From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 16 Feb 2021 08:27:17 +0000 (+0100)
Subject: 4.14-stable patches
X-Git-Tag: v5.4.99~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1fc79d300e6feef650ea64c8edb239a1eefbad33;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	x86-build-disable-cet-instrumentation-in-the-kernel-for-32-bit-too.patch
---

diff --git a/queue-4.14/series b/queue-4.14/series
index 04c5d71ac96..5be28025a41 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -38,3 +38,4 @@ vsock-virtio-update-credit-only-if-socket-is-not-closed.patch
 vsock-fix-locking-in-vsock_shutdown.patch
 i2c-stm32f7-fix-configuration-of-the-digital-filter.patch
 h8300-fix-preemption-build-ti_pre_count-undefined.patch
+x86-build-disable-cet-instrumentation-in-the-kernel-for-32-bit-too.patch
diff --git a/queue-4.14/x86-build-disable-cet-instrumentation-in-the-kernel-for-32-bit-too.patch b/queue-4.14/x86-build-disable-cet-instrumentation-in-the-kernel-for-32-bit-too.patch
new file mode 100644
index 00000000000..43de9d975d9
--- /dev/null
+++ b/queue-4.14/x86-build-disable-cet-instrumentation-in-the-kernel-for-32-bit-too.patch
@@ -0,0 +1,51 @@
+From 256b92af784d5043eeb7d559b6d5963dcc2ecb10 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Mon, 8 Feb 2021 16:43:30 +0100
+Subject: x86/build: Disable CET instrumentation in the kernel for 32-bit too
+
+From: Borislav Petkov <bp@suse.de>
+
+commit 256b92af784d5043eeb7d559b6d5963dcc2ecb10 upstream.
+
+Commit
+
+  20bf2b378729 ("x86/build: Disable CET instrumentation in the kernel")
+
+disabled CET instrumentation which gets added by default by the Ubuntu
+gcc9 and 10 by default, but did that only for 64-bit builds. It would
+still fail when building a 32-bit target. So disable CET for all x86
+builds.
+
+Fixes: 20bf2b378729 ("x86/build: Disable CET instrumentation in the kernel")
+Reported-by: AC <achirvasub@gmail.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Tested-by: AC <achirvasub@gmail.com>
+Link: https://lkml.kernel.org/r/YCCIgMHkzh/xT4ex@arch-chirva.localdomain
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/Makefile |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/Makefile
++++ b/arch/x86/Makefile
+@@ -62,6 +62,9 @@ endif
+ KBUILD_CFLAGS += -mno-sse -mno-mmx -mno-sse2 -mno-3dnow
+ KBUILD_CFLAGS += $(call cc-option,-mno-avx,)
+ 
++# Intel CET isn't enabled in the kernel
++KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
++
+ ifeq ($(CONFIG_X86_32),y)
+         BITS := 32
+         UTS_MACHINE := i386
+@@ -138,9 +141,6 @@ else
+         KBUILD_CFLAGS += -mno-red-zone
+         KBUILD_CFLAGS += -mcmodel=kernel
+ 
+-	# Intel CET isn't enabled in the kernel
+-	KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
+-
+         # -funit-at-a-time shrinks the kernel .text considerably
+         # unfortunately it makes reading oopses harder.
+         KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)