From: Greg Kroah-Hartman Date: Sun, 12 Dec 2021 13:26:21 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.4.295~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ccbb73556d9a661ce7d802bf3e40f1846d35d024;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: can-m_can-disable-and-ignore-elo-interrupt.patch can-pch_can-pch_can_rx_normal-fix-use-after-free.patch clk-qcom-regmap-mux-fix-parent-clock-lookup.patch drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch libata-add-horkage-for-asmedia-1092.patch nfsd-fix-nsfd-startup-race-again.patch tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch --- diff --git a/queue-5.4/can-m_can-disable-and-ignore-elo-interrupt.patch b/queue-5.4/can-m_can-disable-and-ignore-elo-interrupt.patch new file mode 100644 index 00000000000..63e2fd2d8fc --- /dev/null +++ b/queue-5.4/can-m_can-disable-and-ignore-elo-interrupt.patch @@ -0,0 +1,63 @@ +From f58ac1adc76b5beda43c64ef359056077df4d93a Mon Sep 17 00:00:00 2001 +From: Brian Silverman +Date: Mon, 29 Nov 2021 14:26:28 -0800 +Subject: can: m_can: Disable and ignore ELO interrupt + +From: Brian Silverman + +commit f58ac1adc76b5beda43c64ef359056077df4d93a upstream. + +With the design of this driver, this condition is often triggered. +However, the counter that this interrupt indicates an overflow is never +read either, so overflowing is harmless. + +On my system, when a CAN bus starts flapping up and down, this locks up +the whole system with lots of interrupts and printks. + +Specifically, this interrupt indicates the CEL field of ECR has +overflowed. All reads of ECR mask out CEL. + +Fixes: e0d1f4816f2a ("can: m_can: add Bosch M_CAN controller support") +Link: https://lore.kernel.org/all/20211129222628.7490-1-brian.silverman@bluerivertech.com +Cc: stable@vger.kernel.org +Signed-off-by: Brian Silverman +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/can/m_can/m_can.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +--- a/drivers/net/can/m_can/m_can.c ++++ b/drivers/net/can/m_can/m_can.c +@@ -206,15 +206,15 @@ enum m_can_reg { + + /* Interrupts for version 3.0.x */ + #define IR_ERR_LEC_30X (IR_STE | IR_FOE | IR_ACKE | IR_BE | IR_CRCE) +-#define IR_ERR_BUS_30X (IR_ERR_LEC_30X | IR_WDI | IR_ELO | IR_BEU | \ +- IR_BEC | IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | \ +- IR_RF1L | IR_RF0L) ++#define IR_ERR_BUS_30X (IR_ERR_LEC_30X | IR_WDI | IR_BEU | IR_BEC | \ ++ IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | IR_RF1L | \ ++ IR_RF0L) + #define IR_ERR_ALL_30X (IR_ERR_STATE | IR_ERR_BUS_30X) + /* Interrupts for version >= 3.1.x */ + #define IR_ERR_LEC_31X (IR_PED | IR_PEA) +-#define IR_ERR_BUS_31X (IR_ERR_LEC_31X | IR_WDI | IR_ELO | IR_BEU | \ +- IR_BEC | IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | \ +- IR_RF1L | IR_RF0L) ++#define IR_ERR_BUS_31X (IR_ERR_LEC_31X | IR_WDI | IR_BEU | IR_BEC | \ ++ IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | IR_RF1L | \ ++ IR_RF0L) + #define IR_ERR_ALL_31X (IR_ERR_STATE | IR_ERR_BUS_31X) + + /* Interrupt Line Select (ILS) */ +@@ -751,8 +751,6 @@ static void m_can_handle_other_err(struc + { + if (irqstatus & IR_WDI) + netdev_err(dev, "Message RAM Watchdog event due to missing READY\n"); +- if (irqstatus & IR_ELO) +- netdev_err(dev, "Error Logging Overflow\n"); + if (irqstatus & IR_BEU) + netdev_err(dev, "Bit Error Uncorrected\n"); + if (irqstatus & IR_BEC) diff --git a/queue-5.4/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch b/queue-5.4/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch new file mode 100644 index 00000000000..2fd4ba91369 --- /dev/null +++ b/queue-5.4/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch @@ -0,0 +1,41 @@ +From 94cddf1e9227a171b27292509d59691819c458db Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 23 Nov 2021 20:16:54 +0900 +Subject: can: pch_can: pch_can_rx_normal: fix use after free + +From: Vincent Mailhol + +commit 94cddf1e9227a171b27292509d59691819c458db upstream. + +After calling netif_receive_skb(skb), dereferencing skb is unsafe. +Especially, the can_frame cf which aliases skb memory is dereferenced +just after the call netif_receive_skb(skb). + +Reordering the lines solves the issue. + +Fixes: b21d18b51b31 ("can: Topcliff: Add PCH_CAN driver.") +Link: https://lore.kernel.org/all/20211123111654.621610-1-mailhol.vincent@wanadoo.fr +Cc: stable@vger.kernel.org +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/can/pch_can.