From: Greg Kroah-Hartman Date: Thu, 29 Oct 2020 13:03:41 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.19.154~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e5a3079eba94a2182c5f27676a06bfa90a31064;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: arm64-link-with-z-norelro-regardless-of-config_relocatable.patch arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch arm64-run-arch_workaround_2-enabling-code-on-all-cpus.patch x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch --- diff --git a/queue-5.4/arm64-link-with-z-norelro-regardless-of-config_relocatable.patch b/queue-5.4/arm64-link-with-z-norelro-regardless-of-config_relocatable.patch new file mode 100644 index 00000000000..115c5cb98be --- /dev/null +++ b/queue-5.4/arm64-link-with-z-norelro-regardless-of-config_relocatable.patch @@ -0,0 +1,49 @@ +From 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 Mon Sep 17 00:00:00 2001 +From: Nick Desaulniers +Date: Fri, 16 Oct 2020 10:53:39 -0700 +Subject: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE + +From: Nick Desaulniers + +commit 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 upstream. + +With CONFIG_EXPERT=y, CONFIG_KASAN=y, CONFIG_RANDOMIZE_BASE=n, +CONFIG_RELOCATABLE=n, we observe the following failure when trying to +link the kernel image with LD=ld.lld: + +error: section: .exit.data is not contiguous with other relro sections + +ld.lld defaults to -z relro while ld.bfd defaults to -z norelro. This +was previously fixed, but only for CONFIG_RELOCATABLE=y. + +Fixes: 3bbd3db86470 ("arm64: relocatable: fix inconsistencies in linker script and options") +Signed-off-by: Nick Desaulniers +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20201016175339.2429280-1-ndesaulniers@google.com +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -10,7 +10,7 @@ + # + # Copyright (C) 1995-2001 by Russell King + +-LDFLAGS_vmlinux :=--no-undefined -X ++LDFLAGS_vmlinux :=--no-undefined -X -z norelro + CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET) + GZFLAGS :=-9 + +@@ -18,7 +18,7 @@ ifeq ($(CONFIG_RELOCATABLE), y) + # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour + # for relative relocs, since this leads to better Image compression + # with the relocation offsets always being zero. +-LDFLAGS_vmlinux += -shared -Bsymbolic -z notext -z norelro \ ++LDFLAGS_vmlinux += -shared -Bsymbolic -z notext \ + $(call ld-option, --no-apply-dynamic-relocs) + endif + diff --git a/queue-5.4/arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch b/queue-5.4/arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch new file mode 100644 index 00000000000..84f27d711d3 --- /dev/null +++ b/queue-5.4/arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch @@ -0,0 +1,57 @@ +From 18fce56134c987e5b4eceddafdbe4b00c07e2ae1 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Thu, 16 Jul 2020 17:11:09 +0100 +Subject: arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs + +From: Marc Zyngier + +commit 18fce56134c987e5b4eceddafdbe4b00c07e2ae1 upstream. + +Commit 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack +thereof") changed the way we deal with ARCH_WORKAROUND_1, by moving most +of the enabling code to the .matches() callback. + +This has the unfortunate effect that the workaround gets only enabled on +the first affected CPU, and no other. + +In order to address this, forcefully call the .matches() callback from a +.cpu_enable() callback, which brings us back to the original behaviour. + +Fixes: 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack thereof") +Cc: +Reviewed-by: Suzuki K Poulose +Signed-off-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/cpu_errata.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -635,6 +635,12 @@ check_branch_predictor(const struct arm6 + return (need_wa > 0); + } + ++static void ++cpu_enable_branch_predictor_hardening(const struct arm64_cpu_capabilities *cap) ++{ ++ cap->matches(cap, SCOPE_LOCAL_CPU); ++} ++ + static const __maybe_unused struct midr_range tx2_family_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), + MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), +@@ -894,9 +900,11 @@ const struct arm64_cpu_capabilities arm6 + }, + #endif + { ++ .desc = "Branch predictor hardening", + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = check_branch_predictor, ++ .cpu_enable = cpu_enable_branch_predictor_hardening, + }, + #ifdef