diff options
| author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-08-01 11:33:44 -0400 |
|---|---|---|
| committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-08-01 11:33:44 -0400 |
| commit | 5b20bfc5a0d3bbbf9353edd4bf722dea97a0ec6a (patch) | |
| tree | 5b2fb42c368bd887baa92728f55746ac3a0e29b2 | |
| parent | c691029d42e0fba69676b12803bb1526d4a46ff9 (diff) | |
| download | longterm-queue-4.12-5b20bfc5a0d3bbbf9353edd4bf722dea97a0ec6a.tar.gz | |
drop patches applied in previous 4.12.x versions
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
33 files changed, 0 insertions, 3963 deletions
diff --git a/queue/ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch b/queue/ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch deleted file mode 100644 index 1c7b135..0000000 --- a/queue/ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 5a15f289ee87eaf33f13f08a4909ec99d837ec5f Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <tiwai@suse.de> -Date: Mon, 18 Dec 2017 23:36:57 +0100 -Subject: [PATCH] ALSA: usb-audio: Fix the missing ctl name suffix at parsing - SU - -commit 5a15f289ee87eaf33f13f08a4909ec99d837ec5f upstream. - -The commit 89b89d121ffc ("ALSA: usb-audio: Add check return value for -usb_string()") added the check of the return value from -snd_usb_copy_string_desc(), which is correct per se, but it introduced -a regression. In the original code, either the "Clock Source", -"Playback Source" or "Capture Source" suffix is added after the -terminal string, while the commit changed it to add the suffix only -when get_term_name() is failing. It ended up with an incorrect ctl -name like "PCM" instead of "PCM Capture Source". - -Also, even the original code has a similar bug: when the ctl name is -generated from snd_usb_copy_string_desc() for the given iSelector, it -also doesn't put the suffix. - -This patch addresses these issues: the suffix is added always when no -static mapping is found. Also the patch tries to put more comments -and cleans up the if/else block for better readability in order to -avoid the same pitfall again. - -Fixes: 89b89d121ffc ("ALSA: usb-audio: Add check return value for usb_string()") -Reported-and-tested-by: Mauro Santos <registo.mailling@gmail.com> -Cc: <stable@vger.kernel.org> -Signed-off-by: Takashi Iwai <tiwai@suse.de> - -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c -index afc208e1c756..60ebc99ae323 100644 ---- a/sound/usb/mixer.c -+++ b/sound/usb/mixer.c -@@ -2173,20 +2173,25 @@ static int parse_audio_selector_unit(struct mixer_build *state, int unitid, - kctl->private_value = (unsigned long)namelist; - kctl->private_free = usb_mixer_selector_elem_free; - -- nameid = uac_selector_unit_iSelector(desc); -+ /* check the static mapping table at first */ - len = check_mapped_name(map, kctl->id.name, sizeof(kctl->id.name)); -- if (len) -- ; -- else if (nameid) -- len = snd_usb_copy_string_desc(state, nameid, kctl->id.name, -- sizeof(kctl->id.name)); -- else -- len = get_term_name(state, &state->oterm, -- kctl->id.name, sizeof(kctl->id.name), 0); -- - if (!len) { -- strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name)); -+ /* no mapping ? */ -+ /* if iSelector is given, use it */ -+ nameid = uac_selector_unit_iSelector(desc); -+ if (nameid) -+ len = snd_usb_copy_string_desc(state, nameid, -+ kctl->id.name, -+ sizeof(kctl->id.name)); -+ /* ... or pick up the terminal name at next */ -+ if (!len) -+ len = get_term_name(state, &state->oterm, -+ kctl->id.name, sizeof(kctl->id.name), 0); -+ /* ... or use the fixed string "USB" as the last resort */ -+ if (!len) -+ strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name)); - -+ /* and add the proper suffix */ - if (desc->bDescriptorSubtype == UAC2_CLOCK_SELECTOR) - append_ctl_name(kctl, " Clock Source"); - else if ((state->oterm.type & 0xff00) == 0x0100) --- -2.15.0 - diff --git a/queue/KVM-PPC-Book3S-HV-Fix-pending_pri-value-in-kvmppc_xi.patch b/queue/KVM-PPC-Book3S-HV-Fix-pending_pri-value-in-kvmppc_xi.patch deleted file mode 100644 index 0313eb6..0000000 --- a/queue/KVM-PPC-Book3S-HV-Fix-pending_pri-value-in-kvmppc_xi.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 7333b5aca412d6ad02667b5a513485838a91b136 Mon Sep 17 00:00:00 2001 -From: Laurent Vivier <lvivier@redhat.com> -Date: Tue, 12 Dec 2017 18:23:56 +0100 -Subject: [PATCH] KVM: PPC: Book3S HV: Fix pending_pri value in - kvmppc_xive_get_icp() - -commit 7333b5aca412d6ad02667b5a513485838a91b136 upstream. - -When we migrate a VM from a POWER8 host (XICS) to a POWER9 host -(XICS-on-XIVE), we have an error: - -qemu-kvm: Unable to restore KVM interrupt controller state \ - (0xff000000) for CPU 0: Invalid argument - -This is because kvmppc_xics_set_icp() checks the new state -is internaly consistent, and especially: - -... - 1129 if (xisr == 0) { - 1130 if (pending_pri != 0xff) - 1131 return -EINVAL; -... - -On the other side, kvmppc_xive_get_icp() doesn't set -neither the pending_pri value, nor the xisr value (set to 0) -(and kvmppc_xive_set_icp() ignores the pending_pri value) - -As xisr is 0, pending_pri must be set to 0xff. - -Fixes: 5af50993850a ("KVM: PPC: Book3S HV: Native usage of the XIVE interrupt controller") -Cc: stable@vger.kernel.org # v4.12+ -Signed-off-by: Laurent Vivier <lvivier@redhat.com> -Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> -Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> - -diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c -index b5e6d227a034..0d750d274c4e 100644 ---- a/arch/powerpc/kvm/book3s_xive.c -+++ b/arch/powerpc/kvm/book3s_xive.c -@@ -725,7 +725,8 @@ u64 kvmppc_xive_get_icp(struct kvm_vcpu *vcpu) - - /* Return the per-cpu state for state saving/migration */ - return (u64)xc->cppr << KVM_REG_PPC_ICP_CPPR_SHIFT | -- (u64)xc->mfrr << KVM_REG_PPC_ICP_MFRR_SHIFT; -+ (u64)xc->mfrr << KVM_REG_PPC_ICP_MFRR_SHIFT | -+ (u64)0xff << KVM_REG_PPC_ICP_PPRI_SHIFT; - } - - int kvmppc_xive_set_icp(struct kvm_vcpu *vcpu, u64 icpval) --- -2.15.0 - diff --git a/queue/KVM-PPC-Book3S-fix-XIVE-migration-of-pending-interru.patch b/queue/KVM-PPC-Book3S-fix-XIVE-migration-of-pending-interru.patch deleted file mode 100644 index f182f16..0000000 --- a/queue/KVM-PPC-Book3S-fix-XIVE-migration-of-pending-interru.patch +++ /dev/null @@ -1,50 +0,0 @@ -From dc1c4165d189350cb51bdd3057deb6ecd164beda Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@kaod.org> -Date: Tue, 12 Dec 2017 12:02:04 +0000 -Subject: [PATCH] KVM: PPC: Book3S: fix XIVE migration of pending interrupts -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -commit dc1c4165d189350cb51bdd3057deb6ecd164beda upstream. - -When restoring a pending interrupt, we are setting the Q bit to force -a retrigger in xive_finish_unmask(). But we also need to force an EOI -in this case to reach the same initial state : P=1, Q=0. - -This can be done by not setting 'old_p' for pending interrupts which -will inform xive_finish_unmask() that an EOI needs to be sent. - -Fixes: 5af50993850a ("KVM: PPC: Book3S HV: Native usage of the XIVE interrupt controller") -Cc: stable@vger.kernel.org # v4.12+ -Suggested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> -Signed-off-by: Cédric Le Goater <clg@kaod.org> -Reviewed-by: Laurent Vivier <lvivier@redhat.com> -Tested-by: Laurent Vivier <lvivier@redhat.com> -Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> - -diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c -index bf457843e032..b5e6d227a034 100644 ---- a/arch/powerpc/kvm/book3s_xive.c -+++ b/arch/powerpc/kvm/book3s_xive.c -@@ -1558,7 +1558,7 @@ static int xive_set_source(struct kvmppc_xive *xive, long irq, u64 addr) - - /* - * Restore P and Q. If the interrupt was pending, we -- * force both P and Q, which will trigger a resend. -+ * force Q and !P, which will trigger a resend. - * - * That means that a guest that had both an interrupt - * pending (queued) and Q set will restore with only -@@ -1566,7 +1566,7 @@ static int xive_set_source(struct kvmppc_xive *xive, long irq, u64 addr) - * is perfectly fine as coalescing interrupts that haven't - * been presented yet is always allowed. - */ -- if (val & KVM_XICS_PRESENTED || val & KVM_XICS_PENDING) -+ if (val & KVM_XICS_PRESENTED && !(val & KVM_XICS_PENDING)) - state->old_p = true; - if (val & KVM_XICS_QUEUED || val & KVM_XICS_PENDING) - state->old_q = true; --- -2.15.0 - diff --git a/queue/KVM-X86-Fix-load-RFLAGS-w-o-the-fixed-bit.patch b/queue/KVM-X86-Fix-load-RFLAGS-w-o-the-fixed-bit.patch deleted file mode 100644 index 1945c60..0000000 --- a/queue/KVM-X86-Fix-load-RFLAGS-w-o-the-fixed-bit.patch +++ /dev/null @@ -1,72 +0,0 @@ -From d73235d17ba63b53dc0e1051dbc10a1f1be91b71 Mon Sep 17 00:00:00 2001 -From: Wanpeng Li <wanpeng.li@hotmail.com> -Date: Thu, 7 Dec 2017 00:30:08 -0800 -Subject: [PATCH] KVM: X86: Fix load RFLAGS w/o the fixed bit -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -commit d73235d17ba63b53dc0e1051dbc10a1f1be91b71 upstream. - - *** Guest State *** - CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 - CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 - CR3 = 0x00000000fffbc000 - RSP = 0x0000000000000000 RIP = 0x0000000000000000 - RFLAGS=0x00000000 DR7 = 0x0000000000000400 - ^^^^^^^^^^ - -The failed vmentry is triggered by the following testcase when ept=Y: - - #include <unistd.h> - #include <sys/syscall.h> - #include <string.h> - #include <stdint.h> - #include <linux/kvm.h> - #include <fcntl.h> - #include <sys/ioctl.h> - - long r[5]; - int main() - { - r[2] = open("/dev/kvm", O_RDONLY); - r[3] = ioctl(r[2], KVM_CREATE_VM, 0); - r[4] = ioctl(r[3], KVM_CREATE_VCPU, 7); - struct kvm_regs regs = { - .rflags = 0, - }; - ioctl(r[4], KVM_SET_REGS, ®s); - ioctl(r[4], KVM_RUN, 0); - } - -X86 RFLAGS bit 1 is fixed set, userspace can simply clearing bit 1 -of RFLAGS with KVM_SET_REGS ioctl which results in vmentry fails. -This patch fixes it by oring X86_EFLAGS_FIXED during ioctl. - -Cc: stable@vger.kernel.org -Suggested-by: Jim Mattson <jmattson@google.com> -Reviewed-by: David Hildenbrand <david@redhat.com> -Reviewed-by: Quan Xu <quan.xu0@gmail.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Radim Krčmář <rkrcmar@redhat.com> -Cc: Jim Mattson <jmattson@google.com> -Cc: stable@vger.kernel.org -Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index faf843c9b916..154ea27746e9 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -7384,7 +7384,7 @@ int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs) - #endif - - kvm_rip_write(vcpu, regs->rip); -- kvm_set_rflags(vcpu, regs->rflags); -+ kvm_set_rflags(vcpu, regs->rflags | X86_EFLAGS_FIXED); - - vcpu->arch.exception.pending = false; - --- -2.15.0 - diff --git a/queue/KVM-arm-arm64-Fix-HYP-unmapping-going-off-limits.patch b/queue/KVM-arm-arm64-Fix-HYP-unmapping-going-off-limits.patch deleted file mode 100644 index 733ecfc..0000000 --- a/queue/KVM-arm-arm64-Fix-HYP-unmapping-going-off-limits.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 7839c672e58bf62da8f2f0197fefb442c02ba1dd Mon Sep 17 00:00:00 2001 -From: Marc Zyngier <marc.zyngier@arm.com> -Date: Thu, 7 Dec 2017 11:45:45 +0000 -Subject: [PATCH] KVM: arm/arm64: Fix HYP unmapping going off limits - -commit 7839c672e58bf62da8f2f0197fefb442c02ba1dd upstream. - -When we unmap the HYP memory, we try to be clever and unmap one -PGD at a time. If we start with a non-PGD aligned address and try -to unmap a whole PGD, things go horribly wrong in unmap_hyp_range -(addr and end can never match, and it all goes really badly as we -keep incrementing pgd and parse random memory as page tables...). - -The obvious fix is to let unmap_hyp_range do what it does best, -which is to iterate over a range. - -The size of the linear mapping, which begins at PAGE_OFFSET, can be -easily calculated by subtracting PAGE_OFFSET form high_memory, because -high_memory is defined as the linear map address of the last byte of -DRAM, plus one. - -The size of the vmalloc region is given trivially by VMALLOC_END - -VMALLOC_START. - -Cc: stable@vger.kernel.org -Reported-by: Andre Przywara <andre.przywara@arm.com> -Tested-by: Andre Przywara <andre.przywara@arm.com> -Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org> -Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> -Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org> - -diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c -index b36945d49986..b4b69c2d1012 100644 ---- a/virt/kvm/arm/mmu.c -+++ b/virt/kvm/arm/mmu.c -@@ -509,8 +509,6 @@ static void unmap_hyp_range(pgd_t *pgdp, phys_addr_t start, u64 size) - */ - void free_hyp_pgds(void) - { -- unsigned long addr; -- - mutex_lock(&kvm_hyp_pgd_mutex); - - if (boot_hyp_pgd) { -@@ -521,10 +519,10 @@ void free_hyp_pgds(void) - - if (hyp_pgd) { - unmap_hyp_range(hyp_pgd, hyp_idmap_start, PAGE_SIZE); -- for (addr = PAGE_OFFSET; virt_addr_valid(addr); addr += PGDIR_SIZE) -- unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); -- for (addr = VMALLOC_START; is_vmalloc_addr((void*)addr); addr += PGDIR_SIZE) -- unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); -+ unmap_hyp_range(hyp_pgd, kern_hyp_va(PAGE_OFFSET), -+ (uintptr_t)high_memory - PAGE_OFFSET); -+ unmap_hyp_range(hyp_pgd, kern_hyp_va(VMALLOC_START), -+ VMALLOC_END - VMALLOC_START); - - free_pages((unsigned long)hyp_pgd, hyp_pgd_order); - hyp_pgd = NULL; --- -2.15.0 - diff --git a/queue/arch-mm-Allow-arch_dup_mmap-to-fail.patch b/queue/arch-mm-Allow-arch_dup_mmap-to-fail.patch deleted file mode 100644 index fa051a1..0000000 --- a/queue/arch-mm-Allow-arch_dup_mmap-to-fail.patch +++ /dev/null @@ -1,139 +0,0 @@ -From c10e83f598d08046dd1ebc8360d4bb12d802d51b Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Thu, 14 Dec 2017 12:27:29 +0100 -Subject: [PATCH] arch, mm: Allow arch_dup_mmap() to fail - -commit c10e83f598d08046dd1ebc8360d4bb12d802d51b upstream. - -In order to sanitize the LDT initialization on x86 arch_dup_mmap() must be -allowed to fail. Fix up all instances. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Andy Lutomirsky <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Borislav Petkov <bpetkov@suse.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: dan.j.williams@intel.com -Cc: hughd@google.com -Cc: keescook@google.com -Cc: kirill.shutemov@linux.intel.