5.4-stable patches

added patches:
	syscalls-x86-fix-function-types-in-cond_syscall.patch
	syscalls-x86-use-compat_syscall_define0-for-ia32-rt_-sigreturn.patch
	syscalls-x86-use-the-correct-function-type-for-sys_ni_syscall.patch
	syscalls-x86-wire-up-compat_syscall_define0.patch

diff --git a/queue-5.4/series b/queue-5.4/series
index 5e06741246279b1e34dc2b0f0e7dcfc35f3ed558..190618b175c8523678eca21e3d05e0296c64d045 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -44,3 +44,7 @@ dt-bindings-reset-fix-brcmstb-reset-example.patch
 reset-brcmstb-remove-resource-checks.patch
 afs-fix-missing-cell-comparison-in-afs_test_super.patch
 perf-vendor-events-s390-remove-name-from-l1d_ro_excl_writes-description.patch
+syscalls-x86-wire-up-compat_syscall_define0.patch
+syscalls-x86-use-compat_syscall_define0-for-ia32-rt_-sigreturn.patch
+syscalls-x86-use-the-correct-function-type-for-sys_ni_syscall.patch
+syscalls-x86-fix-function-types-in-cond_syscall.patch

diff --git a/queue-5.4/syscalls-x86-fix-function-types-in-cond_syscall.patch b/queue-5.4/syscalls-x86-fix-function-types-in-cond_syscall.patch
new file mode 100644 (file)
index 0000000..68bd6af
--- /dev/null
+++ b/queue-5.4/syscalls-x86-fix-function-types-in-cond_syscall.patch
@@ -0,0 +1,80 @@
+From 6e4847640c6aebcaa2d9b3686cecc91b41f09269 Mon Sep 17 00:00:00 2001
+From: Sami Tolvanen <samitolvanen@google.com>
+Date: Tue, 8 Oct 2019 15:40:49 -0700
+Subject: syscalls/x86: Fix function types in COND_SYSCALL
+
+From: Sami Tolvanen <samitolvanen@google.com>
+
+commit 6e4847640c6aebcaa2d9b3686cecc91b41f09269 upstream.
+
+Define a weak function in COND_SYSCALL instead of a weak alias to
+sys_ni_syscall(), which has an incompatible type. This fixes indirect
+call mismatches with Control-Flow Integrity (CFI) checking.
+
+Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
+Acked-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: H . Peter Anvin <hpa@zytor.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: https://lkml.kernel.org/r/20191008224049.115427-6-samitolvanen@google.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/syscall_wrapper.h |   21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/include/asm/syscall_wrapper.h
++++ b/arch/x86/include/asm/syscall_wrapper.h
+@@ -6,6 +6,8 @@
+ #ifndef _ASM_X86_SYSCALL_WRAPPER_H
+ #define _ASM_X86_SYSCALL_WRAPPER_H
+ 
++struct pt_regs;
++
+ /* Mapping of registers to parameters for syscalls on x86-64 and x32 */
+ #define SC_X86_64_REGS_TO_ARGS(x, ...)                                        \
+       __MAP(x,__SC_ARGS                                               \
+@@ -64,9 +66,15 @@
+       SYSCALL_ALIAS(__ia32_sys_##sname, __x64_sys_##sname);           \
+       asmlinkage long __x64_sys_##sname(const struct pt_regs *__unused)
+ 
+-#define COND_SYSCALL(name)                                            \
+-      cond_syscall(__x64_sys_##name);                                 \
+-      cond_syscall(__ia32_sys_##name)
++#define COND_SYSCALL(name)                                                    \
++      asmlinkage __weak long __x64_sys_##name(const struct pt_regs *__unused) \
++      {                                                                       \
++              return sys_ni_syscall();                                        \
++      }                                                                       \
++      asmlinkage __weak long __ia32_sys_##name(const struct pt_regs *__unused)\
++      {                                                                       \
++              return sys_ni_syscall();                                        \
++      }
+ 
+ #define SYS_NI(name)                                                  \
+       SYSCALL_ALIAS(__x64_sys_##name, sys_ni_posix_timers);           \
+@@ -218,7 +226,11 @@
+ #endif
+ 
+ #ifndef COND_SYSCALL
+-#define COND_SYSCALL(name) cond_syscall(__x64_sys_##name)
++#define COND_SYSCALL(name)                                                    \
++      asmlinkage __weak long __x64_sys_##name(const struct pt_regs *__unused) \
++      {                                                                       \
++              return sys_ni_syscall();                                        \
++      }
+ #endif
+ 
+ #ifndef SYS_NI
+@@ -230,7 +242,6 @@
+  * For VSYSCALLS, we need to declare these three syscalls with the new
+  * pt_regs-based calling convention for in-kernel use.
