Package: linux / 4.19.37-3

Metadata

Package Version Patches format
linux 4.19.37-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
bugfix/all/0002 mm add try_get_page helper function.patch | (download)

include/linux/mm.h | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 mm: add 'try_get_page()' helper function
bugfix/all/0003 mm prevent get_user_pages from overflowing page refc.patch | (download)

mm/gup.c | 45 34 + 11 - 0 !
mm/hugetlb.c | 13 13 + 0 - 0 !
2 files changed, 47 insertions(+), 11 deletions(-)

 mm: prevent get_user_pages() from overflowing page refcount
bugfix/all/0004 fs prevent page refcount overflow in pipe_buf_get.patch | (download)

fs/fuse/dev.c | 12 6 + 6 - 0 !
fs/pipe.c | 4 2 + 2 - 0 !
fs/splice.c | 12 10 + 2 - 0 !
include/linux/pipe_fs_i.h | 10 6 + 4 - 0 !
kernel/trace/trace.c | 6 5 + 1 - 0 !
5 files changed, 29 insertions(+), 15 deletions(-)

 fs: prevent page refcount overflow in pipe_buf_get
bugfix/all/spec/0001 Documentation l1tf Fix small spelling typo.patch | (download)

Documentation/admin-guide/l1tf.rst | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 01/30] documentation/l1tf: fix small spelling typo

commit 60ca05c3b44566b70d64fbb8e87a6e0c67725468 upstream

Fix small typo (wiil -> will) in the "3.4. Nested virtual machines"
section.

Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry")
Cc: linux-kernel@vger.kernel.org
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-doc@vger.kernel.org
Cc: trivial@kernel.org

Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

bugfix/all/spec/0002 x86 cpu Sanitize FAM6_ATOM naming.patch | (download)

arch/x86/events/intel/core.c | 20 11 + 9 - 0 !
arch/x86/events/intel/cstate.c | 8 4 + 4 - 0 !
arch/x86/events/intel/rapl.c | 4 2 + 2 - 0 !
arch/x86/events/msr.c | 8 4 + 4 - 0 !
arch/x86/include/asm/intel-family.h | 33 17 + 16 - 0 !
arch/x86/kernel/cpu/common.c | 28 14 + 14 - 0 !
arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 4 2 + 2 - 0 !
arch/x86/kernel/tsc.c | 2 1 + 1 - 0 !
arch/x86/kernel/tsc_msr.c | 10 5 + 5 - 0 !
arch/x86/platform/atom/punit_atom_debug.c | 4 2 + 2 - 0 !
arch/x86/platform/intel-mid/device_libs/platform_bt.c | 2 1 + 1 - 0 !
drivers/acpi/acpi_lpss.c | 2 1 + 1 - 0 !
drivers/acpi/x86/utils.c | 2 1 + 1 - 0 !
drivers/cpufreq/intel_pstate.c | 4 2 + 2 - 0 !
drivers/edac/pnd2_edac.c | 2 1 + 1 - 0 !
drivers/idle/intel_idle.c | 18 9 + 9 - 0 !
drivers/mmc/host/sdhci-acpi.c | 2 1 + 1 - 0 !
drivers/pci/pci-mid.c | 4 2 + 2 - 0 !
drivers/platform/x86/intel_int0002_vgpio.c | 2 1 + 1 - 0 !
drivers/platform/x86/intel_mid_powerbtn.c | 4 2 + 2 - 0 !
drivers/platform/x86/intel_telemetry_debugfs.c | 2 1 + 1 - 0 !
drivers/platform/x86/intel_telemetry_pltdrv.c | 2 1 + 1 - 0 !
drivers/powercap/intel_rapl.c | 10 5 + 5 - 0 !
drivers/thermal/intel_soc_dts_thermal.c | 2 1 + 1 - 0 !
sound/soc/intel/boards/bytcr_rt5651.c | 2 1 + 1 - 0 !
tools/power/x86/turbostat/turbostat.c | 46 23 + 23 - 0 !
26 files changed, 115 insertions(+), 112 deletions(-)

 [patch 02/30] x86/cpu: sanitize fam6_atom naming

commit f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e upstream

Going primarily by:

  https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors

with additional information gleaned from other related pages; notably:

