1. 21 May, 2022 6 commits
    • Pawan Gupta's avatar
      x86/speculation/mmio: Enable CPU Fill buffer clearing on idle · 99a83db5
      Pawan Gupta authored
      When the CPU is affected by Processor MMIO Stale Data vulnerabilities,
      Fill Buffer Stale Data Propagator (FBSDP) can propagate stale data out
      of Fill buffer to uncore buffer when CPU goes idle. Stale data can then
      be exploited with other variants using MMIO operations.
      
      Mitigate it by clearing the Fill buffer before entering idle state.
      Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Co-developed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      99a83db5
    • Pawan Gupta's avatar
      x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations · e5925fb8
      Pawan Gupta authored
      MDS, TAA and Processor MMIO Stale Data mitigations rely on clearing CPU
      buffers. Moreover, status of these mitigations affects each other.
      During boot, it is important to maintain the order in which these
      mitigations are selected. This is especially true for
      md_clear_update_mitigation() that needs to be called after MDS, TAA and
      Processor MMIO Stale Data mitigation selection is done.
      
      Introduce md_clear_select_mitigation(), and select all these mitigations
      from there. This reflects relationships between these mitigations and
      ensures proper ordering.
      Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      e5925fb8
    • Pawan Gupta's avatar
      x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data · 8cb861e9
      Pawan Gupta authored
      Processor MMIO Stale Data is a class of vulnerabilities that may
      expose data after an MMIO operation. For details please refer to
      Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst.
      
      These vulnerabilities are broadly categorized as:
      
      Device Register Partial Write (DRPW):
        Some endpoint MMIO registers incorrectly handle writes that are
        smaller than the register size. Instead of aborting the write or only
        copying the correct subset of bytes (for example, 2 bytes for a 2-byte
        write), more bytes than specified by the write transaction may be
        written to the register. On some processors, this may expose stale
        data from the fill buffers of the core that created the write
        transaction.
      
      Shared Buffers Data Sampling (SBDS):
        After propagators may have moved data around the uncore and copied
        stale data into client core fill buffers, processors affected by MFBDS
        can leak data from the fill buffer.
      
      Shared Buffers Data Read (SBDR):
        It is similar to Shared Buffer Data Sampling (SBDS) except that the
        data is directly read into the architectural software-visible state.
      
      An attacker can use these vulnerabilities to extract data from CPU fill
      buffers using MDS and TAA methods. Mitigate it by clearing the CPU fill
      buffers using the VERW instruction before returning to a user or a
      guest.
      
      On CPUs not affected by MDS and TAA, user application cannot sample data
      from CPU fill buffers using MDS or TAA. A guest with MMIO access can
      still use DRPW or SBDR to extract data architecturally. Mitigate it with
      VERW instruction to clear fill buffers before VMENTER for MMIO capable
      guests.
      
      Add a kernel parameter mmio_stale_data={off|full|full,nosmt} to control
      the mitigation.
      Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      8cb861e9
    • Pawan Gupta's avatar
      x86/speculation: Add a common function for MD_CLEAR mitigation update · f52ea6c2
      Pawan Gupta authored
      Processor MMIO Stale Data mitigation uses similar mitigation as MDS and
      TAA. In preparation for adding its mitigation, add a common function to
      update all mitigations that depend on MD_CLEAR.
      
        [ bp: Add a newline in md_clear_update_mitigation() to separate
          statements better. ]
      Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      f52ea6c2
    • Pawan Gupta's avatar
      x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug · 51802186
      Pawan Gupta authored
      Processor MMIO Stale Data is a class of vulnerabilities that may
      expose data after an MMIO operation. For more details please refer to
      Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst
      
      Add the Processor MMIO Stale Data bug enumeration. A microcode update
      adds new bits to the MSR IA32_ARCH_CAPABILITIES, define them.
      Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      51802186
    • Pawan Gupta's avatar
      Documentation: Add documentation for Processor MMIO Stale Data · 44194701
      Pawan Gupta authored
      Add the admin guide for Processor MMIO stale data vulnerabilities.
      Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      44194701
  2. 16 May, 2022 1 commit
  3. 15 May, 2022 8 commits
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.18-rc7' of... · 0cdd776e
      Linus Torvalds authored
      Merge tag 'driver-core-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here is one fix, and three documentation updates for 5.18-rc7.
      
        The fix is for the firmware loader which resolves a long-reported
        problem where the credentials of the firmware loader could be set to a
        userspace process without enough permissions to actually load the
        firmware image. Many Android vendors have been reporting this for
        quite some time.
      
        The documentation updates are for the embargoed-hardware-issues.rst
        file to add a new entry, change an existing one, and sort the list to
        make changes easier in the future.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'driver-core-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        Documentation/process: Update ARM contact for embargoed hardware issues
        Documentation/process: Add embargoed HW contact for Ampere Computing
        Documentation/process: Make groups alphabetical and use tabs consistently
        firmware_loader: use kernel credentials when reading firmware
      0cdd776e
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 5becde60
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are two small driver fixes for 5.18-rc7 that resolve reported
        problems:
      
         - slimbus driver irq bugfix
      
         - interconnect sync state bugfix
      
        Both of these have been in linux-next with no reported problems"
      
      * tag 'char-misc-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        slimbus: qcom: Fix IRQ check in qcom_slim_probe
        interconnect: Restore sync state by ignoring ipa-virt in provider count
      5becde60
    • Linus Torvalds's avatar
      Merge tag 'tty-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 6811a466
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small tty n_gsm and serial driver fixes for 5.18-rc7
        that resolve reported problems. They include:
      
         - n_gsm fixes for reported issues
      
         - 8250_mtk driver fixes for some platforms
      
         - fsl_lpuart driver fix for reported problem.
      
         - digicolor driver fix for reported problem.
      
        All have been in linux-next for a while with no reported problems"
      
      * tag 'tty-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        fsl_lpuart: Don't enable interrupts too early
        tty: n_gsm: fix invalid gsmtty_write_room() result
        tty: n_gsm: fix mux activation issues in gsm_config()
        tty: n_gsm: fix buffer over-read in gsm_dlci_data()
        serial: 8250_mtk: Fix register address for XON/XOFF character
        serial: 8250_mtk: Make sure to select the right FEATURE_SEL
        serial: 8250_mtk: Fix UART_EFR register address
        tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
      6811a466
    • Linus Torvalds's avatar
      Merge tag 'usb-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · fc49583c
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small fixes for reported issues with some USB drivers.
        They include:
      
         - xhci fixes for xhci-mtk platform driver
      
         - typec driver fixes for reported problems.
      
         - cdc-wdm read-stuck fix
      
         - gadget driver fix for reported race condition
      
         - new usb-serial driver ids
      
        All of these have been in linux-next with no reported problems"
      
      * tag 'usb-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: xhci-mtk: remove bandwidth budget table
        usb: xhci-mtk: fix fs isoc's transfer error
        usb: gadget: fix race when gadget driver register via ioctl
        usb: typec: tcpci_mt6360: Update for BMC PHY setting
        usb: gadget: uvc: allow for application to cleanly shutdown
        usb: typec: tcpci: Don't skip cleanup in .remove() on error
        usb: cdc-wdm: fix reading stuck on device close
        USB: serial: qcserial: add support for Sierra Wireless EM7590
        USB: serial: option: add Fibocom MA510 modem
        USB: serial: option: add Fibocom L610 modem
        USB: serial: pl2303: add device id for HP LM930 Display
      fc49583c
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.18-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · bc403203
      Linus Torvalds authored
      Pull powerpc fix from Michael Ellerman:
      
       - Fix KVM PR on 32-bit, which was broken by some MMU code refactoring.
      
      Thanks to: Alexander Graf, and Matt Evans.
      
      * tag 'powerpc-5.18-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context()
      bc403203
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2022-05-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 79dc4fc2
      Linus Torvalds authored
      Pull x86 fix from Thomas Gleixner:
       "A single fix for the handling of unpopulated sub-pmd spaces.
      
        The copy & pasta from the corresponding s390 code screwed up the
        address calculation for marking the sub-pmd ranges via memset by
        omitting the ALIGN_DOWN() to calculate the proper start address.
      
        It's a mystery why this code is not generic and shared because there
        is nothing architecture specific in there, but that's too intrusive
        for a backportable fix"
      
      * tag 'x86-urgent-2022-05-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mm: Fix marking of unused sub-pmd ranges
      79dc4fc2
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2022-05-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 990e798d
      Linus Torvalds authored
      Pull scheduler fix from Thomas Gleixner:
       "The recent expansion of the sched switch tracepoint inserted a new
        argument in the middle of the arguments. This reordering broke BPF
        programs which relied on the old argument list.
      
        While tracepoints are not considered stable ABI, it's not trivial to
        make BPF cope with such a change, but it's being worked on. For now
        restore the original argument order and move the new argument to the
        end of the argument list"
      
      * tag 'sched-urgent-2022-05-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/tracing: Append prev_state to tp args instead
      990e798d
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2022-05-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · fb756280
      Linus Torvalds authored
      Pull irq fix from Thomas Gleixner:
       "A single fix for a recent (introduced in 5.16) regression in the core
        interrupt code.
      
        The consolidation of the interrupt handler invocation code added an
        unconditional warning when generic_handle_domain_irq() is invoked from
        outside hard interrupt context. That's overbroad as the requirement
        for invoking these handlers in hard interrupt context is only required
        for certain interrupt types. The subsequently called code already
        contains a warning which triggers conditionally for interrupt chips
        which indicate this requirement in their properties.
      
        Remove the overbroad one"
      
      * tag 'irq-urgent-2022-05-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq: Remove WARN_ON_ONCE() in generic_handle_domain_irq()
      fb756280
  4. 14 May, 2022 1 commit
  5. 13 May, 2022 24 commits