From: Sasha Levin Date: Mon, 16 Aug 2021 02:27:21 +0000 (-0400) Subject: Fixes for 5.10 X-Git-Tag: v5.4.142~44 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8e0afb7438b9d01899080693cf5264957d480b07;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.10 Signed-off-by: Sasha Levin --- diff --git a/queue-5.10/arm64-efi-kaslr-fix-occasional-random-alloc-and-boot.patch b/queue-5.10/arm64-efi-kaslr-fix-occasional-random-alloc-and-boot.patch new file mode 100644 index 00000000000..8fc0a93a47c --- /dev/null +++ b/queue-5.10/arm64-efi-kaslr-fix-occasional-random-alloc-and-boot.patch @@ -0,0 +1,50 @@ +From fc510eb0a12c3b6ae622099b0e818eb5e9dfef48 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Jul 2021 21:14:05 +1000 +Subject: arm64: efi: kaslr: Fix occasional random alloc (and boot) failure + +From: Benjamin Herrenschmidt + +[ Upstream commit 4152433c397697acc4b02c4a10d17d5859c2730d ] + +The EFI stub random allocator used for kaslr on arm64 has a subtle +bug. In function get_entry_num_slots() which counts the number of +possible allocation "slots" for the image in a given chunk of free +EFI memory, "last_slot" can become negative if the chunk is smaller +than the requested allocation size. + +The test "if (first_slot > last_slot)" doesn't catch it because +both first_slot and last_slot are unsigned. + +I chose not to make them signed to avoid problems if this is ever +used on architectures where there are meaningful addresses with the +top bit set. Instead, fix it with an additional test against the +allocation size. + +This can cause a boot failure in addition to a loss of randomisation +due to another bug in the arm64 stub fixed separately. + +Signed-off-by: Benjamin Herrenschmidt +Fixes: 2ddbfc81eac8 ("efi: stub: add implementation of efi_random_alloc()") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/libstub/randomalloc.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c +index a408df474d83..724155b9e10d 100644 +--- a/drivers/firmware/efi/libstub/randomalloc.c ++++ b/drivers/firmware/efi/libstub/randomalloc.c +@@ -30,6 +30,8 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, + + region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, + (u64)ULONG_MAX); ++ if (region_end < size) ++ return 0; + + first_slot = round_up(md->phys_addr, align); + last_slot = round_down(region_end - size + 1, align); +-- +2.30.2 + diff --git a/queue-5.10/efi-libstub-arm64-force-image-reallocation-if-bss-wa.patch b/queue-5.10/efi-libstub-arm64-force-image-reallocation-if-bss-wa.patch new file mode 100644 index 00000000000..aa5020adb5f --- /dev/null +++ b/queue-5.10/efi-libstub-arm64-force-image-reallocation-if-bss-wa.patch @@ -0,0 +1,101 @@ +From 633fa30e33d887b7f48ac79cec55e70c377b2ace Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 26 Jul 2021 11:38:41 +0200 +Subject: efi/libstub: arm64: Force Image reallocation if BSS was not reserved + +From: Ard Biesheuvel + +[ Upstream commit 5b94046efb4706b3429c9c8e7377bd8d1621d588 ] + +Distro versions of GRUB replace the usual LoadImage/StartImage calls +used to load the kernel image with some local code that fails to honor +the allocation requirements described in the PE/COFF header, as it +does not account for the image's BSS section at all: it fails to +allocate space for it, and fails to zero initialize it. + +Since the EFI stub itself is allocated