From fceddf8bc80982c63d40000418c600b7789d5053 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 15 Apr 2024 15:03:19 +0200 Subject: 6.8-stable patches added patches: irqflags-explicitly-ignore-lockdep_hrtimer_exit-argument.patch kernfs-annotate-different-lockdep-class-for-of-mutex-of-writable-files.patch selftests-kselftest-fix-build-failure-with-nolibc.patch x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch x86-bugs-fix-bhi-documentation.patch --- ...itly-ignore-lockdep_hrtimer_exit-argument.patch | 40 +++++++ ...kdep-class-for-of-mutex-of-writable-files.patch | 49 ++++++++ ...s-kselftest-fix-build-failure-with-nolibc.patch | 44 +++++++ queue-6.8/series | 6 +- ...e-the-value-of-msr_ia32_arch_capabilities.patch | 133 +++++++++++++++++++++ queue-6.8/x86-bugs-fix-bhi-documentation.patch | 88 ++++++++++++++ 6 files changed, 359 insertions(+), 1 deletion(-) create mode 100644 queue-6.8/irqflags-explicitly-ignore-lockdep_hrtimer_exit-argument.patch create mode 100644 queue-6.8/kernfs-annotate-different-lockdep-class-for-of-mutex-of-writable-files.patch create mode 100644 queue-6.8/selftests-kselftest-fix-build-failure-with-nolibc.patch create mode 100644 queue-6.8/x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch create mode 100644 queue-6.8/x86-bugs-fix-bhi-documentation.patch diff --git a/queue-6.8/irqflags-explicitly-ignore-lockdep_hrtimer_exit-argument.patch b/queue-6.8/irqflags-explicitly-ignore-lockdep_hrtimer_exit-argument.patch new file mode 100644 index 0000000000..2c1cd648fc --- /dev/null +++ b/queue-6.8/irqflags-explicitly-ignore-lockdep_hrtimer_exit-argument.patch @@ -0,0 +1,40 @@ +From c1d11fc2c8320871b40730991071dd0a0b405bc8 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 8 Apr 2024 09:46:01 +0200 +Subject: irqflags: Explicitly ignore lockdep_hrtimer_exit() argument + +From: Arnd Bergmann + +commit c1d11fc2c8320871b40730991071dd0a0b405bc8 upstream. + +When building with 'make W=1' but CONFIG_TRACE_IRQFLAGS=n, the +unused argument to lockdep_hrtimer_exit() causes a warning: + +kernel/time/hrtimer.c:1655:14: error: variable 'expires_in_hardirq' set but not used [-Werror=unused-but-set-variable] + +This is intentional behavior, so add a cast to void to shut up the warning. + +Fixes: 73d20564e0dc ("hrtimer: Don't dereference the hrtimer pointer after the callback") +Reported-by: kernel test robot +Signed-off-by: Arnd Bergmann +Signed-off-by: Thomas Gleixner +Reviewed-by: Sebastian Andrzej Siewior +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20240408074609.3170807-1-arnd@kernel.org +Closes: https://lore.kernel.org/oe-kbuild-all/202311191229.55QXHVc6-lkp@intel.com/ +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/irqflags.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/irqflags.h ++++ b/include/linux/irqflags.h +@@ -114,7 +114,7 @@ do { \ + # define lockdep_softirq_enter() do { } while (0) + # define lockdep_softirq_exit() do { } while (0) + # define lockdep_hrtimer_enter(__hrtimer) false +-# define lockdep_hrtimer_exit(__context) do { } while (0) ++# define lockdep_hrtimer_exit(__context) do { (void)(__context); } while (0) + # define lockdep_posixtimer_enter() do { } while (0) + # define lockdep_posixtimer_exit() do { } while (0) + # define lockdep_irq_work_enter(__work) do { } while (0) diff --git a/queue-6.8/kernfs-annotate-different-lockdep-class-for-of-mutex-of-writable-files.patch b/queue-6.8/kernfs-annotate-different-lockdep-class-for-of-mutex-of-writable-files.patch new file mode 100644 index 0000000000..c1b25aad23 --- /dev/null +++ b/queue-6.8/kernfs-annotate-different-lockdep-class-for-of-mutex-of-writable-files.patch @@ -0,0 +1,49 @@ +From 16b52bbee4823b01ab7fe3919373c981a38f3797 Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Fri, 5 Apr 2024 17:56:35 +0300 +Subject: kernfs: annotate different lockdep class for of->mutex of writable files + +From: Amir Goldstein + +commit 16b52bbee4823b01ab7fe3919373c981a38f3797 upstream. + +The writable file /sys/power/resume may call vfs lookup helpers for +arbitrary paths and readonly files can be read by overlayfs from vfs +helpers when sysfs is a lower layer of overalyfs. + +To avoid a lockdep warning of circular dependency between overlayfs +inode lock and kernfs of->mutex, use a different lockdep class for +writable and readonly kernfs files. + +Reported-by: syzbot+9a5b0ced8b1bfb238b56@syzkaller.appspotmail.com +Fixes: 0fedefd4c4e3 ("kernfs: sysfs: support custom llseek method for sysfs entries") +Suggested-by: Al Viro +Signed-off-by: Amir Goldstein +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman +--- + fs/kernfs/file.