 - Bonnell shrink was called Saltwell
 - Moorefield is the Merriefield refresh which makes it Airmont

The general naming scheme is: FAM6_ATOM_UARCH_SOCTYPE

  for i in `git grep -l FAM6_ATOM` ; do
	sed -i  -e 's/ATOM_PINEVIEW/ATOM_BONNELL/g'		\
		-e 's/ATOM_LINCROFT/ATOM_BONNELL_MID/'		\
		-e 's/ATOM_PENWELL/ATOM_SALTWELL_MID/g'		\
		-e 's/ATOM_CLOVERVIEW/ATOM_SALTWELL_TABLET/g'	\
		-e 's/ATOM_CEDARVIEW/ATOM_SALTWELL/g'		\
		-e 's/ATOM_SILVERMONT1/ATOM_SILVERMONT/g'	\
		-e 's/ATOM_SILVERMONT2/ATOM_SILVERMONT_X/g'	\
		-e 's/ATOM_MERRIFIELD/ATOM_SILVERMONT_MID/g'	\
		-e 's/ATOM_MOOREFIELD/ATOM_AIRMONT_MID/g'	\
		-e 's/ATOM_DENVERTON/ATOM_GOLDMONT_X/g'		\
		-e 's/ATOM_GEMINI_LAKE/ATOM_GOLDMONT_PLUS/g' ${i}
  done

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: dave.hansen@linux.intel.com
Cc: len.brown@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

bugfix/all/spec/0003 kvm x86 Report STIBP on GET_SUPPORTED_CPUID.patch | (download)

arch/x86/kvm/cpuid.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 03/30] kvm: x86: report stibp on get_supported_cpuid

commit d7b09c827a6cf291f66637a36f46928dd1423184 upstream

Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL
to the guest, which makes STIBP available to guests.  This was implemented
by commits d28b387fb74d ("KVM/VMX: Allow direct access to
MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to
MSR_IA32_SPEC_CTRL").

However, we never updated GET_SUPPORTED_CPUID to let userspace know that
STIBP can be enabled in CPUID.  Fix that by updating
kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
bugfix/all/spec/0004 x86 msr index Cleanup bit defines.patch | (download)

arch/x86/include/asm/msr-index.h | 34 18 + 16 - 0 !
tools/power/x86/turbostat/Makefile | 2 1 + 1 - 0 !
tools/power/x86/x86_energy_perf_policy/Makefile | 2 1 + 1 - 0 !
3 files changed, 20 insertions(+), 18 deletions(-)

 [patch 04/30] x86/msr-index: cleanup bit defines

commit d8eabc37310a92df40d07c5a8afc53cebf996716 upstream

Greg pointed out that speculation related bit defines are using (1 << N)
format instead of BIT(N). Aside of that (1 << N) is wrong as it should use
1UL at least.

Clean it up.

[ Josh Poimboeuf: Fix tools build ]

Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0005 x86 speculation Consolidate CPU whitelists.patch | (download)

arch/x86/kernel/cpu/common.c | 105 56 + 49 - 0 !
1 file changed, 56 insertions(+), 49 deletions(-)

 [patch 05/30] x86/speculation: consolidate cpu whitelists

commit 36ad35131adacc29b328b9c8b6277a8bf0d6fd5d upstream

The CPU vulnerability whitelists have some overlap and there are more
whitelists coming along.

Use the driver_data field in the x86_cpu_id struct to denote the
whitelisted vulnerabilities and combine all whitelists into one.

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0006 x86 speculation mds Add basic bug infrastructure for.patch | (download)

arch/x86/include/asm/cpufeatures.h | 2 2 + 0 - 0 !
arch/x86/include/asm/msr-index.h | 5 5 + 0 - 0 !
arch/x86/kernel/cpu/common.c | 23 15 + 8 - 0 !
3 files changed, 22 insertions(+), 8 deletions(-)

 [patch 06/30] x86/speculation/mds: add basic bug infrastructure for
 MDS

commit ed5194c2732c8084af9fd159c146ea92bf137128 upstream

Microarchitectural Data Sampling (MDS), is a class of side channel attacks
on internal buffers in Intel CPUs. The variants are:

 - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
 - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
 - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)

MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
dependent load (store-to-load forwarding) as an optimization. The forward
bugfix/all/spec/0007 x86 speculation mds Add BUG_MSBDS_ONLY.patch | (download)

arch/x86/include/asm/cpufeatures.h | 1 1 + 0 - 0 !
arch/x86/kernel/cpu/common.c | 20 12 + 8 - 0 !
2 files changed, 13 insertions(+), 8 deletions(-)

 [patch 07/30] x86/speculation/mds: add bug_msbds_only

commit e261f209c3666e842fd645a1e31f001c3a26def9 upstream

This bug bit is set on CPUs which are only affected by Microarchitectural
Store Buffer Data Sampling (MSBDS) and not by any other MDS variant.

This is important because the Store Buffers are partitioned between
Hyper-Threads so cross thread forwarding is not possible. But if a thread
enters or exits a sleep state the store buffer is repartitioned which can
expose data from one thread to the other. This transition can be mitigated.

That means that for CPUs which are only affected by MSBDS SMT can be
enabled, if the CPU is not affected by other SMT sensitive vulnerabilities,
e.g. L1TF. The XEON PHI variants fall into that category. Also the
Silvermont/Airmont ATOMs, but for them it's not really relevant as they do
not support SMT, but mark them for completeness sake.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0008 x86 kvm Expose X86_FEATURE_MD_CLEAR to guests.patch | (download)

arch/x86/kvm/cpuid.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 08/30] x86/kvm: expose x86_feature_md_clear to guests

commit 6c4dbbd14730c43f4ed808a9c42ca41625925c22 upstream

X86_FEATURE_MD_CLEAR is a new CPUID bit which is set when microcode
provides the mechanism to invoke a flush of various exploitable CPU buffers
by invoking the VERW instruction.

Hand it through to guests so they can adjust their mitigations.

This also requires corresponding qemu changes, which are available
separately.

[ tglx: Massaged changelog ]

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0009 x86 speculation mds Add mds_clear_cpu_buffers.patch | (download)

Documentation/index.rst | 1 1 + 0 - 0 !
Documentation/x86/conf.py | 10 10 + 0 - 0 !
Documentation/x86/index.rst | 8 8 + 0 - 0 !
Documentation/x86/mds.rst | 99 99 + 0 - 0 !
arch/x86/include/asm/nospec-branch.h | 25 25 + 0 - 0 !
5 files changed, 143 insertions(+)

 [patch 09/30] x86/speculation/mds: add mds_clear_cpu_buffers()

commit 6a9e529272517755904b7afa639f6db59ddb793e upstream

The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by
clearing the affected CPU buffers. The mechanism for clearing the buffers
uses the unused and obsolete VERW instruction in combination with a
microcode update which triggers a CPU buffer clear when VERW is executed.

Provide a inline function with the assembly magic. The argument of the VERW
instruction must be a memory operand as documented:

  "MD_CLEAR enumerates that the memory-operand variant of VERW (for
   example, VERW m16) has been extended to also overwrite buffers affected
   by MDS. This buffer overwriting functionality is not guaranteed for the
   register operand variant of VERW."

Documentation also recommends to use a writable data segment selector:

  "The buffer overwriting occurs regardless of the result of the VERW
   permission check, as well as when the selector is null or causes a
   descriptor load segment violation. However, for lowest latency we
   recommend using a selector that indicates a valid writable data
   segment."

Add x86 specific documentation about MDS and the internal workings of the
mitigation.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0010 x86 speculation mds Clear CPU buffers on exit to use.patch | (download)

Documentation/x86/mds.rst | 52 52 + 0 - 0 !
arch/x86/entry/common.c | 3 3 + 0 - 0 !
arch/x86/include/asm/nospec-branch.h | 13 13 + 0 - 0 !
arch/x86/kernel/cpu/bugs.c | 3 3 + 0 - 0 !
arch/x86/kernel/nmi.c | 4 4 + 0 - 0 !
arch/x86/kernel/traps.c | 8 8 + 0 - 0 !
6 files changed, 83 insertions(+)

 [patch 10/30] x86/speculation/mds: clear cpu buffers on exit to user

commit 04dcbdb8057827b043b3c71aa397c4c63e67d086 upstream

Add a static key which controls the invocation of the CPU buffer clear
mechanism on exit to user space and add the call into
prepare_exit_to_usermode() and do_nmi() right before actually returning.

