From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 29 Oct 2020 13:03:25 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v4.19.154~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6302fa4ffc095f1e0e69872bf3a8db1a5da53def;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	arm64-link-with-z-norelro-regardless-of-config_relocatable.patch
	arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch
	x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch
---

diff --git a/queue-4.19/arm64-link-with-z-norelro-regardless-of-config_relocatable.patch b/queue-4.19/arm64-link-with-z-norelro-regardless-of-config_relocatable.patch
new file mode 100644
index 00000000000..115c5cb98be
--- /dev/null
+++ b/queue-4.19/arm64-link-with-z-norelro-regardless-of-config_relocatable.patch
@@ -0,0 +1,49 @@
+From 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 Mon Sep 17 00:00:00 2001
+From: Nick Desaulniers <ndesaulniers@google.com>
+Date: Fri, 16 Oct 2020 10:53:39 -0700
+Subject: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
+
+From: Nick Desaulniers <ndesaulniers@google.com>
+
+commit 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 upstream.
+
+With CONFIG_EXPERT=y, CONFIG_KASAN=y, CONFIG_RANDOMIZE_BASE=n,
+CONFIG_RELOCATABLE=n, we observe the following failure when trying to
+link the kernel image with LD=ld.lld:
+
+error: section: .exit.data is not contiguous with other relro sections
+
+ld.lld defaults to -z relro while ld.bfd defaults to -z norelro. This
+was previously fixed, but only for CONFIG_RELOCATABLE=y.
+
+Fixes: 3bbd3db86470 ("arm64: relocatable: fix inconsistencies in linker script and options")
+Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201016175339.2429280-1-ndesaulniers@google.com
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Makefile |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/Makefile
++++ b/arch/arm64/Makefile
+@@ -10,7 +10,7 @@
+ #
+ # Copyright (C) 1995-2001 by Russell King
+ 
+-LDFLAGS_vmlinux	:=--no-undefined -X
++LDFLAGS_vmlinux	:=--no-undefined -X -z norelro
+ CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET)
+ GZFLAGS		:=-9
+ 
+@@ -18,7 +18,7 @@ ifeq ($(CONFIG_RELOCATABLE), y)
+ # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour
+ # for relative relocs, since this leads to better Image compression
+ # with the relocation offsets always being zero.
+-LDFLAGS_vmlinux		+= -shared -Bsymbolic -z notext -z norelro \
++LDFLAGS_vmlinux		+= -shared -Bsymbolic -z notext \
+ 			$(call ld-option, --no-apply-dynamic-relocs)
+ endif
+ 
diff --git a/queue-4.19/arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch b/queue-4.19/arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch
new file mode 100644
index 00000000000..63412c70d81
--- /dev/null
+++ b/queue-4.19/arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch
@@ -0,0 +1,57 @@
+From 18fce56134c987e5b4eceddafdbe4b00c07e2ae1 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Thu, 16 Jul 2020 17:11:09 +0100
+Subject: arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 18fce56134c987e5b4eceddafdbe4b00c07e2ae1 upstream.
+
+Commit 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack
+thereof") changed the way we deal with ARCH_WORKAROUND_1, by moving most
+of the enabling code to the .matches() callback.
+
+This has the unfortunate effect that the workaround gets only enabled on
+the first affected CPU, and no other.
+
+In order to address this, forcefully call the .matches() callback from a
+.cpu_enable() callback, which brings us back to the original behaviour.
+
+Fixes: 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack thereof")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/cpu_errata.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -619,6 +619,12 @@ check_branch_predictor(const struct arm6
+ 	return (need_wa > 0);
+ }
+ 
++static void
++cpu_enable_branch_predictor_hardening(const struct arm64_cpu_capabilities *cap)
++{
++	cap->matches(cap, SCOPE_LOCAL_CPU);
++}
++
+ static const __maybe_unused struct midr_range tx2_family_cpus[] = {
+ 	MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN),
+ 	MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2),
+@@ -813,9 +819,11 @@ const struct arm64_cpu_capabilities arm6
+ 	},
+ #endif
+ 	{
++		.desc = "Branch predictor hardening",
+ 		.capability = ARM64_HARDEN_BRANCH_PREDICTOR,
+ 		.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
+ 		.matches = check_branch_predictor,
++		.cpu_enable = cpu_enable_branch_predictor_hardening,
+ 	},
+ #ifdef CONFIG_HARDEN_EL2_VECTORS
+ 	{
diff --git a/queue-4.19/series b/queue-4.19/series
index bb609552f62..c5e30df85e4 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -1,2 +1,5 @@
 objtool-support-clang-non-section-symbols-in-orc-generation.patch
 scripts-setlocalversion-make-git-describe-output-more-reliable.patch
+arm64-run-arch_workaround_1-enabling-code-on-all-cpus.patch
+arm64-link-with-z-norelro-regardless-of-config_relocatable.patch
+x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch
diff --git a/queue-4.19/x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch b/queue-4.19/x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch
new file mode 100644
index 00000000000..48efc32f5df
--- /dev/null
+++ b/queue-4.19/x86-pci-fix-intel_mid_pci.c-build-error-when-acpi-is-not-enabled.patch
@@ -0,0 +1,48 @@
+From 035fff1f7aab43e420e0098f0854470a5286fb83 Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Fri, 21 Aug 2020 17:10:27 -0700
+Subject: x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit 035fff1f7aab43e420e0098f0854470a5286fb83 upstream.
+
+Fix build error when CONFIG_ACPI is not set/enabled by adding the header
+file <asm/acpi.h> which contains a stub for the function in the build
+error.
+
+    ../arch/x86/pci/intel_mid_pci.c: In function âintel_mid_pci_initâ:
+    ../arch/x86/pci/intel_mid_pci.c:303:2: error: implicit declaration of function âacpi_noirq_setâ; did you mean âacpi_irq_getâ? [-Werror=implicit-function-declaration]
+      acpi_noirq_set();
+
+Fixes: a912a7584ec3 ("x86/platform/intel-mid: Move PCI initialization to arch_init()")
+Link: https://lore.kernel.org/r/ea903917-e51b-4cc9-2680-bc1e36efa026@infradead.org
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Reviewed-by: Jesse Barnes <jsbarnes@google.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org	# v4.16+
+Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
+Cc: Len Brown <lenb@kernel.org>
+Cc: Jesse Barnes <jsbarnes@google.com>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/pci/intel_mid_pci.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/pci/intel_mid_pci.c
++++ b/arch/x86/pci/intel_mid_pci.c
+@@ -33,6 +33,7 @@
+ #include <asm/hw_irq.h>
+ #include <asm/io_apic.h>
+ #include <asm/intel-mid.h>
++#include <asm/acpi.h>
+ 
+ #define PCIE_CAP_OFFSET	0x100
+