Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6150ee7b authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge 4.14.18 into android-4.14 



Changes in 4.14.18
	scripts/faddr2line: fix CROSS_COMPILE unset error
	powerpc/64s: Wire up cpu_show_meltdown()
	powerpc/64s: Allow control of RFI flush via debugfs
	x86/retpoline: Remove the esp/rsp thunk
	KVM: x86: Make indirect calls in emulator speculation safe
	KVM: VMX: Make indirect call speculation safe
	module/retpoline: Warn about missing retpoline in module
	x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
	x86/cpufeatures: Add Intel feature bits for Speculation Control
	x86/cpufeatures: Add AMD feature bits for Speculation Control
	x86/msr: Add definitions for new speculation control MSRs
	x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
	x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
	x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
	x86/alternative: Print unadorned pointers
	x86/nospec: Fix header guards names
	x86/bugs: Drop one "mitigation" from dmesg
	x86/cpu/bugs: Make retpoline module warning conditional
	x86/cpufeatures: Clean up Spectre v2 related CPUID flags
	x86/retpoline: Simplify vmexit_fill_RSB()
	x86/speculation: Simplify indirect_branch_prediction_barrier()
	auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
	iio: adc/accel: Fix up module licenses
	pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
	ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
	KVM: nVMX: Eliminate vmcs02 pool
	KVM: VMX: introduce alloc_loaded_vmcs
	objtool: Improve retpoline alternative handling
	objtool: Add support for alternatives at the end of a section
	objtool: Warn on stripped section symbol
	x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
	x86/spectre: Check CONFIG_RETPOLINE in command line parser
	x86/entry/64: Remove the SYSCALL64 fast path
	x86/entry/64: Push extra regs right away
	x86/asm: Move 'status' from thread_struct to thread_info
	Documentation: Document array_index_nospec
	array_index_nospec: Sanitize speculative array de-references
	x86: Implement array_index_mask_nospec
	x86: Introduce barrier_nospec
	x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
	x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
	x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
	x86/get_user: Use pointer masking to limit speculation
	x86/syscall: Sanitize syscall table de-references under speculation
	vfs, fdtable: Prevent bounds-check bypass via speculative execution
	nl80211: Sanitize array index in parse_txq_params
	x86/spectre: Report get_user mitigation for spectre_v1
	x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
	x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
	x86/speculation: Use Indirect Branch Prediction Barrier in context switch
	x86/paravirt: Remove 'noreplace-paravirt' cmdline option
	KVM: VMX: make MSR bitmaps per-VCPU
	x86/kvm: Update spectre-v1 mitigation
	x86/retpoline: Avoid retpolines for built-in __init functions
	x86/spectre: Simplify spectre_v2 command line parsing
	x86/pti: Mark constant arrays as __initconst
	x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
	KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
	KVM/x86: Add IBPB support
	KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
	KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
	KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
	serial: core: mark port as initialized after successful IRQ change
	fpga: region: release of_parse_phandle nodes after use
	Linux 4.14.18

Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
parents 53591787 81d0cc85

Documentation/admin-guide/kernel-parameters.txt

+0 −2
Original line number Original line Diff line number Diff line
@@ -2721,8 +2721,6 @@ 
	norandmaps	Don't use address space randomization.  Equivalent to

	norandmaps	Don't use address space randomization.  Equivalent to

			echo 0 > /proc/sys/kernel/randomize_va_space

			echo 0 > /proc/sys/kernel/randomize_va_space





	noreplace-paravirt	[X86,IA-64,PV_OPS] Don't patch paravirt_ops



	noreplace-smp	[X86-32,SMP] Don't replace SMP instructions

	noreplace-smp	[X86-32,SMP] Don't replace SMP instructions

			with UP alternatives

			with UP alternatives

Documentation/speculation.txt

0 → 100644
+90 −0
Original line number Original line Diff line number Diff line 
This document explains potential effects of speculation, and how undesirable

effects can be mitigated portably using common APIs.



===========

Speculation

===========



To improve performance and minimize average latencies, many contemporary CPUs

employ speculative execution techniques such as branch prediction, performing

work which may be discarded at a later stage.



Typically speculative execution cannot be observed from architectural state,

such as the contents of registers. However, in some cases it is possible to

observe its impact on microarchitectural state, such as the presence or

absence of data in caches. Such state may form side-channels which can be

observed to extract secret information.



