Update to 4.15.2
This commit is contained in:
parent
0ce4bbe790
commit
2ac5e9851a
|
@ -1,4 +1,4 @@
|
||||||
linux (4.15.1-1~exp1) UNRELEASED; urgency=medium
|
linux (4.15.2-1~exp1) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* New upstream release: https://kernelnewbies.org/Linux_4.15
|
* New upstream release: https://kernelnewbies.org/Linux_4.15
|
||||||
* New upstream stable update:
|
* New upstream stable update:
|
||||||
|
@ -58,6 +58,68 @@ linux (4.15.1-1~exp1) UNRELEASED; urgency=medium
|
||||||
- Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
|
- Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
|
||||||
- Input: synaptics-rmi4 - do not delete interrupt memory too early
|
- Input: synaptics-rmi4 - do not delete interrupt memory too early
|
||||||
- x86/efi: Clarify that reset attack mitigation needs appropriate userspace
|
- x86/efi: Clarify that reset attack mitigation needs appropriate userspace
|
||||||
|
* New upstream stable update:
|
||||||
|
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.2
|
||||||
|
- KVM: x86: Make indirect calls in emulator speculation safe
|
||||||
|
- KVM: VMX: Make indirect call speculation safe
|
||||||
|
- module/retpoline: Warn about missing retpoline in module
|
||||||
|
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
|
||||||
|
- x86/cpufeatures: Add Intel feature bits for Speculation Control
|
||||||
|
- x86/cpufeatures: Add AMD feature bits for Speculation Control
|
||||||
|
- x86/msr: Add definitions for new speculation control MSRs
|
||||||
|
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
|
||||||
|
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
|
||||||
|
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
|
||||||
|
- x86/alternative: Print unadorned pointers
|
||||||
|
- x86/nospec: Fix header guards names
|
||||||
|
- x86/bugs: Drop one "mitigation" from dmesg
|
||||||
|
- x86/cpu/bugs: Make retpoline module warning conditional
|
||||||
|
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
|
||||||
|
- x86/retpoline: Simplify vmexit_fill_RSB()
|
||||||
|
- x86/speculation: Simplify indirect_branch_prediction_barrier()
|
||||||
|
- auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
|
||||||
|
- iio: adc/accel: Fix up module licenses
|
||||||
|
- pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
|
||||||
|
- ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
|
||||||
|
- KVM: nVMX: Eliminate vmcs02 pool
|
||||||
|
- KVM: VMX: introduce alloc_loaded_vmcs
|
||||||
|
- objtool: Improve retpoline alternative handling
|
||||||
|
- objtool: Add support for alternatives at the end of a section
|
||||||
|
- objtool: Warn on stripped section symbol
|
||||||
|
- x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
|
||||||
|
- x86/spectre: Check CONFIG_RETPOLINE in command line parser
|
||||||
|
- x86/entry/64: Remove the SYSCALL64 fast path
|
||||||
|
- x86/entry/64: Push extra regs right away
|
||||||
|
- x86/asm: Move 'status' from thread_struct to thread_info
|
||||||
|
- Documentation: Document array_index_nospec
|
||||||
|
- array_index_nospec: Sanitize speculative array de-references
|
||||||
|
- x86: Implement array_index_mask_nospec
|
||||||
|
- x86: Introduce barrier_nospec
|
||||||
|
- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
|
||||||
|
- x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
|
||||||
|
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
|
||||||
|
- x86/get_user: Use pointer masking to limit speculation
|
||||||
|
- x86/syscall: Sanitize syscall table de-references under speculation
|
||||||
|
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
|
||||||
|
- nl80211: Sanitize array index in parse_txq_params
|
||||||
|
- x86/spectre: Report get_user mitigation for spectre_v1
|
||||||
|
- x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
|
||||||
|
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
|
||||||
|
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch
|
||||||
|
- x86/paravirt: Remove 'noreplace-paravirt' cmdline option
|
||||||
|
- KVM: VMX: make MSR bitmaps per-VCPU
|
||||||
|
- x86/kvm: Update spectre-v1 mitigation
|
||||||
|
- x86/retpoline: Avoid retpolines for built-in __init functions
|
||||||
|
- x86/spectre: Simplify spectre_v2 command line parsing
|
||||||
|
- x86/pti: Mark constant arrays as __initconst
|
||||||
|
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
|
||||||
|
- KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
|
||||||
|
- KVM/x86: Add IBPB support
|
||||||
|
- KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
|
||||||
|
- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
|
||||||
|
- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
|
||||||
|
- serial: core: mark port as initialized after successful IRQ change
|
||||||
|
- fpga: region: release of_parse_phandle nodes after use
|
||||||
|
|
||||||
[ Bastian Blank ]
|
[ Bastian Blank ]
|
||||||
* Add cloud-amd64 kernel flavour.
