--- /dev/null
+From 1c36f1e4e53c5d4221590648cc75e8b403600a9e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 22 Jun 2020 16:24:33 -0700
+Subject: crypto: aesni - add compatibility with IAS
+
+From: Jian Cai <caij2003@gmail.com>
+
+[ Upstream commit 44069737ac9625a0f02f0f7f5ab96aae4cd819bc ]
+
+Clang's integrated assembler complains "invalid reassignment of
+non-absolute variable 'var_ddq_add'" while assembling
+arch/x86/crypto/aes_ctrby8_avx-x86_64.S. It was because var_ddq_add was
+reassigned with non-absolute values several times, which IAS did not
+support. We can avoid the reassignment by replacing the uses of
+var_ddq_add with its definitions accordingly to have compatilibility
+with IAS.
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/1008
+Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
+Reported-by: Fangrui Song <maskray@google.com>
+Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # build+boot Linux v5.7.5; clang v11.0.0-git
+Signed-off-by: Jian Cai <caij2003@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/crypto/aes_ctrby8_avx-x86_64.S | 14 +++-----------
+ 1 file changed, 3 insertions(+), 11 deletions(-)
+
+diff --git a/arch/x86/crypto/aes_ctrby8_avx-x86_64.S b/arch/x86/crypto/aes_ctrby8_avx-x86_64.S
+index 5f6a5af9c489b..77043a82da510 100644
+--- a/arch/x86/crypto/aes_ctrby8_avx-x86_64.S
++++ b/arch/x86/crypto/aes_ctrby8_avx-x86_64.S
+@@ -127,10 +127,6 @@ ddq_add_8:
+
+ /* generate a unique variable for ddq_add_x */
+
+-.macro setddq n
+- var_ddq_add = ddq_add_\n
+-.endm
+-
+ /* generate a unique variable for xmm register */
+ .macro setxdata n
+ var_xdata = %xmm\n
+@@ -140,9 +136,7 @@ ddq_add_8:
+
+ .macro club name, id
+ .altmacro
+- .if \name == DDQ_DATA
+- setddq %\id
+- .elseif \name == XDATA
++ .if \name == XDATA
+ setxdata %\id
+ .endif
+ .noaltmacro
+@@ -165,9 +159,8 @@ ddq_add_8:
+
+ .set i, 1
+ .rept (by - 1)
+- club DDQ_DATA, i
+ club XDATA, i
+- vpaddq var_ddq_add(%rip), xcounter, var_xdata
++ vpaddq (ddq_add_1 + 16 * (i - 1))(%rip), xcounter, var_xdata
+ vptest ddq_low_msk(%rip), var_xdata
+ jnz 1f
+ vpaddq ddq_high_add_1(%rip), var_xdata, var_xdata
+@@ -180,8 +173,7 @@ ddq_add_8:
+ vmovdqa 1*16(p_keys), xkeyA
+
+ vpxor xkey0, xdata0, xdata0
+- club DDQ_DATA, by
+- vpaddq var_ddq_add(%rip), xcounter, xcounter
++ vpaddq (ddq_add_1 + 16 * (by - 1))(%rip), xcounter, xcounter
+ vptest ddq_low_msk(%rip), xcounter
+ jnz 1f
+ vpaddq ddq_high_add_1(%rip), xcounter, xcounter
+--
+2.25.1
+
--- /dev/null
+From e0706fdd3f07ee01ba21f9de305e4932eb213f4b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 Aug 2020 11:16:17 -0700
+Subject: x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 8ab49526b53d3172d1d8dd03a75c7d1f5bd21239 ]
+
+syzbot found its way in 86_fsgsbase_read_task() and triggered this oops:
+
+ KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
+ CPU: 0 PID: 6866 Comm: syz-executor262 Not tainted 5.8.0-syzkaller #0
+ RIP: 0010:x86_fsgsbase_read_task+0x16d/0x310 arch/x86/kernel/process_64.c:393
+ Call Trace:
+ putreg32+0x3ab/0x530 arch/x86/kernel/ptrace.c:876
+ genregs32_set arch/x86/kernel/ptrace.c:1026 [inline]
+ genregs32_set+0xa4/0x100 arch/x86/kernel/ptrace.c:1006
+ copy_regset_from_user include/linux/regset.h:326 [inline]
+ ia32_arch_ptrace arch/x86/kernel/ptrace.c:1061 [inline]
+ compat_arch_ptrace+0x36c/0xd90 arch/x86/kernel/ptrace.c:1198
+ __do_compat_sys_ptrace kernel/ptrace.c:1420 [inline]
+ __se_compat_sys_ptrace kernel/ptrace.c:1389 [inline]
+ __ia32_compat_sys_ptrace+0x220/0x2f0 kernel/ptrace.c:1389
+ do_syscall_32_irqs_on arch/x86/entry/common.c:84 [inline]
+ __do_fast_syscall_32+0x57/0x80 arch/x86/entry/common.c:126
+ do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:149
+ entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
+
+This can happen if ptrace() or sigreturn() pokes an LDT selector into FS
+or GS for a task with no LDT and something tries to read the base before
+a return to usermode notices the bad selector and fixes it.
+
+The fix is to make sure ldt pointer is not NULL.
+
+Fixes: 07e1d88adaae ("x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately")
+Co-developed-by: Jann Horn <jannh@google.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Acked-by: Andy Lutomirski <luto@kernel.org>
+Cc: Chang S. Bae <chang.seok.bae@intel.com>
+Cc: Andy Lutomirski <luto@amacapital.net>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Markus T Metzger <markus.t.metzger@intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ravi Shankar <ravi.v.shankar@intel.com>
+Cc: Rik van Riel <riel@surriel.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/ptrace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
+index 734549492a18b..dc4d27000aa35 100644
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -374,7 +374,7 @@ static unsigned long task_seg_base(struct task_struct *task,
+ */
+ mutex_lock(&task->mm->context.lock);
+ ldt = task->mm->context.ldt;
+- if (unlikely(idx >= ldt->nr_entries))
++ if (unlikely(!ldt || idx >= ldt->nr_entries))
+ base = 0;
+ else
+ base = get_desc_base(ldt->entries + idx);
+--
+2.25.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
