From 97d1a3827fdd29ffad089f9c8277827815f90069 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 14 May 2025 11:50:00 +0200 Subject: [PATCH] 6.1-stable patches added patches: x86-alternative-optimize-returns-patching.patch x86-alternatives-remove-faulty-optimization.patch x86-its-fix-build-errors-when-config_modules-n.patch --- queue-6.1/series | 3 + ...lternative-optimize-returns-patching.patch | 58 +++++++++++++++ ...ernatives-remove-faulty-optimization.patch | 50 +++++++++++++ ...x-build-errors-when-config_modules-n.patch | 70 +++++++++++++++++++ 4 files changed, 181 insertions(+) create mode 100644 queue-6.1/x86-alternative-optimize-returns-patching.patch create mode 100644 queue-6.1/x86-alternatives-remove-faulty-optimization.patch create mode 100644 queue-6.1/x86-its-fix-build-errors-when-config_modules-n.patch diff --git a/queue-6.1/series b/queue-6.1/series index 55173230f0..6731db2f89 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -90,3 +90,6 @@ x86-its-add-vmexit-option-to-skip-mitigation-on-some-cpus.patch x86-its-align-rets-in-bhb-clear-sequence-to-avoid-thunking.patch x86-ibt-keep-ibt-disabled-during-alternative-patching.patch x86-its-use-dynamic-thunks-for-indirect-branches.patch +x86-its-fix-build-errors-when-config_modules-n.patch +x86-alternative-optimize-returns-patching.patch +x86-alternatives-remove-faulty-optimization.patch diff --git a/queue-6.1/x86-alternative-optimize-returns-patching.patch b/queue-6.1/x86-alternative-optimize-returns-patching.patch new file mode 100644 index 0000000000..e642c09cae --- /dev/null +++ b/queue-6.1/x86-alternative-optimize-returns-patching.patch @@ -0,0 +1,58 @@ +From d2408e043e7296017420aa5929b3bba4d5e61013 Mon Sep 17 00:00:00 2001 +From: "Borislav Petkov (AMD)" +Date: Fri, 12 May 2023 14:05:11 +0200 +Subject: x86/alternative: Optimize returns patching + +From: Borislav Petkov (AMD) + +commit d2408e043e7296017420aa5929b3bba4d5e61013 upstream. + +Instead of decoding each instruction in the return sites range only to +realize that that return site is a jump to the default return thunk +which is needed - X86_FEATURE_RETHUNK is enabled - lift that check +before the loop and get rid of that loop overhead. + +Add comments about what gets patched, while at it. + +Signed-off-by: Borislav Petkov (AMD) +Acked-by: Peter Zijlstra (Intel) +Link: https://lore.kernel.org/r/20230512120952.7924-1-bp@alien8.de +Signed-off-by: Pawan Gupta +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/alternative.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/arch/x86/kernel/alternative.c ++++ b/arch/x86/kernel/alternative.c +@@ -775,13 +775,12 @@ static int patch_return(void *addr, stru + { + int i = 0; + ++ /* Patch the custom return thunks... */ + if (cpu_wants_rethunk_at(addr)) { +- if (x86_return_thunk == __x86_return_thunk) +- return -1; +- + i = JMP32_INSN_SIZE; + __text_gen_insn(bytes, JMP32_INSN_OPCODE, addr, x86_return_thunk, i); + } else { ++ /* ... or patch them out if not needed. */ + bytes[i++] = RET_INSN_OPCODE; + } + +@@ -794,6 +793,14 @@ void __init_or_module noinline apply_ret + { + s32 *s; + ++ /* ++ * Do not patch out the default return thunks if those needed are the ++ * ones generated by the compiler. ++ */ ++ if (cpu_feature_enabled(X86_FEATURE_RETHUNK) && ++ (x86_return_thunk == __x86_return_thunk)) ++ return; ++ + for (s = start; s < end; s++) { + void *dest = NULL, *addr = (void *)s + *s; + struct insn insn; diff --git a/queue-6.1/x86-alternatives-remove-faulty-optimization.patch b/queue-6.1/x86-alternatives-remove-faulty-optimization.patch new file mode 100644 index 0000000000..b8711679fb --- /dev/null +++ b/queue-6.1/x86-alternatives-remove-faulty-optimization.patch @@ -0,0 +1,50 @@ +From 4ba89dd6ddeca2a733bdaed7c9a5cbe4e19d9124 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Mon, 4 Sep 2023 22:04:54 -0700 +Subject: x86/alternatives: Remove faulty optimization + +From: Josh Poimboeuf + +commit 4ba89dd6ddeca2a733bdaed7c9a5cbe4e19d9124 upstream. + +The following commit + + 095b8303f383 ("x86/alternative: Make custom return thunk unconditional") + +made '__x86_return_thunk' a placeholder value. All code setting +X86_FEATURE_RETHUNK also changes the value of 'x86_return_thunk'. So +the optimization at the beginning of apply_returns() is dead code. + +Also, before the above-mentioned commit, the optimization actually had a +bug It bypassed __static_call_fixup(), causing some raw returns to +remain unpatched in static call trampolines. Thus the 'Fixes' tag. + +Fixes: d2408e043e72 ("x86/alternative: Optimize returns patching") +Signed-off-by: Josh Poimboeuf +Signed-off-by: Ingo Molnar +Signed-off-by: Borislav Petkov (AMD) +Acked-by: Borislav Petkov (AMD) +Link: https://lore.kernel.org/r/16d19d2249d4485d8380fb215ffaae81e6b8119e.1693889988.git.jpoimboe@kernel.org +Signed-off-by: Pawan Gupta +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/alternative.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/arch/x86/kernel/alternative.c ++++ b/arch/x86/kernel/alternative.c +@@ -793,14 +793,6 @@ void __init_or_module noinline apply_ret + { + s32 *s; + +- /* +- * Do not patch out the default return thunks if those needed are the +- * ones generated by the compiler. +- */ +- if (cpu_feature_enabled(X86_FEATURE_RETHUNK) && +- (x86_return_thunk == __x86_return_thunk)) +- return; +- + for (s = start; s < end; s++) { + void *dest = NULL, *addr = (void *)s + *s; + struct insn insn; diff --git a/queue-6.1/x86-its-fix-build-errors-when-config_modules-n.patch b/queue-6.1/x86-its-fix-build-errors-when-config_modules-n.patch new file mode 100644 index 0000000000..069c36965d --- /dev/null +++ b/queue-6.1/x86-its-fix-build-errors-when-config_modules-n.patch @@ -0,0 +1,70 @@ +From 9f35e33144ae5377d6a8de86dd3bd4d995c6ac65 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 12 May 2025 19:58:39 -0700 +Subject: x86/its: Fix build errors when CONFIG_MODULES=n + +From: Eric Biggers + +commit 9f35e33144ae5377d6a8de86dd3bd4d995c6ac65 upstream. + +Fix several build errors when CONFIG_MODULES=n, including the following: + +../arch/x86/kernel/alternative.c:195:25: error: incomplete definition of type 'struct module' + 195 | for (int i = 0; i < mod->its_num_pages; i++) { + +Fixes: 872df34d7c51 ("x86/its: Use dynamic thunks for indirect branches") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Acked-by: Dave Hansen +Tested-by: Steven Rostedt (Google) +Reviewed-by: Alexandre Chartre +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/alternative.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/arch/x86/kernel/alternative.c ++++ b/arch/x86/kernel/alternative.c +@@ -402,7 +402,9 @@ static int emit_indirect(int op, int reg + + #ifdef CONFIG_MITIGATION_ITS + ++#ifdef CONFIG_MODULES + static struct module *its_mod; ++#endif + static void *its_page; + static unsigned int its_offset; + +@@ -423,6 +425,7 @@ static void *its_init_thunk(void *thunk, + return thunk; + } + ++#ifdef CONFIG_MODULES + void its_init_mod(struct module *mod) + { + if (!cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) +@@ -462,6 +465,7 @@ void its_free_mod(struct module *mod) + } + kfree(mod->its_page_array); + } ++#endif /* CONFIG_MODULES */ + + DEFINE_FREE(its_execmem, void *, if (_T) module_memfree(_T)); + +@@ -472,6 +476,7 @@ static void *its_alloc(void) + if (!page) + return NULL; + ++#ifdef CONFIG_MODULES + if (its_mod) { + void *tmp = krealloc(its_mod->its_page_array, + (its_mod->its_num_pages+1) * sizeof(void *), +@@ -482,6 +487,7 @@ static void *its_alloc(void) + its_mod->its_page_array = tmp; + its_mod->its_page_array[its_mod->its_num_pages++] = page; + } ++#endif /* CONFIG_MODULES */ + + return no_free_ptr(page); + } -- 2.47.3