|
* Add cloud-amd64 kernel flavour.
|
||||||
|
|
|
@ -19,18 +19,19 @@ version at boot time. Add a Kconfig parameter to set the default.
|
||||||
|
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
Documentation/admin-guide/kernel-parameters.txt | 4 ++
|
Documentation/admin-guide/kernel-parameters.txt | 4 ++++
|
||||||
arch/x86/Kconfig | 8 ++++
|
arch/x86/Kconfig | 8 +++++++
|
||||||
arch/x86/entry/common.c | 16 ++++++++-
|
arch/x86/entry/common.c | 16 +++++++++++--
|
||||||
arch/x86/entry/entry_64.S | 18 +++++++++--
|
arch/x86/entry/syscall_64.c | 31 +++++++++++++++++++++++++
|
||||||
arch/x86/entry/syscall_64.c | 39 ++++++++++++++++++++++++
|
arch/x86/include/asm/elf.h | 3 ++-
|
||||||
arch/x86/include/asm/elf.h | 3 +
|
arch/x86/include/asm/syscall.h | 6 +++++
|
||||||
arch/x86/include/asm/syscall.h | 6 +++
|
6 files changed, 65 insertions(+), 3 deletions(-)
|
||||||
7 files changed, 89 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
|
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
|
index 1e762c210f1b..9fd9eb61606d 100644
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -4048,6 +4048,10 @@
|
@@ -4096,6 +4096,10 @@
|
||||||
|
|
||||||
switches= [HW,M68k]
|
switches= [HW,M68k]
|
||||||
|
|
||||||
|
@ -41,9 +42,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
sysfs.deprecated=0|1 [KNL]
|
sysfs.deprecated=0|1 [KNL]
|
||||||
Enable/disable old style sysfs layout for old udev
|
Enable/disable old style sysfs layout for old udev
|
||||||
on older distributions. When this option is enabled
|
on older distributions. When this option is enabled
|
||||||
|
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||||
|
index 20da391b5f32..16f0c88fcc3d 100644
|
||||||
--- a/arch/x86/Kconfig
|
--- a/arch/x86/Kconfig
|
||||||
+++ b/arch/x86/Kconfig
|
+++ b/arch/x86/Kconfig
|
||||||
@@ -2850,6 +2850,14 @@ config COMPAT_32
|
@@ -2863,6 +2863,14 @@ config COMPAT_32
|
||||||
select HAVE_UID16
|
select HAVE_UID16
|
||||||
select OLD_SIGSUSPEND3
|
select OLD_SIGSUSPEND3
|
||||||
|
|
||||||
|
@ -58,6 +61,90 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
config COMPAT
|
config COMPAT
|
||||||
def_bool y
|
def_bool y
|
||||||
depends on IA32_EMULATION || X86_X32
|
depends on IA32_EMULATION || X86_X32
|
||||||
|
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
|
||||||
|
index 21dbdf0e476b..a26c084ecca5 100644
|
||||||
|
--- a/arch/x86/entry/common.c
|
||||||
|
+++ b/arch/x86/entry/common.c
|
||||||
|
@@ -270,6 +270,7 @@ __visible void do_syscall_64(struct pt_regs *regs)
|
||||||
|
{
|
||||||
|
struct thread_info *ti = current_thread_info();
|
||||||
|
unsigned long nr = regs->orig_ax;
|
||||||
|
+ unsigned int syscall_mask, nr_syscalls_enabled;
|
||||||
|
|
||||||
|
enter_from_user_mode();
|
||||||
|
local_irq_enable();
|
||||||
|
@@ -282,8 +283,19 @@ __visible void do_syscall_64(struct pt_regs *regs)
|
||||||
|
* table. The only functional difference is the x32 bit in
|
||||||
|
* regs->orig_ax, which changes the behavior of some syscalls.