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/powerpc/include/asm/mmu_context.h b/arch/powerpc/include/asm/mmu_context.h -index 492d8140a395..44fdf4786638 100644 ---- a/arch/powerpc/include/asm/mmu_context.h -+++ b/arch/powerpc/include/asm/mmu_context.h -@@ -114,9 +114,10 @@ static inline void enter_lazy_tlb(struct mm_struct *mm, - #endif - } - --static inline void arch_dup_mmap(struct mm_struct *oldmm, -- struct mm_struct *mm) -+static inline int arch_dup_mmap(struct mm_struct *oldmm, -+ struct mm_struct *mm) - { -+ return 0; - } - - static inline void arch_exit_mmap(struct mm_struct *mm) -diff --git a/arch/um/include/asm/mmu_context.h b/arch/um/include/asm/mmu_context.h -index b668e351fd6c..fca34b2177e2 100644 ---- a/arch/um/include/asm/mmu_context.h -+++ b/arch/um/include/asm/mmu_context.h -@@ -15,9 +15,10 @@ extern void uml_setup_stubs(struct mm_struct *mm); - /* - * Needed since we do not use the asm-generic/mm_hooks.h: - */ --static inline void arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) -+static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) - { - uml_setup_stubs(mm); -+ return 0; - } - extern void arch_exit_mmap(struct mm_struct *mm); - static inline void arch_unmap(struct mm_struct *mm, -diff --git a/arch/unicore32/include/asm/mmu_context.h b/arch/unicore32/include/asm/mmu_context.h -index 59b06b48f27d..5c205a9cb5a6 100644 ---- a/arch/unicore32/include/asm/mmu_context.h -+++ b/arch/unicore32/include/asm/mmu_context.h -@@ -81,9 +81,10 @@ do { \ - } \ - } while (0) - --static inline void arch_dup_mmap(struct mm_struct *oldmm, -- struct mm_struct *mm) -+static inline int arch_dup_mmap(struct mm_struct *oldmm, -+ struct mm_struct *mm) - { -+ return 0; - } - - static inline void arch_unmap(struct mm_struct *mm, -diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 6d16d15d09a0..c76162439c8a 100644 ---- a/arch/x86/include/asm/mmu_context.h -+++ b/arch/x86/include/asm/mmu_context.h -@@ -176,10 +176,10 @@ do { \ - } while (0) - #endif - --static inline void arch_dup_mmap(struct mm_struct *oldmm, -- struct mm_struct *mm) -+static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) - { - paravirt_arch_dup_mmap(oldmm, mm); -+ return 0; - } - - static inline void arch_exit_mmap(struct mm_struct *mm) -diff --git a/include/asm-generic/mm_hooks.h b/include/asm-generic/mm_hooks.h -index ea189d88a3cc..8ac4e68a12f0 100644 ---- a/include/asm-generic/mm_hooks.h -+++ b/include/asm-generic/mm_hooks.h -@@ -7,9 +7,10 @@ - #ifndef _ASM_GENERIC_MM_HOOKS_H - #define _ASM_GENERIC_MM_HOOKS_H - --static inline void arch_dup_mmap(struct mm_struct *oldmm, -- struct mm_struct *mm) -+static inline int arch_dup_mmap(struct mm_struct *oldmm, -+ struct mm_struct *mm) - { -+ return 0; - } - - static inline void arch_exit_mmap(struct mm_struct *mm) -diff --git a/kernel/fork.c b/kernel/fork.c -index 07cc743698d3..500ce64517d9 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -721,8 +721,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, - goto out; - } - /* a new mm has just been created */ -- arch_dup_mmap(oldmm, mm); -- retval = 0; -+ retval = arch_dup_mmap(oldmm, mm); - out: - up_write(&mm->mmap_sem); - flush_tlb_mm(oldmm); --- -2.15.0 - diff --git a/queue/arm64-kvm-Prevent-restoring-stale-PMSCR_EL1-for-vcpu.patch b/queue/arm64-kvm-Prevent-restoring-stale-PMSCR_EL1-for-vcpu.patch deleted file mode 100644 index f99c371..0000000 --- a/queue/arm64-kvm-Prevent-restoring-stale-PMSCR_EL1-for-vcpu.patch +++ /dev/null @@ -1,42 +0,0 @@ -From bfe766cf65fb65e68c4764f76158718560bdcee5 Mon Sep 17 00:00:00 2001 -From: Julien Thierry <julien.thierry@arm.com> -Date: Wed, 6 Dec 2017 17:09:49 +0000 -Subject: [PATCH] arm64: kvm: Prevent restoring stale PMSCR_EL1 for vcpu - -commit bfe766cf65fb65e68c4764f76158718560bdcee5 upstream. - -When VHE is not present, KVM needs to save and restores PMSCR_EL1 when -possible. If SPE is used by the host, value of PMSCR_EL1 cannot be saved -for the guest. -If the host starts using SPE between two save+restore on the same vcpu, -restore will write the value of PMSCR_EL1 read during the first save. - -Make sure __debug_save_spe_nvhe clears the value of the saved PMSCR_EL1 -when the guest cannot use SPE. - -Signed-off-by: Julien Thierry <julien.thierry@arm.com> -Cc: Christoffer Dall <christoffer.dall@linaro.org> -Cc: Marc Zyngier <marc.zyngier@arm.com> -Cc: Catalin Marinas <catalin.marinas@arm.com> -Cc: <stable@vger.kernel.org> -Reviewed-by: Will Deacon <will.deacon@arm.com> -Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org> -Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org> - -diff --git a/arch/arm64/kvm/hyp/debug-sr.c b/arch/arm64/kvm/hyp/debug-sr.c -index 321c9c05dd9e..f4363d40e2cd 100644 ---- a/arch/arm64/kvm/hyp/debug-sr.c -+++ b/arch/arm64/kvm/hyp/debug-sr.c -@@ -74,6 +74,9 @@ static void __hyp_text __debug_save_spe_nvhe(u64 *pmscr_el1) - { - u64 reg; - -+ /* Clear pmscr in case of early return */ -+ *pmscr_el1 = 0; -+ - /* SPE present on this CPU? */ - if (!cpuid_feature_extract_unsigned_field(read_sysreg(id_aa64dfr0_el1), - ID_AA64DFR0_PMSVER_SHIFT)) --- -2.15.0 - diff --git a/queue/init-Invoke-init_espfix_bsp-from-mm_init.patch b/queue/init-Invoke-init_espfix_bsp-from-mm_init.patch deleted file mode 100644 index 55c5643..0000000 --- a/queue/init-Invoke-init_espfix_bsp-from-mm_init.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 613e396bc0d4c7604fba23256644e78454c68cf6 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 17 Dec 2017 10:56:29 +0100 -Subject: [PATCH] init: Invoke init_espfix_bsp() from mm_init() - -commit 613e396bc0d4c7604fba23256644e78454c68cf6 upstream. - -init_espfix_bsp() needs to be invoked before the page table isolation -initialization. Move it into mm_init() which is the place where pti_init() -will be added. - -While at it get rid of the #ifdeffery and provide proper stub functions. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/espfix.h b/arch/x86/include/asm/espfix.h -index 0211029076ea..6777480d8a42 100644 ---- a/arch/x86/include/asm/espfix.h -+++ b/arch/x86/include/asm/espfix.h -@@ -2,7 +2,7 @@ - #ifndef _ASM_X86_ESPFIX_H - #define _ASM_X86_ESPFIX_H - --#ifdef CONFIG_X86_64 -+#ifdef CONFIG_X86_ESPFIX64 - - #include <asm/percpu.h> - -@@ -11,7 +11,8 @@ DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr); - - extern void init_espfix_bsp(void); - extern void init_espfix_ap(int cpu); -- --#endif /* CONFIG_X86_64 */ -+#else -+static inline void init_espfix_ap(int cpu) { } -+#endif - - #endif /* _ASM_X86_ESPFIX_H */ -diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index d56c1d209283..33d6000265aa 100644 ---- a/arch/x86/kernel/smpboot.c -+++ b/arch/x86/kernel/smpboot.c -@@ -990,12 +990,8 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle, - initial_code = (unsigned long)start_secondary; - initial_stack = idle->thread.sp; - -- /* -- * Enable the espfix hack for this CPU -- */ --#ifdef CONFIG_X86_ESPFIX64 -+ /* Enable the espfix hack for this CPU */ - init_espfix_ap(cpu); --#endif - - /* So we see what's up */ - announce_cpu(cpu, apicid); -diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index 757dc6ffc7ba..231b35a76dd9 100644 ---- a/include/asm-generic/pgtable.h -+++ b/include/asm-generic/pgtable.h -@@ -1017,6 +1017,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) - struct file; - int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, - unsigned long size, pgprot_t *vma_prot); -+ -+#ifndef CONFIG_X86_ESPFIX64 -+static inline void init_espfix_bsp(void) { } -+#endif -+ - #endif /* !__ASSEMBLY__ */ - - #ifndef io_remap_pfn_range -diff --git a/init/main.c b/init/main.c -index 0ee9c6866ada..8a390f60ec81 100644 ---- a/init/main.c -+++ b/init/main.c -@@ -504,6 +504,8 @@ static void __init mm_init(void) - pgtable_init(); - vmalloc_init(); - ioremap_huge_init(); -+ /* Should be run before the first non-init thread is created */ -+ init_espfix_bsp(); - } - - asmlinkage __visible void __init start_kernel(void) -@@ -673,10 +675,6 @@ asmlinkage __visible void __init start_kernel(void) - #ifdef CONFIG_X86 - if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi_enter_virtual_mode(); --#endif --#ifdef CONFIG_X86_ESPFIX64 -- /* Should be run before the first non-init thread is created */ -- init_espfix_bsp(); - #endif - thread_stack_cache_init(); - cred_init(); --- -2.15.0 - diff --git a/queue/kvm-x86-fix-RSM-when-PCID-is-non-zero.patch b/queue/kvm-x86-fix-RSM-when-PCID-is-non-zero.patch deleted file mode 100644 index 9254afb..0000000 --- a/queue/kvm-x86-fix-RSM-when-PCID-is-non-zero.patch +++ /dev/null @@ -1,113 +0,0 @@ -From fae1a3e775cca8c3a9e0eb34443b310871a15a92 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini <pbonzini@redhat.com> -Date: Thu, 21 Dec 2017 00:49:14 +0100 -Subject: [PATCH] kvm: x86: fix RSM when PCID is non-zero - -commit fae1a3e775cca8c3a9e0eb34443b310871a15a92 upstream. - -rsm_load_state_64() and rsm_enter_protected_mode() load CR3, then -CR4 & ~PCIDE, then CR0, then CR4. - -However, setting CR4.PCIDE fails if CR3[11:0] != 0. It's probably easier -in the long run to replace rsm_enter_protected_mode() with an emulator -callback that sets all the special registers (like KVM_SET_SREGS would -do). For now, set the PCID field of CR3 only after CR4.PCIDE is 1. - -Reported-by: Laszlo Ersek <lersek@redhat.com> -Tested-by: Laszlo Ersek <lersek@redhat.com> -Fixes: 660a5d517aaab9187f93854425c4c63f4a09195c -Cc: stable@vger.kernel.org -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index abe74f779f9d..b514b2b2845a 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -2390,9 +2390,21 @@ static int rsm_load_seg_64(struct x86_emulate_ctxt *ctxt, u64 smbase, int n) - } - - static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt, -- u64 cr0, u64 cr4) -+ u64 cr0, u64 cr3, u64 cr4) - { - int bad; -+ u64 pcid; -+ -+ /* In order to later set CR4.PCIDE, CR3[11:0] must be zero. */ -+ pcid = 0; -+ if (cr4 & X86_CR4_PCIDE) { -+ pcid = cr3 & 0xfff; -+ cr3 &= ~0xfff; -+ } -+ -+ bad = ctxt->ops->set_cr(ctxt, 3, cr3); -+ if (bad) -+ return X86EMUL_UNHANDLEABLE; - - /* - * First enable PAE, long mode needs it before CR0.PG = 1 is set. -@@ -2411,6 +2423,12 @@ static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt, - bad = ctxt->ops->set_cr(ctxt, 4, cr4); - if (bad) - return X86EMUL_UNHANDLEABLE; -+ if (pcid) { -+ bad = ctxt->ops->set_cr(ctxt, 3, cr3 | pcid); -+ if (bad) -+ return X86EMUL_UNHANDLEABLE; -+ } -+ - } - - return X86EMUL_CONTINUE; -@@ -2421,11 +2439,11 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, u64 smbase) - struct desc_struct desc; - struct desc_ptr dt; - u16 selector; -- u32 val, cr0, cr4; -+ u32 val, cr0, cr3, cr4; - int i; - - cr0 = GET_SMSTATE(u32, smbase, 0x7ffc); -- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u32, smbase, 0x7ff8)); -+ cr3 = GET_SMSTATE(u32, smbase, 0x7ff8); - ctxt->eflags = GET_SMSTATE(u32, smbase, 0x7ff4) | X86_EFLAGS_FIXED; - ctxt->_eip = GET_SMSTATE(u32, smbase, 0x7ff0); - -@@ -2467,14 +2485,14 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, u64 smbase) - - ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7ef8)); - -- return rsm_enter_protected_mode(ctxt, cr0, cr4); -+ return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4); - } - - static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) - { - struct desc_struct desc; - struct desc_ptr dt; -- u64 val, cr0, cr4; -+ u64 val, cr0, cr3, cr4; - u32 base3; - u16 selector; - int i, r; -@@ -2491,7 +2509,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) - ctxt->ops->set_dr(ctxt, 7, (val & DR7_VOLATILE) | DR7_FIXED_1); - - cr0 = GET_SMSTATE(u64, smbase, 0x7f58); -- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u64, smbase, 0x7f50)); -+ cr3 = GET_SMSTATE(u64, smbase, 0x7f50); - cr4 = GET_SMSTATE(u64, smbase, 0x7f48); - ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7f00)); - val = GET_SMSTATE(u64, smbase, 0x7ed0); -@@ -2519,7 +2537,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) - dt.address = GET_SMSTATE(u64, smbase, 0x7e68); - ctxt->ops->set_gdt(ctxt, &dt); - -- r = rsm_enter_protected_mode(ctxt, cr0, cr4); -+ r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4); - if (r != X86EMUL_CONTINUE) - return r; - --- -2.15.0 - diff --git a/queue/series b/queue/series index 4844541..e5ce5f4 100644 --- a/queue/series +++ b/queue/series @@ -81,32 +81,7 @@ bpf-fix-integer-overflows.patch selftests-bpf-add-tests-for-recent-bugfixes.patch linux-compiler.h-Split-into-compiler.h-and-compiler_.patch tools-headers-Sync-objtool-UAPI-header.patch -x86-decoder-Fix-and-update-the-opcodes-map.patch x86-insn-eval-Add-utility-functions-to-get-segment-s.patch -x86-Kconfig-Limit-NR_CPUS-on-32-bit-to-a-sane-amount.patch -x86-mm-dump_pagetables-Check-PAGE_PRESENT-for-real.patch -x86-mm-dump_pagetables-Make-the-address-hints-correc.patch -x86-vsyscall-64-Explicitly-set-_PAGE_USER-in-the-pag.patch -x86-vsyscall-64-Warn-and-fail-vsyscall-emulation-in-.patch -arch-mm-Allow-arch_dup_mmap-to-fail.patch -x86-ldt-Rework-locking.patch -x86-ldt-Prevent-LDT-inheritance-on-exec.patch -x86-mm-64-Improve-the-memory-map-documentation.patch -x86-doc-Remove-obvious-weirdnesses-from-the-x86-MM-l.patch -x86-entry-Rename-SYSENTER_stack-to-CPU_ENTRY_AREA_en.patch -x86-uv-Use-the-right-TLB-flush-API.patch -x86-microcode-Dont-abuse-the-TLB-flush-interface.patch -x86-mm-Use-__flush_tlb_one-for-kernel-memory.patch -x86-mm-Remove-superfluous-barriers.patch -x86-mm-Add-comments-to-clarify-which-TLB-flush-funct.patch -x86-mm-Move-the-CR3-construction-functions-to-tlbflu.patch -x86-mm-Remove-hard-coded-ASID-limit-checks.patch -x86-mm-Put-MMU-to-hardware-ASID-translation-in-one-p.patch -x86-mm-Create-asm-invpcid.h.patch -x86-cpu_entry_area-Move-it-to-a-separate-unit.patch -x86-cpu_entry_area-Move-it-out-of-the-fixmap.patch -init-Invoke-init_espfix_bsp-from-mm_init.patch -x86-cpu_entry_area-Prevent-wraparound-in-setup_cpu_e.patch ACPI-APEI-ERST-Fix-missing-error-handling-in-erst_re.patch acpi-nfit-fix-health-event-notification.patch crypto-skcipher-set-walk.iv-for-zero-length-inputs.patch @@ -120,7 +95,6 @@ ALSA-rawmidi-Avoid-racy-info-ioctl-via-ctl-device.patch ALSA-hda-realtek-Fix-Dell-AIO-LineOut-issue.patch ALSA-hda-Add-vendor-id-for-Cannonlake-HDMI-codec.patch ALSA-usb-audio-Add-native-DSD-support-for-Esoteric-D.patch -ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch PCI-PM-Force-devices-to-D0-in-pci_pm_thaw_noirq.patch block-unalign-call_single_data-in-struct-request.patch block-throttle-avoid-double-charge.patch @@ -131,13 +105,7 @@ Revert-parisc-Re-enable-interrupts-early.patch spi-xilinx-Detect-stall-with-Unknown-commands.patch spi-a3700-Fix-clk-prescaling-for-coefficient-over-15.patch pinctrl-cherryview-Mask-all-interrupts-on-Intel_Stra.patch -arm64-kvm-Prevent-restoring-stale-PMSCR_EL1-for-vcpu.patch -KVM-arm-arm64-Fix-HYP-unmapping-going-off-limits.patch -KVM-PPC-Book3S-fix-XIVE-migration-of-pending-interru.patch -KVM-PPC-Book3S-HV-Fix-pending_pri-value-in-kvmppc_xi.patch KVM-MMU-Fix-infinite-loop-when-there-is-no-available.patch -KVM-X86-Fix-load-RFLAGS-w-o-the-fixed-bit.patch -kvm-x86-fix-RSM-when-PCID-is-non-zero.patch clk-sunxi-sun9i-mmc-Implement-reset-callback-for-res.patch powerpc-perf-Dereference-BHRB-entries-safely.patch drm-i915-Flush-pending-GTT-writes-before-unbinding.patch diff --git a/queue/x86-Kconfig-Limit-NR_CPUS-on-32-bit-to-a-sane-amount.patch b/queue/x86-Kconfig-Limit-NR_CPUS-on-32-bit-to-a-sane-amount.patch deleted file mode 100644 index 6315bcc..0000000 --- a/queue/x86-Kconfig-Limit-NR_CPUS-on-32-bit-to-a-sane-amount.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 7bbcbd3d1cdcbacd0f9f8dc4c98d550972f1ca30 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 20 Dec 2017 18:02:34 +0100 -Subject: [PATCH] x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount - -commit 7bbcbd3d1cdcbacd0f9f8dc4c98d550972f1ca30 upstream. - -The recent cpu_entry_area changes fail to compile on 32-bit when BIGSMP=y -and NR_CPUS=512, because the fixmap area becomes too big. - -Limit the number of CPUs with BIGSMP to 64, which is already way to big for -32-bit, but it's at least a working limitation. - -We performed a quick survey of 32-bit-only machines that might be affected -by this change negatively, but found none. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 665eba1b6103..cd5199de231e 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -925,7 +925,8 @@ config MAXSMP - config NR_CPUS - int "Maximum number of CPUs" if SMP && !MAXSMP - range 2 8 if SMP && X86_32 && !X86_BIGSMP -- range 2 512 if SMP && !MAXSMP && !CPUMASK_OFFSTACK -+ range 2 64 if SMP && X86_32 && X86_BIGSMP -+ range 2 512 if SMP && !MAXSMP && !CPUMASK_OFFSTACK && X86_64 - range 2 8192 if SMP && !MAXSMP && CPUMASK_OFFSTACK && X86_64 - default "1" if !SMP - default "8192" if MAXSMP --- -2.15.0 - diff --git a/queue/x86-cpu_entry_area-Move-it-out-of-the-fixmap.patch b/queue/x86-cpu_entry_area-Move-it-out-of-the-fixmap.patch deleted file mode 100644 index d1454fe..0000000 --- a/queue/x86-cpu_entry_area-Move-it-out-of-the-fixmap.patch +++ /dev/null @@ -1,562 +0,0 @@ -From 92a0f81d89571e3e8759366e050ee05cc545ef99 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 20 Dec 2017 18:51:31 +0100 -Subject: [PATCH] x86/cpu_entry_area: Move it out of the fixmap - -commit 92a0f81d89571e3e8759366e050ee05cc545ef99 upstream. - -Put the cpu_entry_area into a separate P4D entry. The fixmap gets too big -and 0-day already hit a case where the fixmap PTEs were cleared by -cleanup_highmap(). - -Aside of that the fixmap API is a pain as it's all backwards. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt -index 63a41671d25b..51101708a03a 100644 ---- a/Documentation/x86/x86_64/mm.txt -+++ b/Documentation/x86/x86_64/mm.txt -@@ -12,6 +12,7 @@ ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) - ... unused hole ... - ffffec0000000000 - fffffbffffffffff (=44 bits) kasan shadow memory (16TB) - ... unused hole ... -+fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping - ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks - ... unused hole ... - ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space -@@ -35,6 +36,7 @@ ffd4000000000000 - ffd5ffffffffffff (=49 bits) virtual memory map (512TB) - ... unused hole ... - ffdf000000000000 - fffffc0000000000 (=53 bits) kasan shadow memory (8PB) - ... unused hole ... -+fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping - ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks - ... unused hole ... - ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space -diff --git a/arch/x86/include/asm/cpu_entry_area.h b/arch/x86/include/asm/cpu_entry_area.h -index 5471826803af..2fbc69a0916e 100644 ---- a/arch/x86/include/asm/cpu_entry_area.h -+++ b/arch/x86/include/asm/cpu_entry_area.h -@@ -43,10 +43,26 @@ struct cpu_entry_area { - }; - - #define CPU_ENTRY_AREA_SIZE (sizeof(struct cpu_entry_area)) --#define CPU_ENTRY_AREA_PAGES (CPU_ENTRY_AREA_SIZE / PAGE_SIZE) -+#define CPU_ENTRY_AREA_TOT_SIZE (CPU_ENTRY_AREA_SIZE * NR_CPUS) - - DECLARE_PER_CPU(struct cpu_entry_area *, cpu_entry_area); - - extern void setup_cpu_entry_areas(void); -+extern void cea_set_pte(void *cea_vaddr, phys_addr_t pa, pgprot_t flags); -+ -+#define CPU_ENTRY_AREA_RO_IDT CPU_ENTRY_AREA_BASE -+#define CPU_ENTRY_AREA_PER_CPU (CPU_ENTRY_AREA_RO_IDT + PAGE_SIZE) -+ -+#define CPU_ENTRY_AREA_RO_IDT_VADDR ((void *)CPU_ENTRY_AREA_RO_IDT) -+ -+#define CPU_ENTRY_AREA_MAP_SIZE \ -+ (CPU_ENTRY_AREA_PER_CPU + CPU_ENTRY_AREA_TOT_SIZE - CPU_ENTRY_AREA_BASE) -+ -+extern struct cpu_entry_area *get_cpu_entry_area(int cpu); -+ -+static inline struct entry_stack *cpu_entry_stack(int cpu) -+{ -+ return &get_cpu_entry_area(cpu)->entry_stack_page.stack; -+} - - #endif -diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 2ace1f90d138..bc359dd2f7f6 100644 ---- a/arch/x86/include/asm/desc.h -+++ b/arch/x86/include/asm/desc.h -@@ -7,6 +7,7 @@ - #include <asm/mmu.h> - #include <asm/fixmap.h> - #include <asm/irq_vectors.h> -+#include <asm/cpu_entry_area.h> - - #include <linux/smp.h> - #include <linux/percpu.h> -diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h -index fb801662a230..64c4a30e0d39 100644 ---- a/arch/x86/include/asm/fixmap.h -+++ b/arch/x86/include/asm/fixmap.h -@@ -25,7 +25,6 @@ - #else - #include <uapi/asm/vsyscall.h> - #endif --#include <asm/cpu_entry_area.h> - - /* - * We can't declare FIXADDR_TOP as variable for x86_64 because vsyscall -@@ -84,7 +83,6 @@ enum fixed_addresses { - FIX_IO_APIC_BASE_0, - FIX_IO_APIC_BASE_END = FIX_IO_APIC_BASE_0 + MAX_IO_APICS - 1, - #endif -- FIX_RO_IDT, /* Virtual mapping for read-only IDT */ - #ifdef CONFIG_X86_32 - FIX_KMAP_BEGIN, /* reserved pte's for temporary kernel mappings */ - FIX_KMAP_END = FIX_KMAP_BEGIN+(KM_TYPE_NR*NR_CPUS)-1, -@@ -100,9 +98,6 @@ enum fixed_addresses { - #ifdef CONFIG_X86_INTEL_MID - FIX_LNW_VRTC, - #endif -- /* Fixmap entries to remap the GDTs, one per processor. */ -- FIX_CPU_ENTRY_AREA_TOP, -- FIX_CPU_ENTRY_AREA_BOTTOM = FIX_CPU_ENTRY_AREA_TOP + (CPU_ENTRY_AREA_PAGES * NR_CPUS) - 1, - - #ifdef CONFIG_ACPI_APEI_GHES - /* Used for GHES mapping from assorted contexts */ -@@ -143,7 +138,7 @@ enum fixed_addresses { - extern void reserve_top_address(unsigned long reserve); - - #define FIXADDR_SIZE (__end_of_permanent_fixed_addresses << PAGE_SHIFT) --#define FIXADDR_START (FIXADDR_TOP - FIXADDR_SIZE) -+#define FIXADDR_START (FIXADDR_TOP - FIXADDR_SIZE) - - extern int fixmaps_set; - -@@ -191,30 +186,5 @@ void __init *early_memremap_decrypted_wp(resource_size_t phys_addr, - void __early_set_fixmap(enum fixed_addresses idx, - phys_addr_t phys, pgprot_t flags); - --static inline unsigned int __get_cpu_entry_area_page_index(int cpu, int page) --{ -- BUILD_BUG_ON(sizeof(struct cpu_entry_area) % PAGE_SIZE != 0); -- -- return FIX_CPU_ENTRY_AREA_BOTTOM - cpu*CPU_ENTRY_AREA_PAGES - page; --} -- --#define __get_cpu_entry_area_offset_index(cpu, offset) ({ \ -- BUILD_BUG_ON(offset % PAGE_SIZE != 0); \ -- __get_cpu_entry_area_page_index(cpu, offset / PAGE_SIZE); \ -- }) -- --#define get_cpu_entry_area_index(cpu, field) \ -- __get_cpu_entry_area_offset_index((cpu), offsetof(struct cpu_entry_area, field)) -- --static inline struct cpu_entry_area *get_cpu_entry_area(int cpu) --{ -- return (struct cpu_entry_area *)__fix_to_virt(__get_cpu_entry_area_page_index(cpu, 0)); --} -- --static inline struct entry_stack *cpu_entry_stack(int cpu) --{ -- return &get_cpu_entry_area(cpu)->entry_stack_page.stack; --} -- - #endif /* !__ASSEMBLY__ */ - #endif /* _ASM_X86_FIXMAP_H */ -diff --git a/arch/x86/include/asm/pgtable_32_types.h b/arch/x86/include/asm/pgtable_32_types.h -index f2ca9b28fd68..ce245b0cdfca 100644 ---- a/arch/x86/include/asm/pgtable_32_types.h -+++ b/arch/x86/include/asm/pgtable_32_types.h -@@ -38,13 +38,22 @@ extern bool __vmalloc_start_set; /* set once high_memory is set */ - #define LAST_PKMAP 1024 - #endif - --#define PKMAP_BASE ((FIXADDR_START - PAGE_SIZE * (LAST_PKMAP + 1)) \ -- & PMD_MASK) -+/* -+ * Define this here and validate with BUILD_BUG_ON() in pgtable_32.c -+ * to avoid include recursion hell -+ */ -+#define CPU_ENTRY_AREA_PAGES (NR_CPUS * 40) -+ -+#define CPU_ENTRY_AREA_BASE \ -+ ((FIXADDR_START - PAGE_SIZE * (CPU_ENTRY_AREA_PAGES + 1)) & PMD_MASK) -+ -+#define PKMAP_BASE \ -+ ((CPU_ENTRY_AREA_BASE - PAGE_SIZE) & PMD_MASK) - - #ifdef CONFIG_HIGHMEM - # define VMALLOC_END (PKMAP_BASE - 2 * PAGE_SIZE) - #else --# define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE) -+# define VMALLOC_END (CPU_ENTRY_AREA_BASE - 2 * PAGE_SIZE) - #endif - - #define MODULES_VADDR VMALLOC_START -diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h -index 6d5f45dcd4a1..3d27831bc58d 100644 ---- a/arch/x86/include/asm/pgtable_64_types.h -+++ b/arch/x86/include/asm/pgtable_64_types.h -@@ -76,32 +76,41 @@ typedef struct { pteval_t pte; } pte_t; - #define PGDIR_MASK (~(PGDIR_SIZE - 1)) - - /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */ --#define MAXMEM _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL) -+#define MAXMEM _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL) -+ - #ifdef CONFIG_X86_5LEVEL --#define VMALLOC_SIZE_TB _AC(16384, UL) --#define __VMALLOC_BASE _AC(0xff92000000000000, UL) --#define __VMEMMAP_BASE _AC(0xffd4000000000000, UL) -+# define VMALLOC_SIZE_TB _AC(16384, UL) -+# define __VMALLOC_BASE _AC(0xff92000000000000, UL) -+# define __VMEMMAP_BASE _AC(0xffd4000000000000, UL) - #else --#define VMALLOC_SIZE_TB _AC(32, UL) --#define __VMALLOC_BASE _AC(0xffffc90000000000, UL) --#define __VMEMMAP_BASE _AC(0xffffea0000000000, UL) -+# define VMALLOC_SIZE_TB _AC(32, UL) -+# define __VMALLOC_BASE _AC(0xffffc90000000000, UL) -+# define __VMEMMAP_BASE _AC(0xffffea0000000000, UL) - #endif -+ - #ifdef CONFIG_RANDOMIZE_MEMORY --#define VMALLOC_START vmalloc_base --#define VMEMMAP_START vmemmap_base -+# define VMALLOC_START vmalloc_base -+# define VMEMMAP_START vmemmap_base - #else --#define VMALLOC_START __VMALLOC_BASE --#define VMEMMAP_START __VMEMMAP_BASE -+# define VMALLOC_START __VMALLOC_BASE -+# define VMEMMAP_START __VMEMMAP_BASE - #endif /* CONFIG_RANDOMIZE_MEMORY */ --#define VMALLOC_END (VMALLOC_START + _AC((VMALLOC_SIZE_TB << 40) - 1, UL)) --#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) -+ -+#define VMALLOC_END (VMALLOC_START + _AC((VMALLOC_SIZE_TB << 40) - 1, UL)) -+ -+#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) - /* The module sections ends with the start of the fixmap */ --#define MODULES_END __fix_to_virt(__end_of_fixed_addresses + 1) --#define MODULES_LEN (MODULES_END - MODULES_VADDR) --#define ESPFIX_PGD_ENTRY _AC(-2, UL) --#define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << P4D_SHIFT) --#define EFI_VA_START ( -4 * (_AC(1, UL) << 30)) --#define EFI_VA_END (-68 * (_AC(1, UL) << 30)) -+#define MODULES_END __fix_to_virt(__end_of_fixed_addresses + 1) -+#define MODULES_LEN (MODULES_END - MODULES_VADDR) -+ -+#define ESPFIX_PGD_ENTRY _AC(-2, UL) -+#define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << P4D_SHIFT) -+ -+#define CPU_ENTRY_AREA_PGD _AC(-3, UL) -+#define CPU_ENTRY_AREA_BASE (CPU_ENTRY_AREA_PGD << P4D_SHIFT) -+ -+#define EFI_VA_START ( -4 * (_AC(1, UL) << 30)) -+#define EFI_VA_END (-68 * (_AC(1, UL) << 30)) - - #define EARLY_DYNAMIC_PAGE_TABLES 64 - -diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index 1dd3f533d78c..36b17e0febe8 100644 ---- a/arch/x86/kernel/dumpstack.c -+++ b/arch/x86/kernel/dumpstack.c -@@ -18,6 +18,7 @@ - #include <linux/nmi.h> - #include <linux/sysfs.h> - -+#include <asm/cpu_entry_area.h> - #include <asm/stacktrace.h> - #include <asm/unwind.h> - -diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 464daed6894f..7c16fe0b60c2 100644 ---- a/arch/x86/kernel/traps.c -+++ b/arch/x86/kernel/traps.c -@@ -951,8 +951,9 @@ void __init trap_init(void) - * "sidt" instruction will not leak the location of the kernel, and - * to defend the IDT against arbitrary memory write vulnerabilities. - * It will be reloaded in cpu_init() */ -- __set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO); -- idt_descr.address = fix_to_virt(FIX_RO_IDT); -+ cea_set_pte(CPU_ENTRY_AREA_RO_IDT_VADDR, __pa_symbol(idt_table), -+ PAGE_KERNEL_RO); -+ idt_descr.address = CPU_ENTRY_AREA_RO_IDT; - - /* - * Should be a barrier for any external CPU state: -diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c -index 235ff9cfaaf4..21e8b595cbb1 100644 ---- a/arch/x86/mm/cpu_entry_area.c -+++ b/arch/x86/mm/cpu_entry_area.c -@@ -15,11 +15,27 @@ static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks - [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]); - #endif - -+struct cpu_entry_area *get_cpu_entry_area(int cpu) -+{ -+ unsigned long va = CPU_ENTRY_AREA_PER_CPU + cpu * CPU_ENTRY_AREA_SIZE; -+ BUILD_BUG_ON(sizeof(struct cpu_entry_area) % PAGE_SIZE != 0); -+ -+ return (struct cpu_entry_area *) va; -+} -+EXPORT_SYMBOL(get_cpu_entry_area); -+ -+void cea_set_pte(void *cea_vaddr, phys_addr_t pa, pgprot_t flags) -+{ -+ unsigned long va = (unsigned long) cea_vaddr; -+ -+ set_pte_vaddr(va, pfn_pte(pa >> PAGE_SHIFT, flags)); -+} -+ - static void __init --set_percpu_fixmap_pages(int idx, void *ptr, int pages, pgprot_t prot) -+cea_map_percpu_pages(void *cea_vaddr, void *ptr, int pages, pgprot_t prot) - { -- for ( ; pages; pages--, idx--, ptr += PAGE_SIZE) -- __set_fixmap(idx, per_cpu_ptr_to_phys(ptr), prot); -+ for ( ; pages; pages--, cea_vaddr+= PAGE_SIZE, ptr += PAGE_SIZE) -+ cea_set_pte(cea_vaddr, per_cpu_ptr_to_phys(ptr), prot); - } - - /* Setup the fixmap mappings only once per-processor */ -@@ -47,10 +63,12 @@ static void __init setup_cpu_entry_area(int cpu) - pgprot_t tss_prot = PAGE_KERNEL; - #endif - -- __set_fixmap(get_cpu_entry_area_index(cpu, gdt), get_cpu_gdt_paddr(cpu), gdt_prot); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, entry_stack_page), -- per_cpu_ptr(&entry_stack_storage, cpu), 1, -- PAGE_KERNEL); -+ cea_set_pte(&get_cpu_entry_area(cpu)->gdt, get_cpu_gdt_paddr(cpu), -+ gdt_prot); -+ -+ cea_map_percpu_pages(&get_cpu_entry_area(cpu)->entry_stack_page, -+ per_cpu_ptr(&entry_stack_storage, cpu), 1, -+ PAGE_KERNEL); - - /* - * The Intel SDM says (Volume 3, 7.2.1): -@@ -72,10 +90,9 @@ static void __init setup_cpu_entry_area(int cpu) - BUILD_BUG_ON((offsetof(struct tss_struct, x86_tss) ^ - offsetofend(struct tss_struct, x86_tss)) & PAGE_MASK); - BUILD_BUG_ON(sizeof(struct tss_struct) % PAGE_SIZE != 0); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, tss), -- &per_cpu(cpu_tss_rw, cpu), -- sizeof(struct tss_struct) / PAGE_SIZE, -- tss_prot); -+ cea_map_percpu_pages(&get_cpu_entry_area(cpu)->tss, -+ &per_cpu(cpu_tss_rw, cpu), -+ sizeof(struct tss_struct) / PAGE_SIZE, tss_prot); - - #ifdef CONFIG_X86_32 - per_cpu(cpu_entry_area, cpu) = get_cpu_entry_area(cpu); -@@ -85,20 +102,37 @@ static void __init setup_cpu_entry_area(int cpu) - BUILD_BUG_ON(sizeof(exception_stacks) % PAGE_SIZE != 0); - BUILD_BUG_ON(sizeof(exception_stacks) != - sizeof(((struct cpu_entry_area *)0)->exception_stacks)); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, exception_stacks), -- &per_cpu(exception_stacks, cpu), -- sizeof(exception_stacks) / PAGE_SIZE, -- PAGE_KERNEL); -+ cea_map_percpu_pages(&get_cpu_entry_area(cpu)->exception_stacks, -+ &per_cpu(exception_stacks, cpu), -+ sizeof(exception_stacks) / PAGE_SIZE, PAGE_KERNEL); - -- __set_fixmap(get_cpu_entry_area_index(cpu, entry_trampoline), -+ cea_set_pte(&get_cpu_entry_area(cpu)->entry_trampoline, - __pa_symbol(_entry_trampoline), PAGE_KERNEL_RX); - #endif - } - -+static __init void setup_cpu_entry_area_ptes(void) -+{ -+#ifdef CONFIG_X86_32 -+ unsigned long start, end; -+ -+ BUILD_BUG_ON(CPU_ENTRY_AREA_PAGES * PAGE_SIZE < CPU_ENTRY_AREA_MAP_SIZE); -+ BUG_ON(CPU_ENTRY_AREA_BASE & ~PMD_MASK); -+ -+ start = CPU_ENTRY_AREA_BASE; -+ end = start + CPU_ENTRY_AREA_MAP_SIZE; -+ -+ for (; start < end; start += PMD_SIZE) -+ populate_extra_pte(start); -+#endif -+} -+ - void __init setup_cpu_entry_areas(void) - { - unsigned int cpu; - -+ setup_cpu_entry_area_ptes(); -+ - for_each_possible_cpu(cpu) - setup_cpu_entry_area(cpu); - } -diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c -index fdf09d8f98da..43dedbfb7257 100644 ---- a/arch/x86/mm/dump_pagetables.c -+++ b/arch/x86/mm/dump_pagetables.c -@@ -58,6 +58,7 @@ enum address_markers_idx { - KASAN_SHADOW_START_NR, - KASAN_SHADOW_END_NR, - #endif -+ CPU_ENTRY_AREA_NR, - #ifdef CONFIG_X86_ESPFIX64 - ESPFIX_START_NR, - #endif -@@ -81,6 +82,7 @@ static struct addr_marker address_markers[] = { - [KASAN_SHADOW_START_NR] = { KASAN_SHADOW_START, "KASAN shadow" }, - [KASAN_SHADOW_END_NR] = { KASAN_SHADOW_END, "KASAN shadow end" }, - #endif -+ [CPU_ENTRY_AREA_NR] = { CPU_ENTRY_AREA_BASE,"CPU entry Area" }, - #ifdef CONFIG_X86_ESPFIX64 - [ESPFIX_START_NR] = { ESPFIX_BASE_ADDR, "ESPfix Area", 16 }, - #endif -@@ -104,6 +106,7 @@ enum address_markers_idx { - #ifdef CONFIG_HIGHMEM - PKMAP_BASE_NR, - #endif -+ CPU_ENTRY_AREA_NR, - FIXADDR_START_NR, - END_OF_SPACE_NR, - }; -@@ -116,6 +119,7 @@ static struct addr_marker address_markers[] = { - #ifdef CONFIG_HIGHMEM - [PKMAP_BASE_NR] = { 0UL, "Persistent kmap() Area" }, - #endif -+ [CPU_ENTRY_AREA_NR] = { 0UL, "CPU entry area" }, - [FIXADDR_START_NR] = { 0UL, "Fixmap area" }, - [END_OF_SPACE_NR] = { -1, NULL } - }; -@@ -541,8 +545,8 @@ static int __init pt_dump_init(void) - address_markers[PKMAP_BASE_NR].start_address = PKMAP_BASE; - # endif - address_markers[FIXADDR_START_NR].start_address = FIXADDR_START; -+ address_markers[CPU_ENTRY_AREA_NR].start_address = CPU_ENTRY_AREA_BASE; - #endif -- - return 0; - } - __initcall(pt_dump_init); -diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 8a64a6f2848d..135c9a7898c7 100644 ---- a/arch/x86/mm/init_32.c -+++ b/arch/x86/mm/init_32.c -@@ -50,6 +50,7 @@ - #include <asm/setup.h> - #include <asm/set_memory.h> - #include <asm/page_types.h> -+#include <asm/cpu_entry_area.h> - #include <asm/init.h> - - #include "mm_internal.h" -@@ -766,6 +767,7 @@ void __init mem_init(void) - mem_init_print_info(NULL); - printk(KERN_INFO "virtual kernel memory layout:\n" - " fixmap : 0x%08lx - 0x%08lx (%4ld kB)\n" -+ " cpu_entry : 0x%08lx - 0x%08lx (%4ld kB)\n" - #ifdef CONFIG_HIGHMEM - " pkmap : 0x%08lx - 0x%08lx (%4ld kB)\n" - #endif -@@ -777,6 +779,10 @@ void __init mem_init(void) - FIXADDR_START, FIXADDR_TOP, - (FIXADDR_TOP - FIXADDR_START) >> 10, - -+ CPU_ENTRY_AREA_BASE, -+ CPU_ENTRY_AREA_BASE + CPU_ENTRY_AREA_MAP_SIZE, -+ CPU_ENTRY_AREA_MAP_SIZE >> 10, -+ - #ifdef CONFIG_HIGHMEM - PKMAP_BASE, PKMAP_BASE+LAST_PKMAP*PAGE_SIZE, - (LAST_PKMAP*PAGE_SIZE) >> 10, -diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c -index 9ec70d780f1f..47388f0c0e59 100644 ---- a/arch/x86/mm/kasan_init_64.c -+++ b/arch/x86/mm/kasan_init_64.c -@@ -15,6 +15,7 @@ - #include <asm/tlbflush.h> - #include <asm/sections.h> - #include <asm/pgtable.h> -+#include <asm/cpu_entry_area.h> - - extern struct range pfn_mapped[E820_MAX_ENTRIES]; - -@@ -322,31 +323,33 @@ void __init kasan_init(void) - map_range(&pfn_mapped[i]); - } - -- kasan_populate_zero_shadow( -- kasan_mem_to_shadow((void *)PAGE_OFFSET + MAXMEM), -- kasan_mem_to_shadow((void *)__START_KERNEL_map)); -- -- kasan_populate_shadow((unsigned long)kasan_mem_to_shadow(_stext), -- (unsigned long)kasan_mem_to_shadow(_end), -- early_pfn_to_nid(__pa(_stext))); -- -- shadow_cpu_entry_begin = (void *)__fix_to_virt(FIX_CPU_ENTRY_AREA_BOTTOM); -+ shadow_cpu_entry_begin = (void *)CPU_ENTRY_AREA_BASE; - shadow_cpu_entry_begin = kasan_mem_to_shadow(shadow_cpu_entry_begin); - shadow_cpu_entry_begin = (void *)round_down((unsigned long)shadow_cpu_entry_begin, - PAGE_SIZE); - -- shadow_cpu_entry_end = (void *)(__fix_to_virt(FIX_CPU_ENTRY_AREA_TOP) + PAGE_SIZE); -+ shadow_cpu_entry_end = (void *)(CPU_ENTRY_AREA_BASE + -+ CPU_ENTRY_AREA_MAP_SIZE); - shadow_cpu_entry_end = kasan_mem_to_shadow(shadow_cpu_entry_end); - shadow_cpu_entry_end = (void *)round_up((unsigned long)shadow_cpu_entry_end, - PAGE_SIZE); - -- kasan_populate_zero_shadow(kasan_mem_to_shadow((void *)MODULES_END), -- shadow_cpu_entry_begin); -+ kasan_populate_zero_shadow( -+ kasan_mem_to_shadow((void *)PAGE_OFFSET + MAXMEM), -+ shadow_cpu_entry_begin); - - kasan_populate_shadow((unsigned long)shadow_cpu_entry_begin, - (unsigned long)shadow_cpu_entry_end, 0); - -- kasan_populate_zero_shadow(shadow_cpu_entry_end, (void *)KASAN_SHADOW_END); -+ kasan_populate_zero_shadow(shadow_cpu_entry_end, -+ kasan_mem_to_shadow((void *)__START_KERNEL_map)); -+ -+ kasan_populate_shadow((unsigned long)kasan_mem_to_shadow(_stext), -+ (unsigned long)kasan_mem_to_shadow(_end), -+ early_pfn_to_nid(__pa(_stext))); -+ -+ kasan_populate_zero_shadow(kasan_mem_to_shadow((void *)MODULES_END), -+ (void *)KASAN_SHADOW_END); - - load_cr3(init_top_pgt); - __flush_tlb_all(); -diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c -index 6b9bf023a700..c3c5274410a9 100644 ---- a/arch/x86/mm/pgtable_32.c -+++ b/arch/x86/mm/pgtable_32.c -@@ -10,6 +10,7 @@ - #include <linux/pagemap.h> - #include <linux/spinlock.h> - -+#include <asm/cpu_entry_area.h> - #include <asm/pgtable.h> - #include <asm/pgalloc.h> - #include <asm/fixmap.h> -diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c -index c2454237fa67..a0e2b8c6e5c7 100644 ---- a/arch/x86/xen/mmu_pv.c -+++ b/arch/x86/xen/mmu_pv.c -@@ -2261,7 +2261,6 @@ static void xen_set_fixmap(unsigned idx, phys_addr_t phys, pgprot_t prot) - - switch (idx) { - case FIX_BTMAP_END ... FIX_BTMAP_BEGIN: -- case FIX_RO_IDT: - #ifdef CONFIG_X86_32 - case FIX_WP_TEST: - # ifdef CONFIG_HIGHMEM -@@ -2272,7 +2271,6 @@ static void xen_set_fixmap(unsigned idx, phys_addr_t phys, pgprot_t prot) - #endif - case FIX_TEXT_POKE0: - case FIX_TEXT_POKE1: -- case FIX_CPU_ENTRY_AREA_TOP ... FIX_CPU_ENTRY_AREA_BOTTOM: - /* All local page mappings */ - pte = pfn_pte(phys, prot); - break; --- -2.15.0 - diff --git a/queue/x86-cpu_entry_area-Move-it-to-a-separate-unit.patch b/queue/x86-cpu_entry_area-Move-it-to-a-separate-unit.patch deleted file mode 100644 index b462e5d..0000000 --- a/queue/x86-cpu_entry_area-Move-it-to-a-separate-unit.patch +++ /dev/null @@ -1,382 +0,0 @@ -From ed1bbc40a0d10e0c5c74fe7bdc6298295cf40255 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 20 Dec 2017 18:28:54 +0100 -Subject: [PATCH] x86/cpu_entry_area: Move it to a separate unit - -commit ed1bbc40a0d10e0c5c74fe7bdc6298295cf40255 upstream. - -Separate the cpu_entry_area code out of cpu/common.c and the fixmap. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/cpu_entry_area.h b/arch/x86/include/asm/cpu_entry_area.h -new file mode 100644 -index 000000000000..5471826803af ---- /dev/null -+++ b/arch/x86/include/asm/cpu_entry_area.h -@@ -0,0 +1,52 @@ -+// SPDX-License-Identifier: GPL-2.0 -+ -+#ifndef _ASM_X86_CPU_ENTRY_AREA_H -+#define _ASM_X86_CPU_ENTRY_AREA_H -+ -+#include <linux/percpu-defs.h> -+#include <asm/processor.h> -+ -+/* -+ * cpu_entry_area is a percpu region that contains things needed by the CPU -+ * and early entry/exit code. Real types aren't used for all fields here -+ * to avoid circular header dependencies. -+ * -+ * Every field is a virtual alias of some other allocated backing store. -+ * There is no direct allocation of a struct cpu_entry_area. -+ */ -+struct cpu_entry_area { -+ char gdt[PAGE_SIZE]; -+ -+ /* -+ * The GDT is just below entry_stack and thus serves (on x86_64) as -+ * a a read-only guard page. -+ */ -+ struct entry_stack_page entry_stack_page; -+ -+ /* -+ * On x86_64, the TSS is mapped RO. On x86_32, it's mapped RW because -+ * we need task switches to work, and task switches write to the TSS. -+ */ -+ struct tss_struct tss; -+ -+ char entry_trampoline[PAGE_SIZE]; -+ -+#ifdef CONFIG_X86_64 -+ /* -+ * Exception stacks used for IST entries. -+ * -+ * In the future, this should have a separate slot for each stack -+ * with guard pages between them. -+ */ -+ char exception_stacks[(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]; -+#endif -+}; -+ -+#define CPU_ENTRY_AREA_SIZE (sizeof(struct cpu_entry_area)) -+#define CPU_ENTRY_AREA_PAGES (CPU_ENTRY_AREA_SIZE / PAGE_SIZE) -+ -+DECLARE_PER_CPU(struct cpu_entry_area *, cpu_entry_area); -+ -+extern void setup_cpu_entry_areas(void); -+ -+#endif -diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h -index 8153b8d86a3c..fb801662a230 100644 ---- a/arch/x86/include/asm/fixmap.h -+++ b/arch/x86/include/asm/fixmap.h -@@ -25,6 +25,7 @@ - #else - #include <uapi/asm/vsyscall.h> - #endif -+#include <asm/cpu_entry_area.h> - - /* - * We can't declare FIXADDR_TOP as variable for x86_64 because vsyscall -@@ -44,46 +45,6 @@ extern unsigned long __FIXADDR_TOP; - PAGE_SIZE) - #endif - --/* -- * cpu_entry_area is a percpu region in the fixmap that contains things -- * needed by the CPU and early entry/exit code. Real types aren't used -- * for all fields here to avoid circular header dependencies. -- * -- * Every field is a virtual alias of some other allocated backing store. -- * There is no direct allocation of a struct cpu_entry_area. -- */ --struct cpu_entry_area { -- char gdt[PAGE_SIZE]; -- -- /* -- * The GDT is just below entry_stack and thus serves (on x86_64) as -- * a a read-only guard page. -- */ -- struct entry_stack_page entry_stack_page; -- -- /* -- * On x86_64, the TSS is mapped RO. On x86_32, it's mapped RW because -- * we need task switches to work, and task switches write to the TSS. -- */ -- struct tss_struct tss; -- -- char entry_trampoline[PAGE_SIZE]; -- --#ifdef CONFIG_X86_64 -- /* -- * Exception stacks used for IST entries. -- * -- * In the future, this should have a separate slot for each stack -- * with guard pages between them. -- */ -- char exception_stacks[(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]; --#endif --}; -- --#define CPU_ENTRY_AREA_PAGES (sizeof(struct cpu_entry_area) / PAGE_SIZE) -- --extern void setup_cpu_entry_areas(void); -- - /* - * Here we define all the compile-time 'special' virtual - * addresses. The point is to have a constant address at -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index ed4acbce37a8..8ddcfa4d4165 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -482,102 +482,8 @@ static const unsigned int exception_stack_sizes[N_EXCEPTION_STACKS] = { - [0 ... N_EXCEPTION_STACKS - 1] = EXCEPTION_STKSZ, - [DEBUG_STACK - 1] = DEBUG_STKSZ - }; -- --static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks -- [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]); --#endif -- --static DEFINE_PER_CPU_PAGE_ALIGNED(struct entry_stack_page, -- entry_stack_storage); -- --static void __init --set_percpu_fixmap_pages(int idx, void *ptr, int pages, pgprot_t prot) --{ -- for ( ; pages; pages--, idx--, ptr += PAGE_SIZE) -- __set_fixmap(idx, per_cpu_ptr_to_phys(ptr), prot); --} -- --/* Setup the fixmap mappings only once per-processor */ --static void __init setup_cpu_entry_area(int cpu) --{ --#ifdef CONFIG_X86_64 -- extern char _entry_trampoline[]; -- -- /* On 64-bit systems, we use a read-only fixmap GDT and TSS. */ -- pgprot_t gdt_prot = PAGE_KERNEL_RO; -- pgprot_t tss_prot = PAGE_KERNEL_RO; --#else -- /* -- * On native 32-bit systems, the GDT cannot be read-only because -- * our double fault handler uses a task gate, and entering through -- * a task gate needs to change an available TSS to busy. If the -- * GDT is read-only, that will triple fault. The TSS cannot be -- * read-only because the CPU writes to it on task switches. -- * -- * On Xen PV, the GDT must be read-only because the hypervisor -- * requires it. -- */ -- pgprot_t gdt_prot = boot_cpu_has(X86_FEATURE_XENPV) ? -- PAGE_KERNEL_RO : PAGE_KERNEL; -- pgprot_t tss_prot = PAGE_KERNEL; --#endif -- -- __set_fixmap(get_cpu_entry_area_index(cpu, gdt), get_cpu_gdt_paddr(cpu), gdt_prot); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, entry_stack_page), -- per_cpu_ptr(&entry_stack_storage, cpu), 1, -- PAGE_KERNEL); -- -- /* -- * The Intel SDM says (Volume 3, 7.2.1): -- * -- * Avoid placing a page boundary in the part of the TSS that the -- * processor reads during a task switch (the first 104 bytes). The -- * processor may not correctly perform address translations if a -- * boundary occurs in this area. During a task switch, the processor -- * reads and writes into the first 104 bytes of each TSS (using -- * contiguous physical addresses beginning with the physical address -- * of the first byte of the TSS). So, after TSS access begins, if -- * part of the 104 bytes is not physically contiguous, the processor -- * will access incorrect information without generating a page-fault -- * exception. -- * -- * There are also a lot of errata involving the TSS spanning a page -- * boundary. Assert that we're not doing that. -- */ -- BUILD_BUG_ON((offsetof(struct tss_struct, x86_tss) ^ -- offsetofend(struct tss_struct, x86_tss)) & PAGE_MASK); -- BUILD_BUG_ON(sizeof(struct tss_struct) % PAGE_SIZE != 0); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, tss), -- &per_cpu(cpu_tss_rw, cpu), -- sizeof(struct tss_struct) / PAGE_SIZE, -- tss_prot); -- --#ifdef CONFIG_X86_32 -- per_cpu(cpu_entry_area, cpu) = get_cpu_entry_area(cpu); - #endif - --#ifdef CONFIG_X86_64 -- BUILD_BUG_ON(sizeof(exception_stacks) % PAGE_SIZE != 0); -- BUILD_BUG_ON(sizeof(exception_stacks) != -- sizeof(((struct cpu_entry_area *)0)->exception_stacks)); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, exception_stacks), -- &per_cpu(exception_stacks, cpu), -- sizeof(exception_stacks) / PAGE_SIZE, -- PAGE_KERNEL); -- -- __set_fixmap(get_cpu_entry_area_index(cpu, entry_trampoline), -- __pa_symbol(_entry_trampoline), PAGE_KERNEL_RX); --#endif --} -- --void __init setup_cpu_entry_areas(void) --{ -- unsigned int cpu; -- -- for_each_possible_cpu(cpu) -- setup_cpu_entry_area(cpu); --} -- - /* Load the original GDT from the per-cpu structure */ - void load_direct_gdt(int cpu) - { -diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 74136fd16f49..464daed6894f 100644 ---- a/arch/x86/kernel/traps.c -+++ b/arch/x86/kernel/traps.c -@@ -52,6 +52,7 @@ - #include <asm/traps.h> - #include <asm/desc.h> - #include <asm/fpu/internal.h> -+#include <asm/cpu_entry_area.h> - #include <asm/mce.h> - #include <asm/fixmap.h> - #include <asm/mach_traps.h> -diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile -index 7ba7f3d7f477..2e0017af8f9b 100644 ---- a/arch/x86/mm/Makefile -+++ b/arch/x86/mm/Makefile -@@ -10,7 +10,7 @@ CFLAGS_REMOVE_mem_encrypt.o = -pg - endif - - obj-y := init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \ -- pat.o pgtable.o physaddr.o setup_nx.o tlb.o -+ pat.o pgtable.o physaddr.o setup_nx.o tlb.o cpu_entry_area.o - - # Make sure __phys_addr has no stackprotector - nostackp := $(call cc-option, -fno-stack-protector) -diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c -new file mode 100644 -index 000000000000..235ff9cfaaf4 ---- /dev/null -+++ b/arch/x86/mm/cpu_entry_area.c -@@ -0,0 +1,104 @@ -+// SPDX-License-Identifier: GPL-2.0 -+ -+#include <linux/spinlock.h> -+#include <linux/percpu.h> -+ -+#include <asm/cpu_entry_area.h> -+#include <asm/pgtable.h> -+#include <asm/fixmap.h> -+#include <asm/desc.h> -+ -+static DEFINE_PER_CPU_PAGE_ALIGNED(struct entry_stack_page, entry_stack_storage); -+ -+#ifdef CONFIG_X86_64 -+static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks -+ [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]); -+#endif -+ -+static void __init -+set_percpu_fixmap_pages(int idx, void *ptr, int pages, pgprot_t prot) -+{ -+ for ( ; pages; pages--, idx--, ptr += PAGE_SIZE) -+ __set_fixmap(idx, per_cpu_ptr_to_phys(ptr), prot); -+} -+ -+/* Setup the fixmap mappings only once per-processor */ -+static void __init setup_cpu_entry_area(int cpu) -+{ -+#ifdef CONFIG_X86_64 -+ extern char _entry_trampoline[]; -+ -+ /* On 64-bit systems, we use a read-only fixmap GDT and TSS. */ -+ pgprot_t gdt_prot = PAGE_KERNEL_RO; -+ pgprot_t tss_prot = PAGE_KERNEL_RO; -+#else -+ /* -+ * On native 32-bit systems, the GDT cannot be read-only because -+ * our double fault handler uses a task gate, and entering through -+ * a task gate needs to change an available TSS to busy. If the -+ * GDT is read-only, that will triple fault. The TSS cannot be -+ * read-only because the CPU writes to it on task switches. -+ * -+ * On Xen PV, the GDT must be read-only because the hypervisor -+ * requires it. -+ */ -+ pgprot_t gdt_prot = boot_cpu_has(X86_FEATURE_XENPV) ? -+ PAGE_KERNEL_RO : PAGE_KERNEL; -+ pgprot_t tss_prot = PAGE_KERNEL; -+#endif -+ -+ __set_fixmap(get_cpu_entry_area_index(cpu, gdt), get_cpu_gdt_paddr(cpu), gdt_prot); -+ set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, entry_stack_page), -+ per_cpu_ptr(&entry_stack_storage, cpu), 1, -+ PAGE_KERNEL); -+ -+ /* -+ * The Intel SDM says (Volume 3, 7.2.1): -+ * -+ * Avoid placing a page boundary in the part of the TSS that the -+ * processor reads during a task switch (the first 104 bytes). The -+ * processor may not correctly perform address translations if a -+ * boundary occurs in this area. During a task switch, the processor -+ * reads and writes into the first 104 bytes of each TSS (using -+ * contiguous physical addresses beginning with the physical address -+ * of the first byte of the TSS). So, after TSS access begins, if -+ * part of the 104 bytes is not physically contiguous, the processor -+ * will access incorrect information without generating a page-fault -+ * exception. -+ * -+ * There are also a lot of errata involving the TSS spanning a page -+ * boundary. Assert that we're not doing that. -+ */ -+ BUILD_BUG_ON((offsetof(struct tss_struct, x86_tss) ^ -+ offsetofend(struct tss_struct, x86_tss)) & PAGE_MASK); -+ BUILD_BUG_ON(sizeof(struct tss_struct) % PAGE_SIZE != 0); -+ set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, tss), -+ &per_cpu(cpu_tss_rw, cpu), -+ sizeof(struct tss_struct) / PAGE_SIZE, -+ tss_prot); -+ -+#ifdef CONFIG_X86_32 -+ per_cpu(cpu_entry_area, cpu) = get_cpu_entry_area(cpu); -+#endif -+ -+#ifdef CONFIG_X86_64 -+ BUILD_BUG_ON(sizeof(exception_stacks) % PAGE_SIZE != 0); -+ BUILD_BUG_ON(sizeof(exception_stacks) != -+ sizeof(((struct cpu_entry_area *)0)->exception_stacks)); -+ set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, exception_stacks), -+ &per_cpu(exception_stacks, cpu), -+ sizeof(exception_stacks) / PAGE_SIZE, -+ PAGE_KERNEL); -+ -+ __set_fixmap(get_cpu_entry_area_index(cpu, entry_trampoline), -+ __pa_symbol(_entry_trampoline), PAGE_KERNEL_RX); -+#endif -+} -+ -+void __init setup_cpu_entry_areas(void) -+{ -+ unsigned int cpu; -+ -+ for_each_possible_cpu(cpu) -+ setup_cpu_entry_area(cpu); -+} --- -2.15.0 - diff --git a/queue/x86-cpu_entry_area-Prevent-wraparound-in-setup_cpu_e.patch b/queue/x86-cpu_entry_area-Prevent-wraparound-in-setup_cpu_e.patch deleted file mode 100644 index dccbbf6..0000000 --- a/queue/x86-cpu_entry_area-Prevent-wraparound-in-setup_cpu_e.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f6c4fd506cb626e4346aa81688f255e593a7c5a0 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sat, 23 Dec 2017 19:45:11 +0100 -Subject: [PATCH] x86/cpu_entry_area: Prevent wraparound in - setup_cpu_entry_area_ptes() on 32bit - -commit f6c4fd506cb626e4346aa81688f255e593a7c5a0 upstream. - -The loop which populates the CPU entry area PMDs can wrap around on 32bit -machines when the number of CPUs is small. - -It worked wonderful for NR_CPUS=64 for whatever reason and the moron who -wrote that code did not bother to test it with !SMP. - -Check for the wraparound to fix it. - -Fixes: 92a0f81d8957 ("x86/cpu_entry_area: Move it out of the fixmap") -Reported-by: kernel test robot <fengguang.wu@intel.com> -Signed-off-by: Thomas "Feels stupid" Gleixner <tglx@linutronix.de> -Tested-by: Borislav Petkov <bp@alien8.de> - -diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c -index 21e8b595cbb1..fe814fd5e014 100644 ---- a/arch/x86/mm/cpu_entry_area.c -+++ b/arch/x86/mm/cpu_entry_area.c -@@ -122,7 +122,8 @@ static __init void setup_cpu_entry_area_ptes(void) - start = CPU_ENTRY_AREA_BASE; - end = start + CPU_ENTRY_AREA_MAP_SIZE; - -- for (; start < end; start += PMD_SIZE) -+ /* Careful here: start + PMD_SIZE might wrap around */ -+ for (; start < end && start >= CPU_ENTRY_AREA_BASE; start += PMD_SIZE) - populate_extra_pte(start); - #endif - } --- -2.15.0 - diff --git a/queue/x86-decoder-Fix-and-update-the-opcodes-map.patch b/queue/x86-decoder-Fix-and-update-the-opcodes-map.patch deleted file mode 100644 index 6373de0..0000000 --- a/queue/x86-decoder-Fix-and-update-the-opcodes-map.patch +++ /dev/null @@ -1,158 +0,0 @@ -From f5b5fab1780c98b74526dbac527574bd02dc16f8 Mon Sep 17 00:00:00 2001 -From: Randy Dunlap <rdunlap@infradead.org> -Date: Mon, 11 Dec 2017 10:38:36 -0800 -Subject: [PATCH] x86/decoder: Fix and update the opcodes map - -commit f5b5fab1780c98b74526dbac527574bd02dc16f8 upstream. - -Update x86-opcode-map.txt based on the October 2017 Intel SDM publication. -Fix INVPID to INVVPID. -Add UD0 and UD1 instruction opcodes. - -Also sync the objtool and perf tooling copies of this file. - -Signed-off-by: Randy Dunlap <rdunlap@infradead.org> -Acked-by: Masami Hiramatsu <mhiramat@kernel.org> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Masami Hiramatsu <masami.hiramatsu@gmail.