5.5-stable patches

added patches:
	arm64-always-force-a-branch-protection-mode-when-the-compiler-has-one.patch

diff --git a/queue-5.5/arm64-always-force-a-branch-protection-mode-when-the-compiler-has-one.patch b/queue-5.5/arm64-always-force-a-branch-protection-mode-when-the-compiler-has-one.patch
new file mode 100644 (file)
index 0000000..3848145
--- /dev/null
+++ b/queue-5.5/arm64-always-force-a-branch-protection-mode-when-the-compiler-has-one.patch
@@ -0,0 +1,54 @@
+From b8fdef311a0bd9223f10754f94fdcf1a594a3457 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Tue, 31 Mar 2020 20:44:59 +0100
+Subject: arm64: Always force a branch protection mode when the compiler has one
+
+From: Mark Brown <broonie@kernel.org>
+
+commit b8fdef311a0bd9223f10754f94fdcf1a594a3457 upstream.
+
+Compilers with branch protection support can be configured to enable it by
+default, it is likely that distributions will do this as part of deploying
+branch protection system wide. As well as the slight overhead from having
+some extra NOPs for unused branch protection features this can cause more
+serious problems when the kernel is providing pointer authentication to
+userspace but not built for pointer authentication itself. In that case our
+switching of keys for userspace can affect the kernel unexpectedly, causing
+pointer authentication instructions in the kernel to corrupt addresses.
+
+To ensure that we get consistent and reliable behaviour always explicitly
+initialise the branch protection mode, ensuring that the kernel is built
+the same way regardless of the compiler defaults.
+
+[This is a reworked version of b8fdef311a0bd9223f1075 ("arm64: Always
+force a branch protection mode when the compiler has one") for backport.
+Kernels prior to 74afda4016a7 ("arm64: compile the kernel with ptrauth
+return address signing") don't have any Makefile machinery for forcing
+on pointer auth but still have issues if the compiler defaults it on so
+need this reworked version. -- broonie]
+
+Fixes: 7503197562567 (arm64: add basic pointer authentication support)
+Reported-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+[catalin.marinas@arm.com: remove Kconfig option in favour of Makefile check]
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Makefile |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/arm64/Makefile
++++ b/arch/arm64/Makefile
+@@ -72,6 +72,10 @@ stack_protector_prepare: prepare0
+                                       include/generated/asm-offsets.h))
+ endif
+ 
++# Ensure that if the compiler supports branch protection we default it
++# off.
++KBUILD_CFLAGS += $(call cc-option,-mbranch-protection=none)
++
+ ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)
+ KBUILD_CPPFLAGS       += -mbig-endian
+ CHECKFLAGS    += -D__AARCH64EB__

diff --git a/queue-5.5/series b/queue-5.5/series
index cc64fa9494abe41b02443bcc18bc7f0a6123dfe3..4c85ccffaa0442e7468b1a0aa6923f8aae6d1ebd 100644 (file)
--- a/queue-5.5/series
+++ b/queue-5.5/series
@@ -132,7 +132,6 @@ mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch
 mips-octeon-irq-fix-potential-null-pointer-dereference.patch
 pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch
 pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch
-sdhci-tegra-implement-tegra-specific-set_timeout-callback.patch
 ath9k-handle-txpower-changes-even-when-tpc-is-disabled.patch
 signal-extend-exec_id-to-64bits.patch
 x86-tsc_msr-use-named-struct-initializers.patch
@@ -243,3 +242,4 @@ powerpc-xive-fix-xmon-support-on-the-powernv-platform.patch
 powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch
 powerpc-64-prevent-stack-protection-in-early-boot.patch
 scsi-mpt3sas-fix-kernel-panic-observed-on-soft-hba-unplug.patch
+arm64-always-force-a-branch-protection-mode-when-the-compiler-has-one.patch