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/can/pch_can.c ++++ b/drivers/net/can/pch_can.c +@@ -692,11 +692,11 @@ static int pch_can_rx_normal(struct net_ + cf->data[i + 1] = data_reg >> 8; + } + +- netif_receive_skb(skb); + rcv_pkts++; + stats->rx_packets++; + quota--; + stats->rx_bytes += cf->can_dlc; ++ netif_receive_skb(skb); + + pch_fifo_thresh(priv, obj_num); + obj_num++; diff --git a/queue-5.4/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch b/queue-5.4/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch new file mode 100644 index 00000000000..78c05dbb5e2 --- /dev/null +++ b/queue-5.4/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch @@ -0,0 +1,70 @@ +From 9a61f813fcc8d56d85fcf9ca6119cf2b5ac91dd5 Mon Sep 17 00:00:00 2001 +From: Dmitry Baryshkov +Date: Tue, 16 Nov 2021 02:34:07 +0300 +Subject: clk: qcom: regmap-mux: fix parent clock lookup + +From: Dmitry Baryshkov + +commit 9a61f813fcc8d56d85fcf9ca6119cf2b5ac91dd5 upstream. + +The function mux_get_parent() uses qcom_find_src_index() to find the +parent clock index, which is incorrect: qcom_find_src_index() uses src +enum for the lookup, while mux_get_parent() should use cfg field (which +corresponds to the register value). Add qcom_find_cfg_index() function +doing this kind of lookup and use it for mux parent lookup. + +Fixes: df964016490b ("clk: qcom: add parent map for regmap mux") +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20211115233407.1046179-1-dmitry.baryshkov@linaro.org +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-regmap-mux.c | 2 +- + drivers/clk/qcom/common.c | 12 ++++++++++++ + drivers/clk/qcom/common.h | 2 ++ + 3 files changed, 15 insertions(+), 1 deletion(-) + +--- a/drivers/clk/qcom/clk-regmap-mux.c ++++ b/drivers/clk/qcom/clk-regmap-mux.c +@@ -28,7 +28,7 @@ static u8 mux_get_parent(struct clk_hw * + val &= mask; + + if (mux->parent_map) +- return qcom_find_src_index(hw, mux->parent_map, val); ++ return qcom_find_cfg_index(hw, mux->parent_map, val); + + return val; + } +--- a/drivers/clk/qcom/common.c ++++ b/drivers/clk/qcom/common.c +@@ -69,6 +69,18 @@ int qcom_find_src_index(struct clk_hw *h + } + EXPORT_SYMBOL_GPL(qcom_find_src_index); + ++int qcom_find_cfg_index(struct clk_hw *hw, const struct parent_map *map, u8 cfg) ++{ ++ int i, num_parents = clk_hw_get_num_parents(hw); ++ ++ for (i = 0; i < num_parents; i++) ++ if (cfg == map[i].cfg) ++ return i; ++ ++ return -ENOENT; ++} ++EXPORT_SYMBOL_GPL(qcom_find_cfg_index); ++ + struct regmap * + qcom_cc_map(struct platform_device *pdev, const struct qcom_cc_desc *desc) + { +--- a/drivers/clk/qcom/common.h ++++ b/drivers/clk/qcom/common.h +@@ -49,6 +49,8 @@ extern void + qcom_pll_set_fsm_mode(struct regmap *m, u32 reg, u8 bias_count, u8 lock_count); + extern int qcom_find_src_index(struct clk_hw *hw, const struct parent_map *map, + u8 src); ++extern int qcom_find_cfg_index(struct clk_hw *hw, const struct parent_map *map, ++ u8 cfg); + + extern int qcom_cc_register_board_clk(struct device *dev, const char *path, + const char *name, unsigned long rate); diff --git a/queue-5.4/drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch b/queue-5.4/drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch new file mode 100644 index 00000000000..268efe034f7 --- /dev/null +++ b/queue-5.4/drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch @@ -0,0 +1,59 @@ +From b19926d4f3a660a8b76e5d989ffd1168e619a5c4 Mon Sep 17 00:00:00 2001 +From: Bas Nieuwenhuizen +Date: Wed, 8 Dec 2021 03:39:35 +0100 +Subject: drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Bas Nieuwenhuizen + +commit b19926d4f3a660a8b76e5d989ffd1168e619a5c4 upstream. + +dma_fence_chain_find_seqno only ever returns the top fence in the +chain or an unsignalled fence. Hence if we request a seqno that +is already signalled it returns a NULL fence. Some callers are +not prepared to handle this, like the syncobj transfer functions +for example. + +This behavior is "new" with timeline syncobj and it looks like +not all callers were updated. To fix this behavior make sure +that a successful drm_sync_find_fence always returns a non-NULL +fence. + +v2: Move the fix to drm_syncobj_find_fence from the transfer + functions. + +Fixes: ea569910cbab ("drm/syncobj: add transition iotcls between binary and timeline v2") +Cc: stable@vger.kernel.org +Signed-off-by: Bas Nieuwenhuizen +Reviewed-by: Christian König +Acked-by: Lionel Landwerlin +Signed-off-by: Christian König +Link: https://patchwork.freedesktop.org/patch/msgid/20211208023935.17018-1-bas@basnieuwenhuizen.nl +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_syncobj.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/drm_syncobj.c ++++ b/drivers/gpu/drm/drm_syncobj.c +@@ -329,8 +329,17 @@ int drm_syncobj_find_fence(struct drm_fi + + if (*fence) { + ret = dma_fence_chain_find_seqno(fence, point); +- if (!ret) ++ if (!ret) { ++ /* If the requested seqno is already signaled ++ * drm_syncobj_find_fence may return a NULL ++ * fence. To make sure the recipient gets ++ * signalled, use a new fence instead. ++ */ ++ if (!*fence) ++ *fence = dma_fence_get_stub(); ++ + goto out; ++ } + dma_fence_put(*fence); + } else { + ret = -EINVAL; diff --git a/queue-5.4/libata-add-horkage-for-asmedia-1092.patch b/queue-5.4/libata-add-horkage-for-asmedia-1092.patch new file mode 100644 index 00000000000..a4ffe6c63d8 --- /dev/null +++ b/queue-5.4/libata-add-horkage-for-asmedia-1092.patch @@ -0,0 +1,33 @@ +From a66307d473077b7aeba74e9b09c841ab3d399c2d Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Wed, 8 Dec 2021 07:58:53 +0100 +Subject: libata: add horkage for ASMedia 1092 + +From: Hannes Reinecke + +commit a66307d473077b7aeba74e9b09c841ab3d399c2d upstream. + +The ASMedia 1092 has a configuration mode which will present a +dummy device; sadly the implementation falsely claims to provide +a device with 100M which doesn't actually exist. +So disable this device to avoid errors during boot. + +Cc: stable@vger.kernel.org +Signed-off-by: Hannes Reinecke +Signed-off-by: Damien Le Moal +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ata/libata-core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -4437,6 +4437,8 @@ static const struct ata_blacklist_entry + { "VRFDFC22048UCHC-TE*", NULL, ATA_HORKAGE_NODMA }, + /* Odd clown on sil3726/4726 PMPs */ + { "Config Disk", NULL, ATA_HORKAGE_DISABLE }, ++ /* Similar story with ASMedia 1092 */ ++ { "ASMT109x- Config", NULL, ATA_HORKAGE_DISABLE }, + + /* Weird ATAPI devices */ + { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 }, diff --git a/queue-5.4/nfsd-fix-nsfd-startup-race-again.patch b/queue-5.4/nfsd-fix-nsfd-startup-race-again.patch new file mode 100644 index 00000000000..b0ce4de45f8 --- /dev/null +++ b/queue-5.4/nfsd-fix-nsfd-startup-race-again.patch @@ -0,0 +1,109 @@ +From b10252c7ae9c9d7c90552f88b544a44ee773af64 Mon Sep 17 00:00:00 2001 +From: Alexander Sverdlin +Date: Tue, 7 Dec 2021 15:00:39 +0100 +Subject: nfsd: Fix nsfd startup race (again) + +From: Alexander Sverdlin + +commit b10252c7ae9c9d7c90552f88b544a44ee773af64 upstream. + +Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") +has re-opened rpc_pipefs_event() race against nfsd_net_id registration +(register_pernet_subsys()) which has been fixed by commit bb7ffbf29e76 +("nfsd: fix nsfd startup race triggering BUG_ON"). + +Restore the order of register_pernet_subsys() vs register_cld_notifier(). +Add WARN_ON() to prevent a future regression. + +Crash info: +Unable to handle kernel NULL pointer dereference at virtual address 0000000000000012 +CPU: 8 PID: 345 Comm: mount Not tainted 