Add documentation which kernel to user space transition this covers and
explain why some corner cases are not mitigated.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0011 x86 kvm vmx Add MDS protection when L1D Flush is not.patch | (download)

arch/x86/kernel/cpu/bugs.c | 1 1 + 0 - 0 !
arch/x86/kvm/vmx.c | 3 3 + 0 - 0 !
2 files changed, 4 insertions(+)

 [patch 11/30] x86/kvm/vmx: add mds protection when l1d flush is not
 active

commit 650b68a0622f933444a6d66936abb3103029413b upstream

CPUs which are affected by L1TF and MDS mitigate MDS with the L1D Flush on
VMENTER when updated microcode is installed.

If a CPU is not affected by L1TF or if the L1D Flush is not in use, then
MDS mitigation needs to be invoked explicitly.

For these cases, follow the host mitigation state and invoke the MDS
mitigation before VMENTER.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0012 x86 speculation mds Conditionally clear CPU buffers .patch | (download)

Documentation/x86/mds.rst | 42 42 + 0 - 0 !
arch/x86/include/asm/irqflags.h | 4 4 + 0 - 0 !
arch/x86/include/asm/mwait.h | 7 7 + 0 - 0 !
arch/x86/include/asm/nospec-branch.h | 12 12 + 0 - 0 !
arch/x86/kernel/cpu/bugs.c | 3 3 + 0 - 0 !
5 files changed, 68 insertions(+)

 [patch 12/30] x86/speculation/mds: conditionally clear cpu buffers on
 idle entry

commit 07f07f55a29cb705e221eda7894dd67ab81ef343 upstream

Add a static key which controls the invocation of the CPU buffer clear
mechanism on idle entry. This is independent of other MDS mitigations
because the idle entry invocation to mitigate the potential leakage due to
store buffer repartitioning is only necessary on SMT systems.

bugfix/all/spec/0013 x86 speculation mds Add mitigation control for MDS.patch | (download)

Documentation/admin-guide/kernel-parameters.txt | 22 22 + 0 - 0 !
arch/x86/include/asm/processor.h | 5 5 + 0 - 0 !
arch/x86/kernel/cpu/bugs.c | 70 70 + 0 - 0 !
3 files changed, 97 insertions(+)

 [patch 13/30] x86/speculation/mds: add mitigation control for mds

commit bc1241700acd82ec69fde98c5763ce51086269f8 upstream

Now that the mitigations are in place, add a command line parameter to
control the mitigation, a mitigation selector function and a SMT update
mechanism.

This is the minimal straight forward initial implementation which just
provides an always on/off mode. The command line parameter is:

  mds=[full|off]

This is consistent with the existing mitigations for other speculative
hardware vulnerabilities.

The idle invocation is dynamically updated according to the SMT state of
the system similar to the dynamic update of the STIBP mitigation. The idle
mitigation is limited to CPUs which are only affected by MSBDS and not any
other variant, because the other variants cannot be mitigated on SMT
enabled systems.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0014 x86 speculation mds Add sysfs reporting for MDS.patch | (download)

Documentation/ABI/testing/sysfs-devices-system-cpu | 1 1 + 0 - 0 !
arch/x86/kernel/cpu/bugs.c | 25 25 + 0 - 0 !
drivers/base/cpu.c | 8 8 + 0 - 0 !
include/linux/cpu.h | 2 2 + 0 - 0 !
4 files changed, 36 insertions(+)

 [patch 14/30] x86/speculation/mds: add sysfs reporting for mds

commit 8a4b06d391b0a42a373808979b5028f5c84d9c6a upstream

Add the sysfs reporting file for MDS. It exposes the vulnerability and
mitigation state similar to the existing files for the other speculative
hardware vulnerabilities.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0015 x86 speculation mds Add mitigation mode VMWERV.patch | (download)

Documentation/x86/mds.rst | 27 27 + 0 - 0 !
arch/x86/include/asm/processor.h | 1 1 + 0 - 0 !
arch/x86/kernel/cpu/bugs.c | 18 12 + 6 - 0 !
3 files changed, 40 insertions(+), 6 deletions(-)

 [patch 15/30] x86/speculation/mds: add mitigation mode vmwerv

commit 22dd8365088b6403630b82423cf906491859b65e upstream

In virtualized environments it can happen that the host has the microcode
update which utilizes the VERW instruction to clear CPU buffers, but the
hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
to guests.

