1. 21 Feb, 2018 16 commits
  2. 20 Feb, 2018 9 commits
  3. 17 Feb, 2018 8 commits
  4. 15 Feb, 2018 7 commits
    • Linus Torvalds's avatar
      Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d4667ca1
      Linus Torvalds authored
      Pull x86 PTI and Spectre related fixes and updates from Ingo Molnar:
       "Here's the latest set of Spectre and PTI related fixes and updates:
      
        Spectre:
         - Add entry code register clearing to reduce the Spectre attack
           surface
         - Update the Spectre microcode blacklist
         - Inline the KVM Spectre helpers to get close to v4.14 performance
           again.
         - Fix indirect_branch_prediction_barrier()
         - Fix/improve Spectre related kernel messages
         - Fix array_index_nospec_mask() asm constraint
         - KVM: fix two MSR handling bugs
      
        PTI:
         - Fix a paranoid entry PTI CR3 handling bug
         - Fix comments
      
        objtool:
         - Fix paranoid_entry() frame pointer warning
         - Annotate WARN()-related UD2 as reachable
         - Various fixes
         - Add Add Peter Zijlstra as objtool co-maintainer
      
        Misc:
         - Various x86 entry code self-test fixes
         - Improve/simplify entry code stack frame generation and handling
           after recent heavy-handed PTI and Spectre changes. (There's two
           more WIP improvements expected here.)
         - Type fix for cache entries
      
        There's also some low risk non-fix changes I've included in this
        branch to reduce backporting conflicts:
      
         - rename a confusing x86_cpu field name
         - de-obfuscate the naming of single-TLB flushing primitives"
      
      * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (41 commits)
        x86/entry/64: Fix CR3 restore in paranoid_exit()
        x86/cpu: Change type of x86_cache_size variable to unsigned int
        x86/spectre: Fix an error message
        x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
        selftests/x86/mpx: Fix incorrect bounds with old _sigfault
        x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
        x86/speculation: Add <asm/msr-index.h> dependency
        nospec: Move array_index_nospec() parameter checking into separate macro
        x86/speculation: Fix up array_index_nospec_mask() asm constraint
        x86/debug: Use UD2 for WARN()
        x86/debug, objtool: Annotate WARN()-related UD2 as reachable
        objtool: Fix segfault in ignore_unreachable_insn()
        selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
        selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
        selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
        selftests/x86: Fix build bug caused by the 5lvl test which has been moved to the VM directory
        selftests/x86/pkeys: Remove unused functions
        selftests/x86: Clean up and document sscanf() usage
        selftests/x86: Fix vDSO selftest segfault for vsyscall=none
        x86/entry/64: Remove the unused 'icebp' macro
        ...
      d4667ca1
    • Ingo Molnar's avatar
      x86/entry/64: Fix CR3 restore in paranoid_exit() · e4865757
      Ingo Molnar authored
      Josh Poimboeuf noticed the following bug:
      
       "The paranoid exit code only restores the saved CR3 when it switches back
        to the user GS.  However, even in the kernel GS case, it's possible that
        it needs to restore a user CR3, if for example, the paranoid exception
        occurred in the syscall exit path between SWITCH_TO_USER_CR3_STACK and
        SWAPGS."
      
      Josh also confirmed via targeted testing that it's possible to hit this bug.
      
      Fix the bug by also restoring CR3 in the paranoid_exit_no_swapgs branch.
      
      The reason we haven't seen this bug reported by users yet is probably because
      "paranoid" entry points are limited to the following cases:
      
       idtentry double_fault       do_double_fault  has_error_code=1  paranoid=2
       idtentry debug              do_debug         has_error_code=0  paranoid=1 shift_ist=DEBUG_STACK
       idtentry int3               do_int3          has_error_code=0  paranoid=1 shift_ist=DEBUG_STACK
       idtentry machine_check      do_mce           has_error_code=0  paranoid=1
      
      Amongst those entry points only machine_check is one that will interrupt an
      IRQS-off critical section asynchronously - and machine check events are rare.
      