+  */
+-struct pt_regs;
+ asmlinkage long __x64_sys_getcpu(const struct pt_regs *regs);
+ asmlinkage long __x64_sys_gettimeofday(const struct pt_regs *regs);
+ asmlinkage long __x64_sys_time(const struct pt_regs *regs);

diff --git a/queue-5.4/syscalls-x86-use-compat_syscall_define0-for-ia32-rt_-sigreturn.patch b/queue-5.4/syscalls-x86-use-compat_syscall_define0-for-ia32-rt_-sigreturn.patch
new file mode 100644 (file)
index 0000000..df2b880
--- /dev/null
+++ b/queue-5.4/syscalls-x86-use-compat_syscall_define0-for-ia32-rt_-sigreturn.patch
@@ -0,0 +1,78 @@
+From 00198a6eaf66609de5e4de9163bb42c7ca9dd7b7 Mon Sep 17 00:00:00 2001
+From: Sami Tolvanen <samitolvanen@google.com>
+Date: Tue, 8 Oct 2019 15:40:47 -0700
+Subject: syscalls/x86: Use COMPAT_SYSCALL_DEFINE0 for IA32 (rt_)sigreturn
+
+From: Sami Tolvanen <samitolvanen@google.com>
+
+commit 00198a6eaf66609de5e4de9163bb42c7ca9dd7b7 upstream.
+
+Use COMPAT_SYSCALL_DEFINE0 to define (rt_)sigreturn() syscalls to
+replace sys32_sigreturn() and sys32_rt_sigreturn(). This fixes indirect
+call mismatches with Control-Flow Integrity (CFI) checking.
+
+Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
+Acked-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: H . Peter Anvin <hpa@zytor.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: https://lkml.kernel.org/r/20191008224049.115427-4-samitolvanen@google.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/syscalls/syscall_32.tbl |    4 ++--
+ arch/x86/ia32/ia32_signal.c            |    5 +++--
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/entry/syscalls/syscall_32.tbl
++++ b/arch/x86/entry/syscalls/syscall_32.tbl
+@@ -130,7 +130,7 @@
+ 116   i386    sysinfo                 sys_sysinfo                     __ia32_compat_sys_sysinfo
+ 117   i386    ipc                     sys_ipc                         __ia32_compat_sys_ipc
+ 118   i386    fsync                   sys_fsync                       __ia32_sys_fsync
+-119   i386    sigreturn               sys_sigreturn                   sys32_sigreturn
++119   i386    sigreturn               sys_sigreturn                   __ia32_compat_sys_sigreturn
+ 120   i386    clone                   sys_clone                       __ia32_compat_sys_x86_clone
+ 121   i386    setdomainname           sys_setdomainname               __ia32_sys_setdomainname
+ 122   i386    uname                   sys_newuname                    __ia32_sys_newuname
+@@ -184,7 +184,7 @@
+ 170   i386    setresgid               sys_setresgid16                 __ia32_sys_setresgid16
+ 171   i386    getresgid               sys_getresgid16                 __ia32_sys_getresgid16
+ 172   i386    prctl                   sys_prctl                       __ia32_sys_prctl
+-173   i386    rt_sigreturn            sys_rt_sigreturn                sys32_rt_sigreturn
++173   i386    rt_sigreturn            sys_rt_sigreturn                __ia32_compat_sys_rt_sigreturn
+ 174   i386    rt_sigaction            sys_rt_sigaction                __ia32_compat_sys_rt_sigaction
+ 175   i386    rt_sigprocmask          sys_rt_sigprocmask              __ia32_compat_sys_rt_sigprocmask
+ 176   i386    rt_sigpending           sys_rt_sigpending               __ia32_compat_sys_rt_sigpending
