x86_64-traps-fix-the-espfix64-df-fixup-and-rewrite-it-in-c.patch
x86_64-traps-stop-using-ist-for-ss.patch
x86_64-traps-rework-bad_iret.patch
+x86-require-exact-match-for-noxsave-command-line-option.patch
+x86-mm-set-nx-across-entire-pmd-at-boot.patch
+uprobes-x86-fix-_tif_uprobe-vs-_tif_notify_resume.patch
--- /dev/null
+From 82975bc6a6df743b9a01810fb32cb65d0ec5d60b Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Fri, 21 Nov 2014 13:26:07 -0800
+Subject: uprobes, x86: Fix _TIF_UPROBE vs _TIF_NOTIFY_RESUME
+
+From: Andy Lutomirski <luto@amacapital.net>
+
+commit 82975bc6a6df743b9a01810fb32cb65d0ec5d60b upstream.
+
+x86 call do_notify_resume on paranoid returns if TIF_UPROBE is set but
+not on non-paranoid returns. I suspect that this is a mistake and that
+the code only works because int3 is paranoid.
+
+Setting _TIF_NOTIFY_RESUME in the uprobe code was probably a workaround
+for the x86 bug. With that bug fixed, we can remove _TIF_NOTIFY_RESUME
+from the uprobes code.
+
+Reported-by: Oleg Nesterov <oleg@redhat.com>
+Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/thread_info.h | 2 +-
+ kernel/events/uprobes.c | 1 -
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/x86/include/asm/thread_info.h
++++ b/arch/x86/include/asm/thread_info.h
+@@ -147,7 +147,7 @@ struct thread_info {
+ /* Only used for 64 bit */
+ #define _TIF_DO_NOTIFY_MASK \
+ (_TIF_SIGPENDING | _TIF_MCE_NOTIFY | _TIF_NOTIFY_RESUME | \
+- _TIF_USER_RETURN_NOTIFY)
++ _TIF_USER_RETURN_NOTIFY | _TIF_UPROBE)
+
+ /* flags to check in __switch_to() */
+ #define _TIF_WORK_CTXSW \
+--- a/kernel/events/uprobes.c
++++ b/kernel/events/uprobes.c
+@@ -1511,7 +1511,6 @@ bool uprobe_deny_signal(void)
+ if (__fatal_signal_pending(t) || arch_uprobe_xol_was_trapped(t)) {
+ utask->state = UTASK_SSTEP_TRAPPED;
+ set_tsk_thread_flag(t, TIF_UPROBE);
+- set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
+ }
+ }
+
--- /dev/null
+From 45e2a9d4701d8c624d4a4bcdd1084eae31e92f58 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 14 Nov 2014 11:47:37 -0800
+Subject: x86, mm: Set NX across entire PMD at boot
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 45e2a9d4701d8c624d4a4bcdd1084eae31e92f58 upstream.
+
+When setting up permissions on kernel memory at boot, the end of the
+PMD that was split from bss remained executable. It should be NX like
+the rest. This performs a PMD alignment instead of a PAGE alignment to
+get the correct span of memory.
+
+Before:
+---[ High Kernel Mapping ]---
+...
+0xffffffff8202d000-0xffffffff82200000 1868K RW GLB NX pte
+0xffffffff82200000-0xffffffff82c00000 10M RW PSE GLB NX pmd
+0xffffffff82c00000-0xffffffff82df5000 2004K RW GLB NX pte
+0xffffffff82df5000-0xffffffff82e00000 44K RW GLB x pte
+0xffffffff82e00000-0xffffffffc0000000 978M pmd
+
+After:
+---[ High Kernel Mapping ]---
+...
+0xffffffff8202d000-0xffffffff82200000 1868K RW GLB NX pte
+0xffffffff82200000-0xffffffff82e00000 12M RW PSE GLB NX pmd
+0xffffffff82e00000-0xffffffffc0000000 978M pmd
+
+[ tglx: Changed it to roundup(_brk_end, PMD_SIZE) and added a comment.
