From 976ba9645c0579d849363033180bf2b4f47a542c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 24 May 2021 14:50:37 +0200 Subject: [PATCH] 5.10-stable patches added patches: rtc-pcf85063-fallback-to-parent-of_node.patch x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch --- ...-pcf85063-fallback-to-parent-of_node.patch | 56 ++++++++ queue-5.10/series | 2 + ...v-encryption-in-the-32-bit-boot-path.patch | 134 ++++++++++++++++++ 3 files changed, 192 insertions(+) create mode 100644 queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch create mode 100644 queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch diff --git a/queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch b/queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch new file mode 100644 index 00000000000..9b0bbd97935 --- /dev/null +++ b/queue-5.10/rtc-pcf85063-fallback-to-parent-of_node.patch @@ -0,0 +1,56 @@ +From 03531606ef4cda25b629f500d1ffb6173b805c05 Mon Sep 17 00:00:00 2001 +From: Francois Gervais +Date: Wed, 10 Mar 2021 16:10:26 -0500 +Subject: rtc: pcf85063: fallback to parent of_node + +From: Francois Gervais + +commit 03531606ef4cda25b629f500d1ffb6173b805c05 upstream. + +The rtc device node is always NULL. + +Since v5.12-rc1-dontuse/3c9ea42802a1fbf7ef29660ff8c6e526c58114f6 this +will lead to a NULL pointer dereference. + +To fix this use the parent node which is the i2c client node as set by +devm_rtc_allocate_device(). + +Using the i2c client node seems to be what other similar drivers do +e.g. rtc-pcf8563.c. + +Signed-off-by: Francois Gervais +Signed-off-by: Alexandre Belloni +Link: https://lore.kernel.org/r/20210310211026.27299-1-fgervais@distech-controls.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/rtc/rtc-pcf85063.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/rtc/rtc-pcf85063.c ++++ b/drivers/rtc/rtc-pcf85063.c +@@ -486,6 +486,7 @@ static struct clk *pcf85063_clkout_regis + { + struct clk *clk; + struct clk_init_data init; ++ struct device_node *node = pcf85063->rtc->dev.parent->of_node; + + init.name = "pcf85063-clkout"; + init.ops = &pcf85063_clkout_ops; +@@ -495,15 +496,13 @@ static struct clk *pcf85063_clkout_regis + pcf85063->clkout_hw.init = &init; + + /* optional override of the clockname */ +- of_property_read_string(pcf85063->rtc->dev.of_node, +- "clock-output-names", &init.name); ++ of_property_read_string(node, "clock-output-names", &init.name); + + /* register the clock */ + clk = devm_clk_register(&pcf85063->rtc->dev, &pcf85063->clkout_hw); + + if (!IS_ERR(clk)) +- of_clk_add_provider(pcf85063->rtc->dev.of_node, +- of_clk_src_simple_get, clk); ++ of_clk_add_provider(node, of_clk_src_simple_get, clk); + + return clk; + } diff --git a/queue-5.10/series b/queue-5.10/series index 4a227683989..48f3e252815 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -100,3 +100,5 @@ drm-i915-gt-disable-hiz-raw-stall-optimization-on-broken-gen7.patch openrisc-mm-init.c-remove-unused-memblock_region-variable-in-map_ram.patch x86-xen-swap-nx-determination-and-gdt-setup-on-bsp.patch nvme-multipath-fix-double-initialization-of-ana-state.patch +rtc-pcf85063-fallback-to-parent-of_node.patch +x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch diff --git a/queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch b/queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch new file mode 100644 index 00000000000..67a950c2970 --- /dev/null +++ b/queue-5.10/x86-boot-compressed-64-check-sev-encryption-in-the-32-bit-boot-path.patch @@ -0,0 +1,134 @@ +From fef81c86262879d4b1176ef51a834c15b805ebb9 Mon Sep 17 00:00:00 2001 +From: Joerg Roedel +Date: Fri, 12 Mar 2021 13:38:23 +0100 +Subject: x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path + +From: Joerg Roedel + +commit fef81c86262879d4b1176ef51a834c15b805ebb9 upstream. + +Check whether the hypervisor reported the correct C-bit when running +as an SEV guest. Using a wrong C-bit position could be used to leak +sensitive data from the guest to the hypervisor. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/boot/compressed/head_64.S | 85 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 85 insertions(+) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32) + */ + call get_sev_encryption_bit + xorl %edx, %edx ++#ifdef CONFIG_AMD_MEM_ENCRYPT + testl %eax, %eax + jz 1f + subl $32, %eax /* Encryption bit is always above bit 31 */ + bts %eax, %edx /* Set encryption mask for page tables */ ++ /* ++ * Mark SEV as active in sev_status so that startup32_check_sev_cbit() ++ * will do a check. The sev_status memory will be fully initialized ++ * with the contents of MSR_AMD_SEV_STATUS later in ++ * set_sev_encryption_mask(). For now it is sufficient to know that SEV ++ * is active. ++ */ ++ movl $1, rva(sev_status)(%ebp) + 1: ++#endif + + /* Initialize Page tables to 0 */ + leal rva(pgtable)(%ebx), %edi +@@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32) + movl %esi, %edx + 1: + #endif ++ /* Check if the C-bit position is correct when SEV is active */ ++ call startup32_check_sev_cbit ++ + pushl $__KERNEL_CS + pushl %eax + +@@ -787,6 +800,78 @@ SYM_DATA_END(loaded_image_proto) + #endif + + /* ++ * Check for the correct C-bit position when the startup_32 boot-path is used. ++ * ++ * The check makes use of the fact that all memory is encrypted when paging is ++ * disabled. The function creates 64 bits of random data using the RDRAND ++ * instruction. RDRAND is mandatory for SEV guests, so always available. If the ++ * hypervisor violates that the kernel will crash right here. ++ * ++ * The 64 bits of random data are stored to a memory location and at the same ++ * time kept in the %eax and %ebx registers. Since encryption is always active ++ * when paging is off the random data will be stored encrypted in main memory. ++ * ++ * Then paging is enabled. When the C-bit position is correct all memory is ++ * still mapped encrypted and comparing the register values with memory will ++ * succeed. An incorrect C-bit position will map all memory unencrypted, so that ++ * the compare will use the encrypted random data and fail. ++ */ ++ __HEAD ++ .code32 ++SYM_FUNC_START(startup32_check_sev_cbit) ++#ifdef CONFIG_AMD_MEM_ENCRYPT ++ pushl %eax ++ pushl %ebx ++ pushl %ecx ++ pushl %edx ++ ++ /* Check for non-zero sev_status */ ++ movl rva(sev_status)(%ebp), %eax ++ testl %eax, %eax ++ jz 4f ++ ++ /* ++ * Get two 32-bit random values - Don't bail out if RDRAND fails ++ * because it is better to prevent forward progress if no random value ++ * can be gathered. ++ */ ++1: rdrand %eax ++ jnc 1b ++2: rdrand %ebx ++ jnc 2b ++ ++ /* Store to memory and keep it in the registers */ ++ movl %eax, rva(sev_check_data)(%ebp) ++ movl %ebx, rva(sev_check_data+4)(%ebp) ++ ++ /* Enable paging to see if encryption is active */ ++ movl %cr0, %edx /* Backup %cr0 in %edx */ ++ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */ ++ movl %ecx, %cr0 ++ ++ cmpl %eax, rva(sev_check_data)(%ebp) ++ jne 3f ++ cmpl %ebx, rva(sev_check_data+4)(%ebp) ++ jne 3f ++ ++ movl %edx, %cr0 /* Restore previous %cr0 */ ++ ++ jmp 4f ++ ++3: /* Check failed - hlt the machine */ ++ hlt ++ jmp 3b ++ ++4: ++ popl %edx ++ popl %ecx ++ popl %ebx ++ popl %eax ++#endif ++ ret ++SYM_FUNC_END(startup32_check_sev_cbit) ++ ++/* + * Stack and heap for uncompression + */ + .bss -- 2.47.3