diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-05-22 23:16:35 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-05-22 23:16:35 +0100 |
commit | a44fe45dcd6971deacbd9fc47c7febd8390581d2 (patch) | |
tree | 3139f051c97321ef0bf1cf577c0273fedbee8000 /queue-3.16 | |
parent | 49bc5dbc7bfde21147d2ba773d6fb29c496256e7 (diff) | |
download | linux-stable-queue-a44fe45dcd6971deacbd9fc47c7febd8390581d2.tar.gz |
Release 3.16.68
Diffstat (limited to 'queue-3.16')
87 files changed, 0 insertions, 11442 deletions
diff --git a/queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch b/queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch deleted file mode 100644 index c281209a..00000000 --- a/queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch +++ /dev/null @@ -1,142 +0,0 @@ -From: Josh Poimboeuf <jpoimboe@redhat.com> -Date: Fri, 12 Apr 2019 15:39:28 -0500 -Subject: cpu/speculation: Add 'mitigations=' cmdline option - -commit 98af8452945c55652de68536afdde3b520fec429 upstream. - -Keeping track of the number of mitigations for all the CPU speculation -bugs has become overwhelming for many users. It's getting more and more -complicated to decide which mitigations are needed for a given -architecture. Complicating matters is the fact that each arch tends to -have its own custom way to mitigate the same vulnerability. - -Most users fall into a few basic categories: - -a) they want all mitigations off; - -b) they want all reasonable mitigations on, with SMT enabled even if - it's vulnerable; or - -c) they want all reasonable mitigations on, with SMT disabled if - vulnerable. - -Define a set of curated, arch-independent options, each of which is an -aggregation of existing options: - -- mitigations=off: Disable all mitigations. - -- mitigations=auto: [default] Enable all the default mitigations, but - leave SMT enabled, even if it's vulnerable. - -- mitigations=auto,nosmt: Enable all the default mitigations, disabling - SMT if needed by a mitigation. - -Currently, these options are placeholders which don't actually do -anything. They will be fleshed out in upcoming patches. - -Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86) -Reviewed-by: Jiri Kosina <jkosina@suse.cz> -Cc: Borislav Petkov <bp@alien8.de> -Cc: "H . Peter Anvin" <hpa@zytor.com> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Jiri Kosina <jikos@kernel.org> -Cc: Waiman Long <longman@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> -Cc: Paul Mackerras <paulus@samba.org> -Cc: Michael Ellerman <mpe@ellerman.id.au> -Cc: linuxppc-dev@lists.ozlabs.org -Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> -Cc: Heiko Carstens <heiko.carstens@de.ibm.com> -Cc: linux-s390@vger.kernel.org -Cc: Catalin Marinas <catalin.marinas@arm.com> -Cc: Will Deacon <will.deacon@arm.com> -Cc: linux-arm-kernel@lists.infradead.org -Cc: linux-arch@vger.kernel.org -Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Cc: Tyler Hicks <tyhicks@canonical.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Randy Dunlap <rdunlap@infradead.org> -Cc: Steven Price <steven.price@arm.com> -Cc: Phil Auld <pauld@redhat.com> -Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com -[bwh: Backported to 3.16: - - Drop the auto,nosmt option which we can't support - - Adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -1906,6 +1906,25 @@ bytes respectively. Such letter suffixes - in the "bleeding edge" mini2440 support kernel at - http://repo.or.cz/w/linux-2.6/mini2440.git - -+ mitigations= -+ Control optional mitigations for CPU vulnerabilities. -+ This is a set of curated, arch-independent options, each -+ of which is an aggregation of existing arch-specific -+ options. -+ -+ off -+ Disable all optional CPU mitigations. This -+ improves system performance, but it may also -+ expose users to several CPU vulnerabilities. -+ -+ auto (default) -+ Mitigate all CPU vulnerabilities, but leave SMT -+ enabled, even if it's vulnerable. This is for -+ users who don't want to be surprised by SMT -+ getting disabled across kernel upgrades, or who -+ have other ways of avoiding SMT-based attacks. -+ This is the default behavior. -+ - mminit_loglevel= - [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this - parameter allows control of the logging verbosity for ---- a/include/linux/cpu.h -+++ b/include/linux/cpu.h -@@ -277,4 +277,21 @@ void arch_cpu_idle_enter(void); - void arch_cpu_idle_exit(void); - void arch_cpu_idle_dead(void); - -+/* -+ * These are used for a global "mitigations=" cmdline option for toggling -+ * optional CPU mitigations. -+ */ -+enum cpu_mitigations { -+ CPU_MITIGATIONS_OFF, -+ CPU_MITIGATIONS_AUTO, -+}; -+ -+extern enum cpu_mitigations cpu_mitigations; -+ -+/* mitigations=off */ -+static inline bool cpu_mitigations_off(void) -+{ -+ return cpu_mitigations == CPU_MITIGATIONS_OFF; -+} -+ - #endif /* _LINUX_CPU_H_ */ ---- a/kernel/cpu.c -+++ b/kernel/cpu.c -@@ -795,3 +795,16 @@ void init_cpu_online(const struct cpumas - { - cpumask_copy(to_cpumask(cpu_online_bits), src); - } -+ -+enum cpu_mitigations cpu_mitigations = CPU_MITIGATIONS_AUTO; -+ -+static int __init mitigations_parse_cmdline(char *arg) -+{ -+ if (!strcmp(arg, "off")) -+ cpu_mitigations = CPU_MITIGATIONS_OFF; -+ else if (!strcmp(arg, "auto")) -+ cpu_mitigations = CPU_MITIGATIONS_AUTO; -+ -+ return 0; -+} -+early_param("mitigations", mitigations_parse_cmdline); diff --git a/queue-3.16/documentation-add-mds-vulnerability-documentation.patch b/queue-3.16/documentation-add-mds-vulnerability-documentation.patch deleted file mode 100644 index b712c0d8..00000000 --- a/queue-3.16/documentation-add-mds-vulnerability-documentation.patch +++ /dev/null @@ -1,336 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Tue, 19 Feb 2019 00:02:31 +0100 -Subject: Documentation: Add MDS vulnerability documentation - -commit 5999bbe7a6ea3c62029532ec84dc06003a1fa258 upstream. - -Add the initial MDS vulnerability documentation. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Drop the index updates - - Adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- /dev/null -+++ b/Documentation/hw-vuln/mds.rst -@@ -0,0 +1,307 @@ -+MDS - Microarchitectural Data Sampling -+====================================== -+ -+Microarchitectural Data Sampling is a hardware vulnerability which allows -+unprivileged speculative access to data which is available in various CPU -+internal buffers. -+ -+Affected processors -+------------------- -+ -+This vulnerability affects a wide range of Intel processors. The -+vulnerability is not present on: -+ -+ - Processors from AMD, Centaur and other non Intel vendors -+ -+ - Older processor models, where the CPU family is < 6 -+ -+ - Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus) -+ -+ - Intel processors which have the ARCH_CAP_MDS_NO bit set in the -+ IA32_ARCH_CAPABILITIES MSR. -+ -+Whether a processor is affected or not can be read out from the MDS -+vulnerability file in sysfs. See :ref:`mds_sys_info`. -+ -+Not all processors are affected by all variants of MDS, but the mitigation -+is identical for all of them so the kernel treats them as a single -+vulnerability. -+ -+Related CVEs -+------------ -+ -+The following CVE entries are related to the MDS vulnerability: -+ -+ ============== ===== ============================================== -+ CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling -+ CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling -+ CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling -+ ============== ===== ============================================== -+ -+Problem -+------- -+ -+When performing store, load, L1 refill operations, processors write data -+into temporary microarchitectural structures (buffers). The data in the -+buffer can be forwarded to load operations as an optimization. -+ -+Under certain conditions, usually a fault/assist caused by a load -+operation, data unrelated to the load memory address can be speculatively -+forwarded from the buffers. Because the load operation causes a fault or -+assist and its result will be discarded, the forwarded data will not cause -+incorrect program execution or state changes. But a malicious operation -+may be able to forward this speculative data to a disclosure gadget which -+allows in turn to infer the value via a cache side channel attack. -+ -+Because the buffers are potentially shared between Hyper-Threads cross -+Hyper-Thread attacks are possible. -+ -+Deeper technical information is available in the MDS specific x86 -+architecture section: :ref:`Documentation/x86/mds.rst <mds>`. -+ -+ -+Attack scenarios -+---------------- -+ -+Attacks against the MDS vulnerabilities can be mounted from malicious non -+priviledged user space applications running on hosts or guest. Malicious -+guest OSes can obviously mount attacks as well. -+ -+Contrary to other speculation based vulnerabilities the MDS vulnerability -+does not allow the attacker to control the memory target address. As a -+consequence the attacks are purely sampling based, but as demonstrated with -+the TLBleed attack samples can be postprocessed successfully. -+ -+Web-Browsers -+^^^^^^^^^^^^ -+ -+ It's unclear whether attacks through Web-Browsers are possible at -+ all. The exploitation through Java-Script is considered very unlikely, -+ but other widely used web technologies like Webassembly could possibly be -+ abused. -+ -+ -+.. _mds_sys_info: -+ -+MDS system information -+----------------------- -+ -+The Linux kernel provides a sysfs interface to enumerate the current MDS -+status of the system: whether the system is vulnerable, and which -+mitigations are active. The relevant sysfs file is: -+ -+/sys/devices/system/cpu/vulnerabilities/mds -+ -+The possible values in this file are: -+ -+ ========================================= ================================= -+ 'Not affected' The processor is not vulnerable -+ -+ 'Vulnerable' The processor is vulnerable, -+ but no mitigation enabled -+ -+ 'Vulnerable: Clear CPU buffers attempted' The processor is vulnerable but -+ microcode is not updated. -+ The mitigation is enabled on a -+ best effort basis. -+ See :ref:`vmwerv` -+ -+ 'Mitigation: CPU buffer clear' The processor is vulnerable and the -+ CPU buffer clearing mitigation is -+ enabled. -+ ========================================= ================================= -+ -+If the processor is vulnerable then the following information is appended -+to the above information: -+ -+ ======================== ============================================ -+ 'SMT vulnerable' SMT is enabled -+ 'SMT mitigated' SMT is enabled and mitigated -+ 'SMT disabled' SMT is disabled -+ 'SMT Host state unknown' Kernel runs in a VM, Host SMT state unknown -+ ======================== ============================================ -+ -+.. _vmwerv: -+ -+Best effort mitigation mode -+^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+ -+ If the processor is vulnerable, but the availability of the microcode based -+ mitigation mechanism is not advertised via CPUID the kernel selects a best -+ effort mitigation mode. This mode invokes the mitigation instructions -+ without a guarantee that they clear the CPU buffers. -+ -+ This is done to address virtualization scenarios where the host has the -+ microcode update applied, but the hypervisor is not yet updated to expose -+ the CPUID to the guest. If the host has updated microcode the protection -+ takes effect otherwise a few cpu cycles are wasted pointlessly. -+ -+ The state in the mds sysfs file reflects this situation accordingly. -+ -+ -+Mitigation mechanism -+------------------------- -+ -+The kernel detects the affected CPUs and the presence of the microcode -+which is required. -+ -+If a CPU is affected and the microcode is available, then the kernel -+enables the mitigation by default. The mitigation can be controlled at boot -+time via a kernel command line option. See -+:ref:`mds_mitigation_control_command_line`. -+ -+.. _cpu_buffer_clear: -+ -+CPU buffer clearing -+^^^^^^^^^^^^^^^^^^^ -+ -+ The mitigation for MDS clears the affected CPU buffers on return to user -+ space and when entering a guest. -+ -+ If SMT is enabled it also clears the buffers on idle entry when the CPU -+ is only affected by MSBDS and not any other MDS variant, because the -+ other variants cannot be protected against cross Hyper-Thread attacks. -+ -+ For CPUs which are only affected by MSBDS the user space, guest and idle -+ transition mitigations are sufficient and SMT is not affected. -+ -+.. _virt_mechanism: -+ -+Virtualization mitigation -+^^^^^^^^^^^^^^^^^^^^^^^^^ -+ -+ The protection for host to guest transition depends on the L1TF -+ vulnerability of the CPU: -+ -+ - CPU is affected by L1TF: -+ -+ If the L1D flush mitigation is enabled and up to date microcode is -+ available, the L1D flush mitigation is automatically protecting the -+ guest transition. -+ -+ If the L1D flush mitigation is disabled then the MDS mitigation is -+ invoked explicit when the host MDS mitigation is enabled. -+ -+ For details on L1TF and virtualization see: -+ :ref:`Documentation/hw-vuln//l1tf.rst <mitigation_control_kvm>`. -+ -+ - CPU is not affected by L1TF: -+ -+ CPU buffers are flushed before entering the guest when the host MDS -+ mitigation is enabled. -+ -+ The resulting MDS protection matrix for the host to guest transition: -+ -+ ============ ===== ============= ============ ================= -+ L1TF MDS VMX-L1FLUSH Host MDS MDS-State -+ -+ Don't care No Don't care N/A Not affected -+ -+ Yes Yes Disabled Off Vulnerable -+ -+ Yes Yes Disabled Full Mitigated -+ -+ Yes Yes Enabled Don't care Mitigated -+ -+ No Yes N/A Off Vulnerable -+ -+ No Yes N/A Full Mitigated -+ ============ ===== ============= ============ ================= -+ -+ This only covers the host to guest transition, i.e. prevents leakage from -+ host to guest, but does not protect the guest internally. Guests need to -+ have their own protections. -+ -+.. _xeon_phi: -+ -+XEON PHI specific considerations -+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+ -+ The XEON PHI processor family is affected by MSBDS which can be exploited -+ cross Hyper-Threads when entering idle states. Some XEON PHI variants allow -+ to use MWAIT in user space (Ring 3) which opens an potential attack vector -+ for malicious user space. The exposure can be disabled on the kernel -+ command line with the 'ring3mwait=disable' command line option. -+ -+ XEON PHI is not affected by the other MDS variants and MSBDS is mitigated -+ before the CPU enters a idle state. As XEON PHI is not affected by L1TF -+ either disabling SMT is not required for full protection. -+ -+.. _mds_smt_control: -+ -+SMT control -+^^^^^^^^^^^ -+ -+ All MDS variants except MSBDS can be attacked cross Hyper-Threads. That -+ means on CPUs which are affected by MFBDS or MLPDS it is necessary to -+ disable SMT for full protection. These are most of the affected CPUs; the -+ exception is XEON PHI, see :ref:`xeon_phi`. -+ -+ Disabling SMT can have a significant performance impact, but the impact -+ depends on the type of workloads. -+ -+ See the relevant chapter in the L1TF mitigation documentation for details: -+ :ref:`Documentation/hw-vuln/l1tf.rst <smt_control>`. -+ -+ -+.. _mds_mitigation_control_command_line: -+ -+Mitigation control on the kernel command line -+--------------------------------------------- -+ -+The kernel command line allows to control the MDS mitigations at boot -+time with the option "mds=". The valid arguments for this option are: -+ -+ ============ ============================================================= -+ full If the CPU is vulnerable, enable all available mitigations -+ for the MDS vulnerability, CPU buffer clearing on exit to -+ userspace and when entering a VM. Idle transitions are -+ protected as well if SMT is enabled. -+ -+ It does not automatically disable SMT. -+ -+ off Disables MDS mitigations completely. -+ -+ ============ ============================================================= -+ -+Not specifying this option is equivalent to "mds=full". -+ -+ -+Mitigation selection guide -+-------------------------- -+ -+1. Trusted userspace -+^^^^^^^^^^^^^^^^^^^^ -+ -+ If all userspace applications are from a trusted source and do not -+ execute untrusted code which is supplied externally, then the mitigation -+ can be disabled. -+ -+ -+2. Virtualization with trusted guests -+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+ -+ The same considerations as above versus trusted user space apply. -+ -+3. Virtualization with untrusted guests -+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+ -+ The protection depends on the state of the L1TF mitigations. -+ See :ref:`virt_mechanism`. -+ -+ If the MDS mitigation is enabled and SMT is disabled, guest to host and -+ guest to guest attacks are prevented. -+ -+.. _mds_default_mitigations: -+ -+Default mitigations -+------------------- -+ -+ The kernel default mitigations for vulnerable processors are: -+ -+ - Enable CPU buffer clearing -+ -+ The kernel does not by default enforce the disabling of SMT, which leaves -+ SMT systems vulnerable when running untrusted code. The same rationale as -+ for L1TF applies. -+ See :ref:`Documentation/hw-vuln//l1tf.rst <default_mitigations>`. ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -1796,6 +1796,8 @@ bytes respectively. Such letter suffixes - Not specifying this option is equivalent to - mds=full. - -+ For details see: Documentation/hw-vuln/mds.rst -+ - mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory - Amount of memory to be used when the kernel is not able - to see the whole system memory or for test. diff --git a/queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch b/queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch deleted file mode 100644 index 54a20362..00000000 --- a/queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch +++ /dev/null @@ -1,60 +0,0 @@ -From: Tyler Hicks <tyhicks@canonical.com> -Date: Mon, 6 May 2019 23:52:58 +0000 -Subject: Documentation: Correct the possible MDS sysfs values - -commit ea01668f9f43021b28b3f4d5ffad50106a1e1301 upstream. - -Adjust the last two rows in the table that display possible values when -MDS mitigation is enabled. They both were slightly innacurate. - -In addition, convert the table of possible values and their descriptions -to a list-table. The simple table format uses the top border of equals -signs to determine cell width which resulted in the first column being -far too wide in comparison to the second column that contained the -majority of the text. - -Signed-off-by: Tyler Hicks <tyhicks@canonical.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -[bwh: Backported to 3.16: adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/hw-vuln/mds.rst | 29 ++++++++++------------- - 1 file changed, 13 insertions(+), 16 deletions(-) - ---- a/Documentation/hw-vuln/mds.rst -+++ b/Documentation/hw-vuln/mds.rst -@@ -95,22 +95,19 @@ mitigations are active. The relevant sys - - The possible values in this file are: - -- ========================================= ================================= -- 'Not affected' The processor is not vulnerable -+ .. list-table:: - -- 'Vulnerable' The processor is vulnerable, -- but no mitigation enabled -- -- 'Vulnerable: Clear CPU buffers attempted' The processor is vulnerable but -- microcode is not updated. -- The mitigation is enabled on a -- best effort basis. -- See :ref:`vmwerv` -- -- 'Mitigation: CPU buffer clear' The processor is vulnerable and the -- CPU buffer clearing mitigation is -- enabled. -- ========================================= ================================= -+ * - 'Not affected' -+ - The processor is not vulnerable -+ * - 'Vulnerable' -+ - The processor is vulnerable, but no mitigation enabled -+ * - 'Vulnerable: Clear CPU buffers attempted, no microcode' -+ - The processor is vulnerable but microcode is not updated. -+ -+ The mitigation is enabled on a best effort basis. See :ref:`vmwerv` -+ * - 'Mitigation: Clear CPU buffers' -+ - The processor is vulnerable and the CPU buffer clearing mitigation is -+ enabled. - - If the processor is vulnerable then the following information is appended - to the above information: diff --git a/queue-3.16/documentation-move-l1tf-to-separate-directory.patch b/queue-3.16/documentation-move-l1tf-to-separate-directory.patch deleted file mode 100644 index 3767fc14..00000000 --- a/queue-3.16/documentation-move-l1tf-to-separate-directory.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Tue, 19 Feb 2019 11:10:49 +0100 -Subject: Documentation: Move L1TF to separate directory - -commit 65fd4cb65b2dad97feb8330b6690445910b56d6a upstream. - -Move L!TF to a separate directory so the MDS stuff can be added at the -side. Otherwise the all hardware vulnerabilites have their own top level -entry. Should have done that right away. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: we never added the documentation, so just update - the log message] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -1128,7 +1128,7 @@ static void __init l1tf_select_mitigatio - pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n", - half_pa); - pr_info("However, doing so will make a part of your RAM unusable.\n"); -- pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html might help you decide.\n"); -+ pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html might help you decide.\n"); - return; - } - diff --git a/queue-3.16/jump-label-locking-static_keys-update-docs.patch b/queue-3.16/jump-label-locking-static_keys-update-docs.patch deleted file mode 100644 index 04ab2bd2..00000000 --- a/queue-3.16/jump-label-locking-static_keys-update-docs.patch +++ /dev/null @@ -1,304 +0,0 @@ -From: Jason Baron <jbaron@akamai.com> -Date: Thu, 30 Jul 2015 03:59:48 +0000 -Subject: jump label, locking/static_keys: Update docs - -commit 412758cb26704e5087ca2976ec3b28fb2bdbfad4 upstream. - -Signed-off-by: Jason Baron <jbaron@akamai.com> -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: benh@kernel.crashing.org -Cc: bp@alien8.de -Cc: davem@davemloft.net -Cc: ddaney@caviumnetworks.com -Cc: heiko.carstens@de.ibm.com -Cc: linux-kernel@vger.kernel.org -Cc: liuj97@gmail.com -Cc: luto@amacapital.net -Cc: michael@ellerman.id.au -Cc: rabin@rab.in -Cc: ralf@linux-mips.org -Cc: rostedt@goodmis.org -Cc: vbabka@suse.cz -Cc: will.deacon@arm.com -Link: http://lkml.kernel.org/r/6b50f2f6423a2244f37f4b1d2d6c211b9dcdf4f8.1438227999.git.jbaron@akamai.com -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/static-keys.txt | 99 ++++++++++++++++++----------------- - include/linux/jump_label.h | 67 ++++++++++++++++-------- - 2 files changed, 98 insertions(+), 68 deletions(-) - ---- a/Documentation/static-keys.txt -+++ b/Documentation/static-keys.txt -@@ -1,7 +1,22 @@ - Static Keys - ----------- - --By: Jason Baron <jbaron@redhat.com> -+DEPRECATED API: -+ -+The use of 'struct static_key' directly, is now DEPRECATED. In addition -+static_key_{true,false}() is also DEPRECATED. IE DO NOT use the following: -+ -+struct static_key false = STATIC_KEY_INIT_FALSE; -+struct static_key true = STATIC_KEY_INIT_TRUE; -+static_key_true() -+static_key_false() -+ -+The updated API replacements are: -+ -+DEFINE_STATIC_KEY_TRUE(key); -+DEFINE_STATIC_KEY_FALSE(key); -+static_key_likely() -+statick_key_unlikely() - - 0) Abstract - -@@ -9,22 +24,22 @@ Static keys allows the inclusion of seld - performance-sensitive fast-path kernel code, via a GCC feature and a code - patching technique. A quick example: - -- struct static_key key = STATIC_KEY_INIT_FALSE; -+ DEFINE_STATIC_KEY_FALSE(key); - - ... - -- if (static_key_false(&key)) -+ if (static_branch_unlikely(&key)) - do unlikely code - else - do likely code - - ... -- static_key_slow_inc(); -+ static_branch_enable(&key); - ... -- static_key_slow_inc(); -+ static_branch_disable(&key); - ... - --The static_key_false() branch will be generated into the code with as little -+The static_branch_unlikely() branch will be generated into the code with as little - impact to the likely code path as possible. - - -@@ -56,7 +71,7 @@ the branch site to change the branch dir - - For example, if we have a simple branch that is disabled by default: - -- if (static_key_false(&key)) -+ if (static_branch_unlikely(&key)) - printk("I am the true branch\n"); - - Thus, by default the 'printk' will not be emitted. And the code generated will -@@ -75,68 +90,55 @@ the basis for the static keys facility. - - In order to make use of this optimization you must first define a key: - -- struct static_key key; -- --Which is initialized as: -- -- struct static_key key = STATIC_KEY_INIT_TRUE; -+ DEFINE_STATIC_KEY_TRUE(key); - - or: - -- struct static_key key = STATIC_KEY_INIT_FALSE; -+ DEFINE_STATIC_KEY_FALSE(key); -+ - --If the key is not initialized, it is default false. The 'struct static_key', --must be a 'global'. That is, it can't be allocated on the stack or dynamically -+The key must be global, that is, it can't be allocated on the stack or dynamically - allocated at run-time. - - The key is then used in code as: - -- if (static_key_false(&key)) -+ if (static_branch_unlikely(&key)) - do unlikely code - else - do likely code - - Or: - -- if (static_key_true(&key)) -+ if (static_branch_likely(&key)) - do likely code - else - do unlikely code - --A key that is initialized via 'STATIC_KEY_INIT_FALSE', must be used in a --'static_key_false()' construct. Likewise, a key initialized via --'STATIC_KEY_INIT_TRUE' must be used in a 'static_key_true()' construct. A --single key can be used in many branches, but all the branches must match the --way that the key has been initialized. -+Keys defined via DEFINE_STATIC_KEY_TRUE(), or DEFINE_STATIC_KEY_FALSE, may -+be used in either static_branch_likely() or static_branch_unlikely() -+statemnts. - --The branch(es) can then be switched via: -+Branch(es) can be set true via: - -- static_key_slow_inc(&key); -+static_branch_enable(&key); -+ -+or false via: -+ -+static_branch_disable(&key); -+ -+The branch(es) can then be switched via reference counts: -+ -+ static_branch_inc(&key); - ... -- static_key_slow_dec(&key); -+ static_branch_dec(&key); - --Thus, 'static_key_slow_inc()' means 'make the branch true', and --'static_key_slow_dec()' means 'make the branch false' with appropriate -+Thus, 'static_branch_inc()' means 'make the branch true', and -+'static_branch_dec()' means 'make the branch false' with appropriate - reference counting. For example, if the key is initialized true, a --static_key_slow_dec(), will switch the branch to false. And a subsequent --static_key_slow_inc(), will change the branch back to true. Likewise, if the --key is initialized false, a 'static_key_slow_inc()', will change the branch to --true. And then a 'static_key_slow_dec()', will again make the branch false. -- --An example usage in the kernel is the implementation of tracepoints: -- -- static inline void trace_##name(proto) \ -- { \ -- if (static_key_false(&__tracepoint_##name.key)) \ -- __DO_TRACE(&__tracepoint_##name, \ -- TP_PROTO(data_proto), \ -- TP_ARGS(data_args), \ -- TP_CONDITION(cond)); \ -- } -- --Tracepoints are disabled by default, and can be placed in performance critical --pieces of the kernel. Thus, by using a static key, the tracepoints can have --absolutely minimal impact when not in use. -+static_branch_dec(), will switch the branch to false. And a subsequent -+static_branch_inc(), will change the branch back to true. Likewise, if the -+key is initialized false, a 'static_branch_inc()', will change the branch to -+true. And then a 'static_branch_dec()', will again make the branch false. - - - 4) Architecture level code patching interface, 'jump labels' -@@ -150,9 +152,12 @@ simply fall back to a traditional, load, - - * #define JUMP_LABEL_NOP_SIZE, see: arch/x86/include/asm/jump_label.h - --* __always_inline bool arch_static_branch(struct static_key *key), see: -+* __always_inline bool arch_static_branch(struct static_key *key, bool branch), see: - arch/x86/include/asm/jump_label.h - -+* __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch), -+ see: arch/x86/include/asm/jump_label.h -+ - * void arch_jump_label_transform(struct jump_entry *entry, enum jump_label_type type), - see: arch/x86/kernel/jump_label.c - -@@ -173,7 +178,7 @@ SYSCALL_DEFINE0(getppid) - { - int pid; - --+ if (static_key_false(&key)) -++ if (static_branch_unlikely(&key)) - + printk("I am the true branch\n"); - - rcu_read_lock(); ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -7,17 +7,52 @@ - * Copyright (C) 2009-2012 Jason Baron <jbaron@redhat.com> - * Copyright (C) 2011-2012 Peter Zijlstra <pzijlstr@redhat.com> - * -+ * DEPRECATED API: -+ * -+ * The use of 'struct static_key' directly, is now DEPRECATED. In addition -+ * static_key_{true,false}() is also DEPRECATED. IE DO NOT use the following: -+ * -+ * struct static_key false = STATIC_KEY_INIT_FALSE; -+ * struct static_key true = STATIC_KEY_INIT_TRUE; -+ * static_key_true() -+ * static_key_false() -+ * -+ * The updated API replacements are: -+ * -+ * DEFINE_STATIC_KEY_TRUE(key); -+ * DEFINE_STATIC_KEY_FALSE(key); -+ * static_key_likely() -+ * statick_key_unlikely() -+ * - * Jump labels provide an interface to generate dynamic branches using -- * self-modifying code. Assuming toolchain and architecture support, the result -- * of a "if (static_key_false(&key))" statement is an unconditional branch (which -- * defaults to false - and the true block is placed out of line). -- * -- * However at runtime we can change the branch target using -- * static_key_slow_{inc,dec}(). These function as a 'reference' count on the key -- * object, and for as long as there are references all branches referring to -- * that particular key will point to the (out of line) true block. -+ * self-modifying code. Assuming toolchain and architecture support, if we -+ * define a "key" that is initially false via "DEFINE_STATIC_KEY_FALSE(key)", -+ * an "if (static_branch_unlikely(&key))" statement is an unconditional branch -+ * (which defaults to false - and the true block is placed out of line). -+ * Similarly, we can define an initially true key via -+ * "DEFINE_STATIC_KEY_TRUE(key)", and use it in the same -+ * "if (static_branch_unlikely(&key))", in which case we will generate an -+ * unconditional branch to the out-of-line true branch. Keys that are -+ * initially true or false can be using in both static_branch_unlikely() -+ * and static_branch_likely() statements. -+ * -+ * At runtime we can change the branch target by setting the key -+ * to true via a call to static_branch_enable(), or false using -+ * static_branch_disable(). If the direction of the branch is switched by -+ * these calls then we run-time modify the branch target via a -+ * no-op -> jump or jump -> no-op conversion. For example, for an -+ * initially false key that is used in an "if (static_branch_unlikely(&key))" -+ * statement, setting the key to true requires us to patch in a jump -+ * to the out-of-line of true branch. -+ * -+ * In addtion to static_branch_{enable,disable}, we can also reference count -+ * the key or branch direction via static_branch_{inc,dec}. Thus, -+ * static_branch_inc() can be thought of as a 'make more true' and -+ * static_branch_dec() as a 'make more false'. The inc()/dec() -+ * interface is meant to be used exclusively from the inc()/dec() for a given -+ * key. - * -- * Since this relies on modifying code, the static_key_slow_{inc,dec}() functions -+ * Since this relies on modifying code, the branch modifying functions - * must be considered absolute slow paths (machine wide synchronization etc.). - * OTOH, since the affected branches are unconditional, their runtime overhead - * will be absolutely minimal, esp. in the default (off) case where the total -@@ -29,20 +64,10 @@ - * cause significant performance degradation. Struct static_key_deferred and - * static_key_slow_dec_deferred() provide for this. - * -- * Lacking toolchain and or architecture support, jump labels fall back to a simple -- * conditional branch. -- * -- * struct static_key my_key = STATIC_KEY_INIT_TRUE; -- * -- * if (static_key_true(&my_key)) { -- * } -- * -- * will result in the true case being in-line and starts the key with a single -- * reference. Mixing static_key_true() and static_key_false() on the same key is not -- * allowed. -+ * Lacking toolchain and or architecture support, static keys fall back to a -+ * simple conditional branch. - * -- * Not initializing the key (static data is initialized to 0s anyway) is the -- * same as using STATIC_KEY_INIT_FALSE. -+ * Additional babbling in: Documentation/static-keys.txt - */ - - #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL) diff --git a/queue-3.16/jump_label-add-jump_entry_key-helper.patch b/queue-3.16/jump_label-add-jump_entry_key-helper.patch deleted file mode 100644 index eb4fb94b..00000000 --- a/queue-3.16/jump_label-add-jump_entry_key-helper.