From 649a53fce762a3ef99464795fae98f377bf399ac Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 27 Nov 2017 13:40:17 +0100 Subject: [PATCH] 4.14-stable patches added patches: arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch arm64-implement-arch-specific-pte_access_permitted.patch mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch mips-ralink-fix-mt7628-pinmux.patch mips-ralink-fix-typo-in-mt7628-pinmux-function.patch perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch uapi-fix-linux-tls.h-userspace-compilation-error.patch x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch x86-decoder-add-new-test-instruction-pattern.patch x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch --- ...-dump-check-hardware-ro-bit-for-lpae.patch | 55 +++++++++ ...strict_kernel_rwx-effective-for-lpae.patch | 48 ++++++++ ...t-arch-specific-pte_access_permitted.patch | 59 ++++++++++ ...unting_gen-don-t-work-for-32-bit-smp.patch | 57 ++++++++++ .../mips-ralink-fix-mt7628-pinmux.patch | 38 +++++++ ...k-fix-typo-in-mt7628-pinmux-function.patch | 36 ++++++ ...tsx-events-when-rtm-is-not-supported.patch | 105 ++++++++++++++++++ queue-4.14/series | 13 +++ ...rxrpc.h-userspace-compilation-errors.patch | 57 ++++++++++ ...ux-tls.h-userspace-compilation-error.patch | 55 +++++++++ ...lure-when-smp-mp-table-is-based-at-0.patch | 69 ++++++++++++ ...der-add-new-test-instruction-pattern.patch | 58 ++++++++++ ...lags-tracing-to-native_load_gs_index.patch | 95 ++++++++++++++++ ...syscall_64_after_hwframe-irq-tracing.patch | 61 ++++++++++ 14 files changed, 806 insertions(+) create mode 100644 queue-4.14/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch create mode 100644 queue-4.14/arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch create mode 100644 queue-4.14/arm64-implement-arch-specific-pte_access_permitted.patch create mode 100644 queue-4.14/mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch create mode 100644 queue-4.14/mips-ralink-fix-mt7628-pinmux.patch create mode 100644 queue-4.14/mips-ralink-fix-typo-in-mt7628-pinmux-function.patch create mode 100644 queue-4.14/perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch create mode 100644 queue-4.14/uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch create mode 100644 queue-4.14/uapi-fix-linux-tls.h-userspace-compilation-error.patch create mode 100644 queue-4.14/x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch create mode 100644 queue-4.14/x86-decoder-add-new-test-instruction-pattern.patch create mode 100644 queue-4.14/x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch create mode 100644 queue-4.14/x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch diff --git a/queue-4.14/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch b/queue-4.14/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch new file mode 100644 index 00000000000..e93ddd78b21 --- /dev/null +++ b/queue-4.14/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch @@ -0,0 +1,55 @@ +From 3b0c0c922ff4be275a8beb87ce5657d16f355b54 Mon Sep 17 00:00:00 2001 +From: Philip Derrin +Date: Tue, 14 Nov 2017 00:55:26 +0100 +Subject: ARM: 8721/1: mm: dump: check hardware RO bit for LPAE + +From: Philip Derrin + +commit 3b0c0c922ff4be275a8beb87ce5657d16f355b54 upstream. + +When CONFIG_ARM_LPAE is set, the PMD dump relies on the software +read-only bit to determine whether a page is writable. This +concealed a bug which left the kernel text section writable +(AP2=0) while marked read-only in the software bit. + +In a kernel with the AP2 bug, the dump looks like this: + + ---[ Kernel Mapping ]--- + 0xc0000000-0xc0200000 2M RW NX SHD + 0xc0200000-0xc0600000 4M ro x SHD + 0xc0600000-0xc0800000 2M ro NX SHD + 0xc0800000-0xc4800000 64M RW NX SHD + +The fix is to check that the software and hardware bits are both +set before displaying "ro". The dump then shows the true perms: + + ---[ Kernel Mapping ]--- + 0xc0000000-0xc0200000 2M RW NX SHD + 0xc0200000-0xc0600000 4M RW x SHD + 0xc0600000-0xc0800000 2M RW NX SHD + 0xc0800000-0xc4800000 64M RW NX SHD + +Fixes: ded947798469 ("ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE") +Signed-off-by: Philip Derrin +Tested-by: Neil Dick +Reviewed-by: Kees Cook +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mm/dump.