From: Greg Kroah-Hartman Date: Sun, 16 Sep 2018 12:45:05 +0000 (+0200) Subject: 4.18-stable patches X-Git-Tag: v4.18.9~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3fadab27336214d69dfd51414e8ba2ea06b001a3;p=thirdparty%2Fkernel%2Fstable-queue.git 4.18-stable patches added patches: acpi-lpss-force-lpss-quirks-on-boot.patch alsa-hda-fix-cancel_work_sync-stall-from-jackpoll-work.patch arc-allow-u-boot-to-pass-mac-address-to-the-kernel.patch cpu-hotplug-adjust-misplaced-smb-in-cpuhp_thread_fun.patch cpu-hotplug-prevent-state-corruption-on-error-rollback.patch memory-ti-aemif-fix-a-potential-null-pointer-dereference.patch x86-apic-vector-make-error-return-value-negative.patch x86-microcode-make-sure-boot_cpu_data.microcode-is-up-to-date.patch x86-microcode-update-the-new-microcode-revision-unconditionally.patch x86-process-don-t-mix-user-kernel-regs-in-64bit-__show_regs.patch --- diff --git a/queue-4.18/acpi-lpss-force-lpss-quirks-on-boot.patch b/queue-4.18/acpi-lpss-force-lpss-quirks-on-boot.patch new file mode 100644 index 00000000000..4aced8452d9 --- /dev/null +++ b/queue-4.18/acpi-lpss-force-lpss-quirks-on-boot.patch @@ -0,0 +1,42 @@ +From f11fc4bc669b8622510c1039499f5a9d24248fec Mon Sep 17 00:00:00 2001 +From: Zhang Rui +Date: Mon, 3 Sep 2018 10:00:07 +0800 +Subject: ACPI / LPSS: Force LPSS quirks on boot + +From: Zhang Rui + +commit f11fc4bc669b8622510c1039499f5a9d24248fec upstream. + +Commit 12864ff8545f (ACPI / LPSS: Avoid PM quirks on suspend and resume +from hibernation) bypasses lpss quirks for S3 and S4, by setting a flag +for S3/S4 in acpi_lpss_suspend(), and check that flag in +acpi_lpss_resume(). + +But this overlooks the boot case where acpi_lpss_resume() may get called +without a corresponding acpi_lpss_suspend() having been called. + +Thus force setting the flag during boot. + +Fixes: 12864ff8545f (ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation) +Link: https://bugzilla.kernel.org/show_bug.cgi?id=200989 +Reported-and-tested-by: William Lieurance +Signed-off-by: Zhang Rui +Cc: 4.15+ # 4.15+: 12864ff8545f (ACPI / LPSS: Avoid ...) +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpi_lpss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/acpi/acpi_lpss.c ++++ b/drivers/acpi/acpi_lpss.c +@@ -879,7 +879,7 @@ static void acpi_lpss_dismiss(struct dev + #define LPSS_GPIODEF0_DMA_LLP BIT(13) + + static DEFINE_MUTEX(lpss_iosf_mutex); +-static bool lpss_iosf_d3_entered; ++static bool lpss_iosf_d3_entered = true; + + static void lpss_iosf_enter_d3_state(void) + { diff --git a/queue-4.18/alsa-hda-fix-cancel_work_sync-stall-from-jackpoll-work.patch b/queue-4.18/alsa-hda-fix-cancel_work_sync-stall-from-jackpoll-work.patch new file mode 100644 index 00000000000..2eb2a74748f --- /dev/null +++ b/queue-4.18/alsa-hda-fix-cancel_work_sync-stall-from-jackpoll-work.patch @@ -0,0 +1,46 @@ +From 16037643969e095509cd8446a3f8e406a6dc3a2c Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 30 Aug 2018 15:13:16 +0200 +Subject: ALSA: hda - Fix cancel_work_sync() stall from jackpoll work + +From: Takashi Iwai + +commit 16037643969e095509cd8446a3f8e406a6dc3a2c upstream. + +On AMD/ATI controllers, the HD-audio controller driver allows a bus +reset upon the error recovery, and its procedure includes the +cancellation of pending jack