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/fs/kernfs/file.c ++++ b/fs/kernfs/file.c +@@ -634,11 +634,18 @@ static int kernfs_fop_open(struct inode + * each file a separate locking class. Let's differentiate on + * whether the file has mmap or not for now. + * +- * Both paths of the branch look the same. They're supposed to ++ * For similar reasons, writable and readonly files are given different ++ * lockdep key, because the writable file /sys/power/resume may call vfs ++ * lookup helpers for arbitrary paths and readonly files can be read by ++ * overlayfs from vfs helpers when sysfs is a lower layer of overalyfs. ++ * ++ * All three cases look the same. They're supposed to + * look that way and give @of->mutex different static lockdep keys. + */ + if (has_mmap) + mutex_init(&of->mutex); ++ else if (file->f_mode & FMODE_WRITE) ++ mutex_init(&of->mutex); + else + mutex_init(&of->mutex); + diff --git a/queue-6.8/selftests-kselftest-fix-build-failure-with-nolibc.patch b/queue-6.8/selftests-kselftest-fix-build-failure-with-nolibc.patch new file mode 100644 index 0000000000..c6a10374ab --- /dev/null +++ b/queue-6.8/selftests-kselftest-fix-build-failure-with-nolibc.patch @@ -0,0 +1,44 @@ +From 16767502aa990cca2cb7d1372b31d328c4c85b40 Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Fri, 12 Apr 2024 14:35:36 +0200 +Subject: selftests: kselftest: Fix build failure with NOLIBC + +From: Oleg Nesterov + +commit 16767502aa990cca2cb7d1372b31d328c4c85b40 upstream. + +As Mark explains ksft_min_kernel_version() can't be compiled with nolibc, +it doesn't implement uname(). + +Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") +Reported-by: Mark Brown +Signed-off-by: Oleg Nesterov +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20240412123536.GA32444@redhat.com +Closes: https://lore.kernel.org/all/f0523b3a-ea08-4615-b0fb-5b504a2d39df@sirena.org.uk/ +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/kselftest.h | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/tools/testing/selftests/kselftest.h ++++ b/tools/testing/selftests/kselftest.h +@@ -350,6 +350,10 @@ static inline __noreturn __printf(1, 2) + static inline int ksft_min_kernel_version(unsigned int min_major, + unsigned int min_minor) + { ++#ifdef NOLIBC ++ ksft_print_msg("NOLIBC: Can't check kernel version: Function not implemented\n"); ++ return 0; ++#else + unsigned int major, minor; + struct utsname info; + +@@ -357,6 +361,7 @@ static inline int ksft_min_kernel_versio + ksft_exit_fail_msg("Can't parse kernel version\n"); + + return major > min_major || (major == min_major && minor >= min_minor); ++#endif + } + + #endif /* __KSELFTEST_H */ diff --git a/queue-6.8/series b/queue-6.8/series index f866ecb127..740eb0ef33 100644 --- a/queue-6.8/series +++ b/queue-6.8/series @@ -99,7 +99,6 @@ net-ena-fix-incorrect-descriptor-free-behavior.patch net-ena-set-tx_info-xdpf-value-to-null.patch drm-xe-display-fix-double-mutex-initialization.patch drm-xe-hwmon-cast-result-to-output-precision-on-left.patch -tracing-fix-ftrace_record_recursion_size-kconfig-ent.patch tracing-hide-unused-ftrace_event_id_fops.patch iommu-vt-d-fix-wrong-use-of-pasid-config.patch iommu-vt-d-allocate-local-memory-for-page-request-qu.patch @@ -146,3 +145,8 @@ selftests-timers-fix-posix_timers-ksft_print_msg-warning.patch selftests-timers-fix-abs-warning-in-posix_timers-test.patch selftests-kselftest-mark-functions-that-unconditionally-call-exit-as-__noreturn.patch x86-apic-force-native_apic_mem_read-to-use-the-mov-instruction.patch +irqflags-explicitly-ignore-lockdep_hrtimer_exit-argument.patch +selftests-kselftest-fix-build-failure-with-nolibc.patch +kernfs-annotate-different-lockdep-class-for-of-mutex-of-writable-files.patch +x86-bugs-fix-bhi-documentation.patch +x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch diff --git a/queue-6.8/x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch b/queue-6.8/x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch new file mode 100644 index 0000000000..8c48f5d6fa --- /dev/null +++ b/queue-6.8/x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch @@ -0,0 +1,133 @@ +From cb2db5bb04d7f778fbc1a1ea2507aab436f1bff3 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Wed, 10 Apr 2024 22:40:46 -0700 +Subject: x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES + +From: Josh Poimboeuf + +commit cb2db5bb04d7f778fbc1a1ea2507aab436f1bff3 upstream. + +There's no need to keep reading MSR_IA32_ARCH_CAPABILITIES over and +over. It's even read in the BHI sysfs function which is a big no-no. +Just read it once and cache it. + +Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") +Signed-off-by: Josh Poimboeuf +Signed-off-by: Ingo Molnar +Reviewed-by: Nikolay Borisov +Cc: Linus Torvalds +Cc: Sean Christopherson +Link: https://lore.kernel.org/r/9592a18a814368e75f8f4b9d74d3883aa4fd1eaf.1712813475.git.jpoimboe@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/bugs.c | 22 +++++++--------------- + 1 file changed, 7 insertions(+), 15 deletions(-) + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -61,6 +61,8 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_current) + u64 x86_pred_cmd __ro_after_init = PRED_CMD_IBPB; + EXPORT_SYMBOL_GPL(x86_pred_cmd); + ++static u64 __ro_after_init ia32_cap; ++ + static DEFINE_MUTEX(spec_ctrl_mutex); + + void (*x86_return_thunk)(void) __ro_after_init = __x86_return_thunk; +@@ -144,6 +146,8 @@ void __init cpu_select_mitigations(void) + x86_spec_ctrl_base &= ~SPEC_CTRL_MITIGATIONS_MASK; + } + ++ ia32_cap = x86_read_arch_cap_msr(); ++ + /* Select the proper CPU mitigations before patching alternatives: */ + spectre_v1_select_mitigation(); + spectre_v2_select_mitigation(); +@@ -301,8 +305,6 @@ static const char * const taa_strings[] + + static void __init taa_select_mitigation(void) + { +- u64 ia32_cap; +- + if (!boot_cpu_has_bug(X86_BUG_TAA)) { + taa_mitigation = TAA_MITIGATION_OFF; + return; +@@ -341,7 +343,6 @@ static void __init taa_select_mitigation + * On MDS_NO=1 CPUs if ARCH_CAP_TSX_CTRL_MSR is not set, microcode + * update is required. + */ +- ia32_cap = x86_read_arch_cap_msr(); + if ( (ia32_cap & ARCH_CAP_MDS_NO) && + !(ia32_cap & ARCH_CAP_TSX_CTRL_MSR)) + taa_mitigation = TAA_MITIGATION_UCODE_NEEDED; +@@ -401,8 +402,6 @@ static const char * const mmio_strings[] + + static void __init mmio_select_mitigation(void) + { +- u64 ia32_cap; +- + if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || + boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) || + cpu_mitigations_off()) { +@@ -413,8 +412,6 @@ static void __init mmio_select_mitigatio + if (mmio_mitigation == MMIO_MITIGATION_OFF) + return; + +- ia32_cap = x86_read_arch_cap_msr(); +- + /* + * Enable CPU buffer clear mitigation for host and VMM, if also affected + * by MDS or TAA. Otherwise, enable mitigation for VMM only. +@@ -508,7 +505,7 @@ static void __init rfds_select_mitigatio + if (rfds_mitigation == RFDS_MITIGATION_OFF) + return; + +- if (x86_read_arch_cap_msr() & ARCH_CAP_RFDS_CLEAR) ++ if (ia32_cap & ARCH_CAP_RFDS_CLEAR) + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); + else + rfds_mitigation = RFDS_MITIGATION_UCODE_NEEDED; +@@ -659,8 +656,6 @@ void update_srbds_msr(void) + + static void __init srbds_select_mitigation(void) + { +- u64 ia32_cap; +- + if (!boot_cpu_has_bug(X86_BUG_SRBDS)) + return; + +@@ -669,7 +664,6 @@ static void __init srbds_select_mitigati + * are only exposed to SRBDS when TSX is enabled or when CPU is affected + * by Processor MMIO Stale Data vulnerability. + */ +- ia32_cap = x86_read_arch_cap_msr(); + if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM) && + !boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) + srbds_mitigation = SRBDS_MITIGATION_TSX_OFF; +@@ -813,7 +807,7 @@ static void __init gds_select_mitigation + /* Will verify below that mitigation _can_ be disabled */ + + /* No microcode */ +- if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) { ++ if (!