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm/mm/dump.c ++++ b/arch/arm/mm/dump.c +@@ -129,8 +129,8 @@ static const struct prot_bits section_bi + .val = PMD_SECT_USER, + .set = "USR", + }, { +- .mask = L_PMD_SECT_RDONLY, +- .val = L_PMD_SECT_RDONLY, ++ .mask = L_PMD_SECT_RDONLY | PMD_SECT_AP2, ++ .val = L_PMD_SECT_RDONLY | PMD_SECT_AP2, + .set = "ro", + .clear = "RW", + #elif __LINUX_ARM_ARCH__ >= 6 diff --git a/queue-4.14/arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch b/queue-4.14/arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch new file mode 100644 index 00000000000..7f16d2af22e --- /dev/null +++ b/queue-4.14/arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch @@ -0,0 +1,48 @@ +From 400eeffaffc7232c0ae1134fe04e14ae4fb48d8c Mon Sep 17 00:00:00 2001 +From: Philip Derrin +Date: Tue, 14 Nov 2017 00:55:25 +0100 +Subject: ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE + +From: Philip Derrin + +commit 400eeffaffc7232c0ae1134fe04e14ae4fb48d8c upstream. + +Currently, for ARM kernels with CONFIG_ARM_LPAE and +CONFIG_STRICT_KERNEL_RWX enabled, the 2MiB pages mapping the +kernel code and rodata are writable. They are marked read-only in +a software bit (L_PMD_SECT_RDONLY) but the hardware read-only bit +is not set (PMD_SECT_AP2). + +For user mappings, the logic that propagates the software bit +to the hardware bit is in set_pmd_at(); but for the kernel, +section_update() writes the PMDs directly, skipping this logic. + +The fix is to set PMD_SECT_AP2 for read-only sections in +section_update(), at the same time as L_PMD_SECT_RDONLY. + +Fixes: 1e3479225acb ("ARM: 8275/1: mm: fix PMD_SECT_RDONLY undeclared compile error") +Signed-off-by: Philip Derrin +Reported-by: Neil Dick +Tested-by: Neil Dick +Tested-by: Laura Abbott +Reviewed-by: Kees Cook +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mm/init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm/mm/init.c ++++ b/arch/arm/mm/init.c +@@ -639,8 +639,8 @@ static struct section_perm ro_perms[] = + .start = (unsigned long)_stext, + .end = (unsigned long)__init_begin, + #ifdef CONFIG_ARM_LPAE +- .mask = ~L_PMD_SECT_RDONLY, +- .prot = L_PMD_SECT_RDONLY, ++ .mask = ~(L_PMD_SECT_RDONLY | PMD_SECT_AP2), ++ .prot = L_PMD_SECT_RDONLY | PMD_SECT_AP2, + #else + .mask = ~(PMD_SECT_APX | PMD_SECT_AP_WRITE), + .prot = PMD_SECT_APX | PMD_SECT_AP_WRITE, diff --git a/queue-4.14/arm64-implement-arch-specific-pte_access_permitted.patch b/queue-4.14/arm64-implement-arch-specific-pte_access_permitted.patch new file mode 100644 index 00000000000..5c2abc55f17 --- /dev/null +++ b/queue-4.14/arm64-implement-arch-specific-pte_access_permitted.patch @@ -0,0 +1,59 @@ +From 6218f96c58dbf44a06aeaf767aab1f54fc397838 Mon Sep 17 00:00:00 2001 +From: Catalin Marinas +Date: Thu, 26 Oct 2017 18:36:47 +0100 +Subject: arm64: Implement arch-specific pte_access_permitted() + +From: Catalin Marinas + +commit 6218f96c58dbf44a06aeaf767aab1f54fc397838 upstream. + +The generic pte_access_permitted() implementation only checks for +pte_present() (together with the write permission where applicable). +However, for both kernel ptes and PROT_NONE mappings pte_present() also +returns true on arm64 even though such mappings are not user accessible. +Additionally, arm64 now supports execute-only user permission +(PROT_EXEC) which is implemented by clearing the PTE_USER bit. + +With this patch the arm64 implementation of pte_access_permitted() +checks for the PTE_VALID and PTE_USER bits together with writable access +if applicable. + +Reported-by: Al Viro +Signed-off-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/pgtable.h | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/arch/arm64/include/asm/pgtable.h ++++ b/arch/arm64/include/asm/pgtable.h +@@ -98,6 +98,8 @@ extern unsigned long empty_zero_page[PAG + ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == (PTE_VALID | PTE_UXN)) + #define pte_valid_young(pte) \ + ((pte_val(pte) & (PTE_VALID | PTE_AF)) == (PTE_VALID | PTE_AF)) ++#define pte_valid_user(pte) \ ++ ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) + + /* + * Could the pte be present in the TLB? We must check mm_tlb_flush_pending +@@ -107,6 +109,18 @@ extern unsigned long empty_zero_page[PAG + #define pte_accessible(mm, pte) \ + (mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid_young(pte)) + ++/* ++ * p??