From: Greg Kroah-Hartman Date: Sat, 20 Mar 2021 10:55:58 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.4.263~90 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c542ec2659a709bf0780814b89b8b0fbc90d8ada;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: lkdtm-don-t-move-ctors-to-.rodata.patch vmlinux.lds.h-create-section-for-protection-against-instrumentation.patch --- diff --git a/queue-4.19/alsa-hda-realtek-apply-headset-mic-quirks-for-xiaomi-redmibook-air.patch b/queue-4.19/alsa-hda-realtek-apply-headset-mic-quirks-for-xiaomi-redmibook-air.patch deleted file mode 100644 index 6fe145e5fd8..00000000000 --- a/queue-4.19/alsa-hda-realtek-apply-headset-mic-quirks-for-xiaomi-redmibook-air.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e1c86210fe27428399643861b81b080eccd79f87 Mon Sep 17 00:00:00 2001 -From: Xiaoliang Yu -Date: Sat, 13 Mar 2021 07:54:53 +0800 -Subject: ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air - -From: Xiaoliang Yu - -commit e1c86210fe27428399643861b81b080eccd79f87 upstream. - -There is another fix for headset-mic problem on Redmibook (1d72:1602), -it also works on Redmibook Air (1d72:1947), which has the same issue. - -Signed-off-by: Xiaoliang Yu -Cc: -Link: https://lore.kernel.org/r/TYBP286MB02856DC016849DEA0F9B6A37EE6F9@TYBP286MB0285.JPNP286.PROD.OUTLOOK.COM -Signed-off-by: Takashi Iwai -Signed-off-by: Greg Kroah-Hartman ---- - sound/pci/hda/patch_realtek.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -7265,6 +7265,7 @@ static const struct snd_pci_quirk alc269 - SND_PCI_QUIRK(0x19e5, 0x3204, "Huawei MBXP", ALC256_FIXUP_HUAWEI_MBXP_PINS), - SND_PCI_QUIRK(0x1b7d, 0xa831, "Ordissimo EVE2 ", ALC269VB_FIXUP_ORDISSIMO_EVE2), /* Also known as Malata PC-B1303 */ - SND_PCI_QUIRK(0x1d72, 0x1901, "RedmiBook 14", ALC256_FIXUP_ASUS_HEADSET_MIC), -+ SND_PCI_QUIRK(0x1d72, 0x1947, "RedmiBook Air", ALC255_FIXUP_XIAOMI_HEADSET_MIC), - SND_PCI_QUIRK(0x10ec, 0x118c, "Medion EE4254 MD62100", ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE), - - #if 0 diff --git a/queue-4.19/lkdtm-don-t-move-ctors-to-.rodata.patch b/queue-4.19/lkdtm-don-t-move-ctors-to-.rodata.patch new file mode 100644 index 00000000000..fa1b7fa2751 --- /dev/null +++ b/queue-4.19/lkdtm-don-t-move-ctors-to-.rodata.patch @@ -0,0 +1,110 @@ +From foo@baz Sat Mar 20 11:54:47 AM CET 2021 +From: Nicolas Boichat +Date: Sat, 20 Mar 2021 12:16:26 +0800 +Subject: lkdtm: don't move ctors to .rodata +To: stable@vger.kernel.org +Cc: groeck@chromium.org, Mark Rutland , Arnd Bergmann , Greg Kroah-Hartman , Kees Cook , Nicolas Boichat , clang-built-linux@googlegroups.com, linux-kernel@vger.kernel.org +Message-ID: <20210320121614.for-stable-4.19.v2.2.I0387622b15d84eed675e48a0ba3be9c03b9f9e97@changeid> + +From: Nicolas Boichat + +From: Mark Rutland + +commit 3f618ab3323407ee4c6a6734a37eb6e9663ebfb9 upstream. + +When building with KASAN and LKDTM, clang may implictly generate an +asan.module_ctor function in the LKDTM rodata object. The Makefile moves +the lkdtm_rodata_do_nothing() function into .rodata by renaming the +file's .text section to .rodata, and consequently also moves the ctor +function into .rodata, leading to a boot time crash (splat below) when +the ctor is invoked by do_ctors(). + +Let's prevent this by marking the function as noinstr rather than +notrace, and renaming the file's .noinstr.text to .rodata. Marking the +function as noinstr will prevent tracing and kprobes, and will inhibit +any undesireable compiler instrumentation. + +The ctor function (if any) will be placed in .text and will work +correctly. + +Example splat before this patch is applied: + +[ 0.916359] Unable to handle kernel execute from non-executable memory at virtual address ffffa0006b60f5ac +[ 0.922088] Mem abort info: +[ 0.922828] ESR = 0x8600000e +[ 0.923635] EC = 0x21: IABT (current EL), IL = 32 bits +[ 0.925036] SET = 0, FnV = 0 +[ 0.925838] EA = 0, S1PTW = 0 +[ 0.926714] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000427b3000 +[ 0.928489] [ffffa0006b60f5ac] pgd=000000023ffff003, p4d=000000023ffff003, pud=000000023fffe003, pmd=0068000042000f01 +[ 0.931330] Internal error: Oops: 8600000e [#1] PREEMPT SMP +[ 0.932806] Modules linked in: +[ 0.933617] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.0-rc7 #2 +[ 0.935620] Hardware name: linux,dummy-virt (DT) +[ 0.936924] pstate: 40400005 (nZcv daif +PAN -UAO -TCO BTYPE=--) +[ 0.938609] pc : asan.module_ctor+0x0/0x14 +[ 0.939759] lr : do_basic_setup+0x4c/0x70 +[ 0.940889] sp : ffff27b600177e30 +[ 0.941815] x29: ffff27b600177e30 x28: 0000000000000000 +[ 0.943306] x27: 0000000000000000 x26: 0000000000000000 +[ 0.944803] x25: 0000000000000000 x24: 0000000000000000 +[ 0.946289] x23: 0000000000000001 x22: 0000000000000000 +[ 0.947777] x21: ffffa0006bf4a890 x20: ffffa0006befb6c0 +[ 0.949271] x19: ffffa0006bef9358 x18: 0000000000000068 +[ 0.950756] x17: fffffffffffffff8 x16: 0000000000000000 +[ 0.952246] x15: 0000000000000000 x14: 0000000000000000 +[ 0.953734] x13: 00000000838a16d5 x12: 0000000000000001 +[ 0.955223] x11: ffff94000da74041 x10: dfffa00000000000 +[ 0.956715] x9 : 0000000000000000 x8 : ffffa0006b60f5ac +[ 0.958199] x7 : f9f9f9f9f9f9f9f9 x6 : 000000000000003f +[ 0.959683] x5 : 0000000000000040 x4 : 0000000000000000 +[ 0.961178] x3 : ffffa0006bdc15a0 x2 : 0000000000000005 +[ 0.962662] x1 : 00000000000000f9 x0 : ffffa0006bef9350 +[ 0.964155] Call trace: +[ 0.964844] asan.module_ctor+0x0/0x14 +[ 0.965895] kernel_init_freeable+0x158/0x198 +[ 0.967115] kernel_init+0x14/0x19c +[ 0.968104] ret_from_fork+0x10/0x30 +[ 0.969110] Code: 00000003 00000000 00000000 00000000 (00000000) +[ 0.970815] ---[ end trace b5339784e20d015c ]--- + +Cc: Arnd Bergmann +Cc: Greg Kroah-Hartman +Cc: Kees Cook +Acked-by: Kees Cook +Signed-off-by: Mark Rutland +Link: https://lore.kernel.org/r/20201207170533.10738-1-mark.rutland@arm.com +Signed-off-by: Greg Kroah-Hartman + +Signed-off-by: Nicolas Boichat +Signed-off-by: Greg Kroah-Hartman +--- + +(no changes since v1) + + drivers/misc/lkdtm/Makefile | 2 +- + drivers/misc/lkdtm/rodata.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/misc/lkdtm/Makefile ++++ b/drivers/misc/lkdtm/Makefile +@@ -13,7 +13,7 @@ KCOV_INSTRUMENT_rodata.o := n + + OBJCOPYFLAGS := + OBJCOPYFLAGS_rodata_objcopy.o := \ +- --rename-section .text=.rodata,alloc,readonly,load ++ --rename-section .noinstr.text=.rodata,alloc,readonly,load + targets += rodata.o rodata_objcopy.o + $(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE + $(call if_changed,objcopy) +--- a/drivers/misc/lkdtm/rodata.c ++++ b/drivers/misc/lkdtm/rodata.c +@@ -5,7 +5,7 @@ + */ + #include "lkdtm.h" + +-void notrace lkdtm_rodata_do_nothing(void) ++void noinstr lkdtm_rodata_do_nothing(void) + { + /* Does nothing. We just want an architecture agnostic "return". */ + } diff --git a/queue-4.19/series b/queue-4.19/series index f93a5afd751..214b6d839fd 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -1,5 +1,6 @@ asoc-ak4458-add-module_device_table.patch asoc-ak5558-add-module_device_table.patch alsa-hda-generic-fix-the-micmute-led-init-state.patch -alsa-hda-realtek-apply-headset-mic-quirks-for-xiaomi-redmibook-air.patch revert-pm-runtime-update-device-status-before-letting-suppliers-suspend.patch +vmlinux.lds.h-create-section-for-protection-against-instrumentation.patch +lkdtm-don-t-move-ctors-to-.rodata.patch diff --git a/queue-4.19/vmlinux.lds.h-create-section-for-protection-against-instrumentation.patch b/queue-4.19/vmlinux.lds.h-create-section-for-protection-against-instrumentation.patch new file mode 100644 index 00000000000..b39b7d19216 --- /dev/null +++ b/queue-4.19/vmlinux.lds.h-create-section-for-protection-against-instrumentation.patch @@ -0,0 +1,219 @@ +From foo@baz Sat