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Fri, 24 Jul 2015 15:02:27 +0200 -Subject: jump_label: Add jump_entry_key() helper - -commit 7dcfd915bae51571bcc339d8e3dda027287880e5 upstream. - -Avoid some casting with a helper, also prepares the way for -overloading the LSB of jump_entry::key. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - kernel/jump_label.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -195,6 +195,11 @@ static inline struct jump_entry *static_ - return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK); - } - -+static inline struct static_key *jump_entry_key(struct jump_entry *entry) -+{ -+ return (struct static_key *)((unsigned long)entry->key); -+} -+ - static enum jump_label_type jump_label_type(struct static_key *key) - { - bool enabled = static_key_enabled(key); -@@ -216,7 +221,7 @@ void __init jump_label_init(void) - for (iter = iter_start; iter < iter_stop; iter++) { - struct static_key *iterk; - -- iterk = (struct static_key *)(unsigned long)iter->key; -+ iterk = jump_entry_key(iter); - arch_jump_label_transform_static(iter, jump_label_type(iterk)); - if (iterk == key) - continue; -@@ -311,7 +316,7 @@ static int jump_label_add_module(struct - for (iter = iter_start; iter < iter_stop; iter++) { - struct static_key *iterk; - -- iterk = (struct static_key *)(unsigned long)iter->key; -+ iterk = jump_entry_key(iter); - if (iterk == key) - continue; - -@@ -348,10 +353,10 @@ static void jump_label_del_module(struct - struct static_key_mod *jlm, **prev; - - for (iter = iter_start; iter < iter_stop; iter++) { -- if (iter->key == (jump_label_t)(unsigned long)key) -+ if (jump_entry_key(iter) == key) - continue; - -- key = (struct static_key *)(unsigned long)iter->key; -+ key = jump_entry_key(iter); - - if (within_module(iter->key, mod)) - continue; diff --git a/queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch b/queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch deleted file mode 100644 index ada85317..00000000 --- a/queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch +++ /dev/null @@ -1,206 +0,0 @@ -From: Anton Blanchard <anton@samba.org> -Date: Thu, 9 Apr 2015 13:51:30 +1000 -Subject: jump_label: Allow asm/jump_label.h to be included in assembly - -commit 55dd0df781e58ec23d218376ea4a676e7362a98c upstream. - -Wrap asm/jump_label.h for all archs with #ifndef __ASSEMBLY__. -Since these are kernel only headers, we don't need #ifdef -__KERNEL__ so can simplify things a bit. - -If an architecture wants to use jump labels in assembly, it -will still need to define a macro to create the __jump_table -entries (see ARCH_STATIC_BRANCH in the powerpc asm/jump_label.h -for an example). - -Signed-off-by: Anton Blanchard <anton@samba.org> -Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: benh@kernel.crashing.org -Cc: catalin.marinas@arm.com -Cc: davem@davemloft.net -Cc: heiko.carstens@de.ibm.com -Cc: jbaron@akamai.com -Cc: linux@arm.linux.org.uk -Cc: linuxppc-dev@lists.ozlabs.org -Cc: liuj97@gmail.com -Cc: mgorman@suse.de -Cc: mmarek@suse.cz -Cc: mpe@ellerman.id.au -Cc: paulus@samba.org -Cc: ralf@linux-mips.org -Cc: rostedt@goodmis.org -Cc: schwidefsky@de.ibm.com -Cc: will.deacon@arm.com -Link: http://lkml.kernel.org/r/1428551492-21977-1-git-send-email-anton@samba.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/arm/include/asm/jump_label.h | 5 ++--- - arch/arm64/include/asm/jump_label.h | 8 ++++---- - arch/mips/include/asm/jump_label.h | 7 +++---- - arch/s390/include/asm/jump_label.h | 3 +++ - arch/sparc/include/asm/jump_label.h | 5 ++--- - arch/x86/include/asm/jump_label.h | 5 ++--- - 6 files changed, 16 insertions(+), 17 deletions(-) - ---- a/arch/arm/include/asm/jump_label.h -+++ b/arch/arm/include/asm/jump_label.h -@@ -1,7 +1,7 @@ - #ifndef _ASM_ARM_JUMP_LABEL_H - #define _ASM_ARM_JUMP_LABEL_H - --#ifdef __KERNEL__ -+#ifndef __ASSEMBLY__ - - #include <linux/types.h> - -@@ -27,8 +27,6 @@ l_yes: - return true; - } - --#endif /* __KERNEL__ */ -- - typedef u32 jump_label_t; - - struct jump_entry { -@@ -37,4 +35,5 @@ struct jump_entry { - jump_label_t key; - }; - -+#endif /* __ASSEMBLY__ */ - #endif ---- a/arch/arm64/include/asm/jump_label.h -+++ b/arch/arm64/include/asm/jump_label.h -@@ -18,11 +18,12 @@ - */ - #ifndef __ASM_JUMP_LABEL_H - #define __ASM_JUMP_LABEL_H -+ -+#ifndef __ASSEMBLY__ -+ - #include <linux/types.h> - #include <asm/insn.h> - --#ifdef __KERNEL__ -- - #define JUMP_LABEL_NOP_SIZE AARCH64_INSN_SIZE - - static __always_inline bool arch_static_branch(struct static_key *key) -@@ -39,8 +40,6 @@ l_yes: - return true; - } - --#endif /* __KERNEL__ */ -- - typedef u64 jump_label_t; - - struct jump_entry { -@@ -49,4 +48,5 @@ struct jump_entry { - jump_label_t key; - }; - -+#endif /* __ASSEMBLY__ */ - #endif /* __ASM_JUMP_LABEL_H */ ---- a/arch/mips/include/asm/jump_label.h -+++ b/arch/mips/include/asm/jump_label.h -@@ -8,9 +8,9 @@ - #ifndef _ASM_MIPS_JUMP_LABEL_H - #define _ASM_MIPS_JUMP_LABEL_H - --#include <linux/types.h> -+#ifndef __ASSEMBLY__ - --#ifdef __KERNEL__ -+#include <linux/types.h> - - #define JUMP_LABEL_NOP_SIZE 4 - -@@ -39,8 +39,6 @@ l_yes: - return true; - } - --#endif /* __KERNEL__ */ -- - #ifdef CONFIG_64BIT - typedef u64 jump_label_t; - #else -@@ -53,4 +51,5 @@ struct jump_entry { - jump_label_t key; - }; - -+#endif /* __ASSEMBLY__ */ - #endif /* _ASM_MIPS_JUMP_LABEL_H */ ---- a/arch/s390/include/asm/jump_label.h -+++ b/arch/s390/include/asm/jump_label.h -@@ -1,6 +1,8 @@ - #ifndef _ASM_S390_JUMP_LABEL_H - #define _ASM_S390_JUMP_LABEL_H - -+#ifndef __ASSEMBLY__ -+ - #include <linux/types.h> - - #define JUMP_LABEL_NOP_SIZE 6 -@@ -39,4 +41,5 @@ struct jump_entry { - jump_label_t key; - }; - -+#endif /* __ASSEMBLY__ */ - #endif ---- a/arch/sparc/include/asm/jump_label.h -+++ b/arch/sparc/include/asm/jump_label.h -@@ -1,7 +1,7 @@ - #ifndef _ASM_SPARC_JUMP_LABEL_H - #define _ASM_SPARC_JUMP_LABEL_H - --#ifdef __KERNEL__ -+#ifndef __ASSEMBLY__ - - #include <linux/types.h> - -@@ -22,8 +22,6 @@ l_yes: - return true; - } - --#endif /* __KERNEL__ */ -- - typedef u32 jump_label_t; - - struct jump_entry { -@@ -32,4 +30,5 @@ struct jump_entry { - jump_label_t key; - }; - -+#endif /* __ASSEMBLY__ */ - #endif ---- a/arch/x86/include/asm/jump_label.h -+++ b/arch/x86/include/asm/jump_label.h -@@ -1,7 +1,7 @@ - #ifndef _ASM_X86_JUMP_LABEL_H - #define _ASM_X86_JUMP_LABEL_H - --#ifdef __KERNEL__ -+#ifndef __ASSEMBLY__ - - #include <linux/stringify.h> - #include <linux/types.h> -@@ -30,8 +30,6 @@ l_yes: - return true; - } - --#endif /* __KERNEL__ */ -- - #ifdef CONFIG_X86_64 - typedef u64 jump_label_t; - #else -@@ -44,4 +42,5 @@ struct jump_entry { - jump_label_t key; - }; - -+#endif /* __ASSEMBLY__ */ - #endif diff --git a/queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch b/queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch deleted file mode 100644 index 91140fa4..00000000 --- a/queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch +++ /dev/null @@ -1,106 +0,0 @@ -From: Anton Blanchard <anton@samba.org> -Date: Thu, 9 Apr 2015 13:51:31 +1000 -Subject: jump_label: Allow jump labels to be used in assembly - -commit c0ccf6f99e3a43b87980c9df7da48427885206d0 upstream. - -To use jump labels in assembly we need the HAVE_JUMP_LABEL -define, so we select a fallback version if the toolchain does -not support them. - -Modify linux/jump_label.h so it can be included by assembly -files. We also need to add -DCC_HAVE_ASM_GOTO to KBUILD_AFLAGS. - -Signed-off-by: Anton Blanchard <anton@samba.org> -Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: benh@kernel.crashing.org -Cc: catalin.marinas@arm.com -Cc: davem@davemloft.net -Cc: heiko.carstens@de.ibm.com -Cc: jbaron@akamai.com -Cc: linux@arm.linux.org.uk -Cc: linuxppc-dev@lists.ozlabs.org -Cc: liuj97@gmail.com -Cc: mgorman@suse.de -Cc: mmarek@suse.cz -Cc: mpe@ellerman.id.au -Cc: paulus@samba.org -Cc: ralf@linux-mips.org -Cc: rostedt@goodmis.org -Cc: schwidefsky@de.ibm.com -Cc: will.deacon@arm.com -Link: http://lkml.kernel.org/r/1428551492-21977-2-git-send-email-anton@samba.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Makefile | 1 + - include/linux/jump_label.h | 21 +++++++++++++++++---- - 2 files changed, 18 insertions(+), 4 deletions(-) - ---- a/Makefile -+++ b/Makefile -@@ -761,6 +761,7 @@ KBUILD_ARFLAGS := $(call ar-option,D) - # check for 'asm goto' - ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC)), y) - KBUILD_CFLAGS += -DCC_HAVE_ASM_GOTO -+ KBUILD_AFLAGS += -DCC_HAVE_ASM_GOTO - endif - - include $(srctree)/scripts/Makefile.extrawarn ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -45,6 +45,12 @@ - * same as using STATIC_KEY_INIT_FALSE. - */ - -+#if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL) -+# define HAVE_JUMP_LABEL -+#endif -+ -+#ifndef __ASSEMBLY__ -+ - #include <linux/types.h> - #include <linux/compiler.h> - #include <linux/bug.h> -@@ -55,7 +61,7 @@ extern bool static_key_initialized; - "%s used before call to jump_label_init", \ - __func__) - --#if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL) -+#ifdef HAVE_JUMP_LABEL - - struct static_key { - atomic_t enabled; -@@ -66,13 +72,18 @@ struct static_key { - #endif - }; - --# include <asm/jump_label.h> --# define HAVE_JUMP_LABEL - #else - struct static_key { - atomic_t enabled; - }; --#endif /* CC_HAVE_ASM_GOTO && CONFIG_JUMP_LABEL */ -+#endif /* HAVE_JUMP_LABEL */ -+#endif /* __ASSEMBLY__ */ -+ -+#ifdef HAVE_JUMP_LABEL -+#include <asm/jump_label.h> -+#endif -+ -+#ifndef __ASSEMBLY__ - - enum jump_label_type { - JUMP_LABEL_DISABLE = 0, -@@ -223,3 +234,5 @@ static inline void static_key_disable(st - } - - #endif /* _LINUX_JUMP_LABEL_H */ -+ -+#endif /* __ASSEMBLY__ */ diff --git a/queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch b/queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch deleted file mode 100644 index 5ef7a245..00000000 --- a/queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Ingo Molnar <mingo@kernel.org> -Date: Sun, 10 Aug 2014 08:53:39 +0200 -Subject: jump_label: Fix small typos in the documentation - -commit fd3cbdc0d1b5254a2e8793df58c409b469899a3f upstream. - -Was reading through the documentation of this code and noticed -a few typos, missing commas, etc. - -Cc: Jason Baron <jbaron@akamai.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Steven Rostedt <rostedt@goodmis.org> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Mel Gorman <mgorman@suse.de> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - include/linux/jump_label.h | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -8,28 +8,28 @@ - * Copyright (C) 2011-2012 Peter Zijlstra <pzijlstr@redhat.com> - * - * Jump labels provide an interface to generate dynamic branches using -- * self-modifying code. Assuming toolchain and architecture support the result -- * of a "if (static_key_false(&key))" statement is a unconditional branch (which -+ * self-modifying code. Assuming toolchain and architecture support, the result -+ * of a "if (static_key_false(&key))" statement is an unconditional branch (which - * defaults to false - and the true block is placed out of line). - * - * However at runtime we can change the branch target using - * static_key_slow_{inc,dec}(). These function as a 'reference' count on the key -- * object and for as long as there are references all branches referring to -+ * object, and for as long as there are references all branches referring to - * that particular key will point to the (out of line) true block. - * -- * Since this relies on modifying code the static_key_slow_{inc,dec}() functions -+ * Since this relies on modifying code, the static_key_slow_{inc,dec}() functions - * must be considered absolute slow paths (machine wide synchronization etc.). -- * OTOH, since the affected branches are unconditional their runtime overhead -+ * OTOH, since the affected branches are unconditional, their runtime overhead - * will be absolutely minimal, esp. in the default (off) case where the total - * effect is a single NOP of appropriate size. The on case will patch in a jump - * to the out-of-line block. - * -- * When the control is directly exposed to userspace it is prudent to delay the -+ * When the control is directly exposed to userspace, it is prudent to delay the - * decrement to avoid high frequency code modifications which can (and do) - * cause significant performance degradation. Struct static_key_deferred and - * static_key_slow_dec_deferred() provide for this. - * -- * Lacking toolchain and or architecture support, it falls back to a simple -+ * Lacking toolchain and or architecture support, jump labels fall back to a simple - * conditional branch. - * - * struct static_key my_key = STATIC_KEY_INIT_TRUE; -@@ -43,8 +43,7 @@ - * - * Not initializing the key (static data is initialized to 0s anyway) is the - * same as using STATIC_KEY_INIT_FALSE. -- * --*/ -+ */ - - #include <linux/types.h> - #include <linux/compiler.h> diff --git a/queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch b/queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch deleted file mode 100644 index c8f84de9..00000000 --- a/queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch +++ /dev/null @@ -1,140 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Fri, 24 Jul 2015 14:55:40 +0200 -Subject: jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related - helpers to the static_key* pattern - -commit a1efb01feca597b2abbc89873b40ef8ec6690168 upstream. - -Rename the JUMP_LABEL_TYPE_* macros to be JUMP_TYPE_* and move the -inline helpers into kernel/jump_label.c, since that's the only place -they're ever used. - -Also rename the helpers where it's all about static keys. - -This is the second step in removing the naming confusion that has led to -a stream of avoidable bugs such as: - - a833581e372a ("x86, perf: Fix static_key bug in load_mm_cr4()") - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - include/linux/jump_label.h | 25 +++++-------------------- - kernel/jump_label.c | 25 ++++++++++++++++--------- - 2 files changed, 21 insertions(+), 29 deletions(-) - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -101,24 +101,9 @@ static inline int static_key_count(struc - - #ifdef HAVE_JUMP_LABEL - --#define JUMP_LABEL_TYPE_FALSE_BRANCH 0UL --#define JUMP_LABEL_TYPE_TRUE_BRANCH 1UL --#define JUMP_LABEL_TYPE_MASK 1UL -- --static --inline struct jump_entry *jump_label_get_entries(struct static_key *key) --{ -- return (struct jump_entry *)((unsigned long)key->entries -- & ~JUMP_LABEL_TYPE_MASK); --} -- --static inline bool jump_label_get_branch_default(struct static_key *key) --{ -- if (((unsigned long)key->entries & JUMP_LABEL_TYPE_MASK) == -- JUMP_LABEL_TYPE_TRUE_BRANCH) -- return true; -- return false; --} -+#define JUMP_TYPE_FALSE 0UL -+#define JUMP_TYPE_TRUE 1UL -+#define JUMP_TYPE_MASK 1UL - - static __always_inline bool static_key_false(struct static_key *key) - { -@@ -147,10 +132,10 @@ extern void jump_label_apply_nops(struct - - #define STATIC_KEY_INIT_TRUE ((struct static_key) \ - { .enabled = ATOMIC_INIT(1), \ -- .entries = (void *)JUMP_LABEL_TYPE_TRUE_BRANCH }) -+ .entries = (void *)JUMP_TYPE_TRUE }) - #define STATIC_KEY_INIT_FALSE ((struct static_key) \ - { .enabled = ATOMIC_INIT(0), \ -- .entries = (void *)JUMP_LABEL_TYPE_FALSE_BRANCH }) -+ .entries = (void *)JUMP_TYPE_FALSE }) - - #else /* !HAVE_JUMP_LABEL */ - ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -56,6 +56,11 @@ jump_label_sort_entries(struct jump_entr - - static void jump_label_update(struct static_key *key, int enable); - -+static inline bool static_key_type(struct static_key *key) -+{ -+ return (unsigned long)key->entries & JUMP_TYPE_MASK; -+} -+ - void static_key_slow_inc(struct static_key *key) - { - STATIC_KEY_CHECK_USE(); -@@ -64,7 +69,7 @@ void static_key_slow_inc(struct static_k - - jump_label_lock(); - if (atomic_read(&key->enabled) == 0) { -- if (!jump_label_get_branch_default(key)) -+ if (!static_key_type(key)) - jump_label_update(key, JUMP_LABEL_JMP); - else - jump_label_update(key, JUMP_LABEL_NOP); -@@ -87,7 +92,7 @@ static void __static_key_slow_dec(struct - atomic_inc(&key->enabled); - schedule_delayed_work(work, rate_limit); - } else { -- if (!jump_label_get_branch_default(key)) -+ if (!static_key_type(key)) - jump_label_update(key, JUMP_LABEL_NOP); - else - jump_label_update(key, JUMP_LABEL_JMP); -@@ -185,15 +190,17 @@ static void __jump_label_update(struct s - } - } - --static enum jump_label_type jump_label_type(struct static_key *key) -+static inline struct jump_entry *static_key_entries(struct static_key *key) - { -- bool true_branch = jump_label_get_branch_default(key); -- bool state = static_key_enabled(key); -+ return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK); -+} - -- if ((!true_branch && state) || (true_branch && !state)) -- return JUMP_LABEL_JMP; -+static enum jump_label_type jump_label_type(struct static_key *key) -+{ -+ bool enabled = static_key_enabled(key); -+ bool type = static_key_type(key); - -- return JUMP_LABEL_NOP; -+ return enabled ^ type; - } - - void __init jump_label_init(void) -@@ -449,7 +456,7 @@ int jump_label_text_reserved(void *start - static void jump_label_update(struct static_key *key, int enable) - { - struct jump_entry *stop = __stop___jump_table; -- struct jump_entry *entry = jump_label_get_entries(key); -+ struct jump_entry *entry = static_key_entries(key); - #ifdef CONFIG_MODULES - struct module *mod; - diff --git a/queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch b/queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch deleted file mode 100644 index c4e0f042..00000000 --- a/queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Tejun Heo <tj@kernel.org> -Date: Fri, 18 Sep 2015 11:56:28 -0400 -Subject: jump_label: make static_key_enabled() work on static_key_true/false - types too - -commit fa128fd735bd236b6b04d3fedfed7a784137c185 upstream. - -static_key_enabled() can be used on struct static_key but not on its -wrapper types static_key_true and static_key_false. The function is -useful for debugging and management of static keys. Update it so that -it can be used for the wrapper types too. - -Signed-off-by: Tejun Heo <tj@kernel.org> -Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - include/linux/jump_label.h | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -214,11 +214,6 @@ static inline int jump_label_apply_nops( - #define STATIC_KEY_INIT STATIC_KEY_INIT_FALSE - #define jump_label_enabled static_key_enabled - --static inline bool static_key_enabled(struct static_key *key) --{ -- return static_key_count(key) > 0; --} -- - static inline void static_key_enable(struct static_key *key) - { - int count = static_key_count(key); -@@ -265,6 +260,17 @@ struct static_key_false { - #define DEFINE_STATIC_KEY_FALSE(name) \ - struct static_key_false name = STATIC_KEY_FALSE_INIT - -+extern bool ____wrong_branch_error(void); -+ -+#define static_key_enabled(x) \ -+({ \ -+ if (!__builtin_types_compatible_p(typeof(*x), struct static_key) && \ -+ !__builtin_types_compatible_p(typeof(*x), struct static_key_true) &&\ -+ !__builtin_types_compatible_p(typeof(*x), struct static_key_false)) \ -+ ____wrong_branch_error(); \ -+ static_key_count((struct static_key *)x) > 0; \ -+}) -+ - #ifdef HAVE_JUMP_LABEL - - /* -@@ -323,8 +329,6 @@ struct static_key_false { - * See jump_label_type() / jump_label_init_type(). - */ - --extern bool ____wrong_branch_error(void); -- - #define static_branch_likely(x) \ - ({ \ - bool branch; \ diff --git a/queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch b/queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch deleted file mode 100644 index 851fe881..00000000 --- a/queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch +++ /dev/null @@ -1,190 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Fri, 24 Jul 2015 14:45:44 +0200 -Subject: jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} - -commit 76b235c6bcb16062d663e2ee96db0b69f2e6bc14 upstream. - -Since we've already stepped away from ENABLE is a JMP and DISABLE is a -NOP with the branch_default bits, and are going to make it even worse, -rename it to make it all clearer. - -This way we don't mix multiple levels of logic attributes, but have a -plain 'physical' name for what the current instruction patching status -of a jump label is. - -This is a first step in removing the naming confusion that has led to -a stream of avoidable bugs such as: - - a833581e372a ("x86, perf: Fix static_key bug in load_mm_cr4()") - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: linux-kernel@vger.kernel.org -[ Beefed up the changelog. ] -Signed-off-by: Ingo Molnar <mingo@kernel.org> -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/arm/kernel/jump_label.c | 2 +- - arch/arm64/kernel/jump_label.c | 2 +- - arch/mips/kernel/jump_label.c | 2 +- - arch/powerpc/kernel/jump_label.c | 2 +- - arch/s390/kernel/jump_label.c | 2 +- - arch/sparc/kernel/jump_label.c | 2 +- - arch/x86/kernel/jump_label.c | 2 +- - include/linux/jump_label.h | 4 ++-- - kernel/jump_label.c | 18 +++++++++--------- - 9 files changed, 18 insertions(+), 18 deletions(-) - ---- a/arch/arm/kernel/jump_label.c -+++ b/arch/arm/kernel/jump_label.c -@@ -13,7 +13,7 @@ static void __arch_jump_label_transform( - void *addr = (void *)entry->code; - unsigned int insn; - -- if (type == JUMP_LABEL_ENABLE) -+ if (type == JUMP_LABEL_JMP) - insn = arm_gen_branch(entry->code, entry->target); - else - insn = arm_gen_nop(); ---- a/arch/arm64/kernel/jump_label.c -+++ b/arch/arm64/kernel/jump_label.c -@@ -29,7 +29,7 @@ static void __arch_jump_label_transform( - void *addr = (void *)entry->code; - u32 insn; - -- if (type == JUMP_LABEL_ENABLE) { -+ if (type == JUMP_LABEL_JMP) { - insn = aarch64_insn_gen_branch_imm(entry->code, - entry->target, - AARCH64_INSN_BRANCH_NOLINK); ---- a/arch/mips/kernel/jump_label.c -+++ b/arch/mips/kernel/jump_label.c -@@ -51,7 +51,7 @@ void arch_jump_label_transform(struct ju - /* Target must have the right alignment and ISA must be preserved. */ - BUG_ON((e->target & J_ALIGN_MASK) != J_ISA_BIT); - -- if (type == JUMP_LABEL_ENABLE) { -+ if (type == JUMP_LABEL_JMP) { - insn.j_format.opcode = J_ISA_BIT ? mm_j32_op : j_op; - insn.j_format.target = e->target >> J_RANGE_SHIFT; - } else { ---- a/arch/powerpc/kernel/jump_label.c -+++ b/arch/powerpc/kernel/jump_label.c -@@ -17,7 +17,7 @@ void arch_jump_label_transform(struct ju - { - u32 *addr = (u32 *)(unsigned long)entry->code; - -- if (type == JUMP_LABEL_ENABLE) -+ if (type == JUMP_LABEL_JMP) - patch_branch(addr, entry->target, 0); - else - patch_instruction(addr, PPC_INST_NOP); ---- a/arch/s390/kernel/jump_label.c -+++ b/arch/s390/kernel/jump_label.c -@@ -60,7 +60,7 @@ static void __jump_label_transform(struc - { - struct insn old, new; - -- if (type == JUMP_LABEL_ENABLE) { -+ if (type == JUMP_LABEL_JMP) { - jump_label_make_nop(entry, &old); - jump_label_make_branch(entry, &new); - } else { ---- a/arch/sparc/kernel/jump_label.c -+++ b/arch/sparc/kernel/jump_label.c -@@ -16,7 +16,7 @@ void arch_jump_label_transform(struct ju - u32 val; - u32 *insn = (u32 *) (unsigned long) entry->code; - -- if (type == JUMP_LABEL_ENABLE) { -+ if (type == JUMP_LABEL_JMP) { - s32 off = (s32)entry->target - (s32)entry->code; - - #ifdef CONFIG_SPARC64 ---- a/arch/x86/kernel/jump_label.c -+++ b/arch/x86/kernel/jump_label.c -@@ -45,7 +45,7 @@ static void __jump_label_transform(struc - const unsigned char default_nop[] = { STATIC_KEY_INIT_NOP }; - const unsigned char *ideal_nop = ideal_nops[NOP_ATOMIC5]; - -- if (type == JUMP_LABEL_ENABLE) { -+ if (type == JUMP_LABEL_JMP) { - if (init) { - /* - * Jump label is enabled for the first time. ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -86,8 +86,8 @@ struct static_key { - #ifndef __ASSEMBLY__ - - enum jump_label_type { -- JUMP_LABEL_DISABLE = 0, -- JUMP_LABEL_ENABLE, -+ JUMP_LABEL_NOP = 0, -+ JUMP_LABEL_JMP, - }; - - struct module; ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -65,9 +65,9 @@ void static_key_slow_inc(struct static_k - jump_label_lock(); - if (atomic_read(&key->enabled) == 0) { - if (!jump_label_get_branch_default(key)) -- jump_label_update(key, JUMP_LABEL_ENABLE); -+ jump_label_update(key, JUMP_LABEL_JMP); - else -- jump_label_update(key, JUMP_LABEL_DISABLE); -+ jump_label_update(key, JUMP_LABEL_NOP); - } - atomic_inc(&key->enabled); - jump_label_unlock(); -@@ -88,9 +88,9 @@ static void __static_key_slow_dec(struct - schedule_delayed_work(work, rate_limit); - } else { - if (!jump_label_get_branch_default(key)) -- jump_label_update(key, JUMP_LABEL_DISABLE); -+ jump_label_update(key, JUMP_LABEL_NOP); - else -- jump_label_update(key, JUMP_LABEL_ENABLE); -+ jump_label_update(key, JUMP_LABEL_JMP); - } - jump_label_unlock(); - } -@@ -191,9 +191,9 @@ static enum jump_label_type jump_label_t - bool state = static_key_enabled(key); - - if ((!true_branch && state) || (true_branch && !state)) -- return JUMP_LABEL_ENABLE; -+ return JUMP_LABEL_JMP; - -- return JUMP_LABEL_DISABLE; -+ return JUMP_LABEL_NOP; - } - - void __init jump_label_init(void) -@@ -283,7 +283,7 @@ void jump_label_apply_nops(struct module - return; - - for (iter = iter_start; iter < iter_stop; iter++) { -- arch_jump_label_transform_static(iter, JUMP_LABEL_DISABLE); -+ arch_jump_label_transform_static(iter, JUMP_LABEL_NOP); - } - } - -@@ -325,8 +325,8 @@ static int jump_label_add_module(struct - jlm->next = key->next; - key->next = jlm; - -- if (jump_label_type(key) == JUMP_LABEL_ENABLE) -- __jump_label_update(key, iter, iter_stop, JUMP_LABEL_ENABLE); -+ if (jump_label_type(key) == JUMP_LABEL_JMP) -+ __jump_label_update(key, iter, iter_stop, JUMP_LABEL_JMP); - } - - return 0; diff --git a/queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch b/queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch deleted file mode 100644 index 2d731db0..00000000 --- a/queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Wed, 12 Aug 2015 21:04:22 +0200 -Subject: jump_label/x86: Work around asm build bug on older/backported GCCs - -commit d420acd816c07c7be31bd19d09cbcb16e5572fa6 upstream. - -Boris reported that gcc version 4.4.4 20100503 (Red Hat -4.4.4-2) fails to build linux-next kernels that have -this fresh commit via the locking tree: - - 11276d5306b8 ("locking/static_keys: Add a new static_key interface") - -The problem appears to be that even though @key and @branch are -compile time constants, it doesn't see the following expression -as an immediate value: - - &((char *)key)[branch] - -More recent GCCs don't appear to have this problem. - -In particular, Red Hat backported the 'asm goto' feature into 4.4, -'normal' 4.4 compilers will not have this feature and thus not -run into this asm. - -The workaround is to supply both values to the asm as immediates -and do the addition in asm. - -Suggested-by: H. Peter Anvin <hpa@zytor.com> -Reported-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/jump_label.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/arch/x86/include/asm/jump_label.h -+++ b/arch/x86/include/asm/jump_label.h -@@ -22,9 +22,9 @@ static __always_inline bool arch_static_ - ".byte " __stringify(STATIC_KEY_INIT_NOP) "\n\t" - ".pushsection __jump_table, \"aw\" \n\t" - _ASM_ALIGN "\n\t" -- _ASM_PTR "1b, %l[l_yes], %c0 \n\t" -+ _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t" - ".popsection \n\t" -- : : "i" (&((char *)key)[branch]) : : l_yes); -+ : : "i" (key), "i" (branch) : : l_yes); - - return false; - l_yes: -@@ -38,9 +38,9 @@ static __always_inline bool arch_static_ - "2:\n\t" - ".pushsection __jump_table, \"aw\" \n\t" - _ASM_ALIGN "\n\t" -- _ASM_PTR "1b, %l[l_yes], %c0 \n\t" -+ _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t" - ".popsection \n\t" -- : : "i" (&((char *)key)[branch]) : : l_yes); -+ : : "i" (key), "i" (branch) : : l_yes); - - return false; - l_yes: diff --git a/queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch b/queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch deleted file mode 100644 index 776c3f17..00000000 --- a/queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Eduardo Habkost <ehabkost@redhat.com> -Date: Wed, 5 Dec 2018 17:19:56 -0200 -Subject: kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - -commit d7b09c827a6cf291f66637a36f46928dd1423184 upstream. - -Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL -to the guest, which makes STIBP available to guests. This was implemented -by commits d28b387fb74d ("KVM/VMX: Allow direct access to -MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to -MSR_IA32_SPEC_CTRL"). - -However, we never updated GET_SUPPORTED_CPUID to let userspace know that -STIBP can be enabled in CPUID. Fix that by updating -kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features. - -Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> -Reviewed-by: Jim Mattson <jmattson@google.com> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/kvm/cpuid.c -+++ b/arch/x86/kvm/cpuid.c -@@ -303,7 +303,7 @@ static inline int __do_cpuid_ent(struct - /* cpuid 0x80000008.ebx */ - const u32 kvm_cpuid_8000_0008_ebx_x86_features = - F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) | -- F(AMD_SSB_NO); -+ F(AMD_SSB_NO) | F(AMD_STIBP); - - /* cpuid 0xC0000001.edx */ - const u32 kvm_supported_word5_x86_features = -@@ -319,7 +319,8 @@ static inline int __do_cpuid_ent(struct - - /* cpuid 7.0.edx*/ - const u32 kvm_cpuid_7_0_edx_x86_features = -- F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES); -+ F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | -+ F(INTEL_STIBP); - - /* all calls to cpuid_count() should be made on the same cpu */ - get_cpu(); diff --git a/queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch b/queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch deleted file mode 100644 index aa3739ce..00000000 --- a/queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch +++ /dev/null @@ -1,165 +0,0 @@ -From: Paolo Bonzini <pbonzini@redhat.com> -Date: Tue, 21 Jun 2016 18:52:17 +0200 -Subject: locking/static_key: Fix concurrent static_key_slow_inc() - -commit 4c5ea0a9cd02d6aa8adc86e100b2a4cff8d614ff upstream. - -The following scenario is possible: - - CPU 1 CPU 2 - static_key_slow_inc() - atomic_inc_not_zero() - -> key.enabled == 0, no increment - jump_label_lock() - atomic_inc_return() - -> key.enabled == 1 now - static_key_slow_inc() - atomic_inc_not_zero() - -> key.enabled == 1, inc to 2 - return - ** static key is wrong! - jump_label_update() - jump_label_unlock() - -Testing the static key at the point marked by (**) will follow the -wrong path for jumps that have not been patched yet. This can -actually happen when creating many KVM virtual machines with userspace -LAPIC emulation; just run several copies of the following program: - - #include <fcntl.h> - #include <unistd.h> - #include <sys/ioctl.h> - #include <linux/kvm.h> - - int main(void) - { - for (;;) { - int kvmfd = open("/dev/kvm", O_RDONLY); - int vmfd = ioctl(kvmfd, KVM_CREATE_VM, 0); - close(ioctl(vmfd, KVM_CREATE_VCPU, 1)); - close(vmfd); - close(kvmfd); - } - return 0; - } - -Every KVM_CREATE_VCPU ioctl will attempt a static_key_slow_inc() call. -The static key's purpose is to skip NULL pointer checks and indeed one -of the processes eventually dereferences NULL. - -As explained in the commit that introduced the bug: - - 706249c222f6 ("locking/static_keys: Rework update logic") - -jump_label_update() needs key.enabled to be true. The solution adopted -here is to temporarily make key.enabled == -1, and use go down the -slow path when key.enabled <= 0. - -Reported-by: Dmitry Vyukov <dvyukov@google.