_access_permitted() is true for valid user mappings (subject to the ++ * write permission check) other than user execute-only which do not have the ++ * PTE_USER bit set. PROT_NONE mappings do not have the PTE_VALID bit set. ++ */ ++#define pte_access_permitted(pte, write) \ ++ (pte_valid_user(pte) && (!(write) || pte_write(pte))) ++#define pmd_access_permitted(pmd, write) \ ++ (pte_access_permitted(pmd_pte(pmd), (write))) ++#define pud_access_permitted(pud, write) \ ++ (pte_access_permitted(pud_pte(pud), (write))) ++ + static inline pte_t clear_pte_bit(pte_t pte, pgprot_t prot) + { + pte_val(pte) &= ~pgprot_val(prot); diff --git a/queue-4.14/mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch b/queue-4.14/mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch new file mode 100644 index 00000000000..a3d7614204c --- /dev/null +++ b/queue-4.14/mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch @@ -0,0 +1,57 @@ +From a3f143106596d739e7fbc4b84c96b1475247d876 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Wed, 4 Oct 2017 03:46:14 +0100 +Subject: MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP + +From: Ben Hutchings + +commit a3f143106596d739e7fbc4b84c96b1475247d876 upstream. + +__cmpxchg64_local_generic() is atomic only w.r.t tasks and interrupts +on the same CPU (that's what the 'local' means). We can't use it to +implement cmpxchg64() in SMP configurations. + +So, for 32-bit SMP configurations: + +- Don't define cmpxchg64() +- Don't enable HAVE_VIRT_CPU_ACCOUNTING_GEN, which requires it + +Fixes: e2093c7b03c1 ("MIPS: Fall back to generic implementation of ...") +Fixes: bb877e96bea1 ("MIPS: Add support for full dynticks CPU time accounting") +Signed-off-by: Ben Hutchings +Cc: Ralf Baechle +Cc: Deng-Cheng Zhu +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/17413/ +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/Kconfig | 2 +- + arch/mips/include/asm/cmpxchg.h | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -65,7 +65,7 @@ config MIPS + select HAVE_PERF_EVENTS + select HAVE_REGS_AND_STACK_ACCESS_API + select HAVE_SYSCALL_TRACEPOINTS +- select HAVE_VIRT_CPU_ACCOUNTING_GEN ++ select HAVE_VIRT_CPU_ACCOUNTING_GEN if 64BIT || !SMP + select IRQ_FORCED_THREADING + select MODULES_USE_ELF_RELA if MODULES && 64BIT + select MODULES_USE_ELF_REL if MODULES +--- a/arch/mips/include/asm/cmpxchg.h ++++ b/arch/mips/include/asm/cmpxchg.h +@@ -204,8 +204,10 @@ static inline unsigned long __cmpxchg(vo + #else + #include + #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n)) ++#ifndef CONFIG_SMP + #define cmpxchg64(ptr, o, n) cmpxchg64_local((ptr), (o), (n)) + #endif ++#endif + + #undef __scbeqz + diff --git a/queue-4.14/mips-ralink-fix-mt7628-pinmux.patch b/queue-4.14/mips-ralink-fix-mt7628-pinmux.patch new file mode 100644 index 00000000000..15d089d3455 --- /dev/null +++ b/queue-4.14/mips-ralink-fix-mt7628-pinmux.patch @@ -0,0 +1,38 @@ +From 8ef4b43cd3794d63052d85898e42424fd3b14d24 Mon Sep 17 00:00:00 2001 +From: Mathias Kresin +Date: Thu, 11 May 2017 08:11:14 +0200 +Subject: MIPS: ralink: Fix MT7628 pinmux + +From: Mathias Kresin + +commit 8ef4b43cd3794d63052d85898e42424fd3b14d24 upstream. + +According to the datasheet the REFCLK pin is shared with GPIO#37 and +the PERST pin is shared with GPIO#36. + +Fixes: 53263a1c6852 ("MIPS: ralink: add mt7628an support") +Signed-off-by: Mathias Kresin +Acked-by: John Crispin +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/16046/ +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/ralink/mt7620.