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Link: http://lkml.kernel.org/r/aac062d7-c0f6-96e3-5c92-ed299e2bd3da@infradead.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt -index c4d55919fac1..e0b85930dd77 100644 ---- a/arch/x86/lib/x86-opcode-map.txt -+++ b/arch/x86/lib/x86-opcode-map.txt -@@ -607,7 +607,7 @@ fb: psubq Pq,Qq | vpsubq Vx,Hx,Wx (66),(v1) - fc: paddb Pq,Qq | vpaddb Vx,Hx,Wx (66),(v1) - fd: paddw Pq,Qq | vpaddw Vx,Hx,Wx (66),(v1) - fe: paddd Pq,Qq | vpaddd Vx,Hx,Wx (66),(v1) --ff: -+ff: UD0 - EndTable - - Table: 3-byte opcode 1 (0x0f 0x38) -@@ -717,7 +717,7 @@ AVXcode: 2 - 7e: vpermt2d/q Vx,Hx,Wx (66),(ev) - 7f: vpermt2ps/d Vx,Hx,Wx (66),(ev) - 80: INVEPT Gy,Mdq (66) --81: INVPID Gy,Mdq (66) -+81: INVVPID Gy,Mdq (66) - 82: INVPCID Gy,Mdq (66) - 83: vpmultishiftqb Vx,Hx,Wx (66),(ev) - 88: vexpandps/d Vpd,Wpd (66),(ev) -@@ -970,6 +970,15 @@ GrpTable: Grp9 - EndTable - - GrpTable: Grp10 -+# all are UD1 -+0: UD1 -+1: UD1 -+2: UD1 -+3: UD1 -+4: UD1 -+5: UD1 -+6: UD1 -+7: UD1 - EndTable - - # Grp11A and Grp11B are expressed as Grp11 in Intel SDM -diff --git a/tools/objtool/arch/x86/insn/x86-opcode-map.txt b/tools/objtool/arch/x86/insn/x86-opcode-map.txt -index 12e377184ee4..e0b85930dd77 100644 ---- a/tools/objtool/arch/x86/insn/x86-opcode-map.txt -+++ b/tools/objtool/arch/x86/insn/x86-opcode-map.txt -@@ -607,7 +607,7 @@ fb: psubq Pq,Qq | vpsubq Vx,Hx,Wx (66),(v1) - fc: paddb Pq,Qq | vpaddb Vx,Hx,Wx (66),(v1) - fd: paddw Pq,Qq | vpaddw Vx,Hx,Wx (66),(v1) - fe: paddd Pq,Qq | vpaddd Vx,Hx,Wx (66),(v1) --ff: -+ff: UD0 - EndTable - - Table: 3-byte opcode 1 (0x0f 0x38) -@@ -717,7 +717,7 @@ AVXcode: 2 - 7e: vpermt2d/q Vx,Hx,Wx (66),(ev) - 7f: vpermt2ps/d Vx,Hx,Wx (66),(ev) - 80: INVEPT Gy,Mdq (66) --81: INVPID Gy,Mdq (66) -+81: INVVPID Gy,Mdq (66) - 82: INVPCID Gy,Mdq (66) - 83: vpmultishiftqb Vx,Hx,Wx (66),(ev) - 88: vexpandps/d Vpd,Wpd (66),(ev) -@@ -896,7 +896,7 @@ EndTable - - GrpTable: Grp3_1 - 0: TEST Eb,Ib --1: -+1: TEST Eb,Ib - 2: NOT Eb - 3: NEG Eb - 4: MUL AL,Eb -@@ -970,6 +970,15 @@ GrpTable: Grp9 - EndTable - - GrpTable: Grp10 -+# all are UD1 -+0: UD1 -+1: UD1 -+2: UD1 -+3: UD1 -+4: UD1 -+5: UD1 -+6: UD1 -+7: UD1 - EndTable - - # Grp11A and Grp11B are expressed as Grp11 in Intel SDM -diff --git a/tools/perf/util/intel-pt-decoder/x86-opcode-map.txt b/tools/perf/util/intel-pt-decoder/x86-opcode-map.txt -index 12e377184ee4..e0b85930dd77 100644 ---- a/tools/perf/util/intel-pt-decoder/x86-opcode-map.txt -+++ b/tools/perf/util/intel-pt-decoder/x86-opcode-map.txt -@@ -607,7 +607,7 @@ fb: psubq Pq,Qq | vpsubq Vx,Hx,Wx (66),(v1) - fc: paddb Pq,Qq | vpaddb Vx,Hx,Wx (66),(v1) - fd: paddw Pq,Qq | vpaddw Vx,Hx,Wx (66),(v1) - fe: paddd Pq,Qq | vpaddd Vx,Hx,Wx (66),(v1) --ff: -+ff: UD0 - EndTable - - Table: 3-byte opcode 1 (0x0f 0x38) -@@ -717,7 +717,7 @@ AVXcode: 2 - 7e: vpermt2d/q Vx,Hx,Wx (66),(ev) - 7f: vpermt2ps/d Vx,Hx,Wx (66),(ev) - 80: INVEPT Gy,Mdq (66) --81: INVPID Gy,Mdq (66) -+81: INVVPID Gy,Mdq (66) - 82: INVPCID Gy,Mdq (66) - 83: vpmultishiftqb Vx,Hx,Wx (66),(ev) - 88: vexpandps/d Vpd,Wpd (66),(ev) -@@ -896,7 +896,7 @@ EndTable - - GrpTable: Grp3_1 - 0: TEST Eb,Ib --1: -+1: TEST Eb,Ib - 2: NOT Eb - 3: NEG Eb - 4: MUL AL,Eb -@@ -970,6 +970,15 @@ GrpTable: Grp9 - EndTable - - GrpTable: Grp10 -+# all are UD1 -+0: UD1 -+1: UD1 -+2: UD1 -+3: UD1 -+4: UD1 -+5: UD1 -+6: UD1 -+7: UD1 - EndTable - - # Grp11A and Grp11B are expressed as Grp11 in Intel SDM --- -2.15.0 - diff --git a/queue/x86-doc-Remove-obvious-weirdnesses-from-the-x86-MM-l.patch b/queue/x86-doc-Remove-obvious-weirdnesses-from-the-x86-MM-l.patch deleted file mode 100644 index d4f8aca..0000000 --- a/queue/x86-doc-Remove-obvious-weirdnesses-from-the-x86-MM-l.patch +++ /dev/null @@ -1,74 +0,0 @@ -From e8ffe96e5933d417195268478479933d56213a3f Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:54 +0100 -Subject: [PATCH] x86/doc: Remove obvious weirdnesses from the x86 MM layout - documentation - -commit e8ffe96e5933d417195268478479933d56213a3f upstream. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt -index 83ca5a3b90ac..63a41671d25b 100644 ---- a/Documentation/x86/x86_64/mm.txt -+++ b/Documentation/x86/x86_64/mm.txt -@@ -1,6 +1,4 @@ - --<previous description obsolete, deleted> -- - Virtual memory map with 4 level page tables: - - 0000000000000000 - 00007fffffffffff (=47 bits) user space, different per mm -@@ -49,8 +47,9 @@ ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole - - Architecture defines a 64-bit virtual address. Implementations can support - less. Currently supported are 48- and 57-bit virtual addresses. Bits 63 --through to the most-significant implemented bit are set to either all ones --or all zero. This causes hole between user space and kernel addresses. -+through to the most-significant implemented bit are sign extended. -+This causes hole between user space and kernel addresses if you interpret them -+as unsigned. - - The direct mapping covers all memory in the system up to the highest - memory address (this means in some cases it can also include PCI memory -@@ -60,9 +59,6 @@ vmalloc space is lazily synchronized into the different PML4/PML5 pages of - the processes using the page fault handler, with init_top_pgt as - reference. - --Current X86-64 implementations support up to 46 bits of address space (64 TB), --which is our current limit. This expands into MBZ space in the page tables. -- - We map EFI runtime services in the 'efi_pgd' PGD in a 64Gb large virtual - memory window (this size is arbitrary, it can be raised later if needed). - The mappings are not part of any other kernel PGD and are only available -@@ -74,5 +70,3 @@ following fixmap section. - Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all - physical memory, vmalloc/ioremap space and virtual memory map are randomized. - Their order is preserved but their base will be offset early at boot time. -- ---Andi Kleen, Jul 2004 --- -2.15.0 - diff --git a/queue/x86-entry-Rename-SYSENTER_stack-to-CPU_ENTRY_AREA_en.patch b/queue/x86-entry-Rename-SYSENTER_stack-to-CPU_ENTRY_AREA_en.patch deleted file mode 100644 index 73e5ba7..0000000 --- a/queue/x86-entry-Rename-SYSENTER_stack-to-CPU_ENTRY_AREA_en.patch +++ /dev/null @@ -1,325 +0,0 @@ -From 4fe2d8b11a370af286287a2661de9d4e6c9a145a Mon Sep 17 00:00:00 2001 -From: Dave Hansen <dave.hansen@linux.intel.com> -Date: Mon, 4 Dec 2017 17:25:07 -0800 -Subject: [PATCH] x86/entry: Rename SYSENTER_stack to - CPU_ENTRY_AREA_entry_stack - -commit 4fe2d8b11a370af286287a2661de9d4e6c9a145a upstream. - -If the kernel oopses while on the trampoline stack, it will print -"<SYSENTER>" even if SYSENTER is not involved. That is rather confusing. - -The "SYSENTER" stack is used for a lot more than SYSENTER now. Give it a -better string to display in stack dumps, and rename the kernel code to -match. - -Also move the 32-bit code over to the new naming even though it still uses -the entry stack only for SYSENTER. - -Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Borislav Petkov <bp@suse.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S -index bd8b57a5c874..ace8f321a5a1 100644 ---- a/arch/x86/entry/entry_32.S -+++ b/arch/x86/entry/entry_32.S -@@ -942,9 +942,9 @@ ENTRY(debug) - - /* Are we currently on the SYSENTER stack? */ - movl PER_CPU_VAR(cpu_entry_area), %ecx -- addl $CPU_ENTRY_AREA_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx -- subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */ -- cmpl $SIZEOF_SYSENTER_stack, %ecx -+ addl $CPU_ENTRY_AREA_entry_stack + SIZEOF_entry_stack, %ecx -+ subl %eax, %ecx /* ecx = (end of entry_stack) - esp */ -+ cmpl $SIZEOF_entry_stack, %ecx - jb .Ldebug_from_sysenter_stack - - TRACE_IRQS_OFF -@@ -986,9 +986,9 @@ ENTRY(nmi) - - /* Are we currently on the SYSENTER stack? */ - movl PER_CPU_VAR(cpu_entry_area), %ecx -- addl $CPU_ENTRY_AREA_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx -- subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */ -- cmpl $SIZEOF_SYSENTER_stack, %ecx -+ addl $CPU_ENTRY_AREA_entry_stack + SIZEOF_entry_stack, %ecx -+ subl %eax, %ecx /* ecx = (end of entry_stack) - esp */ -+ cmpl $SIZEOF_entry_stack, %ecx - jb .Lnmi_from_sysenter_stack - - /* Not on SYSENTER stack. */ -diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S -index 2812ce043a7a..87cebe78bbef 100644 ---- a/arch/x86/entry/entry_64.S -+++ b/arch/x86/entry/entry_64.S -@@ -154,8 +154,8 @@ END(native_usergs_sysret64) - _entry_trampoline - CPU_ENTRY_AREA_entry_trampoline(%rip) - - /* The top word of the SYSENTER stack is hot and is usable as scratch space. */ --#define RSP_SCRATCH CPU_ENTRY_AREA_SYSENTER_stack + \ -- SIZEOF_SYSENTER_stack - 8 + CPU_ENTRY_AREA -+#define RSP_SCRATCH CPU_ENTRY_AREA_entry_stack + \ -+ SIZEOF_entry_stack - 8 + CPU_ENTRY_AREA - - ENTRY(entry_SYSCALL_64_trampoline) - UNWIND_HINT_EMPTY -diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h -index 94fc4fa14127..8153b8d86a3c 100644 ---- a/arch/x86/include/asm/fixmap.h -+++ b/arch/x86/include/asm/fixmap.h -@@ -56,10 +56,10 @@ struct cpu_entry_area { - char gdt[PAGE_SIZE]; - - /* -- * The GDT is just below SYSENTER_stack and thus serves (on x86_64) as -+ * The GDT is just below entry_stack and thus serves (on x86_64) as - * a a read-only guard page. - */ -- struct SYSENTER_stack_page SYSENTER_stack_page; -+ struct entry_stack_page entry_stack_page; - - /* - * On x86_64, the TSS is mapped RO. On x86_32, it's mapped RW because -@@ -250,9 +250,9 @@ static inline struct cpu_entry_area *get_cpu_entry_area(int cpu) - return (struct cpu_entry_area *)__fix_to_virt(__get_cpu_entry_area_page_index(cpu, 0)); - } - --static inline struct SYSENTER_stack *cpu_SYSENTER_stack(int cpu) -+static inline struct entry_stack *cpu_entry_stack(int cpu) - { -- return &get_cpu_entry_area(cpu)->SYSENTER_stack_page.stack; -+ return &get_cpu_entry_area(cpu)->entry_stack_page.stack; - } - - #endif /* !__ASSEMBLY__ */ -diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index da943411d3d8..9e482d8b0b97 100644 ---- a/arch/x86/include/asm/processor.h -+++ b/arch/x86/include/asm/processor.h -@@ -336,12 +336,12 @@ struct x86_hw_tss { - #define IO_BITMAP_OFFSET (offsetof(struct tss_struct, io_bitmap) - offsetof(struct tss_struct, x86_tss)) - #define INVALID_IO_BITMAP_OFFSET 0x8000 - --struct SYSENTER_stack { -+struct entry_stack { - unsigned long words[64]; - }; - --struct SYSENTER_stack_page { -- struct SYSENTER_stack stack; -+struct entry_stack_page { -+ struct entry_stack stack; - } __aligned(PAGE_SIZE); - - struct tss_struct { -diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h -index f8062bfd43a0..f73706878772 100644 ---- a/arch/x86/include/asm/stacktrace.h -+++ b/arch/x86/include/asm/stacktrace.h -@@ -16,7 +16,7 @@ enum stack_type { - STACK_TYPE_TASK, - STACK_TYPE_IRQ, - STACK_TYPE_SOFTIRQ, -- STACK_TYPE_SYSENTER, -+ STACK_TYPE_ENTRY, - STACK_TYPE_EXCEPTION, - STACK_TYPE_EXCEPTION_LAST = STACK_TYPE_EXCEPTION + N_EXCEPTION_STACKS-1, - }; -@@ -29,7 +29,7 @@ struct stack_info { - bool in_task_stack(unsigned long *stack, struct task_struct *task, - struct stack_info *info); - --bool in_sysenter_stack(unsigned long *stack, struct stack_info *info); -+bool in_entry_stack(unsigned long *stack, struct stack_info *info); - - int get_stack_info(unsigned long *stack, struct task_struct *task, - struct stack_info *info, unsigned long *visit_mask); -diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c -index cd360a5e0dca..676b7cf4b62b 100644 ---- a/arch/x86/kernel/asm-offsets.c -+++ b/arch/x86/kernel/asm-offsets.c -@@ -97,6 +97,6 @@ void common(void) { - /* Layout info for cpu_entry_area */ - OFFSET(CPU_ENTRY_AREA_tss, cpu_entry_area, tss); - OFFSET(CPU_ENTRY_AREA_entry_trampoline, cpu_entry_area, entry_trampoline); -- OFFSET(CPU_ENTRY_AREA_SYSENTER_stack, cpu_entry_area, SYSENTER_stack_page); -- DEFINE(SIZEOF_SYSENTER_stack, sizeof(struct SYSENTER_stack)); -+ OFFSET(CPU_ENTRY_AREA_entry_stack, cpu_entry_area, entry_stack_page); -+ DEFINE(SIZEOF_entry_stack, sizeof(struct entry_stack)); - } -diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c -index 7d20d9c0b3d6..fa1261eefa16 100644 ---- a/arch/x86/kernel/asm-offsets_32.c -+++ b/arch/x86/kernel/asm-offsets_32.c -@@ -48,7 +48,7 @@ void foo(void) - - /* Offset from the sysenter stack to tss.sp0 */ - DEFINE(TSS_sysenter_sp0, offsetof(struct cpu_entry_area, tss.x86_tss.sp0) - -- offsetofend(struct cpu_entry_area, SYSENTER_stack_page.stack)); -+ offsetofend(struct cpu_entry_area, entry_stack_page.stack)); - - #ifdef CONFIG_CC_STACKPROTECTOR - BLANK(); -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 034900623adf..ed4acbce37a8 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -487,8 +487,8 @@ static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks - [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]); - #endif - --static DEFINE_PER_CPU_PAGE_ALIGNED(struct SYSENTER_stack_page, -- SYSENTER_stack_storage); -+static DEFINE_PER_CPU_PAGE_ALIGNED(struct entry_stack_page, -+ entry_stack_storage); - - static void __init - set_percpu_fixmap_pages(int idx, void *ptr, int pages, pgprot_t prot) -@@ -523,8 +523,8 @@ static void __init setup_cpu_entry_area(int cpu) - #endif - - __set_fixmap(get_cpu_entry_area_index(cpu, gdt), get_cpu_gdt_paddr(cpu), gdt_prot); -- set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, SYSENTER_stack_page), -- per_cpu_ptr(&SYSENTER_stack_storage, cpu), 1, -+ set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, entry_stack_page), -+ per_cpu_ptr(&entry_stack_storage, cpu), 1, - PAGE_KERNEL); - - /* -@@ -1323,7 +1323,7 @@ void enable_sep_cpu(void) - - tss->x86_tss.ss1 = __KERNEL_CS; - wrmsr(MSR_IA32_SYSENTER_CS, tss->x86_tss.ss1, 0); -- wrmsr(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_SYSENTER_stack(cpu) + 1), 0); -+ wrmsr(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_entry_stack(cpu) + 1), 0); - wrmsr(MSR_IA32_SYSENTER_EIP, (unsigned long)entry_SYSENTER_32, 0); - - put_cpu(); -@@ -1440,7 +1440,7 @@ void syscall_init(void) - * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). - */ - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); -- wrmsrl_safe(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_SYSENTER_stack(cpu) + 1)); -+ wrmsrl_safe(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_entry_stack(cpu) + 1)); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); - #else - wrmsrl(MSR_CSTAR, (unsigned long)ignore_sysret); -@@ -1655,7 +1655,7 @@ void cpu_init(void) - */ - set_tss_desc(cpu, &get_cpu_entry_area(cpu)->tss.x86_tss); - load_TR_desc(); -- load_sp0((unsigned long)(cpu_SYSENTER_stack(cpu) + 1)); -+ load_sp0((unsigned long)(cpu_entry_stack(cpu) + 1)); - - load_mm_ldt(&init_mm); - -diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index bbd6d986e2d0..1dd3f533d78c 100644 ---- a/arch/x86/kernel/dumpstack.c -+++ b/arch/x86/kernel/dumpstack.c -@@ -43,9 +43,9 @@ bool in_task_stack(unsigned long *stack, struct task_struct *task, - return true; - } - --bool in_sysenter_stack(unsigned long *stack, struct stack_info *info) -+bool in_entry_stack(unsigned long *stack, struct stack_info *info) - { -- struct SYSENTER_stack *ss = cpu_SYSENTER_stack(smp_processor_id()); -+ struct entry_stack *ss = cpu_entry_stack(smp_processor_id()); - - void *begin = ss; - void *end = ss + 1; -@@ -53,7 +53,7 @@ bool in_sysenter_stack(unsigned long *stack, struct stack_info *info) - if ((void *)stack < begin || (void *)stack >= end) - return false; - -- info->type = STACK_TYPE_SYSENTER; -+ info->type = STACK_TYPE_ENTRY; - info->begin = begin; - info->end = end; - info->next_sp = NULL; -@@ -111,13 +111,13 @@ void show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs, - * - task stack - * - interrupt stack - * - HW exception stacks (double fault, nmi, debug, mce) -- * - SYSENTER stack -+ * - entry stack - * - * x86-32 can have up to four stacks: - * - task stack - * - softirq stack - * - hardirq stack -- * - SYSENTER stack -+ * - entry stack - */ - for (regs = NULL; stack; stack = PTR_ALIGN(stack_info.next_sp, sizeof(long))) { - const char *stack_name; -diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c -index 5ff13a6b3680..04170f63e3a1 100644 ---- a/arch/x86/kernel/dumpstack_32.c -+++ b/arch/x86/kernel/dumpstack_32.c -@@ -26,8 +26,8 @@ const char *stack_type_name(enum stack_type type) - if (type == STACK_TYPE_SOFTIRQ) - return "SOFTIRQ"; - -- if (type == STACK_TYPE_SYSENTER) -- return "SYSENTER"; -+ if (type == STACK_TYPE_ENTRY) -+ return "ENTRY_TRAMPOLINE"; - - return NULL; - } -@@ -96,7 +96,7 @@ int get_stack_info(unsigned long *stack, struct task_struct *task, - if (task != current) - goto unknown; - -- if (in_sysenter_stack(stack, info)) -+ if (in_entry_stack(stack, info)) - goto recursion_check; - - if (in_hardirq_stack(stack, info)) -diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index abc828f8c297..563e28d14f2c 100644 ---- a/arch/x86/kernel/dumpstack_64.c -+++ b/arch/x86/kernel/dumpstack_64.c -@@ -37,8 +37,14 @@ const char *stack_type_name(enum stack_type type) - if (type == STACK_TYPE_IRQ) - return "IRQ"; - -- if (type == STACK_TYPE_SYSENTER) -- return "SYSENTER"; -+ if (type == STACK_TYPE_ENTRY) { -+ /* -+ * On 64-bit, we have a generic entry stack that we -+ * use for all the kernel entry points, including -+ * SYSENTER. -+ */ -+ return "ENTRY_TRAMPOLINE"; -+ } - - if (type >= STACK_TYPE_EXCEPTION && type <= STACK_TYPE_EXCEPTION_LAST) - return exception_stack_names[type - STACK_TYPE_EXCEPTION]; -@@ -118,7 +124,7 @@ int get_stack_info(unsigned long *stack, struct task_struct *task, - if (in_irq_stack(stack, info)) - goto recursion_check; - -- if (in_sysenter_stack(stack, info)) -+ if (in_entry_stack(stack, info)) - goto recursion_check; - - goto unknown; --- -2.15.0 - diff --git a/queue/x86-ldt-Prevent-LDT-inheritance-on-exec.patch b/queue/x86-ldt-Prevent-LDT-inheritance-on-exec.patch deleted file mode 100644 index 3785ca8..0000000 --- a/queue/x86-ldt-Prevent-LDT-inheritance-on-exec.patch +++ /dev/null @@ -1,164 +0,0 @@ -From a4828f81037f491b2cc986595e3a969a6eeb2fb5 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Thu, 14 Dec 2017 12:27:31 +0100 -Subject: [PATCH] x86/ldt: Prevent LDT inheritance on exec - -commit a4828f81037f491b2cc986595e3a969a6eeb2fb5 upstream. - -The LDT is inherited across fork() or exec(), but that makes no sense -at all because exec() is supposed to start the process clean. - -The reason why this happens is that init_new_context_ldt() is called from -init_new_context() which obviously needs to be called for both fork() and -exec(). - -It would be surprising if anything relies on that behaviour, so it seems to -be safe to remove that misfeature. - -Split the context initialization into two parts. Clear the LDT pointer and -initialize the mutex from the general context init and move the LDT -duplication to arch_dup_mmap() which is only called on fork(). - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Andy Lutomirsky <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Borislav Petkov <bpetkov@suse.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: dan.j.williams@intel.com -Cc: hughd@google.com -Cc: keescook@google.com -Cc: kirill.shutemov@linux.intel.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 4fdbe5efe535..5e25423bf9bb 100644 ---- a/arch/x86/include/asm/mmu_context.h -+++ b/arch/x86/include/asm/mmu_context.h -@@ -57,11 +57,17 @@ struct ldt_struct { - /* - * Used for LDT copy/destruction. - */ --int init_new_context_ldt(struct task_struct *tsk, struct mm_struct *mm); -+static inline void init_new_context_ldt(struct mm_struct *mm) -+{ -+ mm->context.ldt = NULL; -+ init_rwsem(&mm->context.ldt_usr_sem); -+} -+int ldt_dup_context(struct mm_struct *oldmm, struct mm_struct *mm); - void destroy_context_ldt(struct mm_struct *mm); - #else /* CONFIG_MODIFY_LDT_SYSCALL */ --static inline int init_new_context_ldt(struct task_struct *tsk, -- struct mm_struct *mm) -+static inline void init_new_context_ldt(struct mm_struct *mm) { } -+static inline int ldt_dup_context(struct mm_struct *oldmm, -+ struct mm_struct *mm) - { - return 0; - } -@@ -137,15 +143,16 @@ static inline int init_new_context(struct task_struct *tsk, - mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id); - atomic64_set(&mm->context.tlb_gen, 0); - -- #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS -+#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS - if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { - /* pkey 0 is the default and always allocated */ - mm->context.pkey_allocation_map = 0x1; - /* -1 means unallocated or invalid */ - mm->context.execute_only_pkey = -1; - } -- #endif -- return init_new_context_ldt(tsk, mm); -+#endif -+ init_new_context_ldt(mm); -+ return 0; - } - static inline void destroy_context(struct mm_struct *mm) - { -@@ -181,7 +188,7 @@ do { \ - static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) - { - paravirt_arch_dup_mmap(oldmm, mm); -- return 0; -+ return ldt_dup_context(oldmm, mm); - } - - static inline void arch_exit_mmap(struct mm_struct *mm) -diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index 1600aebc1ec7..a6b5d62f45a7 100644 ---- a/arch/x86/kernel/ldt.c -+++ b/arch/x86/kernel/ldt.c -@@ -131,28 +131,20 @@ static void free_ldt_struct(struct ldt_struct *ldt) - } - - /* -- * we do not have to muck with descriptors here, that is -- * done in switch_mm() as needed. -+ * Called on fork from arch_dup_mmap(). Just copy the current LDT state, -+ * the new task is not running, so nothing can be installed. - */ --int init_new_context_ldt(struct task_struct *tsk, struct mm_struct *mm) -+int ldt_dup_context(struct mm_struct *old_mm, struct mm_struct *mm) - { - struct ldt_struct *new_ldt; -- struct mm_struct *old_mm; - int retval = 0; - -- init_rwsem(&mm->context.ldt_usr_sem); -- -- old_mm = current->mm; -- if (!old_mm) { -- mm->context.ldt = NULL; -+ if (!old_mm) - return 0; -- } - - mutex_lock(&old_mm->context.lock); -- if (!old_mm->context.ldt) { -- mm->context.ldt = NULL; -+ if (!old_mm->context.ldt) - goto out_unlock; -- } - - new_ldt = alloc_ldt_struct(old_mm->context.ldt->nr_entries); - if (!new_ldt) { -diff --git a/tools/testing/selftests/x86/ldt_gdt.c b/tools/testing/selftests/x86/ldt_gdt.c -index 66e5ce5b91f0..0304ffb714f2 100644 ---- a/tools/testing/selftests/x86/ldt_gdt.c -+++ b/tools/testing/selftests/x86/ldt_gdt.c -@@ -627,13 +627,10 @@ static void do_multicpu_tests(void) - static int finish_exec_test(void) - { - /* -- * In a sensible world, this would be check_invalid_segment(0, 1); -- * For better or for worse, though, the LDT is inherited across exec. -- * We can probably change this safely, but for now we test it. -+ * Older kernel versions did inherit the LDT on exec() which is -+ * wrong because exec() starts from a clean state. - */ -- check_valid_segment(0, 1, -- AR_DPL3 | AR_TYPE_XRCODE | AR_S | AR_P | AR_DB, -- 42, true); -+ check_invalid_segment(0, 1); - - return nerrs ? 1 : 0; - } --- -2.15.0 - diff --git a/queue/x86-ldt-Rework-locking.patch b/queue/x86-ldt-Rework-locking.patch deleted file mode 100644 index fc9f3e9..0000000 --- a/queue/x86-ldt-Rework-locking.patch +++ /dev/null @@ -1,186 +0,0 @@ -From c2b3496bb30bd159e9de42e5c952e1f1f33c9a77 Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Thu, 14 Dec 2017 12:27:30 +0100 -Subject: [PATCH] x86/ldt: Rework locking - -commit c2b3496bb30bd159e9de42e5c952e1f1f33c9a77 upstream. - -The LDT is duplicated on fork() and on exec(), which is wrong as exec() -should start from a clean state, i.e. without LDT. To fix this the LDT -duplication code will be moved into arch_dup_mmap() which is only called -for fork(). - -This introduces a locking problem. arch_dup_mmap() holds mmap_sem of the -parent process, but the LDT duplication code needs to acquire -mm->context.lock to access the LDT data safely, which is the reverse lock -order of write_ldt() where mmap_sem nests into context.lock. - -Solve this by introducing a new rw semaphore which serializes the -read/write_ldt() syscall operations and use context.lock to protect the -actual installment of the LDT descriptor. - -So context.lock stabilizes mm->context.ldt and can nest inside of the new -semaphore or mmap_sem. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Andy Lutomirsky <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Borislav Petkov <bpetkov@suse.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: dan.j.williams@intel.com -Cc: hughd@google.com -Cc: keescook@google.com -Cc: kirill.shutemov@linux.intel.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h -index 9ea26f167497..5ff3e8af2c20 100644 ---- a/arch/x86/include/asm/mmu.h -+++ b/arch/x86/include/asm/mmu.h -@@ -3,6 +3,7 @@ - #define _ASM_X86_MMU_H - - #include <linux/spinlock.h> -+#include <linux/rwsem.h> - #include <linux/mutex.h> - #include <linux/atomic.h> - -@@ -27,7 +28,8 @@ typedef struct { - atomic64_t tlb_gen; - - #ifdef CONFIG_MODIFY_LDT_SYSCALL -- struct ldt_struct *ldt; -+ struct rw_semaphore ldt_usr_sem; -+ struct ldt_struct *ldt; - #endif - - #ifdef CONFIG_X86_64 -diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index c76162439c8a..4fdbe5efe535 100644 ---- a/arch/x86/include/asm/mmu_context.h -+++ b/arch/x86/include/asm/mmu_context.h -@@ -132,6 +132,8 @@ void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk); - static inline int init_new_context(struct task_struct *tsk, - struct mm_struct *mm) - { -+ mutex_init(&mm->context.lock); -+ - mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id); - atomic64_set(&mm->context.tlb_gen, 0); - -diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index 1c1eae961340..1600aebc1ec7 100644 ---- a/arch/x86/kernel/ldt.c -+++ b/arch/x86/kernel/ldt.c -@@ -5,6 +5,11 @@ - * Copyright (C) 2002 Andi Kleen - * - * This handles calls from both 32bit and 64bit mode. -+ * -+ * Lock order: -+ * contex.ldt_usr_sem -+ * mmap_sem -+ * context.lock - */ - - #include <linux/errno.h> -@@ -42,7 +47,7 @@ static void refresh_ldt_segments(void) - #endif - } - --/* context.lock is held for us, so we don't need any locking. */ -+/* context.lock is held by the task which issued the smp function call */ - static void flush_ldt(void *__mm) - { - struct mm_struct *mm = __mm; -@@ -99,15 +104,17 @@ static void finalize_ldt_struct(struct ldt_struct *ldt) - paravirt_alloc_ldt(ldt->entries, ldt->nr_entries); - } - --/* context.lock is held */ --static void install_ldt(struct mm_struct *current_mm, -- struct ldt_struct *ldt) -+static void install_ldt(struct mm_struct *mm, struct ldt_struct *ldt) - { -+ mutex_lock(&mm->context.lock); -+ - /* Synchronizes with READ_ONCE in load_mm_ldt. */ -- smp_store_release(¤t_mm->context.ldt, ldt); -+ smp_store_release(&mm->context.ldt, ldt); - -- /* Activate the LDT for all CPUs using current_mm. */ -- on_each_cpu_mask(mm_cpumask(current_mm), flush_ldt, current_mm, true); -+ /* Activate the LDT for all CPUs using currents mm. */ -+ on_each_cpu_mask(mm_cpumask(mm), flush_ldt, mm, true); -+ -+ mutex_unlock(&mm->context.lock); - } - - static void free_ldt_struct(struct ldt_struct *ldt) -@@ -133,7 +140,8 @@ int init_new_context_ldt(struct task_struct *tsk, struct mm_struct *mm) - struct mm_struct *old_mm; - int retval = 0; - -- mutex_init(&mm->context.lock); -+ init_rwsem(&mm->context.ldt_usr_sem); -+ - old_mm = current->mm; - if (!old_mm) { - mm->context.ldt = NULL; -@@ -180,7 +188,7 @@ static int read_ldt(void __user *ptr, unsigned long bytecount) - unsigned long entries_size; - int retval; - -- mutex_lock(&mm->context.lock); -+ down_read(&mm->context.ldt_usr_sem); - - if (!mm->context.ldt) { - retval = 0; -@@ -209,7 +217,7 @@ static int read_ldt(void __user *ptr, unsigned long bytecount) - retval = bytecount; - - out_unlock: -- mutex_unlock(&mm->context.lock); -+ up_read(&mm->context.ldt_usr_sem); - return retval; - } - -@@ -269,7 +277,8 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) - ldt.avl = 0; - } - -- mutex_lock(&mm->context.lock); -+ if (down_write_killable(&mm->context.ldt_usr_sem)) -+ return -EINTR; - - old_ldt = mm->context.ldt; - old_nr_entries = old_ldt ? old_ldt->nr_entries : 0; -@@ -291,7 +300,7 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) - error = 0; - - out_unlock: -- mutex_unlock(&mm->context.lock); -+ up_write(&mm->context.ldt_usr_sem); - out: - return error; - } --- -2.15.0 - diff --git a/queue/x86-microcode-Dont-abuse-the-TLB-flush-interface.patch b/queue/x86-microcode-Dont-abuse-the-TLB-flush-interface.patch deleted file mode 100644 index bf93f36..0000000 --- a/queue/x86-microcode-Dont-abuse-the-TLB-flush-interface.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 23cb7d46f371844c004784ad9552a57446f73e5a Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:51 +0100 -Subject: [PATCH] x86/microcode: Dont abuse the TLB-flush interface - -commit 23cb7d46f371844c004784ad9552a57446f73e5a upstream. - -Commit: - - ec400ddeff20 ("x86/microcode_intel_early.c: Early update ucode on Intel's CPU") - -... grubbed into tlbflush internals without coherent explanation. - -Since it says its a precaution and the SDM doesn't mention anything like -this, take it out back. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: fenghua.yu@intel.com -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 509046cfa5ce..c2e45da4e540 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -246,20 +246,9 @@ static inline void __native_flush_tlb(void) - preempt_enable(); - } - --static inline void __native_flush_tlb_global_irq_disabled(void) --{ -- unsigned long cr4; -- -- cr4 = this_cpu_read(cpu_tlbstate.cr4); -- /* clear PGE */ -- native_write_cr4(cr4 & ~X86_CR4_PGE); -- /* write old PGE again and flush TLBs */ -- native_write_cr4(cr4); --} -- - static inline void __native_flush_tlb_global(void) - { -- unsigned long flags; -+ unsigned long cr4, flags; - - if (static_cpu_has(X86_FEATURE_INVPCID)) { - /* -@@ -277,7 +266,11 @@ static inline void __native_flush_tlb_global(void) - */ - raw_local_irq_save(flags); - -- __native_flush_tlb_global_irq_disabled(); -+ cr4 = this_cpu_read(cpu_tlbstate.cr4); -+ /* toggle PGE */ -+ native_write_cr4(cr4 ^ X86_CR4_PGE); -+ /* write old PGE again and flush TLBs */ -+ native_write_cr4(cr4); - - raw_local_irq_restore(flags); - } -diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c -index 7dbcb7adf797..8ccdca6d3f9e 100644 ---- a/arch/x86/kernel/cpu/microcode/intel.c -+++ b/arch/x86/kernel/cpu/microcode/intel.c -@@ -565,15 +565,6 @@ static void print_ucode(struct ucode_cpu_info *uci) - } - #else - --/* -- * Flush global tlb. We only do this in x86_64 where paging has been enabled -- * already and PGE should be enabled as well. -- */ --static inline void flush_tlb_early(void) --{ -- __native_flush_tlb_global_irq_disabled(); --} -- - static inline void print_ucode(struct ucode_cpu_info *uci) - { - struct microcode_intel *mc; -@@ -602,10 +593,6 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) - if (rev != mc->hdr.rev) - return -1; - --#ifdef CONFIG_X86_64 -- /* Flush global tlb. This is precaution. */ -- flush_tlb_early(); --#endif - uci->cpu_sig.rev = rev; - - if (early) --- -2.15.0 - diff --git a/queue/x86-mm-64-Improve-the-memory-map-documentation.patch b/queue/x86-mm-64-Improve-the-memory-map-documentation.patch deleted file mode 100644 index 0b5fb9e..0000000 --- a/queue/x86-mm-64-Improve-the-memory-map-documentation.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 5a7ccf4754fb3660569a6de52ba7f7fc3dfaf280 Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski <luto@kernel.org> -Date: Tue, 12 Dec 2017 07:56:43 -0800 -Subject: [PATCH] x86/mm/64: Improve the memory map documentation - -commit 5a7ccf4754fb3660569a6de52ba7f7fc3dfaf280 upstream. - -The old docs had the vsyscall range wrong and were missing the fixmap. -Fix both. - -There used to be 8 MB reserved for future vsyscalls, but that's long gone. - -Signed-off-by: Andy Lutomirski <luto@kernel.