Introduce an internal mitigation mode VMWERV which enables the invocation
of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
system has no updated microcode this results in a pointless execution of
the VERW instruction wasting a few CPU cycles. If the microcode is updated,
but not exposed to a guest then the CPU buffers will be cleared.

That said: Virtual Machines Will Eventually Receive Vaccine

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0016 Documentation Move L1TF to separate directory.patch | (download)

Documentation/ABI/testing/sysfs-devices-system-cpu | 2 1 + 1 - 0 !
Documentation/admin-guide/hw-vuln/index.rst | 12 12 + 0 - 0 !
Documentation/admin-guide/index.rst | 6 2 + 4 - 0 !
Documentation/admin-guide/kernel-parameters.txt | 2 1 + 1 - 0 !
arch/x86/kernel/cpu/bugs.c | 2 1 + 1 - 0 !
arch/x86/kvm/vmx.c | 4 2 + 2 - 0 !
6 files changed, 19 insertions(+), 9 deletions(-)

 [patch 16/30] documentation: move l1tf to separate directory

commit 65fd4cb65b2dad97feb8330b6690445910b56d6a upstream

Move L!TF to a separate directory so the MDS stuff can be added at the
side. Otherwise the all hardware vulnerabilites have their own top level
entry. Should have done that right away.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0017 Documentation Add MDS vulnerability documentation.patch | (download)

Documentation/ABI/testing/sysfs-devices-system-cpu | 3 1 + 2 - 0 !
Documentation/admin-guide/hw-vuln/index.rst | 1 1 + 0 - 0 !
Documentation/admin-guide/hw-vuln/l1tf.rst | 1 1 + 0 - 0 !
Documentation/admin-guide/hw-vuln/mds.rst | 307 307 + 0 - 0 !
Documentation/admin-guide/kernel-parameters.txt | 2 2 + 0 - 0 !
5 files changed, 312 insertions(+), 2 deletions(-)

 [patch 17/30] documentation: add mds vulnerability documentation

commit 5999bbe7a6ea3c62029532ec84dc06003a1fa258 upstream

Add the initial MDS vulnerability documentation.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0018 x86 speculation mds Add mds full nosmt cmdline optio.patch | (download)

Documentation/admin-guide/hw-vuln/mds.rst | 3 3 + 0 - 0 !
Documentation/admin-guide/kernel-parameters.txt | 6 4 + 2 - 0 !
arch/x86/kernel/cpu/bugs.c | 10 10 + 0 - 0 !
3 files changed, 17 insertions(+), 2 deletions(-)

 [patch 18/30] x86/speculation/mds: add mds=full,nosmt cmdline option

commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream

Add the mds=full,nosmt cmdline option.  This is like mds=full, but with
SMT disabled if the CPU is vulnerable.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0019 x86 speculation Move arch_smt_update call to after m.patch | (download)

arch/x86/kernel/cpu/bugs.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 [patch 19/30] x86/speculation: move arch_smt_update() call to after
 mitigation decisions

commit 7c3658b20194a5b3209a143f63bc9c643c6a3ae2 upstream

arch_smt_update() now has a dependency on both Spectre v2 and MDS
mitigations.  Move its initial call to after all the mitigation decisions
have been made.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0020 x86 speculation mds Add SMT warning message.patch | (download)

arch/x86/kernel/cpu/bugs.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 [patch 20/30] x86/speculation/mds: add smt warning message

commit 39226ef02bfb43248b7db12a4fdccb39d95318e3 upstream

MDS is vulnerable with SMT.  Make that clear with a one-time printk
whenever SMT first gets enabled.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0021 x86 speculation mds Fix comment.patch | (download)

arch/x86/kernel/cpu/bugs.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 21/30] x86/speculation/mds: fix comment

commit cae5ec342645746d617dd420d206e1588d47768a upstream

s/L1TF/MDS/

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0022 x86 speculation mds Print SMT vulnerable on MSBDS wi.patch | (download)

arch/x86/kernel/cpu/bugs.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 22/30] x86/speculation/mds: print smt vulnerable on msbds with
 mitigations off

commit e2c3c94788b08891dcf3dbe608f9880523ecd71b upstream

This code is only for CPUs which are affected by MSBDS, but are *not*
affected by the other two MDS issues.

