From: Greg Kroah-Hartman Date: Fri, 19 Nov 2021 13:38:24 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v5.4.161~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ffd1146e31d8da33d6b408ef9e339288963e8254;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: arm64-vdso32-suppress-error-message-for-make-mrproper.patch parisc-entry-fix-trace-test-in-syscall-exit-path.patch x86-iopl-fake-iopl-3-cli-sti-usage.patch --- diff --git a/queue-5.10/arm64-vdso32-suppress-error-message-for-make-mrproper.patch b/queue-5.10/arm64-vdso32-suppress-error-message-for-make-mrproper.patch new file mode 100644 index 00000000000..e380c3a9f6b --- /dev/null +++ b/queue-5.10/arm64-vdso32-suppress-error-message-for-make-mrproper.patch @@ -0,0 +1,48 @@ +From 14831fad73f5ac30ac61760487d95a538e6ab3cb Mon Sep 17 00:00:00 2001 +From: Nick Desaulniers +Date: Tue, 19 Oct 2021 15:36:45 -0700 +Subject: arm64: vdso32: suppress error message for 'make mrproper' + +From: Nick Desaulniers + +commit 14831fad73f5ac30ac61760487d95a538e6ab3cb upstream. + +When running the following command without arm-linux-gnueabi-gcc in +one's $PATH, the following warning is observed: + +$ ARCH=arm64 CROSS_COMPILE_COMPAT=arm-linux-gnueabi- make -j72 LLVM=1 mrproper +make[1]: arm-linux-gnueabi-gcc: No such file or directory + +This is because KCONFIG is not run for mrproper, so CONFIG_CC_IS_CLANG +is not set, and we end up eagerly evaluating various variables that try +to invoke CC_COMPAT. + +This is a similar problem to what was observed in +commit dc960bfeedb0 ("h8300: suppress error messages for 'make clean'") + +Reported-by: Lucas Henneman +Suggested-by: Masahiro Yamada +Signed-off-by: Nick Desaulniers +Reviewed-by: Vincenzo Frascino +Reviewed-by: Nathan Chancellor +Tested-by: Nathan Chancellor +Link: https://lore.kernel.org/r/20211019223646.1146945-4-ndesaulniers@google.com +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/vdso32/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/arm64/kernel/vdso32/Makefile ++++ b/arch/arm64/kernel/vdso32/Makefile +@@ -48,7 +48,8 @@ cc32-as-instr = $(call try-run,\ + # As a result we set our own flags here. + + # KBUILD_CPPFLAGS and NOSTDINC_FLAGS from top-level Makefile +-VDSO_CPPFLAGS := -D__KERNEL__ -nostdinc -isystem $(shell $(CC_COMPAT) -print-file-name=include) ++VDSO_CPPFLAGS := -D__KERNEL__ -nostdinc ++VDSO_CPPFLAGS += -isystem $(shell $(CC_COMPAT) -print-file-name=include) + VDSO_CPPFLAGS += $(LINUXINCLUDE) + + # Common C and assembly flags diff --git a/queue-5.10/parisc-entry-fix-trace-test-in-syscall-exit-path.patch b/queue-5.10/parisc-entry-fix-trace-test-in-syscall-exit-path.patch new file mode 100644 index 00000000000..c48942a96e0 --- /dev/null +++ b/queue-5.10/parisc-entry-fix-trace-test-in-syscall-exit-path.patch @@ -0,0 +1,42 @@ +From 3ec18fc7831e7d79e2d536dd1f3bc0d3ba425e8a Mon Sep 17 00:00:00 2001 +From: Sven Schnelle +Date: Sat, 13 Nov 2021 20:41:17 +0100 +Subject: parisc/entry: fix trace test in syscall exit path + +From: Sven Schnelle + +commit 3ec18fc7831e7d79e2d536dd1f3bc0d3ba425e8a upstream. + +commit 8779e05ba8aa ("parisc: Fix ptrace check on syscall return") +fixed testing of TI_FLAGS. This uncovered a bug in the test mask. +syscall_restore_rfi is only used when the kernel needs to exit to +usespace with single or block stepping and the recovery counter +enabled. The test however used _TIF_SYSCALL_TRACE_MASK, which +includes a lot of bits that shouldn't be tested here. + +Fix this by using TIF_SINGLESTEP and TIF_BLOCKSTEP directly. + +I encountered this bug by enabling syscall tracepoints. Both in qemu and +on real hardware. As soon as i enabled the tracepoint (sys_exit_read, +but i guess it doesn't really matter which one), i got random page +faults in userspace almost immediately. + +Signed-off-by: Sven Schnelle +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/entry.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/parisc/kernel/entry.S ++++ b/arch/parisc/kernel/entry.S +@@ -1849,7 +1849,7 @@ syscall_restore: + + /* Are we being ptraced? */ + LDREG TI_FLAGS-THREAD_SZ_ALGN-FRAME_SIZE(%r30),%r19 +- ldi _TIF_SYSCALL_TRACE_MASK,%r2 ++ ldi _TIF_SINGLESTEP|_TIF_BLOCKSTEP,%r2 + and,COND(=) %r19,%r2,%r0 + b,n syscall_restore_rfi + diff --git a/queue-5.10/series b/queue-5.10/series index 2e965f48011..abc40861af1 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -8,3 +8,6 @@ net-stmmac-fix-missing-unlock-on-error-in-stmmac_suspend.patch net-stmmac-fix-system-hang-if-change-mac-address-after-interface-ifdown.patch net-stmmac-fix-issue-where-clk-is-being-unprepared-twice.patch net-stmmac-dwmac-rk-fix-unbalanced-pm_runtime_enable-warnings.patch +arm64-vdso32-suppress-error-message-for-make-mrproper.patch +x86-iopl-fake-iopl-3-cli-sti-usage.patch +parisc-entry-fix-trace-test-in-syscall-exit-path.patch diff --git a/queue-5.10/x86-iopl-fake-iopl-3-cli-sti-usage.patch b/queue-5.10/x86-iopl-fake-iopl-3-cli-sti-usage.patch new file mode 100644 index 00000000000..c0a2ee2144d --- /dev/null +++ b/queue-5.10/x86-iopl-fake-iopl-3-cli-sti-usage.patch @@ -0,0 +1,133 @@ +From b968e84b509da593c50dc3db679e1d33de701f78 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Fri, 17 Sep 2021 11:20:04 +0200 +Subject: x86/iopl: Fake iopl(3) CLI/STI usage + +From: Peter Zijlstra + +commit b968e84b509da593c50dc3db679e1d33de701f78 upstream. + +Since commit c8137ace5638 ("x86/iopl: Restrict iopl() permission +scope") it's possible to emulate iopl(3) using ioperm(), except for +the CLI/STI usage. + +Userspace CLI/STI usage is very dubious (read broken), since any +exception taken during that window can lead to rescheduling anyway (or +worse). The IOPL(2) manpage even states that usage of CLI/STI is highly +discouraged and might even crash the system. + +Of course, that won't stop people and HP has the dubious honour of +being the first vendor to be found using this in their hp-health +package. + +In order to enable this 'software' to still 'work', have the #GP treat +the CLI/STI instructions as NOPs when iopl(3). Warn the user that +their program is doing dubious things. + +Fixes: a24ca9976843 ("x86/iopl: Remove legacy IOPL option") +Reported-by: Ondrej Zary +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Thomas Gleixner +Cc: stable@kernel.org # v5.5+ +Link: https://lkml.kernel.org/r/20210918090641.GD5106@worktop.programming.kicks-ass.net +Signed-off-by: Ondrej Zary +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/insn-eval.h | 1 + + arch/x86/include/asm/processor.h | 1 + + arch/x86/kernel/process.c | 1 + + arch/x86/kernel/traps.c | 34 ++++++++++++++++++++++++++++++++++ + arch/x86/lib/insn-eval.c | 2 +- + 5 files changed, 38 insertions(+), 1 deletion(-) + +--- a/arch/x86/include/asm/insn-eval.h ++++ b/arch/x86/include/asm/insn-eval.h +@@ -21,6 +21,7 @@ int insn_get_modrm_rm_off(struct insn *i + int insn_get_modrm_reg_off(struct insn *insn, struct pt_regs *regs); + unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx); + int insn_get_code_seg_params(struct pt_regs *regs); ++unsigned long insn_get_effective_ip(struct pt_regs *regs); + int insn_fetch_from_user(struct pt_regs *regs, + unsigned char buf[MAX_INSN_SIZE]); + int insn_fetch_from_user_inatomic(struct pt_regs *regs, +--- a/arch/x86/include/asm/processor.h ++++ b/arch/x86/include/asm/processor.h +@@ -534,6 +534,7 @@ struct thread_struct { + */ + unsigned long iopl_emul; + ++ unsigned int iopl_warn:1; + unsigned int sig_on_uaccess_err:1; + + /* Floating point and extended processor state */ +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -138,6 +138,7 @@ int copy_thread(unsigned long clone_flag + frame->ret_addr = (unsigned long) ret_from_fork; + p->thread.sp = (unsigned long) fork_frame; + p->thread.io_bitmap = NULL; ++ p->thread.iopl_warn = 0; + memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps)); + + #ifdef CONFIG_X86_64 +--- a/arch/x86/kernel/traps.c ++++ b/arch/x86/kernel/traps.c +@@ -523,6 +523,37 @@ static enum kernel_gp_hint get_kernel_gp + + #define GPFSTR "general protection fault" + ++static bool fixup_iopl_exception(struct pt_regs *regs) ++{ ++ struct thread_struct *t = ¤t->thread; ++ unsigned char byte; ++ unsigned long ip; ++ ++ if (!IS_ENABLED(CONFIG_X86_IOPL_IOPERM) || t->iopl_emul != 3) ++ return false; ++ ++ ip = insn_get_effective_ip(regs); ++ if (!ip) ++ return false; ++ ++ if (get_user(byte, (const char __user *)ip)) ++ return false; ++ ++ if (byte != 0xfa && byte != 0xfb) ++ return false; ++ ++ if (!t->iopl_warn && printk_ratelimit()) { ++ pr_err("%s[%d] attempts to use CLI/STI, pretending it's a NOP, ip:%lx", ++ current->comm, task_pid_nr(current), ip); ++ print_vma_addr(KERN_CONT " in ", ip); ++ pr_cont("\n"); ++ t->iopl_warn = 1; ++ } ++ ++ regs->ip += 1; ++ return true; ++} ++ + DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) + { + char desc[sizeof(GPFSTR) + 50 + 2*sizeof(unsigned long) + 1] = GPFSTR; +@@ -548,6 +579,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_pr + tsk = current; + + if (user_mode(regs)) { ++ if (fixup_iopl_exception(regs)) ++ goto exit; ++ + tsk->thread.error_code = error_code; + tsk->thread.trap_nr = X86_TRAP_GP; + +--- a/arch/x86/lib/insn-eval.c ++++ b/arch/x86/lib/insn-eval.c +@@ -1415,7 +1415,7 @@ void __user *insn_get_addr_ref(struct in + } + } + +-static unsigned long insn_get_effective_ip(struct pt_regs *regs) ++unsigned long insn_get_effective_ip(struct pt_regs *regs) + { + unsigned long seg_base = 0; +