|
||||||
|
*/
|
||||||
|
- if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
|
||||||
|
- nr = array_index_nospec(nr & __SYSCALL_MASK, NR_syscalls);
|
||||||
|
+ if (__SYSCALL_MASK == ~0U || x32_enabled) {
|
||||||
|
+ syscall_mask = __SYSCALL_MASK;
|
||||||
|
+ nr_syscalls_enabled = NR_syscalls;
|
||||||
|
+ } else {
|
||||||
|
+ /*
|
||||||
|
+ * x32 syscalls present but not enabled. Don't mask out
|
||||||
|
+ * the x32 flag and don't enable any x32-specific calls.
|
||||||
|
+ */
|
||||||
|
+ syscall_mask = ~0U;
|
||||||
|
+ nr_syscalls_enabled = 512;
|
||||||
|
+ }
|
||||||
|
+ if (likely((nr & syscall_mask) < nr_syscalls_enabled)) {
|
||||||
|
+ nr = array_index_nospec(nr & syscall_mask, nr_syscalls_enabled);
|
||||||
|
regs->ax = sys_call_table[nr](
|
||||||
|
regs->di, regs->si, regs->dx,
|
||||||
|
regs->r10, regs->r8, regs->r9);
|
||||||
|
diff --git a/arch/x86/entry/syscall_64.c b/arch/x86/entry/syscall_64.c
|
||||||
|
index c176d2fab1da..0f15e2686d09 100644
|
||||||
|
--- a/arch/x86/entry/syscall_64.c
|
||||||
|
+++ b/arch/x86/entry/syscall_64.c
|
||||||
|
@@ -4,8 +4,14 @@
|
||||||
|
#include <linux/linkage.h>
|
||||||
|
#include <linux/sys.h>
|
||||||
|
#include <linux/cache.h>
|
||||||
|
+#include <linux/moduleparam.h>
|
||||||
|
+#undef MODULE_PARAM_PREFIX
|
||||||
|
+#define MODULE_PARAM_PREFIX "syscall."
|
||||||
|
+#include <linux/bug.h>
|
||||||
|
+#include <linux/init.h>
|
||||||
|
#include <asm/asm-offsets.h>
|
||||||
|
#include <asm/syscall.h>
|
||||||
|
+#include <asm/text-patching.h>
|
||||||
|
|
||||||
|
#define __SYSCALL_64(nr, sym, qual) extern asmlinkage long sym(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
|
||||||
|
#include <asm/syscalls_64.h>
|
||||||
|
@@ -23,3 +29,28 @@ asmlinkage const sys_call_ptr_t sys_call_table[__NR_syscall_max+1] = {
|
||||||
|
[0 ... __NR_syscall_max] = &sys_ni_syscall,
|
||||||
|
#include <asm/syscalls_64.h>
|
||||||
|
};
|
||||||
|
+
|
||||||
|
+#ifdef CONFIG_X86_X32_ABI
|
||||||
|
+
|
||||||
|
+/* Maybe enable x32 syscalls */
|
||||||
|
+
|
||||||
|
+bool x32_enabled = !IS_ENABLED(CONFIG_X86_X32_DISABLED);
|
||||||
|
+module_param_named(x32, x32_enabled, bool, 0444);
|
||||||
|
+
|
||||||
|
+static int __init x32_enable(void)
|
||||||
|
+{
|
||||||
|
+ if (x32_enabled) {
|
||||||
|
+#ifdef CONFIG_X86_X32_DISABLED
|
||||||
|
+ pr_info("Enabled x32 syscalls\n");
|
||||||
|
+#endif
|
||||||
|
+ }
|
||||||
|
+#ifndef CONFIG_X86_X32_DISABLED
|
||||||
|
+ else
|
||||||
|
+ pr_info("Disabled x32 syscalls\n");