in the .init segment, which is +in the middle of the image, its BSS section is not impacted by this, +and the main consequence of this omission is that the BSS section may +overlap with memory regions that are already used by the firmware. + +So let's warn about this condition, and force image reallocation to +occur in this case, which works around the problem. + +Fixes: 82046702e288 ("efi/libstub/arm64: Replace 'preferred' offset with alignment check") +Signed-off-by: Ard Biesheuvel +Tested-by: Benjamin Herrenschmidt +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/libstub/arm64-stub.c | 49 ++++++++++++++++++++++- + 1 file changed, 48 insertions(+), 1 deletion(-) + +diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c +index 22ece1ad68a8..3dc54b9db054 100644 +--- a/drivers/firmware/efi/libstub/arm64-stub.c ++++ b/drivers/firmware/efi/libstub/arm64-stub.c +@@ -34,6 +34,51 @@ efi_status_t check_platform_features(void) + return EFI_SUCCESS; + } + ++/* ++ * Distro versions of GRUB may ignore the BSS allocation entirely (i.e., fail ++ * to provide space, and fail to zero it). Check for this condition by double ++ * checking that the first and the last byte of the image are covered by the ++ * same EFI memory map entry. ++ */ ++static bool check_image_region(u64 base, u64 size) ++{ ++ unsigned long map_size, desc_size, buff_size; ++ efi_memory_desc_t *memory_map; ++ struct efi_boot_memmap map; ++ efi_status_t status; ++ bool ret = false; ++ int map_offset; ++ ++ map.map = &memory_map; ++ map.map_size = &map_size; ++ map.desc_size = &desc_size; ++ map.desc_ver = NULL; ++ map.key_ptr = NULL; ++ map.buff_size = &buff_size; ++ ++ status = efi_get_memory_map(&map); ++ if (status != EFI_SUCCESS) ++ return false; ++ ++ for (map_offset = 0; map_offset < map_size; map_offset += desc_size) { ++ efi_memory_desc_t *md = (void *)memory_map + map_offset; ++ u64 end = md->phys_addr + md->num_pages * EFI_PAGE_SIZE; ++ ++ /* ++ * Find the region that covers base, and return whether ++ * it covers base+size bytes. ++ */ ++ if (base >= md->phys_addr && base < end) { ++ ret = (base + size) <= end; ++ break; ++ } ++ } ++ ++ efi_bs_call(free_pool, memory_map); ++ ++ return ret; ++} ++ + /* + * Although relocatable kernels can fix up the misalignment with respect to + * MIN_KIMG_ALIGN, the resulting virtual text addresses are subtly out of +@@ -92,7 +137,9 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, + } + + if (status != EFI_SUCCESS) { +- if (IS_ALIGNED((u64)_text, min_kimg_align())) { ++ if (!check_image_region((u64)_text, kernel_memsize)) { ++ efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n"); ++ } else if (IS_ALIGNED((u64)_text, min_kimg_align())) { + /* + * Just execute from wherever we were loaded by the + * UEFI PE/COFF loader if the alignment is suitable. +-- +2.30.2 + diff --git a/queue-5.10/efi-libstub-arm64-relax-2m-alignment-again-for-reloc.patch b/queue-5.10/efi-libstub-arm64-relax-2m-alignment-again-for-reloc.patch new file mode 100644 index 00000000000..a6d1780a763 --- /dev/null +++ b/queue-5.10/efi-libstub-arm64-relax-2m-alignment-again-for-reloc.patch @@ -0,0 +1,103 @@ +From e516579656b5ccd4c7d17c3eff41722c308ff615 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 22 Jul 2021 12:10:31 +0200 +Subject: efi/libstub: arm64: Relax 2M alignment again for relocatable kernels + +From: Ard