polling work as found in +snd_hda_bus_codec_reset(). This works usually fine, but it becomes a +problem when the reset happens from the jack poll work itself; then +calling cancel_work_sync() from the work being processed tries to wait +the finish endlessly. + +As a workaround, this patch adds the check of current_work() and +applies the cancel_work_sync() only when it's not from the +jackpoll_work. + +This doesn't fix the root cause of the reported error below, but at +least, it eases the unexpected stall of the whole system. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200937 +Cc: +Cc: Lukas Wunner +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/hda_codec.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/hda_codec.c ++++ b/sound/pci/hda/hda_codec.c +@@ -3910,7 +3910,8 @@ void snd_hda_bus_reset_codecs(struct hda + + list_for_each_codec(codec, bus) { + /* FIXME: maybe a better way needed for forced reset */ +- cancel_delayed_work_sync(&codec->jackpoll_work); ++ if (current_work() != &codec->jackpoll_work.work) ++ cancel_delayed_work_sync(&codec->jackpoll_work); + #ifdef CONFIG_PM + if (hda_codec_is_power_on(codec)) { + hda_call_codec_suspend(codec); diff --git a/queue-4.18/arc-allow-u-boot-to-pass-mac-address-to-the-kernel.patch b/queue-4.18/arc-allow-u-boot-to-pass-mac-address-to-the-kernel.patch new file mode 100644 index 00000000000..113cf1be0fa --- /dev/null +++ b/queue-4.18/arc-allow-u-boot-to-pass-mac-address-to-the-kernel.patch @@ -0,0 +1,96 @@ +From 5c0920897af59779546e9ea0e89c5db45c8aff33 Mon Sep 17 00:00:00 2001 +From: Alexey Brodkin +Date: Thu, 2 Aug 2018 13:19:37 +0300 +Subject: ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel + +From: Alexey Brodkin + +commit 5c0920897af59779546e9ea0e89c5db45c8aff33 upstream. + +Otherwise kernel uses random MAC which is not very conveniet. +With that change in place use might set desired MAC in U-Boot +with "setenv ethaddr 11:22:33:44:55:66", save environment and +then from boot to boot the same MAC will be used by the kernel. + +One other note for this to happen it's required to pass +board's .dtb in U-Boot's "bootm" command like that: +------------------->8----------------- +bootm 0x82000000 - 0x84000000 +------------------->8----------------- + +Here 0x82000000 is location of uImage while +0x80000000 is location of either axs10x.dtb or hsdk.dtb +previously loaded from SD-card, USB storage or TFTP server. + +Signed-off-by: Alexey Brodkin +Cc: Rob Herring +Cc: stable@vger.kernel.org # 4.14 +Cc: devicetree@vger.kernel.org +Signed-off-by: Vineet Gupta +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/boot/dts/axs10x_mb.dtsi | 7 ++++++- + arch/arc/boot/dts/hsdk.dts | 7 ++++++- + 2 files changed, 12 insertions(+), 2 deletions(-) + +--- a/arch/arc/boot/dts/axs10x_mb.dtsi ++++ b/arch/arc/boot/dts/axs10x_mb.dtsi +@@ -9,6 +9,10 @@ + */ + + / { ++ aliases { ++ ethernet = &gmac; ++ }; ++ + axs10x_mb { + compatible = "simple-bus"; + #address-cells = <1>; +@@ -68,7 +72,7 @@ + }; + }; + +- ethernet@0x18000 { ++ gmac: ethernet@0x18000 { + #interrupt-cells = <1>; + compatible = "snps,dwmac"; + reg = < 0x18000 0x2000 >; +@@ -81,6 +85,7 @@ + max-speed = <100>; + resets = <&creg_rst 5>; + reset-names = "stmmaceth"; ++ mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */ + }; + + ehci@0x40000 { +--- a/arch/arc/boot/dts/hsdk.dts ++++ b/arch/arc/boot/dts/hsdk.dts +@@ -25,6 +25,10 @@ + bootargs = "earlycon=uart8250,mmio32,0xf0005000,115200n8 console=ttyS0,115200n8 debug print-fatal-signals=1"; + }; + ++ aliases { ++ ethernet = &gmac; ++ }; ++ + cpus { + #address-cells = <1>; + #size-cells = <0>; +@@ -163,7 +167,7 @@ + #clock-cells = <0>; + }; + +- ethernet@8000 { ++ gmac: ethernet@8000 { + #interrupt-cells = <1>; + compatible = "snps,dwmac"; + reg = <0x8000 0x2000>; +@@ -176,6 +180,7 @@ + phy-handle = <&phy0>; + resets = <&cgu_rst HSDK_ETH_RESET>; + reset-names = "stmmaceth"; ++ mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */ + + mdio { + #address-cells = <1>; diff --git a/queue-4.18/cpu-hotplug-adjust-misplaced-smb-in-cpuhp_thread_fun.patch b/queue-4.18/cpu-hotplug-adjust-misplaced-smb-in-cpuhp_thread_fun.patch new file mode 100644 index 00000000000..96d01101968 --- /dev/null +++ b/queue-4.18/cpu-hotplug-adjust-misplaced-smb-in-cpuhp_thread_fun.patch @@ -0,0 +1,55 @@ +From f8b7530aa0a1def79c93101216b5b17cf408a70a Mon Sep 17 00:00:00 2001 +From: Neeraj Upadhyay +Date: Wed, 5 Sep 2018 11:22:07 +0530 +Subject: cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() + +From: Neeraj Upadhyay + +commit f8b7530aa0a1def79c93101216b5b17cf408a70a upstream. + +The smp_mb() in cpuhp_thread_fun() is misplaced. It needs to be after the +load of st->should_run to prevent reordering of the later load/stores +w.r.t. the load of st->should_run. + +Fixes: 4dddfb5faa61 ("smp/hotplug: Rewrite AP state machine core") +Signed-off-by: Neeraj Upadhyay +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: josh@joshtriplett.org +Cc: peterz@infradead.org +Cc: jiangshanlai@gmail.com +Cc: dzickus@redhat.com +Cc: brendan.jackman@arm.com +Cc: malat@debian.org +Cc: mojha@codeaurora.org +Cc: sramana@codeaurora.org +Cc: linux-arm-msm@vger.kernel.org +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/1536126727-11629-1-git-send-email-neeraju@codeaurora.org +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/cpu.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -608,15 +608,15 @@ static void cpuhp_thread_fun(unsigned in + bool bringup = st->bringup; + enum cpuhp_state state; + ++ if (WARN_ON_ONCE(!st->should_run)) ++ return; ++ + /* + * ACQUIRE for the cpuhp_should_run() load of ->should_run. Ensures + * that if we see ->should_run we also see the rest of the state. + */ + smp_mb(); + +- if (WARN_ON_ONCE(!st->should_run)) +- return; +- + cpuhp_lock_acquire(bringup); + + if (st->single) { diff --git a/queue-4.18/cpu-hotplug-prevent-state-corruption-on-error-rollback.patch b/queue-4.18/cpu-hotplug-prevent-state-corruption-on-error-rollback.patch new file mode 100644 index 00000000000..a29b515655f --- /dev/null +++ b/queue-4.18/cpu-hotplug-prevent-state-corruption-on-error-rollback.patch @@ -0,0 +1,67 @@ +From 69fa6eb7d6a64801ea261025cce9723d9442d773 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Thu, 6 Sep 2018 15:21:38 +0200 +Subject: cpu/hotplug: Prevent state corruption on error rollback + +From: Thomas Gleixner + +commit 69fa6eb7d6a64801ea261025cce9723d9442d773 upstream. + +When a teardown callback fails, the CPU hotplug code brings the CPU back to +the previous state. The previous state becomes the new target