+--- a/arch/x86/ia32/ia32_signal.c
++++ b/arch/x86/ia32/ia32_signal.c
+@@ -21,6 +21,7 @@
+ #include <linux/personality.h>
+ #include <linux/compat.h>
+ #include <linux/binfmts.h>
++#include <linux/syscalls.h>
+ #include <asm/ucontext.h>
+ #include <linux/uaccess.h>
+ #include <asm/fpu/internal.h>
+@@ -118,7 +119,7 @@ static int ia32_restore_sigcontext(struc
+       return err;
+ }
+ 
+-asmlinkage long sys32_sigreturn(void)
++COMPAT_SYSCALL_DEFINE0(sigreturn)
+ {
+       struct pt_regs *regs = current_pt_regs();
+       struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8);
+@@ -144,7 +145,7 @@ badframe:
+       return 0;
+ }
+ 
+-asmlinkage long sys32_rt_sigreturn(void)
++COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
+ {
+       struct pt_regs *regs = current_pt_regs();
+       struct rt_sigframe_ia32 __user *frame;

diff --git a/queue-5.4/syscalls-x86-use-the-correct-function-type-for-sys_ni_syscall.patch b/queue-5.4/syscalls-x86-use-the-correct-function-type-for-sys_ni_syscall.patch
new file mode 100644 (file)
index 0000000..9dc8e29
--- /dev/null
+++ b/queue-5.4/syscalls-x86-use-the-correct-function-type-for-sys_ni_syscall.patch
@@ -0,0 +1,117 @@
+From f48f01a92cca09e86d46c91d8edf9d5a71c61727 Mon Sep 17 00:00:00 2001
+From: Sami Tolvanen <samitolvanen@google.com>
+Date: Tue, 8 Oct 2019 15:40:48 -0700
+Subject: syscalls/x86: Use the correct function type for sys_ni_syscall
+
+From: Sami Tolvanen <samitolvanen@google.com>
+
+commit f48f01a92cca09e86d46c91d8edf9d5a71c61727 upstream.
+
+Use the correct function type for sys_ni_syscall() in system
+call tables to fix indirect call mismatches with Control-Flow
+Integrity (CFI) checking.
+
+Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
+Acked-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: H . Peter Anvin <hpa@zytor.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: https://lkml.kernel.org/r/20191008224049.115427-5-samitolvanen@google.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/syscall_32.c            |    8 +++-----
+ arch/x86/entry/syscall_64.c            |   14 ++++++++++----
+ arch/x86/entry/syscalls/syscall_32.tbl |    4 ++--
+ 3 files changed, 15 insertions(+), 11 deletions(-)
+
+--- a/arch/x86/entry/syscall_32.c
++++ b/arch/x86/entry/syscall_32.c
+@@ -10,13 +10,11 @@
+ #ifdef CONFIG_IA32_EMULATION
+ /* On X86_64, we use struct pt_regs * to pass parameters to syscalls */
+ #define __SYSCALL_I386(nr, sym, qual) extern asmlinkage long sym(const struct pt_regs *);
+-
+-/* this is a lie, but it does not hurt as sys_ni_syscall just returns -EINVAL */
+-extern asmlinkage long sys_ni_syscall(const struct pt_regs *);
+-
++#define __sys_ni_syscall __ia32_sys_ni_syscall
+ #else /* CONFIG_IA32_EMULATION */
+ #define __SYSCALL_I386(nr, sym, qual) extern asmlinkage long sym(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
+ extern asmlinkage long sys_ni_syscall(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
++#define __sys_ni_syscall sys_ni_syscall
+ #endif /* CONFIG_IA32_EMULATION */
+ 
+ #include <asm/syscalls_32.h>
+@@ -29,6 +27,6 @@ __visible const sys_call_ptr_t ia32_sys_
+        * Smells like a compiler bug -- it doesn't work
+        * when the & below is removed.