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Fixes: 706249c222f6 ("locking/static_keys: Rework update logic") -Link: http://lkml.kernel.org/r/1466527937-69798-1-git-send-email-pbonzini@redhat.com -[ Small stylistic edits to the changelog and the code. ] -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - include/linux/jump_label.h | 16 +++++++++++++--- - kernel/jump_label.c | 36 +++++++++++++++++++++++++++++++++--- - 2 files changed, 46 insertions(+), 6 deletions(-) - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -117,13 +117,18 @@ struct module; - - #include <linux/atomic.h> - -+#ifdef HAVE_JUMP_LABEL -+ - static inline int static_key_count(struct static_key *key) - { -- return atomic_read(&key->enabled); -+ /* -+ * -1 means the first static_key_slow_inc() is in progress. -+ * static_key_enabled() must return true, so return 1 here. -+ */ -+ int n = atomic_read(&key->enabled); -+ return n >= 0 ? n : 1; - } - --#ifdef HAVE_JUMP_LABEL -- - #define JUMP_TYPE_FALSE 0UL - #define JUMP_TYPE_TRUE 1UL - #define JUMP_TYPE_MASK 1UL -@@ -162,6 +167,11 @@ extern void jump_label_apply_nops(struct - - #else /* !HAVE_JUMP_LABEL */ - -+static inline int static_key_count(struct static_key *key) -+{ -+ return atomic_read(&key->enabled); -+} -+ - static __always_inline void jump_label_init(void) - { - static_key_initialized = true; ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -58,13 +58,36 @@ static void jump_label_update(struct sta - - void static_key_slow_inc(struct static_key *key) - { -+ int v, v1; -+ - STATIC_KEY_CHECK_USE(); -- if (atomic_inc_not_zero(&key->enabled)) -- return; -+ -+ /* -+ * Careful if we get concurrent static_key_slow_inc() calls; -+ * later calls must wait for the first one to _finish_ the -+ * jump_label_update() process. At the same time, however, -+ * the jump_label_update() call below wants to see -+ * static_key_enabled(&key) for jumps to be updated properly. -+ * -+ * So give a special meaning to negative key->enabled: it sends -+ * static_key_slow_inc() down the slow path, and it is non-zero -+ * so it counts as "enabled" in jump_label_update(). Note that -+ * atomic_inc_unless_negative() checks >= 0, so roll our own. -+ */ -+ for (v = atomic_read(&key->enabled); v > 0; v = v1) { -+ v1 = atomic_cmpxchg(&key->enabled, v, v + 1); -+ if (likely(v1 == v)) -+ return; -+ } - - jump_label_lock(); -- if (atomic_inc_return(&key->enabled) == 1) -+ if (atomic_read(&key->enabled) == 0) { -+ atomic_set(&key->enabled, -1); - jump_label_update(key); -+ atomic_set(&key->enabled, 1); -+ } else { -+ atomic_inc(&key->enabled); -+ } - jump_label_unlock(); - } - EXPORT_SYMBOL_GPL(static_key_slow_inc); -@@ -72,6 +95,13 @@ EXPORT_SYMBOL_GPL(static_key_slow_inc); - static void __static_key_slow_dec(struct static_key *key, - unsigned long rate_limit, struct delayed_work *work) - { -+ /* -+ * The negative count check is valid even when a negative -+ * key->enabled is in use by static_key_slow_inc(); a -+ * __static_key_slow_dec() before the first static_key_slow_inc() -+ * returns is unbalanced, because all other static_key_slow_inc() -+ * instances block while the update is in progress. -+ */ - if (!atomic_dec_and_mutex_lock(&key->enabled, &jump_label_mutex)) { - WARN(atomic_read(&key->enabled) < 0, - "jump label: negative count!\n"); diff --git a/queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch b/queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch deleted file mode 100644 index 0670683c..00000000 --- a/queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch +++ /dev/null @@ -1,603 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Fri, 24 Jul 2015 15:09:55 +0200 -Subject: locking/static_keys: Add a new static_key interface - -commit 11276d5306b8e5b438a36bbff855fe792d7eaa61 upstream. - -There are various problems and short-comings with the current -static_key interface: - - - static_key_{true,false}() read like a branch depending on the key - value, instead of the actual likely/unlikely branch depending on - init value. - - - static_key_{true,false}() are, as stated above, tied to the - static_key init values STATIC_KEY_INIT_{TRUE,FALSE}. - - - we're limited to the 2 (out of 4) possible options that compile to - a default NOP because that's what our arch_static_branch() assembly - emits. - -So provide a new static_key interface: - - DEFINE_STATIC_KEY_TRUE(name); - DEFINE_STATIC_KEY_FALSE(name); - -Which define a key of different types with an initial true/false -value. - -Then allow: - - static_branch_likely() - static_branch_unlikely() - -to take a key of either type and emit the right instruction for the -case. - -This means adding a second arch_static_branch_jump() assembly helper -which emits a JMP per default. - -In order to determine the right instruction for the right state, -encode the branch type in the LSB of jump_entry::key. - -This is the final step in removing the naming confusion that has led to -a stream of avoidable bugs such as: - - a833581e372a ("x86, perf: Fix static_key bug in load_mm_cr4()") - -... but it also allows new static key combinations that will give us -performance enhancements in the subsequent patches. - -Tested-by: Rabin Vincent <rabin@rab.in> # arm -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Acked-by: Michael Ellerman <mpe@ellerman.id.au> # ppc -Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> # s390 -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -[bwh: Backported to 3.16: - - For s390, use the 31-bit-compatible macros in arch_static_branch_jump() - - -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/arm/include/asm/jump_label.h | 25 +++-- - arch/arm64/include/asm/jump_label.h | 18 +++- - arch/mips/include/asm/jump_label.h | 19 +++- - arch/powerpc/include/asm/jump_label.h | 19 +++- - arch/s390/include/asm/jump_label.h | 19 +++- - arch/sparc/include/asm/jump_label.h | 35 ++++-- - arch/x86/include/asm/jump_label.h | 21 +++- - include/linux/jump_label.h | 149 ++++++++++++++++++++++++-- - kernel/jump_label.c | 37 +++++-- - 9 files changed, 298 insertions(+), 44 deletions(-) - ---- a/arch/arm/include/asm/jump_label.h -+++ b/arch/arm/include/asm/jump_label.h -@@ -4,23 +4,32 @@ - #ifndef __ASSEMBLY__ - - #include <linux/types.h> -+#include <asm/unified.h> - - #define JUMP_LABEL_NOP_SIZE 4 - --#ifdef CONFIG_THUMB2_KERNEL --#define JUMP_LABEL_NOP "nop.w" --#else --#define JUMP_LABEL_NOP "nop" --#endif -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) -+{ -+ asm_volatile_goto("1:\n\t" -+ WASM(nop) "\n\t" -+ ".pushsection __jump_table, \"aw\"\n\t" -+ ".word 1b, %l[l_yes], %c0\n\t" -+ ".popsection\n\t" -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ -+ return false; -+l_yes: -+ return true; -+} - --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) - { - asm_volatile_goto("1:\n\t" -- JUMP_LABEL_NOP "\n\t" -+ WASM(b) " %l[l_yes]\n\t" - ".pushsection __jump_table, \"aw\"\n\t" - ".word 1b, %l[l_yes], %c0\n\t" - ".popsection\n\t" -- : : "i" (key) : : l_yes); -+ : : "i" (&((char *)key)[branch]) : : l_yes); - - return false; - l_yes: ---- a/arch/arm64/include/asm/jump_label.h -+++ b/arch/arm64/include/asm/jump_label.h -@@ -26,14 +26,28 @@ - - #define JUMP_LABEL_NOP_SIZE AARCH64_INSN_SIZE - --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { - asm goto("1: nop\n\t" - ".pushsection __jump_table, \"aw\"\n\t" - ".align 3\n\t" - ".quad 1b, %l[l_yes], %c0\n\t" - ".popsection\n\t" -- : : "i"(key) : : l_yes); -+ : : "i"(&((char *)key)[branch]) : : l_yes); -+ -+ return false; -+l_yes: -+ return true; -+} -+ -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) -+{ -+ asm goto("1: b %l[l_yes]\n\t" -+ ".pushsection __jump_table, \"aw\"\n\t" -+ ".align 3\n\t" -+ ".quad 1b, %l[l_yes], %c0\n\t" -+ ".popsection\n\t" -+ : : "i"(&((char *)key)[branch]) : : l_yes); - - return false; - l_yes: ---- a/arch/mips/include/asm/jump_label.h -+++ b/arch/mips/include/asm/jump_label.h -@@ -26,14 +26,29 @@ - #define NOP_INSN "nop" - #endif - --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { - asm_volatile_goto("1:\t" NOP_INSN "\n\t" - "nop\n\t" - ".pushsection __jump_table, \"aw\"\n\t" - WORD_INSN " 1b, %l[l_yes], %0\n\t" - ".popsection\n\t" -- : : "i" (key) : : l_yes); -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ -+ return false; -+l_yes: -+ return true; -+} -+ -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) -+{ -+ asm_volatile_goto("1:\tj %l[l_yes]\n\t" -+ "nop\n\t" -+ ".pushsection __jump_table, \"aw\"\n\t" -+ WORD_INSN " 1b, %l[l_yes], %0\n\t" -+ ".popsection\n\t" -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ - return false; - l_yes: - return true; ---- a/arch/powerpc/include/asm/jump_label.h -+++ b/arch/powerpc/include/asm/jump_label.h -@@ -17,14 +17,29 @@ - #define JUMP_ENTRY_TYPE stringify_in_c(FTR_ENTRY_LONG) - #define JUMP_LABEL_NOP_SIZE 4 - --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { - asm_volatile_goto("1:\n\t" - "nop\n\t" - ".pushsection __jump_table, \"aw\"\n\t" - JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t" - ".popsection \n\t" -- : : "i" (key) : : l_yes); -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ -+ return false; -+l_yes: -+ return true; -+} -+ -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) -+{ -+ asm_volatile_goto("1:\n\t" -+ "b %l[l_yes]\n\t" -+ ".pushsection __jump_table, \"aw\"\n\t" -+ JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t" -+ ".popsection \n\t" -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ - return false; - l_yes: - return true; ---- a/arch/s390/include/asm/jump_label.h -+++ b/arch/s390/include/asm/jump_label.h -@@ -20,14 +20,29 @@ - * We use a brcl 0,2 instruction for jump labels at compile time so it - * can be easily distinguished from a hotpatch generated instruction. - */ --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { - asm_volatile_goto("0: brcl 0,"__stringify(JUMP_LABEL_NOP_OFFSET)"\n" - ".pushsection __jump_table, \"aw\"\n" - ASM_ALIGN "\n" - ASM_PTR " 0b, %l[label], %0\n" - ".popsection\n" -- : : "X" (key) : : label); -+ : : "X" (&((char *)key)[branch]) : : label); -+ -+ return false; -+label: -+ return true; -+} -+ -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) -+{ -+ asm_volatile_goto("0: brcl 15, %l[label]\n" -+ ".pushsection __jump_table, \"aw\"\n" -+ ASM_ALIGN "\n" -+ ASM_PTR " 0b, %l[label], %0\n" -+ ".popsection\n" -+ : : "X" (&((char *)key)[branch]) : : label); -+ - return false; - label: - return true; ---- a/arch/sparc/include/asm/jump_label.h -+++ b/arch/sparc/include/asm/jump_label.h -@@ -7,16 +7,33 @@ - - #define JUMP_LABEL_NOP_SIZE 4 - --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { -- asm_volatile_goto("1:\n\t" -- "nop\n\t" -- "nop\n\t" -- ".pushsection __jump_table, \"aw\"\n\t" -- ".align 4\n\t" -- ".word 1b, %l[l_yes], %c0\n\t" -- ".popsection \n\t" -- : : "i" (key) : : l_yes); -+ asm_volatile_goto("1:\n\t" -+ "nop\n\t" -+ "nop\n\t" -+ ".pushsection __jump_table, \"aw\"\n\t" -+ ".align 4\n\t" -+ ".word 1b, %l[l_yes], %c0\n\t" -+ ".popsection \n\t" -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ -+ return false; -+l_yes: -+ return true; -+} -+ -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) -+{ -+ asm_volatile_goto("1:\n\t" -+ "b %l[l_yes]\n\t" -+ "nop\n\t" -+ ".pushsection __jump_table, \"aw\"\n\t" -+ ".align 4\n\t" -+ ".word 1b, %l[l_yes], %c0\n\t" -+ ".popsection \n\t" -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ - return false; - l_yes: - return true; ---- a/arch/x86/include/asm/jump_label.h -+++ b/arch/x86/include/asm/jump_label.h -@@ -16,7 +16,7 @@ - # define STATIC_KEY_INIT_NOP GENERIC_NOP5_ATOMIC - #endif - --static __always_inline bool arch_static_branch(struct static_key *key) -+static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { - asm_volatile_goto("1:" - ".byte " __stringify(STATIC_KEY_INIT_NOP) "\n\t" -@@ -24,7 +24,24 @@ static __always_inline bool arch_static_ - _ASM_ALIGN "\n\t" - _ASM_PTR "1b, %l[l_yes], %c0 \n\t" - ".popsection \n\t" -- : : "i" (key) : : l_yes); -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ -+ return false; -+l_yes: -+ return true; -+} -+ -+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch) -+{ -+ asm_volatile_goto("1:" -+ ".byte 0xe9\n\t .long %l[l_yes] - 2f\n\t" -+ "2:\n\t" -+ ".pushsection __jump_table, \"aw\" \n\t" -+ _ASM_ALIGN "\n\t" -+ _ASM_PTR "1b, %l[l_yes], %c0 \n\t" -+ ".popsection \n\t" -+ : : "i" (&((char *)key)[branch]) : : l_yes); -+ - return false; - l_yes: - return true; ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -107,12 +107,12 @@ static inline int static_key_count(struc - - static __always_inline bool static_key_false(struct static_key *key) - { -- return arch_static_branch(key); -+ return arch_static_branch(key, false); - } - - static __always_inline bool static_key_true(struct static_key *key) - { -- return !static_key_false(key); -+ return !arch_static_branch(key, true); - } - - extern struct jump_entry __start___jump_table[]; -@@ -130,12 +130,12 @@ extern void static_key_slow_inc(struct s - extern void static_key_slow_dec(struct static_key *key); - extern void jump_label_apply_nops(struct module *mod); - --#define STATIC_KEY_INIT_TRUE ((struct static_key) \ -+#define STATIC_KEY_INIT_TRUE \ - { .enabled = ATOMIC_INIT(1), \ -- .entries = (void *)JUMP_TYPE_TRUE }) --#define STATIC_KEY_INIT_FALSE ((struct static_key) \ -+ .entries = (void *)JUMP_TYPE_TRUE } -+#define STATIC_KEY_INIT_FALSE \ - { .enabled = ATOMIC_INIT(0), \ -- .entries = (void *)JUMP_TYPE_FALSE }) -+ .entries = (void *)JUMP_TYPE_FALSE } - - #else /* !HAVE_JUMP_LABEL */ - -@@ -183,10 +183,8 @@ static inline int jump_label_apply_nops( - return 0; - } - --#define STATIC_KEY_INIT_TRUE ((struct static_key) \ -- { .enabled = ATOMIC_INIT(1) }) --#define STATIC_KEY_INIT_FALSE ((struct static_key) \ -- { .enabled = ATOMIC_INIT(0) }) -+#define STATIC_KEY_INIT_TRUE { .enabled = ATOMIC_INIT(1) } -+#define STATIC_KEY_INIT_FALSE { .enabled = ATOMIC_INIT(0) } - - #endif /* HAVE_JUMP_LABEL */ - -@@ -218,6 +216,137 @@ static inline void static_key_disable(st - static_key_slow_dec(key); - } - -+/* -------------------------------------------------------------------------- */ -+ -+/* -+ * Two type wrappers around static_key, such that we can use compile time -+ * type differentiation to emit the right code. -+ * -+ * All the below code is macros in order to play type games. -+ */ -+ -+struct static_key_true { -+ struct static_key key; -+}; -+ -+struct static_key_false { -+ struct static_key key; -+}; -+ -+#define STATIC_KEY_TRUE_INIT (struct static_key_true) { .key = STATIC_KEY_INIT_TRUE, } -+#define STATIC_KEY_FALSE_INIT (struct static_key_false){ .key = STATIC_KEY_INIT_FALSE, } -+ -+#define DEFINE_STATIC_KEY_TRUE(name) \ -+ struct static_key_true name = STATIC_KEY_TRUE_INIT -+ -+#define DEFINE_STATIC_KEY_FALSE(name) \ -+ struct static_key_false name = STATIC_KEY_FALSE_INIT -+ -+#ifdef HAVE_JUMP_LABEL -+ -+/* -+ * Combine the right initial value (type) with the right branch order -+ * to generate the desired result. -+ * -+ * -+ * type\branch| likely (1) | unlikely (0) -+ * -----------+-----------------------+------------------ -+ * | | -+ * true (1) | ... | ... -+ * | NOP | JMP L -+ * | <br-stmts> | 1: ... -+ * | L: ... | -+ * | | -+ * | | L: <br-stmts> -+ * | | jmp 1b -+ * | | -+ * -----------+-----------------------+------------------ -+ * | | -+ * false (0) | ... | ... -+ * | JMP L | NOP -+ * | <br-stmts> | 1: ... -+ * | L: ... | -+ * | | -+ * | | L: <br-stmts> -+ * | | jmp 1b -+ * | | -+ * -----------+-----------------------+------------------ -+ * -+ * The initial value is encoded in the LSB of static_key::entries, -+ * type: 0 = false, 1 = true. -+ * -+ * The branch type is encoded in the LSB of jump_entry::key, -+ * branch: 0 = unlikely, 1 = likely. -+ * -+ * This gives the following logic table: -+ * -+ * enabled type branch instuction -+ * -----------------------------+----------- -+ * 0 0 0 | NOP -+ * 0 0 1 | JMP -+ * 0 1 0 | NOP -+ * 0 1 1 | JMP -+ * -+ * 1 0 0 | JMP -+ * 1 0 1 | NOP -+ * 1 1 0 | JMP -+ * 1 1 1 | NOP -+ * -+ * Which gives the following functions: -+ * -+ * dynamic: instruction = enabled ^ branch -+ * static: instruction = type ^ branch -+ * -+ * See jump_label_type() / jump_label_init_type(). -+ */ -+ -+extern bool ____wrong_branch_error(void); -+ -+#define static_branch_likely(x) \ -+({ \ -+ bool branch; \ -+ if (__builtin_types_compatible_p(typeof(*x), struct static_key_true)) \ -+ branch = !arch_static_branch(&(x)->key, true); \ -+ else if (__builtin_types_compatible_p(typeof(*x), struct static_key_false)) \ -+ branch = !arch_static_branch_jump(&(x)->key, true); \ -+ else \ -+ branch = ____wrong_branch_error(); \ -+ branch; \ -+}) -+ -+#define static_branch_unlikely(x) \ -+({ \ -+ bool branch; \ -+ if (__builtin_types_compatible_p(typeof(*x), struct static_key_true)) \ -+ branch = arch_static_branch_jump(&(x)->key, false); \ -+ else if (__builtin_types_compatible_p(typeof(*x), struct static_key_false)) \ -+ branch = arch_static_branch(&(x)->key, false); \ -+ else \ -+ branch = ____wrong_branch_error(); \ -+ branch; \ -+}) -+ -+#else /* !HAVE_JUMP_LABEL */ -+ -+#define static_branch_likely(x) likely(static_key_enabled(&(x)->key)) -+#define static_branch_unlikely(x) unlikely(static_key_enabled(&(x)->key)) -+ -+#endif /* HAVE_JUMP_LABEL */ -+ -+/* -+ * Advanced usage; refcount, branch is enabled when: count != 0 -+ */ -+ -+#define static_branch_inc(x) static_key_slow_inc(&(x)->key) -+#define static_branch_dec(x) static_key_slow_dec(&(x)->key) -+ -+/* -+ * Normal usage; boolean enable/disable. -+ */ -+ -+#define static_branch_enable(x) static_key_enable(&(x)->key) -+#define static_branch_disable(x) static_key_disable(&(x)->key) -+ - #endif /* _LINUX_JUMP_LABEL_H */ - - #endif /* __ASSEMBLY__ */ ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -172,16 +172,22 @@ static inline bool static_key_type(struc - - static inline struct static_key *jump_entry_key(struct jump_entry *entry) - { -- return (struct static_key *)((unsigned long)entry->key); -+ return (struct static_key *)((unsigned long)entry->key & ~1UL); -+} -+ -+static bool jump_entry_branch(struct jump_entry *entry) -+{ -+ return (unsigned long)entry->key & 1UL; - } - - static enum jump_label_type jump_label_type(struct jump_entry *entry) - { - struct static_key *key = jump_entry_key(entry); - bool enabled = static_key_enabled(key); -- bool type = static_key_type(key); -+ bool branch = jump_entry_branch(entry); - -- return enabled ^ type; -+ /* See the comment in linux/jump_label.h */ -+ return enabled ^ branch; - } - - static void __jump_label_update(struct static_key *key, -@@ -212,7 +218,10 @@ void __init jump_label_init(void) - for (iter = iter_start; iter < iter_stop; iter++) { - struct static_key *iterk; - -- arch_jump_label_transform_static(iter, jump_label_type(iter)); -+ /* rewrite NOPs */ -+ if (jump_label_type(iter) == JUMP_LABEL_NOP) -+ arch_jump_label_transform_static(iter, JUMP_LABEL_NOP); -+ - iterk = jump_entry_key(iter); - if (iterk == key) - continue; -@@ -232,6 +241,16 @@ void __init jump_label_init(void) - - #ifdef CONFIG_MODULES - -+static enum jump_label_type jump_label_init_type(struct jump_entry *entry) -+{ -+ struct static_key *key = jump_entry_key(entry); -+ bool type = static_key_type(key); -+ bool branch = jump_entry_branch(entry); -+ -+ /* See the comment in linux/jump_label.h */ -+ return type ^ branch; -+} -+ - struct static_key_mod { - struct static_key_mod *next; - struct jump_entry *entries; -@@ -283,8 +302,11 @@ void jump_label_apply_nops(struct module - if (iter_start == iter_stop) - return; - -- for (iter = iter_start; iter < iter_stop; iter++) -- arch_jump_label_transform_static(iter, JUMP_LABEL_NOP); -+ for (iter = iter_start; iter < iter_stop; iter++) { -+ /* Only write NOPs for arch_branch_static(). */ -+ if (jump_label_init_type(iter) == JUMP_LABEL_NOP) -+ arch_jump_label_transform_static(iter, JUMP_LABEL_NOP); -+ } - } - - static int jump_label_add_module(struct module *mod) -@@ -325,7 +347,8 @@ static int jump_label_add_module(struct - jlm->next = key->next; - key->next = jlm; - -- if (jump_label_type(iter) == JUMP_LABEL_JMP) -+ /* Only update if we've changed from our initial state */ -+ if (jump_label_type(iter) != jump_label_init_type(iter)) - __jump_label_update(key, iter, iter_stop); - } - diff --git a/queue-3.16/locking-static_keys-fix-a-silly-typo.patch b/queue-3.16/locking-static_keys-fix-a-silly-typo.patch deleted file mode 100644 index 25c1d6d2..00000000 --- a/queue-3.16/locking-static_keys-fix-a-silly-typo.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Jonathan Corbet <corbet@lwn.net> -Date: Mon, 7 Sep 2015 13:18:03 -0600 -Subject: locking/static_keys: Fix a silly typo - -commit edcd591c77a48da753456f92daf8bb50fe9bac93 upstream. - -Commit: - - 412758cb2670 ("jump label, locking/static_keys: Update docs") - -introduced a typo that might as well get fixed. - -Signed-off-by: Jonathan Corbet <corbet@lwn.net> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Jason Baron <jbaron@akamai.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Link: http://lkml.kernel.org/r/20150907131803.54c027e1@lwn.net -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/static-keys.txt | 2 +- - include/linux/jump_label.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/Documentation/static-keys.txt -+++ b/Documentation/static-keys.txt -@@ -16,7 +16,7 @@ The updated API replacements are: - DEFINE_STATIC_KEY_TRUE(key); - DEFINE_STATIC_KEY_FALSE(key); - static_key_likely() --statick_key_unlikely() -+static_key_unlikely() - - 0) Abstract - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -22,7 +22,7 @@ - * DEFINE_STATIC_KEY_TRUE(key); - * DEFINE_STATIC_KEY_FALSE(key); - * static_key_likely() -- * statick_key_unlikely() -+ * static_key_unlikely() - * - * Jump labels provide an interface to generate dynamic branches using - * self-modifying code. Assuming toolchain and architecture support, if we diff --git a/queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch b/queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch deleted file mode 100644 index d5d19997..00000000 --- a/queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: Jonathan Corbet <corbet@lwn.net> -Date: Mon, 14 Sep 2015 17:11:05 -0600 -Subject: locking/static_keys: Fix up the static keys documentation - -commit 1975dbc276c6ab62230cf4f9df5ddc9ff0e0e473 upstream. - -Fix a few small mistakes in the static key documentation and -delete an unneeded sentence. - -Suggested-by: Jason Baron <jbaron@akamai.com> -Signed-off-by: Jonathan Corbet <corbet@lwn.net> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Link: http://lkml.kernel.org/r/20150914171105.511e1e21@lwn.net -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/static-keys.txt | 4 ++-- - include/linux/jump_label.h | 10 ++++------ - 2 files changed, 6 insertions(+), 8 deletions(-) - ---- a/Documentation/static-keys.txt -+++ b/Documentation/static-keys.txt -@@ -15,8 +15,8 @@ The updated API replacements are: - - DEFINE_STATIC_KEY_TRUE(key); - DEFINE_STATIC_KEY_FALSE(key); --static_key_likely() --static_key_unlikely() -+static_branch_likely() -+static_branch_unlikely() - - 0) Abstract - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -21,8 +21,8 @@ - * - * DEFINE_STATIC_KEY_TRUE(key); - * DEFINE_STATIC_KEY_FALSE(key); -- * static_key_likely() -- * static_key_unlikely() -+ * static_branch_likely() -+ * static_branch_unlikely() - * - * Jump labels provide an interface to generate dynamic branches using - * self-modifying code. Assuming toolchain and architecture support, if we -@@ -45,12 +45,10 @@ - * statement, setting the key to true requires us to patch in a jump - * to the out-of-line of true branch. - * -- * In addtion to static_branch_{enable,disable}, we can also reference count -+ * In addition to static_branch_{enable,disable}, we can also reference count - * the key or branch direction via static_branch_{inc,dec}. Thus, - * static_branch_inc() can be thought of as a 'make more true' and -- * static_branch_dec() as a 'make more false'. The inc()/dec() -- * interface is meant to be used exclusively from the inc()/dec() for a given -- * key. -+ * static_branch_dec() as a 'make more false'. - * - * Since this relies on modifying code, the branch modifying functions - * must be considered absolute slow paths (machine wide synchronization etc.). diff --git a/queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch b/queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch deleted file mode 100644 index 48cb8a3d..00000000 --- a/queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Tony Luck <tony.luck@intel.com> -Date: Thu, 1 Sep 2016 11:39:33 -0700 -Subject: locking/static_keys: Provide DECLARE and well as DEFINE macros - -commit b8fb03785d4de097507d0cf45873525e0ac4d2b2 upstream. - -We will need to provide declarations of static keys in header -files. Provide DECLARE_STATIC_KEY_{TRUE,FALSE} macros. - -Signed-off-by: Tony Luck <tony.luck@intel.com> -Acked-by: Borislav Petkov <bp@suse.de> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Dan Williams <dan.j.williams@intel.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Link: http://lkml.kernel.org/r/816881cf85bd3cf13385d212882618f38a3b5d33.1472754711.git.tony.luck@intel.com -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - include/linux/jump_label.h | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/include/linux/jump_label.h -+++ b/include/linux/jump_label.h -@@ -267,9 +267,15 @@ struct static_key_false { - #define DEFINE_STATIC_KEY_TRUE(name) \ - struct static_key_true name = STATIC_KEY_TRUE_INIT - -+#define DECLARE_STATIC_KEY_TRUE(name) \ -+ extern struct static_key_true name -+ - #define DEFINE_STATIC_KEY_FALSE(name) \ - struct static_key_false name = STATIC_KEY_FALSE_INIT - -+#define DECLARE_STATIC_KEY_FALSE(name) \ -+ extern struct static_key_false name -+ - extern bool ____wrong_branch_error(void); - - #define static_key_enabled(x) \ diff --git a/queue-3.16/locking-static_keys-rework-update-logic.patch b/queue-3.16/locking-static_keys-rework-update-logic.patch deleted file mode 100644 index db4a13a6..00000000 --- a/queue-3.16/locking-static_keys-rework-update-logic.patch +++ /dev/null @@ -1,226 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Fri, 24 Jul 2015 15:06:37 +0200 -Subject: locking/static_keys: Rework update logic - -commit 706249c222f68471b6f8e9e8e9b77665c404b226 upstream. - -Instead of spreading the branch_default logic all over the place, -concentrate it into the one jump_label_type() function. - -This does mean we need to actually increment/decrement the enabled -count _before_ calling the update path, otherwise jump_label_type() -will not see the right state. - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - kernel/jump_label.c | 88 ++++++++++++++++++++------------------------- - 1 file changed, 38 insertions(+), 50 deletions(-) - ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -54,12 +54,7 @@ jump_label_sort_entries(struct jump_entr - sort(start, size, sizeof(struct jump_entry), jump_label_cmp, NULL); - } - --static void jump_label_update(struct static_key *key, int enable); -- --static inline bool static_key_type(struct static_key *key) --{ -- return (unsigned long)key->entries & JUMP_TYPE_MASK; --} -+static void jump_label_update(struct static_key *key); - - void static_key_slow_inc(struct static_key *key) - { -@@ -68,13 +63,8 @@ void static_key_slow_inc(struct static_k - return; - - jump_label_lock(); -- if (atomic_read(&key->enabled) == 0) { -- if (!static_key_type(key)) -- jump_label_update(key, JUMP_LABEL_JMP); -- else -- jump_label_update(key, JUMP_LABEL_NOP); -- } -- atomic_inc(&key->enabled); -+ if (atomic_inc_return(&key->enabled) == 1) -+ jump_label_update(key); - jump_label_unlock(); - } - EXPORT_SYMBOL_GPL(static_key_slow_inc); -@@ -92,10 +82,7 @@ static void __static_key_slow_dec(struct - atomic_inc(&key->enabled); - schedule_delayed_work(work, rate_limit); - } else { -- if (!static_key_type(key)) -- jump_label_update(key, JUMP_LABEL_NOP); -- else -- jump_label_update(key, JUMP_LABEL_JMP); -+ jump_label_update(key); - } - jump_label_unlock(); - } -@@ -161,7 +148,7 @@ static int __jump_label_text_reserved(st - return 0; - } - --/* -+/* - * Update code which is definitely not currently executing. - * Architectures which need heavyweight synchronization to modify - * running code can override this to make the non-live update case -@@ -170,29 +157,17 @@ static int __jump_label_text_reserved(st - void __weak __init_or_module arch_jump_label_transform_static(struct jump_entry *entry, - enum jump_label_type type) - { -- arch_jump_label_transform(entry, type); -+ arch_jump_label_transform(entry, type); - } - --static void __jump_label_update(struct static_key *key, -- struct jump_entry *entry, -- struct jump_entry *stop, int enable) -+static inline struct jump_entry *static_key_entries(struct static_key *key) - { -- for (; (entry < stop) && -- (entry->key == (jump_label_t)(unsigned long)key); -- entry++) { -- /* -- * entry->code set to 0 invalidates module init text sections -- * kernel_text_address() verifies we are not in core kernel -- * init code, see jump_label_invalidate_module_init(). -- */ -- if (entry->code && kernel_text_address(entry->code)) -- arch_jump_label_transform(entry, enable); -- } -+ return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK); - } - --static inline struct jump_entry *static_key_entries(struct static_key *key) -+static inline bool static_key_type(struct static_key *key) - { -- return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK); -+ return (unsigned long)key->entries & JUMP_TYPE_MASK; - } - - static inline struct static_key *jump_entry_key(struct jump_entry *entry) -@@ -200,14 +175,30 @@ static inline struct static_key *jump_en - return (struct static_key *)((unsigned long)entry->key); - } - --static enum jump_label_type jump_label_type(struct static_key *key) -+static enum jump_label_type jump_label_type(struct jump_entry *entry) - { -+ struct static_key *key = jump_entry_key(entry); - bool enabled = static_key_enabled(key); - bool type = static_key_type(key); - - return enabled ^ type; - } - -+static void __jump_label_update(struct static_key *key, -+ struct jump_entry *entry, -+ struct jump_entry *stop) -+{ -+ for (; (entry < stop) && (jump_entry_key(entry) == key); entry++) { -+ /* -+ * entry->code set to 0 invalidates module init text sections -+ * kernel_text_address() verifies we are not in core kernel -+ * init code, see jump_label_invalidate_module_init(). -+ */ -+ if (entry->code && kernel_text_address(entry->code)) -+ arch_jump_label_transform(entry, jump_label_type(entry)); -+ } -+} -+ - void __init jump_label_init(void) - { - struct jump_entry *iter_start = __start___jump_table; -@@ -221,8 +212,8 @@ void __init jump_label_init(void) - for (iter = iter_start; iter < iter_stop; iter++) { - struct static_key *iterk; - -+ arch_jump_label_transform_static(iter, jump_label_type(iter)); - iterk = jump_entry_key(iter); -- arch_jump_label_transform_static(iter, jump_label_type(iterk)); - if (iterk == key) - continue; - -@@ -262,17 +253,15 @@ static int __jump_label_mod_text_reserve - start, end); - } - --static void __jump_label_mod_update(struct static_key *key, int enable) -+static void __jump_label_mod_update(struct static_key *key) - { -- struct static_key_mod *mod = key->next; -+ struct static_key_mod *mod; - -- while (mod) { -+ for (mod = key->next; mod; mod = mod->next) { - struct module *m = mod->mod; - - __jump_label_update(key, mod->entries, -- m->jump_entries + m->num_jump_entries, -- enable); -- mod = mod->next; -+ m->jump_entries + m->num_jump_entries); - } - } - -@@ -294,9 +283,8 @@ void jump_label_apply_nops(struct module - if (iter_start == iter_stop) - return; - -- for (iter = iter_start; iter < iter_stop; iter++) { -+ for (iter = iter_start; iter < iter_stop; iter++) - arch_jump_label_transform_static(iter, JUMP_LABEL_NOP); -- } - } - - static int jump_label_add_module(struct module *mod) -@@ -337,8 +325,8 @@ static int jump_label_add_module(struct - jlm->next = key->next; - key->next = jlm; - -- if (jump_label_type(key) == JUMP_LABEL_JMP) -- __jump_label_update(key, iter, iter_stop, JUMP_LABEL_JMP); -+ if (jump_label_type(iter) == JUMP_LABEL_JMP) -+ __jump_label_update(key, iter, iter_stop); - } - - return 0; -@@ -458,14 +446,14 @@ int jump_label_text_reserved(void *start - return ret; - } - --static void jump_label_update(struct static_key *key, int enable) -+static void jump_label_update(struct static_key *key) - { - struct jump_entry *stop = __stop___jump_table; - struct jump_entry *entry = static_key_entries(key); - #ifdef CONFIG_MODULES - struct module *mod; - -- __jump_label_mod_update(key, enable); -+ __jump_label_mod_update(key); - - preempt_disable(); - mod = __module_address((unsigned long)key); -@@ -475,7 +463,7 @@ static void jump_label_update(struct sta - #endif - /* if there are no users, entry can be NULL */ - if (entry) -- __jump_label_update(key, entry, stop, enable); -+ __jump_label_update(key, entry, stop); - } - - #endif diff --git a/queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch b/queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch deleted file mode 100644 index e5b3c197..00000000 --- a/queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: "Maciej W. Rozycki" <macro@codesourcery.com> -Date: Mon, 17 Nov 2014 16:09:54 +0000 -Subject: MIPS: jump_label.c: Correct the span of the J instruction - -commit 99436f7d69045800ffd1d66912f85d37150c7e2b upstream. - -Correct the check for the span of the 256MB segment addressable by the J -instruction according to this instruction's semantics. The calculation -of the jump target is applied to the address of the delay-slot -instruction that immediately follows. Adjust the check accordingly by -adding 4 to `e->code' that holds the address of the J instruction -itself. - -Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> -Cc: linux-mips@linux-mips.org -Patchwork: https://patchwork.linux-mips.org/patch/8515/ -Signed-off-by: Ralf Baechle <ralf@linux-mips.