- /sys/devices/system/cpu/vulnerabilities/retbleed + Date: January 2018 + Contact: Linux kernel mailing list + Description: Information about CPU vulnerabilities +diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +new file mode 100644 +index 000000000000..74dab6af7fe1 +--- /dev/null ++++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +@@ -0,0 +1,99 @@ ++.. SPDX-License-Identifier: GPL-2.0 ++ ++GDS - Gather Data Sampling ++========================== ++ ++Gather Data Sampling is a hardware vulnerability which allows unprivileged ++speculative access to data which was previously stored in vector registers. ++ ++Problem ++------- ++When a gather instruction performs loads from memory, different data elements ++are merged into the destination vector register. However, when a gather ++instruction that is transiently executed encounters a fault, stale data from ++architectural or internal vector registers may get transiently forwarded to the ++destination vector register instead. This will allow a malicious attacker to ++infer stale data using typical side channel techniques like cache timing ++attacks. GDS is a purely sampling-based attack. ++ ++The attacker uses gather instructions to infer the stale vector register data. ++The victim does not need to do anything special other than use the vector ++registers. The victim does not need to use gather instructions to be ++vulnerable. ++ ++Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks ++are possible. ++ ++Attack scenarios ++---------------- ++Without mitigation, GDS can infer stale data across virtually all ++permission boundaries: ++ ++ Non-enclaves can infer SGX enclave data ++ Userspace can infer kernel data ++ Guests can infer data from hosts ++ Guest can infer guest from other guests ++ Users can infer data from other users ++ ++Because of this, it is important to ensure that the mitigation stays enabled in ++lower-privilege contexts like guests and when running outside SGX enclaves. ++ ++The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure ++that guests are not allowed to disable the GDS mitigation. If a host erred and ++allowed this, a guest could theoretically disable GDS mitigation, mount an ++attack, and re-enable it. ++ ++Mitigation mechanism ++-------------------- ++This issue is mitigated in microcode. The microcode defines the following new ++bits: ++ ++ ================================ === ============================ ++ IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability ++ and mitigation support. ++ IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable. ++ IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation ++ 0 by default. ++ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes ++ to GDS_MITG_DIS are ignored ++ Can't be cleared once set. ++ ================================ === ============================ ++ ++GDS can also be mitigated on systems that don't have updated microcode by ++disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel ++command-line. ++ ++Mitigation control on the kernel command line ++--------------------------------------------- ++The mitigation can be disabled by setting "gather_data_sampling=off" or ++"mitigations=off" on the kernel command line. Not specifying either will ++default to the mitigation being enabled. ++ ++GDS System Information ++------------------------ ++The kernel provides vulnerability status information through sysfs. For ++GDS this can be accessed by the following sysfs file: ++ ++/sys/devices/system/cpu/vulnerabilities/gather_data_sampling ++ ++The possible values contained in this file are: ++ ++ ============================== ============================================= ++ Not affected Processor not vulnerable. ++ Vulnerable Processor vulnerable and mitigation disabled. ++ Vulnerable: No microcode Processor vulnerable and microcode is missing ++ mitigation. ++ Mitigation: Microcode Processor is vulnerable and mitigation is in ++ effect. ++ Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in ++ effect and cannot be disabled. ++ Unknown: Dependent on ++ hypervisor status Running on a virtual guest processor that is ++ affected but with no way to know if host ++ processor is mitigated or vulnerable. ++ ============================== ============================================= ++ ++GDS Default mitigation ++---------------------- ++The updated microcode will enable the mitigation by default. The kernel's ++default action is to leave the mitigation enabled. +diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst +index e0614760a99e..436fac0bd9c3 100644 +--- a/Documentation/admin-guide/hw-vuln/index.rst ++++ b/Documentation/admin-guide/hw-vuln/index.rst +@@ -19,3 +19,4 @@ are configurable at compile, boot or run time. + l1d_flush.rst + processor_mmio_stale_data.rst + cross-thread-rsb.rst ++ gather_data_sampling.rst +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index c0d8867359bc..380e1e46ffa1 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1610,6 +1610,20 @@ + Format: off | on + default: on + ++ gather_data_sampling= ++ [X86,INTEL] Control the Gather Data Sampling (GDS) ++ mitigation. ++ ++ Gather Data Sampling is a hardware vulnerability which ++ allows unprivileged speculative access to data which was ++ previously stored in vector registers. ++ ++ This issue is mitigated by default in updated microcode. ++ The mitigation may have a performance impact but can be ++ disabled. ++ ++ off: Disable GDS mitigation. ++ + gcov_persist= [GCOV] When non-zero (default), profiling data for + kernel modules is saved and remains accessible via + debugfs, even when the module is unloaded/reloaded. +@@ -3245,24 +3259,25 @@ + Disable all optional CPU mitigations. This + improves system performance, but it may also + expose users to several CPU vulnerabilities. +- Equivalent to: nopti [X86,PPC] +- if nokaslr then kpti=0 [ARM64] +- nospectre_v1 [X86,PPC] +- nobp=0 [S390] +- nospectre_v2 [X86,PPC,S390,ARM64] +- spectre_v2_user=off [X86] +- spec_store_bypass_disable=off [X86,PPC] +- ssbd=force-off [ARM64] +- nospectre_bhb [ARM64] ++ Equivalent to: if nokaslr then kpti=0 [ARM64] ++ gather_data_sampling=off [X86] ++ kvm.nx_huge_pages=off [X86] + l1tf=off [X86] + mds=off [X86] +- tsx_async_abort=off [X86] +- kvm.nx_huge_pages=off [X86] +- srbds=off [X86,INTEL] ++ mmio_stale_data=off [X86] + no_entry_flush [PPC] + no_uaccess_flush [PPC] +- mmio_stale_data=off [X86] ++ nobp=0 [S390] ++ nopti [X86,PPC] ++ nospectre_bhb [ARM64] ++ nospectre_v1 [X86,PPC] ++ nospectre_v2 [X86,PPC,S390,ARM64] + retbleed=off [X86] ++ spec_store_bypass_disable=off [X86,PPC] ++ spectre_v2_user=off [X86] ++ srbds=off [X86,INTEL] ++ ssbd=force-off [ARM64] ++ tsx_async_abort=off [X86] + + Exceptions: + This does not have any effect on +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h +index 8f39c46197b8..93f232eb9786 100644 +--- a/arch/x86/include/asm/cpufeatures.h ++++ b/arch/x86/include/asm/cpufeatures.h +@@ -467,5 +467,6 @@ + #define X86_BUG_RETBLEED X86_BUG(27) /* CPU is affected by RETBleed */ + #define X86_BUG_EIBRS_PBRSB X86_BUG(28) /* EIBRS is vulnerable to Post Barrier RSB Predictions */ + #define X86_BUG_SMT_RSB X86_BUG(29) /* CPU is vulnerable to Cross-Thread Return Address Predictions */ ++#define X86_BUG_GDS X86_BUG(30) /* CPU is affected by Gather Data Sampling */ + + #endif /* _ASM_X86_CPUFEATURES_H */ +diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h +index 52a09dbc2c26..b030a03ca8d6 100644 +--- a/arch/x86/include/asm/msr-index.h ++++ b/arch/x86/include/asm/msr-index.h +@@ -153,6 +153,15 @@ + * Not susceptible to Post-Barrier + * Return Stack Buffer Predictions. + */ ++#define ARCH_CAP_GDS_CTRL BIT(25) /* ++ * CPU is vulnerable to Gather ++ * Data Sampling (GDS) and ++ * has controls for mitigation. ++ */ ++#define ARCH_CAP_GDS_NO BIT(26) /* ++ * CPU is not vulnerable to Gather ++ * Data Sampling (GDS). ++ */ + + #define ARCH_CAP_XAPIC_DISABLE BIT(21) /* + * IA32_XAPIC_DISABLE_STATUS MSR +@@ -176,6 +185,8 @@ + #define RNGDS_MITG_DIS BIT(0) /* SRBDS support */ + #define RTM_ALLOW BIT(1) /* TSX development mode */ + #define FB_CLEAR_DIS BIT(3) /* CPU Fill buffer clear disable */ ++#define GDS_MITG_DIS BIT(4) /* Disable GDS mitigation */ ++#define GDS_MITG_LOCKED BIT(5) /* GDS mitigation locked */ + + #define MSR_IA32_SYSENTER_CS 0x00000174 + #define MSR_IA32_SYSENTER_ESP 0x00000175 +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index edb670b77294..a1c1c8e4995c 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -46,6 +46,7 @@ static void __init taa_select_mitigation(void); + static void __init mmio_select_mitigation(void); + static void __init srbds_select_mitigation(void); + static void __init l1d_flush_select_mitigation(void); ++static void __init gds_select_mitigation(void); + + /* The base value of the SPEC_CTRL MSR without task-specific bits set */ + u64 x86_spec_ctrl_base; +@@ -159,6 +160,7 @@ void __init cpu_select_mitigations(void) + md_clear_select_mitigation(); + srbds_select_mitigation(); + l1d_flush_select_mitigation(); ++ gds_select_mitigation(); + } + + /* +@@ -644,6 +646,120 @@ static int __init l1d_flush_parse_cmdline(char *str) + } + early_param("l1d_flush", l1d_flush_parse_cmdline); + ++#undef pr_fmt ++#define pr_fmt(fmt) "GDS: " fmt ++ ++enum gds_mitigations { ++ GDS_MITIGATION_OFF, ++ GDS_MITIGATION_UCODE_NEEDED, ++ GDS_MITIGATION_FULL, ++ GDS_MITIGATION_FULL_LOCKED, ++ GDS_MITIGATION_HYPERVISOR, ++}; ++ ++static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL; ++ ++static const char * const gds_strings[] = { ++ [GDS_MITIGATION_OFF] = "Vulnerable", ++ [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", ++ [GDS_MITIGATION_FULL] = "Mitigation: Microcode", ++ [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)", ++ [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", ++}; ++ ++void update_gds_msr(void) ++{ ++ u64 mcu_ctrl_after; ++ u64 mcu_ctrl; ++ ++ switch (gds_mitigation) { ++ case GDS_MITIGATION_OFF: ++ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); ++ mcu_ctrl |= GDS_MITG_DIS; ++ break; ++ case GDS_MITIGATION_FULL_LOCKED: ++ /* ++ * The LOCKED state comes from the boot CPU. APs might not have ++ * the same state. Make sure the mitigation is enabled on all ++ * CPUs. ++ */ ++ case GDS_MITIGATION_FULL: ++ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); ++ mcu_ctrl &= ~GDS_MITG_DIS; ++ break; ++ case GDS_MITIGATION_UCODE_NEEDED: ++ case GDS_MITIGATION_HYPERVISOR: ++ return; ++ }; ++ ++ wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); ++ ++ /* ++ * Check to make sure that the WRMSR value was not ignored. Writes to ++ * GDS_MITG_DIS will be ignored if this processor is locked but the boot ++ * processor was not. ++ */ ++ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl_after); ++ WARN_ON_ONCE(mcu_ctrl != mcu_ctrl_after); ++} ++ ++static void __init gds_select_mitigation(void) ++{ ++ u64 mcu_ctrl; ++ ++ if (!boot_cpu_has_bug(X86_BUG_GDS)) ++ return; ++ ++ if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { ++ gds_mitigation = GDS_MITIGATION_HYPERVISOR; ++ goto out; ++ } ++ ++ if (cpu_mitigations_off()) ++ gds_mitigation = GDS_MITIGATION_OFF; ++ /* Will verify below that mitigation _can_ be disabled */ ++ ++ /* No microcode */ ++ if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) { ++ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; ++ goto out; ++ } ++ ++ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); ++ if (mcu_ctrl & GDS_MITG_LOCKED) { ++ if (gds_mitigation == GDS_MITIGATION_OFF) ++ pr_warn("Mitigation locked. Disable failed.\n"); ++ ++ /* ++ * The mitigation is selected from the boot CPU. All other CPUs ++ * _should_ have the same state. If the boot CPU isn't locked ++ * but others are then update_gds_msr() will WARN() of the state ++ * mismatch. If the boot CPU is locked update_gds_msr() will ++ * ensure the other CPUs have the mitigation enabled. ++ */ ++ gds_mitigation = GDS_MITIGATION_FULL_LOCKED; ++ } ++ ++ update_gds_msr(); ++out: ++ pr_info("%s\n", gds_strings[gds_mitigation]); ++} ++ ++static int __init gds_parse_cmdline(char *str) ++{ ++ if (!str) ++ return -EINVAL; ++ ++ if (!boot_cpu_has_bug(X86_BUG_GDS)) ++ return 0; ++ ++ if (!strcmp(str, "off")) ++ gds_mitigation = GDS_MITIGATION_OFF; ++ ++ return 0; ++} ++early_param("gather_data_sampling", gds_parse_cmdline); ++ + #undef pr_fmt + #define pr_fmt(fmt) "Spectre V1 : " fmt + +@@ -2385,6 +2501,11 @@ static ssize_t retbleed_show_state(char *buf) + return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]); + } + ++static ssize_t gds_show_state(char *buf) ++{ ++ return sysfs_emit(buf, "%s\n", gds_strings[gds_mitigation]); ++} ++ + static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, + char *buf, unsigned int bug) + { +@@ -2434,6 +2555,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr + case X86_BUG_RETBLEED: + return retbleed_show_state(buf); + ++ case X86_BUG_GDS: ++ return gds_show_state(buf); ++ + default: + break; + } +@@ -2498,4 +2622,9 @@ ssize_t cpu_show_retbleed(struct device *dev, struct device_attribute *attr, cha + { + return cpu_show_common(dev, attr, buf, X86_BUG_RETBLEED); + } ++ ++ssize_t cpu_show_gds(struct device *dev, struct device_attribute *attr, char *buf) ++{ ++ return cpu_show_common(dev, attr, buf, X86_BUG_GDS); ++} + #endif +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 9b53d1cb424d..d950fb5ac0b4 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1262,6 +1262,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { + #define RETBLEED BIT(3) + /* CPU is affected by SMT (cross-thread) return predictions */ + #define SMT_RSB BIT(4) ++/* CPU is affected by GDS */ ++#define GDS BIT(5) + + static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { + VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), +@@ -1274,19 +1276,21 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { + VULNBL_INTEL_STEPPINGS(BROADWELL_X, X86_STEPPING_ANY, MMIO), + VULNBL_INTEL_STEPPINGS(BROADWELL, X86_STEPPING_ANY, SRBDS), + VULNBL_INTEL_STEPPINGS(SKYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED), +- VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED), ++ VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED | GDS), + VULNBL_INTEL_STEPPINGS(SKYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED), +- VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED), +- VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED), ++ VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS), ++ VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS), + VULNBL_INTEL_STEPPINGS(CANNONLAKE_L, X86_STEPPING_ANY, RETBLEED), +- VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), +- VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO), +- VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPING_ANY, MMIO), +- VULNBL_INTEL_STEPPINGS(COMETLAKE, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), ++ VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS), ++ VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO | GDS), ++ VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPING_ANY, MMIO | GDS), ++ VULNBL_INTEL_STEPPINGS(COMETLAKE, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS), + VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO | RETBLEED), +- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), ++ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS), ++ VULNBL_INTEL_STEPPINGS(TIGERLAKE_L, X86_STEPPING_ANY, GDS), ++ VULNBL_INTEL_STEPPINGS(TIGERLAKE, X86_STEPPING_ANY, GDS), + VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), +- VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED), ++ VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS), + VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS), + VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO), + VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS), +@@ -1415,6 +1419,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) + if (cpu_matches(cpu_vuln_blacklist, SMT_RSB)) + setup_force_cpu_bug(X86_BUG_SMT_RSB); + ++ /* ++ * Check if CPU is vulnerable to GDS. If running in a virtual machine on ++ * an affected processor, the VMM may have disabled the use of GATHER by ++ * disabling AVX2. The only way to do this in HW is to clear XCR0[2], ++ * which means that AVX will be disabled. ++ */ ++ if (cpu_matches(cpu_vuln_blacklist, GDS) && !