For such CPUs, enabling the mds_idle_clear mitigation is enough to
mitigate SMT.

However if user boots with 'mds=off' and still has SMT enabled, we should
not report that SMT is mitigated:

$cat /sys//devices/system/cpu/vulnerabilities/mds
Vulnerable; SMT mitigated

But rather:
Vulnerable; SMT vulnerable

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0023 cpu speculation Add mitigations cmdline option.patch | (download)

Documentation/admin-guide/kernel-parameters.txt | 24 24 + 0 - 0 !
include/linux/cpu.h | 24 24 + 0 - 0 !
kernel/cpu.c | 15 15 + 0 - 0 !
3 files changed, 63 insertions(+)

 [patch 23/30] cpu/speculation: add 'mitigations=' cmdline option

commit 98af8452945c55652de68536afdde3b520fec429 upstream

Keeping track of the number of mitigations for all the CPU speculation
bugs has become overwhelming for many users.  It's getting more and more
complicated to decide which mitigations are needed for a given
architecture.  Complicating matters is the fact that each arch tends to
have its own custom way to mitigate the same vulnerability.

Most users fall into a few basic categories:

a) they want all mitigations off;

b) they want all reasonable mitigations on, with SMT enabled even if
   it's vulnerable; or

c) they want all reasonable mitigations on, with SMT disabled if
   vulnerable.

Define a set of curated, arch-independent options, each of which is an
aggregation of existing options:

- mitigations=off: Disable all mitigations.

- mitigations=auto: [default] Enable all the default mitigations, but
  leave SMT enabled, even if it's vulnerable.

- mitigations=auto,nosmt: Enable all the default mitigations, disabling
  SMT if needed by a mitigation.

Currently, these options are placeholders which don't actually do
anything.  They will be fleshed out in upcoming patches.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
bugfix/all/spec/0024 x86 speculation Support mitigations cmdline option.patch | (download)

Documentation/admin-guide/kernel-parameters.txt | 16 11 + 5 - 0 !
arch/x86/kernel/cpu/bugs.c | 11 9 + 2 - 0 !
arch/x86/mm/pti.c | 4 3 + 1 - 0 !
3 files changed, 23 insertions(+), 8 deletions(-)

 [patch 24/30] x86/speculation: support 'mitigations=' cmdline option

commit d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812 upstream

Configure x86 runtime CPU speculation bug mitigations in accordance with
the 'mitigations=' cmdline option.  This affects Meltdown, Spectre v2,
Speculative Store Bypass, and L1TF.

The default behavior is unchanged.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
bugfix/all/spec/0025 powerpc speculation Support mitigations cmdline opti.patch | (download)

Documentation/admin-guide/kernel-parameters.txt | 9 5 + 4 - 0 !
arch/powerpc/kernel/security.c | 6 3 + 3 - 0 !
arch/powerpc/kernel/setup_64.c | 2 1 + 1 - 0 !
3 files changed, 9 insertions(+), 8 deletions(-)

 [patch 25/30] powerpc/speculation: support 'mitigations=' cmdline
 option

commit 782e69efb3dfed6e8360bc612e8c7827a901a8f9 upstream

Configure powerpc CPU runtime speculation bug mitigations in accordance
with the 'mitigations=' cmdline option.  This affects Meltdown, Spectre
v1, Spectre v2, and Speculative Store Bypass.

