From 63483c1509fcc84f1253023e3d6a18ad0789cfd7 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 30 Jun 2022 15:29:05 +0200 Subject: [PATCH] 4.9-stable patches added patches: kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch --- ...te-from-arch_kexec_apply_relocations.patch | 129 ++++++++++++++++++ queue-4.9/series | 2 + ...wiotlb_bounce-when-orig_addr-is-zero.patch | 53 +++++++ 3 files changed, 184 insertions(+) create mode 100644 queue-4.9/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch create mode 100644 queue-4.9/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch diff --git a/queue-4.9/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch b/queue-4.9/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch new file mode 100644 index 00000000000..73b9d45e9b5 --- /dev/null +++ b/queue-4.9/kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch @@ -0,0 +1,129 @@ +From 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc Mon Sep 17 00:00:00 2001 +From: "Naveen N. Rao" +Date: Thu, 19 May 2022 14:42:37 +0530 +Subject: kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] + +From: Naveen N. Rao + +commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream. + +Since commit d1bcae833b32f1 ("ELF: Don't generate unused section +symbols") [1], binutils (v2.36+) started dropping section symbols that +it thought were unused. This isn't an issue in general, but with +kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a +separate .text.unlikely section and the section symbol ".text.unlikely" +is being dropped. Due to this, recordmcount is unable to find a non-weak +symbol in .text.unlikely to generate a relocation record against. + +Address this by dropping the weak attribute from these functions. +Instead, follow the existing pattern of having architectures #define the +name of the function they want to override in their headers. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1 + +[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h] +Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com +Signed-off-by: Michael Ellerman +Signed-off-by: Naveen N. Rao +Cc: "Eric W. Biederman" +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/kexec.h | 7 +++++++ + include/linux/kexec.h | 26 ++++++++++++++++++++++---- + kernel/kexec_file.c | 18 ------------------ + 3 files changed, 29 insertions(+), 22 deletions(-) + +--- a/arch/x86/include/asm/kexec.h ++++ b/arch/x86/include/asm/kexec.h +@@ -20,6 +20,7 @@ + #ifndef __ASSEMBLY__ + + #include ++#include + + #include + #include +@@ -206,6 +207,12 @@ struct kexec_entry64_regs { + uint64_t r15; + uint64_t rip; + }; ++ ++#ifdef CONFIG_KEXEC_FILE ++int arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, ++ Elf_Shdr *sechdrs, unsigned int relsec); ++#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add ++#endif + #endif + + typedef void crash_vmclear_fn(void); +--- a/include/linux/kexec.h ++++ b/include/linux/kexec.h +@@ -148,6 +148,28 @@ struct kexec_file_ops { + kexec_verify_sig_t *verify_sig; + #endif + }; ++ ++#ifndef arch_kexec_apply_relocations_add ++/* Apply relocations of type RELA */ ++static inline int ++arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, ++ Elf_Shdr *sechdrs, unsigned int relsec) ++{ ++ pr_err("RELA relocation unsupported.\n"); ++ return -ENOEXEC; ++} ++#endif ++ ++#ifndef arch_kexec_apply_relocations ++/* Apply relocations of type REL */ ++static inline int ++arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, ++ unsigned int relsec) ++{ ++ pr_err("REL relocation unsupported.\n"); ++ return -ENOEXEC; ++} ++#endif + #endif + + struct kimage { +@@ -320,10 +342,6 @@ void * __weak arch_kexec_kernel_image_lo + int __weak arch_kimage_file_post_load_cleanup(struct kimage *image); + int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, + unsigned long buf_len); +-int __weak arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, +- Elf_Shdr *sechdrs, unsigned int relsec); +-int __weak arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, +- unsigned int relsec); + void arch_kexec_protect_crashkres(void); + void arch_kexec_unprotect_crashkres(void); + +--- a/kernel/kexec_file.c ++++ b/kernel/kexec_file.c +@@ -59,24 +59,6 @@ int __weak arch_kexec_kernel_verify_sig( + } + #endif + +-/* Apply relocations of type RELA */ +-int __weak +-arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, +- unsigned int relsec) +-{ +- pr_err("RELA relocation unsupported.\n"); +- return -ENOEXEC; +-} +- +-/* Apply relocations of type REL */ +-int __weak +-arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, +- unsigned int relsec) +-{ +- pr_err("REL relocation unsupported.\n"); +- return -ENOEXEC; +-} +- + /* + * Free up memory used by kernel, initrd, and command line. This is temporary + * memory allocation which is not needed any more after these buffers have diff --git a/queue-4.9/series b/queue-4.9/series index fc6240caac1..37b0c749dce 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -26,3 +26,5 @@ drm-remove-drm_fb_helper_modinit.patch xen-unexport-__init-annotated-xen_xlate_map_ballooned_pages.patch xen-gntdev-avoid-blocking-in-unmap_grant_pages.patch fdt-update-crc-check-for-rng-seed.patch +kexec_file-drop-weak-attribute-from-arch_kexec_apply_relocations.patch +swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch diff --git a/queue-4.9/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch b/queue-4.9/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch new file mode 100644 index 00000000000..c85dda05d89 --- /dev/null +++ b/queue-4.9/swiotlb-skip-swiotlb_bounce-when-orig_addr-is-zero.patch @@ -0,0 +1,53 @@ +From liushixin2@huawei.com Thu Jun 30 15:25:54 2022 +From: Liu Shixin +Date: Thu, 30 Jun 2022 19:32:25 +0800 +Subject: swiotlb: skip swiotlb_bounce when orig_addr is zero +To: Greg Kroah-Hartman , Halil Pasic , Christoph Hellwig , Ovidiu Panait , Ben Hutchings +Cc: , , Liu Shixin +Message-ID: <20220630113225.1544802-1-liushixin2@huawei.com> + +From: Liu Shixin + +After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"), +swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally. +This requires that the physical address must be valid, which is not always +true on stable-4.19 or earlier version. +On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with +orig_addr equal to zero, which cause such a panic: + +Unable to handle kernel paging request at virtual address ffffb77a40000000 +... +pc : __memcpy+0x100/0x180 +lr : swiotlb_bounce+0x74/0x88 +... +Call trace: + __memcpy+0x100/0x180 + swiotlb_tbl_map_single+0x2c8/0x338 + swiotlb_alloc+0xb4/0x198 + __dma_alloc+0x84/0x1d8 + ... + +On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single +with orig_addr equal to zero, which can cause same panic. + +Fix this by skipping swiotlb_bounce when orig_addr is zero. + +Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE") +Signed-off-by: Liu Shixin +Signed-off-by: Greg Kroah-Hartman +--- + lib/swiotlb.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/lib/swiotlb.c ++++ b/lib/swiotlb.c +@@ -539,7 +539,8 @@ found: + * unconditional bounce may prevent leaking swiotlb content (i.e. + * kernel memory) to user-space. + */ +- swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE); ++ if (orig_addr) ++ swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE); + return tlb_addr; + } + EXPORT_SYMBOL_GPL(swiotlb_tbl_map_single); -- 2.47.3