--- /dev/null
+From e7d24c0aa8e678f41457d1304e2091cac6fd1a2e Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Thu, 28 Mar 2024 07:42:57 +0100
+Subject: gcc-plugins/stackleak: Avoid .head.text section
+
+From: Ard Biesheuvel <ardb@kernel.org>
+
+commit e7d24c0aa8e678f41457d1304e2091cac6fd1a2e upstream.
+
+The .head.text section carries the startup code that runs with the MMU
+off or with a translation of memory that deviates from the ordinary one.
+So avoid instrumentation with the stackleak plugin, which already avoids
+.init.text and .noinstr.text entirely.
+
+Fixes: 48204aba801f1b51 ("x86/sme: Move early SME kernel encryption handling into .head.text")
+Reported-by: kernel test robot <oliver.sang@intel.com>
+Closes: https://lore.kernel.org/oe-lkp/202403221630.2692c998-oliver.sang@intel.com
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Link: https://lore.kernel.org/r/20240328064256.2358634-2-ardb+git@google.com
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ scripts/gcc-plugins/stackleak_plugin.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/scripts/gcc-plugins/stackleak_plugin.c
++++ b/scripts/gcc-plugins/stackleak_plugin.c
+@@ -467,6 +467,8 @@ static bool stackleak_gate(void)
+ return false;
+ if (STRING_EQUAL(section, ".entry.text"))
+ return false;
++ if (STRING_EQUAL(section, ".head.text"))
++ return false;
+ }
+
+ return track_frame_size >= 0;
--- /dev/null
+From ae978009fc013e3166c9f523f8b17e41a3c0286e Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Sun, 6 Feb 2022 09:12:50 -0800
+Subject: gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
+
+From: Kees Cook <keescook@chromium.org>
+
+commit ae978009fc013e3166c9f523f8b17e41a3c0286e upstream.
+
+The .noinstr.text section functions may not have "current()" sanely
+available. Similarly true for .entry.text, though such a check is
+currently redundant. Add a check for both. In an x86_64 defconfig build,
+the following functions no longer receive stackleak instrumentation:
+
+ __do_fast_syscall_32()
+ do_int80_syscall_32()
+ do_machine_check()
+ do_syscall_64()
+ exc_general_protection()
+ fixup_bad_iret()
+
+Suggested-by: Peter Zijlstra <peterz@infradead.org>
+Cc: Alexander Popov <alex.popov@linux.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ scripts/gcc-plugins/stackleak_plugin.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/scripts/gcc-plugins/stackleak_plugin.c
++++ b/scripts/gcc-plugins/stackleak_plugin.c
+@@ -463,6 +463,10 @@ static bool stackleak_gate(void)
+ return false;
+ if (STRING_EQUAL(section, ".meminit.text"))
+ return false;
++ if (STRING_EQUAL(section, ".noinstr.text"))
++ return false;
++ if (STRING_EQUAL(section, ".entry.text"))
++ return false;
+ }
+
+ return track_frame_size >= 0;
netfilter-nf_tables-release-mutex-after-nft_gc_seq_e.patch
netfilter-nf_tables-discard-table-flag-update-with-p.patch
tty-n_gsm-require-cap_net_admin-to-attach-n_gsm0710-ldisc.patch
+gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch
+gcc-plugins-stackleak-avoid-.head.text-section.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
