From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 Jun 2019 09:46:24 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v5.1.11~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7a4fa4d41acdd614e8d27da39b4475c2dee2d70f;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	x86-kasan-fix-boot-with-5-level-paging-and-kasan.patch
	x86-microcode-cpuhotplug-add-a-microcode-loader-cpu-hotplug-callback.patch
---

diff --git a/queue-4.14/series b/queue-4.14/series
index 48e626341f3..4960c4cbb6a 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -48,3 +48,5 @@ usb-serial-pl2303-add-allied-telesis-vt-kit3.patch
 usb-serial-option-add-support-for-simcom-sim7500-sim7600-rndis-mode.patch
 usb-serial-option-add-telit-0x1260-and-0x1261-compositions.patch
 ras-cec-fix-binary-search-function.patch
+x86-microcode-cpuhotplug-add-a-microcode-loader-cpu-hotplug-callback.patch
+x86-kasan-fix-boot-with-5-level-paging-and-kasan.patch
diff --git a/queue-4.14/x86-kasan-fix-boot-with-5-level-paging-and-kasan.patch b/queue-4.14/x86-kasan-fix-boot-with-5-level-paging-and-kasan.patch
new file mode 100644
index 00000000000..adfd5accb0c
--- /dev/null
+++ b/queue-4.14/x86-kasan-fix-boot-with-5-level-paging-and-kasan.patch
@@ -0,0 +1,60 @@
+From f3176ec9420de0c385023afa3e4970129444ac2f Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Date: Fri, 14 Jun 2019 17:31:49 +0300
+Subject: x86/kasan: Fix boot with 5-level paging and KASAN
+
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+
+commit f3176ec9420de0c385023afa3e4970129444ac2f upstream.
+
+Since commit d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on
+5-level paging") kernel doesn't boot with KASAN on 5-level paging machines.
+The bug is actually in early_p4d_offset() and introduced by commit
+12a8cc7fcf54 ("x86/kasan: Use the same shadow offset for 4- and 5-level paging")
+
+early_p4d_offset() tries to convert pgd_val(*pgd) value to a physical
+address. This doesn't make sense because pgd_val() already contains the
+physical address.
+
+It did work prior to commit d52888aa2753 because the result of
+"__pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK" was the same as "pgd_val(*pgd)
+& PTE_PFN_MASK". __pa_nodebug() just set some high bits which were masked
+out by applying PTE_PFN_MASK.
+
+After the change of the PAGE_OFFSET offset in commit d52888aa2753
+__pa_nodebug(pgd_val(*pgd)) started to return a value with more high bits
+set and PTE_PFN_MASK wasn't enough to mask out all of them. So it returns a
+wrong not even canonical address and crashes on the attempt to dereference
+it.
+
+Switch back to pgd_val() & PTE_PFN_MASK to cure the issue.
+
+Fixes: 12a8cc7fcf54 ("x86/kasan: Use the same shadow offset for 4- and 5-level paging")
+Reported-by: Kirill A. Shutemov <kirill@shutemov.name>
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Alexander Potapenko <glider@google.com>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Cc: kasan-dev@googlegroups.com
+Cc: stable@vger.kernel.org
+Cc: <stable@vger.kernel.org>
+Link: https://lkml.kernel.org/r/20190614143149.2227-1-aryabinin@virtuozzo.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/mm/kasan_init_64.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/mm/kasan_init_64.c
++++ b/arch/x86/mm/kasan_init_64.c
+@@ -194,7 +194,7 @@ static inline p4d_t *early_p4d_offset(pg
+ 	if (!IS_ENABLED(CONFIG_X86_5LEVEL))
+ 		return (p4d_t *)pgd;
+ 
+-	p4d = __pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK;
++	p4d = pgd_val(*pgd) & PTE_PFN_MASK;
+ 	p4d += __START_KERNEL_map - phys_base;
+ 	return (p4d_t *)p4d + p4d_index(addr);
+ }
diff --git a/queue-4.14/x86-microcode-cpuhotplug-add-a-microcode-loader-cpu-hotplug-callback.patch b/queue-4.14/x86-microcode-cpuhotplug-add-a-microcode-loader-cpu-hotplug-callback.patch
new file mode 100644
index 00000000000..ba6ad6a8aa8
--- /dev/null
+++ b/queue-4.14/x86-microcode-cpuhotplug-add-a-microcode-loader-cpu-hotplug-callback.patch
@@ -0,0 +1,76 @@
+From 78f4e932f7760d965fb1569025d1576ab77557c5 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Thu, 13 Jun 2019 15:49:02 +0200
+Subject: x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
+
+From: Borislav Petkov <bp@suse.de>
+
+commit 78f4e932f7760d965fb1569025d1576ab77557c5 upstream.
+
+Adric Blake reported the following warning during suspend-resume:
+
+  Enabling non-boot CPUs ...
+  x86: Booting SMP configuration:
+  smpboot: Booting Node 0 Processor 1 APIC 0x2
+  unchecked MSR access error: WRMSR to 0x10f (tried to write 0x0000000000000000) \
+   at rIP: 0xffffffff8d267924 (native_write_msr+0x4/0x20)
+  Call Trace:
+   intel_set_tfa
+   intel_pmu_cpu_starting
+   ? x86_pmu_dead_cpu
+   x86_pmu_starting_cpu
+   cpuhp_invoke_callback
+   ? _raw_spin_lock_irqsave
+   notify_cpu_starting
+   start_secondary
+   secondary_startup_64
+  microcode: sig=0x806ea, pf=0x80, revision=0x96
+  microcode: updated to revision 0xb4, date = 2019-04-01
+  CPU1 is up
+
+The MSR in question is MSR_TFA_RTM_FORCE_ABORT and that MSR is emulated
+by microcode. The log above shows that the microcode loader callback
+happens after the PMU restoration, leading to the conjecture that
+because the microcode hasn't been updated yet, that MSR is not present
+yet, leading to the #GP.
+
+Add a microcode loader-specific hotplug vector which comes before
+the PERF vectors and thus executes earlier and makes sure the MSR is
+present.
+
+Fixes: 400816f60c54 ("perf/x86/intel: Implement support for TSX Force Abort")
+Reported-by: Adric Blake <promarbler14@gmail.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: <stable@vger.kernel.org>
+Cc: x86@kernel.org
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=203637
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/core.c |    2 +-
+ include/linux/cpuhotplug.h           |    1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/microcode/core.c
++++ b/arch/x86/kernel/cpu/microcode/core.c
+@@ -873,7 +873,7 @@ int __init microcode_init(void)
+ 		goto out_ucode_group;
+ 
+ 	register_syscore_ops(&mc_syscore_ops);
+-	cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
++	cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:online",
+ 				  mc_cpu_online, mc_cpu_down_prep);
+ 
+ 	pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION);
+--- a/include/linux/cpuhotplug.h
++++ b/include/linux/cpuhotplug.h
+@@ -100,6 +100,7 @@ enum cpuhp_state {
+ 	CPUHP_AP_IRQ_ARMADA_XP_STARTING,
+ 	CPUHP_AP_IRQ_BCM2836_STARTING,
+ 	CPUHP_AP_ARM_MVEBU_COHERENCY,
++	CPUHP_AP_MICROCODE_LOADER,
+ 	CPUHP_AP_PERF_X86_AMD_UNCORE_STARTING,
+ 	CPUHP_AP_PERF_X86_STARTING,
+ 	CPUHP_AP_PERF_X86_AMD_IBS_STARTING,