(ia32_cap & ARCH_CAP_GDS_NO) && ++ boot_cpu_has(X86_FEATURE_AVX)) ++ setup_force_cpu_bug(X86_BUG_GDS); ++ + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) + return; + +@@ -1977,6 +1991,8 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c) + validate_apic_and_package_id(c); + x86_spec_ctrl_setup_ap(); + update_srbds_msr(); ++ if (boot_cpu_has_bug(X86_BUG_GDS)) ++ update_gds_msr(); + + tsx_ap_init(); + } +diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h +index 61dbb9b216e6..d9aeb335002d 100644 +--- a/arch/x86/kernel/cpu/cpu.h ++++ b/arch/x86/kernel/cpu/cpu.h +@@ -83,6 +83,7 @@ void cpu_select_mitigations(void); + + extern void x86_spec_ctrl_setup_ap(void); + extern void update_srbds_msr(void); ++extern void update_gds_msr(void); + + extern u64 x86_read_arch_cap_msr(void); + +diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c +index 7af8e33735a3..cc6cf06ce88e 100644 +--- a/drivers/base/cpu.c ++++ b/drivers/base/cpu.c +@@ -577,6 +577,12 @@ ssize_t __weak cpu_show_retbleed(struct device *dev, + return sysfs_emit(buf, "Not affected\n"); + } + ++ssize_t __weak cpu_show_gds(struct device *dev, ++ struct device_attribute *attr, char *buf) ++{ ++ return sysfs_emit(buf, "Not affected\n"); ++} ++ + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); + static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); + static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); +@@ -588,6 +594,7 @@ static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL); + static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL); + static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL); + static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL); ++static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); + + static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_meltdown.attr, +@@ -601,6 +608,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_srbds.attr, + &dev_attr_mmio_stale_data.attr, + &dev_attr_retbleed.attr, ++ &dev_attr_gather_data_sampling.attr, + NULL + }; + diff --git a/patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch b/patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch new file mode 100644 index 000000000000..093144b6b18b --- /dev/null +++ b/patches/kernel/0032-x86-speculation-Add-force-option-to-GDS-mitigation.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Sneddon +Date: Wed, 12 Jul 2023 19:43:12 -0700 +Subject: [PATCH] x86/speculation: Add force option to GDS mitigation + +The Gather Data Sampling (GDS) vulnerability allows malicious software +to infer stale data previously stored in vector registers. This may +include sensitive data such as cryptographic keys. GDS is mitigated in +microcode, and systems with up-to-date microcode are protected by +default. However, any affected system that is running with older +microcode will still be vulnerable to GDS attacks. + +Since the gather instructions used by the attacker are part of the +AVX2 and AVX512 extensions, disabling these extensions prevents gather +instructions from being executed, thereby mitigating the system from +GDS. Disabling AVX2 is sufficient, but we don't have the granularity +to do this. The XCR0[2] disables AVX, with no option to just disable +AVX2. + +Add a kernel parameter gather_data_sampling=force that will enable the +microcode mitigation if available, otherwise it will disable AVX on +affected systems. + +This option will be ignored if cmdline mitigations=off. + +This is a *big* hammer. It is known to break buggy userspace that +uses incomplete, buggy AVX enumeration. Unfortunately, such userspace +does exist in the wild: + + https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html + +[ dhansen: add some more ominous warnings about disabling AVX ] + +Signed-off-by: Daniel Sneddon +Signed-off-by: Dave Hansen +Acked-by: Josh Poimboeuf + +(cherry picked from commit 553a5c03e90a6087e88f8ff878335ef0621536fb) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit b73421edcd9b8f1b1db51168e4568667d74422db) +Signed-off-by: Stoiko Ivanov +--- + .../hw-vuln/gather_data_sampling.rst | 18 +++++++++++++---- + .../admin-guide/kernel-parameters.txt | 8 +++++++- + arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++- + 3 files changed, 40 insertions(+), 6 deletions(-) + +diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +index 74dab6af7fe1..40b7a6260010 100644 +--- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst ++++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +@@ -60,14 +60,21 @@ bits: + ================================ === ============================ + + GDS can also be mitigated on systems that don't have updated microcode by +-disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel +-command-line. ++disabling AVX. This can be done by setting gather_data_sampling="force" or ++"clearcpuid=avx" on the kernel command-line. ++ ++If used, these options will disable AVX use by turning on XSAVE YMM support. ++However, the processor will still enumerate AVX support. Userspace that ++does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM ++support will break. + + Mitigation control on the kernel command line + --------------------------------------------- + The mitigation can be disabled by setting "gather_data_sampling=off" or +-"mitigations=off" on the kernel command line. Not specifying either will +-default to the mitigation being enabled. ++"mitigations=off" on the kernel command line. Not specifying either will default ++to the mitigation being enabled. Specifying "gather_data_sampling=force" will ++use the microcode mitigation when available or disable AVX on affected systems ++where the microcode hasn't been updated to include the mitigation. + + GDS System Information + ------------------------ +@@ -83,6 +90,9 @@ The possible values contained in this file are: + Vulnerable Processor vulnerable and mitigation disabled. + Vulnerable: No microcode Processor vulnerable and microcode is missing + mitigation. ++ Mitigation: AVX disabled, ++ no microcode Processor is vulnerable and microcode is missing ++ mitigation. AVX disabled as mitigation. + Mitigation: Microcode Processor is vulnerable and mitigation is in + effect. + Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 380e1e46ffa1..5fef2f65f634 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1620,7 +1620,13 @@ + + This issue is mitigated by default in updated microcode. + The mitigation may have a performance impact but can be +- disabled. ++ disabled. On systems without the microcode mitigation ++ disabling AVX serves as a mitigation. ++ ++ force: Disable AVX to mitigate systems without ++ microcode mitigation. No effect if the microcode ++ mitigation is present. Known to cause crashes in ++ userspace with buggy AVX enumeration. + + off: Disable GDS mitigation. + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index a1c1c8e4995c..0cc3c4f09dd7 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -652,6 +652,7 @@ early_param("l1d_flush", l1d_flush_parse_cmdline); + enum gds_mitigations { + GDS_MITIGATION_OFF, + GDS_MITIGATION_UCODE_NEEDED, ++ GDS_MITIGATION_FORCE, + GDS_MITIGATION_FULL, + GDS_MITIGATION_FULL_LOCKED, + GDS_MITIGATION_HYPERVISOR, +@@ -662,6 +663,7 @@ static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL + static const char * const gds_strings[] = { + [GDS_MITIGATION_OFF] = "Vulnerable", + [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", ++ [GDS_MITIGATION_FORCE] = "Mitigation: AVX disabled, no microcode", + [GDS_MITIGATION_FULL] = "Mitigation: Microcode", + [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)", + [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", +@@ -687,6 +689,7 @@ void update_gds_msr(void) + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); + mcu_ctrl &= ~GDS_MITG_DIS; + break; ++ case GDS_MITIGATION_FORCE: + case GDS_MITIGATION_UCODE_NEEDED: + case GDS_MITIGATION_HYPERVISOR: + return; +@@ -721,10 +724,23 @@ static void __init gds_select_mitigation(void) + + /* No microcode */ + if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) { +- gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; ++ if (gds_mitigation == GDS_MITIGATION_FORCE) { ++ /* ++ * This only needs to be done on the boot CPU so do it ++ * here rather than in update_gds_msr() ++ */ ++ setup_clear_cpu_cap(X86_FEATURE_AVX); ++ pr_warn("Microcode update needed! Disabling AVX as mitigation.