+        */
+-      [0 ... __NR_syscall_compat_max] = &sys_ni_syscall,
++      [0 ... __NR_syscall_compat_max] = &__sys_ni_syscall,
+ #include <asm/syscalls_32.h>
+ };
+--- a/arch/x86/entry/syscall_64.c
++++ b/arch/x86/entry/syscall_64.c
+@@ -4,11 +4,17 @@
+ #include <linux/linkage.h>
+ #include <linux/sys.h>
+ #include <linux/cache.h>
++#include <linux/syscalls.h>
+ #include <asm/asm-offsets.h>
+ #include <asm/syscall.h>
+ 
+-/* this is a lie, but it does not hurt as sys_ni_syscall just returns -EINVAL */
+-extern asmlinkage long sys_ni_syscall(const struct pt_regs *);
++extern asmlinkage long sys_ni_syscall(void);
++
++SYSCALL_DEFINE0(ni_syscall)
++{
++      return sys_ni_syscall();
++}
++
+ #define __SYSCALL_64(nr, sym, qual) extern asmlinkage long sym(const struct pt_regs *);
+ #define __SYSCALL_X32(nr, sym, qual) __SYSCALL_64(nr, sym, qual)
+ #include <asm/syscalls_64.h>
+@@ -23,7 +29,7 @@ asmlinkage const sys_call_ptr_t sys_call
+        * Smells like a compiler bug -- it doesn't work
+        * when the & below is removed.
+        */
+-      [0 ... __NR_syscall_max] = &sys_ni_syscall,
++      [0 ... __NR_syscall_max] = &__x64_sys_ni_syscall,
+ #include <asm/syscalls_64.h>
+ };
+ 
+@@ -40,7 +46,7 @@ asmlinkage const sys_call_ptr_t x32_sys_
+        * Smells like a compiler bug -- it doesn't work
+        * when the & below is removed.
+        */
+-      [0 ... __NR_syscall_x32_max] = &sys_ni_syscall,
++      [0 ... __NR_syscall_x32_max] = &__x64_sys_ni_syscall,
+ #include <asm/syscalls_64.h>
+ };
+ 
+--- a/arch/x86/entry/syscalls/syscall_32.tbl
++++ b/arch/x86/entry/syscalls/syscall_32.tbl
+@@ -124,7 +124,7 @@
+ 110   i386    iopl                    sys_iopl                        __ia32_sys_iopl
+ 111   i386    vhangup                 sys_vhangup                     __ia32_sys_vhangup
+ 112   i386    idle
+-113   i386    vm86old                 sys_vm86old                     sys_ni_syscall
++113   i386    vm86old                 sys_vm86old                     __ia32_sys_ni_syscall
+ 114   i386    wait4                   sys_wait4                       __ia32_compat_sys_wait4
+ 115   i386    swapoff                 sys_swapoff                     __ia32_sys_swapoff
+ 116   i386    sysinfo                 sys_sysinfo                     __ia32_compat_sys_sysinfo
+@@ -177,7 +177,7 @@
+ 163   i386    mremap                  sys_mremap                      __ia32_sys_mremap
+ 164   i386    setresuid               sys_setresuid16                 __ia32_sys_setresuid16
+ 165   i386    getresuid               sys_getresuid16                 __ia32_sys_getresuid16
+-166   i386    vm86                    sys_vm86                        sys_ni_syscall
++166   i386    vm86                    sys_vm86                        __ia32_sys_ni_syscall
+ 167   i386    query_module
+ 168   i386    poll                    sys_poll                        __ia32_sys_poll
+ 169   i386    nfsservctl

diff --git a/queue-5.4/syscalls-x86-wire-up-compat_syscall_define0.patch b/queue-5.4/syscalls-x86-wire-up-compat_syscall_define0.patch
new file mode 100644 (file)
index 0000000..e74460d
--- /dev/null
+++ b/queue-5.4/syscalls-x86-wire-up-compat_syscall_define0.patch
@@ -0,0 +1,98 @@
+From cf3b83e19d7c928e05a5d193c375463182c6029a Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Tue, 8 Oct 2019 15:40:46 -0700
+Subject: syscalls/x86: Wire up COMPAT_SYSCALL_DEFINE0
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit cf3b83e19d7c928e05a5d193c375463182c6029a upstream.
