--- /dev/null
+From 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc Mon Sep 17 00:00:00 2001
+From: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>
+Date: Thu, 19 May 2022 14:42:37 +0530
+Subject: kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
+
+From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+
+commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream.
+
+Since commit d1bcae833b32f1 ("ELF: Don't generate unused section
+symbols") [1], binutils (v2.36+) started dropping section symbols that
+it thought were unused. This isn't an issue in general, but with
+kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a
+separate .text.unlikely section and the section symbol ".text.unlikely"
+is being dropped. Due to this, recordmcount is unable to find a non-weak
+symbol in .text.unlikely to generate a relocation record against.
+
+Address this by dropping the weak attribute from these functions.
+Instead, follow the existing pattern of having architectures #define the
+name of the function they want to override in their headers.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1
+
+[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h]
+Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/kexec.h | 7 +++++++
+ include/linux/kexec.h | 26 ++++++++++++++++++++++----
+ kernel/kexec_file.c | 18 ------------------
+ 3 files changed, 29 insertions(+), 22 deletions(-)
+
+--- a/arch/x86/include/asm/kexec.h
++++ b/arch/x86/include/asm/kexec.h
+@@ -20,6 +20,7 @@
+ #ifndef __ASSEMBLY__
+
+ #include <linux/string.h>
++#include <linux/module.h>
+
+ #include <asm/page.h>
+ #include <asm/ptrace.h>
+@@ -206,6 +207,12 @@ struct kexec_entry64_regs {
+ uint64_t r15;
+ uint64_t rip;
+ };
++
++#ifdef CONFIG_KEXEC_FILE
++int arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr,
++ Elf_Shdr *sechdrs, unsigned int relsec);
++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
++#endif
+ #endif
+
+ typedef void crash_vmclear_fn(void);
+--- a/include/linux/kexec.h
++++ b/include/linux/kexec.h
+@@ -148,6 +148,28 @@ struct kexec_file_ops {
+ kexec_verify_sig_t *verify_sig;
+ #endif
+ };
++
++#ifndef arch_kexec_apply_relocations_add
++/* Apply relocations of type RELA */
++static inline int
++arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr,
++ Elf_Shdr *sechdrs, unsigned int relsec)
++{
++ pr_err("RELA relocation unsupported.\n");
++ return -ENOEXEC;
++}
++#endif
++
++#ifndef arch_kexec_apply_relocations
++/* Apply relocations of type REL */
++static inline int
++arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
++ unsigned int relsec)
++{
++ pr_err("REL relocation unsupported.\n");
++ return -ENOEXEC;
++}
++#endif
+ #endif
+
+ struct kimage {
+@@ -320,10 +342,6 @@ void * __weak arch_kexec_kernel_image_lo
+ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image);
+ int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
+ unsigned long buf_len);
+-int __weak arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr,
+- Elf_Shdr *sechdrs, unsigned int relsec);
+-int __weak arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
+- unsigned int relsec);
+ void arch_kexec_protect_crashkres(void);
+ void arch_kexec_unprotect_crashkres(void);
+
+--- a/kernel/kexec_file.c
++++ b/kernel/kexec_file.c
+@@ -59,24 +59,6 @@ int __weak arch_kexec_kernel_verify_sig(
+ }
+ #endif
+
+-/* Apply relocations of type RELA */
+-int __weak
+-arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
+- unsigned int relsec)
+-{
+- pr_err("RELA relocation unsupported.\n");
+- return -ENOEXEC;
+-}
+-
+-/* Apply relocations of type REL */
+-int __weak
+-arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
+- unsigned int relsec)
+-{
+- pr_err("REL relocation unsupported.\n");
+- return -ENOEXEC;
+-}
+-
+ /*
+ * Free up memory used by kernel, initrd, and command line. This is temporary
+ * memory allocation which is not needed any more after these buffers have
--- /dev/null
+From liushixin2@huawei.com Thu Jun 30 15:25:54 2022
+From: Liu Shixin <liushixin2@huawei.com>
+Date: Thu, 30 Jun 2022 19:32:25 +0800
+Subject: swiotlb: skip swiotlb_bounce when orig_addr is zero
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Halil Pasic <pasic@linux.ibm.com>, Christoph Hellwig <hch@lst.de>, Ovidiu Panait <ovidiu.panait@windriver.com>, Ben Hutchings <ben@decadent.org.uk>
+Cc: <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>, Liu Shixin <liushixin2@huawei.com>
+Message-ID: <20220630113225.1544802-1-liushixin2@huawei.com>
+
+From: Liu Shixin <liushixin2@huawei.com>
+
+After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"),
+swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally.
+This requires that the physical address must be valid, which is not always
+true on stable-4.19 or earlier version.
+On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with
+orig_addr equal to zero, which cause such a panic:
+
+Unable to handle kernel paging request at virtual address ffffb77a40000000
+...
+pc : __memcpy+0x100/0x180
+lr : swiotlb_bounce+0x74/0x88
+...
+Call trace:
+ __memcpy+0x100/0x180
+ swiotlb_tbl_map_single+0x2c8/0x338
+ swiotlb_alloc+0xb4/0x198
+ __dma_alloc+0x84/0x1d8
+ ...
+
+On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single
+with orig_addr equal to zero, which can cause same panic.
+
+Fix this by skipping swiotlb_bounce when orig_addr is zero.
+
+Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE")
+Signed-off-by: Liu Shixin <liushixin2@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/swiotlb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/swiotlb.c
++++ b/lib/swiotlb.c
+@@ -539,7 +539,8 @@ found:
+ * unconditional bounce may prevent leaking swiotlb content (i.e.
+ * kernel memory) to user-space.
+ */
+- swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE);
++ if (orig_addr)
++ swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE);
+ return tlb_addr;
+ }
+ EXPORT_SYMBOL_GPL(swiotlb_tbl_map_single);
projects / thirdparty / kernel / stable-queue.git / commitdiff
