5.10-stable patches

added patches:
	rtc-pcf85063-fallback-to-parent-of_node.patch
	x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch

diff --git a/queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch b/queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch
new file mode 100644 (file)
index 0000000..9b0bbd9
--- /dev/null
+++ b/queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch
@@ -0,0 +1,56 @@
+From 03531606ef4cda25b629f500d1ffb6173b805c05 Mon Sep 17 00:00:00 2001
+From: Francois Gervais <fgervais@distech-controls.com>
+Date: Wed, 10 Mar 2021 16:10:26 -0500
+Subject: rtc: pcf85063: fallback to parent of_node
+
+From: Francois Gervais <fgervais@distech-controls.com>
+
+commit 03531606ef4cda25b629f500d1ffb6173b805c05 upstream.
+
+The rtc device node is always NULL.
+
+Since v5.12-rc1-dontuse/3c9ea42802a1fbf7ef29660ff8c6e526c58114f6 this
+will lead to a NULL pointer dereference.
+
+To fix this use the parent node which is the i2c client node as set by
+devm_rtc_allocate_device().
+
+Using the i2c client node seems to be what other similar drivers do
+e.g. rtc-pcf8563.c.
+
+Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Link: https://lore.kernel.org/r/20210310211026.27299-1-fgervais@distech-controls.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/rtc/rtc-pcf85063.c |    7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/rtc/rtc-pcf85063.c
++++ b/drivers/rtc/rtc-pcf85063.c
+@@ -486,6 +486,7 @@ static struct clk *pcf85063_clkout_regis
+ {
+       struct clk *clk;
+       struct clk_init_data init;
++      struct device_node *node = pcf85063->rtc->dev.parent->of_node;
+ 
+       init.name = "pcf85063-clkout";
+       init.ops = &pcf85063_clkout_ops;
+@@ -495,15 +496,13 @@ static struct clk *pcf85063_clkout_regis
+       pcf85063->clkout_hw.init = &init;
+ 
+       /* optional override of the clockname */
+-      of_property_read_string(pcf85063->rtc->dev.of_node,
+-                              "clock-output-names", &init.name);
++      of_property_read_string(node, "clock-output-names", &init.name);
+ 
+       /* register the clock */
+       clk = devm_clk_register(&pcf85063->rtc->dev, &pcf85063->clkout_hw);
+ 
+       if (!IS_ERR(clk))
+-              of_clk_add_provider(pcf85063->rtc->dev.of_node,
+-                                  of_clk_src_simple_get, clk);
++              of_clk_add_provider(node, of_clk_src_simple_get, clk);
+ 
+       return clk;
+ }

diff --git a/queue-5.10/series b/queue-5.10/series
index 4a227683989315580a08a4ea42c2477d8aa6261d..48f3e25281524ce89c9881a820abc42b688403fa 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -100,3 +100,5 @@ drm-i915-gt-disable-hiz-raw-stall-optimization-on-broken-gen7.patch
 openrisc-mm-init.c-remove-unused-memblock_region-variable-in-map_ram.patch
 x86-xen-swap-nx-determination-and-gdt-setup-on-bsp.patch
 nvme-multipath-fix-double-initialization-of-ana-state.patch
+rtc-pcf85063-fallback-to-parent-of_node.patch
+x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch

diff --git a/queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch b/queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch
new file mode 100644 (file)
index 0000000..67a950c
--- /dev/null
+++ b/queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch
@@ -0,0 +1,134 @@
+From fef81c86262879d4b1176ef51a834c15b805ebb9 Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Fri, 12 Mar 2021 13:38:23 +0100
+Subject: x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit fef81c86262879d4b1176ef51a834c15b805ebb9 upstream.
+
+Check whether the hypervisor reported the correct C-bit when running
+as an SEV guest. Using a wrong C-bit position could be used to leak
+sensitive data from the guest to the hypervisor.
+
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/boot/compressed/head_64.S |   85 +++++++++++++++++++++++++++++++++++++
+ 1 file changed, 85 insertions(+)
+
+--- a/arch/x86/boot/compressed/head_64.S
++++ b/arch/x86/boot/compressed/head_64.S
+@@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32)
+        */
+       call    get_sev_encryption_bit
+       xorl    %edx, %edx
++#ifdef        CONFIG_AMD_MEM_ENCRYPT
+       testl   %eax, %eax
+       jz      1f
+       subl    $32, %eax       /* Encryption bit is always above bit 31 */
+       bts     %eax, %edx      /* Set encryption mask for page tables */
++      /*
++       * Mark SEV as active in sev_status so that startup32_check_sev_cbit()
++       * will do a check. The sev_status memory will be fully initialized
++       * with the contents of MSR_AMD_SEV_STATUS later in
++       * set_sev_encryption_mask(). For now it is sufficient to know that SEV
++       * is active.
++       */
++      movl    $1, rva(sev_status)(%ebp)
+ 1:
++#endif
+ 
+       /* Initialize Page tables to 0 */
+       leal    rva(pgtable)(%ebx), %edi
+@@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32)
+       movl    %esi, %edx
+ 1:
+ #endif
++      /* Check if the C-bit position is correct when SEV is active */
++      call    startup32_check_sev_cbit
++
+       pushl   $__KERNEL_CS
+       pushl   %eax
+ 
+@@ -787,6 +800,78 @@ SYM_DATA_END(loaded_image_proto)
+ #endif
+ 
+ /*
++ * Check for the correct C-bit position when the startup_32 boot-path is used.
++ *
++ * The check makes use of the fact that all memory is encrypted when paging is
++ * disabled. The function creates 64 bits of random data using the RDRAND
++ * instruction. RDRAND is mandatory for SEV guests, so always available. If the
++ * hypervisor violates that the kernel will crash right here.
++ *
++ * The 64 bits of random data are stored to a memory location and at the same
++ * time kept in the %eax and %ebx registers. Since encryption is always active
++ * when paging is off the random data will be stored encrypted in main memory.
++ *
++ * Then paging is enabled. When the C-bit position is correct all memory is
++ * still mapped encrypted and comparing the register values with memory will
++ * succeed. An incorrect C-bit position will map all memory unencrypted, so that
++ * the compare will use the encrypted random data and fail.
++ */
++      __HEAD
++      .code32
++SYM_FUNC_START(startup32_check_sev_cbit)
++#ifdef CONFIG_AMD_MEM_ENCRYPT
++      pushl   %eax
++      pushl   %ebx
++      pushl   %ecx
++      pushl   %edx
++
++      /* Check for non-zero sev_status */
++      movl    rva(sev_status)(%ebp), %eax
++      testl   %eax, %eax
++      jz      4f
++
++      /*
++       * Get two 32-bit random values - Don't bail out if RDRAND fails
++       * because it is better to prevent forward progress if no random value
++       * can be gathered.
++       */
++1:    rdrand  %eax
++      jnc     1b
++2:    rdrand  %ebx
++      jnc     2b
++
++      /* Store to memory and keep it in the registers */
++      movl    %eax, rva(sev_check_data)(%ebp)
++      movl    %ebx, rva(sev_check_data+4)(%ebp)
++
++      /* Enable paging to see if encryption is active */
++      movl    %cr0, %edx                       /* Backup %cr0 in %edx */
++      movl    $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
++      movl    %ecx, %cr0
++
++      cmpl    %eax, rva(sev_check_data)(%ebp)
++      jne     3f
++      cmpl    %ebx, rva(sev_check_data+4)(%ebp)
++      jne     3f
++
++      movl    %edx, %cr0      /* Restore previous %cr0 */
++
++      jmp     4f
++
++3:    /* Check failed - hlt the machine */
++      hlt
++      jmp     3b
++
++4:
++      popl    %edx
++      popl    %ecx
++      popl    %ebx
++      popl    %eax
++#endif
++      ret
++SYM_FUNC_END(startup32_check_sev_cbit)
++
++/*
+  * Stack and heap for uncompression
+  */
+       .bss