+ We really should unmap the reminder along with the holes
+ caused by init,initdata etc. but thats a different issue ]
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Cc: Andy Lutomirski <luto@amacapital.net>
+Cc: Toshi Kani <toshi.kani@hp.com>
+Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
+Cc: David Vrabel <david.vrabel@citrix.com>
+Cc: Wang Nan <wangnan0@huawei.com>
+Cc: Yinghai Lu <yinghai@kernel.org>
+Link: http://lkml.kernel.org/r/20141114194737.GA3091@www.outflux.net
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/mm/init_64.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/mm/init_64.c
++++ b/arch/x86/mm/init_64.c
+@@ -1142,7 +1142,7 @@ void mark_rodata_ro(void)
+ unsigned long end = (unsigned long) &__end_rodata_hpage_align;
+ unsigned long text_end = PFN_ALIGN(&__stop___ex_table);
+ unsigned long rodata_end = PFN_ALIGN(&__end_rodata);
+- unsigned long all_end = PFN_ALIGN(&_end);
++ unsigned long all_end;
+
+ printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+ (end - start) >> 10);
+@@ -1153,7 +1153,16 @@ void mark_rodata_ro(void)
+ /*
+ * The rodata/data/bss/brk section (but not the kernel text!)
+ * should also be not-executable.
++ *
++ * We align all_end to PMD_SIZE because the existing mapping
++ * is a full PMD. If we would align _brk_end to PAGE_SIZE we
++ * split the PMD and the reminder between _brk_end and the end
++ * of the PMD will remain mapped executable.
++ *
++ * Any PMD which was setup after the one which covers _brk_end
++ * has been zapped already via cleanup_highmem().
+ */
++ all_end = roundup((unsigned long)_brk_end, PMD_SIZE);
+ set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT);
+
+ rodata_test();
--- /dev/null
+From 2cd3949f702692cf4c5d05b463f19cd706a92dd3 Mon Sep 17 00:00:00 2001
+From: Dave Hansen <dave.hansen@linux.intel.com>
+Date: Tue, 11 Nov 2014 14:01:33 -0800
+Subject: x86: Require exact match for 'noxsave' command line option
+
+From: Dave Hansen <dave.hansen@linux.intel.com>
+
+commit 2cd3949f702692cf4c5d05b463f19cd706a92dd3 upstream.
+
+We have some very similarly named command-line options:
+
+arch/x86/kernel/cpu/common.c:__setup("noxsave", x86_xsave_setup);
+arch/x86/kernel/cpu/common.c:__setup("noxsaveopt", x86_xsaveopt_setup);
+arch/x86/kernel/cpu/common.c:__setup("noxsaves", x86_xsaves_setup);
+
+__setup() is designed to match options that take arguments, like
+"foo=bar" where you would have:
+
+ __setup("foo", x86_foo_func...);
+
+The problem is that "noxsave" actually _matches_ "noxsaves" in
+the same way that "foo" matches "foo=bar". If you boot an old
+kernel that does not know about "noxsaves" with "noxsaves" on the
+command line, it will interpret the argument as "noxsave", which
+is not what you want at all.
+
+This makes the "noxsave" handler only return success when it finds
+an *exact* match.
+
+[ tglx: We really need to make __setup() more robust. ]
+
+Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Dave Hansen <dave@sr71.net>
+Cc: Fenghua Yu <fenghua.yu@intel.com>
+Cc: x86@kernel.org
+Link: http://lkml.kernel.org/r/20141111220133.FE053984@viggo.jf.intel.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/common.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -144,6 +144,8 @@ EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
+
+ static int __init x86_xsave_setup(char *s)
+ {
++ if (strlen(s))
++ return 0;
+ setup_clear_cpu_cap(X86_FEATURE_XSAVE);
+ setup_clear_cpu_cap(X86_FEATURE_XSAVEOPT);
+ setup_clear_cpu_cap(X86_FEATURE_AVX);
projects / thirdparty / kernel / stable-queue.git / commitdiff