\n"); ++ } else { ++ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; ++ } + goto out; + } + ++ /* Microcode has mitigation, use it */ ++ if (gds_mitigation == GDS_MITIGATION_FORCE) ++ gds_mitigation = GDS_MITIGATION_FULL; ++ + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); + if (mcu_ctrl & GDS_MITG_LOCKED) { + if (gds_mitigation == GDS_MITIGATION_OFF) +@@ -755,6 +771,8 @@ static int __init gds_parse_cmdline(char *str) + + if (!strcmp(str, "off")) + gds_mitigation = GDS_MITIGATION_OFF; ++ else if (!strcmp(str, "force")) ++ gds_mitigation = GDS_MITIGATION_FORCE; + + return 0; + } diff --git a/patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch b/patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch new file mode 100644 index 000000000000..63a75b4632ca --- /dev/null +++ b/patches/kernel/0033-x86-speculation-Add-Kconfig-option-for-GDS.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Sneddon +Date: Wed, 12 Jul 2023 19:43:13 -0700 +Subject: [PATCH] x86/speculation: Add Kconfig option for GDS + +Gather Data Sampling (GDS) is mitigated in microcode. However, on +systems that haven't received the updated microcode, disabling AVX +can act as a mitigation. Add a Kconfig option that uses the microcode +mitigation if available and disables AVX otherwise. Setting this +option has no effect on systems not affected by GDS. This is the +equivalent of setting gather_data_sampling=force. + +Signed-off-by: Daniel Sneddon +Signed-off-by: Dave Hansen +Acked-by: Josh Poimboeuf + +(cherry picked from commit 53cf5797f114ba2bd86d23a862302119848eff19) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit 92bd969bbe475c5bca376d007ed6558085b237ba) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/Kconfig | 19 +++++++++++++++++++ + arch/x86/kernel/cpu/bugs.c | 4 ++++ + 2 files changed, 23 insertions(+) + +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 598a303819da..8451e0f36c66 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -2640,6 +2640,25 @@ config SLS + against straight line speculation. The kernel image might be slightly + larger. + ++config GDS_FORCE_MITIGATION ++ bool "Force GDS Mitigation" ++ depends on CPU_SUP_INTEL ++ default n ++ help ++ Gather Data Sampling (GDS) is a hardware vulnerability which allows ++ unprivileged speculative access to data which was previously stored in ++ vector registers. ++ ++ This option is equivalent to setting gather_data_sampling=force on the ++ command line. The microcode mitigation is used if present, otherwise ++ AVX is disabled as a mitigation. On affected systems that are missing ++ the microcode any userspace code that unconditionally uses AVX will ++ break with this option set. ++ ++ Setting this option on systems not vulnerable to GDS has no effect. ++ ++ If in doubt, say N. ++ + endif + + config ARCH_HAS_ADD_PAGES +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index 0cc3c4f09dd7..819a8aa0c706 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -658,7 +658,11 @@ enum gds_mitigations { + GDS_MITIGATION_HYPERVISOR, + }; + ++#if IS_ENABLED(CONFIG_GDS_FORCE_MITIGATION) ++static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE; ++#else + static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL; ++#endif + + static const char * const gds_strings[] = { + [GDS_MITIGATION_OFF] = "Vulnerable", diff --git a/patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch b/patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch new file mode 100644 index 000000000000..0d9aa6d7d366 --- /dev/null +++ b/patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Sneddon +Date: Wed, 12 Jul 2023 19:43:14 -0700 +Subject: [PATCH] KVM: Add GDS_NO support to KVM + +Gather Data Sampling (GDS) is a transient execution attack using +gather instructions from the AVX2 and AVX512 extensions. This attack +allows malicious code to infer data that