state. The +rollback happens in undo_cpu_down() which increments the state +unconditionally even if the state is already the same as the target. + +As a consequence the next CPU hotplug operation will start at the wrong +state. This is easily to observe when __cpu_disable() fails. + +Prevent the unconditional undo by checking the state vs. target before +incrementing state and fix up the consequently wrong conditional in the +unplug code which handles the failure of the final CPU take down on the +control CPU side. + +Fixes: 4dddfb5faa61 ("smp/hotplug: Rewrite AP state machine core") +Reported-by: Neeraj Upadhyay +Signed-off-by: Thomas Gleixner +Tested-by: Geert Uytterhoeven +Tested-by: Sudeep Holla +Tested-by: Neeraj Upadhyay +Cc: josh@joshtriplett.org +Cc: peterz@infradead.org +Cc: jiangshanlai@gmail.com +Cc: dzickus@redhat.com +Cc: brendan.jackman@arm.com +Cc: malat@debian.org +Cc: sramana@codeaurora.org +Cc: linux-arm-msm@vger.kernel.org +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1809051419580.1416@nanos.tec.linutronix.de +Signed-off-by: Greg Kroah-Hartman + +---- + +--- + kernel/cpu.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -928,7 +928,8 @@ static int cpuhp_down_callbacks(unsigned + ret = cpuhp_invoke_callback(cpu, st->state, false, NULL, NULL); + if (ret) { + st->target = prev_state; +- undo_cpu_down(cpu, st); ++ if (st->state < prev_state) ++ undo_cpu_down(cpu, st); + break; + } + } +@@ -981,7 +982,7 @@ static int __ref _cpu_down(unsigned int + * to do the further cleanups. + */ + ret = cpuhp_down_callbacks(cpu, st, target); +- if (ret && st->state > CPUHP_TEARDOWN_CPU && st->state < prev_state) { ++ if (ret && st->state == CPUHP_TEARDOWN_CPU && st->state < prev_state) { + cpuhp_reset_state(st, prev_state); + __cpuhp_kick_ap(st); + } diff --git a/queue-4.18/memory-ti-aemif-fix-a-potential-null-pointer-dereference.patch b/queue-4.18/memory-ti-aemif-fix-a-potential-null-pointer-dereference.patch new file mode 100644 index 00000000000..cd50a3b487f --- /dev/null +++ b/queue-4.18/memory-ti-aemif-fix-a-potential-null-pointer-dereference.patch @@ -0,0 +1,34 @@ +From 6b45a2b1c0bc2aec84d1c56a1976ca9c8a621ecb Mon Sep 17 00:00:00 2001 +From: Bartosz Golaszewski +Date: Thu, 6 Sep 2018 14:12:19 +0200 +Subject: memory: ti-aemif: fix a potential NULL-pointer dereference + +From: Bartosz Golaszewski + +commit 6b45a2b1c0bc2aec84d1c56a1976ca9c8a621ecb upstream. + +Platform data pointer may be NULL. We check it everywhere but in one +place. Fix it. + +Fixes: 8af70cd2ca50 ("memory: aemif: add support for board files") +Reported-by: Dan Carpenter +Signed-off-by: Bartosz Golaszewski +Cc: stable@vger.kernel.org +Signed-off-by: Olof Johansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/memory/ti-aemif.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/memory/ti-aemif.c ++++ b/drivers/memory/ti-aemif.c +@@ -411,7 +411,7 @@ static int aemif_probe(struct platform_d + if (ret < 0) + goto error; + } +- } else { ++ } else if (pdata) { + for (i = 0; i < pdata->num_sub_devices; i++) { + pdata->sub_devices[i].dev.parent = dev; + ret = platform_device_register(&pdata->sub_devices[i]); diff --git a/queue-4.18/series b/queue-4.18/series index 2812d501fa7..ffc6dc7bf43 100644 --- a/queue-4.18/series +++ b/queue-4.18/series @@ -28,3 +28,13 @@ kvm-x86-invert-emulation-re-execute-behavior-to-make-it-opt-in.patch kvm-x86-merge-emultype_retry-and-emultype_allow_reexecute.patch kvm-x86-default-to-not-allowing-emulation-retry-in-kvm_mmu_page_fault.patch kvm-x86-do-not-re-try-execute-after-failed-emulation-in-l2.patch +arc-allow-u-boot-to-pass-mac-address-to-the-kernel.patch +acpi-lpss-force-lpss-quirks-on-boot.patch +memory-ti-aemif-fix-a-potential-null-pointer-dereference.patch +alsa-hda-fix-cancel_work_sync-stall-from-jackpoll-work.patch +cpu-hotplug-adjust-misplaced-smb-in-cpuhp_thread_fun.patch +cpu-hotplug-prevent-state-corruption-on-error-rollback.patch +x86-microcode-make-sure-boot_cpu_data.microcode-is-up-to-date.patch +x86-microcode-update-the-new-microcode-revision-unconditionally.patch +x86-process-don-t-mix-user-kernel-regs-in-64bit-__show_regs.patch +x86-apic-vector-make-error-return-value-negative.patch diff --git a/queue-4.18/x86-apic-vector-make-error-return-value-negative.patch b/queue-4.18/x86-apic-vector-make-error-return-value-negative.patch new file mode 100644 index 00000000000..071943a69e2 --- /dev/null +++ b/queue-4.18/x86-apic-vector-make-error-return-value-negative.patch @@ -0,0 +1,33 @@ +From 47b7360ce563e18c524ce92b55fb4da72b3b3578 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Sat, 8 Sep 2018 12:07:26 +0200 +Subject: x86/apic/vector: Make error return value negative + +From: Thomas Gleixner + +commit 47b7360ce563e18c524ce92b55fb4da72b3b3578 upstream. + +activate_managed() returns EINVAL instead of -EINVAL in case of +error. While this is unlikely to happen, the positive return value would +cause further malfunction at the call site. + +Fixes: 2db1f959d9dc ("x86/vector: Handle managed interrupts proper") +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/apic/vector.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kernel/apic/vector.c ++++ b/arch/x86/kernel/apic/vector.c +@@ -422,7 +422,7 @@ static int activate_managed(struct irq_d + if (WARN_ON_ONCE(cpumask_empty(vector_searchmask))) { + /* Something in the core code broke! Survive gracefully */ + pr_err("Managed startup for irq %u, but no CPU\n", irqd->irq); +- return EINVAL; ++ return -EINVAL; + } + + ret = assign_managed_vector(irqd, vector_searchmask); diff --git a/queue-4.18/x86-microcode-make-sure-boot_cpu_data.microcode-is-up-to-date.patch b/queue-4.18/x86-microcode-make-sure-boot_cpu_data.microcode-is-up-to-date.patch new file mode 100644 index 00000000000..9ec40bb97b2 --- /dev/null +++ b/queue-4.18/x86-microcode-make-sure-boot_cpu_data.microcode-is-up-to-date.patch @@ -0,0 +1,62 @@ +From 370a132bb2227ff76278f98370e0e701d86ff752 Mon Sep 17 00:00:00 2001 +From: Prarit Bhargava +Date: Tue, 31 Jul 2018 07:27:39 -0400 +Subject: x86/microcode: Make sure boot_cpu_data.microcode is up-to-date + +From: Prarit Bhargava + +commit 370a132bb2227ff76278f98370e0e701d86ff752 upstream. + +When preparing an MCE record for logging, boot_cpu_data.microcode is used +to read out the microcode revision on the box. + +However, on systems where late microcode update has happened, the microcode +revision output in a MCE log record is wrong because +boot_cpu_data.microcode is not updated when the microcode gets updated. + +But, the microcode revision saved in boot_cpu_data's microcode member +should be kept up-to-date, regardless, for consistency. + +Make it so. + +Fixes: fa94d0c6e0f3 ("x86/MCE: Save microcode revision in machine check records") +Signed-off-by: Prarit Bhargava +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Cc: Tony Luck +Cc: sironi@amazon.de +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20180731112739.32338-1-prarit@redhat.