CONFIG_HARDEN_EL2_VECTORS + { diff --git a/queue-5.4/arm64-run-arch_workaround_2-enabling-code-on-all-cpus.patch b/queue-5.4/arm64-run-arch_workaround_2-enabling-code-on-all-cpus.patch new file mode 100644 index 00000000000..46729dbae53 --- /dev/null +++ b/queue-5.4/arm64-run-arch_workaround_2-enabling-code-on-all-cpus.patch @@ -0,0 +1,55 @@ +From 39533e12063be7f55e3d6ae21ffe067799d542a4 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Thu, 16 Jul 2020 17:11:10 +0100 +Subject: arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs + +From: Marc Zyngier + +commit 39533e12063be7f55e3d6ae21ffe067799d542a4 upstream. + +Commit 606f8e7b27bf ("arm64: capabilities: Use linear array for +detection and verification") changed the way we deal with per-CPU errata +by only calling the .matches() callback until one CPU is found to be +affected. At this point, .matches() stop being called, and .cpu_enable() +will be called on all CPUs. + +This breaks the ARCH_WORKAROUND_2 handling, as only a single CPU will be +mitigated. + +In order to address this, forcefully call the .matches() callback from a +.cpu_enable() callback, which brings us back to the original behaviour. + +Fixes: 606f8e7b27bf ("arm64: capabilities: Use linear array for detection and verification") +Cc: +Reviewed-by: Suzuki K Poulose +Signed-off-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/cpu_errata.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -492,6 +492,12 @@ out_printmsg: + return required; + } + ++static void cpu_enable_ssbd_mitigation(const struct arm64_cpu_capabilities *cap) ++{ ++ if (ssbd_state != ARM64_SSBD_FORCE_DISABLE) ++ cap->matches(cap, SCOPE_LOCAL_CPU); ++} ++ + /* known invulnerable cores */ + static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), +@@ -918,6 +924,7 @@ const struct arm64_cpu_capabilities arm6 + .capability = ARM64_SSBD, + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = has_ssbd_mitigation, ++ .cpu_enable = cpu_enable_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, + }, + #ifdef CONFIG_ARM64_ERRATUM_1418040 diff --git a/queue-5.4/series b/queue-5.4/series index 09690eddaa9..9387f0579d9 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -2,3 +2,7 @@ netfilter-nftables_offload-kasan-slab-out-of-bounds-read-in-nft_flow_rule_create socket-don-t-clear-sock_tstamp_new-when-so_timestampns-is-disabled.patch objtool-support-clang-non-section-symbols-in-orc-generation.patch scripts-setlocalversion-make-git-describe-output-more-reliable.patch +arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch +arm64-run-arch_workaround_2-enabling-code-on-all-cpus.patch +arm64-link-with-z-norelro-regardless-of-config_relocatable.patch +x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch diff --git a/queue-5.4/x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch b/queue-5.4/x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch new file mode 100644 index 00000000000..48efc32f5df --- /dev/null +++ b/queue-5.4/x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch @@ -0,0 +1,48 @@ +From 035fff1f7aab43e420e0098f0854470a5286fb83 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Fri, 21 Aug 2020 17:10:27 -0700 +Subject: x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Randy Dunlap + +commit 035fff1f7aab43e420e0098f0854470a5286fb83 upstream. + +Fix build error when CONFIG_ACPI is not set/enabled by adding the header +file which contains a stub for the function in the build +error. + + ../arch/x86/pci/intel_mid_pci.c: In function ‘intel_mid_pci_init’: + ../arch/x86/pci/intel_mid_pci.c:303:2: error: implicit declaration of function ‘acpi_noirq_set’; did you mean ‘acpi_irq_get’? [-Werror=implicit-function-declaration] + acpi_noirq_set(); + +Fixes: a912a7584ec3 ("x86/platform/intel-mid: Move PCI initialization to arch_init()") +Link: https://lore.kernel.org/r/ea903917-e51b-4cc9-2680-bc1e36efa026@infradead.org +Signed-off-by: Randy Dunlap +Signed-off-by: Bjorn Helgaas +Reviewed-by: Andy Shevchenko +Reviewed-by: Jesse Barnes +Acked-by: Thomas Gleixner +Cc: stable@vger.kernel.org # v4.16+ +Cc: Jacob Pan +Cc: Len Brown +Cc: Jesse Barnes +Cc: Arjan van de Ven +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/pci/intel_mid_pci.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/pci/intel_mid_pci.c ++++ b/arch/x86/pci/intel_mid_pci.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + #define PCIE_CAP_OFFSET 0x100 +