From: Greg Kroah-Hartman Date: Thu, 30 Jun 2022 13:29:17 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.9.321~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1186d9d8b577860eadab69f0a450b4248d056dee;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch --- diff --git a/queue-4.14/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch b/queue-4.14/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch new file mode 100644 index 00000000000..22aba486fb9 --- /dev/null +++ b/queue-4.14/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch @@ -0,0 +1,128 @@ +From 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc Mon Sep 17 00:00:00 2001 +From: "Naveen N. Rao" +Date: Thu, 19 May 2022 14:42:37 +0530 +Subject: kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] + +From: Naveen N. Rao + +commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream. + +Since commit d1bcae833b32f1 ("ELF: Don't generate unused section +symbols") [1], binutils (v2.36+) started dropping section symbols that +it thought were unused. This isn't an issue in general, but with +kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a +separate .text.unlikely section and the section symbol ".text.unlikely" +is being dropped. Due to this, recordmcount is unable to find a non-weak +symbol in .text.unlikely to generate a relocation record against. + +Address this by dropping the weak attribute from these functions. +Instead, follow the existing pattern of having architectures #define the +name of the function they want to override in their headers. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1 + +[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h] +Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com +Signed-off-by: Michael Ellerman +Signed-off-by: Naveen N. Rao +Cc: "Eric W. Biederman" +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/kexec.h | 6 ++++++ + include/linux/kexec.h | 26 ++++++++++++++++++++++---- + kernel/kexec_file.c | 18 ------------------ + 3 files changed, 28 insertions(+), 22 deletions(-) + +--- a/arch/x86/include/asm/kexec.h ++++ b/arch/x86/include/asm/kexec.h +@@ -21,6 +21,7 @@ + #ifndef __ASSEMBLY__ + + #include ++#include + + #include + #include +@@ -217,6 +218,11 @@ extern int arch_kexec_post_alloc_pages(v + extern void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages); + #define arch_kexec_pre_free_pages arch_kexec_pre_free_pages + ++#ifdef CONFIG_KEXEC_FILE ++int arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, ++ Elf_Shdr *sechdrs, unsigned int relsec); ++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add ++#endif + #endif + + typedef void crash_vmclear_fn(void); +--- a/include/linux/kexec.h ++++ b/include/linux/kexec.h +@@ -163,6 +163,28 @@ int __weak arch_kexec_walk_mem(struct ke + int (*func)(u64, u64, void *)); + extern int kexec_add_buffer(struct kexec_buf *kbuf); + int kexec_locate_mem_hole(struct kexec_buf *kbuf); ++ ++#ifndef arch_kexec_apply_relocations_add ++/* Apply relocations of type RELA */ ++static inline int ++arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, ++ Elf_Shdr *sechdrs, unsigned int relsec) ++{ ++ pr_err("RELA relocation unsupported.\n"); ++ return -ENOEXEC; ++} ++#endif ++ ++#ifndef arch_kexec_apply_relocations ++/* Apply relocations of type REL */ ++static inline int ++arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, ++ unsigned int relsec) ++{ ++ pr_err("REL relocation unsupported.\n"); ++ return -ENOEXEC; ++} ++#endif + #endif /* CONFIG_KEXEC_FILE */ + + struct kimage { +@@ -288,10 +310,6 @@ void * __weak arch_kexec_kernel_image_lo + int __weak arch_kimage_file_post_load_cleanup(struct kimage *image); + int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, + unsigned long buf_len); +-int __weak arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, +- Elf_Shdr *sechdrs, unsigned int relsec); +-int __weak arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, +- unsigned int relsec); + void arch_kexec_protect_crashkres(void); + void arch_kexec_unprotect_crashkres(void); + +--- a/kernel/kexec_file.c ++++ b/kernel/kexec_file.c +@@ -53,24 +53,6 @@ int __weak arch_kexec_kernel_verify_sig( + } + #endif + +-/* Apply relocations of type RELA */ +-int __weak +-arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, +- unsigned int relsec) +-{ +- pr_err("RELA relocation unsupported.\n"); +- return -ENOEXEC; +-} +- +-/* Apply relocations of type REL */ +-int __weak +-arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, +- unsigned int relsec) +-{ +- pr_err("REL relocation unsupported.\n"); +- return -ENOEXEC; +-} +- + /* + * Free up memory used by kernel, initrd, and command line. This is temporary + * memory allocation which is not needed any more after these buffers have diff --git a/queue-4.14/series b/queue-4.14/series index f1e813561a2..d1bc252fbcc 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -32,3 +32,5 @@ drm-remove-drm_fb_helper_modinit.patch xen-unexport-__init-annotated-xen_xlate_map_ballooned_pages.patch xen-gntdev-avoid-blocking-in-unmap_grant_pages.patch fdt-update-crc-check-for-rng-seed.patch +kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch +swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch diff --git a/queue-4.14/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch b/queue-4.14/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch new file mode 100644 index 00000000000..0ff48e5b92b --- /dev/null +++ b/queue-4.14/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch @@ -0,0 +1,53 @@ +From liushixin2@huawei.com Thu Jun 30 15:25:54 2022 +From: Liu Shixin +Date: Thu, 30 Jun 2022 19:32:25 +0800 +Subject: swiotlb: skip swiotlb_bounce when orig_addr is zero +To: Greg Kroah-Hartman , Halil Pasic , Christoph Hellwig , Ovidiu Panait , Ben Hutchings +Cc: , , Liu Shixin +Message-ID: <20220630113225.1544802-1-liushixin2@huawei.com> + +From: Liu Shixin + +After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"), +swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally. +This requires that the physical address must be valid, which is not always +true on stable-4.19 or earlier version. +On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with +orig_addr equal to zero, which cause such a panic: + +Unable to handle kernel paging request at virtual address ffffb77a40000000 +... +pc : __memcpy+0x100/0x180 +lr : swiotlb_bounce+0x74/0x88 +... +Call trace: + __memcpy+0x100/0x180 + swiotlb_tbl_map_single+0x2c8/0x338 + swiotlb_alloc+0xb4/0x198 + __dma_alloc+0x84/0x1d8 + ... + +On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single +with orig_addr equal to zero, which can cause same panic. + +Fix this by skipping swiotlb_bounce when orig_addr is zero. + +Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE") +Signed-off-by: Liu Shixin +Signed-off-by: Greg Kroah-Hartman +--- + lib/swiotlb.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/lib/swiotlb.c ++++ b/lib/swiotlb.c +@@ -607,7 +607,8 @@ found: + * unconditional bounce may prevent leaking swiotlb content (i.e. + * kernel memory) to user-space. + */ +- swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE); ++ if (orig_addr) ++ swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE); + return tlb_addr; + } + EXPORT_SYMBOL_GPL(swiotlb_tbl_map_single);