]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 54de197 6276c67)
Merge tag 'x86_misc_for_6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
authorLinus Torvalds <torvalds@linux-foundation.org>
Tue, 2 Dec 2025 22:16:42 +0000 (14:16 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 2 Dec 2025 22:16:42 +0000 (14:16 -0800)
Pull misc x86 updates from Dave Hansen:
 "The most significant are some changes to ensure that symbols exported
  for KVM are used only by KVM modules themselves, along with some
  related cleanups.

  In true x86/misc fashion, the other patch is completely unrelated and
  just enhances an existing pr_warn() to make it clear to users how they
  have tainted their kernel when something is mucking with MSRs.

  Summary:

   - Make MSR-induced taint easier for users to track down

   - Restrict KVM-specific exports to KVM itself"

* tag 'x86_misc_for_6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86: Restrict KVM-induced symbol exports to KVM modules where obvious/possible
  x86/mm: Drop unnecessary export of "ptdump_walk_pgd_level_debugfs"
  x86/mtrr: Drop unnecessary export of "mtrr_state"
  x86/bugs: Drop unnecessary export of "x86_spec_ctrl_base"
  x86/msr: Add CPU_OUT_OF_SPEC taint name to "unrecognized" pr_warn(msg)

1  2 
arch/x86/entry/entry.S patch | diff1 | diff2 | blob | history
arch/x86/events/amd/core.c patch | diff1 | diff2 | blob | history
arch/x86/events/core.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/apic/apic.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/cpu/amd.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/cpu/bugs.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/cpu/common.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/cpu/sgx/main.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/cpu/sgx/virt.c patch | diff1 | diff2 | blob | history

diff --cc arch/x86/entry/entry.S
index 772c64ed4523e48adfe49a250060c8ad92f40260,1d723c5ae9ddb6787e9b72f9f10b749cc2b277e1..6ba2b3adcef0f06b448868b0c46bff119b839f33
--- 1/arch/x86/entry/entry.S
--- 2/arch/x86/entry/entry.S
+++ b/arch/x86/entry/entry.S
@@@ -29,17 -30,8 +30,16 @@@ SYM_FUNC_START(write_ibpb
        FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_BUG_IBPB_NO_RET
        RET
  SYM_FUNC_END(write_ibpb)
- /* For KVM */
- EXPORT_SYMBOL_GPL(write_ibpb);
+ EXPORT_SYMBOL_FOR_KVM(write_ibpb);
  
 +SYM_FUNC_START(__WARN_trap)
 +      ANNOTATE_NOENDBR
 +      ANNOTATE_REACHABLE
 +      ud1 (%edx), %_ASM_ARG1
 +      RET
 +SYM_FUNC_END(__WARN_trap)
 +EXPORT_SYMBOL(__WARN_trap)
 +
  .popsection
  
  /*
diff --cc arch/x86/events/amd/core.c
Simple merge
diff --cc arch/x86/events/core.c
Simple merge
diff --cc arch/x86/kernel/apic/apic.c
Simple merge
diff --cc arch/x86/kernel/cpu/amd.c
Simple merge
diff --cc arch/x86/kernel/cpu/bugs.c
index 4fa8284c53a12781e7bab6d86bfc132fb75f76d4,d11a7655994e96175975755040f67664e0ba198e..d8660770dc6ac7e12bdcc41f198d798cb96effe1
--- 1/arch/x86/kernel/cpu/bugs.c
--- 2/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@@ -53,9 -54,55 +54,8 @@@
   * mitigation option.
   */
  
 -static void __init spectre_v1_select_mitigation(void);
 -static void __init spectre_v1_apply_mitigation(void);
 -static void __init spectre_v2_select_mitigation(void);
 -static void __init spectre_v2_update_mitigation(void);
 -static void __init spectre_v2_apply_mitigation(void);
 -static void __init retbleed_select_mitigation(void);
 -static void __init retbleed_update_mitigation(void);
 -static void __init retbleed_apply_mitigation(void);
 -static void __init spectre_v2_user_select_mitigation(void);
 -static void __init spectre_v2_user_update_mitigation(void);
 -static void __init spectre_v2_user_apply_mitigation(void);
 -static void __init ssb_select_mitigation(void);
 -static void __init ssb_apply_mitigation(void);
 -static void __init l1tf_select_mitigation(void);
 -static void __init l1tf_apply_mitigation(void);
 -static void __init mds_select_mitigation(void);
 -static void __init mds_update_mitigation(void);
 -static void __init mds_apply_mitigation(void);
 -static void __init taa_select_mitigation(void);
 -static void __init taa_update_mitigation(void);
 -static void __init taa_apply_mitigation(void);
 -static void __init mmio_select_mitigation(void);
 -static void __init mmio_update_mitigation(void);
 -static void __init mmio_apply_mitigation(void);
 -static void __init rfds_select_mitigation(void);
 -static void __init rfds_update_mitigation(void);
 -static void __init rfds_apply_mitigation(void);
 -static void __init srbds_select_mitigation(void);
 -static void __init srbds_apply_mitigation(void);
 -static void __init l1d_flush_select_mitigation(void);
 -static void __init srso_select_mitigation(void);
 -static void __init srso_update_mitigation(void);
 -static void __init srso_apply_mitigation(void);
 -static void __init gds_select_mitigation(void);
 -static void __init gds_apply_mitigation(void);
 -static void __init bhi_select_mitigation(void);
 -static void __init bhi_update_mitigation(void);
 -static void __init bhi_apply_mitigation(void);
 -static void __init its_select_mitigation(void);
 -static void __init its_update_mitigation(void);
 -static void __init its_apply_mitigation(void);
 -static void __init tsa_select_mitigation(void);
 -static void __init tsa_apply_mitigation(void);
 -static void __init vmscape_select_mitigation(void);
 -static void __init vmscape_update_mitigation(void);
 -static void __init vmscape_apply_mitigation(void);
 -
  /* The base value of the SPEC_CTRL MSR without task-specific bits set */
  u64 x86_spec_ctrl_base;
- EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
  