For example, in the presence of branch prediction, it is possible for bounds

checks to be ignored by code which is speculatively executed. Consider the

following code:



	int load_array(int *array, unsigned int index)

	{

		if (index >= MAX_ARRAY_ELEMS)

			return 0;

		else

			return array[index];

	}



Which, on arm64, may be compiled to an assembly sequence such as:



	CMP	<index>, #MAX_ARRAY_ELEMS

	B.LT	less

	MOV	<returnval>, #0

	RET

  less:

	LDR	<returnval>, [<array>, <index>]

	RET



It is possible that a CPU mis-predicts the conditional branch, and

speculatively loads array[index], even if index >= MAX_ARRAY_ELEMS. This

value will subsequently be discarded, but the speculated load may affect

microarchitectural state which can be subsequently measured.



More complex sequences involving multiple dependent memory accesses may

result in sensitive information being leaked. Consider the following

code, building on the prior example:



	int load_dependent_arrays(int *arr1, int *arr2, int index)

	{

		int val1, val2,



		val1 = load_array(arr1, index);

		val2 = load_array(arr2, val1);



		return val2;

	}



Under speculation, the first call to load_array() may return the value

of an out-of-bounds address, while the second call will influence

microarchitectural state dependent on this value. This may provide an

arbitrary read primitive.



====================================

Mitigating speculation side-channels

====================================



The kernel provides a generic API to ensure that bounds checks are

respected even under speculation. Architectures which are affected by

speculation-based side-channels are expected to implement these

primitives.



The array_index_nospec() helper in <linux/nospec.h> can be used to

prevent information from being leaked via side-channels.



A call to array_index_nospec(index, size) returns a sanitized index

value that is bounded to [0, size) even under cpu speculation

conditions.



This can be used to protect the earlier load_array() example:



	int load_array(int *array, unsigned int index)

	{

		if (index >= MAX_ARRAY_ELEMS)

			return 0;

		else {

			index = array_index_nospec(index, MAX_ARRAY_ELEMS);

			return array[index];

		}

	}

Makefile

+1 −1
Original line number Original line Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

# SPDX-License-Identifier: GPL-2.0

VERSION = 4

VERSION = 4

PATCHLEVEL = 14

PATCHLEVEL = 14

SUBLEVEL = 17

SUBLEVEL = 18

EXTRAVERSION =

EXTRAVERSION =

NAME = Petit Gorille

NAME = Petit Gorille

arch/powerpc/Kconfig

+1 −0
Original line number Original line Diff line number Diff line
@@ -164,6 +164,7 @@ config PPC 
	select GENERIC_CLOCKEVENTS_BROADCAST	if SMP

	select GENERIC_CLOCKEVENTS_BROADCAST	if SMP

	select GENERIC_CMOS_UPDATE

	select GENERIC_CMOS_UPDATE

	select GENERIC_CPU_AUTOPROBE

	select GENERIC_CPU_AUTOPROBE

	select GENERIC_CPU_VULNERABILITIES	if PPC_BOOK3S_64

	select GENERIC_IRQ_SHOW

	select GENERIC_IRQ_SHOW

	select GENERIC_IRQ_SHOW_LEVEL

	select GENERIC_IRQ_SHOW_LEVEL

	select GENERIC_SMP_IDLE_THREAD

	select GENERIC_SMP_IDLE_THREAD

arch/powerpc/kernel/setup_64.c

+38 −0
Original line number Original line Diff line number Diff line
@@ -38,6 +38,7 @@ 
#include <linux/memory.h>

#include <linux/memory.h>

#include <linux/nmi.h>

#include <linux/nmi.h>





#include <asm/debugfs.h>

#include <asm/io.h>

#include <asm/io.h>

#include <asm/kdump.h>

#include <asm/kdump.h>

#include <asm/prom.h>

#include <asm/prom.h>
@@ -884,4 +885,41 @@ void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) 
	if (!no_rfi_flush)

	if (!no_rfi_flush)

		rfi_flush_enable(enable);

		rfi_flush_enable(enable);

}

}



#ifdef CONFIG_DEBUG_FS

static int rfi_flush_set(void *data, u64 val)

{

	if (val == 1)

		rfi_flush_enable(true);

	else if (val == 0)

		rfi_flush_enable(false);

	else

		return -EINVAL;



	return 0;

}



static int rfi_flush_get(void *data, u64 *val)

{

	*val = rfi_flush ? 1 : 0;

	return 0;

}



DEFINE_SIMPLE_ATTRIBUTE(fops_rfi_flush, rfi_flush_get, rfi_flush_set, "%llu\n");



static __init int rfi_flush_debugfs_init(void)

{

	debugfs_create_file("rfi_flush", 0600, powerpc_debugfs_root, NULL, &fops_rfi_flush);

	return 0;

}

device_initcall(rfi_flush_debugfs_init);

#endif



ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)

{

	if (rfi_flush)

		return sprintf(buf, "Mitigation: RFI Flush\n");



	return sprintf(buf, "Vulnerable\n");

}

#endif /* CONFIG_PPC_BOOK3S_64 */
 
#endif /* CONFIG_PPC_BOOK3S_64 */