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/mips/kernel/jump_label.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/arch/mips/kernel/jump_label.c -+++ b/arch/mips/kernel/jump_label.c -@@ -27,8 +27,8 @@ void arch_jump_label_transform(struct ju - union mips_instruction *insn_p = - (union mips_instruction *)(unsigned long)e->code; - -- /* Jump only works within a 256MB aligned region. */ -- BUG_ON((e->target & ~J_RANGE_MASK) != (e->code & ~J_RANGE_MASK)); -+ /* Jump only works within a 256MB aligned region of its delay slot. */ -+ BUG_ON((e->target & ~J_RANGE_MASK) != ((e->code + 4) & ~J_RANGE_MASK)); - - /* Target must have 4 byte alignment. */ - BUG_ON((e->target & 3) != 0); diff --git a/queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch b/queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch deleted file mode 100644 index 533af0ee..00000000 --- a/queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch +++ /dev/null @@ -1,109 +0,0 @@ -From: "Maciej W. Rozycki" <macro@codesourcery.com> -Date: Mon, 17 Nov 2014 16:10:32 +0000 -Subject: MIPS: jump_label.c: Handle the microMIPS J instruction encoding - -commit 935c2dbec4d6d3163ee8e7409996904a734ad89a upstream. - -Implement the microMIPS encoding of the J instruction for the purpose of -the static keys feature, fixing a crash early on in bootstrap as the -kernel is unhappy seeing the ISA bit set in jump table entries. Make -sure the ISA bit correctly reflects the instruction encoding chosen for -the kernel, 0 for the standard MIPS and 1 for the microMIPS encoding. - -Also make sure the instruction to patch is a 32-bit NOP in the microMIPS -mode as by default the 16-bit short encoding is assumed - -Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> -Cc: linux-mips@linux-mips.org -Patchwork: https://patchwork.linux-mips.org/patch/8516/ -Signed-off-by: Ralf Baechle <ralf@linux-mips.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/mips/include/asm/jump_label.h | 8 +++++- - arch/mips/kernel/jump_label.c | 40 +++++++++++++++++++++++------- - 2 files changed, 38 insertions(+), 10 deletions(-) - ---- a/arch/mips/include/asm/jump_label.h -+++ b/arch/mips/include/asm/jump_label.h -@@ -20,9 +20,15 @@ - #define WORD_INSN ".word" - #endif - -+#ifdef CONFIG_CPU_MICROMIPS -+#define NOP_INSN "nop32" -+#else -+#define NOP_INSN "nop" -+#endif -+ - static __always_inline bool arch_static_branch(struct static_key *key) - { -- asm_volatile_goto("1:\tnop\n\t" -+ asm_volatile_goto("1:\t" NOP_INSN "\n\t" - "nop\n\t" - ".pushsection __jump_table, \"aw\"\n\t" - WORD_INSN " 1b, %l[l_yes], %0\n\t" ---- a/arch/mips/kernel/jump_label.c -+++ b/arch/mips/kernel/jump_label.c -@@ -18,31 +18,53 @@ - - #ifdef HAVE_JUMP_LABEL - --#define J_RANGE_MASK ((1ul << 28) - 1) -+/* -+ * Define parameters for the standard MIPS and the microMIPS jump -+ * instruction encoding respectively: -+ * -+ * - the ISA bit of the target, either 0 or 1 respectively, -+ * -+ * - the amount the jump target address is shifted right to fit in the -+ * immediate field of the machine instruction, either 2 or 1, -+ * -+ * - the mask determining the size of the jump region relative to the -+ * delay-slot instruction, either 256MB or 128MB, -+ * -+ * - the jump target alignment, either 4 or 2 bytes. -+ */ -+#define J_ISA_BIT IS_ENABLED(CONFIG_CPU_MICROMIPS) -+#define J_RANGE_SHIFT (2 - J_ISA_BIT) -+#define J_RANGE_MASK ((1ul << (26 + J_RANGE_SHIFT)) - 1) -+#define J_ALIGN_MASK ((1ul << J_RANGE_SHIFT) - 1) - - void arch_jump_label_transform(struct jump_entry *e, - enum jump_label_type type) - { -+ union mips_instruction *insn_p; - union mips_instruction insn; -- union mips_instruction *insn_p = -- (union mips_instruction *)(unsigned long)e->code; - -- /* Jump only works within a 256MB aligned region of its delay slot. */ -+ insn_p = (union mips_instruction *)msk_isa16_mode(e->code); -+ -+ /* Jump only works within an aligned region its delay slot is in. */ - BUG_ON((e->target & ~J_RANGE_MASK) != ((e->code + 4) & ~J_RANGE_MASK)); - -- /* Target must have 4 byte alignment. */ -- BUG_ON((e->target & 3) != 0); -+ /* Target must have the right alignment and ISA must be preserved. */ -+ BUG_ON((e->target & J_ALIGN_MASK) != J_ISA_BIT); - - if (type == JUMP_LABEL_ENABLE) { -- insn.j_format.opcode = j_op; -- insn.j_format.target = (e->target & J_RANGE_MASK) >> 2; -+ insn.j_format.opcode = J_ISA_BIT ? mm_j32_op : j_op; -+ insn.j_format.target = e->target >> J_RANGE_SHIFT; - } else { - insn.word = 0; /* nop */ - } - - get_online_cpus(); - mutex_lock(&text_mutex); -- *insn_p = insn; -+ if (IS_ENABLED(CONFIG_CPU_MICROMIPS)) { -+ insn_p->halfword[0] = insn.word >> 16; -+ insn_p->halfword[1] = insn.word; -+ } else -+ *insn_p = insn; - - flush_icache_range((unsigned long)insn_p, - (unsigned long)insn_p + sizeof(*insn_p)); diff --git a/queue-3.16/module-add-within_module-function.patch b/queue-3.16/module-add-within_module-function.patch deleted file mode 100644 index b844fdc2..00000000 --- a/queue-3.16/module-add-within_module-function.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Petr Mladek <pmladek@suse.cz> -Date: Sun, 27 Jul 2014 07:24:01 +0930 -Subject: module: add within_module() function - -commit 9b20a352d78a7651aa68a9220f77ccb03009d892 upstream. - -It is just a small optimization that allows to replace few -occurrences of within_module_init() || within_module_core() -with a single call. - -Signed-off-by: Petr Mladek <pmladek@suse.cz> -Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - include/linux/module.h | 5 +++++ - kernel/module.c | 12 ++++-------- - 2 files changed, 9 insertions(+), 8 deletions(-) - ---- a/include/linux/module.h -+++ b/include/linux/module.h -@@ -408,6 +408,11 @@ static inline int within_module_init(uns - addr < (unsigned long)mod->module_init + mod->init_size; - } - -+static inline int within_module(unsigned long addr, const struct module *mod) -+{ -+ return within_module_init(addr, mod) || within_module_core(addr, mod); -+} -+ - /* Search for module by name: must hold module_mutex. */ - struct module *find_module(const char *name); - ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -3489,8 +3489,7 @@ const char *module_address_lookup(unsign - list_for_each_entry_rcu(mod, &modules, list) { - if (mod->state == MODULE_STATE_UNFORMED) - continue; -- if (within_module_init(addr, mod) || -- within_module_core(addr, mod)) { -+ if (within_module(addr, mod)) { - if (modname) - *modname = mod->name; - ret = get_ksymbol(mod, addr, size, offset); -@@ -3514,8 +3513,7 @@ int lookup_module_symbol_name(unsigned l - list_for_each_entry_rcu(mod, &modules, list) { - if (mod->state == MODULE_STATE_UNFORMED) - continue; -- if (within_module_init(addr, mod) || -- within_module_core(addr, mod)) { -+ if (within_module(addr, mod)) { - const char *sym; - - sym = get_ksymbol(mod, addr, NULL, NULL); -@@ -3540,8 +3538,7 @@ int lookup_module_symbol_attrs(unsigned - list_for_each_entry_rcu(mod, &modules, list) { - if (mod->state == MODULE_STATE_UNFORMED) - continue; -- if (within_module_init(addr, mod) || -- within_module_core(addr, mod)) { -+ if (within_module(addr, mod)) { - const char *sym; - - sym = get_ksymbol(mod, addr, size, offset); -@@ -3804,8 +3801,7 @@ struct module *__module_address(unsigned - list_for_each_entry_rcu(mod, &modules, list) { - if (mod->state == MODULE_STATE_UNFORMED) - continue; -- if (within_module_core(addr, mod) -- || within_module_init(addr, mod)) -+ if (within_module(addr, mod)) - return mod; - } - return NULL; diff --git a/queue-3.16/module-jump_label-fix-module-locking.patch b/queue-3.16/module-jump_label-fix-module-locking.patch deleted file mode 100644 index bb7d4b10..00000000 --- a/queue-3.16/module-jump_label-fix-module-locking.patch +++ /dev/null @@ -1,78 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Wed, 27 May 2015 11:09:35 +0930 -Subject: module, jump_label: Fix module locking - -commit bed831f9a251968272dae10a83b512c7db256ef0 upstream. - -As per the module core lockdep annotations in the coming patch: - -[ 18.034047] ---[ end trace 9294429076a9c673 ]--- -[ 18.047760] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013 -[ 18.059228] ffffffff817d8676 ffff880036683c38 ffffffff8157e98b 0000000000000001 -[ 18.067541] 0000000000000000 ffff880036683c78 ffffffff8105fbc7 ffff880036683c68 -[ 18.075851] ffffffffa0046b08 0000000000000000 ffffffffa0046d00 ffffffffa0046cc8 -[ 18.084173] Call Trace: -[ 18.086906] [<ffffffff8157e98b>] dump_stack+0x4f/0x7b -[ 18.092649] [<ffffffff8105fbc7>] warn_slowpath_common+0x97/0xe0 -[ 18.099361] [<ffffffff8105fc2a>] warn_slowpath_null+0x1a/0x20 -[ 18.105880] [<ffffffff810ee502>] __module_address+0x1d2/0x1e0 -[ 18.112400] [<ffffffff81161153>] jump_label_module_notify+0x143/0x1e0 -[ 18.119710] [<ffffffff810814bf>] notifier_call_chain+0x4f/0x70 -[ 18.126326] [<ffffffff8108160e>] __blocking_notifier_call_chain+0x5e/0x90 -[ 18.134009] [<ffffffff81081656>] blocking_notifier_call_chain+0x16/0x20 -[ 18.141490] [<ffffffff810f0f00>] load_module+0x1b50/0x2660 -[ 18.147720] [<ffffffff810f1ade>] SyS_init_module+0xce/0x100 -[ 18.154045] [<ffffffff81587429>] system_call_fastpath+0x12/0x17 -[ 18.160748] ---[ end trace 9294429076a9c674 ]--- - -Jump labels is not doing it right; fix this. - -Cc: Rusty Russell <rusty@rustcorp.com.au> -Cc: Jason Baron <jbaron@akamai.com> -Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - kernel/jump_label.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - ---- a/kernel/jump_label.c -+++ b/kernel/jump_label.c -@@ -309,7 +309,7 @@ static int jump_label_add_module(struct - continue; - - key = iterk; -- if (__module_address(iter->key) == mod) { -+ if (within_module(iter->key, mod)) { - /* - * Set key->entries to iter, but preserve JUMP_LABEL_TRUE_BRANCH. - */ -@@ -346,7 +346,7 @@ static void jump_label_del_module(struct - - key = (struct static_key *)(unsigned long)iter->key; - -- if (__module_address(iter->key) == mod) -+ if (within_module(iter->key, mod)) - continue; - - prev = &key->next; -@@ -450,14 +450,16 @@ static void jump_label_update(struct sta - { - struct jump_entry *stop = __stop___jump_table; - struct jump_entry *entry = jump_label_get_entries(key); -- - #ifdef CONFIG_MODULES -- struct module *mod = __module_address((unsigned long)key); -+ struct module *mod; - - __jump_label_mod_update(key, enable); - -+ preempt_disable(); -+ mod = __module_address((unsigned long)key); - if (mod) - stop = mod->jump_entries + mod->num_jump_entries; -+ preempt_enable(); - #endif - /* if there are no users, entry can be NULL */ - if (entry) diff --git a/queue-3.16/s390-jump-label-add-sanity-checks.patch b/queue-3.16/s390-jump-label-add-sanity-checks.patch deleted file mode 100644 index 2429a8d1..00000000 --- a/queue-3.16/s390-jump-label-add-sanity-checks.patch +++ /dev/null @@ -1,101 +0,0 @@ -From: Heiko Carstens <heiko.carstens@de.ibm.com> -Date: Thu, 29 Jan 2015 13:45:35 +0100 -Subject: s390/jump label: add sanity checks - -commit 5c6497c50f8d809eac6d01512c291a1f67382abd upstream. - -Add sanity checks to verify that only expected code will be replaced. -If the code patterns do not match print the code patterns and panic, -since something went terribly wrong. - -Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> -Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/s390/kernel/jump_label.c | 56 ++++++++++++++++++++++++++--------- - 1 file changed, 42 insertions(+), 14 deletions(-) - ---- a/arch/s390/kernel/jump_label.c -+++ b/arch/s390/kernel/jump_label.c -@@ -22,31 +22,59 @@ struct insn_args { - enum jump_label_type type; - }; - -+static void jump_label_make_nop(struct jump_entry *entry, struct insn *insn) -+{ -+ /* brcl 0,0 */ -+ insn->opcode = 0xc004; -+ insn->offset = 0; -+} -+ -+static void jump_label_make_branch(struct jump_entry *entry, struct insn *insn) -+{ -+ /* brcl 15,offset */ -+ insn->opcode = 0xc0f4; -+ insn->offset = (entry->target - entry->code) >> 1; -+} -+ -+static void jump_label_bug(struct jump_entry *entry, struct insn *insn) -+{ -+ unsigned char *ipc = (unsigned char *)entry->code; -+ unsigned char *ipe = (unsigned char *)insn; -+ -+ pr_emerg("Jump label code mismatch at %pS [%p]\n", ipc, ipc); -+ pr_emerg("Found: %02x %02x %02x %02x %02x %02x\n", -+ ipc[0], ipc[1], ipc[2], ipc[3], ipc[4], ipc[5]); -+ pr_emerg("Expected: %02x %02x %02x %02x %02x %02x\n", -+ ipe[0], ipe[1], ipe[2], ipe[3], ipe[4], ipe[5]); -+ panic("Corrupted kernel text"); -+} -+ - static void __jump_label_transform(struct jump_entry *entry, -- enum jump_label_type type) -+ enum jump_label_type type, -+ int init) - { -- struct insn insn; -- int rc; -+ struct insn old, new; - - if (type == JUMP_LABEL_ENABLE) { -- /* brcl 15,offset */ -- insn.opcode = 0xc0f4; -- insn.offset = (entry->target - entry->code) >> 1; -+ jump_label_make_nop(entry, &old); -+ jump_label_make_branch(entry, &new); - } else { -- /* brcl 0,0 */ -- insn.opcode = 0xc004; -- insn.offset = 0; -+ if (init) -+ jump_label_make_nop(entry, &old); -+ else -+ jump_label_make_branch(entry, &old); -+ jump_label_make_nop(entry, &new); - } -- -- rc = probe_kernel_write((void *)entry->code, &insn, JUMP_LABEL_NOP_SIZE); -- WARN_ON_ONCE(rc < 0); -+ if (memcmp((void *)entry->code, &old, sizeof(old))) -+ jump_label_bug(entry, &old); -+ probe_kernel_write((void *)entry->code, &new, sizeof(new)); - } - - static int __sm_arch_jump_label_transform(void *data) - { - struct insn_args *args = data; - -- __jump_label_transform(args->entry, args->type); -+ __jump_label_transform(args->entry, args->type, 0); - return 0; - } - -@@ -64,7 +92,7 @@ void arch_jump_label_transform(struct ju - void arch_jump_label_transform_static(struct jump_entry *entry, - enum jump_label_type type) - { -- __jump_label_transform(entry, type); -+ __jump_label_transform(entry, type, 1); - } - - #endif diff --git a/queue-3.16/s390-jump-label-use-different-nop-instruction.patch b/queue-3.16/s390-jump-label-use-different-nop-instruction.patch deleted file mode 100644 index 54ca1d9c..00000000 --- a/queue-3.16/s390-jump-label-use-different-nop-instruction.patch +++ /dev/null @@ -1,82 +0,0 @@ -From: Heiko Carstens <heiko.carstens@de.ibm.com> -Date: Thu, 29 Jan 2015 14:10:22 +0100 -Subject: s390/jump label: use different nop instruction - -commit d5caa4dbf9bd2ad8cd7f6be0ca76722be947182b upstream. - -Use a brcl 0,2 instruction for jump label nops during compile time, -so we don't mix up the different nops during mcount/hotpatch call -site detection. -The initial jump label code instruction replacement will exchange -these instructions with either a branch or a brcl 0,0 instruction. - -Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> -Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/s390/include/asm/jump_label.h | 7 ++++++- - arch/s390/kernel/jump_label.c | 19 +++++++++++++------ - 2 files changed, 19 insertions(+), 7 deletions(-) - ---- a/arch/s390/include/asm/jump_label.h -+++ b/arch/s390/include/asm/jump_label.h -@@ -4,6 +4,7 @@ - #include <linux/types.h> - - #define JUMP_LABEL_NOP_SIZE 6 -+#define JUMP_LABEL_NOP_OFFSET 2 - - #ifdef CONFIG_64BIT - #define ASM_PTR ".quad" -@@ -13,9 +14,13 @@ - #define ASM_ALIGN ".balign 4" - #endif - -+/* -+ * We use a brcl 0,2 instruction for jump labels at compile time so it -+ * can be easily distinguished from a hotpatch generated instruction. -+ */ - static __always_inline bool arch_static_branch(struct static_key *key) - { -- asm_volatile_goto("0: brcl 0,0\n" -+ asm_volatile_goto("0: brcl 0,"__stringify(JUMP_LABEL_NOP_OFFSET)"\n" - ".pushsection __jump_table, \"aw\"\n" - ASM_ALIGN "\n" - ASM_PTR " 0b, %l[label], %0\n" ---- a/arch/s390/kernel/jump_label.c -+++ b/arch/s390/kernel/jump_label.c -@@ -49,6 +49,11 @@ static void jump_label_bug(struct jump_e - panic("Corrupted kernel text"); - } - -+static struct insn orignop = { -+ .opcode = 0xc004, -+ .offset = JUMP_LABEL_NOP_OFFSET >> 1, -+}; -+ - static void __jump_label_transform(struct jump_entry *entry, - enum jump_label_type type, - int init) -@@ -59,14 +64,16 @@ static void __jump_label_transform(struc - jump_label_make_nop(entry, &old); - jump_label_make_branch(entry, &new); - } else { -- if (init) -- jump_label_make_nop(entry, &old); -- else -- jump_label_make_branch(entry, &old); -+ jump_label_make_branch(entry, &old); - jump_label_make_nop(entry, &new); - } -- if (memcmp((void *)entry->code, &old, sizeof(old))) -- jump_label_bug(entry, &old); -+ if (init) { -+ if (memcmp((void *)entry->code, &orignop, sizeof(orignop))) -+ jump_label_bug(entry, &old); -+ } else { -+ if (memcmp((void *)entry->code, &old, sizeof(old))) -+ jump_label_bug(entry, &old); -+ } - probe_kernel_write((void *)entry->code, &new, sizeof(new)); - } - diff --git a/queue-3.16/sched-add-sched_smt_active.patch b/queue-3.16/sched-add-sched_smt_active.patch deleted file mode 100644 index 391dd79c..00000000 --- a/queue-3.16/sched-add-sched_smt_active.patch +++ /dev/null @@ -1,97 +0,0 @@ -From: Ben Hutchings <ben@decadent.org.uk> -Date: Fri, 10 May 2019 00:46:25 +0100 -Subject: sched: Add sched_smt_active() - -Add the sched_smt_active() function needed for some x86 speculation -mitigations. This was introduced upstream by commits 1b568f0aabf2 -"sched/core: Optimize SCHED_SMT", ba2591a5993e "sched/smt: Update -sched_smt_present at runtime", c5511d03ec09 "sched/smt: Make -sched_smt_present track topology", and 321a874a7ef8 "sched/smt: Expose -sched_smt_present static key". The upstream implementation uses the -static_key_{disable,enable}_cpuslocked() functions, which aren't -practical to backport. - -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> ---- - include/linux/sched/smt.h | 18 ++++++++++++++++++ - kernel/sched/core.c | 19 +++++++++++++++++++ - kernel/sched/sched.h | 1 + - 3 files changed, 38 insertions(+) - ---- /dev/null -+++ b/include/linux/sched/smt.h -@@ -0,0 +1,18 @@ -+/* SPDX-License-Identifier: GPL-2.0 */ -+#ifndef _LINUX_SCHED_SMT_H -+#define _LINUX_SCHED_SMT_H -+ -+#include <linux/atomic.h> -+ -+#ifdef CONFIG_SCHED_SMT -+extern atomic_t sched_smt_present; -+ -+static __always_inline bool sched_smt_active(void) -+{ -+ return atomic_read(&sched_smt_present); -+} -+#else -+static inline bool sched_smt_active(void) { return false; } -+#endif -+ -+#endif ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -5210,6 +5210,10 @@ static void __cpuinit set_cpu_rq_start_t - rq->age_stamp = sched_clock_cpu(cpu); - } - -+#ifdef CONFIG_SCHED_SMT -+atomic_t sched_smt_present = ATOMIC_INIT(0); -+#endif -+ - static int sched_cpu_active(struct notifier_block *nfb, - unsigned long action, void *hcpu) - { -@@ -5226,6 +5230,13 @@ static int sched_cpu_active(struct notif - * Thus, fall-through and help the starting CPU along. - */ - case CPU_DOWN_FAILED: -+#ifdef CONFIG_SCHED_SMT -+ /* -+ * When going up, increment the number of cores with SMT present. -+ */ -+ if (cpumask_weight(cpu_smt_mask((long)hcpu)) == 2) -+ atomic_inc(&sched_smt_present); -+#endif - set_cpu_active((long)hcpu, true); - return NOTIFY_OK; - default: -@@ -5243,6 +5254,14 @@ static int sched_cpu_inactive(struct not - case CPU_DOWN_PREPARE: - set_cpu_active(cpu, false); - -+#ifdef CONFIG_SCHED_SMT -+ /* -+ * When going down, decrement the number of cores with SMT present. -+ */ -+ if (cpumask_weight(cpu_smt_mask(cpu)) == 2) -+ atomic_dec(&sched_smt_present); -+#endif -+ - /* explicitly allow suspend */ - if (!(action & CPU_TASKS_FROZEN)) { - struct dl_bw *dl_b = dl_bw_of(cpu); ---- a/kernel/sched/sched.h -+++ b/kernel/sched/sched.h -@@ -2,6 +2,7 @@ - #include <linux/sched.h> - #include <linux/sched/sysctl.h> - #include <linux/sched/rt.h> -+#include <linux/sched/smt.h> - #include <linux/sched/deadline.h> - #include <linux/mutex.h> - #include <linux/spinlock.h> diff --git a/queue-3.16/series b/queue-3.16/series deleted file mode 100644 index 7a55cbbd..00000000 --- a/queue-3.16/series +++ /dev/null @@ -1,86 +0,0 @@ -x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch -module-add-within_module-function.patch -jump_label-fix-small-typos-in-the-documentation.patch -mips-jump_label.c-correct-the-span-of-the-j-instruction.patch -mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch -s390-jump-label-add-sanity-checks.patch -s390-jump-label-use-different-nop-instruction.patch -jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch -jump_label-allow-jump-labels-to-be-used-in-assembly.patch -module-jump_label-fix-module-locking.patch -jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch -jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch -jump_label-add-jump_entry_key-helper.patch -locking-static_keys-rework-update-logic.patch -locking-static_keys-add-a-new-static_key-interface.patch -jump-label-locking-static_keys-update-docs.patch -jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch -locking-static_keys-fix-a-silly-typo.patch -locking-static_keys-fix-up-the-static-keys-documentation.patch -jump_label-make-static_key_enabled-work-on-static_key_true-false.patch -x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch -x86-asm-add-asm-macros-for-static-keys-jump-labels.patch -x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch -x86-cpufeature-carve-out-x86_feature_.patch -locking-static_key-fix-concurrent-static_key_slow_inc.patch -locking-static_keys-provide-declare-and-well-as-define-macros.patch -x86-speculation-support-enhanced-ibrs-on-future-cpus.patch -x86-speculation-simplify-the-cpu-bug-detection-logic.patch -x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch -x86-cpu-sanitize-fam6_atom-naming.patch -x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch -x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch -x86-speculation-propagate-information-about-rsb-filling-mitigation.patch -x86-speculation-update-the-tif_ssbd-comment.patch -x86-speculation-clean-up-spectre_v2_parse_cmdline.patch -x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch -x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch -x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch -x86-speculation-rename-ssbd-update-functions.patch -x86-speculation-reorganize-speculation-control-msrs-update.patch -x86-kconfig-select-sched_smt-if-smp-enabled.patch -sched-add-sched_smt_active.patch -x86-speculation-rework-smt-state-change.patch -x86-speculation-reorder-the-spec_v2-code.patch -x86-speculation-mark-string-arrays-const-correctly.patch -x86-speculataion-mark-command-line-parser-data-__initdata.patch -x86-speculation-unify-conditional-spectre-v2-print-functions.patch -x86-speculation-add-command-line-control-for-indirect-branch.patch -x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch -x86-process-consolidate-and-simplify-switch_to_xtra-code.patch -x86-speculation-avoid-__switch_to_xtra-calls.patch -x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch -x86-speculation-split-out-tif-update.patch -x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch -x86-speculation-prevent-stale-spec_ctrl-msr-content.patch -x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch -x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch -x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch -x86-speculation-provide-ibpb-always-command-line-options.patch -kvm-x86-report-stibp-on-get_supported_cpuid.patch -x86-msr-index-cleanup-bit-defines.patch -x86-speculation-consolidate-cpu-whitelists.patch -x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch -x86-speculation-mds-add-bug_msbds_only.patch -x86-kvm-expose-x86_feature_md_clear-to-guests.patch -x86-speculation-mds-add-mds_clear_cpu_buffers.patch -x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch -x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch -x86-speculation-mds-add-mitigation-control-for-mds.patch -x86-speculation-l1tf-document-l1tf-in-sysfs.patch -x86-speculation-mds-add-sysfs-reporting-for-mds.patch -x86-speculation-mds-add-mitigation-mode-vmwerv.patch -documentation-move-l1tf-to-separate-directory.patch -documentation-add-mds-vulnerability-documentation.patch -x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch -x86-speculation-mds-add-smt-warning-message.patch -x86-speculation-mds-fix-comment.patch -x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch -cpu-speculation-add-mitigations-cmdline-option.patch -x86-speculation-support-mitigations-cmdline-option.patch -x86-speculation-mds-add-mitigations-support-for-mds.patch -x86-mds-add-mdsum-variant-to-the-mds-documentation.patch -documentation-correct-the-possible-mds-sysfs-values.patch -x86-speculation-mds-fix-documentation-typo.patch -x86-cpu-bugs-use-__initconst-for-const-init-data.patch -x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch diff --git a/queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch b/queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch deleted file mode 100644 index 3c354cae..00000000 --- a/queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch +++ /dev/null @@ -1,109 +0,0 @@ -From: Andy Lutomirski <luto@kernel.org> -Date: Thu, 12 Nov 2015 12:59:03 -0800 -Subject: x86/asm: Add asm macros for static keys/jump labels - -commit 2671c3e4fe2a34bd9bf2eecdf5d1149d4b55dbdf upstream. - -Unfortunately, we can only do this if HAVE_JUMP_LABEL. In -principle, we could do some serious surgery on the core jump -label infrastructure to keep the patch infrastructure available -on x86 on all builds, but that's probably not worth it. - -Implementing the macros using a conditional branch as a fallback -seems like a bad idea: we'd have to clobber flags. - -This limitation can't cause silent failures -- trying to include -asm/jump_label.h at all on a non-HAVE_JUMP_LABEL kernel will -error out. The macro's users are responsible for handling this -issue themselves. - -Signed-off-by: Andy Lutomirski <luto@kernel.org> -Reviewed-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@amacapital.net> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Frederic Weisbecker <fweisbec@gmail.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Link: http://lkml.kernel.org/r/63aa45c4b692e8469e1876d6ccbb5da707972990.1447361906.git.luto@kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/jump_label.h | 52 ++++++++++++++++++++++++++----- - 1 file changed, 44 insertions(+), 8 deletions(-) - ---- a/arch/x86/include/asm/jump_label.h -+++ b/arch/x86/include/asm/jump_label.h -@@ -14,13 +14,6 @@ - #error asm/jump_label.h included on a non-jump-label kernel - #endif - --#ifndef __ASSEMBLY__ -- --#include <linux/stringify.h> --#include <linux/types.h> --#include <asm/nops.h> --#include <asm/asm.h> -- - #define JUMP_LABEL_NOP_SIZE 5 - - #ifdef CONFIG_X86_64 -@@ -29,6 +22,14 @@ - # define STATIC_KEY_INIT_NOP GENERIC_NOP5_ATOMIC - #endif - -+#include <asm/asm.h> -+#include <asm/nops.h> -+ -+#ifndef __ASSEMBLY__ -+ -+#include <linux/stringify.h> -+#include <linux/types.h> -+ - static __always_inline bool arch_static_branch(struct static_key *key, bool branch) - { - asm_volatile_goto("1:" -@@ -72,5 +73,40 @@ struct jump_entry { - jump_label_t key; - }; - --#endif /* __ASSEMBLY__ */ -+#else /* __ASSEMBLY__ */ -+ -+.macro STATIC_JUMP_IF_TRUE target, key, def -+.Lstatic_jump_\@: -+ .if \def -+ /* Equivalent to "jmp.d32 \target" */ -+ .byte 0xe9 -+ .long \target - .Lstatic_jump_after_\@ -+.Lstatic_jump_after_\@: -+ .else -+ .byte STATIC_KEY_INIT_NOP -+ .endif -+ .pushsection __jump_table, "aw" -+ _ASM_ALIGN -+ _ASM_PTR .Lstatic_jump_\@, \target, \key -+ .popsection -+.endm -+ -+.macro STATIC_JUMP_IF_FALSE target, key, def -+.Lstatic_jump_\@: -+ .if \def -+ .byte STATIC_KEY_INIT_NOP -+ .else -+ /* Equivalent to "jmp.d32 \target" */ -+ .byte 0xe9 -+ .long \target - .Lstatic_jump_after_\@ -+.Lstatic_jump_after_\@: -+ .endif -+ .pushsection __jump_table, "aw" -+ _ASM_ALIGN -+ _ASM_PTR .Lstatic_jump_\@, \target, \key + 1 -+ .popsection -+.endm -+ -+#endif /* __ASSEMBLY__ */ -+ - #endif diff --git a/queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch b/queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch deleted file mode 100644 index 35ec4f43..00000000 --- a/queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Andy Lutomirski <luto@kernel.org> -Date: Thu, 12 Nov 2015 12:59:02 -0800 -Subject: x86/asm: Error out if asm/jump_label.h is included inappropriately - -commit c28454332fe0b65e22c3a2717e5bf05b5b47ca20 upstream. - -Rather than potentially generating incorrect code on a -non-HAVE_JUMP_LABEL kernel if someone includes asm/jump_label.h, -error out. - -Signed-off-by: Andy Lutomirski <luto@kernel.org> -Reviewed-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@amacapital.net> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Frederic Weisbecker <fweisbec@gmail.com> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Link: http://lkml.kernel.org/r/99407f0ac7fa3ab03a3d31ce076d47b5c2f44795.1447361906.git.luto@kernel.