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+late_initcall(x32_enable);
|
||||||
|
+
|
||||||
|
+#endif
|
||||||
|
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
|
||||||
|
index 0d157d2a1e2a..17e23826a802 100644
|
||||||
--- a/arch/x86/include/asm/elf.h
|
--- a/arch/x86/include/asm/elf.h
|
||||||
+++ b/arch/x86/include/asm/elf.h
|
+++ b/arch/x86/include/asm/elf.h
|
||||||
@@ -10,6 +10,7 @@
|
@@ -10,6 +10,7 @@
|
||||||
|
@ -77,129 +164,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
|
||||||
#if __USER32_DS != __USER_DS
|
#if __USER32_DS != __USER_DS
|
||||||
# error "The following code assumes __USER32_DS == __USER_DS"
|
# error "The following code assumes __USER32_DS == __USER_DS"
|
||||||
--- a/arch/x86/entry/entry_64.S
|
diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
|
||||||
+++ b/arch/x86/entry/entry_64.S
|
index 03eedc21246d..c5bce400ebb4 100644
|
||||||
@@ -251,8 +251,12 @@ entry_SYSCALL_64_fastpath:
|
|
||||||
#if __SYSCALL_MASK == ~0
|
|
||||||
cmpq $__NR_syscall_max, %rax
|
|
||||||
#else
|
|
||||||
- andl $__SYSCALL_MASK, %eax
|
|
||||||
- cmpl $__NR_syscall_max, %eax
|
|
||||||
+.global system_call_fast_compare
|
|
||||||
+.global system_call_fast_compare_end
|
|
||||||
+system_call_fast_compare:
|
|
||||||
+ cmpq $511, %rax /* x32 syscalls start at 512 */
|
|
||||||
+ .byte P6_NOP4
|
|
||||||
+system_call_fast_compare_end:
|
|
||||||
#endif
|
|
||||||
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
|
|
||||||
movq %r10, %rcx
|
|
||||||
@@ -409,6 +413,16 @@ syscall_return_via_sysret:
|
|
||||||
USERGS_SYSRET64
|
|
||||||
END(entry_SYSCALL_64)
|
|
||||||
|
|
||||||
+#if __SYSCALL_MASK != ~0
|
|
||||||
+ /* This replaces the usual comparisons if syscall.x32 is set */
|
|
||||||
+.global system_call_mask_compare
|
|
||||||
+.global system_call_mask_compare_end
|
|
||||||
+system_call_mask_compare:
|
|
||||||
+ andl $__SYSCALL_MASK, %eax
|
|
||||||
+ cmpl $__NR_syscall_max, %eax
|
|
||||||
+system_call_mask_compare_end:
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
ENTRY(stub_ptregs_64)
|
|
||||||
/*
|
|
||||||
* Syscalls marked as needing ptregs land here.
|
|
||||||
--- a/arch/x86/entry/syscall_64.c
|
|
||||||
+++ b/arch/x86/entry/syscall_64.c
|
|
||||||
@@ -4,8 +4,14 @@
|
|
||||||
#include <linux/linkage.h>
|
|
||||||
#include <linux/sys.h>
|
|
||||||
#include <linux/cache.h>
|
|
||||||
+#include <linux/moduleparam.h>
|
|
||||||
+#undef MODULE_PARAM_PREFIX
|
|
||||||
+#define MODULE_PARAM_PREFIX "syscall."