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/mips/ralink/mt7620.c ++++ b/arch/mips/ralink/mt7620.c +@@ -145,8 +145,8 @@ static struct rt2880_pmx_func i2c_grp_mt + FUNC("i2c", 0, 4, 2), + }; + +-static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("reclk", 0, 36, 1) }; +-static struct rt2880_pmx_func perst_grp_mt7628[] = { FUNC("perst", 0, 37, 1) }; ++static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("reclk", 0, 37, 1) }; ++static struct rt2880_pmx_func perst_grp_mt7628[] = { FUNC("perst", 0, 36, 1) }; + static struct rt2880_pmx_func wdt_grp_mt7628[] = { FUNC("wdt", 0, 38, 1) }; + static struct rt2880_pmx_func spi_grp_mt7628[] = { FUNC("spi", 0, 7, 4) }; + diff --git a/queue-4.14/mips-ralink-fix-typo-in-mt7628-pinmux-function.patch b/queue-4.14/mips-ralink-fix-typo-in-mt7628-pinmux-function.patch new file mode 100644 index 00000000000..898254d1818 --- /dev/null +++ b/queue-4.14/mips-ralink-fix-typo-in-mt7628-pinmux-function.patch @@ -0,0 +1,36 @@ +From 05a67cc258e75ac9758e6f13d26337b8be51162a Mon Sep 17 00:00:00 2001 +From: Mathias Kresin +Date: Thu, 11 May 2017 08:11:15 +0200 +Subject: MIPS: ralink: Fix typo in mt7628 pinmux function + +From: Mathias Kresin + +commit 05a67cc258e75ac9758e6f13d26337b8be51162a upstream. + +There is a typo inside the pinmux setup code. The function is called +refclk and not reclk. + +Fixes: 53263a1c6852 ("MIPS: ralink: add mt7628an support") +Signed-off-by: Mathias Kresin +Acked-by: John Crispin +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/16047/ +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/ralink/mt7620.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/ralink/mt7620.c ++++ b/arch/mips/ralink/mt7620.c +@@ -145,7 +145,7 @@ static struct rt2880_pmx_func i2c_grp_mt + FUNC("i2c", 0, 4, 2), + }; + +-static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("reclk", 0, 37, 1) }; ++static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("refclk", 0, 37, 1) }; + static struct rt2880_pmx_func perst_grp_mt7628[] = { FUNC("perst", 0, 36, 1) }; + static struct rt2880_pmx_func wdt_grp_mt7628[] = { FUNC("wdt", 0, 38, 1) }; + static struct rt2880_pmx_func spi_grp_mt7628[] = { FUNC("spi", 0, 7, 4) }; diff --git a/queue-4.14/perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch b/queue-4.14/perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch new file mode 100644 index 00000000000..c2df5a89e13 --- /dev/null +++ b/queue-4.14/perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch @@ -0,0 +1,105 @@ +From 58ba4d5a25579e5c7e312bd359c95f3a9a0a242c Mon Sep 17 00:00:00 2001 +From: Andi Kleen +Date: Wed, 8 Nov 2017 16:07:18 -0800 +Subject: perf/x86/intel: Hide TSX events when RTM is not supported + +From: Andi Kleen + +commit 58ba4d5a25579e5c7e312bd359c95f3a9a0a242c upstream. + +0day testing reported a perf test regression on Haswell systems without +RTM. Commit a5df70c35 hides the in_tx/in_tx_cp attributes when RTM is not +available, but the TSX events are still available in sysfs. Due to the +missing attributes the event parser fails on those files. + +Don't show the TSX events in sysfs when RTM is not available on +Haswell/Broadwell/Skylake. + +Fixes: a5df70c354c2 (perf/x86: Only show format attributes when supported) +Reported-by: kernel test robot +Tested-by: Jin Yao +Signed-off-by: Andi Kleen +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra +Link: https://lkml.kernel.org/r/20171109000718.14137-1-andi@firstfloor.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/events/intel/core.c | 35 +++++++++++++++++++++++------------ + 1 file changed, 23 insertions(+), 12 deletions(-) + +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -3730,6 +3730,19 @@ EVENT_ATTR_STR(cycles-t, cycles_t, "even + EVENT_ATTR_STR(cycles-ct, cycles_ct, "event=0x3c,in_tx=1,in_tx_cp=1"); + + static struct attribute *hsw_events_attrs[] = { ++ EVENT_PTR(mem_ld_hsw), ++ EVENT_PTR(mem_st_hsw), ++ EVENT_PTR(td_slots_issued), ++ EVENT_PTR(td_slots_retired), ++ EVENT_PTR(td_fetch_bubbles), ++ EVENT_PTR(td_total_slots), ++ EVENT_PTR(td_total_slots_scale), ++ EVENT_PTR(td_recovery_bubbles), ++ EVENT_PTR(td_recovery_bubbles_scale), ++ NULL ++}; ++ ++static struct attribute *hsw_tsx_events_attrs[] = { + EVENT_PTR(tx_start), + EVENT_PTR(tx_commit), + EVENT_PTR(tx_abort), +@@ -3742,18 +3755,16 @@ static struct attribute *hsw_events_attr + EVENT_PTR(el_conflict), + EVENT_PTR(cycles_t), + EVENT_PTR(cycles_ct), +- EVENT_PTR(mem_ld_hsw), +- EVENT_PTR(mem_st_hsw), +- EVENT_PTR(td_slots_issued), +- EVENT_PTR(td_slots_retired), +- EVENT_PTR(td_fetch_bubbles), +- EVENT_PTR(td_total_slots), +- EVENT_PTR(td_total_slots_scale), +- EVENT_PTR(td_recovery_bubbles), +- EVENT_PTR(td_recovery_bubbles_scale), + NULL + }; + ++static __init struct attribute **get_hsw_events_attrs(void) ++{ ++ return boot_cpu_has(X86_FEATURE_RTM) ? ++ merge_attr(hsw_events_attrs, hsw_tsx_events_attrs) : ++ hsw_events_attrs; ++} ++ + static ssize_t freeze_on_smi_show(struct device *cdev, + struct device_attribute *attr, + char *buf) +@@ -4182,7 +4193,7 @@ __init int intel_pmu_init(void) + + x86_pmu.hw_config = hsw_hw_config; + x86_pmu.get_event_constraints = hsw_get_event_constraints; +- x86_pmu.cpu_events = hsw_events_attrs; ++ x86_pmu.cpu_events = get_hsw_events_attrs(); + x86_pmu.lbr_double_abort = true; + extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? + hsw_format_attr : nhm_format_attr; +@@ -4221,7 +4232,7 @@ __init int intel_pmu_init(void) + + x86_pmu.hw_config = hsw_hw_config; + x86_pmu.get_event_constraints = hsw_get_event_constraints; +- x86_pmu.cpu_events = hsw_events_attrs; ++ x86_pmu.cpu_events = get_hsw_events_attrs(); + x86_pmu.limit_period = bdw_limit_period; + extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? + hsw_format_attr : nhm_format_attr; +@@ -4279,7 +4290,7 @@ __init int intel_pmu_init(void) + extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? + hsw_format_attr : nhm_format_attr; + extra_attr = merge_attr(extra_attr, skl_format_attr); +- x86_pmu.cpu_events = hsw_events_attrs; ++ x86_pmu.cpu_events = get_hsw_events_attrs(); + intel_pmu_pebs_data_source_skl( + boot_cpu_data.x86_model == INTEL_FAM6_SKYLAKE_X); + pr_cont("Skylake events, "); diff --git a/queue-4.14/series b/queue-4.14/series index 2516bc4ba4b..ebb09486007 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -10,3 +10,16 @@ cpufreq-schedutil-reset-cached_raw_freq-when-not-in-sync-with-next_freq.patch serdev-fix-registration-of-second-slave.patch sched-make-resched_cpu-unconditional.patch lib-mpi-call-cond_resched-from-mpi_powm-loop.patch +x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch +x86-decoder-add-new-test-instruction-pattern.patch +x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch +x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch +perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch +arm64-implement-arch-specific-pte_access_permitted.patch +arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch +arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch +uapi-fix-linux-tls.h-userspace-compilation-error.patch +uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch +mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch +mips-ralink-fix-mt7628-pinmux.patch +mips-ralink-fix-typo-in-mt7628-pinmux-function.patch diff --git a/queue-4.14/uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch b/queue-4.14/uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch new file mode 100644 index 00000000000..771d81e5bc3 --- /dev/null +++ b/queue-4.14/uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch @@ -0,0 +1,57 @@ +From 0eef304bc9f7d079a1165e8cd2f24b078e9e1f2a Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Mon, 13 Nov 2017 03:37:06 +0300 +Subject: uapi: fix linux/rxrpc.h userspace compilation errors + +From: Dmitry V. Levin + +commit 0eef304bc9f7d079a1165e8cd2f24b078e9e1f2a upstream. + +Consistently use types provided by to fix the following +linux/rxrpc.h userspace compilation errors: + +/usr/include/linux/rxrpc.h:24:2: error: unknown type name 'u16' + u16 srx_service; /* service desired */ +/usr/include/linux/rxrpc.h:25:2: error: unknown type name 'u16' + u16 transport_type; /* type of transport socket (SOCK_DGRAM) */ +/usr/include/linux/rxrpc.h:26:2: error: unknown type name 'u16' + u16 transport_len; /* length of transport address */ + +Use __kernel_sa_family_t instead of sa_family_t the same way +as uapi/linux/in.h does, to fix the following +linux/rxrpc.h userspace compilation errors: + +/usr/include/linux/rxrpc.h:23:2: error: unknown type name 'sa_family_t' + sa_family_t srx_family; /* address family */ +/usr/include/linux/rxrpc.h:28:3: error: unknown type name 'sa_family_t' + sa_family_t family; /* transport address family */ + +Fixes: 727f8914477e ("rxrpc: Expose UAPI definitions to userspace") +Signed-off-by: Dmitry V. Levin +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + include/uapi/linux/rxrpc.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/include/uapi/linux/rxrpc.h ++++ b/include/uapi/linux/rxrpc.h +@@ -20,12 +20,12 @@ + * RxRPC socket address + */ + struct sockaddr_rxrpc { +- sa_family_t srx_family; /* address family */ +- u16 srx_service; /* service desired */ +- u16 transport_type; /* type of transport socket (SOCK_DGRAM) */ +- u16 transport_len; /* length of transport address */ ++ __kernel_sa_family_t srx_family; /* address family */ ++ __u16 srx_service; /* service desired */ ++ __u16 transport_type; /* type of transport socket (SOCK_DGRAM) */ ++ __u16 transport_len; /* length of transport address */ + union { +- sa_family_t family; /* transport address family */ ++ __kernel_sa_family_t family; /* transport address family */ + struct sockaddr_in sin; /* IPv4 transport address */ + struct sockaddr_in6 sin6; /* IPv6 transport address */ + } transport; diff --git a/queue-4.14/uapi-fix-linux-tls.h-userspace-compilation-error.patch b/queue-4.14/uapi-fix-linux-tls.h-userspace-compilation-error.patch new file mode 100644 index 00000000000..b913fd9f8d8 --- /dev/null +++ b/queue-4.14/uapi-fix-linux-tls.h-userspace-compilation-error.patch @@ -0,0 +1,55 @@ +From b9f3eb499d84f8d4adcb2f9212ec655700b28228 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Tue, 14 Nov 2017 06:30:11 +0300 +Subject: uapi: fix linux/tls.h userspace compilation error + +From: Dmitry V. Levin + +commit b9f3eb499d84f8d4adcb2f9212ec655700b28228 upstream. + +Move inclusion of a private kernel header +from uapi/linux/tls.h to its only user - net/tls.h, +to fix the following linux/tls.h userspace compilation error: + +/usr/include/linux/tls.h:41:21: fatal error: net/tcp.h: No such file or directory + +As to this point uapi/linux/tls.h was totaly unusuable for userspace, +cleanup this header file further by moving other redundant includes +to net/tls.h. + +Fixes: 3c4d7559159b ("tls: kernel TLS support") +Signed-off-by: Dmitry V. Levin +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/tls.h | 4 ++++ + include/uapi/linux/tls.h | 4 ---- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/include/net/tls.h ++++ b/include/net/tls.h +@@ -35,6 +35,10 @@ + #define _TLS_OFFLOAD_H + + #include ++#include ++#include ++#include ++#include + + #include + +--- a/include/uapi/linux/tls.h ++++ b/include/uapi/linux/tls.h +@@ -35,10 +35,6 @@ + #define _UAPI_LINUX_TLS_H + + #include +-#include +-#include +-#include +-#include + + /* TLS socket options */ + #define TLS_TX 1 /* Set transmit parameters */ diff --git a/queue-4.14/x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch b/queue-4.14/x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch new file mode 100644 index 00000000000..a61d79e9da2 --- /dev/null +++ b/queue-4.14/x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch @@ -0,0 +1,69 @@ +From ac5292e9a294618cecb31109d1ba265e3d027ba2 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 6 Nov 2017 14:17:53 -0600 +Subject: x86/boot: Fix boot failure when SMP MP-table is based at 0 + +From: Tom Lendacky + +commit ac5292e9a294618cecb31109d1ba265e3d027ba2 upstream. + +When crosvm is used to boot a kernel as a VM, the SMP MP-table is found +at physical address 0x0. This causes mpf_base to be set to 0 and a +subsequent "if (!mpf_base)" check in default_get_smp_config() results in +the MP-table not being parsed. Further into the boot this results in an +oops when attempting a read_apic_id(). + +Add a boolean variable that is set to true when the MP-table is found. +Use this variable for testing if the MP-table was found so that even a +value of 0 for mpf_base will result in continued parsing of the MP-table. + +Fixes: 5997efb96756 ("x86/boot: Use memremap() to map the MPF and MPC data") +Reported-by: Tomeu Vizoso +Signed-off-by: Tom Lendacky +Signed-off-by: Thomas Gleixner +Cc: Peter Zijlstra +Cc: Borislav Petkov +Cc: regression@leemhuis.info +Link: https://lkml.kernel.org/r/20171106201753.23059.86674.stgit@tlendack-t1.amdoffice.net +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/mpparse.