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/microcode/amd.c | 4 ++++ + arch/x86/kernel/cpu/microcode/intel.c | 4 ++++ + 2 files changed, 8 insertions(+) + +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -537,6 +537,10 @@ static enum ucode_state apply_microcode_ + uci->cpu_sig.rev = mc_amd->hdr.patch_id; + c->microcode = mc_amd->hdr.patch_id; + ++ /* Update boot_cpu_data's revision too, if we're on the BSP: */ ++ if (c->cpu_index == boot_cpu_data.cpu_index) ++ boot_cpu_data.microcode = mc_amd->hdr.patch_id; ++ + return UCODE_UPDATED; + } + +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -851,6 +851,10 @@ static enum ucode_state apply_microcode_ + uci->cpu_sig.rev = rev; + c->microcode = rev; + ++ /* Update boot_cpu_data's revision too, if we're on the BSP: */ ++ if (c->cpu_index == boot_cpu_data.cpu_index) ++ boot_cpu_data.microcode = rev; ++ + return UCODE_UPDATED; + } + diff --git a/queue-4.18/x86-microcode-update-the-new-microcode-revision-unconditionally.patch b/queue-4.18/x86-microcode-update-the-new-microcode-revision-unconditionally.patch new file mode 100644 index 00000000000..b90421ed9ef --- /dev/null +++ b/queue-4.18/x86-microcode-update-the-new-microcode-revision-unconditionally.patch @@ -0,0 +1,121 @@ +From 8da38ebaad23fe1b0c4a205438676f6356607cfc Mon Sep 17 00:00:00 2001 +From: Filippo Sironi +Date: Tue, 31 Jul 2018 17:29:30 +0200 +Subject: x86/microcode: Update the new microcode revision unconditionally + +From: Filippo Sironi + +commit 8da38ebaad23fe1b0c4a205438676f6356607cfc upstream. + +Handle the case where microcode gets loaded on the BSP's hyperthread +sibling first and the boot_cpu_data's microcode revision doesn't get +updated because of early exit due to the siblings sharing a microcode +engine. + +For that, simply write the updated revision on all CPUs unconditionally. + +Signed-off-by: Filippo Sironi +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Cc: prarit@redhat.com +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/1533050970-14385-1-git-send-email-sironi@amazon.de +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/microcode/amd.c | 22 +++++++++++++--------- + arch/x86/kernel/cpu/microcode/intel.c | 13 ++++++++----- + 2 files changed, 21 insertions(+), 14 deletions(-) + +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -504,6 +504,7 @@ static enum ucode_state apply_microcode_ + struct microcode_amd *mc_amd; + struct ucode_cpu_info *uci; + struct ucode_patch *p; ++ enum ucode_state ret; + u32 rev, dummy; + + BUG_ON(raw_smp_processor_id() != cpu); +@@ -521,9 +522,8 @@ static enum ucode_state apply_microcode_ + + /* need to apply patch? */ + if (rev >= mc_amd->hdr.patch_id) { +- c->microcode = rev; +- uci->cpu_sig.rev = rev; +- return UCODE_OK; ++ ret = UCODE_OK; ++ goto out; + } + + if (__apply_microcode_amd(mc_amd)) { +@@ -531,17 +531,21 @@ static enum ucode_state apply_microcode_ + cpu, mc_amd->hdr.patch_id); + return