|
|
||||||
+#include <linux/bug.h>
|
|
||||||
+#include <linux/init.h>
|
|
||||||
#include <asm/asm-offsets.h>
|
|
||||||
#include <asm/syscall.h>
|
|
||||||
+#include <asm/text-patching.h>
|
|
||||||
|
|
||||||
#define __SYSCALL_64_QUAL_(sym) sym
|
|
||||||
#define __SYSCALL_64_QUAL_ptregs(sym) ptregs_##sym
|
|
||||||
@@ -26,3 +32,36 @@ asmlinkage const sys_call_ptr_t sys_call
|
|
||||||
[0 ... __NR_syscall_max] = &sys_ni_syscall,
|
|
||||||
#include <asm/syscalls_64.h>
|
|
||||||
};
|
|
||||||
+
|
|
||||||
+#ifdef CONFIG_X86_X32_ABI
|
|
||||||
+
|
|
||||||
+/* Maybe enable x32 syscalls */
|
|
||||||
+
|
|
||||||
+bool x32_enabled = !IS_ENABLED(CONFIG_X86_X32_DISABLED);
|
|
||||||
+module_param_named(x32, x32_enabled, bool, 0444);
|
|
||||||
+
|
|
||||||
+extern char system_call_fast_compare_end[], system_call_fast_compare[],
|
|
||||||
+ system_call_mask_compare_end[], system_call_mask_compare[];
|
|
||||||
+
|
|
||||||
+static int __init x32_enable(void)
|
|
||||||
+{
|
|
||||||
+ BUG_ON(system_call_fast_compare_end - system_call_fast_compare != 10);
|
|
||||||
+ BUG_ON(system_call_mask_compare_end - system_call_mask_compare != 10);
|
|
||||||
+
|
|
||||||
+ if (x32_enabled) {
|
|
||||||
+ text_poke_early(system_call_fast_compare,
|
|
||||||
+ system_call_mask_compare, 10);
|
|
||||||
+#ifdef CONFIG_X86_X32_DISABLED
|
|
||||||
+ pr_info("Enabled x32 syscalls\n");
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
+#ifndef CONFIG_X86_X32_DISABLED
|
|
||||||
+ else
|
|
||||||
+ pr_info("Disabled x32 syscalls\n");
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+late_initcall(x32_enable);
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
--- a/arch/x86/entry/common.c
|
|
||||||
+++ b/arch/x86/entry/common.c
|
|
||||||
@@ -269,6 +269,7 @@ __visible void do_syscall_64(struct pt_r
|
|
||||||
{
|
|
||||||
struct thread_info *ti = current_thread_info();
|
|
||||||
unsigned long nr = regs->orig_ax;
|
|
||||||
+ unsigned int syscall_mask, nr_syscalls_enabled;
|
|
||||||
|
|
||||||
enter_from_user_mode();
|
|
||||||
local_irq_enable();
|
|
||||||
@@ -281,8 +282,19 @@ __visible void do_syscall_64(struct pt_r
|
|
||||||
* table. The only functional difference is the x32 bit in
|
|
||||||
* regs->orig_ax, which changes the behavior of some syscalls.
|
|
||||||
*/
|
|
||||||
- if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
|
|
||||||
- regs->ax = sys_call_table[nr & __SYSCALL_MASK](
|
|
||||||
+ if (__SYSCALL_MASK == ~0U || x32_enabled) {
|
|
||||||
+ syscall_mask = __SYSCALL_MASK;
|
|
||||||
+ nr_syscalls_enabled = NR_syscalls;
|
|
||||||
+ } else {
|
|
||||||
+ /*
|
|
||||||
+ * x32 syscalls present but not enabled. Don't mask out
|
|
||||||
+ * the x32 flag and don't enable any x32-specific calls.
|
|
||||||
+ */
|
|
||||||
+ syscall_mask = ~0U;
|
|
||||||
+ nr_syscalls_enabled = 512;
|
|
||||||
+ }
|
|
||||||
+ if (likely((nr & syscall_mask) < nr_syscalls_enabled)) {
|
|
||||||
+ regs->ax = sys_call_table[nr & syscall_mask](
|
|
||||||
regs->di, regs->si, regs->dx,
|
|
||||||
regs->r10, regs->r8, regs->r9);
|
|
||||||
}
|
|
||||||
--- a/arch/x86/include/asm/syscall.h
|
--- a/arch/x86/include/asm/syscall.h
|
||||||
+++ b/arch/x86/include/asm/syscall.h
|
+++ b/arch/x86/include/asm/syscall.h
|
||||||
@@ -35,6 +35,12 @@ extern const sys_call_ptr_t sys_call_tab
|
@@ -35,6 +35,12 @@ extern const sys_call_ptr_t sys_call_table[];
|
||||||
extern const sys_call_ptr_t ia32_sys_call_table[];
|
extern const sys_call_ptr_t ia32_sys_call_table[];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -212,3 +181,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
/*
|
/*
|
||||||
* Only the low 32 bits of orig_ax are meaningful, so we return int.
|
* Only the low 32 bits of orig_ax are meaningful, so we return int.
|
||||||
* This importantly ignores the high bits on 64-bit, so comparisons
|
* This importantly ignores the high bits on 64-bit, so comparisons
|
||||||
|
--
|
||||||
|
2.16.1
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue