From 9cbdbf596bff2c0a687f4a7fde58092575b00971 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 3 Nov 2018 09:41:18 +0100 Subject: [PATCH] drop x86-power-fix-some-ordering-bugs-in-__restore_proces.patch from 4.9 and 4.14 queues --- queue-4.14/series | 1 - ...me-ordering-bugs-in-__restore_proces.patch | 128 ------------------ queue-4.9/series | 1 - ...me-ordering-bugs-in-__restore_proces.patch | 128 ------------------ 4 files changed, 258 deletions(-) delete mode 100644 queue-4.14/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch delete mode 100644 queue-4.9/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch diff --git a/queue-4.14/series b/queue-4.14/series index 90c36718b80..b12111dc23d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -50,7 +50,6 @@ ocfs2-fix-crash-in-ocfs2_duplicate_clusters_by_page.patch iwlwifi-mvm-check-for-short-gi-only-for-ofdm.patch iwlwifi-dbg-allow-wrt-collection-before-alive.patch iwlwifi-fix-the-alive-notification-layout.patch -x86-power-fix-some-ordering-bugs-in-__restore_proces.patch tools-testing-nvdimm-unit-test-clear-error-commands.patch usbip-vhci_hcd-update-status-file-header-and-format.patch scsi-aacraid-address-ubsan-warning-regression.patch diff --git a/queue-4.14/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch b/queue-4.14/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch deleted file mode 100644 index e460b8caa81..00000000000 --- a/queue-4.14/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 6d8e4b401a392f5a36b747c2763ec98aded49b36 Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski -Date: Thu, 30 Nov 2017 07:57:57 -0800 -Subject: x86/power: Fix some ordering bugs in __restore_processor_context() - -[ Upstream commit 5b06bbcfc2c621da3009da8decb7511500c293ed ] - -__restore_processor_context() had a couple of ordering bugs. It -restored GSBASE after calling load_gs_index(), and the latter can -call into tracing code. It also tried to restore segment registers -before restoring the LDT, which is straight-up wrong. - -Reorder the code so that we restore GSBASE, then the descriptor -tables, then the segments. - -This fixes two bugs. First, it fixes a regression that broke resume -under certain configurations due to irqflag tracing in -native_load_gs_index(). Second, it fixes resume when the userspace -process that initiated suspect had funny segments. The latter can be -reproduced by compiling this: - -// SPDX-License-Identifier: GPL-2.0 -/* - * ldt_echo.c - Echo argv[1] while using an LDT segment - */ - -int main(int argc, char **argv) -{ - int ret; - size_t len; - char *buf; - - const struct user_desc desc = { - .entry_number = 0, - .base_addr = 0, - .limit = 0xfffff, - .seg_32bit = 1, - .contents = 0, /* Data, grow-up */ - .read_exec_only = 0, - .limit_in_pages = 1, - .seg_not_present = 0, - .useable = 0 - }; - - if (argc != 2) - errx(1, "Usage: %s STRING", argv[0]); - - len = asprintf(&buf, "%s\n", argv[1]); - if (len < 0) - errx(1, "Out of memory"); - - ret = syscall(SYS_modify_ldt, 1, &desc, sizeof(desc)); - if (ret < -1) - errno = -ret; - if (ret) - err(1, "modify_ldt"); - - asm volatile ("movw %0, %%es" :: "rm" ((unsigned short)7)); - write(1, buf, len); - return 0; -} - -and running ldt_echo >/sys/power/mem - -Without the fix, the latter causes a triple fault on resume. - -Fixes: ca37e57bbe0c ("x86/entry/64: Add missing irqflags tracing to native_load_gs_index()") -Reported-by: Jarkko Nikula -Signed-off-by: Andy Lutomirski -Signed-off-by: Thomas Gleixner -Tested-by: Jarkko Nikula -Cc: Peter Zijlstra -Cc: Borislav Petkov -Cc: Linus Torvalds -Link: https://lkml.kernel.org/r/6b31721ea92f51ea839e79bd97ade4a75b1eeea2.1512057304.git.luto@kernel.org -Signed-off-by: Ingo Molnar -Signed-off-by: Sasha Levin ---- - arch/x86/power/cpu.c | 21 +++++++++++++++++---- - 1 file changed, 17 insertions(+), 4 deletions(-) - -diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 04d5157fe7f8..a51d2dfb57d1 100644 ---- a/arch/x86/power/cpu.c -+++ b/arch/x86/power/cpu.c -@@ -228,8 +228,20 @@ static void notrace __restore_processor_state(struct saved_context *ctxt) - load_idt((const struct desc_ptr *)&ctxt->idt_limit); - #endif - -+#ifdef CONFIG_X86_64 - /* -- * segment registers -+ * We need GSBASE restored before percpu access can work. -+ * percpu access can happen in exception handlers or in complicated -+ * helpers like load_gs_index(). -+ */ -+ wrmsrl(MSR_GS_BASE, ctxt->gs_base); -+#endif -+ -+ fix_processor_context(); -+ -+ /* -+ * Restore segment registers. This happens after restoring the GDT -+ * and LDT, which happen in fix_processor_context(). - */ - #ifdef CONFIG_X86_32 - loadsegment(es, ctxt->es); -@@ -250,13 +262,14 @@ static void notrace __restore_processor_state(struct saved_context *ctxt) - load_gs_index(ctxt->gs); - asm volatile ("movw %0, %%ss" :: "r" (ctxt->ss)); - -+ /* -+ * Restore FSBASE and user GSBASE after reloading the respective -+ * segment selectors. -+ */ - wrmsrl(MSR_FS_BASE, ctxt->fs_base); -- wrmsrl(MSR_GS_BASE, ctxt->gs_base); - wrmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base); - #endif - -- fix_processor_context(); -- - do_fpu_end(); - tsc_verify_tsc_adjust(true); - x86_platform.restore_sched_clock_state(); --- -2.17.1 - diff --git a/queue-4.9/series b/queue-4.9/series index 9a5daa2e3eb..ceee2100a00 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -89,7 +89,6 @@ ocfs2-fix-deadlock-caused-by-recursive-locking-in-xa.patch net-cdc_ncm-getntbformat-endian-fix.patch sctp-use-right-member-as-the-param-of-list_for_each_.patch alsa-hda-no-loopback-on-alc299-codec.patch -x86-power-fix-some-ordering-bugs-in-__restore_proces.patch ath10k-convert-warning-about-non-existent-otp-board-.patch ipv6-fix-cleanup-ordering-for-ip6_mr-failure.patch ib-ipoib-fix-lockdep-issue-found-on-ipoib_ib_dev_hea.patch diff --git a/queue-4.9/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch b/queue-4.9/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch deleted file mode 100644 index 27fe1dcc768..00000000000 --- a/queue-4.9/x86-power-fix-some-ordering-bugs-in-__restore_proces.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 160052e7ad155125fa8a3993db49c5286957b11e Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski -Date: Thu, 30 Nov 2017 07:57:57 -0800 -Subject: x86/power: Fix some ordering bugs in __restore_processor_context() - -[ Upstream commit 5b06bbcfc2c621da3009da8decb7511500c293ed ] - -__restore_processor_context() had a couple of ordering bugs. It -restored GSBASE after calling load_gs_index(), and the latter can -call into tracing code. It also tried to restore segment registers -before restoring the LDT, which is straight-up wrong. - -Reorder the code so that we restore GSBASE, then the descriptor -tables, then the segments. - -This fixes two bugs. First, it fixes a regression that broke resume -under certain configurations due to irqflag tracing in -native_load_gs_index(). Second, it fixes resume when the userspace -process that initiated suspect had funny segments. The latter can be -reproduced by compiling this: - -// SPDX-License-Identifier: GPL-2.0 -/* - * ldt_echo.c - Echo argv[1] while using an LDT segment - */ - -int main(int argc, char **argv) -{ - int ret; - size_t len; - char *buf; - - const struct user_desc desc = { - .entry_number = 0, - .base_addr = 0, - .limit = 0xfffff, - .seg_32bit = 1, - .contents = 0, /* Data, grow-up */ - .read_exec_only = 0, - .limit_in_pages = 1, - .seg_not_present = 0, - .useable = 0 - }; - - if (argc != 2) - errx(1, "Usage: %s STRING", argv[0]); - - len = asprintf(&buf, "%s\n", argv[1]); - if (len < 0) - errx(1, "Out of memory"); - - ret = syscall(SYS_modify_ldt, 1, &desc, sizeof(desc)); - if (ret < -1) - errno = -ret; - if (ret) - err(1, "modify_ldt"); - - asm volatile ("movw %0, %%es" :: "rm" ((unsigned short)7)); - write(1, buf, len); - return 0; -} - -and running ldt_echo >/sys/power/mem - -Without the fix, the latter causes a triple fault on resume. - -Fixes: ca37e57bbe0c ("x86/entry/64: Add missing irqflags tracing to native_load_gs_index()") -Reported-by: Jarkko Nikula -Signed-off-by: Andy Lutomirski -Signed-off-by: Thomas Gleixner -Tested-by: Jarkko Nikula -Cc: Peter Zijlstra -Cc: Borislav Petkov -Cc: Linus Torvalds -Link: https://lkml.kernel.org/r/6b31721ea92f51ea839e79bd97ade4a75b1eeea2.1512057304.git.luto@kernel.org -Signed-off-by: Ingo Molnar -Signed-off-by: Sasha Levin ---- - arch/x86/power/cpu.c | 21 +++++++++++++++++---- - 1 file changed, 17 insertions(+), 4 deletions(-) - -diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 53cace2ec0e2..73063dfed476 100644 ---- a/arch/x86/power/cpu.c -+++ b/arch/x86/power/cpu.c -@@ -222,8 +222,20 @@ static void notrace __restore_processor_state(struct saved_context *ctxt) - load_idt((const struct desc_ptr *)&ctxt->idt_limit); - #endif - -+#ifdef CONFIG_X86_64 - /* -- * segment registers -+ * We need GSBASE restored before percpu access can work. -+ * percpu access can happen in exception handlers or in complicated -+ * helpers like load_gs_index(). -+ */ -+ wrmsrl(MSR_GS_BASE, ctxt->gs_base); -+#endif -+ -+ fix_processor_context(); -+ -+ /* -+ * Restore segment registers. This happens after restoring the GDT -+ * and LDT, which happen in fix_processor_context(). - */ - #ifdef CONFIG_X86_32 - loadsegment(es, ctxt->es); -@@ -244,13 +256,14 @@ static void notrace __restore_processor_state(struct saved_context *ctxt) - load_gs_index(ctxt->gs); - asm volatile ("movw %0, %%ss" :: "r" (ctxt->ss)); - -+ /* -+ * Restore FSBASE and user GSBASE after reloading the respective -+ * segment selectors. -+ */ - wrmsrl(MSR_FS_BASE, ctxt->fs_base); -- wrmsrl(MSR_GS_BASE, ctxt->gs_base); - wrmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base); - #endif - -- fix_processor_context(); -- - do_fpu_end(); - x86_platform.restore_sched_clock_state(); - mtrr_bp_restore(); --- -2.17.1 - -- 2.47.2