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Kees Cook <keescook@chromium.org> -Cc: Kirill A. Shutemov <kirill@shutemov.name> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt -index 3448e675b462..83ca5a3b90ac 100644 ---- a/Documentation/x86/x86_64/mm.txt -+++ b/Documentation/x86/x86_64/mm.txt -@@ -19,8 +19,9 @@ ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks - ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space - ... unused hole ... - ffffffff80000000 - ffffffff9fffffff (=512 MB) kernel text mapping, from phys 0 --ffffffffa0000000 - ffffffffff5fffff (=1526 MB) module mapping space (variable) --ffffffffff600000 - ffffffffffdfffff (=8 MB) vsyscalls -+ffffffffa0000000 - [fixmap start] (~1526 MB) module mapping space (variable) -+[fixmap start] - ffffffffff5fffff kernel-internal fixmap range -+ffffffffff600000 - ffffffffff600fff (=4 kB) legacy vsyscall ABI - ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole - - Virtual memory map with 5 level page tables: -@@ -41,8 +42,9 @@ ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks - ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space - ... unused hole ... - ffffffff80000000 - ffffffff9fffffff (=512 MB) kernel text mapping, from phys 0 --ffffffffa0000000 - ffffffffff5fffff (=1526 MB) module mapping space --ffffffffff600000 - ffffffffffdfffff (=8 MB) vsyscalls -+ffffffffa0000000 - [fixmap start] (~1526 MB) module mapping space -+[fixmap start] - ffffffffff5fffff kernel-internal fixmap range -+ffffffffff600000 - ffffffffff600fff (=4 kB) legacy vsyscall ABI - ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole - - Architecture defines a 64-bit virtual address. Implementations can support --- -2.15.0 - diff --git a/queue/x86-mm-Add-comments-to-clarify-which-TLB-flush-funct.patch b/queue/x86-mm-Add-comments-to-clarify-which-TLB-flush-funct.patch deleted file mode 100644 index fb559a2..0000000 --- a/queue/x86-mm-Add-comments-to-clarify-which-TLB-flush-funct.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 3f67af51e56f291d7417d77c4f67cd774633c5e1 Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:52 +0100 -Subject: [PATCH] x86/mm: Add comments to clarify which TLB-flush functions are - supposed to flush what - -commit 3f67af51e56f291d7417d77c4f67cd774633c5e1 upstream. - -Per popular request.. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 3e2227386abe..552d581c8f9f 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -228,6 +228,9 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask) - - extern void initialize_tlbstate_and_flush(void); - -+/* -+ * flush the entire current user mapping -+ */ - static inline void __native_flush_tlb(void) - { - /* -@@ -240,6 +243,9 @@ static inline void __native_flush_tlb(void) - preempt_enable(); - } - -+/* -+ * flush everything -+ */ - static inline void __native_flush_tlb_global(void) - { - unsigned long cr4, flags; -@@ -269,17 +275,27 @@ static inline void __native_flush_tlb_global(void) - raw_local_irq_restore(flags); - } - -+/* -+ * flush one page in the user mapping -+ */ - static inline void __native_flush_tlb_single(unsigned long addr) - { - asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); - } - -+/* -+ * flush everything -+ */ - static inline void __flush_tlb_all(void) - { -- if (boot_cpu_has(X86_FEATURE_PGE)) -+ if (boot_cpu_has(X86_FEATURE_PGE)) { - __flush_tlb_global(); -- else -+ } else { -+ /* -+ * !PGE -> !PCID (setup_pcid()), thus every flush is total. -+ */ - __flush_tlb(); -+ } - - /* - * Note: if we somehow had PCID but not PGE, then this wouldn't work -- -@@ -290,6 +306,9 @@ static inline void __flush_tlb_all(void) - */ - } - -+/* -+ * flush one page in the kernel mapping -+ */ - static inline void __flush_tlb_one(unsigned long addr) - { - count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE); --- -2.15.0 - diff --git a/queue/x86-mm-Create-asm-invpcid.h.patch b/queue/x86-mm-Create-asm-invpcid.h.patch deleted file mode 100644 index 0e88349..0000000 --- a/queue/x86-mm-Create-asm-invpcid.h.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 1a3b0caeb77edeac5ce5fa05e6a61c474c9a9745 Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:47 +0100 -Subject: [PATCH] x86/mm: Create asm/invpcid.h - -commit 1a3b0caeb77edeac5ce5fa05e6a61c474c9a9745 upstream. - -Unclutter tlbflush.h a little. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/invpcid.h b/arch/x86/include/asm/invpcid.h -new file mode 100644 -index 000000000000..989cfa86de85 ---- /dev/null -+++ b/arch/x86/include/asm/invpcid.h -@@ -0,0 +1,53 @@ -+/* SPDX-License-Identifier: GPL-2.0 */ -+#ifndef _ASM_X86_INVPCID -+#define _ASM_X86_INVPCID -+ -+static inline void __invpcid(unsigned long pcid, unsigned long addr, -+ unsigned long type) -+{ -+ struct { u64 d[2]; } desc = { { pcid, addr } }; -+ -+ /* -+ * The memory clobber is because the whole point is to invalidate -+ * stale TLB entries and, especially if we're flushing global -+ * mappings, we don't want the compiler to reorder any subsequent -+ * memory accesses before the TLB flush. -+ * -+ * The hex opcode is invpcid (%ecx), %eax in 32-bit mode and -+ * invpcid (%rcx), %rax in long mode. -+ */ -+ asm volatile (".byte 0x66, 0x0f, 0x38, 0x82, 0x01" -+ : : "m" (desc), "a" (type), "c" (&desc) : "memory"); -+} -+ -+#define INVPCID_TYPE_INDIV_ADDR 0 -+#define INVPCID_TYPE_SINGLE_CTXT 1 -+#define INVPCID_TYPE_ALL_INCL_GLOBAL 2 -+#define INVPCID_TYPE_ALL_NON_GLOBAL 3 -+ -+/* Flush all mappings for a given pcid and addr, not including globals. */ -+static inline void invpcid_flush_one(unsigned long pcid, -+ unsigned long addr) -+{ -+ __invpcid(pcid, addr, INVPCID_TYPE_INDIV_ADDR); -+} -+ -+/* Flush all mappings for a given PCID, not including globals. */ -+static inline void invpcid_flush_single_context(unsigned long pcid) -+{ -+ __invpcid(pcid, 0, INVPCID_TYPE_SINGLE_CTXT); -+} -+ -+/* Flush all mappings, including globals, for all PCIDs. */ -+static inline void invpcid_flush_all(void) -+{ -+ __invpcid(0, 0, INVPCID_TYPE_ALL_INCL_GLOBAL); -+} -+ -+/* Flush all mappings for all PCIDs except globals. */ -+static inline void invpcid_flush_all_nonglobals(void) -+{ -+ __invpcid(0, 0, INVPCID_TYPE_ALL_NON_GLOBAL); -+} -+ -+#endif /* _ASM_X86_INVPCID */ -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 8b27daff7a7f..171b429f43a2 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -9,54 +9,7 @@ - #include <asm/cpufeature.h> - #include <asm/special_insns.h> - #include <asm/smp.h> -- --static inline void __invpcid(unsigned long pcid, unsigned long addr, -- unsigned long type) --{ -- struct { u64 d[2]; } desc = { { pcid, addr } }; -- -- /* -- * The memory clobber is because the whole point is to invalidate -- * stale TLB entries and, especially if we're flushing global -- * mappings, we don't want the compiler to reorder any subsequent -- * memory accesses before the TLB flush. -- * -- * The hex opcode is invpcid (%ecx), %eax in 32-bit mode and -- * invpcid (%rcx), %rax in long mode. -- */ -- asm volatile (".byte 0x66, 0x0f, 0x38, 0x82, 0x01" -- : : "m" (desc), "a" (type), "c" (&desc) : "memory"); --} -- --#define INVPCID_TYPE_INDIV_ADDR 0 --#define INVPCID_TYPE_SINGLE_CTXT 1 --#define INVPCID_TYPE_ALL_INCL_GLOBAL 2 --#define INVPCID_TYPE_ALL_NON_GLOBAL 3 -- --/* Flush all mappings for a given pcid and addr, not including globals. */ --static inline void invpcid_flush_one(unsigned long pcid, -- unsigned long addr) --{ -- __invpcid(pcid, addr, INVPCID_TYPE_INDIV_ADDR); --} -- --/* Flush all mappings for a given PCID, not including globals. */ --static inline void invpcid_flush_single_context(unsigned long pcid) --{ -- __invpcid(pcid, 0, INVPCID_TYPE_SINGLE_CTXT); --} -- --/* Flush all mappings, including globals, for all PCIDs. */ --static inline void invpcid_flush_all(void) --{ -- __invpcid(0, 0, INVPCID_TYPE_ALL_INCL_GLOBAL); --} -- --/* Flush all mappings for all PCIDs except globals. */ --static inline void invpcid_flush_all_nonglobals(void) --{ -- __invpcid(0, 0, INVPCID_TYPE_ALL_NON_GLOBAL); --} -+#include <asm/invpcid.h> - - static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) - { --- -2.15.0 - diff --git a/queue/x86-mm-Move-the-CR3-construction-functions-to-tlbflu.patch b/queue/x86-mm-Move-the-CR3-construction-functions-to-tlbflu.patch deleted file mode 100644 index d14febd..0000000 --- a/queue/x86-mm-Move-the-CR3-construction-functions-to-tlbflu.patch +++ /dev/null @@ -1,166 +0,0 @@ -From 50fb83a62cf472dc53ba23bd3f7bd6c1b2b3b53e Mon Sep 17 00:00:00 2001 -From: Dave Hansen <dave.hansen@linux.intel.com> -Date: Mon, 4 Dec 2017 15:07:54 +0100 -Subject: [PATCH] x86/mm: Move the CR3 construction functions to tlbflush.h - -commit 50fb83a62cf472dc53ba23bd3f7bd6c1b2b3b53e upstream. - -For flushing the TLB, the ASID which has been programmed into the hardware -must be known. That differs from what is in 'cpu_tlbstate'. - -Add functions to transform the 'cpu_tlbstate' values into to the one -programmed into the hardware (CR3). - -It's not easy to include mmu_context.h into tlbflush.h, so just move the -CR3 building over to tlbflush.h. - -Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 5e25423bf9bb..5ede7cae1d67 100644 ---- a/arch/x86/include/asm/mmu_context.h -+++ b/arch/x86/include/asm/mmu_context.h -@@ -290,33 +290,6 @@ static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, - return __pkru_allows_pkey(vma_pkey(vma), write); - } - --/* -- * If PCID is on, ASID-aware code paths put the ASID+1 into the PCID -- * bits. This serves two purposes. It prevents a nasty situation in -- * which PCID-unaware code saves CR3, loads some other value (with PCID -- * == 0), and then restores CR3, thus corrupting the TLB for ASID 0 if -- * the saved ASID was nonzero. It also means that any bugs involving -- * loading a PCID-enabled CR3 with CR4.PCIDE off will trigger -- * deterministically. -- */ -- --static inline unsigned long build_cr3(struct mm_struct *mm, u16 asid) --{ -- if (static_cpu_has(X86_FEATURE_PCID)) { -- VM_WARN_ON_ONCE(asid > 4094); -- return __sme_pa(mm->pgd) | (asid + 1); -- } else { -- VM_WARN_ON_ONCE(asid != 0); -- return __sme_pa(mm->pgd); -- } --} -- --static inline unsigned long build_cr3_noflush(struct mm_struct *mm, u16 asid) --{ -- VM_WARN_ON_ONCE(asid > 4094); -- return __sme_pa(mm->pgd) | (asid + 1) | CR3_NOFLUSH; --} -- - /* - * This can be used from process context to figure out what the value of - * CR3 is without needing to do a (slow) __read_cr3(). -@@ -326,7 +299,7 @@ static inline unsigned long build_cr3_noflush(struct mm_struct *mm, u16 asid) - */ - static inline unsigned long __get_current_cr3_fast(void) - { -- unsigned long cr3 = build_cr3(this_cpu_read(cpu_tlbstate.loaded_mm), -+ unsigned long cr3 = build_cr3(this_cpu_read(cpu_tlbstate.loaded_mm)->pgd, - this_cpu_read(cpu_tlbstate.loaded_mm_asid)); - - /* For now, be very restrictive about when this can be called. */ -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 552d581c8f9f..ee7925adfb57 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -69,6 +69,32 @@ static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) - return atomic64_inc_return(&mm->context.tlb_gen); - } - -+/* -+ * If PCID is on, ASID-aware code paths put the ASID+1 into the PCID bits. -+ * This serves two purposes. It prevents a nasty situation in which -+ * PCID-unaware code saves CR3, loads some other value (with PCID == 0), -+ * and then restores CR3, thus corrupting the TLB for ASID 0 if the saved -+ * ASID was nonzero. It also means that any bugs involving loading a -+ * PCID-enabled CR3 with CR4.PCIDE off will trigger deterministically. -+ */ -+struct pgd_t; -+static inline unsigned long build_cr3(pgd_t *pgd, u16 asid) -+{ -+ if (static_cpu_has(X86_FEATURE_PCID)) { -+ VM_WARN_ON_ONCE(asid > 4094); -+ return __sme_pa(pgd) | (asid + 1); -+ } else { -+ VM_WARN_ON_ONCE(asid != 0); -+ return __sme_pa(pgd); -+ } -+} -+ -+static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid) -+{ -+ VM_WARN_ON_ONCE(asid > 4094); -+ return __sme_pa(pgd) | (asid + 1) | CR3_NOFLUSH; -+} -+ - #ifdef CONFIG_PARAVIRT - #include <asm/paravirt.h> - #else -diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 0569987f6da6..0a1be3adc97e 100644 ---- a/arch/x86/mm/tlb.c -+++ b/arch/x86/mm/tlb.c -@@ -128,7 +128,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, - * isn't free. - */ - #ifdef CONFIG_DEBUG_VM -- if (WARN_ON_ONCE(__read_cr3() != build_cr3(real_prev, prev_asid))) { -+ if (WARN_ON_ONCE(__read_cr3() != build_cr3(real_prev->pgd, prev_asid))) { - /* - * If we were to BUG here, we'd be very likely to kill - * the system so hard that we don't see the call trace. -@@ -195,7 +195,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, - if (need_flush) { - this_cpu_write(cpu_tlbstate.ctxs[new_asid].ctx_id, next->context.ctx_id); - this_cpu_write(cpu_tlbstate.ctxs[new_asid].tlb_gen, next_tlb_gen); -- write_cr3(build_cr3(next, new_asid)); -+ write_cr3(build_cr3(next->pgd, new_asid)); - - /* - * NB: This gets called via leave_mm() in the idle path -@@ -208,7 +208,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, - trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); - } else { - /* The new ASID is already up to date. */ -- write_cr3(build_cr3_noflush(next, new_asid)); -+ write_cr3(build_cr3_noflush(next->pgd, new_asid)); - - /* See above wrt _rcuidle. */ - trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, 0); -@@ -288,7 +288,7 @@ void initialize_tlbstate_and_flush(void) - !(cr4_read_shadow() & X86_CR4_PCIDE)); - - /* Force ASID 0 and force a TLB flush. */ -- write_cr3(build_cr3(mm, 0)); -+ write_cr3(build_cr3(mm->pgd, 0)); - - /* Reinitialize tlbstate. */ - this_cpu_write(cpu_tlbstate.loaded_mm_asid, 0); --- -2.15.0 - diff --git a/queue/x86-mm-Put-MMU-to-hardware-ASID-translation-in-one-p.patch b/queue/x86-mm-Put-MMU-to-hardware-ASID-translation-in-one-p.patch deleted file mode 100644 index 4512d2b..0000000 --- a/queue/x86-mm-Put-MMU-to-hardware-ASID-translation-in-one-p.patch +++ /dev/null @@ -1,95 +0,0 @@ -From dd95f1a4b5ca904c78e6a097091eb21436478abb Mon Sep 17 00:00:00 2001 -From: Dave Hansen <dave.hansen@linux.intel.com> -Date: Mon, 4 Dec 2017 15:07:56 +0100 -Subject: [PATCH] x86/mm: Put MMU to hardware ASID translation in one place - -commit dd95f1a4b5ca904c78e6a097091eb21436478abb upstream. - -There are effectively two ASID types: - - 1. The one stored in the mmu_context that goes from 0..5 - 2. The one programmed into the hardware that goes from 1..6 - -This consolidates the locations where converting between the two (by doing -a +1) to a single place which gives us a nice place to comment. -PAGE_TABLE_ISOLATION will also need to, given an ASID, know which hardware -ASID to flush for the userspace mapping. - -Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index f88ccd3ae466..8b27daff7a7f 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -85,20 +85,26 @@ static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) - */ - #define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_ASID_BITS) - 2) - --/* -- * If PCID is on, ASID-aware code paths put the ASID+1 into the PCID bits. -- * This serves two purposes. It prevents a nasty situation in which -- * PCID-unaware code saves CR3, loads some other value (with PCID == 0), -- * and then restores CR3, thus corrupting the TLB for ASID 0 if the saved -- * ASID was nonzero. It also means that any bugs involving loading a -- * PCID-enabled CR3 with CR4.PCIDE off will trigger deterministically. -- */ -+static inline u16 kern_pcid(u16 asid) -+{ -+ VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE); -+ /* -+ * If PCID is on, ASID-aware code paths put the ASID+1 into the -+ * PCID bits. This serves two purposes. It prevents a nasty -+ * situation in which PCID-unaware code saves CR3, loads some other -+ * value (with PCID == 0), and then restores CR3, thus corrupting -+ * the TLB for ASID 0 if the saved ASID was nonzero. It also means -+ * that any bugs involving loading a PCID-enabled CR3 with -+ * CR4.PCIDE off will trigger deterministically. -+ */ -+ return asid + 1; -+} -+ - struct pgd_t; - static inline unsigned long build_cr3(pgd_t *pgd, u16 asid) - { - if (static_cpu_has(X86_FEATURE_PCID)) { -- VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE); -- return __sme_pa(pgd) | (asid + 1); -+ return __sme_pa(pgd) | kern_pcid(asid); - } else { - VM_WARN_ON_ONCE(asid != 0); - return __sme_pa(pgd); -@@ -108,7 +114,8 @@ static inline unsigned long build_cr3(pgd_t *pgd, u16 asid) - static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid) - { - VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE); -- return __sme_pa(pgd) | (asid + 1) | CR3_NOFLUSH; -+ VM_WARN_ON_ONCE(!this_cpu_has(X86_FEATURE_PCID)); -+ return __sme_pa(pgd) | kern_pcid(asid) | CR3_NOFLUSH; - } - - #ifdef CONFIG_PARAVIRT --- -2.15.0 - diff --git a/queue/x86-mm-Remove-hard-coded-ASID-limit-checks.patch b/queue/x86-mm-Remove-hard-coded-ASID-limit-checks.patch deleted file mode 100644 index 08ebf3d..0000000 --- a/queue/x86-mm-Remove-hard-coded-ASID-limit-checks.patch +++ /dev/null @@ -1,85 +0,0 @@ -From cb0a9144a744e55207e24dcef812f05cd15a499a Mon Sep 17 00:00:00 2001 -From: Dave Hansen <dave.hansen@linux.intel.com> -Date: Mon, 4 Dec 2017 15:07:55 +0100 -Subject: [PATCH] x86/mm: Remove hard-coded ASID limit checks - -commit cb0a9144a744e55207e24dcef812f05cd15a499a upstream. - -First, it's nice to remove the magic numbers. - -Second, PAGE_TABLE_ISOLATION is going to consume half of the available ASID -space. The space is currently unused, but add a comment to spell out this -new restriction. - -Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index ee7925adfb57..f88ccd3ae466 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -69,6 +69,22 @@ static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) - return atomic64_inc_return(&mm->context.tlb_gen); - } - -+/* There are 12 bits of space for ASIDS in CR3 */ -+#define CR3_HW_ASID_BITS 12 -+/* -+ * When enabled, PAGE_TABLE_ISOLATION consumes a single bit for -+ * user/kernel switches -+ */ -+#define PTI_CONSUMED_ASID_BITS 0 -+ -+#define CR3_AVAIL_ASID_BITS (CR3_HW_ASID_BITS - PTI_CONSUMED_ASID_BITS) -+/* -+ * ASIDs are zero-based: 0->MAX_AVAIL_ASID are valid. -1 below to account -+ * for them being zero-based. Another -1 is because ASID 0 is reserved for -+ * use by non-PCID-aware users. -+ */ -+#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_ASID_BITS) - 2) -+ - /* - * If PCID is on, ASID-aware code paths put the ASID+1 into the PCID bits. - * This serves two purposes. It prevents a nasty situation in which -@@ -81,7 +97,7 @@ struct pgd_t; - static inline unsigned long build_cr3(pgd_t *pgd, u16 asid) - { - if (static_cpu_has(X86_FEATURE_PCID)) { -- VM_WARN_ON_ONCE(asid > 4094); -+ VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE); - return __sme_pa(pgd) | (asid + 1); - } else { - VM_WARN_ON_ONCE(asid != 0); -@@ -91,7 +107,7 @@ static inline unsigned long build_cr3(pgd_t *pgd, u16 asid) - - static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid) - { -- VM_WARN_ON_ONCE(asid > 4094); -+ VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE); - return __sme_pa(pgd) | (asid + 1) | CR3_NOFLUSH; - } - --- -2.15.0 - diff --git a/queue/x86-mm-Remove-superfluous-barriers.patch b/queue/x86-mm-Remove-superfluous-barriers.patch deleted file mode 100644 index 6582b7e..0000000 --- a/queue/x86-mm-Remove-superfluous-barriers.patch +++ /dev/null @@ -1,61 +0,0 @@ -From b5fc6d943808b570bdfbec80f40c6b3855f1c48b Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:46 +0100 -Subject: [PATCH] x86/mm: Remove superfluous barriers - -commit b5fc6d943808b570bdfbec80f40c6b3855f1c48b upstream. - -atomic64_inc_return() already implies smp_mb() before and after. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index c2e45da4e540..3e2227386abe 100644 ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -60,19 +60,13 @@ static inline void invpcid_flush_all_nonglobals(void) - - static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) - { -- u64 new_tlb_gen; -- - /* - * Bump the generation count. This also serves as a full barrier - * that synchronizes with switch_mm(): callers are required to order - * their read of mm_cpumask after their writes to the paging - * structures. - */ -- smp_mb__before_atomic(); -- new_tlb_gen = atomic64_inc_return(&mm->context.tlb_gen); -- smp_mb__after_atomic(); -- -- return new_tlb_gen; -+ return atomic64_inc_return(&mm->context.tlb_gen); - } - - #ifdef CONFIG_PARAVIRT --- -2.15.0 - diff --git a/queue/x86-mm-Use-__flush_tlb_one-for-kernel-memory.patch b/queue/x86-mm-Use-__flush_tlb_one-for-kernel-memory.patch deleted file mode 100644 index cf55d8a..0000000 --- a/queue/x86-mm-Use-__flush_tlb_one-for-kernel-memory.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a501686b2923ce6f2ff2b1d0d50682c6411baf72 Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:49 +0100 -Subject: [PATCH] x86/mm: Use __flush_tlb_one() for kernel memory - -commit a501686b2923ce6f2ff2b1d0d50682c6411baf72 upstream. - -__flush_tlb_single() is for user mappings, __flush_tlb_one() for -kernel mappings. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 3118392cdf75..0569987f6da6 100644 ---- a/arch/x86/mm/tlb.c -+++ b/arch/x86/mm/tlb.c -@@ -551,7 +551,7 @@ static void do_kernel_range_flush(void *info) - - /* flush range by one by one 'invlpg' */ - for (addr = f->start; addr < f->end; addr += PAGE_SIZE) -- __flush_tlb_single(addr); -+ __flush_tlb_one(addr); - } - - void flush_tlb_kernel_range(unsigned long start, unsigned long end) --- -2.15.0 - diff --git a/queue/x86-mm-dump_pagetables-Check-PAGE_PRESENT-for-real.patch b/queue/x86-mm-dump_pagetables-Check-PAGE_PRESENT-for-real.patch deleted file mode 100644 index 97f1d89..0000000 --- a/queue/x86-mm-dump_pagetables-Check-PAGE_PRESENT-for-real.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c05344947b37f7cda726e802457370bc6eac4d26 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sat, 16 Dec 2017 01:14:39 +0100 -Subject: [PATCH] x86/mm/dump_pagetables: Check PAGE_PRESENT for real - -commit c05344947b37f7cda726e802457370bc6eac4d26 upstream. - -The check for a present page in printk_prot(): - - if (!pgprot_val(prot)) { - /* Not present */ - -is bogus. If a PTE is set to PAGE_NONE then the pgprot_val is not zero and -the entry is decoded in bogus ways, e.g. as RX GLB. That is confusing when -analyzing mapping correctness. Check for the present bit to make an -informed decision. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c -index 5e3ac6fe6c9e..1014cfb21c2c 100644 ---- a/arch/x86/mm/dump_pagetables.c -+++ b/arch/x86/mm/dump_pagetables.c -@@ -140,7 +140,7 @@ static void printk_prot(struct seq_file *m, pgprot_t prot, int level, bool dmsg) - static const char * const level_name[] = - { "cr3", "pgd", "p4d", "pud", "pmd", "pte" }; - -- if (!pgprot_val(prot)) { -+ if (!(pr & _PAGE_PRESENT)) { - /* Not present */ - pt_dump_cont_printf(m, dmsg, " "); - } else { --- -2.15.0 - diff --git a/queue/x86-mm-dump_pagetables-Make-the-address-hints-correc.patch b/queue/x86-mm-dump_pagetables-Make-the-address-hints-correc.patch deleted file mode 100644 index affb6a3..0000000 --- a/queue/x86-mm-dump_pagetables-Make-the-address-hints-correc.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 146122e24bdf208015d629babba673e28d090709 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 20 Dec 2017 18:07:42 +0100 -Subject: [PATCH] x86/mm/dump_pagetables: Make the address hints correct and - readable - -commit 146122e24bdf208015d629babba673e28d090709 upstream. - -The address hints are a trainwreck. The array entry numbers have to kept -magically in sync with the actual hints, which is doomed as some of the -array members are initialized at runtime via the entry numbers. - -Designated initializers have been around before this code was -implemented.... - -Use the entry numbers to populate the address hints array and add the -missing bits and pieces. Split 32 and 64 bit for readability sake. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c -index 1014cfb21c2c..fdf09d8f98da 100644 ---- a/arch/x86/mm/dump_pagetables.c -+++ b/arch/x86/mm/dump_pagetables.c -@@ -44,10 +44,12 @@ struct addr_marker { - unsigned long max_lines; - }; - --/* indices for address_markers; keep sync'd w/ address_markers below */ -+/* Address space markers hints */ -+ -+#ifdef CONFIG_X86_64 -+ - enum address_markers_idx { - USER_SPACE_NR = 0, --#ifdef CONFIG_X86_64 - KERNEL_SPACE_NR, - LOW_KERNEL_NR, - VMALLOC_START_NR, -@@ -56,56 +58,70 @@ enum address_markers_idx { - KASAN_SHADOW_START_NR, - KASAN_SHADOW_END_NR, - #endif --# ifdef CONFIG_X86_ESPFIX64 -+#ifdef CONFIG_X86_ESPFIX64 - ESPFIX_START_NR, --# endif -+#endif -+#ifdef CONFIG_EFI -+ EFI_END_NR, -+#endif - HIGH_KERNEL_NR, - MODULES_VADDR_NR, - MODULES_END_NR, --#else -+ FIXADDR_START_NR, -+ END_OF_SPACE_NR, -+}; -+ -+static struct addr_marker address_markers[] = { -+ [USER_SPACE_NR] = { 0, "User Space" }, -+ [KERNEL_SPACE_NR] = { (1UL << 63), "Kernel Space" }, -+ [LOW_KERNEL_NR] = { 0UL, "Low Kernel Mapping" }, -+ [VMALLOC_START_NR] = { 0UL, "vmalloc() Area" }, -+ [VMEMMAP_START_NR] = { 0UL, "Vmemmap" }, -+#ifdef CONFIG_KASAN -+ [KASAN_SHADOW_START_NR] = { KASAN_SHADOW_START, "KASAN shadow" }, -+ [KASAN_SHADOW_END_NR] = { KASAN_SHADOW_END, "KASAN shadow end" }, -+#endif -+#ifdef CONFIG_X86_ESPFIX64 -+ [ESPFIX_START_NR] = { ESPFIX_BASE_ADDR, "ESPfix Area", 16 }, -+#endif -+#ifdef CONFIG_EFI -+ [EFI_END_NR] = { EFI_VA_END, "EFI Runtime Services" }, -+#endif -+ [HIGH_KERNEL_NR] = { __START_KERNEL_map, "High Kernel Mapping" }, -+ [MODULES_VADDR_NR] = { MODULES_VADDR, "Modules" }, -+ [MODULES_END_NR] = { MODULES_END, "End Modules" }, -+ [FIXADDR_START_NR] = { FIXADDR_START, "Fixmap Area" }, -+ [END_OF_SPACE_NR] = { -1, NULL } -+}; -+ -+#else /* CONFIG_X86_64 */ -+ -+enum address_markers_idx { -+ USER_SPACE_NR = 0, - KERNEL_SPACE_NR, - VMALLOC_START_NR, - VMALLOC_END_NR, --# ifdef CONFIG_HIGHMEM -+#ifdef CONFIG_HIGHMEM - PKMAP_BASE_NR, --# endif -- FIXADDR_START_NR, - #endif -+ FIXADDR_START_NR, -+ END_OF_SPACE_NR, - }; - --/* Address space markers hints */ - static struct addr_marker address_markers[] = { -- { 0, "User Space" }, --#ifdef CONFIG_X86_64 -- { 0x8000000000000000UL, "Kernel Space" }, -- { 0/* PAGE_OFFSET */, "Low Kernel Mapping" }, -- { 0/* VMALLOC_START */, "vmalloc() Area" }, -- { 0/* VMEMMAP_START */, "Vmemmap" }, --#ifdef CONFIG_KASAN -- { KASAN_SHADOW_START, "KASAN shadow" }, -- { KASAN_SHADOW_END, "KASAN shadow end" }, -+ [USER_SPACE_NR] = { 0, "User Space" }, -+ [KERNEL_SPACE_NR] = { PAGE_OFFSET, "Kernel Mapping" }, -+ [VMALLOC_START_NR] = { 0UL, "vmalloc() Area" }, -+ [VMALLOC_END_NR] = { 0UL, "vmalloc() End" }, -+#ifdef CONFIG_HIGHMEM -+ [PKMAP_BASE_NR] = { 0UL, "Persistent kmap() Area" }, - #endif --# ifdef CONFIG_X86_ESPFIX64 -- { ESPFIX_BASE_ADDR, "ESPfix Area", 16 }, --# endif --# ifdef CONFIG_EFI -- { EFI_VA_END, "EFI Runtime Services" }, --# endif -- { __START_KERNEL_map, "High Kernel Mapping" }, -- { MODULES_VADDR, "Modules" }, -- { MODULES_END, "End Modules" }, --#else -- { PAGE_OFFSET, "Kernel Mapping" }, -- { 0/* VMALLOC_START */, "vmalloc() Area" }, -- { 0/*VMALLOC_END*/, "vmalloc() End" }, --# ifdef CONFIG_HIGHMEM -- { 0/*PKMAP_BASE*/, "Persistent kmap() Area" }, --# endif -- { 0/*FIXADDR_START*/, "Fixmap Area" }, --#endif -- { -1, NULL } /* End of list */ -+ [FIXADDR_START_NR] = { 0UL, "Fixmap area" }, -+ [END_OF_SPACE_NR] = { -1, NULL } - }; - -+#endif /* !CONFIG_X86_64 */ -+ - /* Multipliers for offsets within the PTEs */ - #define PTE_LEVEL_MULT (PAGE_SIZE) - #define PMD_LEVEL_MULT (PTRS_PER_PTE * PTE_LEVEL_MULT) --- -2.15.0 - diff --git a/queue/x86-uv-Use-the-right-TLB-flush-API.patch b/queue/x86-uv-Use-the-right-TLB-flush-API.patch deleted file mode 100644 index 79a4250..0000000 --- a/queue/x86-uv-Use-the-right-TLB-flush-API.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 3e46e0f5ee3643a1239be9046c7ba6c66ca2b329 Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 5 Dec 2017 13:34:50 +0100 -Subject: [PATCH] x86/uv: Use the right TLB-flush API - -commit 3e46e0f5ee3643a1239be9046c7ba6c66ca2b329 upstream. - -Since uv_flush_tlb_others() implements flush_tlb_others() which is -about flushing user mappings, we should use __flush_tlb_single(), -which too is about flushing user mappings. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Acked-by: Andrew Banman <abanman@hpe.com> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Mike Travis <mike.travis@hpe.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Cc: linux-mm@kvack.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c -index f44c0bc95aa2..8538a6723171 100644 ---- a/arch/x86/platform/uv/tlb_uv.c -+++ b/arch/x86/platform/uv/tlb_uv.c -@@ -299,7 +299,7 @@ static void bau_process_message(struct msg_desc *mdp, struct bau_control *bcp, - local_flush_tlb(); - stat->d_alltlb++; - } else { -- __flush_tlb_one(msg->address); -+ __flush_tlb_single(msg->address); - stat->d_onetlb++; - } - stat->d_requestee++; --- -2.15.0 - diff --git a/queue/x86-vsyscall-64-Explicitly-set-_PAGE_USER-in-the-pag.patch b/queue/x86-vsyscall-64-Explicitly-set-_PAGE_USER-in-the-pag.patch deleted file mode 100644 index 338ad96..0000000 --- a/queue/x86-vsyscall-64-Explicitly-set-_PAGE_USER-in-the-pag.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 49275fef986abfb8b476e4708aaecc07e7d3e087 Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski <luto@kernel.org> -Date: Sun, 10 Dec 2017 22:47:19 -0800 -Subject: [PATCH] x86/vsyscall/64: Explicitly set _PAGE_USER in the pagetable - hierarchy - -commit 49275fef986abfb8b476e4708aaecc07e7d3e087 upstream. - -The kernel is very erratic as to which pagetables have _PAGE_USER set. The -vsyscall page gets lucky: it seems that all of the relevant pagetables are -among the apparently arbitrary ones that set _PAGE_USER. Rather than -relying on chance, just explicitly set _PAGE_USER. - -This will let us clean up pagetable setup to stop setting _PAGE_USER. The -added code can also be reused by pagetable isolation to manage the -_PAGE_USER bit in the usermode tables. - -[ tglx: Folded paravirt fix from Juergen Gross ] - -Signed-off-by: Andy Lutomirski <luto@kernel.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Kees Cook <keescook@chromium.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c -index f279ba2643dc..daad57c76e42 100644 ---- a/arch/x86/entry/vsyscall/vsyscall_64.c -+++ b/arch/x86/entry/vsyscall/vsyscall_64.c -@@ -37,6 +37,7 @@ - #include <asm/unistd.h> - #include <asm/fixmap.h> - #include <asm/traps.h> -+#include <asm/paravirt.h> - - #define CREATE_TRACE_POINTS - #include "vsyscall_trace.h" -@@ -329,16 +330,47 @@ int in_gate_area_no_mm(unsigned long addr) - return vsyscall_mode != NONE && (addr & PAGE_MASK) == VSYSCALL_ADDR; - } - -+/* -+ * The VSYSCALL page is the only user-accessible page in the kernel address -+ * range. Normally, the kernel page tables can have _PAGE_USER clear, but -+ * the tables covering VSYSCALL_ADDR need _PAGE_USER set if vsyscalls -+ * are enabled. -+ * -+ * Some day we may create a "minimal" vsyscall mode in which we emulate -+ * vsyscalls but leave the page not present. If so, we skip calling -+ * this. -+ */ -+static void __init set_vsyscall_pgtable_user_bits(void) -+{ -+ pgd_t *pgd; -+ p4d_t *p4d; -+ pud_t *pud; -+ pmd_t *pmd; -+ -+ pgd = pgd_offset_k(VSYSCALL_ADDR); -+ set_pgd(pgd, __pgd(pgd_val(*pgd) | _PAGE_USER)); -+ p4d = p4d_offset(pgd, VSYSCALL_ADDR); -+#if CONFIG_PGTABLE_LEVELS >= 5 -+ p4d->p4d |= _PAGE_USER; -+#endif -+ pud = pud_offset(p4d, VSYSCALL_ADDR); -+ set_pud(pud, __pud(pud_val(*pud) | _PAGE_USER)); -+ pmd = pmd_offset(pud, VSYSCALL_ADDR); -+ set_pmd(pmd, __pmd(pmd_val(*pmd) | _PAGE_USER)); -+} -+ - void __init map_vsyscall(void) - { - extern char __vsyscall_page; - unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page); - -- if (vsyscall_mode != NONE) -+ if (vsyscall_mode != NONE) { - __set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall, - vsyscall_mode == NATIVE - ? PAGE_KERNEL_VSYSCALL - : PAGE_KERNEL_VVAR); -+ set_vsyscall_pgtable_user_bits(); -+ } - - BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) != - (unsigned long)VSYSCALL_ADDR); --- -2.15.0 - diff --git a/queue/x86-vsyscall-64-Warn-and-fail-vsyscall-emulation-in-.patch b/queue/x86-vsyscall-64-Warn-and-fail-vsyscall-emulation-in-.patch deleted file mode 100644 index 2922051..0000000 --- a/queue/x86-vsyscall-64-Warn-and-fail-vsyscall-emulation-in-.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4831b779403a836158917d59a7ca880483c67378 Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski <luto@kernel.org> -Date: Sun, 10 Dec 2017 22:47:20 -0800 -Subject: [PATCH] x86/vsyscall/64: Warn and fail vsyscall emulation in NATIVE - mode - -commit 4831b779403a836158917d59a7ca880483c67378 upstream. - -If something goes wrong with pagetable setup, vsyscall=native will -accidentally fall back to emulation. Make it warn and fail so that we -notice. - -Signed-off-by: Andy Lutomirski <luto@kernel.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Kees Cook <keescook@chromium.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Signed-off-by: Ingo Molnar <mingo@kernel.org> - -diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c -index daad57c76e42..1faf40f2dda9 100644 ---- a/arch/x86/entry/vsyscall/vsyscall_64.c -+++ b/arch/x86/entry/vsyscall/vsyscall_64.c -@@ -139,6 +139,10 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) - - WARN_ON_ONCE(address != regs->ip); - -+ /* This should be unreachable in NATIVE mode. */ -+ if (WARN_ON(vsyscall_mode == NATIVE)) -+ return false; -+ - if (vsyscall_mode == NONE) { - warn_bad_vsyscall(KERN_INFO, regs, - "vsyscall attempted with vsyscall=none"); --- -2.15.0 - |