From: Greg Kroah-Hartman Date: Tue, 13 Mar 2018 08:13:07 +0000 (+0100) Subject: 4.15-stable patches X-Git-Tag: v4.14.27~25 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8107aff4f4185f7402599fd7601836fab8a5834c;p=thirdparty%2Fkernel%2Fstable-queue.git 4.15-stable patches added patches: objtool-add-module-specific-retpoline-rules.patch objtool-add-retpoline-validation.patch objtool-fix-32-bit-build.patch objtool-fix-another-switch-table-detection-issue.patch objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch objtool-use-existing-global-variables-for-options.patch x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch --- diff --git a/queue-4.15/objtool-add-module-specific-retpoline-rules.patch b/queue-4.15/objtool-add-module-specific-retpoline-rules.patch new file mode 100644 index 00000000000..9661ba0173d --- /dev/null +++ b/queue-4.15/objtool-add-module-specific-retpoline-rules.patch @@ -0,0 +1,94 @@ +From ca41b97ed9124fd62323a162de5852f6e28f94b8 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Wed, 31 Jan 2018 10:18:28 +0100 +Subject: objtool: Add module specific retpoline rules + +From: Peter Zijlstra + +commit ca41b97ed9124fd62323a162de5852f6e28f94b8 upstream. + +David allowed retpolines in .init.text, except for modules, which will +trip up objtool retpoline validation, fix that. + +Requested-by: David Woodhouse +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Linus Torvalds +Cc: Peter Zijlstra +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/Makefile.build | 2 ++ + tools/objtool/builtin-check.c | 3 ++- + tools/objtool/builtin.h | 2 +- + tools/objtool/check.c | 9 +++++++++ + 4 files changed, 14 insertions(+), 2 deletions(-) + +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -256,6 +256,8 @@ __objtool_obj := $(objtree)/tools/objtoo + + objtool_args = $(if $(CONFIG_UNWINDER_ORC),orc generate,check) + ++objtool_args += $(if $(part-of-module), --module,) ++ + ifndef CONFIG_FRAME_POINTER + objtool_args += --no-fp + endif +--- a/tools/objtool/builtin-check.c ++++ b/tools/objtool/builtin-check.c +@@ -29,7 +29,7 @@ + #include "builtin.h" + #include "check.h" + +-bool no_fp, no_unreachable, retpoline; ++bool no_fp, no_unreachable, retpoline, module; + + static const char * const check_usage[] = { + "objtool check [] file.o", +@@ -40,6 +40,7 @@ const struct option check_options[] = { + OPT_BOOLEAN('f', "no-fp", &no_fp, "Skip frame pointer validation"), + OPT_BOOLEAN('u', "no-unreachable", &no_unreachable, "Skip 'unreachable instruction' warnings"), + OPT_BOOLEAN('r', "retpoline", &retpoline, "Validate retpoline assumptions"), ++ OPT_BOOLEAN('m', "module", &module, "Indicates the object will be part of a kernel module"), + OPT_END(), + }; + +--- a/tools/objtool/builtin.h ++++ b/tools/objtool/builtin.h +@@ -20,7 +20,7 @@ + #include + + extern const struct option check_options[]; +-extern bool no_fp, no_unreachable, retpoline; ++extern bool no_fp, no_unreachable, retpoline, module; + + extern int cmd_check(int argc, const char **argv); + extern int cmd_orc(int argc, const char **argv); +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -1957,6 +1957,15 @@ static int validate_retpoline(struct obj + if (insn->retpoline_safe) + continue; + ++ /* ++ * .init.text code is ran before userspace and thus doesn't ++ * strictly need retpolines, except for modules which are ++ * loaded late, they very much do need retpoline in their ++ * .init.text ++ */ ++ if (!strcmp(insn->sec->name, ".init.text") && !module) ++ continue; ++ + WARN_FUNC("indirect %s found in RETPOLINE build", + insn->sec, insn->offset, + insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); diff --git a/queue-4.15/objtool-add-retpoline-validation.patch b/queue-4.15/objtool-add-retpoline-validation.patch new file mode 100644 index 00000000000..8083bbbaa9f --- /dev/null +++ b/queue-4.15/objtool-add-retpoline-validation.patch @@ -0,0 +1,223 @@ +From b5bc2231b8ad4387c9641f235ca0ad8cd300b6df Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Tue, 16 Jan 2018 10:24:06 +0100 +Subject: objtool: Add retpoline validation + +From: Peter Zijlstra + +commit b5bc2231b8ad4387c9641f235ca0ad8cd300b6df upstream. + +David requested a objtool validation pass for CONFIG_RETPOLINE=y enabled +builds, where it validates no unannotated indirect jumps or calls are +left. + +Add an additional .discard.retpoline_safe section to allow annotating +the few indirect sites that are required and safe. + +Requested-by: David Woodhouse +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: David Woodhouse +Acked-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: Greg Kroah-Hartman +Cc: Linus Torvalds +Cc: Peter Zijlstra +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/Makefile.build | 4 + + tools/objtool/builtin-check.c | 3 - + tools/objtool/builtin.h | 2 + tools/objtool/check.c | 86 +++++++++++++++++++++++++++++++++++++++++- + tools/objtool/check.h | 1 + 5 files changed, 93 insertions(+), 3 deletions(-) + +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -264,6 +264,10 @@ objtool_args += --no-unreachable + else + objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) + endif ++ifdef CONFIG_RETPOLINE ++ objtool_args += --retpoline ++endif ++ + + ifdef CONFIG_MODVERSIONS + objtool_o = $(@D)/.tmp_$(@F) +--- a/tools/objtool/builtin-check.c ++++ b/tools/objtool/builtin-check.c +@@ -29,7 +29,7 @@ + #include "builtin.h" + #include "check.h" + +-bool no_fp, no_unreachable; ++bool no_fp, no_unreachable, retpoline; + + static const char * const check_usage[] = { + "objtool check [] file.o", +@@ -39,6 +39,7 @@ static const char * const check_usage[] + const struct option check_options[] = { + OPT_BOOLEAN('f', "no-fp", &no_fp, "Skip frame pointer validation"), + OPT_BOOLEAN('u', "no-unreachable", &no_unreachable, "Skip 'unreachable instruction' warnings"), ++ OPT_BOOLEAN('r', "retpoline", &retpoline, "Validate retpoline assumptions"), + OPT_END(), + }; + +--- a/tools/objtool/builtin.h ++++ b/tools/objtool/builtin.h +@@ -20,7 +20,7 @@ + #include + + extern const struct option check_options[]; +-extern bool no_fp, no_unreachable; ++extern bool no_fp, no_unreachable, retpoline; + + extern int cmd_check(int argc, const char **argv); + extern int cmd_orc(int argc, const char **argv); +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -496,6 +496,7 @@ static int add_jump_destinations(struct + * disguise, so convert them accordingly. + */ + insn->type = INSN_JUMP_DYNAMIC; ++ insn->retpoline_safe = true; + continue; + } else { + /* sibling call */ +@@ -547,7 +548,8 @@ static int add_call_destinations(struct + if (!insn->call_dest && !insn->ignore) { + WARN_FUNC("unsupported intra-function call", + insn->sec, insn->offset); +- WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); ++ if (retpoline) ++ WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); + return -1; + } + +@@ -1107,6 +1109,54 @@ static int read_unwind_hints(struct objt + return 0; + } + ++static int read_retpoline_hints(struct objtool_file *file) ++{ ++ struct section *sec, *relasec; ++ struct instruction *insn; ++ struct rela *rela; ++ int i; ++ ++ sec = find_section_by_name(file->elf, ".discard.retpoline_safe"); ++ if (!sec) ++ return 0; ++ ++ relasec = sec->rela; ++ if (!relasec) { ++ WARN("missing .rela.discard.retpoline_safe section"); ++ return -1; ++ } ++ ++ if (sec->len % sizeof(unsigned long)) { ++ WARN("retpoline_safe size mismatch: %d %ld", sec->len, sizeof(unsigned long)); ++ return -1; ++ } ++ ++ for (i = 0; i < sec->len / sizeof(unsigned long); i++) { ++ rela = find_rela_by_dest(sec, i * sizeof(unsigned long)); ++ if (!rela) { ++ WARN("can't find rela for retpoline_safe[%d]", i); ++ return -1; ++ } ++ ++ insn = find_insn(file, rela->sym->sec, rela->addend); ++ if (!insn) { ++ WARN("can't find insn for retpoline_safe[%d]", i); ++ return -1; ++ } ++ ++ if (insn->type != INSN_JUMP_DYNAMIC && ++ insn->type != INSN_CALL_DYNAMIC) { ++ WARN_FUNC("retpoline_safe hint not a indirect jump/call", ++ insn->sec, insn->offset); ++ return -1; ++ } ++ ++ insn->retpoline_safe = true; ++ } ++ ++ return 0; ++} ++ + static int decode_sections(struct objtool_file *file) + { + int ret; +@@ -1145,6 +1195,10 @@ static int decode_sections(struct objtoo + if (ret) + return ret; + ++ ret = read_retpoline_hints(file); ++ if (ret) ++ return ret; ++ + return 0; + } + +@@ -1890,6 +1944,29 @@ static int validate_unwind_hints(struct + return warnings; + } + ++static int validate_retpoline(struct objtool_file *file) ++{ ++ struct instruction *insn; ++ int warnings = 0; ++ ++ for_each_insn(file, insn) { ++ if (insn->type != INSN_JUMP_DYNAMIC && ++ insn->type != INSN_CALL_DYNAMIC) ++ continue; ++ ++ if (insn->retpoline_safe) ++ continue; ++ ++ WARN_FUNC("indirect %s found in RETPOLINE build", ++ insn->sec, insn->offset, ++ insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); ++ ++ warnings++; ++ } ++ ++ return warnings; ++} ++ + static bool is_kasan_insn(struct instruction *insn) + { + return (insn->type == INSN_CALL && +@@ -2050,6 +2127,13 @@ int check(const char *_objname, bool orc + if (list_empty(&file.insn_list)) + goto out; + ++ if (retpoline) { ++ ret = validate_retpoline(&file); ++ if (ret < 0) ++ return ret; ++ warnings += ret; ++ } ++ + ret = validate_functions(&file); + if (ret < 0) + goto out; +--- a/tools/objtool/check.h ++++ b/tools/objtool/check.h +@@ -45,6 +45,7 @@ struct instruction { + unsigned char type; + unsigned long immediate; + bool alt_group, visited, dead_end, ignore, hint, save, restore, ignore_alts; ++ bool retpoline_safe; + struct symbol *call_dest; + struct instruction *jump_dest; + struct instruction *first_jump_src; diff --git a/queue-4.15/objtool-fix-32-bit-build.patch b/queue-4.15/objtool-fix-32-bit-build.patch new file mode 100644 index 00000000000..1a10547ec0a --- /dev/null +++ b/queue-4.15/objtool-fix-32-bit-build.patch @@ -0,0 +1,80 @@ +From 63474dc4ac7ed3848a4786b9592dd061901f606d Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Tue, 6 Mar 2018 17:58:15 -0600 +Subject: objtool: Fix 32-bit build + +From: Josh Poimboeuf + +commit 63474dc4ac7ed3848a4786b9592dd061901f606d upstream. + +Fix the objtool build when cross-compiling a 64-bit kernel on a 32-bit +host. This also simplifies read_retpoline_hints() a bit and makes its +implementation similar to most of the other annotation reading +functions. + +Reported-by: Sven Joachim +Signed-off-by: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: b5bc2231b8ad ("objtool: Add retpoline validation") +Link: http://lkml.kernel.org/r/2ca46c636c23aa9c9d57d53c75de4ee3ddf7a7df.1520380691.git.jpoimboe@redhat.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + tools/objtool/check.c | 27 +++++++-------------------- + 1 file changed, 7 insertions(+), 20 deletions(-) + +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -1115,42 +1115,29 @@ static int read_unwind_hints(struct objt + + static int read_retpoline_hints(struct objtool_file *file) + { +- struct section *sec, *relasec; ++ struct section *sec; + struct instruction *insn; + struct rela *rela; +- int i; + +- sec = find_section_by_name(file->elf, ".discard.retpoline_safe"); ++ sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); + if (!sec) + return 0; + +- relasec = sec->rela; +- if (!relasec) { +- WARN("missing .rela.discard.retpoline_safe section"); +- return -1; +- } +- +- if (sec->len % sizeof(unsigned long)) { +- WARN("retpoline_safe size mismatch: %d %ld", sec->len, sizeof(unsigned long)); +- return -1; +- } +- +- for (i = 0; i < sec->len / sizeof(unsigned long); i++) { +- rela = find_rela_by_dest(sec, i * sizeof(unsigned long)); +- if (!rela) { +- WARN("can't find rela for retpoline_safe[%d]", i); ++ list_for_each_entry(rela, &sec->rela_list, list) { ++ if (rela->sym->type != STT_SECTION) { ++ WARN("unexpected relocation symbol type in %s", sec->name); + return -1; + } + + insn = find_insn(file, rela->sym->sec, rela->addend); + if (!insn) { +- WARN("can't find insn for retpoline_safe[%d]", i); ++ WARN("bad .discard.retpoline_safe entry"); + return -1; + } + + if (insn->type != INSN_JUMP_DYNAMIC && + insn->type != INSN_CALL_DYNAMIC) { +- WARN_FUNC("retpoline_safe