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/jump_label.h | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - ---- a/arch/x86/include/asm/jump_label.h -+++ b/arch/x86/include/asm/jump_label.h -@@ -1,6 +1,19 @@ - #ifndef _ASM_X86_JUMP_LABEL_H - #define _ASM_X86_JUMP_LABEL_H - -+#ifndef HAVE_JUMP_LABEL -+/* -+ * For better or for worse, if jump labels (the gcc extension) are missing, -+ * then the entire static branch patching infrastructure is compiled out. -+ * If that happens, the code in here will malfunction. Raise a compiler -+ * error instead. -+ * -+ * In theory, jump labels and the static branch patching infrastructure -+ * could be decoupled to fix this. -+ */ -+#error asm/jump_label.h included on a non-jump-label kernel -+#endif -+ - #ifndef __ASSEMBLY__ - - #include <linux/stringify.h> diff --git a/queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch b/queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch deleted file mode 100644 index a0035b44..00000000 --- a/queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Ben Hutchings <ben@decadent.org.uk> -Date: Tue, 14 May 2019 13:46:46 +0100 -Subject: x86/bugs: Change L1TF mitigation string to match upstream - -Commit 72c6d2db64fa "x86/litf: Introduce vmx status variable" upstream -changed "Page Table Inversion" to "PTE Inversion". That was part of -the implementation of additional mitigations for VMX which haven't -been applied to this branch. Just change this string to be consistent -and match documentation. - -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -1225,7 +1225,7 @@ static ssize_t cpu_show_common(struct de - - case X86_BUG_L1TF: - if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV)) -- return sprintf(buf, "Mitigation: Page Table Inversion\n"); -+ return sprintf(buf, "Mitigation: PTE Inversion\n"); - break; - - case X86_BUG_MDS: diff --git a/queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch b/queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch deleted file mode 100644 index 776d4156..00000000 --- a/queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Andi Kleen <ak@linux.intel.com> -Date: Fri, 29 Mar 2019 17:47:43 -0700 -Subject: x86/cpu/bugs: Use __initconst for 'const' init data - -commit 1de7edbb59c8f1b46071f66c5c97b8a59569eb51 upstream. - -Some of the recently added const tables use __initdata which causes section -attribute conflicts. - -Use __initconst instead. - -Fixes: fa1202ef2243 ("x86/speculation: Add command line control") -Signed-off-by: Andi Kleen <ak@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Link: https://lkml.kernel.org/r/20190330004743.29541-9-andi@firstfloor.org -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -383,7 +383,7 @@ static const struct { - const char *option; - enum spectre_v2_user_cmd cmd; - bool secure; --} v2_user_options[] __initdata = { -+} v2_user_options[] __initconst = { - { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, - { "off", SPECTRE_V2_USER_CMD_NONE, false }, - { "on", SPECTRE_V2_USER_CMD_FORCE, true }, -@@ -519,7 +519,7 @@ static const struct { - const char *option; - enum spectre_v2_mitigation_cmd cmd; - bool secure; --} mitigation_options[] __initdata = { -+} mitigation_options[] __initconst = { - { "off", SPECTRE_V2_CMD_NONE, false }, - { "on", SPECTRE_V2_CMD_FORCE, true }, - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, -@@ -796,7 +796,7 @@ static const char * const ssb_strings[] - static const struct { - const char *option; - enum ssb_mitigation_cmd cmd; --} ssb_mitigation_options[] __initdata = { -+} ssb_mitigation_options[] __initconst = { - { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ - { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ - { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ diff --git a/queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch b/queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch deleted file mode 100644 index 24bf6b5d..00000000 --- a/queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch +++ /dev/null @@ -1,142 +0,0 @@ -From: Peter Zijlstra <peterz@infradead.org> -Date: Tue, 7 Aug 2018 10:17:27 -0700 -Subject: x86/cpu: Sanitize FAM6_ATOM naming - -commit f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e upstream. - -Going primarily by: - - https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors - -with additional information gleaned from other related pages; notably: - - - Bonnell shrink was called Saltwell - - Moorefield is the Merriefield refresh which makes it Airmont - -The general naming scheme is: FAM6_ATOM_UARCH_SOCTYPE - - for i in `git grep -l FAM6_ATOM` ; do - sed -i -e 's/ATOM_PINEVIEW/ATOM_BONNELL/g' \ - -e 's/ATOM_LINCROFT/ATOM_BONNELL_MID/' \ - -e 's/ATOM_PENWELL/ATOM_SALTWELL_MID/g' \ - -e 's/ATOM_CLOVERVIEW/ATOM_SALTWELL_TABLET/g' \ - -e 's/ATOM_CEDARVIEW/ATOM_SALTWELL/g' \ - -e 's/ATOM_SILVERMONT1/ATOM_SILVERMONT/g' \ - -e 's/ATOM_SILVERMONT2/ATOM_SILVERMONT_X/g' \ - -e 's/ATOM_MERRIFIELD/ATOM_SILVERMONT_MID/g' \ - -e 's/ATOM_MOOREFIELD/ATOM_AIRMONT_MID/g' \ - -e 's/ATOM_DENVERTON/ATOM_GOLDMONT_X/g' \ - -e 's/ATOM_GEMINI_LAKE/ATOM_GOLDMONT_PLUS/g' ${i} - done - -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> -Cc: Arnaldo Carvalho de Melo <acme@redhat.com> -Cc: Jiri Olsa <jolsa@redhat.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Stephane Eranian <eranian@google.com> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Vince Weaver <vincent.weaver@maine.edu> -Cc: dave.hansen@linux.intel.com -Cc: len.brown@intel.com -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -[bwh: Backported to 3.16: - - Drop changes to CPU IDs that weren't already included - - Adjust filenames, context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/include/asm/intel-family.h -+++ b/arch/x86/include/asm/intel-family.h -@@ -50,19 +50,23 @@ - - /* "Small Core" Processors (Atom) */ - --#define INTEL_FAM6_ATOM_PINEVIEW 0x1C --#define INTEL_FAM6_ATOM_LINCROFT 0x26 --#define INTEL_FAM6_ATOM_PENWELL 0x27 --#define INTEL_FAM6_ATOM_CLOVERVIEW 0x35 --#define INTEL_FAM6_ATOM_CEDARVIEW 0x36 --#define INTEL_FAM6_ATOM_SILVERMONT1 0x37 /* BayTrail/BYT / Valleyview */ --#define INTEL_FAM6_ATOM_SILVERMONT2 0x4D /* Avaton/Rangely */ --#define INTEL_FAM6_ATOM_AIRMONT 0x4C /* CherryTrail / Braswell */ --#define INTEL_FAM6_ATOM_MERRIFIELD 0x4A /* Tangier */ --#define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Anniedale */ --#define INTEL_FAM6_ATOM_GOLDMONT 0x5C --#define INTEL_FAM6_ATOM_DENVERTON 0x5F /* Goldmont Microserver */ --#define INTEL_FAM6_ATOM_GEMINI_LAKE 0x7A -+#define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */ -+#define INTEL_FAM6_ATOM_BONNELL_MID 0x26 /* Silverthorne, Lincroft */ -+ -+#define INTEL_FAM6_ATOM_SALTWELL 0x36 /* Cedarview */ -+#define INTEL_FAM6_ATOM_SALTWELL_MID 0x27 /* Penwell */ -+#define INTEL_FAM6_ATOM_SALTWELL_TABLET 0x35 /* Cloverview */ -+ -+#define INTEL_FAM6_ATOM_SILVERMONT 0x37 /* Bay Trail, Valleyview */ -+#define INTEL_FAM6_ATOM_SILVERMONT_X 0x4D /* Avaton, Rangely */ -+#define INTEL_FAM6_ATOM_SILVERMONT_MID 0x4A /* Merriefield */ -+ -+#define INTEL_FAM6_ATOM_AIRMONT 0x4C /* Cherry Trail, Braswell */ -+#define INTEL_FAM6_ATOM_AIRMONT_MID 0x5A /* Moorefield */ -+ -+#define INTEL_FAM6_ATOM_GOLDMONT 0x5C /* Apollo Lake */ -+#define INTEL_FAM6_ATOM_GOLDMONT_X 0x5F /* Denverton */ -+#define INTEL_FAM6_ATOM_GOLDMONT_PLUS 0x7A /* Gemini Lake */ - - /* Xeon Phi */ - ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -808,11 +808,11 @@ static void identify_cpu_without_cpuid(s - } - - static const __initconst struct x86_cpu_id cpu_no_speculation[] = { -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL, X86_FEATURE_ANY }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_TABLET, X86_FEATURE_ANY }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL_MID, X86_FEATURE_ANY }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_MID, X86_FEATURE_ANY }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL, X86_FEATURE_ANY }, - { X86_VENDOR_CENTAUR, 5 }, - { X86_VENDOR_INTEL, 5 }, - { X86_VENDOR_NSC, 5 }, -@@ -827,10 +827,10 @@ static const __initconst struct x86_cpu_ - - /* Only list CPUs which speculate but are non susceptible to SSB */ - static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = { -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, -@@ -843,14 +843,14 @@ static const __initconst struct x86_cpu_ - - static const __initconst struct x86_cpu_id cpu_no_l1tf[] = { - /* in addition to cpu_no_speculation */ -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MOOREFIELD }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT_MID }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_DENVERTON }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GEMINI_LAKE }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_X }, -+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_PLUS }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, - {} diff --git a/queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch b/queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch deleted file mode 100644 index ad4930ac..00000000 --- a/queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch +++ /dev/null @@ -1,142 +0,0 @@ -From: Borislav Petkov <bp@suse.de> -Date: Tue, 24 Jun 2014 13:25:03 +0200 -Subject: x86/cpufeature: Add bug flags to /proc/cpuinfo - -commit 80a208bd3948aceddf0429bd9f9b4cd858d526df upstream. - -Dump the flags which denote we have detected and/or have applied bug -workarounds to the CPU we're executing on, in a similar manner to the -feature flags. - -The advantage is that those are not accumulating over time like the CPU -features. - -Signed-off-by: Borislav Petkov <bp@suse.de> -Link: http://lkml.kernel.org/r/1403609105-8332-2-git-send-email-bp@alien8.de -Signed-off-by: H. Peter Anvin <hpa@zytor.com> -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/cpufeature.h | 10 ++++-- - arch/x86/kernel/cpu/mkcapflags.sh | 51 ++++++++++++++++++++++--------- - arch/x86/kernel/cpu/proc.c | 8 +++++ - 3 files changed, 53 insertions(+), 16 deletions(-) - ---- a/arch/x86/include/asm/cpufeature.h -+++ b/arch/x86/include/asm/cpufeature.h -@@ -268,8 +268,8 @@ - #define X86_BUG_F00F X86_BUG(0) /* Intel F00F */ - #define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */ - #define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */ --#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* AMD Erratum 383 */ --#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* AMD Erratum 400 */ -+#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */ -+#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */ - #define X86_BUG_CPU_MELTDOWN X86_BUG(5) /* CPU is affected by meltdown attack and needs kernel page table isolation */ - #define X86_BUG_SPECTRE_V1 X86_BUG(6) /* CPU is affected by Spectre variant 1 attack with conditional branches */ - #define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */ -@@ -284,6 +284,12 @@ - extern const char * const x86_cap_flags[NCAPINTS*32]; - extern const char * const x86_power_flags[32]; - -+/* -+ * In order to save room, we index into this array by doing -+ * X86_BUG_<name> - NCAPINTS*32. -+ */ -+extern const char * const x86_bug_flags[NBUGINTS*32]; -+ - #define test_cpu_cap(c, bit) \ - test_bit(bit, (unsigned long *)((c)->x86_capability)) - ---- a/arch/x86/kernel/cpu/mkcapflags.sh -+++ b/arch/x86/kernel/cpu/mkcapflags.sh -@@ -1,23 +1,25 @@ - #!/bin/sh - # --# Generate the x86_cap_flags[] array from include/asm/cpufeature.h -+# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeature.h - # - - IN=$1 - OUT=$2 - --TABS="$(printf '\t\t\t\t\t')" --trap 'rm "$OUT"' EXIT -+function dump_array() -+{ -+ ARRAY=$1 -+ SIZE=$2 -+ PFX=$3 -+ POSTFIX=$4 - --( -- echo "#ifndef _ASM_X86_CPUFEATURE_H" -- echo "#include <asm/cpufeature.h>" -- echo "#endif" -- echo "" -- echo "const char * const x86_cap_flags[NCAPINTS*32] = {" -+ PFX_SZ=$(echo $PFX | wc -c) -+ TABS="$(printf '\t\t\t\t\t')" -+ -+ echo "const char * const $ARRAY[$SIZE] = {" - -- # Iterate through any input lines starting with #define X86_FEATURE_ -- sed -n -e 's/\t/ /g' -e 's/^ *# *define *X86_FEATURE_//p' $IN | -+ # Iterate through any input lines starting with #define $PFX -+ sed -n -e 's/\t/ /g' -e "s/^ *# *define *$PFX//p" $IN | - while read i - do - # Name is everything up to the first whitespace -@@ -31,11 +33,32 @@ trap 'rm "$OUT"' EXIT - # Name is uppercase, VALUE is all lowercase - VALUE="$(echo "$VALUE" | tr A-Z a-z)" - -- TABCOUNT=$(( ( 5*8 - 14 - $(echo "$NAME" | wc -c) ) / 8 )) -- printf "\t[%s]%.*s = %s,\n" \ -- "X86_FEATURE_$NAME" "$TABCOUNT" "$TABS" "$VALUE" -+ if [ -n "$POSTFIX" ]; then -+ T=$(( $PFX_SZ + $(echo $POSTFIX | wc -c) + 2 )) -+ TABS="$(printf '\t\t\t\t\t\t')" -+ TABCOUNT=$(( ( 6*8 - ($T + 1) - $(echo "$NAME" | wc -c) ) / 8 )) -+ printf "\t[%s - %s]%.*s = %s,\n" "$PFX$NAME" "$POSTFIX" "$TABCOUNT" "$TABS" "$VALUE" -+ else -+ TABCOUNT=$(( ( 5*8 - ($PFX_SZ + 1) - $(echo "$NAME" | wc -c) ) / 8 )) -+ printf "\t[%s]%.*s = %s,\n" "$PFX$NAME" "$TABCOUNT" "$TABS" "$VALUE" -+ fi - done - echo "};" -+} -+ -+trap 'rm "$OUT"' EXIT -+ -+( -+ echo "#ifndef _ASM_X86_CPUFEATURE_H" -+ echo "#include <asm/cpufeature.h>" -+ echo "#endif" -+ echo "" -+ -+ dump_array "x86_cap_flags" "NCAPINTS*32" "X86_FEATURE_" "" -+ echo "" -+ -+ dump_array "x86_bug_flags" "NBUGINTS*32" "X86_BUG_" "NCAPINTS*32" -+ - ) > $OUT - - trap - EXIT ---- a/arch/x86/kernel/cpu/proc.c -+++ b/arch/x86/kernel/cpu/proc.c -@@ -97,6 +97,14 @@ static int show_cpuinfo(struct seq_file - if (cpu_has(c, i) && x86_cap_flags[i] != NULL) - seq_printf(m, " %s", x86_cap_flags[i]); - -+ seq_printf(m, "\nbugs\t\t:"); -+ for (i = 0; i < 32*NBUGINTS; i++) { -+ unsigned int bug_bit = 32*NCAPINTS + i; -+ -+ if (cpu_has_bug(c, bug_bit) && x86_bug_flags[i]) -+ seq_printf(m, " %s", x86_bug_flags[i]); -+ } -+ - seq_printf(m, "\nbogomips\t: %lu.%02lu\n", - c->loops_per_jiffy/(500000/HZ), - (c->loops_per_jiffy/(5000/HZ)) % 100); diff --git a/queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch b/queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch deleted file mode 100644 index 3d746ada..00000000 --- a/queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch +++ /dev/null @@ -1,1117 +0,0 @@ -From: Borislav Petkov <bp@suse.de> -Date: Tue, 26 Jan 2016 22:12:04 +0100 -Subject: x86/cpufeature: Carve out X86_FEATURE_* - -commit cd4d09ec6f6c12a2cc3db5b7d8876a325a53545b upstream. - -Move them to a separate header and have the following -dependency: - - x86/cpufeatures.h <- x86/processor.h <- x86/cpufeature.h - -This makes it easier to use the header in asm code and not -include the whole cpufeature.h and add guards for asm. - -Suggested-by: H. Peter Anvin <hpa@zytor.com> -Signed-off-by: Borislav Petkov <bp@suse.de> -Cc: Andy Lutomirski <luto@amacapital.net> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Link: http://lkml.kernel.org/r/1453842730-28463-5-git-send-email-bp@alien8.de -Signed-off-by: Ingo Molnar <mingo@kernel.org> -[bwh: Backported to 3.16 to avoid a dependency loop: - - Drop some inapplicable changes - - Move all the previously backported feature and bug flags across - - Also change <asm/nospec-branch.h> and lib/retpoline.S to use - <asm/cpufeatures.h> - - Also include <asm/cpufeatures.h> in <asm/barrier.h>, as the vdso fails to - build without that - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -629,7 +629,7 @@ bytes respectively. Such letter suffixes - - clearcpuid=BITNUM [X86] - Disable CPUID feature X for the kernel. See -- arch/x86/include/asm/cpufeature.h for the valid bit -+ arch/x86/include/asm/cpufeatures.h for the valid bit - numbers. Note the Linux specific bits are not necessarily - stable over kernel options, but the vendor specific - ones should be. ---- a/arch/x86/boot/cpuflags.h -+++ b/arch/x86/boot/cpuflags.h -@@ -1,7 +1,7 @@ - #ifndef BOOT_CPUFLAGS_H - #define BOOT_CPUFLAGS_H - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/processor-flags.h> - - struct cpu_features { ---- a/arch/x86/boot/mkcpustr.c -+++ b/arch/x86/boot/mkcpustr.c -@@ -16,7 +16,7 @@ - #include <stdio.h> - - #include "../include/asm/required-features.h" --#include "../include/asm/cpufeature.h" -+#include "../include/asm/cpufeatures.h" - #include "../kernel/cpu/capflags.c" - - int main(void) ---- a/arch/x86/crypto/crc32-pclmul_glue.c -+++ b/arch/x86/crypto/crc32-pclmul_glue.c -@@ -33,7 +33,7 @@ - #include <linux/crc32.h> - #include <crypto/internal/hash.h> - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/cpu_device_id.h> - #include <asm/i387.h> - ---- a/arch/x86/crypto/crc32c-intel_glue.c -+++ b/arch/x86/crypto/crc32c-intel_glue.c -@@ -30,7 +30,7 @@ - #include <linux/kernel.h> - #include <crypto/internal/hash.h> - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/cpu_device_id.h> - #include <asm/i387.h> - #include <asm/fpu-internal.h> ---- a/arch/x86/crypto/crct10dif-pclmul_glue.c -+++ b/arch/x86/crypto/crct10dif-pclmul_glue.c -@@ -30,7 +30,7 @@ - #include <linux/string.h> - #include <linux/kernel.h> - #include <asm/i387.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/cpu_device_id.h> - - asmlinkage __u16 crc_t10dif_pcl(__u16 crc, const unsigned char *buf, ---- a/arch/x86/include/asm/alternative.h -+++ b/arch/x86/include/asm/alternative.h -@@ -148,12 +148,6 @@ static inline int alternatives_text_rese - ".popsection\n" - - /* -- * This must be included *after* the definition of ALTERNATIVE due to -- * <asm/arch_hweight.h> -- */ --#include <asm/cpufeature.h> -- --/* - * Alternative instructions for different CPU types or capabilities. - * - * This allows to use optimized instructions even on generic binary ---- a/arch/x86/include/asm/apic.h -+++ b/arch/x86/include/asm/apic.h -@@ -6,7 +6,6 @@ - - #include <asm/alternative.h> - #include <asm/cpufeature.h> --#include <asm/processor.h> - #include <asm/apicdef.h> - #include <linux/atomic.h> - #include <asm/fixmap.h> ---- a/arch/x86/include/asm/arch_hweight.h -+++ b/arch/x86/include/asm/arch_hweight.h -@@ -1,6 +1,8 @@ - #ifndef _ASM_X86_HWEIGHT_H - #define _ASM_X86_HWEIGHT_H - -+#include <asm/cpufeatures.h> -+ - #ifdef CONFIG_64BIT - /* popcnt %edi, %eax -- redundant REX prefix for alignment */ - #define POPCNT32 ".byte 0xf3,0x40,0x0f,0xb8,0xc7" ---- a/arch/x86/include/asm/barrier.h -+++ b/arch/x86/include/asm/barrier.h -@@ -3,6 +3,7 @@ - - #include <asm/alternative.h> - #include <asm/nops.h> -+#include <asm/cpufeatures.h> - - /* - * Force strict CPU ordering. ---- a/arch/x86/include/asm/cmpxchg.h -+++ b/arch/x86/include/asm/cmpxchg.h -@@ -2,6 +2,7 @@ - #define ASM_X86_CMPXCHG_H - - #include <linux/compiler.h> -+#include <asm/cpufeatures.h> - #include <asm/alternative.h> /* Provides LOCK_PREFIX */ - - /* ---- a/arch/x86/include/asm/cpufeature.h -+++ b/arch/x86/include/asm/cpufeature.h -@@ -4,277 +4,7 @@ - #ifndef _ASM_X86_CPUFEATURE_H - #define _ASM_X86_CPUFEATURE_H - --#ifndef _ASM_X86_REQUIRED_FEATURES_H --#include <asm/required-features.h> --#endif -- --#define NCAPINTS 12 /* N 32-bit words worth of info */ --#define NBUGINTS 1 /* N 32-bit bug flags */ -- --/* -- * Note: If the comment begins with a quoted string, that string is used -- * in /proc/cpuinfo instead of the macro name. If the string is "", -- * this feature bit is not displayed in /proc/cpuinfo at all. -- */ -- --/* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */ --#define X86_FEATURE_FPU (0*32+ 0) /* Onboard FPU */ --#define X86_FEATURE_VME (0*32+ 1) /* Virtual Mode Extensions */ --#define X86_FEATURE_DE (0*32+ 2) /* Debugging Extensions */ --#define X86_FEATURE_PSE (0*32+ 3) /* Page Size Extensions */ --#define X86_FEATURE_TSC (0*32+ 4) /* Time Stamp Counter */ --#define X86_FEATURE_MSR (0*32+ 5) /* Model-Specific Registers */ --#define X86_FEATURE_PAE (0*32+ 6) /* Physical Address Extensions */ --#define X86_FEATURE_MCE (0*32+ 7) /* Machine Check Exception */ --#define X86_FEATURE_CX8 (0*32+ 8) /* CMPXCHG8 instruction */ --#define X86_FEATURE_APIC (0*32+ 9) /* Onboard APIC */ --#define X86_FEATURE_SEP (0*32+11) /* SYSENTER/SYSEXIT */ --#define X86_FEATURE_MTRR (0*32+12) /* Memory Type Range Registers */ --#define X86_FEATURE_PGE (0*32+13) /* Page Global Enable */ --#define X86_FEATURE_MCA (0*32+14) /* Machine Check Architecture */ --#define X86_FEATURE_CMOV (0*32+15) /* CMOV instructions */ -- /* (plus FCMOVcc, FCOMI with FPU) */ --#define X86_FEATURE_PAT (0*32+16) /* Page Attribute Table */ --#define X86_FEATURE_PSE36 (0*32+17) /* 36-bit PSEs */ --#define X86_FEATURE_PN (0*32+18) /* Processor serial number */ --#define X86_FEATURE_CLFLUSH (0*32+19) /* CLFLUSH instruction */ --#define X86_FEATURE_DS (0*32+21) /* "dts" Debug Store */ --#define X86_FEATURE_ACPI (0*32+22) /* ACPI via MSR */ --#define X86_FEATURE_MMX (0*32+23) /* Multimedia Extensions */ --#define X86_FEATURE_FXSR (0*32+24) /* FXSAVE/FXRSTOR, CR4.OSFXSR */ --#define X86_FEATURE_XMM (0*32+25) /* "sse" */ --#define X86_FEATURE_XMM2 (0*32+26) /* "sse2" */ --#define X86_FEATURE_SELFSNOOP (0*32+27) /* "ss" CPU self snoop */ --#define X86_FEATURE_HT (0*32+28) /* Hyper-Threading */ --#define X86_FEATURE_ACC (0*32+29) /* "tm" Automatic clock control */ --#define X86_FEATURE_IA64 (0*32+30) /* IA-64 processor */ --#define X86_FEATURE_PBE (0*32+31) /* Pending Break Enable */ -- --/* AMD-defined CPU features, CPUID level 0x80000001, word 1 */ --/* Don't duplicate feature flags which are redundant with Intel! */ --#define X86_FEATURE_SYSCALL (1*32+11) /* SYSCALL/SYSRET */ --#define X86_FEATURE_MP (1*32+19) /* MP Capable. */ --#define X86_FEATURE_NX (1*32+20) /* Execute Disable */ --#define X86_FEATURE_MMXEXT (1*32+22) /* AMD MMX extensions */ --#define X86_FEATURE_FXSR_OPT (1*32+25) /* FXSAVE/FXRSTOR optimizations */ --#define X86_FEATURE_GBPAGES (1*32+26) /* "pdpe1gb" GB pages */ --#define X86_FEATURE_RDTSCP (1*32+27) /* RDTSCP */ --#define X86_FEATURE_LM (1*32+29) /* Long Mode (x86-64) */ --#define X86_FEATURE_3DNOWEXT (1*32+30) /* AMD 3DNow! extensions */ --#define X86_FEATURE_3DNOW (1*32+31) /* 3DNow! */ -- --/* Transmeta-defined CPU features, CPUID level 0x80860001, word 2 */ --#define X86_FEATURE_RECOVERY (2*32+ 0) /* CPU in recovery mode */ --#define X86_FEATURE_LONGRUN (2*32+ 1) /* Longrun power control */ --#define X86_FEATURE_LRTI (2*32+ 3) /* LongRun table interface */ -- --/* Other features, Linux-defined mapping, word 3 */ --/* This range is used for feature bits which conflict or are synthesized */ --#define X86_FEATURE_CXMMX (3*32+ 0) /* Cyrix MMX extensions */ --#define X86_FEATURE_K6_MTRR (3*32+ 1) /* AMD K6 nonstandard MTRRs */ --#define X86_FEATURE_CYRIX_ARR (3*32+ 2) /* Cyrix ARRs (= MTRRs) */ --#define X86_FEATURE_CENTAUR_MCR (3*32+ 3) /* Centaur MCRs (= MTRRs) */ --/* cpu types for specific tunings: */ --#define X86_FEATURE_K8 (3*32+ 4) /* "" Opteron, Athlon64 */ --#define X86_FEATURE_K7 (3*32+ 5) /* "" Athlon */ --#define X86_FEATURE_P3 (3*32+ 6) /* "" P3 */ --#define X86_FEATURE_P4 (3*32+ 7) /* "" P4 */ --#define X86_FEATURE_CONSTANT_TSC (3*32+ 8) /* TSC ticks at a constant rate */ --#define X86_FEATURE_UP (3*32+ 9) /* smp kernel running on up */ --#define X86_FEATURE_FXSAVE_LEAK (3*32+10) /* "" FXSAVE leaks FOP/FIP/FOP */ --#define X86_FEATURE_ARCH_PERFMON (3*32+11) /* Intel Architectural PerfMon */ --#define X86_FEATURE_PEBS (3*32+12) /* Precise-Event Based Sampling */ --#define X86_FEATURE_BTS (3*32+13) /* Branch Trace Store */ --#define X86_FEATURE_SYSCALL32 (3*32+14) /* "" syscall in ia32 userspace */ --#define X86_FEATURE_SYSENTER32 (3*32+15) /* "" sysenter in ia32 userspace */ --#define X86_FEATURE_REP_GOOD (3*32+16) /* rep microcode works well */ --#define X86_FEATURE_MFENCE_RDTSC (3*32+17) /* "" Mfence synchronizes RDTSC */ --#define X86_FEATURE_LFENCE_RDTSC (3*32+18) /* "" Lfence synchronizes RDTSC */ --#define X86_FEATURE_11AP (3*32+19) /* "" Bad local APIC aka 11AP */ --#define X86_FEATURE_NOPL (3*32+20) /* The NOPL (0F 1F) instructions */ --#define X86_FEATURE_ALWAYS (3*32+21) /* "" Always-present feature */ --#define X86_FEATURE_XTOPOLOGY (3*32+22) /* cpu topology enum extensions */ --#define X86_FEATURE_TSC_RELIABLE (3*32+23) /* TSC is known to be reliable */ --#define X86_FEATURE_NONSTOP_TSC (3*32+24) /* TSC does not stop in C states */ --#define X86_FEATURE_CLFLUSH_MONITOR (3*32+25) /* "" clflush reqd with monitor */ --#define X86_FEATURE_EXTD_APICID (3*32+26) /* has extended APICID (8 bits) */ --#define X86_FEATURE_AMD_DCM (3*32+27) /* multi-node processor */ --#define X86_FEATURE_APERFMPERF (3*32+28) /* APERFMPERF */ --#define X86_FEATURE_EAGER_FPU (3*32+29) /* "eagerfpu" Non lazy FPU restore */ --#define X86_FEATURE_NONSTOP_TSC_S3 (3*32+30) /* TSC doesn't stop in S3 state */ -- --/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */ --#define X86_FEATURE_XMM3 (4*32+ 0) /* "pni" SSE-3 */ --#define X86_FEATURE_PCLMULQDQ (4*32+ 1) /* PCLMULQDQ instruction */ --#define X86_FEATURE_DTES64 (4*32+ 2) /* 64-bit Debug Store */ --#define X86_FEATURE_MWAIT (4*32+ 3) /* "monitor" Monitor/Mwait support */ --#define X86_FEATURE_DSCPL (4*32+ 4) /* "ds_cpl" CPL Qual. Debug Store */ --#define X86_FEATURE_VMX (4*32+ 5) /* Hardware virtualization */ --#define X86_FEATURE_SMX (4*32+ 6) /* Safer mode */ --#define X86_FEATURE_EST (4*32+ 7) /* Enhanced SpeedStep */ --#define X86_FEATURE_TM2 (4*32+ 8) /* Thermal Monitor 2 */ --#define X86_FEATURE_SSSE3 (4*32+ 9) /* Supplemental SSE-3 */ --#define X86_FEATURE_CID (4*32+10) /* Context ID */ --#define X86_FEATURE_FMA (4*32+12) /* Fused multiply-add */ --#define X86_FEATURE_CX16 (4*32+13) /* CMPXCHG16B */ --#define X86_FEATURE_XTPR (4*32+14) /* Send Task Priority Messages */ --#define X86_FEATURE_PDCM (4*32+15) /* Performance Capabilities */ --#define X86_FEATURE_PCID (4*32+17) /* Process Context Identifiers */ --#define X86_FEATURE_DCA (4*32+18) /* Direct Cache Access */ --#define X86_FEATURE_XMM4_1 (4*32+19) /* "sse4_1" SSE-4.1 */ --#define X86_FEATURE_XMM4_2 (4*32+20) /* "sse4_2" SSE-4.2 */ --#define X86_FEATURE_X2APIC (4*32+21) /* x2APIC */ --#define X86_FEATURE_MOVBE (4*32+22) /* MOVBE instruction */ --#define X86_FEATURE_POPCNT (4*32+23) /* POPCNT instruction */ --#define X86_FEATURE_TSC_DEADLINE_TIMER (4*32+24) /* Tsc deadline timer */ --#define X86_FEATURE_AES (4*32+25) /* AES instructions */ --#define X86_FEATURE_XSAVE (4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */ --#define X86_FEATURE_OSXSAVE (4*32+27) /* "" XSAVE enabled in the OS */ --#define X86_FEATURE_AVX (4*32+28) /* Advanced Vector Extensions */ --#define X86_FEATURE_F16C (4*32+29) /* 16-bit fp conversions */ --#define X86_FEATURE_RDRAND (4*32+30) /* The RDRAND instruction */ --#define X86_FEATURE_HYPERVISOR (4*32+31) /* Running on a hypervisor */ -- --/* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */ --#define X86_FEATURE_XSTORE (5*32+ 2) /* "rng" RNG present (xstore) */ --#define X86_FEATURE_XSTORE_EN (5*32+ 3) /* "rng_en" RNG enabled */ --#define X86_FEATURE_XCRYPT (5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ --#define X86_FEATURE_XCRYPT_EN (5*32+ 7) /* "ace_en" on-CPU crypto enabled */ --#define X86_FEATURE_ACE2 (5*32+ 8) /* Advanced Cryptography Engine v2 */ --#define X86_FEATURE_ACE2_EN (5*32+ 9) /* ACE v2 enabled */ --#define X86_FEATURE_PHE (5*32+10) /* PadLock Hash Engine */ --#define X86_FEATURE_PHE_EN (5*32+11) /* PHE enabled */ --#define X86_FEATURE_PMM (5*32+12) /* PadLock Montgomery Multiplier */ --#define X86_FEATURE_PMM_EN (5*32+13) /* PMM enabled */ -- --/* More extended AMD flags: CPUID level 0x80000001, ecx, word 6 */ --#define X86_FEATURE_LAHF_LM (6*32+ 0) /* LAHF/SAHF in long mode */ --#define X86_FEATURE_CMP_LEGACY (6*32+ 1) /* If yes HyperThreading not valid */ --#define X86_FEATURE_SVM (6*32+ 2) /* Secure virtual machine */ --#define X86_FEATURE_EXTAPIC (6*32+ 3) /* Extended APIC space */ --#define X86_FEATURE_CR8_LEGACY (6*32+ 4) /* CR8 in 32-bit mode */ --#define X86_FEATURE_ABM (6*32+ 5) /* Advanced bit manipulation */ --#define X86_FEATURE_SSE4A (6*32+ 6) /* SSE-4A */ --#define X86_FEATURE_MISALIGNSSE (6*32+ 7) /* Misaligned SSE mode */ --#define X86_FEATURE_3DNOWPREFETCH (6*32+ 8) /* 3DNow prefetch instructions */ --#define X86_FEATURE_OSVW (6*32+ 9) /* OS Visible Workaround */ --#define X86_FEATURE_IBS (6*32+10) /* Instruction Based Sampling */ --#define X86_FEATURE_XOP (6*32+11) /* extended AVX instructions */ --#define X86_FEATURE_SKINIT (6*32+12) /* SKINIT/STGI instructions */ --#define X86_FEATURE_WDT (6*32+13) /* Watchdog timer */ --#define X86_FEATURE_LWP (6*32+15) /* Light Weight Profiling */ --#define X86_FEATURE_FMA4 (6*32+16) /* 4 operands MAC instructions */ --#define X86_FEATURE_TCE (6*32+17) /* translation cache extension */ --#define X86_FEATURE_NODEID_MSR (6*32+19) /* NodeId MSR */ --#define X86_FEATURE_TBM (6*32+21) /* trailing bit manipulations */ --#define X86_FEATURE_TOPOEXT (6*32+22) /* topology extensions CPUID leafs */ --#define X86_FEATURE_PERFCTR_CORE (6*32+23) /* core performance counter extensions */ --#define X86_FEATURE_PERFCTR_NB (6*32+24) /* NB performance counter extensions */ --#define X86_FEATURE_PERFCTR_L2 (6*32+28) /* L2 performance counter extensions */ -- --/* -- * Auxiliary flags: Linux defined - For features scattered in various -- * CPUID levels like 0x6, 0xA etc, word 7 -- */ --#define X86_FEATURE_IDA (7*32+ 0) /* Intel Dynamic Acceleration */ --#define X86_FEATURE_ARAT (7*32+ 1) /* Always Running APIC Timer */ --#define X86_FEATURE_CPB (7*32+ 2) /* AMD Core Performance Boost */ --#define X86_FEATURE_EPB (7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */ --#define X86_FEATURE_XSAVEOPT (7*32+ 4) /* Optimized Xsave */ --#define X86_FEATURE_PLN (7*32+ 5) /* Intel Power Limit Notification */ --#define X86_FEATURE_PTS (7*32+ 6) /* Intel Package Thermal Status */ --#define X86_FEATURE_DTHERM (7*32+ 7) /* Digital Thermal Sensor */ --#define X86_FEATURE_HW_PSTATE (7*32+ 8) /* AMD HW-PState */ --#define X86_FEATURE_PROC_FEEDBACK (7*32+ 9) /* AMD ProcFeedbackInterface */ --#define X86_FEATURE_INVPCID_SINGLE (7*32+10) /* Effectively INVPCID && CR4.PCIDE=1 */ --#define X86_FEATURE_RSB_CTXSW (7*32+11) /* "" Fill RSB on context switches */ -- --#define X86_FEATURE_USE_IBPB (7*32+12) /* "" Indirect Branch Prediction Barrier enabled */ --#define X86_FEATURE_USE_IBRS_FW (7*32+13) /* "" Use IBRS during runtime firmware calls */ --#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE (7*32+14) /* "" Disable Speculative Store Bypass. */ --#define X86_FEATURE_LS_CFG_SSBD (7*32+15) /* "" AMD SSBD implementation */ --#define X86_FEATURE_IBRS (7*32+16) /* Indirect Branch Restricted Speculation */ --#define X86_FEATURE_IBPB (7*32+17) /* Indirect Branch Prediction Barrier */ --#define X86_FEATURE_STIBP (7*32+18) /* Single Thread Indirect Branch Predictors */ --#define X86_FEATURE_MSR_SPEC_CTRL (7*32+19) /* "" MSR SPEC_CTRL is implemented */ --#define X86_FEATURE_SSBD (7*32+20) /* Speculative Store Bypass Disable */ --#define X86_FEATURE_ZEN (7*32+21) /* "" CPU is AMD family 0x17 (Zen) */ --#define X86_FEATURE_L1TF_PTEINV (7*32+22) /* "" L1TF workaround PTE inversion */ -- --#define X86_FEATURE_RETPOLINE (7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */ --#define X86_FEATURE_RETPOLINE_AMD (7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */ --/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ --#define X86_FEATURE_KAISER (7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ -- --/* Virtualization flags: Linux defined, word 8 */ --#define X86_FEATURE_TPR_SHADOW (8*32+ 0) /* Intel TPR Shadow */ --#define X86_FEATURE_VNMI (8*32+ 1) /* Intel Virtual NMI */ --#define X86_FEATURE_FLEXPRIORITY (8*32+ 2) /* Intel FlexPriority */ --#define X86_FEATURE_EPT (8*32+ 3) /* Intel Extended Page Table */ --#define X86_FEATURE_VPID (8*32+ 4) /* Intel Virtual Processor ID */ --#define X86_FEATURE_NPT (8*32+ 5) /* AMD Nested Page Table support */ --#define X86_FEATURE_LBRV (8*32+ 6) /* AMD LBR Virtualization support */ --#define X86_FEATURE_SVML (8*32+ 7) /* "svm_lock" AMD SVM locking MSR */ --#define X86_FEATURE_NRIPS (8*32+ 8) /* "nrip_save" AMD SVM next_rip save */ --#define X86_FEATURE_TSCRATEMSR (8*32+ 9) /* "tsc_scale" AMD TSC scaling support */ --#define X86_FEATURE_VMCBCLEAN (8*32+10) /* "vmcb_clean" AMD VMCB clean bits support */ --#define X86_FEATURE_FLUSHBYASID (8*32+11) /* AMD flush-by-ASID support */ --#define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */ --#define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */ --#define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */ --#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */ -- -- --/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ --#define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ --#define X86_FEATURE_TSC_ADJUST (9*32+ 1) /* TSC adjustment MSR 0x3b */ --#define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ --#define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ --#define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ --#define X86_FEATURE_SMEP (9*32+ 7) /* Supervisor Mode Execution Protection */ --#define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ --#define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ --#define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ --#define X86_FEATURE_RTM (9*32+11) /* Restricted Transactional Memory */ --#define X86_FEATURE_MPX (9*32+14) /* Memory Protection Extension */ --#define X86_FEATURE_AVX512F (9*32+16) /* AVX-512 Foundation */ --#define X86_FEATURE_RDSEED (9*32+18) /* The RDSEED instruction */ --#define X86_FEATURE_ADX (9*32+19) /* The ADCX and ADOX instructions */ --#define X86_FEATURE_SMAP (9*32+20) /* Supervisor Mode Access Prevention */ --#define X86_FEATURE_CLFLUSHOPT (9*32+23) /* CLFLUSHOPT instruction */ --#define X86_FEATURE_AVX512PF (9*32+26) /* AVX-512 Prefetch */ --#define X86_FEATURE_AVX512ER (9*32+27) /* AVX-512 Exponential and Reciprocal */ --#define X86_FEATURE_AVX512CD (9*32+28) /* AVX-512 Conflict Detection */ -- --/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */ --#define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */ --#define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */ --#define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ --#define X86_FEATURE_SPEC_CTRL_SSBD (10*32+31) /* "" Speculative Store Bypass Disable */ -- --/* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 11 */ --#define X86_FEATURE_AMD_IBPB (11*32+12) /* "" Indirect Branch Prediction Barrier */ --#define X86_FEATURE_AMD_IBRS (11*32+14) /* "" Indirect Branch Restricted Speculation */ --#define X86_FEATURE_AMD_STIBP (11*32+15) /* "" Single Thread Indirect Branch Predictors */ --#define X86_FEATURE_AMD_SSBD (11*32+24) /* "" Speculative Store Bypass Disable */ --#define X86_FEATURE_VIRT_SSBD (11*32+25) /* Virtualized Speculative Store Bypass Disable */ --#define X86_FEATURE_AMD_SSB_NO (11*32+26) /* "" Speculative Store Bypass is fixed in hardware. */ -- --/* -- * BUG word(s) -- */ --#define X86_BUG(x) (NCAPINTS*32 + (x)) -- --#define X86_BUG_F00F X86_BUG(0) /* Intel F00F */ --#define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */ --#define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */ --#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */ --#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */ --#define X86_BUG_CPU_MELTDOWN X86_BUG(5) /* CPU is affected by meltdown attack and needs kernel page table isolation */ --#define X86_BUG_SPECTRE_V1 X86_BUG(6) /* CPU is affected by Spectre variant 1 attack with conditional branches */ --#define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */ --#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */ --#define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */ -+#include <asm/processor.h> - - #if defined(__KERNEL__) && !defined(__ASSEMBLY__) - ---- /dev/null -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -0,0 +1,274 @@ -+#ifndef _ASM_X86_CPUFEATURES_H -+#define _ASM_X86_CPUFEATURES_H -+ -+#ifndef _ASM_X86_REQUIRED_FEATURES_H -+#include <asm/required-features.h> -+#endif -+ -+#define NCAPINTS 12 /* N 32-bit words worth of info */ -+#define NBUGINTS 1 /* N 32-bit bug flags */ -+ -+/* -+ * Note: If the comment begins with a quoted string, that string is used -+ * in /proc/cpuinfo instead of the macro name. If the string is "", -+ * this feature bit is not displayed in /proc/cpuinfo at all. -+ */ -+ -+/* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */ -+#define X86_FEATURE_FPU ( 0*32+ 0) /* Onboard FPU */ -+#define X86_FEATURE_VME ( 0*32+ 1) /* Virtual Mode Extensions */ -+#define X86_FEATURE_DE ( 0*32+ 2) /* Debugging Extensions */ -+#define X86_FEATURE_PSE ( 0*32+ 3) /* Page Size Extensions */ -+#define X86_FEATURE_TSC ( 0*32+ 4) /* Time Stamp Counter */ -+#define X86_FEATURE_MSR ( 0*32+ 5) /* Model-Specific Registers */ -+#define X86_FEATURE_PAE ( 0*32+ 6) /* Physical Address Extensions */ -+#define X86_FEATURE_MCE ( 0*32+ 7) /* Machine Check Exception */ -+#define X86_FEATURE_CX8 ( 0*32+ 8) /* CMPXCHG8 instruction */ -+#define X86_FEATURE_APIC ( 0*32+ 9) /* Onboard APIC */ -+#define X86_FEATURE_SEP ( 0*32+11) /* SYSENTER/SYSEXIT */ -+#define X86_FEATURE_MTRR ( 0*32+12) /* Memory Type Range Registers */ -+#define X86_FEATURE_PGE ( 0*32+13) /* Page Global Enable */ -+#define X86_FEATURE_MCA ( 0*32+14) /* Machine Check Architecture */ -+#define X86_FEATURE_CMOV ( 0*32+15) /* CMOV instructions */ -+ /* (plus FCMOVcc, FCOMI with FPU) */ -+#define X86_FEATURE_PAT ( 0*32+16) /* Page Attribute Table */ -+#define X86_FEATURE_PSE36 ( 0*32+17) /* 36-bit PSEs */ -+#define X86_FEATURE_PN ( 0*32+18) /* Processor serial number */ -+#define X86_FEATURE_CLFLUSH ( 0*32+19) /* CLFLUSH instruction */ -+#define X86_FEATURE_DS ( 0*32+21) /* "dts" Debug Store */ -+#define X86_FEATURE_ACPI ( 0*32+22) /* ACPI via MSR */ -+#define X86_FEATURE_MMX ( 0*32+23) /* Multimedia Extensions */ -+#define X86_FEATURE_FXSR ( 0*32+24) /* FXSAVE/FXRSTOR, CR4.OSFXSR */ -+#define X86_FEATURE_XMM ( 0*32+25) /* "sse" */ -+#define X86_FEATURE_XMM2 ( 0*32+26) /* "sse2" */ -+#define X86_FEATURE_SELFSNOOP ( 0*32+27) /* "ss" CPU self snoop */ -+#define X86_FEATURE_HT ( 0*32+28) /* Hyper-Threading */ -+#define X86_FEATURE_ACC ( 0*32+29) /* "tm" Automatic clock control */ -+#define X86_FEATURE_IA64 ( 0*32+30) /* IA-64 processor */ -+#define X86_FEATURE_PBE ( 0*32+31) /* Pending Break Enable */ -+ -+/* AMD-defined CPU features, CPUID level 0x80000001, word 1 */ -+/* Don't duplicate feature flags which are redundant with Intel! */ -+#define X86_FEATURE_SYSCALL ( 1*32+11) /* SYSCALL/SYSRET */ -+#define X86_FEATURE_MP ( 1*32+19) /* MP Capable. */ -+#define X86_FEATURE_NX ( 1*32+20) /* Execute Disable */ -+#define X86_FEATURE_MMXEXT ( 1*32+22) /* AMD MMX extensions */ -+#define X86_FEATURE_FXSR_OPT ( 1*32+25) /* FXSAVE/FXRSTOR optimizations */ -+#define X86_FEATURE_GBPAGES ( 1*32+26) /* "pdpe1gb" GB pages */ -+#define X86_FEATURE_RDTSCP ( 1*32+27) /* RDTSCP */ -+#define X86_FEATURE_LM ( 1*32+29) /* Long Mode (x86-64) */ -+#define X86_FEATURE_3DNOWEXT ( 1*32+30) /* AMD 3DNow! extensions */ -+#define X86_FEATURE_3DNOW ( 1*32+31) /* 3DNow! */ -+ -+/* Transmeta-defined CPU features, CPUID level 0x80860001, word 2 */ -+#define X86_FEATURE_RECOVERY ( 2*32+ 0) /* CPU in recovery mode */ -+#define X86_FEATURE_LONGRUN ( 2*32+ 1) /* Longrun power control */ -+#define X86_FEATURE_LRTI ( 2*32+ 3) /* LongRun table interface */ -+ -+/* Other features, Linux-defined mapping, word 3 */ -+/* This range is used for feature bits which conflict or are synthesized */ -+#define X86_FEATURE_CXMMX ( 3*32+ 0) /* Cyrix MMX extensions */ -+#define X86_FEATURE_K6_MTRR ( 3*32+ 1) /* AMD K6 nonstandard MTRRs */ -+#define X86_FEATURE_CYRIX_ARR ( 3*32+ 2) /* Cyrix ARRs (= MTRRs) */ -+#define X86_FEATURE_CENTAUR_MCR ( 3*32+ 3) /* Centaur MCRs (= MTRRs) */ -+/* cpu types for specific tunings: */ -+#define X86_FEATURE_K8 ( 3*32+ 4) /* "" Opteron, Athlon64 */ -+#define X86_FEATURE_K7 ( 3*32+ 5) /* "" Athlon */ -+#define X86_FEATURE_P3 ( 3*32+ 6) /* "" P3 */ -+#define X86_FEATURE_P4 ( 3*32+ 7) /* "" P4 */ -+#define X86_FEATURE_CONSTANT_TSC ( 3*32+ 8) /* TSC ticks at a constant rate */ -+#define X86_FEATURE_UP ( 3*32+ 9) /* smp kernel running on up */ -+#define X86_FEATURE_FXSAVE_LEAK ( 3*32+10) /* "" FXSAVE leaks FOP/FIP/FOP */ -+#define X86_FEATURE_ARCH_PERFMON ( 3*32+11) /* Intel Architectural PerfMon */ -+#define X86_FEATURE_PEBS ( 3*32+12) /* Precise-Event Based Sampling */ -+#define X86_FEATURE_BTS ( 3*32+13) /* Branch Trace Store */ -+#define X86_FEATURE_SYSCALL32 ( 3*32+14) /* "" syscall in ia32 userspace */ -+#define X86_FEATURE_SYSENTER32 ( 3*32+15) /* "" sysenter in ia32 userspace */ -+#define X86_FEATURE_REP_GOOD ( 3*32+16) /* rep microcode works well */ -+#define X86_FEATURE_MFENCE_RDTSC ( 3*32+17) /* "" Mfence synchronizes RDTSC */ -+#define X86_FEATURE_LFENCE_RDTSC ( 3*32+18) /* "" Lfence synchronizes RDTSC */ -+#define X86_FEATURE_11AP ( 3*32+19) /* "" Bad local APIC aka 11AP */ -+#define X86_FEATURE_NOPL ( 3*32+20) /* The NOPL (0F 1F) instructions */ -+#define X86_FEATURE_ALWAYS ( 3*32+21) /* "" Always-present feature */ -+#define X86_FEATURE_XTOPOLOGY ( 3*32+22) /* cpu topology enum extensions */ -+#define X86_FEATURE_TSC_RELIABLE ( 3*32+23) /* TSC is known to be reliable */ -+#define X86_FEATURE_NONSTOP_TSC ( 3*32+24) /* TSC does not stop in C states */ -+#define X86_FEATURE_CLFLUSH_MONITOR ( 3*32+25) /* "" clflush reqd with monitor */ -+#define X86_FEATURE_EXTD_APICID ( 3*32+26) /* has extended APICID (8 bits) */ -+#define X86_FEATURE_AMD_DCM ( 3*32+27) /* multi-node processor */ -+#define X86_FEATURE_APERFMPERF ( 3*32+28) /* APERFMPERF */ -+#define X86_FEATURE_EAGER_FPU ( 3*32+29) /* "eagerfpu" Non lazy FPU restore */ -+#define X86_FEATURE_NONSTOP_TSC_S3 ( 3*32+30) /* TSC doesn't stop in S3 state */ -+ -+/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */ -+#define X86_FEATURE_XMM3 ( 4*32+ 0) /* "pni" SSE-3 */ -+#define X86_FEATURE_PCLMULQDQ ( 4*32+ 1) /* PCLMULQDQ instruction */ -+#define X86_FEATURE_DTES64 ( 4*32+ 2) /* 64-bit Debug Store */ -+#define X86_FEATURE_MWAIT ( 4*32+ 3) /* "monitor" Monitor/Mwait support */ -+#define X86_FEATURE_DSCPL ( 4*32+ 4) /* "ds_cpl" CPL Qual. Debug Store */ -+#define X86_FEATURE_VMX ( 4*32+ 5) /* Hardware virtualization */ -+#define X86_FEATURE_SMX ( 4*32+ 6) /* Safer mode */ -+#define X86_FEATURE_EST ( 4*32+ 7) /* Enhanced SpeedStep */ -+#define X86_FEATURE_TM2 ( 4*32+ 8) /* Thermal Monitor 2 */ -+#define X86_FEATURE_SSSE3 ( 4*32+ 9) /* Supplemental SSE-3 */ -+#define X86_FEATURE_CID ( 4*32+10) /* Context ID */ -+#define X86_FEATURE_FMA ( 4*32+12) /* Fused multiply-add */ -+#define X86_FEATURE_CX16 ( 4*32+13) /* CMPXCHG16B */ -+#define X86_FEATURE_XTPR ( 4*32+14) /* Send Task Priority Messages */ -+#define X86_FEATURE_PDCM ( 4*32+15) /* Performance Capabilities */ -+#define X86_FEATURE_PCID ( 4*32+17) /* Process Context Identifiers */ -+#define X86_FEATURE_DCA ( 4*32+18) /* Direct Cache Access */ -+#define X86_FEATURE_XMM4_1 ( 4*32+19) /* "sse4_1" SSE-4.1 */ -+#define X86_FEATURE_XMM4_2 ( 4*32+20) /* "sse4_2" SSE-4.2 */ -+#define X86_FEATURE_X2APIC ( 4*32+21) /* x2APIC */ -+#define X86_FEATURE_MOVBE ( 4*32+22) /* MOVBE instruction */ -+#define X86_FEATURE_POPCNT ( 4*32+23) /* POPCNT instruction */ -+#define X86_FEATURE_TSC_DEADLINE_TIMER ( 4*32+24) /* Tsc deadline timer */ -+#define X86_FEATURE_AES ( 4*32+25) /* AES instructions */ -+#define X86_FEATURE_XSAVE ( 4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */ -+#define X86_FEATURE_OSXSAVE ( 4*32+27) /* "" XSAVE enabled in the OS */ -+#define X86_FEATURE_AVX ( 4*32+28) /* Advanced Vector Extensions */ -+#define X86_FEATURE_F16C ( 4*32+29) /* 16-bit fp conversions */ -+#define X86_FEATURE_RDRAND ( 4*32+30) /* The RDRAND instruction */ -+#define X86_FEATURE_HYPERVISOR ( 4*32+31) /* Running on a hypervisor */ -+ -+/* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */ -+#define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ -+#define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ -+#define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ -+#define X86_FEATURE_XCRYPT_EN ( 5*32+ 7) /* "ace_en" on-CPU crypto enabled */ -+#define X86_FEATURE_ACE2 ( 5*32+ 8) /* Advanced Cryptography Engine v2 */ -+#define X86_FEATURE_ACE2_EN ( 5*32+ 9) /* ACE v2 enabled */ -+#define X86_FEATURE_PHE ( 5*32+10) /* PadLock Hash Engine */ -+#define X86_FEATURE_PHE_EN ( 5*32+11) /* PHE enabled */ -+#define X86_FEATURE_PMM ( 5*32+12) /* PadLock Montgomery Multiplier */ -+#define X86_FEATURE_PMM_EN ( 5*32+13) /* PMM enabled */ -+ -+/* More extended AMD flags: CPUID level 0x80000001, ecx, word 6 */ -+#define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* LAHF/SAHF in long mode */ -+#define X86_FEATURE_CMP_LEGACY ( 6*32+ 1) /* If yes HyperThreading not valid */ -+#define X86_FEATURE_SVM ( 6*32+ 2) /* Secure virtual machine */ -+#define X86_FEATURE_EXTAPIC ( 6*32+ 3) /* Extended APIC space */ -+#define X86_FEATURE_CR8_LEGACY ( 6*32+ 4) /* CR8 in 32-bit mode */ -+#define X86_FEATURE_ABM ( 6*32+ 5) /* Advanced bit manipulation */ -+#define X86_FEATURE_SSE4A ( 6*32+ 6) /* SSE-4A */ -+#define X86_FEATURE_MISALIGNSSE ( 6*32+ 7) /* Misaligned SSE mode */ -+#define X86_FEATURE_3DNOWPREFETCH ( 6*32+ 8) /* 3DNow prefetch instructions */ -+#define X86_FEATURE_OSVW ( 6*32+ 9) /* OS Visible Workaround */ -+#define X86_FEATURE_IBS ( 6*32+10) /* Instruction Based Sampling */ -+#define X86_FEATURE_XOP ( 6*32+11) /* extended AVX instructions */ -+#define X86_FEATURE_SKINIT ( 6*32+12) /* SKINIT/STGI instructions */ -+#define X86_FEATURE_WDT ( 6*32+13) /* Watchdog timer */ -+#define X86_FEATURE_LWP ( 6*32+15) /* Light Weight Profiling */ -+#define X86_FEATURE_FMA4 ( 6*32+16) /* 4 operands MAC instructions */ -+#define X86_FEATURE_TCE ( 6*32+17) /* translation cache extension */ -+#define X86_FEATURE_NODEID_MSR ( 6*32+19) /* NodeId MSR */ -+#define X86_FEATURE_TBM ( 6*32+21) /* trailing bit manipulations */ -+#define X86_FEATURE_TOPOEXT ( 6*32+22) /* topology extensions CPUID leafs */ -+#define X86_FEATURE_PERFCTR_CORE ( 6*32+23) /* core performance counter extensions */ -+#define X86_FEATURE_PERFCTR_NB ( 6*32+24) /* NB performance counter extensions */ -+#define X86_FEATURE_PERFCTR_L2 ( 6*32+28) /* L2 performance counter extensions */ -+ -+/* -+ * Auxiliary flags: Linux defined - For features scattered in various -+ * CPUID levels like 0x6, 0xA etc, word 7 -+ */ -+#define X86_FEATURE_IDA ( 7*32+ 0) /* Intel Dynamic Acceleration */ -+#define X86_FEATURE_ARAT ( 7*32+ 1) /* Always Running APIC Timer */ -+#define X86_FEATURE_CPB ( 7*32+ 2) /* AMD Core Performance Boost */ -+#define X86_FEATURE_EPB ( 7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */ -+#define X86_FEATURE_XSAVEOPT ( 7*32+ 4) /* Optimized Xsave */ -+#define X86_FEATURE_PLN ( 7*32+ 5) /* Intel Power Limit Notification */ -+#define X86_FEATURE_PTS ( 7*32+ 6) /* Intel Package Thermal Status */ -+#define X86_FEATURE_DTHERM ( 7*32+ 7) /* Digital Thermal Sensor */ -+#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ -+#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ -+#define X86_FEATURE_INVPCID_SINGLE ( 7*32+10) /* Effectively INVPCID && CR4.PCIDE=1 */ -+#define X86_FEATURE_RSB_CTXSW ( 7*32+11) /* "" Fill RSB on context switches */ -+#define X86_FEATURE_USE_IBPB ( 7*32+12) /* "" Indirect Branch Prediction Barrier enabled */ -+#define X86_FEATURE_USE_IBRS_FW ( 7*32+13) /* "" Use IBRS during runtime firmware calls */ -+#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+14) /* "" Disable Speculative Store Bypass. */ -+#define X86_FEATURE_LS_CFG_SSBD ( 7*32+15) /* "" AMD SSBD implementation */ -+#define X86_FEATURE_IBRS ( 7*32+16) /* Indirect Branch Restricted Speculation */ -+#define X86_FEATURE_IBPB ( 7*32+17) /* Indirect Branch Prediction Barrier */ -+#define X86_FEATURE_STIBP ( 7*32+18) /* Single Thread Indirect Branch Predictors */ -+#define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+19) /* "" MSR SPEC_CTRL is implemented */ -+#define X86_FEATURE_SSBD ( 7*32+20) /* Speculative Store Bypass Disable */ -+#define X86_FEATURE_ZEN ( 7*32+21) /* "" CPU is AMD family 0x17 (Zen) */ -+#define X86_FEATURE_L1TF_PTEINV ( 7*32+22) /* "" L1TF workaround PTE inversion */ -+#define X86_FEATURE_RETPOLINE ( 7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */ -+#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */ -+/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ -+#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ -+ -+/* Virtualization flags: Linux defined, word 8 */ -+#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ -+#define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */ -+#define X86_FEATURE_FLEXPRIORITY ( 8*32+ 2) /* Intel FlexPriority */ -+#define X86_FEATURE_EPT ( 8*32+ 3) /* Intel Extended Page Table */ -+#define X86_FEATURE_VPID ( 8*32+ 4) /* Intel Virtual Processor ID */ -+#define X86_FEATURE_NPT ( 8*32+ 5) /* AMD Nested Page Table support */ -+#define X86_FEATURE_LBRV ( 8*32+ 6) /* AMD LBR Virtualization support */ -+#define X86_FEATURE_SVML ( 8*32+ 7) /* "svm_lock" AMD SVM locking MSR */ -+#define X86_FEATURE_NRIPS ( 8*32+ 8) /* "nrip_save" AMD SVM next_rip save */ -+#define X86_FEATURE_TSCRATEMSR ( 8*32+ 9) /* "tsc_scale" AMD TSC scaling support */ -+#define X86_FEATURE_VMCBCLEAN ( 8*32+10) /* "vmcb_clean" AMD VMCB clean bits support */ -+#define X86_FEATURE_FLUSHBYASID ( 8*32+11) /* AMD flush-by-ASID support */ -+#define X86_FEATURE_DECODEASSISTS ( 8*32+12) /* AMD Decode Assists support */ -+#define X86_FEATURE_PAUSEFILTER ( 8*32+13) /* AMD filtered pause intercept */ -+#define X86_FEATURE_PFTHRESHOLD ( 8*32+14) /* AMD pause filter threshold */ -+#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */ -+ -+ -+/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ -+#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ -+#define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3b */ -+#define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */ -+#define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */ -+#define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */ -+#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Protection */ -+#define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */ -+#define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */ -+#define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */ -+#define X86_FEATURE_RTM ( 9*32+11) /* Restricted Transactional Memory */ -+#define X86_FEATURE_MPX ( 9*32+14) /* Memory Protection Extension */ -+#define X86_FEATURE_AVX512F ( 9*32+16) /* AVX-512 Foundation */ -+#define X86_FEATURE_RDSEED ( 9*32+18) /* The RDSEED instruction */ -+#define X86_FEATURE_ADX ( 9*32+19) /* The ADCX and ADOX instructions */ -+#define X86_FEATURE_SMAP ( 9*32+20) /* Supervisor Mode Access Prevention */ -+#define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */ -+#define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */ -+#define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */ -+#define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */ -+ -+/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */ -+#define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */ -+#define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */ -+#define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ -+#define X86_FEATURE_SPEC_CTRL_SSBD (10*32+31) /* "" Speculative Store Bypass Disable */ -+ -+/* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 11 */ -+#define X86_FEATURE_AMD_IBPB (11*32+12) /* "" Indirect Branch Prediction Barrier */ -+#define X86_FEATURE_AMD_IBRS (11*32+14) /* "" Indirect Branch Restricted Speculation */ -+#define X86_FEATURE_AMD_STIBP (11*32+15) /* "" Single Thread Indirect Branch Predictors */ -+#define X86_FEATURE_AMD_SSBD (11*32+24) /* "" Speculative Store Bypass Disable */ -+#define X86_FEATURE_VIRT_SSBD (11*32+25) /* Virtualized Speculative Store Bypass Disable */ -+#define X86_FEATURE_AMD_SSB_NO (11*32+26) /* "" Speculative Store Bypass is fixed in hardware. */ -+ -+/* -+ * BUG word(s) -+ */ -+#define X86_BUG(x) (NCAPINTS*32 + (x)) -+ -+#define X86_BUG_F00F X86_BUG(0) /* Intel F00F */ -+#define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */ -+#define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */ -+#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */ -+#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */ -+#define X86_BUG_CPU_MELTDOWN X86_BUG(5) /* CPU is affected by meltdown attack and needs kernel page table isolation */ -+#define X86_BUG_SPECTRE_V1 X86_BUG(6) /* CPU is affected by Spectre variant 1 attack with conditional branches */ -+#define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */ -+#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */ -+#define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */ -+ -+#endif /* _ASM_X86_CPUFEATURES_H */ ---- a/arch/x86/include/asm/mwait.h -+++ b/arch/x86/include/asm/mwait.h -@@ -3,6 +3,8 @@ - - #include <linux/sched.h> - -+#include <asm/cpufeature.h> -+ - #define MWAIT_SUBSTATE_MASK 0xf - #define MWAIT_CSTATE_MASK 0xf - #define MWAIT_SUBSTATE_SIZE 4 ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -5,7 +5,7 @@ - - #include <asm/alternative.h> - #include <asm/alternative-asm.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/msr-index.h> - - /* ---- a/arch/x86/include/asm/processor.h -+++ b/arch/x86/include/asm/processor.h -@@ -13,7 +13,7 @@ struct mm_struct; - #include <asm/types.h> - #include <asm/sigcontext.h> - #include <asm/current.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/page.h> - #include <asm/pgtable_types.h> - #include <asm/percpu.h> -@@ -23,7 +23,6 @@ struct mm_struct; - #include <asm/special_insns.h> - - #include <linux/personality.h> --#include <linux/cpumask.h> - #include <linux/cache.h> - #include <linux/threads.h> - #include <linux/math64.h> ---- a/arch/x86/include/asm/smap.h -+++ b/arch/x86/include/asm/smap.h -@@ -15,7 +15,7 @@ - - #include <linux/stringify.h> - #include <asm/nops.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - - /* "Raw" instruction opcodes */ - #define __ASM_CLAC .byte 0x0f,0x01,0xca ---- a/arch/x86/include/asm/smp.h -+++ b/arch/x86/include/asm/smp.h -@@ -16,7 +16,6 @@ - #endif - #include <asm/thread_info.h> - #include <asm/cpumask.h> --#include <asm/cpufeature.h> - - extern int smp_num_siblings; - extern unsigned int num_processors; ---- a/arch/x86/include/asm/thread_info.h -+++ b/arch/x86/include/asm/thread_info.h -@@ -20,7 +20,7 @@ - #ifndef __ASSEMBLY__ - struct task_struct; - struct exec_domain; --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <linux/atomic.h> - - struct thread_info { ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -5,6 +5,7 @@ - #include <linux/sched.h> - - #include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <asm/special_insns.h> - #include <asm/smp.h> - ---- a/arch/x86/include/asm/uaccess_64.h -+++ b/arch/x86/include/asm/uaccess_64.h -@@ -8,7 +8,7 @@ - #include <linux/errno.h> - #include <linux/lockdep.h> - #include <asm/alternative.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/page.h> - - /* ---- a/arch/x86/kernel/cpu/Makefile -+++ b/arch/x86/kernel/cpu/Makefile -@@ -49,7 +49,7 @@ obj-$(CONFIG_HYPERVISOR_GUEST) += vmwar - quiet_cmd_mkcapflags = MKCAP $@ - cmd_mkcapflags = $(CONFIG_SHELL) $(srctree)/$(src)/mkcapflags.sh $< $@ - --cpufeature = $(src)/../../include/asm/cpufeature.h -+cpufeature = $(src)/../../include/asm/cpufeatures.h - - targets += capflags.c - $(obj)/capflags.c: $(cpufeature) $(src)/mkcapflags.sh FORCE ---- a/arch/x86/kernel/cpu/centaur.c -+++ b/arch/x86/kernel/cpu/centaur.c -@@ -1,7 +1,7 @@ - #include <linux/bitops.h> - #include <linux/kernel.h> - --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <asm/e820.h> - #include <asm/mtrr.h> - #include <asm/msr.h> ---- a/arch/x86/kernel/cpu/cyrix.c -+++ b/arch/x86/kernel/cpu/cyrix.c -@@ -8,6 +8,7 @@ - #include <linux/timer.h> - #include <asm/pci-direct.h> - #include <asm/tsc.h> -+#include <asm/cpufeature.h> - - #include "cpu.h" - ---- a/arch/x86/kernel/cpu/intel.c -+++ b/arch/x86/kernel/cpu/intel.c -@@ -8,7 +8,7 @@ - #include <linux/module.h> - #include <linux/uaccess.h> - --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <asm/pgtable.h> - #include <asm/msr.h> - #include <asm/bugs.h> ---- a/arch/x86/kernel/cpu/intel_cacheinfo.c -+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c -@@ -15,7 +15,7 @@ - #include <linux/sched.h> - #include <linux/pci.h> - --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <linux/smp.h> - #include <asm/amd_nb.h> - #include <asm/smp.h> ---- a/arch/x86/kernel/cpu/match.c -+++ b/arch/x86/kernel/cpu/match.c -@@ -1,5 +1,5 @@ - #include <asm/cpu_device_id.h> --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <linux/cpu.h> - #include <linux/module.h> - #include <linux/slab.h> ---- a/arch/x86/kernel/cpu/mkcapflags.sh -+++ b/arch/x86/kernel/cpu/mkcapflags.sh -@@ -1,6 +1,6 @@ - #!/bin/sh - # --# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeature.h -+# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeatures.h - # - - IN=$1 -@@ -49,8 +49,8 @@ function dump_array() - trap 'rm "$OUT"' EXIT - - ( -- echo "#ifndef _ASM_X86_CPUFEATURE_H" -- echo "#include <asm/cpufeature.h>" -+ echo "#ifndef _ASM_X86_CPUFEATURES_H" -+ echo "#include <asm/cpufeatures.h>" - echo "#endif" - echo "" - ---- a/arch/x86/kernel/cpu/mtrr/main.c -+++ b/arch/x86/kernel/cpu/mtrr/main.c -@@ -47,7 +47,7 @@ - #include <linux/smp.h> - #include <linux/syscore_ops.h> - --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <asm/e820.h> - #include <asm/mtrr.h> - #include <asm/msr.h> ---- a/arch/x86/kernel/cpu/transmeta.c -+++ b/arch/x86/kernel/cpu/transmeta.c -@@ -1,6 +1,6 @@ - #include <linux/kernel.h> - #include <linux/mm.h> --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <asm/msr.h> - #include "cpu.h" - ---- a/arch/x86/kernel/e820.c -+++ b/arch/x86/kernel/e820.c -@@ -24,6 +24,7 @@ - #include <asm/e820.h> - #include <asm/proto.h> - #include <asm/setup.h> -+#include <asm/cpufeature.h> - - /* - * The e820 map is the map that gets modified e.g. with command line parameters ---- a/arch/x86/kernel/entry_32.S -+++ b/arch/x86/kernel/entry_32.S -@@ -54,7 +54,7 @@ - #include <asm/processor-flags.h> - #include <asm/ftrace.h> - #include <asm/irq_vectors.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/alternative-asm.h> - #include <asm/asm.h> - #include <asm/smap.h> ---- a/arch/x86/kernel/head_32.S -+++ b/arch/x86/kernel/head_32.S -@@ -19,7 +19,7 @@ - #include <asm/setup.h> - #include <asm/processor-flags.h> - #include <asm/msr-index.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/percpu.h> - #include <asm/nops.h> - ---- a/arch/x86/kernel/hpet.c -+++ b/arch/x86/kernel/hpet.c -@@ -12,6 +12,7 @@ - #include <linux/pm.h> - #include <linux/io.h> - -+#include <asm/cpufeature.h> - #include <asm/fixmap.h> - #include <asm/hpet.h> - #include <asm/time.h> ---- a/arch/x86/kernel/msr.c -+++ b/arch/x86/kernel/msr.c -@@ -38,7 +38,7 @@ - #include <linux/uaccess.h> - #include <linux/gfp.h> - --#include <asm/processor.h> -+#include <asm/cpufeature.h> - #include <asm/msr.h> - - static struct class *msr_class; ---- a/arch/x86/kernel/verify_cpu.S -+++ b/arch/x86/kernel/verify_cpu.S -@@ -30,7 +30,7 @@ - * appropriately. Either display a message or halt. - */ - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/msr-index.h> - - verify_cpu: ---- a/arch/x86/lib/clear_page_64.S -+++ b/arch/x86/lib/clear_page_64.S -@@ -56,7 +56,7 @@ ENDPROC(clear_page) - * - */ - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - - .section .altinstr_replacement,"ax" - 1: .byte 0xeb /* jmp <disp8> */ ---- a/arch/x86/lib/copy_page_64.S -+++ b/arch/x86/lib/copy_page_64.S -@@ -97,7 +97,7 @@ ENDPROC(copy_page) - /* Some CPUs run faster using the string copy instructions. - It is also a lot simpler. Use this when possible */ - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - - .section .altinstr_replacement,"ax" - 1: .byte 0xeb /* jmp <disp8> */ ---- a/arch/x86/lib/copy_user_64.S -+++ b/arch/x86/lib/copy_user_64.S -@@ -14,7 +14,7 @@ - #include <asm/current.h> - #include <asm/asm-offsets.h> - #include <asm/thread_info.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/alternative-asm.h> - #include <asm/asm.h> - #include <asm/smap.h> ---- a/arch/x86/lib/memcpy_64.S -+++ b/arch/x86/lib/memcpy_64.S -@@ -2,7 +2,7 @@ - - #include <linux/linkage.h> - --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/dwarf2.h> - #include <asm/alternative-asm.h> - ---- a/arch/x86/lib/memmove_64.S -+++ b/arch/x86/lib/memmove_64.S -@@ -8,7 +8,7 @@ - #define _STRING_C - #include <linux/linkage.h> - #include <asm/dwarf2.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/alternative-asm.h> - - #undef memmove ---- a/arch/x86/lib/memset_64.S -+++ b/arch/x86/lib/memset_64.S -@@ -2,7 +2,7 @@ - - #include <linux/linkage.h> - #include <asm/dwarf2.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/alternative-asm.h> - - /* ---- a/arch/x86/lib/retpoline.S -+++ b/arch/x86/lib/retpoline.S -@@ -3,7 +3,7 @@ - #include <linux/stringify.h> - #include <linux/linkage.h> - #include <asm/dwarf2.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/alternative-asm.h> - #include <asm/nospec-branch.h> - ---- a/arch/x86/mm/setup_nx.c -+++ b/arch/x86/mm/setup_nx.c -@@ -4,6 +4,7 @@ - - #include <asm/pgtable.h> - #include <asm/proto.h> -+#include <asm/cpufeature.h> - - static int disable_nx; - ---- a/arch/x86/oprofile/op_model_amd.c -+++ b/arch/x86/oprofile/op_model_amd.c -@@ -24,7 +24,6 @@ - #include <asm/nmi.h> - #include <asm/apic.h> - #include <asm/processor.h> --#include <asm/cpufeature.h> - - #include "op_x86_model.h" - #include "op_counter.h" ---- a/arch/x86/um/asm/barrier.h -+++ b/arch/x86/um/asm/barrier.h -@@ -3,7 +3,7 @@ - - #include <asm/asm.h> - #include <asm/segment.h> --#include <asm/cpufeature.h> -+#include <asm/cpufeatures.h> - #include <asm/cmpxchg.h> - #include <asm/nops.h> - ---- a/arch/x86/vdso/vdso32-setup.c -+++ b/arch/x86/vdso/vdso32-setup.c -@@ -11,7 +11,6 @@ - #include <linux/kernel.h> - #include <linux/mm_types.h> - --#include <asm/cpufeature.h> - #include <asm/processor.h> - #include <asm/vdso.h> - ---- a/arch/x86/vdso/vma.c -+++ b/arch/x86/vdso/vma.c -@@ -17,6 +17,7 @@ - #include <asm/vdso.h> - #include <asm/page.h> - #include <asm/hpet.h> -+#include <asm/cpufeature.h> - - #if defined(CONFIG_X86_64) - unsigned int __read_mostly vdso64_enabled = 1; ---- a/lib/atomic64_test.c -+++ b/lib/atomic64_test.c -@@ -17,7 +17,7 @@ - #include <linux/atomic.h> - - #ifdef CONFIG_X86 --#include <asm/processor.h> /* for boot_cpu_has below */ -+#include <asm/cpufeature.h> /* for boot_cpu_has below */ - #endif - - #define INIT(c) do { atomic64_set(&v, c); r = c; } while (0) diff --git a/queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch b/queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch deleted file mode 100644 index 1f3a2ab2..00000000 --- a/queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Andi Kleen <ak@linux.intel.com> -Date: Tue, 1 Dec 2015 17:00:57 -0800 -Subject: x86/headers: Don't include asm/processor.h in asm/atomic.h - -commit 153a4334c439cfb62e1d31cee0c790ba4157813d upstream. - -asm/atomic.h doesn't really need asm/processor.h anymore. Everything -it uses has moved to other header files. So remove that include. - -processor.h is a nasty header that includes lots of -other headers and makes it prone to include loops. Removing the -include here makes asm/atomic.h a "leaf" header that can -be safely included in most other headers. - -The only fallout is in the lib/atomic tester which relied on -this implicit include. Give it an explicit include. -(the include is in ifdef because the user is also in ifdef) - -Signed-off-by: Andi Kleen <ak@linux.intel.com> -Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> -Cc: Arnaldo Carvalho de Melo <acme@redhat.com> -Cc: Jiri Olsa <jolsa@redhat.