From 595f9a7e0085ef66b3d842ffda10c01e38eceb4a Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 11 Apr 2024 08:53:06 +0200
Subject: [PATCH] 5.15-stable patches

added patches:
	gcc-plugins-stackleak-avoid-.head.text-section.patch
	gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch
---
 ...s-stackleak-avoid-.head.text-section.patch | 36 ++++++++++++++++
 ...ignore-.noinstr.text-and-.entry.text.patch | 42 +++++++++++++++++++
 queue-5.15/series                             |  2 +
 3 files changed, 80 insertions(+)
 create mode 100644 queue-5.15/gcc-plugins-stackleak-avoid-.head.text-section.patch
 create mode 100644 queue-5.15/gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch

diff --git a/queue-5.15/gcc-plugins-stackleak-avoid-.head.text-section.patch b/queue-5.15/gcc-plugins-stackleak-avoid-.head.text-section.patch
new file mode 100644
index 0000000000..9e66c7817e
--- /dev/null
+++ b/queue-5.15/gcc-plugins-stackleak-avoid-.head.text-section.patch
@@ -0,0 +1,36 @@
+From e7d24c0aa8e678f41457d1304e2091cac6fd1a2e Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Thu, 28 Mar 2024 07:42:57 +0100
+Subject: gcc-plugins/stackleak: Avoid .head.text section
+
+From: Ard Biesheuvel <ardb@kernel.org>
+
+commit e7d24c0aa8e678f41457d1304e2091cac6fd1a2e upstream.
+
+The .head.text section carries the startup code that runs with the MMU
+off or with a translation of memory that deviates from the ordinary one.
+So avoid instrumentation with the stackleak plugin, which already avoids
+.init.text and .noinstr.text entirely.
+
+Fixes: 48204aba801f1b51 ("x86/sme: Move early SME kernel encryption handling into .head.text")
+Reported-by: kernel test robot <oliver.sang@intel.com>
+Closes: https://lore.kernel.org/oe-lkp/202403221630.2692c998-oliver.sang@intel.com
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Link: https://lore.kernel.org/r/20240328064256.2358634-2-ardb+git@google.com
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ scripts/gcc-plugins/stackleak_plugin.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/scripts/gcc-plugins/stackleak_plugin.c
++++ b/scripts/gcc-plugins/stackleak_plugin.c
+@@ -467,6 +467,8 @@ static bool stackleak_gate(void)
+ 			return false;
+ 		if (STRING_EQUAL(section, ".entry.text"))
+ 			return false;
++		if (STRING_EQUAL(section, ".head.text"))
++			return false;
+ 	}
+ 
+ 	return track_frame_size >= 0;
diff --git a/queue-5.15/gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch b/queue-5.15/gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch
new file mode 100644
index 0000000000..19649a3112
--- /dev/null
+++ b/queue-5.15/gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch
@@ -0,0 +1,42 @@
+From ae978009fc013e3166c9f523f8b17e41a3c0286e Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Sun, 6 Feb 2022 09:12:50 -0800
+Subject: gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
+
+From: Kees Cook <keescook@chromium.org>
+
+commit ae978009fc013e3166c9f523f8b17e41a3c0286e upstream.
+
+The .noinstr.text section functions may not have "current()" sanely
+available. Similarly true for .entry.text, though such a check is
+currently redundant. Add a check for both. In an x86_64 defconfig build,
+the following functions no longer receive stackleak instrumentation:
+
+	__do_fast_syscall_32()
+	do_int80_syscall_32()
+	do_machine_check()
+	do_syscall_64()
+	exc_general_protection()
+	fixup_bad_iret()
+
+Suggested-by: Peter Zijlstra <peterz@infradead.org>
+Cc: Alexander Popov <alex.popov@linux.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ scripts/gcc-plugins/stackleak_plugin.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/scripts/gcc-plugins/stackleak_plugin.c
++++ b/scripts/gcc-plugins/stackleak_plugin.c
+@@ -463,6 +463,10 @@ static bool stackleak_gate(void)
+ 			return false;
+ 		if (STRING_EQUAL(section, ".meminit.text"))
+ 			return false;
++		if (STRING_EQUAL(section, ".noinstr.text"))
++			return false;
++		if (STRING_EQUAL(section, ".entry.text"))
++			return false;
+ 	}
+ 
+ 	return track_frame_size >= 0;
diff --git a/queue-5.15/series b/queue-5.15/series
index 20f9a69b17..854ad0c53d 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -47,3 +47,5 @@ netfilter-nf_tables-release-batch-on-table-validatio.patch
 netfilter-nf_tables-release-mutex-after-nft_gc_seq_e.patch
 netfilter-nf_tables-discard-table-flag-update-with-p.patch
 tty-n_gsm-require-cap_net_admin-to-attach-n_gsm0710-ldisc.patch
+gcc-plugins-stackleak-ignore-.noinstr.text-and-.entry.text.patch
+gcc-plugins-stackleak-avoid-.head.text-section.patch
-- 
2.39.2