5.4.144-... #1 +pc : rpc_pipefs_event+0x54/0x120 [nfsd] +lr : rpc_pipefs_event+0x48/0x120 [nfsd] +Call trace: + rpc_pipefs_event+0x54/0x120 [nfsd] + blocking_notifier_call_chain + rpc_fill_super + get_tree_keyed + rpc_fs_get_tree + vfs_get_tree + do_mount + ksys_mount + __arm64_sys_mount + el0_svc_handler + el0_svc + +Fixes: bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") +Cc: stable@vger.kernel.org +Signed-off-by: Alexander Sverdlin +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4recover.c | 1 + + fs/nfsd/nfsctl.c | 14 +++++++------- + 2 files changed, 8 insertions(+), 7 deletions(-) + +--- a/fs/nfsd/nfs4recover.c ++++ b/fs/nfsd/nfs4recover.c +@@ -2177,6 +2177,7 @@ static struct notifier_block nfsd4_cld_b + int + register_cld_notifier(void) + { ++ WARN_ON(!nfsd_net_id); + return rpc_pipefs_notifier_register(&nfsd4_cld_block); + } + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1526,12 +1526,9 @@ static int __init init_nfsd(void) + int retval; + printk(KERN_INFO "Installing knfsd (copyright (C) 1996 okir@monad.swb.de).\n"); + +- retval = register_cld_notifier(); +- if (retval) +- return retval; + retval = nfsd4_init_slabs(); + if (retval) +- goto out_unregister_notifier; ++ return retval; + retval = nfsd4_init_pnfs(); + if (retval) + goto out_free_slabs; +@@ -1549,9 +1546,14 @@ static int __init init_nfsd(void) + goto out_free_exports; + retval = register_pernet_subsys(&nfsd_net_ops); + if (retval < 0) ++ goto out_free_filesystem; ++ retval = register_cld_notifier(); ++ if (retval) + goto out_free_all; + return 0; + out_free_all: ++ unregister_pernet_subsys(&nfsd_net_ops); ++out_free_filesystem: + unregister_filesystem(&nfsd_fs_type); + out_free_exports: + remove_proc_entry("fs/nfs/exports", NULL); +@@ -1565,13 +1567,12 @@ out_free_stat: + nfsd4_exit_pnfs(); + out_free_slabs: + nfsd4_free_slabs(); +-out_unregister_notifier: +- unregister_cld_notifier(); + return retval; + } + + static void __exit exit_nfsd(void) + { ++ unregister_cld_notifier(); + unregister_pernet_subsys(&nfsd_net_ops); + nfsd_drc_slab_free(); + remove_proc_entry("fs/nfs/exports", NULL); +@@ -1582,7 +1583,6 @@ static void __exit exit_nfsd(void) + nfsd4_exit_pnfs(); + nfsd_fault_inject_cleanup(); + unregister_filesystem(&nfsd_fs_type); +- unregister_cld_notifier(); + } + + MODULE_AUTHOR("Olaf Kirch "); diff --git a/queue-5.4/series b/queue-5.4/series index f4cc6873550..26455740f11 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -32,3 +32,11 @@ alsa-pcm-oss-limit-the-period-size-to-16mb.patch alsa-pcm-oss-handle-missing-errors-in-snd_pcm_oss_change_params.patch btrfs-clear-extent-buffer-uptodate-when-we-fail-to-write-it.patch btrfs-replace-the-bug_on-in-btrfs_del_root_ref-with-proper-error-handling.patch +nfsd-fix-nsfd-startup-race-again.patch +tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch +clk-qcom-regmap-mux-fix-parent-clock-lookup.patch +drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch +can-pch_can-pch_can_rx_normal-fix-use-after-free.patch +can-m_can-disable-and-ignore-elo-interrupt.patch +x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch +libata-add-horkage-for-asmedia-1092.patch diff --git a/queue-5.4/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch b/queue-5.4/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch new file mode 100644 index 00000000000..142fbae499e --- /dev/null +++ b/queue-5.4/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch @@ -0,0 +1,53 @@ +From ee7f3666995d8537dec17b1d35425f28877671a9 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Wed, 8 Dec 2021 07:57:20 -0500 +Subject: tracefs: Have new files inherit the ownership of their parent + +From: Steven Rostedt (VMware) + +commit ee7f3666995d8537dec17b1d35425f28877671a9 upstream. + +If directories in tracefs have their ownership changed, then any new files +and directories that are created under those directories should inherit +the ownership of the director they are created in. + +Link: https://lkml.kernel.org/r/20211208075720.4855d180@gandalf.local.home + +Cc: Kees Cook +Cc: Ingo Molnar +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: Al Viro +Cc: Greg Kroah-Hartman +Cc: Yabin Cui +Cc: Christian Brauner +Cc: stable@vger.kernel.org +Fixes: 4282d60689d4f ("tracefs: Add new tracefs file system") +Reported-by: Kalesh Singh +Reported: https://lore.kernel.org/all/CAC_TJve8MMAv+H_NdLSJXZUSoxOEq2zB_pVaJ9p=7H6Bu3X76g@mail.gmail.com/ +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman +--- + fs/tracefs/inode.