From: Greg Kroah-Hartman Date: Tue, 2 Oct 2018 13:21:33 +0000 (-0700) Subject: drop powerpc-avoid-code-patching-freed-init-sections.patch X-Git-Tag: v4.18.12~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d7ba8cdb36990d255b61afad5bd78af10c5b9cf;p=thirdparty%2Fkernel%2Fstable-queue.git drop powerpc-avoid-code-patching-freed-init-sections.patch --- diff --git a/queue-4.18/powerpc-avoid-code-patching-freed-init-sections.patch b/queue-4.18/powerpc-avoid-code-patching-freed-init-sections.patch deleted file mode 100644 index e3be35744d2..00000000000 --- a/queue-4.18/powerpc-avoid-code-patching-freed-init-sections.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 -From: Michael Neuling -Date: Fri, 14 Sep 2018 11:14:11 +1000 -Subject: powerpc: Avoid code patching freed init sections - -From: Michael Neuling - -commit 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 upstream. - -This stops us from doing code patching in init sections after they've -been freed. - -In this chain: - kvm_guest_init() -> - kvm_use_magic_page() -> - fault_in_pages_readable() -> - __get_user() -> - __get_user_nocheck() -> - barrier_nospec(); - -We have a code patching location at barrier_nospec() and -kvm_guest_init() is an init function. This whole chain gets inlined, -so when we free the init section (hence kvm_guest_init()), this code -goes away and hence should no longer be patched. - -We seen this as userspace memory corruption when using a memory -checker while doing partition migration testing on powervm (this -starts the code patching post migration via -/sys/kernel/mobility/migration). In theory, it could also happen when -using /sys/kernel/debug/powerpc/barrier_nospec. - -Cc: stable@vger.kernel.org # 4.13+ -Signed-off-by: Michael Neuling -Reviewed-by: Nicholas Piggin -Reviewed-by: Christophe Leroy -Signed-off-by: Michael Ellerman -Signed-off-by: Greg Kroah-Hartman - ---- - arch/powerpc/include/asm/setup.h | 1 + - arch/powerpc/lib/code-patching.c | 6 ++++++ - arch/powerpc/mm/mem.c | 2 ++ - 3 files changed, 9 insertions(+) - ---- a/arch/powerpc/include/asm/setup.h -+++ b/arch/powerpc/include/asm/setup.h -@@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, - - extern unsigned int rtas_data; - extern unsigned long long memory_limit; -+extern bool init_mem_is_free; - extern unsigned long klimit; - extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); - ---- a/arch/powerpc/lib/code-patching.c -+++ b/arch/powerpc/lib/code-patching.c -@@ -28,6 +28,12 @@ static int __patch_instruction(unsigned - { - int err; - -+ /* Make sure we aren't patching a freed init section */ -+ if (init_mem_is_free && init_section_contains(exec_addr, 4)) { -+ pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); -+ return 0; -+ } -+ - __put_user_size(instr, patch_addr, 4, err); - if (err) - return err; ---- a/arch/powerpc/mm/mem.c -+++ b/arch/powerpc/mm/mem.c -@@ -63,6 +63,7 @@ - #endif - - unsigned long long memory_limit; -+bool init_mem_is_free; - - #ifdef CONFIG_HIGHMEM - pte_t *kmap_pte; -@@ -396,6 +397,7 @@ void free_initmem(void) - { - ppc_md.progress = ppc_printk_progress; - mark_initmem_nx(); -+ init_mem_is_free = true; - free_initmem_default(POISON_FREE_INITMEM); - } - diff --git a/queue-4.18/series b/queue-4.18/series index 305b4fa7a95..e1ae23b20c2 100644 --- a/queue-4.18/series +++ b/queue-4.18/series @@ -224,6 +224,5 @@ clk-x86-set-default-parent-to-48mhz.patch x86-pti-fix-section-mismatch-warning-error.patch kvm-ppc-book3s-hv-fix-guest-r11-corruption-with-power9-tm-workarounds.patch powerpc-fix-csum_ipv6_magic-on-little-endian-platforms.patch -powerpc-avoid-code-patching-freed-init-sections.patch powerpc-pkeys-fix-reading-of-ibm-processor-storage-keys-property.patch powerpc-pseries-fix-unitialized-timer-reset-on-migration.patch