UCODE_ERROR; + } +- pr_info("CPU%d: new patch_level=0x%08x\n", cpu, +- mc_amd->hdr.patch_id); + +- uci->cpu_sig.rev = mc_amd->hdr.patch_id; +- c->microcode = mc_amd->hdr.patch_id; ++ rev = mc_amd->hdr.patch_id; ++ ret = UCODE_UPDATED; ++ ++ pr_info("CPU%d: new patch_level=0x%08x\n", cpu, rev); ++ ++out: ++ uci->cpu_sig.rev = rev; ++ c->microcode = rev; + + /* Update boot_cpu_data's revision too, if we're on the BSP: */ + if (c->cpu_index == boot_cpu_data.cpu_index) +- boot_cpu_data.microcode = mc_amd->hdr.patch_id; ++ boot_cpu_data.microcode = rev; + +- return UCODE_UPDATED; ++ return ret; + } + + static int install_equiv_cpu_table(const u8 *buf) +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -795,6 +795,7 @@ static enum ucode_state apply_microcode_ + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + struct cpuinfo_x86 *c = &cpu_data(cpu); + struct microcode_intel *mc; ++ enum ucode_state ret; + static int prev_rev; + u32 rev; + +@@ -817,9 +818,8 @@ static enum ucode_state apply_microcode_ + */ + rev = intel_get_microcode_revision(); + if (rev >= mc->hdr.rev) { +- uci->cpu_sig.rev = rev; +- c->microcode = rev; +- return UCODE_OK; ++ ret = UCODE_OK; ++ goto out; + } + + /* +@@ -848,14 +848,17 @@ static enum ucode_state apply_microcode_ + prev_rev = rev; + } + ++ ret = UCODE_UPDATED; ++ ++out: + uci->cpu_sig.rev = rev; +- c->microcode = rev; ++ c->microcode = rev; + + /* Update boot_cpu_data's revision too, if we're on the BSP: */ + if (c->cpu_index == boot_cpu_data.cpu_index) + boot_cpu_data.microcode = rev; + +- return UCODE_UPDATED; ++ return ret; + } + + static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, diff --git a/queue-4.18/x86-process-don-t-mix-user-kernel-regs-in-64bit-__show_regs.patch b/queue-4.18/x86-process-don-t-mix-user-kernel-regs-in-64bit-__show_regs.patch new file mode 100644 index 00000000000..0ce05de4a43 --- /dev/null +++ b/queue-4.18/x86-process-don-t-mix-user-kernel-regs-in-64bit-__show_regs.patch @@ -0,0 +1,147 @@ +From 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Fri, 31 Aug 2018 21:41:51 +0200 +Subject: x86/process: Don't mix user/kernel regs in 64bit __show_regs() + +From: Jann Horn + +commit 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 upstream. + +When the kernel.print-fatal-signals sysctl has been enabled, a simple +userspace crash will cause the kernel to write a crash dump that contains, +among other things, the kernel gsbase into dmesg. + +As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE +in this case. + +This also moves the bitness-specific logic from show_regs() into +process_{32,64}.c. + +Fixes: 45807a1df9f5 ("vdso: print fatal signals") +Signed-off-by: Jann Horn +Signed-off-by: Thomas Gleixner +Cc: "H. Peter Anvin" +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Greg Kroah-Hartman +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/kdebug.h | 12 +++++++++++- + arch/x86/kernel/dumpstack.c | 11 +++-------- + arch/x86/kernel/process_32.c | 4 ++-- + arch/x86/kernel/process_64.c | 12 ++++++++++-- + 4 files changed, 26 insertions(+), 13 deletions(-) + +--- a/arch/x86/include/asm/kdebug.h ++++ b/arch/x86/include/asm/kdebug.h +@@ -22,10 +22,20 @@ enum die_val { + DIE_NMIUNKNOWN, + }; + ++enum show_regs_mode { ++ SHOW_REGS_SHORT, ++ /* ++ * For when