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/x86/kernel/mpparse.c ++++ b/arch/x86/kernel/mpparse.c +@@ -431,6 +431,7 @@ static inline void __init construct_defa + } + + static unsigned long mpf_base; ++static bool mpf_found; + + static unsigned long __init get_mpc_size(unsigned long physptr) + { +@@ -504,7 +505,7 @@ void __init default_get_smp_config(unsig + if (!smp_found_config) + return; + +- if (!mpf_base) ++ if (!mpf_found) + return; + + if (acpi_lapic && early) +@@ -593,6 +594,7 @@ static int __init smp_scan_config(unsign + smp_found_config = 1; + #endif + mpf_base = base; ++ mpf_found = true; + + pr_info("found SMP MP-table at [mem %#010lx-%#010lx] mapped at [%p]\n", + base, base + sizeof(*mpf) - 1, mpf); +@@ -858,7 +860,7 @@ static int __init update_mp_table(void) + if (!enable_update_mptable) + return 0; + +- if (!mpf_base) ++ if (!mpf_found) + return 0; + + mpf = early_memremap(mpf_base, sizeof(*mpf)); diff --git a/queue-4.14/x86-decoder-add-new-test-instruction-pattern.patch b/queue-4.14/x86-decoder-add-new-test-instruction-pattern.patch new file mode 100644 index 00000000000..c97946e71da --- /dev/null +++ b/queue-4.14/x86-decoder-add-new-test-instruction-pattern.patch @@ -0,0 +1,58 @@ +From 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Fri, 24 Nov 2017 13:56:30 +0900 +Subject: x86/decoder: Add new TEST instruction pattern + +From: Masami Hiramatsu + +commit 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df upstream. + +The kbuild test robot reported this build warning: + + Warning: arch/x86/tools/test_get_len found difference at :ffffffff8103dd2c + + Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx) + Warning: objdump says 3 bytes, but insn_get_length() says 2 + Warning: decoded and checked 1569014 instructions with 1 warnings + +This sequence seems to be a new instruction not in the opcode map in the Intel SDM. + +The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8. +Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of +the ModR/M Byte (bits 2,1,0 in parenthesis)" + +In that table, opcodes listed by the index REG bits as: + + 000 001 010 011 100 101 110 111 + TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX + +So, it seems TEST Ib is assigned to 001. + +Add the new pattern. + +Reported-by: kbuild test robot +Signed-off-by: Masami Hiramatsu +Cc: Greg Kroah-Hartman +Cc: H. Peter Anvin +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/lib/x86-opcode-map.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/lib/x86-opcode-map.txt ++++ b/arch/x86/lib/x86-opcode-map.txt +@@ -896,7 +896,7 @@ EndTable + + GrpTable: Grp3_1 + 0: TEST Eb,Ib +-1: ++1: TEST Eb,Ib + 2: NOT Eb + 3: NEG Eb + 4: MUL AL,Eb diff --git a/queue-4.14/x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch b/queue-4.14/x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch new file mode 100644 index 00000000000..1ec9afd9a25 --- /dev/null +++ b/queue-4.14/x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch @@ -0,0 +1,95 @@ +From ca37e57bbe0cf1455ea3e84eb89ed04a132d59e1 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Wed, 22 Nov 2017 20:39:16 -0800 +Subject: x86/entry/64: Add missing irqflags tracing to native_load_gs_index() + +From: Andy Lutomirski + +commit ca37e57bbe0cf1455ea3e84eb89ed04a132d59e1 upstream. + +Running this code with IRQs enabled (where dummy_lock is a spinlock): + +static void check_load_gs_index(void) +{ + /* This will fail. */ + load_gs_index(0xffff); + + spin_lock(&dummy_lock); + spin_unlock(&dummy_lock); +} + +Will generate a lockdep warning. The issue is that the actual write +to %gs would cause an exception with IRQs disabled, and the exception +handler would, as an inadvertent side effect, update irqflag tracing +to reflect the IRQs-off status. native_load_gs_index() would then +turn IRQs