The default behavior is unchanged.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
bugfix/all/spec/0026 s390 speculation Support mitigations cmdline option.patch | (download)

Documentation/admin-guide/kernel-parameters.txt | 5 3 + 2 - 0 !
arch/s390/kernel/nospec-branch.c | 3 2 + 1 - 0 !
2 files changed, 5 insertions(+), 3 deletions(-)

 [patch 26/30] s390/speculation: support 'mitigations=' cmdline option

commit 0336e04a6520bdaefdb0769d2a70084fa52e81ed upstream

Configure s390 runtime CPU speculation bug mitigations in accordance
with the 'mitigations=' cmdline option.  This affects Spectre v1 and
Spectre v2.

The default behavior is unchanged.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
bugfix/all/spec/0027 x86 speculation mds Add mitigations support for MDS.patch | (download)

Documentation/admin-guide/kernel-parameters.txt | 2 2 + 0 - 0 !
arch/x86/kernel/cpu/bugs.c | 5 3 + 2 - 0 !
2 files changed, 5 insertions(+), 2 deletions(-)

 [patch 27/30] x86/speculation/mds: add 'mitigations=' support for mds

commit 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12 upstream

Add MDS to the new 'mitigations=' cmdline option.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

bugfix/all/spec/0028 x86 mds Add MDSUM variant to the MDS documentation.patch | (download)

Documentation/admin-guide/hw-vuln/mds.rst | 5 3 + 2 - 0 !
Documentation/x86/mds.rst | 5 5 + 0 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

 [patch 28/30] x86/mds: add mdsum variant to the mds documentation

commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream

Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
Sampling Uncacheable Memory (MDSUM) which is a variant of
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
attacks on internal buffers in Intel CPUs.

MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
memory that takes a fault or assist can leave data in a microarchitectural
structure that may later be observed using one of the same methods used by
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
The existing mitigation for MDS applies to MDSUM as well.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
bugfix/all/spec/0029 Documentation Correct the possible MDS sysfs values.patch | (download)

Documentation/admin-guide/hw-vuln/mds.rst | 29 13 + 16 - 0 !
1 file changed, 13 insertions(+), 16 deletions(-)

 [patch 29/30] documentation: correct the possible mds sysfs values

commit ea01668f9f43021b28b3f4d5ffad50106a1e1301 upstream

Adjust the last two rows in the table that display possible values when
MDS mitigation is enabled. They both were slightly innacurate.

In addition, convert the table of possible values and their descriptions
to a list-table. The simple table format uses the top border of equals
signs to determine cell width which resulted in the first column being
far too wide in comparison to the second column that contained the
majority of the text.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

bugfix/all/spec/0030 x86 speculation mds Fix documentation typo.patch | (download)

Documentation/x86/mds.rst | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 30/30] x86/speculation/mds: fix documentation typo

commit 95310e348a321b45fb746c176961d4da72344282 upstream

Fix a minor typo in the MDS documentation: "eanbled" -> "enabled".

Reported-by: Jeff Bastian <jbastian@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

bugfix/all/spec/powerpc 64s include cpu header.patch | (download)

arch/powerpc/kernel/security.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 powerpc/64s: include cpu header
bugfix/all/module disable matching missing version crc.patch | (download)

kernel/module.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 module: disable matching missing version crc
bugfix/all/usbip document tcp wrappers.patch | (download)

tools/usb/usbip/doc/usbipd.8 | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 usbip: document tcp wrappers
bugfix/all/kbuild fix recordmcount dependency.patch | (download)

scripts/Makefile.build | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 kbuild: fix recordmcount dependency for oot modules
Date: Mon, 08 Sep 2014 18:31:24 +0100
bugfix/all/tools perf man date.patch | (download)

tools/perf/Documentation/Makefile | 3 3 + 0 - 0 !
tools/perf/Documentation/asciidoc.conf | 3 3 + 0 - 0 !
2 files changed, 6 insertions(+)

 perf tools: use $kbuild_build_timestamp as man page date
bugfix/all/tools perf remove shebangs.patch | (download)

tools/perf/scripts/perl/rw-by-file.pl | 1 0 + 1 - 0 !
tools/perf/scripts/perl/rw-by-pid.pl | 1 0 + 1 - 0 !
tools/perf/scripts/perl/rwtop.pl | 1 0 + 1 - 0 !
tools/perf/scripts/perl/wakeup-latency.pl | 1 0 + 1 - 0 !
4 files changed, 4 deletions(-)