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/tracefs/inode.c ++++ b/fs/tracefs/inode.c +@@ -409,6 +409,8 @@ struct dentry *tracefs_create_file(const + inode->i_mode = mode; + inode->i_fop = fops ? fops : &tracefs_file_operations; + inode->i_private = data; ++ inode->i_uid = d_inode(dentry->d_parent)->i_uid; ++ inode->i_gid = d_inode(dentry->d_parent)->i_gid; + d_instantiate(dentry, inode); + fsnotify_create(dentry->d_parent->d_inode, dentry); + return end_creating(dentry); +@@ -431,6 +433,8 @@ static struct dentry *__create_dir(const + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP; + inode->i_op = ops; + inode->i_fop = &simple_dir_operations; ++ inode->i_uid = d_inode(dentry->d_parent)->i_uid; ++ inode->i_gid = d_inode(dentry->d_parent)->i_gid; + + /* directory inodes start off with i_nlink == 2 (for "." entry) */ + inc_nlink(inode); diff --git a/queue-5.4/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch b/queue-5.4/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch new file mode 100644 index 00000000000..61c8af0105b --- /dev/null +++ b/queue-5.4/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch @@ -0,0 +1,60 @@ +From 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Wed, 20 Oct 2021 13:02:11 -0500 +Subject: x86/sme: Explicitly map new EFI memmap table as encrypted + +From: Tom Lendacky + +commit 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 upstream. + +Reserving memory using efi_mem_reserve() calls into the x86 +efi_arch_mem_reserve() function. This function will insert a new EFI +memory descriptor into the EFI memory map representing the area of +memory to be reserved and marking it as EFI runtime memory. As part +of adding this new entry, a new EFI memory map is allocated and mapped. +The mapping is where a problem can occur. This new memory map is mapped +using early_memremap() and generally mapped encrypted, unless the new +memory for the mapping happens to come from an area of memory that is +marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will +be mapped unencrypted. However, during replacement of the old memory map, +efi_mem_type() is disabled, so the new memory map will now be long-term +mapped encrypted (in efi.memmap), resulting in the map containing invalid +data and causing the kernel boot to crash. + +Since it is known that the area will be mapped encrypted going forward, +explicitly map the new memory map as encrypted using early_memremap_prot(). + +Cc: # 4.14.x +Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear") +Link: https://lore.kernel.org/all/ebf1eb2940405438a09d51d121ec0d02c8755558.1634752931.git.thomas.lendacky@amd.com/ +Signed-off-by: Tom Lendacky +[ardb: incorporate Kconfig fix by Arnd] +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/Kconfig | 1 + + arch/x86/platform/efi/quirks.c | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1990,6 +1990,7 @@ config EFI + depends on ACPI + select UCS2_STRING + select EFI_RUNTIME_WRAPPERS ++ select ARCH_USE_MEMREMAP_PROT + ---help--- + This enables the kernel to use EFI runtime services that are + available (such as the EFI variable services). +--- a/arch/x86/platform/efi/quirks.c ++++ b/arch/x86/platform/efi/quirks.c +@@ -279,7 +279,8 @@ void __init efi_arch_mem_reserve(phys_ad + return; + } + +- new = early_memremap(new_phys, new_size); ++ new = early_memremap_prot(new_phys, new_size, ++ pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL))); + if (!new) { + pr_err("Failed to map new boot services memmap\n"); + return;