hint not a indirect jump/call", ++ WARN_FUNC("retpoline_safe hint not an indirect jump/call", + insn->sec, insn->offset); + return -1; + } diff --git a/queue-4.15/objtool-fix-another-switch-table-detection-issue.patch b/queue-4.15/objtool-fix-another-switch-table-detection-issue.patch new file mode 100644 index 00000000000..975521f061a --- /dev/null +++ b/queue-4.15/objtool-fix-another-switch-table-detection-issue.patch @@ -0,0 +1,44 @@ +From 1402fd8ed7e5bda1b3e7613b70780b0db392d1e6 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Wed, 28 Feb 2018 07:19:21 -0600 +Subject: objtool: Fix another switch table detection issue + +From: Josh Poimboeuf + +commit 1402fd8ed7e5bda1b3e7613b70780b0db392d1e6 upstream. + +Continue the switch table detection whack-a-mole. Add a check to +distinguish KASAN data reads from switch data reads. The switch jump +tables in .rodata have relocations associated with them. + +This fixes the following warning: + + crypto/asymmetric_keys/x509_cert_parser.o: warning: objtool: x509_note_pkey_algo()+0xa4: sibling call from callable instruction with modified stack frame + +Reported-by: Arnd Bergmann +Signed-off-by: Josh Poimboeuf +Signed-off-by: Thomas Gleixner +Tested-by: Arnd Bergmann +Cc: Peter Zijlstra +Link: https://lkml.kernel.org/r/d7c8853022ad47d158cb81e953a40469fc08a95e.1519784382.git.jpoimboe@redhat.com +Signed-off-by: Greg Kroah-Hartman + +--- + tools/objtool/check.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -924,7 +924,11 @@ static struct rela *find_switch_table(st + if (find_symbol_containing(file->rodata, text_rela->addend)) + continue; + +- return find_rela_by_dest(file->rodata, text_rela->addend); ++ rodata_rela = find_rela_by_dest(file->rodata, text_rela->addend); ++ if (!rodata_rela) ++ continue; ++ ++ return rodata_rela; + } + + return NULL; diff --git a/queue-4.15/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch b/queue-4.15/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch new file mode 100644 index 00000000000..a09e57b1b94 --- /dev/null +++ b/queue-4.15/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch @@ -0,0 +1,91 @@ +From d5028ba8ee5a18c9d0bb926d883c28b370f89009 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Tue, 6 Feb 2018 09:46:13 +0100 +Subject: objtool, retpolines: Integrate objtool with retpoline support more closely + +From: Peter Zijlstra + +commit d5028ba8ee5a18c9d0bb926d883c28b370f89009 upstream. + +Disable retpoline validation in objtool if your compiler sucks, and otherwise +select the validation stuff for CONFIG_RETPOLINE=y (most builds would already +have it set due to ORC). + +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Thomas Gleixner +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + Makefile | 5 +++++ + arch/x86/Kconfig | 1 + + arch/x86/Makefile | 10 +++------- + scripts/Makefile.build | 2 ++ + 4 files changed, 11 insertions(+), 7 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -487,6 +487,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG + KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) + endif + ++RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register ++RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk ++RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) ++export RETPOLINE_CFLAGS ++ + ifeq ($(config-targets),1) + # =========================================================================== + # *config targets only - make sure prerequisites are updated, and descend +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -432,6 +432,7 @@ config GOLDFISH + config RETPOLINE + bool "Avoid speculative indirect branches in kernel" + default y ++ select STACK_VALIDATION if HAVE_STACK_VALIDATION + help + Compile kernel with the retpoline compiler options to guard against + kernel-to-user data leaks by avoiding speculative indirect +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -232,13 +232,9 @@ KBUILD_CFLAGS += -fno-asynchronous-unwin + + # Avoid indirect branches in kernel to deal with Spectre + ifdef CONFIG_RETPOLINE +- RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +- RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +- +- RETPOLINE_CFLAGS += $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +- ifneq ($(RETPOLINE_CFLAGS),) +- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE +- endif ++ifneq ($(RETPOLINE_CFLAGS),) ++ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE ++endif + endif + + archscripts: scripts_basic +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -267,8 +267,10 @@ else + objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) + endif + ifdef CONFIG_RETPOLINE ++ifneq ($(RETPOLINE_CFLAGS),) + objtool_args += --retpoline + endif ++endif + + + ifdef CONFIG_MODVERSIONS diff --git a/queue-4.15/objtool-use-existing-global-variables-for-options.patch b/queue-4.15/objtool-use-existing-global-variables-for-options.patch new file mode 100644 index 00000000000..009fb8dd6b1 --- /dev/null +++ b/queue-4.15/objtool-use-existing-global-variables-for-options.patch @@ -0,0 +1,131 @@ +From 43a4525f80534530077683f6472d8971646b0ace Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Tue, 16 Jan 2018 17:16:32 +0100 +Subject: objtool: Use existing global variables for options + +From: Peter Zijlstra + +commit 43a4525f80534530077683f6472d8971646b0ace upstream. + +Use the existing global variables instead of passing them around and +creating duplicate global variables. + +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Linus Torvalds +Cc: Peter Zijlstra +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + tools/objtool/builtin-check.c | 2 +- + tools/objtool/builtin-orc.c | 6 +----- + tools/objtool/builtin.h | 5 +++++ + tools/objtool/check.c | 5 ++--- + tools/objtool/check.h | 2 +- + 5 files changed, 10 insertions(+), 10 deletions(-) + +--- a/tools/objtool/builtin-check.c ++++ b/tools/objtool/builtin-check.c +@@ -53,5 +53,5 @@ int cmd_check(int argc, const char **arg + + objname = argv[0]; + +- return check(objname, no_fp, no_unreachable, false); ++ return check(objname, false); + } +--- a/tools/objtool/builtin-orc.c ++++ b/tools/objtool/builtin-orc.c +@@ -25,7 +25,6 @@ + */ + + #include +-#include + #include "builtin.h" + #include "check.h" + +@@ -36,9 +35,6 @@ static const char *orc_usage[] = { + NULL, + }; + +-extern const struct option check_options[]; +-extern bool no_fp, no_unreachable; +- + int cmd_orc(int argc, const char **argv) + { + const char *objname; +@@ -54,7 +50,7 @@ int cmd_orc(int argc, const char **argv) + + objname = argv[0]; + +- return check(objname, no_fp, no_unreachable, true); ++ return check(objname, true); + } + + if (!strcmp(argv[0], "dump")) { +--- a/tools/objtool/builtin.h ++++ b/tools/objtool/builtin.h +@@ -17,6 +17,11 @@ + #ifndef _BUILTIN_H + #define _BUILTIN_H + ++#include ++ ++extern const struct option check_options[]; ++extern bool no_fp, no_unreachable; ++ + extern int cmd_check(int argc, const char **argv); + extern int cmd_orc(int argc, const char **argv); + +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -18,6 +18,7 @@ + #include + #include + ++#include "builtin.h" + #include "check.h" + #include "elf.h" + #include "special.h" +@@ -33,7 +34,6 @@ struct alternative { + }; + + const char *objname; +-static bool no_fp; + struct cfi_state initial_func_cfi; + + struct instruction *find_insn(struct objtool_file *file, +@@ -2021,13 +2021,12 @@ static void cleanup(struct objtool_file + elf_close(file->elf); + } + +-int check(const char *_objname, bool _no_fp, bool no_unreachable, bool orc) ++int check(const char *_objname, bool orc) + { + struct objtool_file file; + int ret, warnings = 0; + + objname = _objname; +- no_fp = _no_fp; + + file.elf = elf_open(objname, orc ? O_RDWR : O_RDONLY); + if (!file.elf) +--- a/tools/objtool/check.h ++++ b/tools/objtool/check.h +@@ -63,7 +63,7 @@ struct objtool_file { + bool ignore_unreachables, c_file, hints; + }; + +-int check(const char *objname, bool no_fp, bool no_unreachable, bool orc); ++int check(const char *objname, bool orc); + + struct instruction *find_insn(struct objtool_file *file, + struct section *sec, unsigned long offset); diff --git a/queue-4.15/series b/queue-4.15/series index 5612a599c92..83c819c4fa8 100644 --- a/queue-4.15/series +++ b/queue-4.15/series @@ -94,3 +94,10 @@ x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch x86-paravirt-objtool-annotate-indirect-calls.patch x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch +objtool-use-existing-global-variables-for-options.patch +objtool-add-retpoline-validation.patch +objtool-add-module-specific-retpoline-rules.patch +objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch +objtool-fix-another-switch-table-detection-issue.patch +objtool-fix-32-bit-build.patch +x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch diff --git a/queue-4.15/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch b/queue-4.15/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch new file mode 100644 index 00000000000..d416e7b6357 --- /dev/null +++ b/queue-4.15/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch @@ -0,0 +1,96 @@ +From c07a8f8b08ba683ea24f3ac9159f37ae94daf47f Mon Sep 17 00:00:00 2001 +From: Francis Deslauriers +Date: Thu, 8 Mar 2018 22:18:12 -0500 +Subject: x86/kprobes: Fix kernel crash when probing .entry_trampoline code + +From: Francis Deslauriers + +commit c07a8f8b08ba683ea24f3ac9159f37ae94daf47f upstream. + +Disable the kprobe probing of the entry trampoline: + +.entry_trampoline is a code area that is used to ensure page table +isolation between userspace and kernelspace. + +At the beginning of the execution of the trampoline, we load the +kernel's CR3 register. This has the effect of enabling the translation +of the kernel virtual addresses to physical addresses. Before this +happens most kernel addresses can not be translated because the running +process' CR3 is still used. + +If a kprobe is placed on the trampoline code before that change of the +CR3 register happens the kernel crashes because int3 handling pages are +not accessible. + +To fix this, add the .entry_trampoline section to the kprobe blacklist +to prohibit the probing of code before all the kernel pages are +accessible. + +Signed-off-by: Francis Deslauriers +Reviewed-by: Thomas Gleixner +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: mathieu.desnoyers@efficios.com +Cc: mhiramat@kernel.org +Link: http://lkml.kernel.org/r/1520565492-4637-2-git-send-email-francis.deslauriers@efficios.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/sections.h | 1 + + arch/x86/kernel/kprobes/core.c | 10 +++++++++- + arch/x86/kernel/vmlinux.lds.S | 2 ++ + 3 files changed, 12 insertions(+), 1 deletion(-) + +--- a/arch/x86/include/asm/sections.h ++++ b/arch/x86/include/asm/sections.h +@@ -10,6 +10,7 @@ extern struct exception_table_entry __st + + #if defined(CONFIG_X86_64) + extern char __end_rodata_hpage_align[]; ++extern char __entry_trampoline_start[], __entry_trampoline_end[]; + #endif + + #endif /* _ASM_X86_SECTIONS_H */ +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -1168,10 +1168,18 @@ NOKPROBE_SYMBOL(longjmp_break_handler); + + bool arch_within_kprobe_blacklist(unsigned long addr) + { ++ bool is_in_entry_trampoline_section = false; ++ ++#ifdef CONFIG_X86_64 ++ is_in_entry_trampoline_section = ++ (addr >= (unsigned long)__entry_trampoline_start && ++ addr < (unsigned long)__entry_trampoline_end); ++#endif + return (addr >= (unsigned long)__kprobes_text_start && + addr < (unsigned long)__kprobes_text_end) || + (addr >= (unsigned long)__entry_text_start && +- addr < (unsigned long)__entry_text_end); ++ addr < (unsigned long)__entry_text_end) || ++ is_in_entry_trampoline_section; + } + + int __init arch_init_kprobes(void) +--- a/arch/x86/kernel/vmlinux.lds.S ++++ b/arch/x86/kernel/vmlinux.lds.S +@@ -118,9 +118,11 @@ SECTIONS + + #ifdef CONFIG_X86_64 + . = ALIGN(PAGE_SIZE); ++ VMLINUX_SYMBOL(__entry_trampoline_start) = .; + _entry_trampoline = .; + *(.entry_trampoline) + . = ALIGN(PAGE_SIZE); ++ VMLINUX_SYMBOL(__entry_trampoline_end) = .; + ASSERT(. - _entry_trampoline == PAGE_SIZE, "entry trampoline is too big"); + #endif +