was previously stored in +vector registers. Systems that are not vulnerable to GDS will set the +GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM +guests that may think they are on vulnerable systems that are, in +fact, not affected. Guests that are running on affected hosts where +the mitigation is enabled are protected as if they were running +on an unaffected system. + +On all hosts that are not affected or that are mitigated, set the +GDS_NO bit. + +Signed-off-by: Daniel Sneddon +Signed-off-by: Dave Hansen +Acked-by: Josh Poimboeuf + +(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit cd25885269804c59063c52ef587bde0d8fe17131) +Signed-off-by: Stoiko Ivanov +--- + arch/x86/kernel/cpu/bugs.c | 7 +++++++ + arch/x86/kvm/x86.c | 7 ++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index 819a8aa0c706..63ec50ef7d7c 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -673,6 +673,13 @@ static const char * const gds_strings[] = { + [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", + }; + ++bool gds_ucode_mitigated(void) ++{ ++ return (gds_mitigation == GDS_MITIGATION_FULL || ++ gds_mitigation == GDS_MITIGATION_FULL_LOCKED); ++} ++EXPORT_SYMBOL_GPL(gds_ucode_mitigated); ++ + void update_gds_msr(void) + { + u64 mcu_ctrl_after; +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 1c5775d51495..7d8b14f8807e 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -310,6 +310,8 @@ u64 __read_mostly host_xcr0; + + static struct kmem_cache *x86_emulator_cache; + ++extern bool gds_ucode_mitigated(void); ++ + /* + * When called, it means the previous get/set msr reached an invalid msr. + * Return true if we want to ignore/silent this failed msr access. +@@ -1598,7 +1600,7 @@ static unsigned int num_msr_based_features; + ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ + ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ + ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ +- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO) ++ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO) + + static u64 kvm_get_arch_capabilities(void) + { +@@ -1655,6 +1657,9 @@ static u64 kvm_get_arch_capabilities(void) + */ + } + ++ if (!boot_cpu_has_bug(X86_BUG_GDS) || gds_ucode_mitigated()) ++ data |= ARCH_CAP_GDS_NO; ++ + return data; + } + diff --git a/patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch b/patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch new file mode 100644 index 000000000000..16d769cf8818 --- /dev/null +++ b/patches/kernel/0035-Documentation-x86-Fix-backwards-on-off-logic-about-Y.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Dave Hansen +Date: Tue, 1 Aug 2023 07:31:07 -0700 +Subject: [PATCH] Documentation/x86: Fix backwards on/off logic about YMM + support + +These options clearly turn *off* XSAVE YMM support. Correct the +typo. + +Reported-by: Ben Hutchings +Fixes: 553a5c03e90a ("x86/speculation: Add force option to GDS mitigation") +Signed-off-by: Dave Hansen + +(cherry picked from commit 1b0fc0345f2852ffe54fb9ae0e12e2ee69ad6a20) +CVE-2022-40982 +Signed-off-by: Thadeu Lima de Souza Cascardo +Acked-by: Roxana Nicolescu +Acked-by: Stefan Bader +Signed-off-by: Stefan Bader +(cherry picked from commit f88fa53e3623291b52b8a6656c1ea9a5d6f6f284) +Signed-off-by: Stoiko Ivanov +--- + Documentation/admin-guide/hw-vuln/gather_data_sampling.rst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +index 40b7a6260010..264bfa937f7d 100644 +--- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst ++++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +@@ -63,7 +63,7 @@ GDS can also be mitigated on systems that don't have updated microcode by + disabling AVX. This can be done by setting gather_data_sampling="force" or + "clearcpuid=avx" on the kernel command-line. + +-If used, these options will disable AVX use by turning on XSAVE YMM support. ++If used, these options will disable AVX use by turning off XSAVE YMM support. + However, the processor will still enumerate AVX support. Userspace that + does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM + support will break. -- 2.39.2