(ia32_cap & ARCH_CAP_GDS_CTRL)) { + if (gds_mitigation == GDS_MITIGATION_FORCE) { + /* + * This only needs to be done on the boot CPU so do it +@@ -1907,8 +1901,6 @@ static void update_indir_branch_cond(voi + /* Update the static key controlling the MDS CPU buffer clear in idle */ + static void update_mds_branch_idle(void) + { +- u64 ia32_cap = x86_read_arch_cap_msr(); +- + /* + * Enable the idle clearing if SMT is active on CPUs which are + * affected only by MSBDS and not any other MDS variant. +@@ -2817,7 +2809,7 @@ static const char * const spectre_bhi_st + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP)) + return "; BHI: SW loop, KVM: SW loop"; + else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && +- !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA)) ++ !(ia32_cap & ARCH_CAP_RRSBA)) + return "; BHI: Retpoline"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) + return "; BHI: Syscall hardening, KVM: SW loop"; diff --git a/queue-6.8/x86-bugs-fix-bhi-documentation.patch b/queue-6.8/x86-bugs-fix-bhi-documentation.patch new file mode 100644 index 0000000000..6045db3326 --- /dev/null +++ b/queue-6.8/x86-bugs-fix-bhi-documentation.patch @@ -0,0 +1,88 @@ +From dfe648903f42296866d79f10d03f8c85c9dfba30 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Wed, 10 Apr 2024 22:40:45 -0700 +Subject: x86/bugs: Fix BHI documentation + +From: Josh Poimboeuf + +commit dfe648903f42296866d79f10d03f8c85c9dfba30 upstream. + +Fix up some inaccuracies in the BHI documentation. + +Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") +Signed-off-by: Josh Poimboeuf +Signed-off-by: Ingo Molnar +Reviewed-by: Nikolay Borisov +Cc: Linus Torvalds +Cc: Sean Christopherson +Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/admin-guide/hw-vuln/spectre.rst | 15 ++++++++------- + Documentation/admin-guide/kernel-parameters.txt | 12 +++++++----- + 2 files changed, 15 insertions(+), 12 deletions(-) + +--- a/Documentation/admin-guide/hw-vuln/spectre.rst ++++ b/Documentation/admin-guide/hw-vuln/spectre.rst +@@ -439,11 +439,11 @@ The possible values in this file are: + - System is protected by retpoline + * - BHI: BHI_DIS_S + - System is protected by BHI_DIS_S +- * - BHI: SW loop; KVM SW loop ++ * - BHI: SW loop, KVM SW loop + - System is protected by software clearing sequence + * - BHI: Syscall hardening + - Syscalls are hardened against BHI +- * - BHI: Syscall hardening; KVM: SW loop ++ * - BHI: Syscall hardening, KVM: SW loop + - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence + + Full mitigation might require a microcode update from the CPU +@@ -666,13 +666,14 @@ kernel command line. + of the HW BHI control and the SW BHB clearing sequence. + + on +- unconditionally enable. ++ (default) Enable the HW or SW mitigation as ++ needed. + off +- unconditionally disable. ++ Disable the mitigation. + auto +- enable if hardware mitigation +- control(BHI_DIS_S) is available, otherwise +- enable alternate mitigation in KVM. ++ Enable the HW mitigation if needed, but ++ *don't* enable the SW mitigation except for KVM. ++ The system may be vulnerable. + + For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt + +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -3419,6 +3419,7 @@ + reg_file_data_sampling=off [X86] + retbleed=off [X86] + spec_store_bypass_disable=off [X86,PPC] ++ spectre_bhi=off [X86] + spectre_v2_user=off [X86] + srbds=off [X86,INTEL] + ssbd=force-off [ARM64] +@@ -6037,11 +6038,12 @@ + deployment of the HW BHI control and the SW BHB + clearing sequence. + +- on - unconditionally enable. +- off - unconditionally disable. +- auto - (default) enable hardware mitigation +- (BHI_DIS_S) if available, otherwise enable +- alternate mitigation in KVM. ++ on - (default) Enable the HW or SW mitigation ++ as needed. ++ off - Disable the mitigation. ++ auto - Enable the HW mitigation if needed, but ++ *don't* enable the SW mitigation except ++ for KVM. The system may be vulnerable. + + spectre_v2= [X86] Control mitigation of Spectre variant 2 + (indirect branch speculation) vulnerability. -- cgit 1.2.3-korg