 tools/perf: remove shebang lines from perf scripts
bugfix/all/tools lib traceevent use ldflags.patch | (download)

tools/lib/traceevent/Makefile | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 tools/lib/traceevent: use ldflags
bugfix/x86/revert perf build fix libunwind feature detection on.patch | (download)

tools/perf/Makefile.config | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 revert "perf build: fix libunwind feature detection on 32-bit x86"
bugfix/all/tools build remove bpf run time check at build time.patch | (download)

tools/build/feature/test-bpf.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 tools/build: remove bpf() run-time check at build time
bugfix/all/cpupower bump soname version.patch | (download)

tools/power/cpupower/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cpupower: bump soname version
bugfix/all/libcpupower hide private function.patch | (download)

tools/power/cpupower/lib/cpupower.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 libcpupower: hide private function

cpupower_read_sysfs() (previously known as sysfs_read_file()) is an
internal function in libcpupower and should not be exported when
libcpupower is a shared library.  Change its visibility to "hidden".

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

bugfix/all/cpupower fix checks for cpu existence.patch | (download)

tools/power/cpupower/bench/system.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 cpupower: fix checks for cpu existence
bugfix/all/tools lib api fs fs.c fix misuse of strncpy.patch | (download)

tools/lib/api/fs/fs.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 tools/lib/api/fs/fs.c: fix misuse of strncpy()
Bug-Debian: https://bugs.debian.org/897802
bugfix/all/usbip fix misuse of strncpy.patch | (download)

tools/usb/usbip/libsrc/usbip_common.c | 4 2 + 2 - 0 !
tools/usb/usbip/libsrc/usbip_device_driver.c | 4 2 + 2 - 0 !
2 files changed, 4 insertions(+), 4 deletions(-)

 usbip: fix misuse of strncpy()
Bug-Debian: https://bugs.debian.org/897802
bugfix/x86/tools x86_energy_perf_policy fix uninitialized varia.patch | (download)

tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 26 15 + 11 - 0 !
1 file changed, 15 insertions(+), 11 deletions(-)

 tools: x86_energy_perf_policy: fix "uninitialized variable"
 warnings at -O2
bugfix/x86/tools turbostat Add checks for failure of fgets and .patch | (download)

tools/power/x86/turbostat/turbostat.c | 28 18 + 10 - 0 !
1 file changed, 18 insertions(+), 10 deletions(-)

 tools: turbostat: add checks for failure of fgets() and fscanf()
bugfix/all/libbpf add soname to shared object.patch | (download)

tools/lib/bpf/Makefile | 17 5 + 12 - 0 !
1 file changed, 5 insertions(+), 12 deletions(-)

 libbpf: add soname to shared object

tools/lib/bpf/libbpf: Add proper version to the shared object.

Add versioning to the shared object to make it easier on distros to
distribute the library without having to watch for API/ABI versioning.

This is similar to the change made to tools/lib/lockdep/Makefile in
be227b45fb228adff4371b8de9e3989904209ff4.

Signed-off-by: Hilko Bengen <bengen@debian.org>


bugfix/all/libbpf link shared object with libelf.patch | (download)

tools/lib/bpf/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libbpf: link shared object with libelf

libbpf.so needs to be linked against libelf to avoid missing symbols.

Signed-off-by: Hilko Bengen <bengen@debian.org>


bugfix/all/libbpf generate pkg config.patch | (download)

tools/lib/bpf/.gitignore | 1 1 + 0 - 0 !
tools/lib/bpf/Makefile | 19 16 + 3 - 0 !
tools/lib/bpf/libbpf.pc.template | 12 12 + 0 - 0 !
3 files changed, 29 insertions(+), 3 deletions(-)

 generate pkg-config file for libbpf
 Generate a libbpf.pc file at build time so that users can rely
 on pkg-config to find the library, its CFLAGS and LDFLAGS.
debian/wireless disable regulatory.db direct loading.patch | (download)

net/wireless/reg.c | 33 33 + 0 - 0 !
1 file changed, 33 insertions(+)

 wireless: disable regulatory.db direct loading