--- /dev/null
+From 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 Mon Sep 17 00:00:00 2001
+From: Nick Desaulniers <ndesaulniers@google.com>
+Date: Fri, 16 Oct 2020 10:53:39 -0700
+Subject: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
+
+From: Nick Desaulniers <ndesaulniers@google.com>
+
+commit 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 upstream.
+
+With CONFIG_EXPERT=y, CONFIG_KASAN=y, CONFIG_RANDOMIZE_BASE=n,
+CONFIG_RELOCATABLE=n, we observe the following failure when trying to
+link the kernel image with LD=ld.lld:
+
+error: section: .exit.data is not contiguous with other relro sections
+
+ld.lld defaults to -z relro while ld.bfd defaults to -z norelro. This
+was previously fixed, but only for CONFIG_RELOCATABLE=y.
+
+Fixes: 3bbd3db86470 ("arm64: relocatable: fix inconsistencies in linker script and options")
+Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201016175339.2429280-1-ndesaulniers@google.com
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/Makefile
++++ b/arch/arm64/Makefile
+@@ -10,7 +10,7 @@
+ #
+ # Copyright (C) 1995-2001 by Russell King
+
+-LDFLAGS_vmlinux :=--no-undefined -X
++LDFLAGS_vmlinux :=--no-undefined -X -z norelro
+ CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET)
+ GZFLAGS :=-9
+
+@@ -18,7 +18,7 @@ ifeq ($(CONFIG_RELOCATABLE), y)
+ # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour
+ # for relative relocs, since this leads to better Image compression
+ # with the relocation offsets always being zero.
+-LDFLAGS_vmlinux += -shared -Bsymbolic -z notext -z norelro \
++LDFLAGS_vmlinux += -shared -Bsymbolic -z notext \
+ $(call ld-option, --no-apply-dynamic-relocs)
+ endif
+
--- /dev/null
+From 18fce56134c987e5b4eceddafdbe4b00c07e2ae1 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Thu, 16 Jul 2020 17:11:09 +0100
+Subject: arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 18fce56134c987e5b4eceddafdbe4b00c07e2ae1 upstream.
+
+Commit 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack
+thereof") changed the way we deal with ARCH_WORKAROUND_1, by moving most
+of the enabling code to the .matches() callback.
+
+This has the unfortunate effect that the workaround gets only enabled on
+the first affected CPU, and no other.
+
+In order to address this, forcefully call the .matches() callback from a
+.cpu_enable() callback, which brings us back to the original behaviour.
+
+Fixes: 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack thereof")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/cpu_errata.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -635,6 +635,12 @@ check_branch_predictor(const struct arm6
+ return (need_wa > 0);
+ }
+
++static void
++cpu_enable_branch_predictor_hardening(const struct arm64_cpu_capabilities *cap)
++{
++ cap->matches(cap, SCOPE_LOCAL_CPU);
++}
++
+ static const __maybe_unused struct midr_range tx2_family_cpus[] = {
+ MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN),
+ MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2),
+@@ -894,9 +900,11 @@ const struct arm64_cpu_capabilities arm6
+ },
+ #endif
+ {
++ .desc = "Branch predictor hardening",
+ .capability = ARM64_HARDEN_BRANCH_PREDICTOR,
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
+ .matches = check_branch_predictor,
++ .cpu_enable = cpu_enable_branch_predictor_hardening,
+ },
+ #ifdef CONFIG_HARDEN_EL2_VECTORS
+ {
--- /dev/null
+From 39533e12063be7f55e3d6ae21ffe067799d542a4 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Thu, 16 Jul 2020 17:11:10 +0100
+Subject: arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 39533e12063be7f55e3d6ae21ffe067799d542a4 upstream.
+
+Commit 606f8e7b27bf ("arm64: capabilities: Use linear array for
+detection and verification") changed the way we deal with per-CPU errata
+by only calling the .matches() callback until one CPU is found to be
+affected. At this point, .matches() stop being called, and .cpu_enable()
+will be called on all CPUs.
+
+This breaks the ARCH_WORKAROUND_2 handling, as only a single CPU will be
+mitigated.
+
+In order to address this, forcefully call the .matches() callback from a
+.cpu_enable() callback, which brings us back to the original behaviour.
+
+Fixes: 606f8e7b27bf ("arm64: capabilities: Use linear array for detection and verification")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/cpu_errata.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -492,6 +492,12 @@ out_printmsg:
+ return required;
+ }
+
++static void cpu_enable_ssbd_mitigation(const struct arm64_cpu_capabilities *cap)
++{
++ if (ssbd_state != ARM64_SSBD_FORCE_DISABLE)
++ cap->matches(cap, SCOPE_LOCAL_CPU);
++}
++
+ /* known invulnerable cores */
+ static const struct midr_range arm64_ssb_cpus[] = {
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A35),
+@@ -918,6 +924,7 @@ const struct arm64_cpu_capabilities arm6
+ .capability = ARM64_SSBD,
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
+ .matches = has_ssbd_mitigation,
++ .cpu_enable = cpu_enable_ssbd_mitigation,
+ .midr_range_list = arm64_ssb_cpus,
+ },
+ #ifdef CONFIG_ARM64_ERRATUM_1418040
socket-don-t-clear-sock_tstamp_new-when-so_timestampns-is-disabled.patch
objtool-support-clang-non-section-symbols-in-orc-generation.patch
scripts-setlocalversion-make-git-describe-output-more-reliable.patch
+arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch
+arm64-run-arch_workaround_2-enabling-code-on-all-cpus.patch
+arm64-link-with-z-norelro-regardless-of-config_relocatable.patch
+x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch
--- /dev/null
+From 035fff1f7aab43e420e0098f0854470a5286fb83 Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Fri, 21 Aug 2020 17:10:27 -0700
+Subject: x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit 035fff1f7aab43e420e0098f0854470a5286fb83 upstream.
+
+Fix build error when CONFIG_ACPI is not set/enabled by adding the header
+file <asm/acpi.h> which contains a stub for the function in the build
+error.
+
+ ../arch/x86/pci/intel_mid_pci.c: In function ‘intel_mid_pci_init’:
+ ../arch/x86/pci/intel_mid_pci.c:303:2: error: implicit declaration of function ‘acpi_noirq_set’; did you mean ‘acpi_irq_get’? [-Werror=implicit-function-declaration]
+ acpi_noirq_set();
+
+Fixes: a912a7584ec3 ("x86/platform/intel-mid: Move PCI initialization to arch_init()")
+Link: https://lore.kernel.org/r/ea903917-e51b-4cc9-2680-bc1e36efa026@infradead.org
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Reviewed-by: Jesse Barnes <jsbarnes@google.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org # v4.16+
+Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
+Cc: Len Brown <lenb@kernel.org>
+Cc: Jesse Barnes <jsbarnes@google.com>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/pci/intel_mid_pci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/pci/intel_mid_pci.c
++++ b/arch/x86/pci/intel_mid_pci.c
+@@ -33,6 +33,7 @@
+ #include <asm/hw_irq.h>
+ #include <asm/io_apic.h>
+ #include <asm/intel-mid.h>
++#include <asm/acpi.h>
+
+ #define PCIE_CAP_OFFSET 0x100
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