Mar 20 11:54:47 AM CET 2021 +From: Nicolas Boichat +Date: Sat, 20 Mar 2021 12:16:25 +0800 +Subject: vmlinux.lds.h: Create section for protection against instrumentation +To: stable@vger.kernel.org +Cc: groeck@chromium.org, Thomas Gleixner , Alexandre Chartre , Peter Zijlstra , Nicolas Boichat , Arnd Bergmann , Benjamin Herrenschmidt , Christopher Li , Daniel Axtens , Greg Kroah-Hartman , Masahiro Yamada , Michael Ellerman , Michal Marek , "Naveen N. Rao" , Nicholas Piggin , Paul Mackerras , linux-arch@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sparse@vger.kernel.org, linuxppc-dev@lists.ozlabs.org +Message-ID: <20210320121614.for-stable-4.19.v2.1.I222f801866f71be9f7d85e5b10665cd4506d78ec@changeid> + +From: Nicolas Boichat + +From: Thomas Gleixner + +commit 6553896666433e7efec589838b400a2a652b3ffa upstream. + +Some code pathes, especially the low level entry code, must be protected +against instrumentation for various reasons: + + - Low level entry code can be a fragile beast, especially on x86. + + - With NO_HZ_FULL RCU state needs to be established before using it. + +Having a dedicated section for such code allows to validate with tooling +that no unsafe functions are invoked. + +Add the .noinstr.text section and the noinstr attribute to mark +functions. noinstr implies notrace. Kprobes will gain a section check +later. + +Provide also a set of markers: instrumentation_begin()/end() + +These are used to mark code inside a noinstr function which calls +into regular instrumentable text section as safe. + +The instrumentation markers are only active when CONFIG_DEBUG_ENTRY is +enabled as the end marker emits a NOP to prevent the compiler from merging +the annotation points. This means the objtool verification requires a +kernel compiled with this option. + +Signed-off-by: Thomas Gleixner +Reviewed-by: Alexandre Chartre +Acked-by: Peter Zijlstra +Link: https://lkml.kernel.org/r/20200505134100.075416272@linutronix.de + +[Nicolas: +Guard noinstr macro in include/linux/compiler_types.h in __KERNEL__ +&& !__ASSEMBLY__, otherwise noinstr is expanded in the linker +script construct. + +Upstream does not have this problem as many macros were moved by +commit 71391bdd2e9a ("include/linux/compiler_types.h: don't pollute +userspace with macro definitions"). We take the minimal approach here +and just guard the new macro. + +Minor context conflicts in: + arch/powerpc/kernel/vmlinux.lds.S + include/asm-generic/vmlinux.lds.h + include/linux/compiler.h] +Signed-off-by: Nicolas Boichat + +Signed-off-by: Greg Kroah-Hartman +--- +Technically guarding with !__ASSEMBLY__ should be enough, but +there seems to be no reason to expose this new macro when +!__KERNEL__, so let's just match what upstream does. + +Changes in v2: + - Guard noinstr macro by __KERNEL__ && !__ASSEMBLY__ to prevent + expansion in linker script and match upstream. + + arch/powerpc/kernel/vmlinux.lds.S | 1 + include/asm-generic/sections.h | 3 ++ + include/asm-generic/vmlinux.lds.h | 10 +++++++ + include/linux/compiler.h | 54 ++++++++++++++++++++++++++++++++++++++ + include/linux/compiler_types.h | 6 ++++ + scripts/mod/modpost.c | 2 - + 6 files changed, 75 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/vmlinux.lds.S ++++ b/arch/powerpc/kernel/vmlinux.lds.S +@@ -99,6 +99,7 @@ SECTIONS + #endif + /* careful! __ftr_alt_* sections need to be close to .text */ + *(.text.hot TEXT_MAIN .text.fixup .text.unlikely .fixup __ftr_alt_* .ref.text); ++ NOINSTR_TEXT + SCHED_TEXT + CPUIDLE_TEXT + LOCK_TEXT +--- a/include/asm-generic/sections.h ++++ b/include/asm-generic/sections.h +@@ -53,6 +53,9 @@ extern char __ctors_start[], __ctors_end + /* Start and end of .opd section - used for function descriptors. */ + extern char __start_opd[], __end_opd[]; + ++/* Start and end of instrumentation protected text section */ ++extern char __noinstr_text_start[], __noinstr_text_end[]; ++ + extern __visible const void __nosave_begin, __nosave_end; + + /* Function descriptor handling (if any). Override in asm/sections.h */ +--- a/include/asm-generic/vmlinux.lds.h ++++ b/include/asm-generic/vmlinux.lds.h +@@ -483,6 +483,15 @@ + } + + /* ++ * Non-instrumentable text section ++ */ ++#define NOINSTR_TEXT \ ++ ALIGN_FUNCTION(); \ ++ __noinstr_text_start = .; \ ++ *(.noinstr.text) \ ++ __noinstr_text_end = .; ++ ++/* + * .text section. Map to function alignment to avoid address changes + * during second ld run in second ld pass when generating System.map + * +@@ -496,6 +505,7 @@ + *(TEXT_MAIN .text.fixup) \ + *(.text.unlikely .text.unlikely.*) \ + *(.text.unknown .text.unknown.*) \ ++ NOINSTR_TEXT \ + *(.text..refcount) \ + *(.ref.text) \ + MEM_KEEP(init.text*) \ +--- a/include/linux/compiler.h ++++ b/include/linux/compiler.h +@@ -129,11 +129,65 @@ void ftrace_likely_update(struct ftrace_ + ".pushsection .discard.unreachable\n\t" \ + ".long 999b - .\n\t" \ + ".popsection\n\t" ++ ++#ifdef CONFIG_DEBUG_ENTRY ++/* Begin/end of an instrumentation safe region */ ++#define instrumentation_begin() ({ \ ++ asm volatile("%c0:\n\t" \ ++ ".pushsection .discard.instr_begin\n\t" \ ++ ".long %c0b - .\n\t" \ ++ ".popsection\n\t" : : "i" (__COUNTER__)); \ ++}) ++ ++/* ++ * Because instrumentation_{begin,end}() can nest, objtool validation considers ++ * _begin() a +1 and _end() a -1 and computes a sum over the instructions. ++ * When the value is greater than 0, we consider instrumentation allowed. ++ * ++ * There is a problem with code like: ++ * ++ * noinstr void foo() ++ * { ++ * instrumentation_begin(); ++ * ... ++ * if (cond) { ++ * instrumentation_begin(); ++ * ... ++ * instrumentation_end(); ++ * } ++ * bar(); ++ * instrumentation_end(); ++ * } ++ * ++ * If instrumentation_end() would be an empty label, like all the other ++ * annotations, the inner _end(), which is at the end of a conditional block, ++ * would land on the instruction after the block. ++ * ++ * If we then consider the sum of the !cond path, we'll see that the call to ++ * bar() is with a 0-value, even though, we meant it to happen with a positive ++ * value. ++ * ++ * To avoid this, have _end() be a NOP instruction, this ensures it will be ++ * part of the condition block and does not escape. ++ */ ++#define instrumentation_end() ({ \ ++ asm volatile("%c0: nop\n\t" \ ++ ".pushsection .discard.instr_end\n\t" \ ++ ".long %c0b - .\n\t" \ ++ ".popsection\n\t" : : "i" (__COUNTER__)); \ ++}) ++#endif /* CONFIG_DEBUG_ENTRY */ ++ + #else + #define annotate_reachable() + #define annotate_unreachable() + #endif + ++#ifndef instrumentation_begin ++#define instrumentation_begin() do { } while(0) ++#define instrumentation_end() do { } while(0) ++#endif ++ + #ifndef ASM_UNREACHABLE + # define ASM_UNREACHABLE + #endif +--- a/include/linux/compiler_types.h ++++ b/include/linux/compiler_types.h +@@ -234,6 +234,12 @@ struct ftrace_likely_data { + #define notrace __attribute__((no_instrument_function)) + #endif + ++#if defined(__KERNEL__) && !defined(__ASSEMBLY__) ++/* Section for code which can't be instrumented at all */ ++#define noinstr \ ++ noinline notrace __attribute((__section__(".noinstr.text"))) ++#endif ++ + /* + * it doesn't make sense on ARM (currently the only user of __naked) + * to trace naked functions because then mcount is called without +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -895,7 +895,7 @@ static void check_section(const char *mo + + #define DATA_SECTIONS ".data", ".data.rel" + #define TEXT_SECTIONS ".text", ".text.unlikely", ".sched.text", \ +- ".kprobes.text", ".cpuidle.text" ++ ".kprobes.text", ".cpuidle.text", ".noinstr.text" + #define OTHER_TEXT_SECTIONS ".ref.text", ".head.text", ".spinlock.text", \ + ".fixup", ".entry.text", ".exception.text", ".text.*", \ + ".coldtext"