Biesheuvel + +[ Upstream commit 3a262423755b83a5f85009ace415d6e7f572dfe8 ] + +Commit 82046702e288 ("efi/libstub/arm64: Replace 'preferred' offset with +alignment check") simplified the way the stub moves the kernel image +around in memory before booting it, given that a relocatable image does +not need to be copied to a 2M aligned offset if it was loaded on a 64k +boundary by EFI. + +Commit d32de9130f6c ("efi/arm64: libstub: Deal gracefully with +EFI_RNG_PROTOCOL failure") inadvertently defeated this logic by +overriding the value of efi_nokaslr if EFI_RNG_PROTOCOL is not +available, which was mistaken by the loader logic as an explicit request +on the part of the user to disable KASLR and any associated relocation +of an Image not loaded on a 2M boundary. + +So let's reinstate this functionality, by capturing the value of +efi_nokaslr at function entry to choose the minimum alignment. + +Fixes: d32de9130f6c ("efi/arm64: libstub: Deal gracefully with EFI_RNG_PROTOCOL failure") +Signed-off-by: Ard Biesheuvel +Tested-by: Benjamin Herrenschmidt +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/libstub/arm64-stub.c | 28 +++++++++++------------ + 1 file changed, 13 insertions(+), 15 deletions(-) + +diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c +index 3dc54b9db054..881e157fdedc 100644 +--- a/drivers/firmware/efi/libstub/arm64-stub.c ++++ b/drivers/firmware/efi/libstub/arm64-stub.c +@@ -79,18 +79,6 @@ static bool check_image_region(u64 base, u64 size) + return ret; + } + +-/* +- * Although relocatable kernels can fix up the misalignment with respect to +- * MIN_KIMG_ALIGN, the resulting virtual text addresses are subtly out of +- * sync with those recorded in the vmlinux when kaslr is disabled but the +- * image required relocation anyway. Therefore retain 2M alignment unless +- * KASLR is in use. +- */ +-static u64 min_kimg_align(void) +-{ +- return efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN; +-} +- + efi_status_t handle_kernel_image(unsigned long *image_addr, + unsigned long *image_size, + unsigned long *reserve_addr, +@@ -101,6 +89,16 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, + unsigned long kernel_size, kernel_memsize = 0; + u32 phys_seed = 0; + ++ /* ++ * Although relocatable kernels can fix up the misalignment with ++ * respect to MIN_KIMG_ALIGN, the resulting virtual text addresses are ++ * subtly out of sync with those recorded in the vmlinux when kaslr is ++ * disabled but the image required relocation anyway. Therefore retain ++ * 2M alignment if KASLR was explicitly disabled, even if it was not ++ * going to be activated to begin with. ++ */ ++ u64 min_kimg_align = efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN; ++ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { + if (!efi_nokaslr) { + status = efi_get_random_bytes(sizeof(phys_seed), +@@ -130,7 +128,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, + * If KASLR is enabled, and we have some randomness available, + * locate the kernel at a randomized offset in physical memory. + */ +- status = efi_random_alloc(*reserve_size, min_kimg_align(), ++ status = efi_random_alloc(*reserve_size, min_kimg_align, + reserve_addr, phys_seed); + } else { + status = EFI_OUT_OF_RESOURCES; +@@ -139,7 +137,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, + if (status != EFI_SUCCESS) { + if (!check_image_region((u64)_text, kernel_memsize)) { + efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n"); +- } else if (IS_ALIGNED((u64)_text, min_kimg_align())) { ++ } else if (IS_ALIGNED((u64)_text, min_kimg_align)) { + /* + * Just execute from wherever we were loaded by the + * UEFI PE/COFF loader if the alignment is suitable. +@@ -150,7 +148,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, + } + + status = efi_allocate_pages_aligned(*reserve_size, reserve_addr, +- ULONG_MAX, min_kimg_align()); ++ ULONG_MAX, min_kimg_align); + + if (status != EFI_SUCCESS) { + efi_err("Failed to relocate kernel\n"); +-- +2.30.2 + diff --git a/queue-5.10/powerpc-kprobes-fix-kprobe-oops-happens-in-booke.patch b/queue-5.10/powerpc-kprobes-fix-kprobe-oops-happens-in-booke.patch new file mode 100644 index 00000000000..0367dfb2ac8 --- /dev/null +++ b/queue-5.10/powerpc-kprobes-fix-kprobe-oops-happens-in-booke.patch @@ -0,0 +1,82 @@ +From 2343dc53365c248125f1913a74ab7fe6d2fe602b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 9 Aug 2021 10:36:58 +0800 +Subject: powerpc/kprobes: Fix kprobe Oops happens in booke + +From: Pu Lehui + +[ Upstream commit 43e8f76006592cb1573a959aa287c45421066f9c ] + +When using kprobe on powerpc booke series processor, Oops happens +as show bellow: + +/ # echo "p:myprobe do_nanosleep" > /sys/kernel/debug/tracing/kprobe_events +/ # echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable +/ # sleep 1 +[ 50.076730] Oops: Exception in kernel mode, sig: 5 [#1] +[ 50.077017] BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500 +[ 50.077221] Modules linked in: +[ 50.077462] CPU: 0 PID: 77 Comm: sleep Not tainted 5.14.0-rc4-00022-g251a1524293d #21 +[ 50.077887] NIP: c0b9c4e0 LR: c00ebecc CTR: 00000000 +[ 50.078067] REGS: c3883de0 TRAP: 0700 Not tainted (5.14.0-rc4-00022-g251a1524293d) +[ 50.078349] MSR: 00029000 CR: 24000228 XER: 20000000 +[ 50.078675] +[ 50.078675] GPR00: c00ebdf0 c3883e90 c313e300 c3883ea0 00000001 00000000 c3883ecc 00000001 +[ 50.078675] GPR08: c100598c c00ea250 00000004 00000000 24000222 102490c2 bff4180c 101e60d4 +[ 50.078675] GPR16: 00000000 102454ac 00000040 10240000 10241100 102410f8 10240000 00500000 +[ 50.078675] GPR24: 00000002 00000000 c3883ea0 00000001 00000000 0000c350 3b9b8d50 00000000 +[ 50.080151] NIP [c0b9c4e0] do_nanosleep+0x0/0x190 +[ 50.080352] LR [c00ebecc] hrtimer_nanosleep+0x14c/0x1e0 +[ 50.080638] Call Trace: +[ 50.080801] [c3883e90] [c00ebdf0] hrtimer_nanosleep+0x70/0x1e0 (unreliable) +[ 50.081110] [c3883f00] [c00ec004] sys_nanosleep_time32+0xa4/0x110 +[ 50.081336] [c3883f40] [c001509c] ret_from_syscall+0x0/0x28 +[ 50.081541] --- interrupt: c00 at 0x100a4d08 +[ 50.081749] NIP: 100a4d08 LR: 101b5234 CTR: 00000003 +[ 50.081931] REGS: c3883f50 TRAP: 0c00 Not tainted (5.14.0-rc4-00022-g251a1524293d) +[ 50.082183] MSR: 0002f902 CR: 24000222 XER: 00000000 +[ 50.082457] +[ 50.082457] GPR00: 000000a2 bf980040 1024b4d0 bf980084 bf980084 64000000 00555345 fefefeff +[ 50.082457] GPR08: 7f7f7f7f 101e0000 00000069 00000003 28000422 102490c2 bff4180c 101e60d4 +[ 50.082457] GPR16: 00000000 102454ac 00000040 10240000 10241100 102410f8 10240000 00500000 +[ 50.082457] GPR24: 00000002 bf9803f4 10240000 00000000 00000000 100039e0 00000000 102444e8 +[ 50.083789] NIP [100a4d08] 0x100a4d08 +[ 50.083917] LR [101b5234] 0x101b5234 +[ 50.084042] --- interrupt: c00 +[ 