back on and return with irqflag tracing still thinking that +IRQs were off. The dummy lock-and-unlock causes lockdep to notice the +error and warn. + +Fix it by adding the missing tracing. + +Apparently nothing did this in a context where it mattered. I haven't +tried to find a code path that would actually exhibit the warning if +appropriately nasty user code were running. + +I suspect that the security impact of this bug is very, very low -- +production systems don't run with lockdep enabled, and the warning is +mostly harmless anyway. + +Found during a quick audit of the entry code to try to track down an +unrelated bug that Ingo found in some still-in-development code. + +Signed-off-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Dave Hansen +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/e1aeb0e6ba8dd430ec36c8a35e63b429698b4132.1511411918.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/entry/entry_64.S | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -51,15 +51,19 @@ ENTRY(native_usergs_sysret64) + END(native_usergs_sysret64) + #endif /* CONFIG_PARAVIRT */ + +-.macro TRACE_IRQS_IRETQ ++.macro TRACE_IRQS_FLAGS flags:req + #ifdef CONFIG_TRACE_IRQFLAGS +- bt $9, EFLAGS(%rsp) /* interrupts off? */ ++ bt $9, \flags /* interrupts off? */ + jnc 1f + TRACE_IRQS_ON + 1: + #endif + .endm + ++.macro TRACE_IRQS_IRETQ ++ TRACE_IRQS_FLAGS EFLAGS(%rsp) ++.endm ++ + /* + * When dynamic function tracer is enabled it will add a breakpoint + * to all locations that it is about to modify, sync CPUs, update +@@ -923,11 +927,13 @@ ENTRY(native_load_gs_index) + FRAME_BEGIN + pushfq + DISABLE_INTERRUPTS(CLBR_ANY & ~CLBR_RDI) ++ TRACE_IRQS_OFF + SWAPGS + .Lgs_change: + movl %edi, %gs + 2: ALTERNATIVE "", "mfence", X86_BUG_SWAPGS_FENCE + SWAPGS ++ TRACE_IRQS_FLAGS (%rsp) + popfq + FRAME_END + ret diff --git a/queue-4.14/x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch b/queue-4.14/x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch new file mode 100644 index 00000000000..0bd597a0885 --- /dev/null +++ b/queue-4.14/x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch @@ -0,0 +1,61 @@ +From 548c3050ea8d16997ae27f9e080a8338a606fc93 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Tue, 21 Nov 2017 20:43:56 -0800 +Subject: x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing + +From: Andy Lutomirski + +commit 548c3050ea8d16997ae27f9e080a8338a606fc93 upstream. + +When I added entry_SYSCALL_64_after_hwframe(), I left TRACE_IRQS_OFF +before it. This means that users of entry_SYSCALL_64_after_hwframe() +were responsible for invoking TRACE_IRQS_OFF, and the one and only +user (Xen, added in the same commit) got it wrong. + +I think this would manifest as a warning if a Xen PV guest with +CONFIG_DEBUG_LOCKDEP=y were used with context tracking. (The +context tracking bit is to cause lockdep to get invoked before we +turn IRQs back on.) I haven't tested that for real yet because I +can't get a kernel configured like that to boot at all on Xen PV. + +Move TRACE_IRQS_OFF below the label. + +Signed-off-by: Andy Lutomirski +Cc: Boris Ostrovsky +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Dave Hansen +Cc: Josh Poimboeuf +Cc: Juergen Gross +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 8a9949bc71a7 ("x86/xen/64: Rearrange the SYSCALL entries") +Link: http://lkml.kernel.org/r/9150aac013b7b95d62c2336751d5b6e91d2722aa.1511325444.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/entry/entry_64.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -148,8 +148,6 @@ ENTRY(entry_SYSCALL_64) + movq %rsp, PER_CPU_VAR(rsp_scratch) + movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp + +- TRACE_IRQS_OFF +- + /* Construct struct pt_regs on stack */ + pushq $__USER_DS /* pt_regs->ss */ + pushq PER_CPU_VAR(rsp_scratch) /* pt_regs->sp */ +@@ -170,6 +168,8 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) + sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not saved */ + UNWIND_HINT_REGS extra=0 + ++ TRACE_IRQS_OFF ++ + /* + * If we need to do entry work or if we guess we'll need to do + * exit work, go straight to the slow path. -- 2.47.3