  /* The current value of the SPEC_CTRL MSR with task-specific bits set */
  DEFINE_PER_CPU(u64, x86_spec_ctrl_current);
diff --cc arch/x86/kernel/cpu/common.c
Simple merge
diff --cc arch/x86/kernel/cpu/sgx/main.c
index 3eda7e7942e67810d91050cd5fc165089237b0e2,fc8fb64d62f44bb61096b2ac9cbfba304048e355..dc73194416ac8fb485da56f9789a289b41e01bbe
--- 1/arch/x86/kernel/cpu/sgx/main.c
--- 2/arch/x86/kernel/cpu/sgx/main.c
+++ b/arch/x86/kernel/cpu/sgx/main.c
@@@ -916,108 -916,8 +917,108 @@@ int sgx_set_attribute(unsigned long *al
        *allowed_attributes |= SGX_ATTR_PROVISIONKEY;
        return 0;
  }
- EXPORT_SYMBOL_GPL(sgx_set_attribute);
+ EXPORT_SYMBOL_FOR_KVM(sgx_set_attribute);
  
 +/* Counter to count the active SGX users */
 +static int sgx_usage_count;
 +
 +/**
 + * sgx_update_svn() - Attempt to call ENCLS[EUPDATESVN].
 + *
 + * This instruction attempts to update CPUSVN to the
 + * currently loaded microcode update SVN and generate new
 + * cryptographic assets.
 + *
 + * Return:
 + * * %0:       - Success or not supported
 + * * %-EAGAIN: - Can be safely retried, failure is due to lack of
 + * *             entropy in RNG
 + * * %-EIO:    - Unexpected error, retries are not advisable
 + */
 +static int sgx_update_svn(void)
 +{
 +      int ret;
 +
 +      /*
 +       * If EUPDATESVN is not available, it is ok to
 +       * silently skip it to comply with legacy behavior.
 +       */
 +      if (!cpu_feature_enabled(X86_FEATURE_SGX_EUPDATESVN))
 +              return 0;
 +
 +      /*
 +       * EPC is guaranteed to be empty when there are no users.
 +       * Ensure we are on our first user before proceeding further.
 +       */
 +      WARN(sgx_usage_count, "Elevated usage count when calling EUPDATESVN\n");
 +
 +      for (int i = 0; i < RDRAND_RETRY_LOOPS; i++) {
 +              ret = __eupdatesvn();
 +
 +              /* Stop on success or unexpected errors: */
 +              if (ret != SGX_INSUFFICIENT_ENTROPY)
 +                      break;
 +      }
 +
 +      switch (ret) {
 +      case 0:
 +              /*
 +               * SVN successfully updated.
 +               * Let users know when the update was successful.
 +               */
 +              pr_info("SVN updated successfully\n");
 +              return 0;
 +      case SGX_NO_UPDATE:
 +              /*
 +               * SVN update failed since the current SVN is
 +               * not newer than CPUSVN. This is the most
 +               * common case and indicates no harm.
 +               */
 +              return 0;
 +      case SGX_INSUFFICIENT_ENTROPY:
 +              /*
 +               * SVN update failed due to lack of entropy in DRNG.
 +               * Indicate to userspace that it should retry.
 +               */
 +              return -EAGAIN;
 +      default:
 +              break;
 +      }
 +
 +      /*
 +       * EUPDATESVN was called when EPC is empty, all other error
 +       * codes are unexpected.
 +       */
 +      ENCLS_WARN(ret, "EUPDATESVN");
 +      return -EIO;
 +}
 +
 +/* Mutex to ensure no concurrent EPC accesses during EUPDATESVN */
 +static DEFINE_MUTEX(sgx_svn_lock);
 +
 +int sgx_inc_usage_count(void)
 +{
 +      int ret;
 +
 +      guard(mutex)(&sgx_svn_lock);
 +
 +      if (!sgx_usage_count) {
 +              ret = sgx_update_svn();
 +              if (ret)
 +                      return ret;
 +      }
 +
 +      sgx_usage_count++;
 +
 +      return 0;
 +}
 +
 +void sgx_dec_usage_count(void)
 +{
 +      guard(mutex)(&sgx_svn_lock);
 +      sgx_usage_count--;
 +}
 +
  static int __init sgx_init(void)
  {
        int ret;
diff --cc arch/x86/kernel/cpu/sgx/virt.c
Simple merge
A mirror of Linus' kernel repository