50.084238] Instruction dump: +[ 50.084483] 4bfffc40 60000000 60000000 60000000 9421fff0 39400402 914200c0 38210010 +[ 50.084841] 4bfffc20 00000000 00000000 00000000 <7fe00008> 7c0802a6 7c892378 93c10048 +[ 50.085487] ---[ end trace f6fffe98e2fa8f3e ]--- +[ 50.085678] +Trace/breakpoint trap + +There is no real mode for booke arch and the MMU translation is +always on. The corresponding MSR_IS/MSR_DS bit in booke is used +to switch the address space, but not for real mode judgment. + +Fixes: 21f8b2fa3ca5 ("powerpc/kprobes: Ignore traps that happened in real mode") +Signed-off-by: Pu Lehui +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210809023658.218915-1-pulehui@huawei.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/kprobes.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c +index e8c2a6373157..00fafc8b249e 100644 +--- a/arch/powerpc/kernel/kprobes.c ++++ b/arch/powerpc/kernel/kprobes.c +@@ -276,7 +276,8 @@ int kprobe_handler(struct pt_regs *regs) + if (user_mode(regs)) + return 0; + +- if (!(regs->msr & MSR_IR) || !(regs->msr & MSR_DR)) ++ if (!IS_ENABLED(CONFIG_BOOKE) && ++ (!(regs->msr & MSR_IR) || !(regs->msr & MSR_DR))) + return 0; + + /* +-- +2.30.2 + diff --git a/queue-5.10/series b/queue-5.10/series index 911f3bcc849..6322a9222df 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -65,3 +65,8 @@ drm-i915-only-access-sfc_done-when-media-domain-is-n.patch xen-events-fix-race-in-set_evtchn_to_irq.patch vsock-virtio-avoid-potential-deadlock-when-vsock-dev.patch nbd-aovid-double-completion-of-a-request.patch +arm64-efi-kaslr-fix-occasional-random-alloc-and-boot.patch +efi-libstub-arm64-force-image-reallocation-if-bss-wa.patch +efi-libstub-arm64-relax-2m-alignment-again-for-reloc.patch +powerpc-kprobes-fix-kprobe-oops-happens-in-booke.patch +x86-tools-fix-objdump-version-check-again.patch diff --git a/queue-5.10/x86-tools-fix-objdump-version-check-again.patch b/queue-5.10/x86-tools-fix-objdump-version-check-again.patch new file mode 100644 index 00000000000..6f6c32b9c67 --- /dev/null +++ b/queue-5.10/x86-tools-fix-objdump-version-check-again.patch @@ -0,0 +1,42 @@ +From be198a982cf1d5a6a707d09f109829afd90bcf56 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 30 Jul 2021 17:01:46 -0700 +Subject: x86/tools: Fix objdump version check again + +From: Randy Dunlap + +[ Upstream commit 839ad22f755132838f406751439363c07272ad87 ] + +Skip (omit) any version string info that is parenthesized. + +Warning: objdump version 15) is older than 2.19 +Warning: Skipping posttest. + +where 'objdump -v' says: +GNU objdump (GNU Binutils; SUSE Linux Enterprise 15) 2.35.1.20201123-7.18 + +Fixes: 8bee738bb1979 ("x86: Fix objdump version check in chkobjdump.awk for different formats.") +Signed-off-by: Randy Dunlap +Signed-off-by: Thomas Gleixner +Reviewed-by: Masami Hiramatsu +Link: https://lore.kernel.org/r/20210731000146.2720-1-rdunlap@infradead.org +Signed-off-by: Sasha Levin +--- + arch/x86/tools/chkobjdump.awk | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/tools/chkobjdump.awk b/arch/x86/tools/chkobjdump.awk +index fd1ab80be0de..a4cf678cf5c8 100644 +--- a/arch/x86/tools/chkobjdump.awk ++++ b/arch/x86/tools/chkobjdump.awk +@@ -10,6 +10,7 @@ BEGIN { + + /^GNU objdump/ { + verstr = "" ++ gsub(/\(.*\)/, ""); + for (i = 3; i <= NF; i++) + if (match($(i), "^[0-9]")) { + verstr = $(i); +-- +2.30.2 +