userspace crashed, but we don't think it's our fault, and ++ * therefore don't print kernel registers. ++ */ ++ SHOW_REGS_USER, ++ SHOW_REGS_ALL ++}; ++ + extern void die(const char *, struct pt_regs *,long); + extern int __must_check __die(const char *, struct pt_regs *, long); + extern void show_stack_regs(struct pt_regs *regs); +-extern void __show_regs(struct pt_regs *regs, int all); ++extern void __show_regs(struct pt_regs *regs, enum show_regs_mode); + extern void show_iret_regs(struct pt_regs *regs); + extern unsigned long oops_begin(void); + extern void oops_end(unsigned long, struct pt_regs *, int signr); +--- a/arch/x86/kernel/dumpstack.c ++++ b/arch/x86/kernel/dumpstack.c +@@ -155,7 +155,7 @@ static void show_regs_if_on_stack(struct + * they can be printed in the right context. + */ + if (!partial && on_stack(info, regs, sizeof(*regs))) { +- __show_regs(regs, 0); ++ __show_regs(regs, SHOW_REGS_SHORT); + + } else if (partial && on_stack(info, (void *)regs + IRET_FRAME_OFFSET, + IRET_FRAME_SIZE)) { +@@ -353,7 +353,7 @@ void oops_end(unsigned long flags, struc + oops_exit(); + + /* Executive summary in case the oops scrolled away */ +- __show_regs(&exec_summary_regs, true); ++ __show_regs(&exec_summary_regs, SHOW_REGS_ALL); + + if (!signr) + return; +@@ -416,14 +416,9 @@ void die(const char *str, struct pt_regs + + void show_regs(struct pt_regs *regs) + { +- bool all = true; +- + show_regs_print_info(KERN_DEFAULT); + +- if (IS_ENABLED(CONFIG_X86_32)) +- all = !user_mode(regs); +- +- __show_regs(regs, all); ++ __show_regs(regs, user_mode(regs) ? SHOW_REGS_USER : SHOW_REGS_ALL); + + /* + * When in-kernel, we also print out the stack at the time of the fault.. +--- a/arch/x86/kernel/process_32.c ++++ b/arch/x86/kernel/process_32.c +@@ -59,7 +59,7 @@ + #include + #include + +-void __show_regs(struct pt_regs *regs, int all) ++void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) + { + unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; + unsigned long d0, d1, d2, d3, d6, d7; +@@ -85,7 +85,7 @@ void __show_regs(struct pt_regs *regs, i + printk(KERN_DEFAULT "DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x EFLAGS: %08lx\n", + (u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss, regs->flags); + +- if (!all) ++ if (mode != SHOW_REGS_ALL) + return; + + cr0 = read_cr0(); +--- a/arch/x86/kernel/process_64.c ++++ b/arch/x86/kernel/process_64.c +@@ -62,7 +62,7 @@ + __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); + + /* Prints also some state that isn't saved in the pt_regs */ +-void __show_regs(struct pt_regs *regs, int all) ++void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) + { + unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L, fs, gs, shadowgs; + unsigned long d0, d1, d2, d3, d6, d7; +@@ -87,9 +87,17 @@ void __show_regs(struct pt_regs *regs, i + printk(KERN_DEFAULT "R13: %016lx R14: %016lx R15: %016lx\n", + regs->r13, regs->r14, regs->r15); + +- if (!all) ++ if (mode == SHOW_REGS_SHORT) + return; + ++ if (mode == SHOW_REGS_USER) { ++ rdmsrl(MSR_FS_BASE, fs); ++ rdmsrl(MSR_KERNEL_GS_BASE, shadowgs); ++ printk(KERN_DEFAULT "FS: %016lx GS: %016lx\n", ++ fs, shadowgs); ++ return; ++ } ++ + asm("movl %%ds,%0" : "=r" (ds)); + asm("movl %%cs,%0" : "=r" (cs)); + asm("movl %%es,%0" : "=r" (es));