      The other main asynchronous entries are NMI entries, which can be very high-freq
      with perf profiling, but they are special: they don't use the 'idtentry' macro but
      are open coded and restore user CR3 unconditionally so don't have this bug.
      Reported-and-tested-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
      Acked-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Arjan van de Ven <arjan@linux.intel.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/20180214073910.boevmg65upbk3vqb@gmail.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      e4865757
    • Gustavo A. R. Silva's avatar
      x86/cpu: Change type of x86_cache_size variable to unsigned int · 24dbc600
      Gustavo A. R. Silva authored
      Currently, x86_cache_size is of type int, which makes no sense as we
      will never have a valid cache size equal or less than 0. So instead of
      initializing this variable to -1, it can perfectly be initialized to 0
      and use it as an unsigned variable instead.
      Suggested-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Addresses-Coverity-ID: 1464429
      Link: http://lkml.kernel.org/r/20180213192208.GA26414@embeddedor.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      24dbc600
    • Dan Carpenter's avatar
      x86/spectre: Fix an error message · 9de29eac
      Dan Carpenter authored
      If i == ARRAY_SIZE(mitigation_options) then we accidentally print
      garbage from one space beyond the end of the mitigation_options[] array.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: David Woodhouse <dwmw@amazon.co.uk>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: KarimAllah Ahmed <karahmed@amazon.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: kernel-janitors@vger.kernel.org
      Fixes: 9005c683 ("x86/spectre: Simplify spectre_v2 command line parsing")
      Link: http://lkml.kernel.org/r/20180214071416.GA26677@mwandaSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      9de29eac
    • Jia Zhang's avatar
      x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping · b399151c
      Jia Zhang authored
      x86_mask is a confusing name which is hard to associate with the
      processor's stepping.
      
      Additionally, correct an indent issue in lib/cpu.c.
      Signed-off-by: default avatarJia Zhang <qianyue.zj@alibaba-inc.com>
      [ Updated it to more recent kernels. ]
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: bp@alien8.de
      Cc: tony.luck@intel.com
      Link: http://lkml.kernel.org/r/1514771530-70829-1-git-send-email-qianyue.zj@alibaba-inc.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      b399151c
    • Rui Wang's avatar
      selftests/x86/mpx: Fix incorrect bounds with old _sigfault · 961888b1
      Rui Wang authored
      For distributions with old userspace header files, the _sigfault
      structure is different. mpx-mini-test fails with the following
      error:
      
        [root@Purley]# mpx-mini-test_64 tabletest
        XSAVE is supported by HW & OS
        XSAVE processor supported state mask: 0x2ff
        XSAVE OS supported state mask: 0x2ff
         BNDREGS: size: 64 user: 1 supervisor: 0 aligned: 0
          BNDCSR: size: 64 user: 1 supervisor: 0 aligned: 0
        starting mpx bounds table test
        ERROR: siginfo bounds do not match shadow bounds for register 0
      
      Fix it by using the correct offset of _lower/_upper in _sigfault.
      RHEL needs this patch to work.
      Signed-off-by: default avatarRui Wang <rui.y.wang@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: dave.hansen@linux.intel.com
      Fixes: e754aedc ("x86/mpx, selftests: Add MPX self test")
      Link: http://lkml.kernel.org/r/1513586050-1641-1-git-send-email-rui.y.wang@intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      961888b1
    • Andy Lutomirski's avatar
      x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() · 1299ef1d
      Andy Lutomirski authored
      flush_tlb_single() and flush_tlb_one() sound almost identical, but
      they really mean "flush one user translation" and "flush one kernel
      translation".  Rename them to flush_tlb_one_user() and
      flush_tlb_one_kernel() to make the semantics more obvious.
      
      [ I was looking at some PTI-related code, and the flush-one-address code
        is unnecessarily hard to understand because the names of the helpers are
        uninformative.  This came up during PTI review, but no one got around to
        doing it. ]
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Eduardo Valentin <eduval@amazon.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Juergen Gross <jgross@suse.com>
      Cc: Kees Cook <keescook@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Linux-MM <linux-mm@kvack.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Will Deacon <will.deacon@arm.com>
      Link: http://lkml.kernel.org/r/3303b02e3c3d049dc5235d5651e0ae6d29a34354.1517414378.git.luto@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      1299ef1d