+
+x86 has special handling for COMPAT_SYSCALL_DEFINEx, but there was
+no override for COMPAT_SYSCALL_DEFINE0.  Wire it up so that we can
+use it for rt_sigreturn.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: H . Peter Anvin <hpa@zytor.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: https://lkml.kernel.org/r/20191008224049.115427-3-samitolvanen@google.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/syscall_wrapper.h |   32 ++++++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/include/asm/syscall_wrapper.h
++++ b/arch/x86/include/asm/syscall_wrapper.h
+@@ -28,13 +28,21 @@
+  * kernel/sys_ni.c and SYS_NI in kernel/time/posix-stubs.c to cover this
+  * case as well.
+  */
++#define __IA32_COMPAT_SYS_STUB0(x, name)                              \
++      asmlinkage long __ia32_compat_sys_##name(const struct pt_regs *regs);\
++      ALLOW_ERROR_INJECTION(__ia32_compat_sys_##name, ERRNO);         \
++      asmlinkage long __ia32_compat_sys_##name(const struct pt_regs *regs)\
++      {                                                               \
++              return __se_compat_sys_##name();                        \
++      }
++
+ #define __IA32_COMPAT_SYS_STUBx(x, name, ...)                         \
+       asmlinkage long __ia32_compat_sys##name(const struct pt_regs *regs);\
+       ALLOW_ERROR_INJECTION(__ia32_compat_sys##name, ERRNO);          \
+       asmlinkage long __ia32_compat_sys##name(const struct pt_regs *regs)\
+       {                                                               \
+               return __se_compat_sys##name(SC_IA32_REGS_TO_ARGS(x,__VA_ARGS__));\
+-      }                                                               \
++      }
+ 
+ #define __IA32_SYS_STUBx(x, name, ...)                                        \
+       asmlinkage long __ia32_sys##name(const struct pt_regs *regs);   \
+@@ -76,15 +84,24 @@
+  * of the x86-64-style parameter ordering of x32 syscalls. The syscalls common
+  * with x86_64 obviously do not need such care.
+  */
++#define __X32_COMPAT_SYS_STUB0(x, name, ...)                          \
++      asmlinkage long __x32_compat_sys_##name(const struct pt_regs *regs);\
++      ALLOW_ERROR_INJECTION(__x32_compat_sys_##name, ERRNO);          \
++      asmlinkage long __x32_compat_sys_##name(const struct pt_regs *regs)\
++      {                                                               \
++              return __se_compat_sys_##name();\
++      }
++
+ #define __X32_COMPAT_SYS_STUBx(x, name, ...)                          \
+       asmlinkage long __x32_compat_sys##name(const struct pt_regs *regs);\
+       ALLOW_ERROR_INJECTION(__x32_compat_sys##name, ERRNO);           \
+       asmlinkage long __x32_compat_sys##name(const struct pt_regs *regs)\
+       {                                                               \
+               return __se_compat_sys##name(SC_X86_64_REGS_TO_ARGS(x,__VA_ARGS__));\
+-      }                                                               \
++      }
+ 
+ #else /* CONFIG_X86_X32 */
++#define __X32_COMPAT_SYS_STUB0(x, name)
+ #define __X32_COMPAT_SYS_STUBx(x, name, ...)
+ #endif /* CONFIG_X86_X32 */
+ 
+@@ -95,6 +112,17 @@
+  * mapping of registers to parameters, we need to generate stubs for each
+  * of them.
+  */
++#define COMPAT_SYSCALL_DEFINE0(name)                                  \
++      static long __se_compat_sys_##name(void);                       \
++      static inline long __do_compat_sys_##name(void);                \
++      __IA32_COMPAT_SYS_STUB0(x, name)                                \
++      __X32_COMPAT_SYS_STUB0(x, name)                                 \
++      static long __se_compat_sys_##name(void)                        \
++      {                                                               \
++              return __do_compat_sys_##name();                        \
++      }                                                               \
++      static inline long __do_compat_sys_##name(void)
++
+ #define COMPAT_SYSCALL_DEFINEx(x, name, ...)                                  \
+       static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__));      \
+       static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\