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Mike Galbraith <efault@gmx.de> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Stephane Eranian <eranian@google.com> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Vince Weaver <vincent.weaver@maine.edu> -Cc: rostedt@goodmis.org -Link: http://lkml.kernel.org/r/1449018060-1742-1-git-send-email-andi@firstfloor.org -Signed-off-by: Ingo Molnar <mingo@kernel.org> -[bwh: Backported to 3.16 to avoid a dependency loop; adjusted context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/atomic.h | 1 - - arch/x86/include/asm/atomic64_32.h | 1 - - lib/atomic64_test.c | 4 ++++ - 3 files changed, 4 insertions(+), 2 deletions(-) - ---- a/arch/x86/include/asm/atomic.h -+++ b/arch/x86/include/asm/atomic.h -@@ -3,7 +3,6 @@ - - #include <linux/compiler.h> - #include <linux/types.h> --#include <asm/processor.h> - #include <asm/alternative.h> - #include <asm/cmpxchg.h> - #include <asm/rmwcc.h> ---- a/arch/x86/include/asm/atomic64_32.h -+++ b/arch/x86/include/asm/atomic64_32.h -@@ -3,7 +3,6 @@ - - #include <linux/compiler.h> - #include <linux/types.h> --#include <asm/processor.h> - //#include <asm/cmpxchg.h> - - /* An 64bit atomic type */ ---- a/lib/atomic64_test.c -+++ b/lib/atomic64_test.c -@@ -16,6 +16,10 @@ - #include <linux/kernel.h> - #include <linux/atomic.h> - -+#ifdef CONFIG_X86 -+#include <asm/processor.h> /* for boot_cpu_has below */ -+#endif -+ - #define INIT(c) do { atomic64_set(&v, c); r = c; } while (0) - static __init int test_atomic64(void) - { diff --git a/queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch b/queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch deleted file mode 100644 index 2198098e..00000000 --- a/queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch +++ /dev/null @@ -1,62 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:37 +0100 -Subject: x86/Kconfig: Select SCHED_SMT if SMP enabled - -commit dbe733642e01dd108f71436aaea7b328cb28fd87 upstream. - -CONFIG_SCHED_SMT is enabled by all distros, so there is not a real point to -have it configurable. The runtime overhead in the core scheduler code is -minimal because the actual SMT scheduling parts are conditional on a static -key. - -This allows to expose the scheduler's SMT state static key to the -speculation control code. Alternatively the scheduler's static key could be -made always available when CONFIG_SMP is enabled, but that's just adding an -unused static key to every other architecture for nothing. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.337452245@linutronix.de -[bwh: Backported to 3.16: CONFIG_SCHED_SMT depended on CONFG_X86_HT, but that - also follows CONFIG_SMP] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/Kconfig | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -798,13 +798,7 @@ config NR_CPUS - approximately eight kilobytes to the kernel image. - - config SCHED_SMT -- bool "SMT (Hyperthreading) scheduler support" -- depends on X86_HT -- ---help--- -- SMT scheduler support improves the CPU scheduler's decision making -- when dealing with Intel Pentium 4 chips with HyperThreading at a -- cost of slightly increased overhead in some places. If unsure say -- N here. -+ def_bool y if SMP - - config SCHED_MC - def_bool y diff --git a/queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch b/queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch deleted file mode 100644 index f420803e..00000000 --- a/queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Andi Kleen <ak@linux.intel.com> -Date: Fri, 18 Jan 2019 16:50:23 -0800 -Subject: x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - -commit 6c4dbbd14730c43f4ed808a9c42ca41625925c22 upstream. - -X86_FEATURE_MD_CLEAR is a new CPUID bit which is set when microcode -provides the mechanism to invoke a flush of various exploitable CPU buffers -by invoking the VERW instruction. - -Hand it through to guests so they can adjust their mitigations. - -This also requires corresponding qemu changes, which are available -separately. - -[ tglx: Massaged changelog ] - -Signed-off-by: Andi Kleen <ak@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kvm/cpuid.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/arch/x86/kvm/cpuid.c -+++ b/arch/x86/kvm/cpuid.c -@@ -320,7 +320,7 @@ static inline int __do_cpuid_ent(struct - /* cpuid 7.0.edx*/ - const u32 kvm_cpuid_7_0_edx_x86_features = - F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | -- F(INTEL_STIBP); -+ F(INTEL_STIBP) | F(MD_CLEAR); - - /* all calls to cpuid_count() should be made on the same cpu */ - get_cpu(); diff --git a/queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch b/queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch deleted file mode 100644 index ec2b97f0..00000000 --- a/queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: speck for Pawan Gupta <speck@linutronix.de> -Date: Mon, 6 May 2019 12:23:50 -0700 -Subject: x86/mds: Add MDSUM variant to the MDS documentation - -commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream. - -Updated the documentation for a new CVE-2019-11091 Microarchitectural Data -Sampling Uncacheable Memory (MDSUM) which is a variant of -Microarchitectural Data Sampling (MDS). MDS is a family of side channel -attacks on internal buffers in Intel CPUs. - -MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from -memory that takes a fault or assist can leave data in a microarchitectural -structure that may later be observed using one of the same methods used by -MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM. -The existing mitigation for MDS applies to MDSUM as well. - -Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Tyler Hicks <tyhicks@canonical.com> -Reviewed-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/hw-vuln/mds.rst | 5 +++-- - Documentation/x86/mds.rst | 5 +++++ - 2 files changed, 8 insertions(+), 2 deletions(-) - ---- a/Documentation/hw-vuln/mds.rst -+++ b/Documentation/hw-vuln/mds.rst -@@ -32,11 +32,12 @@ Related CVEs - - The following CVE entries are related to the MDS vulnerability: - -- ============== ===== ============================================== -+ ============== ===== =================================================== - CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling - CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling - CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling -- ============== ===== ============================================== -+ CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory -+ ============== ===== =================================================== - - Problem - ------- ---- a/Documentation/x86/mds.rst -+++ b/Documentation/x86/mds.rst -@@ -12,6 +12,7 @@ on internal buffers in Intel CPUs. The v - - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126) - - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130) - - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127) -+ - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091) - - MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a - dependent load (store-to-load forwarding) as an optimization. The forward -@@ -38,6 +39,10 @@ faulting or assisting loads under certai - exploited eventually. Load ports are shared between Hyper-Threads so cross - thread leakage is possible. - -+MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from -+memory that takes a fault or assist can leave data in a microarchitectural -+structure that may later be observed using one of the same methods used by -+MSBDS, MFBDS or MLPDS. - - Exposure assumptions - -------------------- diff --git a/queue-3.16/x86-msr-index-cleanup-bit-defines.patch b/queue-3.16/x86-msr-index-cleanup-bit-defines.patch deleted file mode 100644 index 1836bc07..00000000 --- a/queue-3.16/x86-msr-index-cleanup-bit-defines.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Thu, 21 Feb 2019 12:36:50 +0100 -Subject: x86/msr-index: Cleanup bit defines - -commit d8eabc37310a92df40d07c5a8afc53cebf996716 upstream. - -Greg pointed out that speculation related bit defines are using (1 << N) -format instead of BIT(N). Aside of that (1 << N) is wrong as it should use -1UL at least. - -Clean it up. - -[ Josh Poimboeuf: Fix tools build ] - -Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Since <asm/msr-index.h> is a UAPI header here, open-code BIT() and drop - changes under tools/ - - Drop changes to flush MSRs which we haven't defined] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/include/uapi/asm/msr-index.h -+++ b/arch/x86/include/uapi/asm/msr-index.h -@@ -33,14 +33,14 @@ - - /* Intel MSRs. Some also available on other CPUs */ - #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ --#define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ -+#define SPEC_CTRL_IBRS (1UL << 0) /* Indirect Branch Restricted Speculation */ - #define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */ --#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ -+#define SPEC_CTRL_STIBP (1UL << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ - #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ --#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ -+#define SPEC_CTRL_SSBD (1UL << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ - - #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ --#define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ -+#define PRED_CMD_IBPB (1UL << 0) /* Indirect Branch Prediction Barrier */ - - #define MSR_IA32_PERFCTR0 0x000000c1 - #define MSR_IA32_PERFCTR1 0x000000c2 -@@ -58,9 +58,9 @@ - #define MSR_MTRRcap 0x000000fe - - #define MSR_IA32_ARCH_CAPABILITIES 0x0000010a --#define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */ --#define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */ --#define ARCH_CAP_SSB_NO (1 << 4) /* -+#define ARCH_CAP_RDCL_NO (1UL << 0) /* Not susceptible to Meltdown */ -+#define ARCH_CAP_IBRS_ALL (1UL << 1) /* Enhanced IBRS support */ -+#define ARCH_CAP_SSB_NO (1UL << 4) /* - * Not susceptible to Speculative Store Bypass - * attack, so no Speculative Store Bypass - * control required. diff --git a/queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch b/queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch deleted file mode 100644 index dcef36c8..00000000 --- a/queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch +++ /dev/null @@ -1,178 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:47 +0100 -Subject: x86/process: Consolidate and simplify switch_to_xtra() code - -commit ff16701a29cba3aafa0bd1656d766813b2d0a811 upstream. - -Move the conditional invocation of __switch_to_xtra() into an inline -function so the logic can be shared between 32 and 64 bit. - -Remove the handthrough of the TSS pointer and retrieve the pointer directly -in the bitmap handling function. Use this_cpu_ptr() instead of the -per_cpu() indirection. - -This is a preparatory change so integration of conditional indirect branch -speculation optimization happens only in one place. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.280855518@linutronix.de -[bwh: Backported to 3.16: - - Use init_tss instead of cpu_tss_rw - - __switch_to() still uses the tss variable, so don't delete it - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/include/asm/switch_to.h -+++ b/arch/x86/include/asm/switch_to.h -@@ -6,9 +6,6 @@ - struct task_struct; /* one of the stranger aspects of C forward declarations */ - __visible struct task_struct *__switch_to(struct task_struct *prev, - struct task_struct *next); --struct tss_struct; --void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, -- struct tss_struct *tss); - - #ifdef CONFIG_X86_32 - ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -32,6 +32,8 @@ - #include <asm/tlbflush.h> - #include <asm/spec-ctrl.h> - -+#include "process.h" -+ - /* - * per-CPU TSS segments. Threads are completely 'soft' on Linux, - * no more per-task TSS's. The TSS size is kept cacheline-aligned -@@ -197,11 +199,12 @@ int set_tsc_mode(unsigned int val) - return 0; - } - --static inline void switch_to_bitmap(struct tss_struct *tss, -- struct thread_struct *prev, -+static inline void switch_to_bitmap(struct thread_struct *prev, - struct thread_struct *next, - unsigned long tifp, unsigned long tifn) - { -+ struct tss_struct *tss = this_cpu_ptr(&init_tss); -+ - if (tifn & _TIF_IO_BITMAP) { - /* - * Copy the relevant range of the IO bitmap. -@@ -388,8 +391,7 @@ void speculation_ctrl_update(unsigned lo - preempt_enable(); - } - --void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, -- struct tss_struct *tss) -+void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p) - { - struct thread_struct *prev, *next; - unsigned long tifp, tifn; -@@ -399,7 +401,7 @@ void __switch_to_xtra(struct task_struct - - tifn = ACCESS_ONCE(task_thread_info(next_p)->flags); - tifp = ACCESS_ONCE(task_thread_info(prev_p)->flags); -- switch_to_bitmap(tss, prev, next, tifp, tifn); -+ switch_to_bitmap(prev, next, tifp, tifn); - - propagate_user_return_notify(prev_p, next_p); - ---- /dev/null -+++ b/arch/x86/kernel/process.h -@@ -0,0 +1,24 @@ -+// SPDX-License-Identifier: GPL-2.0 -+// -+// Code shared between 32 and 64 bit -+ -+void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p); -+ -+/* -+ * This needs to be inline to optimize for the common case where no extra -+ * work needs to be done. -+ */ -+static inline void switch_to_extra(struct task_struct *prev, -+ struct task_struct *next) -+{ -+ unsigned long next_tif = task_thread_info(next)->flags; -+ unsigned long prev_tif = task_thread_info(prev)->flags; -+ -+ /* -+ * __switch_to_xtra() handles debug registers, i/o bitmaps, -+ * speculation mitigations etc. -+ */ -+ if (unlikely(next_tif & _TIF_WORK_CTXSW_NEXT || -+ prev_tif & _TIF_WORK_CTXSW_PREV)) -+ __switch_to_xtra(prev, next); -+} ---- a/arch/x86/kernel/process_32.c -+++ b/arch/x86/kernel/process_32.c -@@ -55,6 +55,8 @@ - #include <asm/debugreg.h> - #include <asm/switch_to.h> - -+#include "process.h" -+ - asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); - asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread"); - -@@ -298,12 +300,7 @@ __switch_to(struct task_struct *prev_p, - task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count); - this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count); - -- /* -- * Now maybe handle debug registers and/or IO bitmaps -- */ -- if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV || -- task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT)) -- __switch_to_xtra(prev_p, next_p, tss); -+ switch_to_extra(prev_p, next_p); - - /* - * Leave lazy mode, flushing any hypercalls made here. ---- a/arch/x86/kernel/process_64.c -+++ b/arch/x86/kernel/process_64.c -@@ -51,6 +51,8 @@ - #include <asm/switch_to.h> - #include <asm/xen/hypervisor.h> - -+#include "process.h" -+ - asmlinkage extern void ret_from_fork(void); - - __visible DEFINE_PER_CPU_USER_MAPPED(unsigned long, old_rsp); -@@ -428,12 +430,7 @@ __switch_to(struct task_struct *prev_p, - (unsigned long)task_stack_page(next_p) + - THREAD_SIZE - KERNEL_STACK_OFFSET); - -- /* -- * Now maybe reload the debug registers and handle I/O bitmaps -- */ -- if (unlikely(task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT || -- task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV)) -- __switch_to_xtra(prev_p, next_p, tss); -+ switch_to_extra(prev_p, next_p); - - #ifdef CONFIG_XEN - /* diff --git a/queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch b/queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch deleted file mode 100644 index 6c19a80e..00000000 --- a/queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch +++ /dev/null @@ -1,55 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:43 +0100 -Subject: x86/speculataion: Mark command line parser data __initdata - -commit 30ba72a990f5096ae08f284de17986461efcc408 upstream. - -No point to keep that around. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.893886356@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -303,7 +303,7 @@ static const struct { - const char *option; - enum spectre_v2_mitigation_cmd cmd; - bool secure; --} mitigation_options[] = { -+} mitigation_options[] __initdata = { - { "off", SPECTRE_V2_CMD_NONE, false }, - { "on", SPECTRE_V2_CMD_FORCE, true }, - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, -@@ -546,7 +546,7 @@ static const char * const ssb_strings[] - static const struct { - const char *option; - enum ssb_mitigation_cmd cmd; --} ssb_mitigation_options[] = { -+} ssb_mitigation_options[] __initdata = { - { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ - { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ - { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ diff --git a/queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch b/queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch deleted file mode 100644 index c7f46ec1..00000000 --- a/queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch +++ /dev/null @@ -1,320 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:45 +0100 -Subject: x86/speculation: Add command line control for indirect branch - speculation - -commit fa1202ef224391b6f5b26cdd44cc50495e8fab54 upstream. - -Add command line control for user space indirect branch speculation -mitigations. The new option is: spectre_v2_user= - -The initial options are: - - - on: Unconditionally enabled - - off: Unconditionally disabled - -auto: Kernel selects mitigation (default off for now) - -When the spectre_v2= command line argument is either 'on' or 'off' this -implies that the application to application control follows that state even -if a contradicting spectre_v2_user= argument is supplied. - -Originally-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.082720373@linutronix.de -[bwh: Backported to 3.16: - - Don't use __ro_after_init or cpu_smt_control - - Adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3176,9 +3176,13 @@ bytes respectively. Such letter suffixes - - spectre_v2= [X86] Control mitigation of Spectre variant 2 - (indirect branch speculation) vulnerability. -+ The default operation protects the kernel from -+ user space attacks. - -- on - unconditionally enable -- off - unconditionally disable -+ on - unconditionally enable, implies -+ spectre_v2_user=on -+ off - unconditionally disable, implies -+ spectre_v2_user=off - auto - kernel detects whether your CPU model is - vulnerable - -@@ -3188,6 +3192,12 @@ bytes respectively. Such letter suffixes - CONFIG_RETPOLINE configuration option, and the - compiler with which the kernel was built. - -+ Selecting 'on' will also enable the mitigation -+ against user space to user space task attacks. -+ -+ Selecting 'off' will disable both the kernel and -+ the user space protections. -+ - Specific mitigations can also be selected manually: - - retpoline - replace indirect branches -@@ -3197,6 +3207,24 @@ bytes respectively. Such letter suffixes - Not specifying this option is equivalent to - spectre_v2=auto. - -+ spectre_v2_user= -+ [X86] Control mitigation of Spectre variant 2 -+ (indirect branch speculation) vulnerability between -+ user space tasks -+ -+ on - Unconditionally enable mitigations. Is -+ enforced by spectre_v2=on -+ -+ off - Unconditionally disable mitigations. Is -+ enforced by spectre_v2=off -+ -+ auto - Kernel selects the mitigation depending on -+ the available CPU features and vulnerability. -+ Default is off. -+ -+ Not specifying this option is equivalent to -+ spectre_v2_user=auto. -+ - spec_store_bypass_disable= - [HW] Control Speculative Store Bypass (SSB) Disable mitigation - (Speculative Store Bypass vulnerability) ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -3,6 +3,8 @@ - #ifndef _ASM_X86_NOSPEC_BRANCH_H_ - #define _ASM_X86_NOSPEC_BRANCH_H_ - -+#include <linux/static_key.h> -+ - #include <asm/alternative.h> - #include <asm/alternative-asm.h> - #include <asm/cpufeatures.h> -@@ -172,6 +174,12 @@ enum spectre_v2_mitigation { - SPECTRE_V2_IBRS_ENHANCED, - }; - -+/* The indirect branch speculation control variants */ -+enum spectre_v2_user_mitigation { -+ SPECTRE_V2_USER_NONE, -+ SPECTRE_V2_USER_STRICT, -+}; -+ - /* The Speculative Store Bypass disable variants */ - enum ssb_mitigation { - SPEC_STORE_BYPASS_NONE, -@@ -248,5 +256,7 @@ do { \ - preempt_enable(); \ - } while (0) - -+DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp); -+ - #endif /* __ASSEMBLY__ */ - #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -51,6 +51,9 @@ static u64 x86_spec_ctrl_mask = SPEC_CTR - u64 x86_amd_ls_cfg_base; - u64 x86_amd_ls_cfg_ssbd_mask; - -+/* Control conditional STIPB in switch_to() */ -+DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp); -+ - #ifdef CONFIG_X86_32 - - static double __initdata x = 4195835.0; -@@ -252,6 +255,8 @@ static void x86_amd_ssb_disable(void) - - static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; - -+static enum spectre_v2_user_mitigation spectre_v2_user = SPECTRE_V2_USER_NONE; -+ - #ifdef RETPOLINE - static bool spectre_v2_bad_module; - -@@ -290,6 +295,103 @@ enum spectre_v2_mitigation_cmd { - SPECTRE_V2_CMD_RETPOLINE_AMD, - }; - -+enum spectre_v2_user_cmd { -+ SPECTRE_V2_USER_CMD_NONE, -+ SPECTRE_V2_USER_CMD_AUTO, -+ SPECTRE_V2_USER_CMD_FORCE, -+}; -+ -+static const char * const spectre_v2_user_strings[] = { -+ [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", -+ [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", -+}; -+ -+static const struct { -+ const char *option; -+ enum spectre_v2_user_cmd cmd; -+ bool secure; -+} v2_user_options[] __initdata = { -+ { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, -+ { "off", SPECTRE_V2_USER_CMD_NONE, false }, -+ { "on", SPECTRE_V2_USER_CMD_FORCE, true }, -+}; -+ -+static void __init spec_v2_user_print_cond(const char *reason, bool secure) -+{ -+ if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) -+ pr_info("spectre_v2_user=%s forced on command line.\n", reason); -+} -+ -+static enum spectre_v2_user_cmd __init -+spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd) -+{ -+ char arg[20]; -+ int ret, i; -+ -+ switch (v2_cmd) { -+ case SPECTRE_V2_CMD_NONE: -+ return SPECTRE_V2_USER_CMD_NONE; -+ case SPECTRE_V2_CMD_FORCE: -+ return SPECTRE_V2_USER_CMD_FORCE; -+ default: -+ break; -+ } -+ -+ ret = cmdline_find_option(boot_command_line, "spectre_v2_user", -+ arg, sizeof(arg)); -+ if (ret < 0) -+ return SPECTRE_V2_USER_CMD_AUTO; -+ -+ for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { -+ if (match_option(arg, ret, v2_user_options[i].option)) { -+ spec_v2_user_print_cond(v2_user_options[i].option, -+ v2_user_options[i].secure); -+ return v2_user_options[i].cmd; -+ } -+ } -+ -+ pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg); -+ return SPECTRE_V2_USER_CMD_AUTO; -+} -+ -+static void __init -+spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) -+{ -+ enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; -+ bool smt_possible = IS_ENABLED(CONFIG_SMP); -+ -+ if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) -+ return; -+ -+ if (!IS_ENABLED(CONFIG_X86_HT)) -+ smt_possible = false; -+ -+ switch (spectre_v2_parse_user_cmdline(v2_cmd)) { -+ case SPECTRE_V2_USER_CMD_AUTO: -+ case SPECTRE_V2_USER_CMD_NONE: -+ goto set_mode; -+ case SPECTRE_V2_USER_CMD_FORCE: -+ mode = SPECTRE_V2_USER_STRICT; -+ break; -+ } -+ -+ /* Initialize Indirect Branch Prediction Barrier */ -+ if (boot_cpu_has(X86_FEATURE_IBPB)) { -+ setup_force_cpu_cap(X86_FEATURE_USE_IBPB); -+ pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); -+ } -+ -+ /* If enhanced IBRS is enabled no STIPB required */ -+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -+ return; -+ -+set_mode: -+ spectre_v2_user = mode; -+ /* Only print the STIBP mode when SMT possible */ -+ if (smt_possible) -+ pr_info("%s\n", spectre_v2_user_strings[mode]); -+} -+ - static const char * const spectre_v2_strings[] = { - [SPECTRE_V2_NONE] = "Vulnerable", - [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", -@@ -445,12 +547,6 @@ specv2_set_mode: - setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); - pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); - -- /* Initialize Indirect Branch Prediction Barrier if supported */ -- if (boot_cpu_has(X86_FEATURE_IBPB)) { -- setup_force_cpu_cap(X86_FEATURE_USE_IBPB); -- pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); -- } -- - /* - * Retpoline means the kernel is safe because it has no indirect - * branches. Enhanced IBRS protects firmware too, so, enable restricted -@@ -467,23 +563,21 @@ specv2_set_mode: - pr_info("Enabling Restricted Speculation for firmware calls\n"); - } - -+ /* Set up IBPB and STIBP depending on the general spectre V2 command */ -+ spectre_v2_user_select_mitigation(cmd); -+ - /* Enable STIBP if appropriate */ - arch_smt_update(); - } - - static bool stibp_needed(void) - { -- if (spectre_v2_enabled == SPECTRE_V2_NONE) -- return false; -- - /* Enhanced IBRS makes using STIBP unnecessary. */ - if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) - return false; - -- if (!boot_cpu_has(X86_FEATURE_STIBP)) -- return false; -- -- return true; -+ /* Check for strict user mitigation mode */ -+ return spectre_v2_user == SPECTRE_V2_USER_STRICT; - } - - static void update_stibp_msr(void *info) -@@ -820,10 +914,13 @@ static char *stibp_state(void) - if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) - return ""; - -- if (x86_spec_ctrl_base & SPEC_CTRL_STIBP) -- return ", STIBP"; -- else -- return ""; -+ switch (spectre_v2_user) { -+ case SPECTRE_V2_USER_NONE: -+ return ", STIBP: disabled"; -+ case SPECTRE_V2_USER_STRICT: -+ return ", STIBP: forced"; -+ } -+ return ""; - } - - static char *ibpb_state(void) diff --git a/queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch b/queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch deleted file mode 100644 index a5936bb0..00000000 --- a/queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch +++ /dev/null @@ -1,241 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:53 +0100 -Subject: x86/speculation: Add prctl() control for indirect branch speculation - -commit 9137bb27e60e554dab694eafa4cca241fa3a694f upstream. - -Add the PR_SPEC_INDIRECT_BRANCH option for the PR_GET_SPECULATION_CTRL and -PR_SET_SPECULATION_CTRL prctls to allow fine grained per task control of -indirect branch speculation via STIBP and IBPB. - -Invocations: - Check indirect branch speculation status with - - prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); - - Enable indirect branch speculation with - - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); - - Disable indirect branch speculation with - - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); - - Force disable indirect branch speculation with - - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); - -See Documentation/userspace-api/spec_ctrl.rst. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.866780996@linutronix.de -[bwh: Backported to 3.16: - - Drop changes in tools/include/uapi/linux/prctl.h - - Adjust filename, context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/spec_ctrl.rst -+++ b/Documentation/spec_ctrl.rst -@@ -92,3 +92,12 @@ Speculation misfeature controls - * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); - * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); - * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); -+ -+- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes -+ (Mitigate Spectre V2 style attacks against user processes) -+ -+ Invocations: -+ * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); -+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); -+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); -+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -178,6 +178,7 @@ enum spectre_v2_mitigation { - enum spectre_v2_user_mitigation { - SPECTRE_V2_USER_NONE, - SPECTRE_V2_USER_STRICT, -+ SPECTRE_V2_USER_PRCTL, - }; - - /* The Speculative Store Bypass disable variants */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -624,6 +624,8 @@ void arch_smt_update(void) - case SPECTRE_V2_USER_STRICT: - update_stibp_strict(); - break; -+ case SPECTRE_V2_USER_PRCTL: -+ break; - } - - mutex_unlock(&spec_ctrl_mutex); -@@ -810,12 +812,50 @@ static int ssb_prctl_set(struct task_str - return 0; - } - -+static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) -+{ -+ switch (ctrl) { -+ case PR_SPEC_ENABLE: -+ if (spectre_v2_user == SPECTRE_V2_USER_NONE) -+ return 0; -+ /* -+ * Indirect branch speculation is always disabled in strict -+ * mode. -+ */ -+ if (spectre_v2_user == SPECTRE_V2_USER_STRICT) -+ return -EPERM; -+ task_clear_spec_ib_disable(task); -+ task_update_spec_tif(task); -+ break; -+ case PR_SPEC_DISABLE: -+ case PR_SPEC_FORCE_DISABLE: -+ /* -+ * Indirect branch speculation is always allowed when -+ * mitigation is force disabled. -+ */ -+ if (spectre_v2_user == SPECTRE_V2_USER_NONE) -+ return -EPERM; -+ if (spectre_v2_user == SPECTRE_V2_USER_STRICT) -+ return 0; -+ task_set_spec_ib_disable(task); -+ if (ctrl == PR_SPEC_FORCE_DISABLE) -+ task_set_spec_ib_force_disable(task); -+ task_update_spec_tif(task); -+ break; -+ default: -+ return -ERANGE; -+ } -+ return 0; -+} -+ - int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, - unsigned long ctrl) - { - switch (which) { - case PR_SPEC_STORE_BYPASS: - return ssb_prctl_set(task, ctrl); -+ case PR_SPEC_INDIRECT_BRANCH: -+ return ib_prctl_set(task, ctrl); - default: - return -ENODEV; - } -@@ -848,11 +888,34 @@ static int ssb_prctl_get(struct task_str - } - } - -+static int ib_prctl_get(struct task_struct *task) -+{ -+ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) -+ return PR_SPEC_NOT_AFFECTED; -+ -+ switch (spectre_v2_user) { -+ case SPECTRE_V2_USER_NONE: -+ return PR_SPEC_ENABLE; -+ case SPECTRE_V2_USER_PRCTL: -+ if (task_spec_ib_force_disable(task)) -+ return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; -+ if (task_spec_ib_disable(task)) -+ return PR_SPEC_PRCTL | PR_SPEC_DISABLE; -+ return PR_SPEC_PRCTL | PR_SPEC_ENABLE; -+ case SPECTRE_V2_USER_STRICT: -+ return PR_SPEC_DISABLE; -+ default: -+ return PR_SPEC_NOT_AFFECTED; -+ } -+} -+ - int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) - { - switch (which) { - case PR_SPEC_STORE_BYPASS: - return ssb_prctl_get(task); -+ case PR_SPEC_INDIRECT_BRANCH: -+ return ib_prctl_get(task); - default: - return -ENODEV; - } -@@ -948,6 +1011,8 @@ static char *stibp_state(void) - return ", STIBP: disabled"; - case SPECTRE_V2_USER_STRICT: - return ", STIBP: forced"; -+ case SPECTRE_V2_USER_PRCTL: -+ return ""; - } - return ""; - } -@@ -960,6 +1025,8 @@ static char *ibpb_state(void) - return ", IBPB: disabled"; - case SPECTRE_V2_USER_STRICT: - return ", IBPB: always-on"; -+ case SPECTRE_V2_USER_PRCTL: -+ return ""; - } - } - return ""; ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -390,6 +390,11 @@ static unsigned long speculation_ctrl_up - set_tsk_thread_flag(tsk, TIF_SSBD); - else - clear_tsk_thread_flag(tsk, TIF_SSBD); -+ -+ if (task_spec_ib_disable(tsk)) -+ set_tsk_thread_flag(tsk, TIF_SPEC_IB); -+ else -+ clear_tsk_thread_flag(tsk, TIF_SPEC_IB); - } - /* Return the updated threadinfo flags*/ - return task_thread_info(tsk)->flags; ---- a/include/linux/sched.h -+++ b/include/linux/sched.h -@@ -1975,6 +1975,8 @@ static inline void memalloc_noio_restore - #define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */ - #define PFA_SPEC_SSB_DISABLE 3 /* Speculative Store Bypass disabled */ - #define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/ -+#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */ -+#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */ - - #define TASK_PFA_TEST(name, func) \ - static inline bool task_##func(struct task_struct *p) \ -@@ -2004,6 +2006,13 @@ TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ss - TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) - TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) - -+TASK_PFA_TEST(SPEC_IB_DISABLE, spec_ib_disable) -+TASK_PFA_SET(SPEC_IB_DISABLE, spec_ib_disable) -+TASK_PFA_CLEAR(SPEC_IB_DISABLE, spec_ib_disable) -+ -+TASK_PFA_TEST(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) -+TASK_PFA_SET(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) -+ - /* - * task->jobctl flags - */ ---- a/include/uapi/linux/prctl.h -+++ b/include/uapi/linux/prctl.h -@@ -157,6 +157,7 @@ - #define PR_SET_SPECULATION_CTRL 53 - /* Speculation control variants */ - # define PR_SPEC_STORE_BYPASS 0 -+# define PR_SPEC_INDIRECT_BRANCH 1 - /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ - # define PR_SPEC_NOT_AFFECTED 0 - # define PR_SPEC_PRCTL (1UL << 0) diff --git a/queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch b/queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch deleted file mode 100644 index ab27a3f3..00000000 --- a/queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch +++ /dev/null @@ -1,181 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:55 +0100 -Subject: x86/speculation: Add seccomp Spectre v2 user space protection mode - -commit 6b3e64c237c072797a9ec918654a60e3a46488e2 upstream. - -If 'prctl' mode of user space protection from spectre v2 is selected -on the kernel command-line, STIBP and IBPB are applied on tasks which -restrict their indirect branch speculation via prctl. - -SECCOMP enables the SSBD mitigation for sandboxed tasks already, so it -makes sense to prevent spectre v2 user space to user space attacks as -well. - -The Intel mitigation guide documents how STIPB works: - - Setting bit 1 (STIBP) of the IA32_SPEC_CTRL MSR on a logical processor - prevents the predicted targets of indirect branches on any logical - processor of that core from being controlled by software that executes - (or executed previously) on another logical processor of the same core. - -Ergo setting STIBP protects the task itself from being attacked from a task -running on a different hyper-thread and protects the tasks running on -different hyper-threads from being attacked. - -While the document suggests that the branch predictors are shielded between -the logical processors, the observed performance regressions suggest that -STIBP simply disables the branch predictor more or less completely. Of -course the document wording is vague, but the fact that there is also no -requirement for issuing IBPB when STIBP is used points clearly in that -direction. The kernel still issues IBPB even when STIBP is used until Intel -clarifies the whole mechanism. - -IBPB is issued when the task switches out, so malicious sandbox code cannot -mistrain the branch predictor for the next user space task on the same -logical processor. - -Signed-off-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185006.051663132@linutronix.de -[bwh: Backported to 3.16: adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/kernel-parameters.txt | 9 ++++++++- - arch/x86/include/asm/nospec-branch.h | 1 + - arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++- - 3 files changed, 25 insertions(+), 2 deletions(-) - ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3223,9 +3223,16 @@ bytes respectively. Such letter suffixes - per thread. The mitigation control state - is inherited on fork. - -+ seccomp -+ - Same as "prctl" above, but all seccomp -+ threads will enable the mitigation unless -+ they explicitly opt out. -+ - auto - Kernel selects the mitigation depending on - the available CPU features and vulnerability. -- Default is prctl. -+ -+ Default mitigation: -+ If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" - - Not specifying this option is equivalent to - spectre_v2_user=auto. ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -179,6 +179,7 @@ enum spectre_v2_user_mitigation { - SPECTRE_V2_USER_NONE, - SPECTRE_V2_USER_STRICT, - SPECTRE_V2_USER_PRCTL, -+ SPECTRE_V2_USER_SECCOMP, - }; - - /* The Speculative Store Bypass disable variants */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -308,12 +308,14 @@ enum spectre_v2_user_cmd { - SPECTRE_V2_USER_CMD_AUTO, - SPECTRE_V2_USER_CMD_FORCE, - SPECTRE_V2_USER_CMD_PRCTL, -+ SPECTRE_V2_USER_CMD_SECCOMP, - }; - - static const char * const spectre_v2_user_strings[] = { - [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", - [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", - [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", -+ [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl", - }; - - static const struct { -@@ -325,6 +327,7 @@ static const struct { - { "off", SPECTRE_V2_USER_CMD_NONE, false }, - { "on", SPECTRE_V2_USER_CMD_FORCE, true }, - { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, -+ { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, - }; - - static void __init spec_v2_user_print_cond(const char *reason, bool secure) -@@ -383,10 +386,16 @@ spectre_v2_user_select_mitigation(enum s - case SPECTRE_V2_USER_CMD_FORCE: - mode = SPECTRE_V2_USER_STRICT; - break; -- case SPECTRE_V2_USER_CMD_AUTO: - case SPECTRE_V2_USER_CMD_PRCTL: - mode = SPECTRE_V2_USER_PRCTL; - break; -+ case SPECTRE_V2_USER_CMD_AUTO: -+ case SPECTRE_V2_USER_CMD_SECCOMP: -+ if (IS_ENABLED(CONFIG_SECCOMP)) -+ mode = SPECTRE_V2_USER_SECCOMP; -+ else -+ mode = SPECTRE_V2_USER_PRCTL; -+ break; - } - - /* Initialize Indirect Branch Prediction Barrier */ -@@ -398,6 +407,7 @@ spectre_v2_user_select_mitigation(enum s - static_branch_enable(&switch_mm_always_ibpb); - break; - case SPECTRE_V2_USER_PRCTL: -+ case SPECTRE_V2_USER_SECCOMP: - static_branch_enable(&switch_mm_cond_ibpb); - break; - default: -@@ -649,6 +659,7 @@ void arch_smt_update(void) - update_stibp_strict(); - break; - case SPECTRE_V2_USER_PRCTL: -+ case SPECTRE_V2_USER_SECCOMP: - update_indir_branch_cond(); - break; - } -@@ -891,6 +902,8 @@ void arch_seccomp_spec_mitigate(struct t - { - if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP) - ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); -+ if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP) -+ ib_prctl_set(task, PR_SPEC_FORCE_DISABLE); - } - #endif - -@@ -922,6 +935,7 @@ static int ib_prctl_get(struct task_stru - case SPECTRE_V2_USER_NONE: - return PR_SPEC_ENABLE; - case SPECTRE_V2_USER_PRCTL: -+ case SPECTRE_V2_USER_SECCOMP: - if (task_spec_ib_force_disable(task)) - return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; - if (task_spec_ib_disable(task)) -@@ -1037,6 +1051,7 @@ static char *stibp_state(void) - case SPECTRE_V2_USER_STRICT: - return ", STIBP: forced"; - case SPECTRE_V2_USER_PRCTL: -+ case SPECTRE_V2_USER_SECCOMP: - if (static_key_enabled(&switch_to_cond_stibp)) - return ", STIBP: conditional"; - } diff --git a/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch b/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch deleted file mode 100644 index b78aef04..00000000 --- a/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch +++ /dev/null @@ -1,164 +0,0 @@ -From: Jiri Kosina <jkosina@suse.cz> -Date: Tue, 25 Sep 2018 14:38:18 +0200 -Subject: x86/speculation: Apply IBPB more strictly to avoid cross-process data - leak - -commit dbfe2953f63c640463c630746cd5d9de8b2f63ae upstream. - -Currently, IBPB is only issued in cases when switching into a non-dumpable -process, the rationale being to protect such 'important and security -sensitive' processess (such as GPG) from data leaking into a different -userspace process via spectre v2. - -This is however completely insufficient to provide proper userspace-to-userpace -spectrev2 protection, as any process can poison branch buffers before being -scheduled out, and the newly scheduled process immediately becomes spectrev2 -victim. - -In order to minimize the performance impact (for usecases that do require -spectrev2 protection), issue the barrier only in cases when switching between -processess where the victim can't be ptraced by the potential attacker (as in -such cases, the attacker doesn't have to bother with branch buffers at all). - -[ tglx: Split up PTRACE_MODE_NOACCESS_CHK into PTRACE_MODE_SCHED and - PTRACE_MODE_IBPB to be able to do ptrace() context tracking reasonably - fine-grained ] - -Fixes: 18bf3c3ea8 ("x86/speculation: Use Indirect Branch Prediction Barrier in context switch") -Originally-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: "WoodhouseDavid" <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: "SchauflerCasey" <casey.schaufler@intel.com> -Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251437340.15880@cbobk.fhfr.pm -[bwh: Backported to 3.16: we still can't use ctx_id to optimise the check] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/mm/tlb.c -+++ b/arch/x86/mm/tlb.c -@@ -7,6 +7,7 @@ - #include <linux/module.h> - #include <linux/cpu.h> - #include <linux/debugfs.h> -+#include <linux/ptrace.h> - - #include <asm/tlbflush.h> - #include <asm/mmu_context.h> -@@ -95,6 +96,19 @@ void switch_mm(struct mm_struct *prev, s - local_irq_restore(flags); - } - -+static bool ibpb_needed(struct task_struct *tsk) -+{ -+ /* -+ * Check if the current (previous) task has access to the memory -+ * of the @tsk (next) task. If access is denied, make sure to -+ * issue a IBPB to stop user->user Spectre-v2 attacks. -+ * -+ * Note: __ptrace_may_access() returns 0 or -ERRNO. -+ */ -+ return (tsk && tsk->mm && -+ ptrace_may_access_sched(tsk, PTRACE_MODE_SPEC_IBPB)); -+} -+ - void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, - struct task_struct *tsk) - { -@@ -107,16 +121,12 @@ void switch_mm_irqs_off(struct mm_struct - * one process from doing Spectre-v2 attacks on another. - * - * As an optimization, flush indirect branches only when -- * switching into processes that disable dumping. This -- * protects high value processes like gpg, without having -- * too high performance overhead. IBPB is *expensive*! -- * -- * This will not flush branches when switching into kernel -- * threads. It will flush if we switch to a different non- -- * dumpable process. -+ * switching into a processes that can't be ptrace by the -+ * current one (as in such case, attacker has much more -+ * convenient way how to tamper with the next process than -+ * branch buffer poisoning). - */ -- if (tsk && tsk->mm && -- get_dumpable(tsk->mm) != SUID_DUMP_USER) -+ if (static_cpu_has(X86_FEATURE_USE_IBPB) && ibpb_needed(tsk)) - indirect_branch_prediction_barrier(); - - this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); ---- a/include/linux/ptrace.h -+++ b/include/linux/ptrace.h -@@ -59,14 +59,17 @@ extern void exit_ptrace(struct task_stru - #define PTRACE_MODE_READ 0x01 - #define PTRACE_MODE_ATTACH 0x02 - #define PTRACE_MODE_NOAUDIT 0x04 --#define PTRACE_MODE_FSCREDS 0x08 --#define PTRACE_MODE_REALCREDS 0x10 -+#define PTRACE_MODE_FSCREDS 0x08 -+#define PTRACE_MODE_REALCREDS 0x10 -+#define PTRACE_MODE_SCHED 0x20 -+#define PTRACE_MODE_IBPB 0x40 - - /* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */ - #define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS) - #define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS) - #define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS) - #define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS) -+#define PTRACE_MODE_SPEC_IBPB (PTRACE_MODE_ATTACH_REALCREDS | PTRACE_MODE_IBPB) - - /** - * ptrace_may_access - check whether the caller is permitted to access -@@ -84,6 +87,20 @@ extern void exit_ptrace(struct task_stru - */ - extern bool ptrace_may_access(struct task_struct *task, unsigned int mode); - -+/** -+ * ptrace_may_access - check whether the caller is permitted to access -+ * a target task. -+ * @task: target task -+ * @mode: selects type of access and caller credentials -+ * -+ * Returns true on success, false on denial. -+ * -+ * Similar to ptrace_may_access(). Only to be called from context switch -+ * code. Does not call into audit and the regular LSM hooks due to locking -+ * constraints. -+ */ -+extern bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode); -+ - static inline int ptrace_reparented(struct task_struct *child) - { - return !same_thread_group(child->real_parent, child->parent); ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -@@ -262,6 +262,9 @@ static int ptrace_check_attach(struct ta - - static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) - { -+ if (mode & PTRACE_MODE_SCHED) -+ return false; -+ - if (mode & PTRACE_MODE_NOAUDIT) - return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE); - else -@@ -329,9 +332,16 @@ ok: - !ptrace_has_cap(mm->user_ns, mode))) - return -EPERM; - -+ if (mode & PTRACE_MODE_SCHED) -+ return 0; - return security_ptrace_access_check(task, mode); - } - -+bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode) -+{ -+ return __ptrace_may_access(task, mode | PTRACE_MODE_SCHED); -+} -+ - bool ptrace_may_access(struct task_struct *task, unsigned int mode) - { - int err; diff --git a/queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch b/queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch deleted file mode 100644 index 3c7b6560..00000000 --- a/queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch +++ /dev/null @@ -1,104 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:48 +0100 -Subject: x86/speculation: Avoid __switch_to_xtra() calls - -commit 5635d99953f04b550738f6f4c1c532667c3fd872 upstream. - -The TIF_SPEC_IB bit does not need to be evaluated in the decision to invoke -__switch_to_xtra() when: - - - CONFIG_SMP is disabled - - - The conditional STIPB mode is disabled - -The TIF_SPEC_IB bit still controls IBPB in both cases so the TIF work mask -checks might invoke __switch_to_xtra() for nothing if TIF_SPEC_IB is the -only set bit in the work masks. - -Optimize it out by masking the bit at compile time for CONFIG_SMP=n and at -run time when the static key controlling the conditional STIBP mode is -disabled. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.374062201@linutronix.de -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/thread_info.h | 13 +++++++++++-- - arch/x86/kernel/process.h | 15 +++++++++++++++ - 2 files changed, 26 insertions(+), 2 deletions(-) - ---- a/arch/x86/include/asm/thread_info.h -+++ b/arch/x86/include/asm/thread_info.h -@@ -149,9 +149,18 @@ struct thread_info { - _TIF_USER_RETURN_NOTIFY | _TIF_UPROBE) - - /* flags to check in __switch_to() */ --#define _TIF_WORK_CTXSW \ -+#define _TIF_WORK_CTXSW_BASE \ - (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP| \ -- _TIF_SSBD|_TIF_SPEC_IB) -+ _TIF_SSBD) -+ -+/* -+ * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated. -+ */ -+#ifdef CONFIG_SMP -+# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE | _TIF_SPEC_IB) -+#else -+# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE) -+#endif - - #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) - #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) ---- a/arch/x86/kernel/process.h -+++ b/arch/x86/kernel/process.h -@@ -2,6 +2,8 @@ - // - // Code shared between 32 and 64 bit - -+#include <asm/spec-ctrl.h> -+ - void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p); - - /* -@@ -14,6 +16,19 @@ static inline void switch_to_extra(struc - unsigned long next_tif = task_thread_info(next)->flags; - unsigned long prev_tif = task_thread_info(prev)->flags; - -+ if (IS_ENABLED(CONFIG_SMP)) { -+ /* -+ * Avoid __switch_to_xtra() invocation when conditional -+ * STIPB is disabled and the only different bit is -+ * TIF_SPEC_IB. For CONFIG_SMP=n TIF_SPEC_IB is not -+ * in the TIF_WORK_CTXSW masks. -+ */ -+ if (!static_branch_likely(&switch_to_cond_stibp)) { -+ prev_tif &= ~_TIF_SPEC_IB; -+ next_tif &= ~_TIF_SPEC_IB; -+ } -+ } -+ - /* - * __switch_to_xtra() handles debug registers, i/o bitmaps, - * speculation mitigations etc. diff --git a/queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch b/queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch deleted file mode 100644 index f39531e3..00000000 --- a/queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:30 +0100 -Subject: x86/speculation: Clean up spectre_v2_parse_cmdline() - -commit 24848509aa55eac39d524b587b051f4e86df3c12 upstream. - -Remove the unnecessary 'else' statement in spectre_v2_parse_cmdline() -to save an indentation level. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185003.688010903@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 27 +++++++++++++-------------- - 1 file changed, 13 insertions(+), 14 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -336,22 +336,21 @@ static enum spectre_v2_mitigation_cmd __ - - if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) - return SPECTRE_V2_CMD_NONE; -- else { -- ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); -- if (ret < 0) -- return SPECTRE_V2_CMD_AUTO; - -- for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { -- if (!match_option(arg, ret, mitigation_options[i].option)) -- continue; -- cmd = mitigation_options[i].cmd; -- break; -- } -+ ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); -+ if (ret < 0) -+ return SPECTRE_V2_CMD_AUTO; - -- if (i >= ARRAY_SIZE(mitigation_options)) { -- pr_err("unknown option (%s). Switching to AUTO select\n", arg); -- return SPECTRE_V2_CMD_AUTO; -- } -+ for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { -+ if (!match_option(arg, ret, mitigation_options[i].option)) -+ continue; -+ cmd = mitigation_options[i].cmd; -+ break; -+ } -+ -+ if (i >= ARRAY_SIZE(mitigation_options)) { -+ pr_err("unknown option (%s). Switching to AUTO select\n", arg); -+ return SPECTRE_V2_CMD_AUTO; - } - - if ((cmd == SPECTRE_V2_CMD_RETPOLINE || diff --git a/queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch b/queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch deleted file mode 100644 index 00a4a73c..00000000 --- a/queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch +++ /dev/null @@ -1,166 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 27 Feb 2019 10:10:23 +0100 -Subject: x86/speculation: Consolidate CPU whitelists - -commit 36ad35131adacc29b328b9c8b6277a8bf0d6fd5d upstream. - -The CPU vulnerability whitelists have some overlap and there are more -whitelists coming along. - -Use the driver_data field in the x86_cpu_id struct to denote the -whitelisted vulnerabilities and combine all whitelists into one. - -Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/common.c | 105 +++++++++++++++++++---------------- - 1 file changed, 56 insertions(+), 49 deletions(-) - ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -807,60 +807,68 @@ static void identify_cpu_without_cpuid(s - #endif - } - --static const __initconst struct x86_cpu_id cpu_no_speculation[] = { -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_TABLET, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL_MID, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_MID, X86_FEATURE_ANY }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL, X86_FEATURE_ANY }, -- { X86_VENDOR_CENTAUR, 5 }, -- { X86_VENDOR_INTEL, 5 }, -- { X86_VENDOR_NSC, 5 }, -- { X86_VENDOR_ANY, 4 }, -- {} --}; -+#define NO_SPECULATION BIT(0) -+#define NO_MELTDOWN BIT(1) -+#define NO_SSB BIT(2) -+#define NO_L1TF BIT(3) -+ -+#define VULNWL(_vendor, _family, _model, _whitelist) \ -+ { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } -+ -+#define VULNWL_INTEL(model, whitelist) \ -+ VULNWL(INTEL, 6, INTEL_FAM6_##model, whitelist) -+ -+#define VULNWL_AMD(family, whitelist) \ -+ VULNWL(AMD, family, X86_MODEL_ANY, whitelist) -+ -+static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { -+ VULNWL(ANY, 4, X86_MODEL_ANY, NO_SPECULATION), -+ VULNWL(CENTAUR, 5, X86_MODEL_ANY, NO_SPECULATION), -+ VULNWL(INTEL, 5, X86_MODEL_ANY, NO_SPECULATION), -+ VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION), -+ -+ VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION), -+ VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION), -+ VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION), -+ VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION), -+ VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION), -+ -+ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF), -+ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF), -+ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF), -+ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF), -+ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF), -+ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF), -+ -+ VULNWL_INTEL(CORE_YONAH, NO_SSB), -+ -+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF), -+ VULNWL_INTEL(ATOM_GOLDMONT, NO_L1TF), -+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_L1TF), -+ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_L1TF), -+ -+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF), -+ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF), -+ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF), -+ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF), - --static const __initconst struct x86_cpu_id cpu_no_meltdown[] = { -- { X86_VENDOR_AMD }, -+ /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ -+ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF), - {} - }; - --/* Only list CPUs which speculate but are non susceptible to SSB */ --static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = { -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, -- { X86_VENDOR_AMD, 0x12, }, -- { X86_VENDOR_AMD, 0x11, }, -- { X86_VENDOR_AMD, 0x10, }, -- { X86_VENDOR_AMD, 0xf, }, -- {} --}; -+static bool __init cpu_matches(unsigned long which) -+{ -+ const struct x86_cpu_id *m = x86_match_cpu(cpu_vuln_whitelist); - --static const __initconst struct x86_cpu_id cpu_no_l1tf[] = { -- /* in addition to cpu_no_speculation */ -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT_MID }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_X }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_PLUS }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, -- {} --}; -+ return m && !!(m->driver_data & which); -+} - - static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - { - u64 ia32_cap = 0; - -- if (x86_match_cpu(cpu_no_speculation)) -+ if (cpu_matches(NO_SPECULATION)) - return; - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); -@@ -869,15 +877,14 @@ static void __init cpu_set_bug_bits(stru - if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) - rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); - -- if (!x86_match_cpu(cpu_no_spec_store_bypass) && -- !(ia32_cap & ARCH_CAP_SSB_NO) && -+ if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) && - !cpu_has(c, X86_FEATURE_AMD_SSB_NO)) - setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS); - - if (ia32_cap & ARCH_CAP_IBRS_ALL) - setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); - -- if (x86_match_cpu(cpu_no_meltdown)) -+ if (cpu_matches(NO_MELTDOWN)) - return; - - /* Rogue Data Cache Load? No! */ -@@ -886,7 +893,7 @@ static void __init cpu_set_bug_bits(stru - - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - -- if (x86_match_cpu(cpu_no_l1tf)) -+ if (cpu_matches(NO_L1TF)) - return; - - setup_force_cpu_bug(X86_BUG_L1TF); diff --git a/queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch b/queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch deleted file mode 100644 index 01f0f002..00000000 --- a/queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:33 +0100 -Subject: x86/speculation: Disable STIBP when enhanced IBRS is in use - -commit 34bce7c9690b1d897686aac89604ba7adc365556 upstream. - -If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2 -user space exploits from hyperthread sibling. - -Disable STIBP when enhanced IBRS is used. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185003.966801480@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 7 +++++++ - 1 file changed, 7 insertions(+) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -380,6 +380,10 @@ static bool stibp_needed(void) - if (spectre_v2_enabled == SPECTRE_V2_NONE) - return false; - -+ /* Enhanced IBRS makes using STIBP unnecessary. */ -+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -+ return false; -+ - if (!boot_cpu_has(X86_FEATURE_STIBP)) - return false; - -@@ -823,6 +827,9 @@ static void __init l1tf_select_mitigatio - - static char *stibp_state(void) - { -+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -+ return ""; -+ - if (x86_spec_ctrl_base & SPEC_CTRL_STIBP) - return ", STIBP"; - else diff --git a/queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch b/queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch deleted file mode 100644 index 1f1fb9a9..00000000 --- a/queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch +++ /dev/null @@ -1,140 +0,0 @@ -From: Jiri Kosina <jkosina@suse.cz> -Date: Tue, 25 Sep 2018 14:38:55 +0200 -Subject: x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - -commit 53c613fe6349994f023245519265999eed75957f upstream. - -STIBP is a feature provided by certain Intel ucodes / CPUs. This feature -(once enabled) prevents cross-hyperthread control of decisions made by -indirect branch predictors. - -Enable this feature if - -- the CPU is vulnerable to spectre v2 -- the CPU supports SMT and has SMT siblings online -- spectre_v2 mitigation autoselection is enabled (default) - -After some previous discussion, this leaves STIBP on all the time, as wrmsr -on crossing kernel boundary is a no-no. This could perhaps later be a bit -more optimized (like disabling it in NOHZ, experiment with disabling it in -idle, etc) if needed. - -Note that the synchronization of the mask manipulation via newly added -spec_ctrl_mutex is currently not strictly needed, as the only updater is -already being serialized by cpu_add_remove_lock, but let's make this a -little bit more future-proof. - -Signed-off-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: "WoodhouseDavid" <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: "SchauflerCasey" <casey.schaufler@intel.com> -Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251438240.15880@cbobk.fhfr.pm -[bwh: Backported to 3.16: - - Don't add any calls to arch_smt_update() yet. They will be introduced by - "x86/speculation: Rework SMT state change". - - Use IS_ENABLED(CONFIG_X86_HT) instead of cpu_smt_control for now. This - will be fixed by "x86/speculation: Rework SMT state change".] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -32,12 +32,10 @@ static void __init spectre_v2_select_mit - static void __init ssb_select_mitigation(void); - static void __init l1tf_select_mitigation(void); - --/* -- * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any -- * writes to SPEC_CTRL contain whatever reserved bits have been set. -- */ -+/* The base value of the SPEC_CTRL MSR that always has to be preserved. */ - u64 x86_spec_ctrl_base; - EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); -+static DEFINE_MUTEX(spec_ctrl_mutex); - - /* - * The vendor and possibly platform specific bits which can be modified in -@@ -378,6 +376,46 @@ static enum spectre_v2_mitigation_cmd __ - return cmd; - } - -+static bool stibp_needed(void) -+{ -+ if (spectre_v2_enabled == SPECTRE_V2_NONE) -+ return false; -+ -+ if (!boot_cpu_has(X86_FEATURE_STIBP)) -+ return false; -+ -+ return true; -+} -+ -+static void update_stibp_msr(void *info) -+{ -+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); -+} -+ -+void arch_smt_update(void) -+{ -+ u64 mask; -+ -+ if (!stibp_needed()) -+ return; -+ -+ mutex_lock(&spec_ctrl_mutex); -+ mask = x86_spec_ctrl_base; -+ if (IS_ENABLED(CONFIG_X86_HT)) -+ mask |= SPEC_CTRL_STIBP; -+ else -+ mask &= ~SPEC_CTRL_STIBP; -+ -+ if (mask != x86_spec_ctrl_base) { -+ pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n", -+ IS_ENABLED(CONFIG_X86_HT) ? -+ "Enabling" : "Disabling"); -+ x86_spec_ctrl_base = mask; -+ on_each_cpu(update_stibp_msr, NULL, 1); -+ } -+ mutex_unlock(&spec_ctrl_mutex); -+} -+ - static void __init spectre_v2_select_mitigation(void) - { - enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); -@@ -477,6 +515,9 @@ specv2_set_mode: - setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); - pr_info("Enabling Restricted Speculation for firmware calls\n"); - } -+ -+ /* Enable STIBP if appropriate */ -+ arch_smt_update(); - } - - #undef pr_fmt -@@ -784,6 +825,8 @@ static void __init l1tf_select_mitigatio - static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, - char *buf, unsigned int bug) - { -+ int ret; -+ - if (!boot_cpu_has_bug(bug)) - return sprintf(buf, "Not affected\n"); - -@@ -798,10 +841,12 @@ static ssize_t cpu_show_common(struct de - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); - - case X86_BUG_SPECTRE_V2: -- return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], -+ ret = sprintf(buf, "%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], - boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", -+ (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "", - spectre_v2_module_string()); -+ return ret; - - case X86_BUG_SPEC_STORE_BYPASS: - return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); diff --git a/queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch b/queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch deleted file mode 100644 index d33754dd..00000000 --- a/queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch +++ /dev/null @@ -1,182 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:54 +0100 -Subject: x86/speculation: Enable prctl mode for spectre_v2_user - -commit 7cc765a67d8e04ef7d772425ca5a2a1e2b894c15 upstream. - -Now that all prerequisites are in place: - - - Add the prctl command line option - - - Default the 'auto' mode to 'prctl' - - - When SMT state changes, update the static key which controls the - conditional STIBP evaluation on context switch. - - - At init update the static key which controls the conditional IBPB - evaluation on context switch. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.958421388@linutronix.de -[bwh: Backported to 3.16: adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Docuemntation/kernel-parameters.txt | 7 +++- - arch/x86/kernel/cpu/bugs.c | 41 +++++++++++++++---- - 2 files changed, 38 insertions(+), 10 deletions(-) - ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3218,9 +3218,14 @@ bytes respectively. Such letter suffixes - off - Unconditionally disable mitigations. Is - enforced by spectre_v2=off - -+ prctl - Indirect branch speculation is enabled, -+ but mitigation can be enabled via prctl -+ per thread. The mitigation control state -+ is inherited on fork. -+ - auto - Kernel selects the mitigation depending on - the available CPU features and vulnerability. -- Default is off. -+ Default is prctl. - - Not specifying this option is equivalent to - spectre_v2_user=auto. ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -307,11 +307,13 @@ enum spectre_v2_user_cmd { - SPECTRE_V2_USER_CMD_NONE, - SPECTRE_V2_USER_CMD_AUTO, - SPECTRE_V2_USER_CMD_FORCE, -+ SPECTRE_V2_USER_CMD_PRCTL, - }; - - static const char * const spectre_v2_user_strings[] = { - [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", - [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", -+ [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", - }; - - static const struct { -@@ -322,6 +324,7 @@ static const struct { - { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, - { "off", SPECTRE_V2_USER_CMD_NONE, false }, - { "on", SPECTRE_V2_USER_CMD_FORCE, true }, -+ { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, - }; - - static void __init spec_v2_user_print_cond(const char *reason, bool secure) -@@ -375,12 +378,15 @@ spectre_v2_user_select_mitigation(enum s - smt_possible = false; - - switch (spectre_v2_parse_user_cmdline(v2_cmd)) { -- case SPECTRE_V2_USER_CMD_AUTO: - case SPECTRE_V2_USER_CMD_NONE: - goto set_mode; - case SPECTRE_V2_USER_CMD_FORCE: - mode = SPECTRE_V2_USER_STRICT; - break; -+ case SPECTRE_V2_USER_CMD_AUTO: -+ case SPECTRE_V2_USER_CMD_PRCTL: -+ mode = SPECTRE_V2_USER_PRCTL; -+ break; - } - - /* Initialize Indirect Branch Prediction Barrier */ -@@ -391,6 +397,9 @@ spectre_v2_user_select_mitigation(enum s - case SPECTRE_V2_USER_STRICT: - static_branch_enable(&switch_mm_always_ibpb); - break; -+ case SPECTRE_V2_USER_PRCTL: -+ static_branch_enable(&switch_mm_cond_ibpb); -+ break; - default: - break; - } -@@ -403,6 +412,12 @@ spectre_v2_user_select_mitigation(enum s - if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) - return; - -+ /* -+ * If SMT is not possible or STIBP is not available clear the STIPB -+ * mode. -+ */ -+ if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP)) -+ mode = SPECTRE_V2_USER_NONE; - set_mode: - spectre_v2_user = mode; - /* Only print the STIBP mode when SMT possible */ -@@ -610,6 +625,15 @@ static void update_stibp_strict(void) - on_each_cpu(update_stibp_msr, NULL, 1); - } - -+/* Update the static key controlling the evaluation of TIF_SPEC_IB */ -+static void update_indir_branch_cond(void) -+{ -+ if (sched_smt_active()) -+ static_branch_enable(&switch_to_cond_stibp); -+ else -+ static_branch_disable(&switch_to_cond_stibp); -+} -+ - void arch_smt_update(void) - { - /* Enhanced IBRS implies STIBP. No update required. */ -@@ -625,6 +649,7 @@ void arch_smt_update(void) - update_stibp_strict(); - break; - case SPECTRE_V2_USER_PRCTL: -+ update_indir_branch_cond(); - break; - } - -@@ -1012,7 +1037,8 @@ static char *stibp_state(void) - case SPECTRE_V2_USER_STRICT: - return ", STIBP: forced"; - case SPECTRE_V2_USER_PRCTL: -- return ""; -+ if (static_key_enabled(&switch_to_cond_stibp)) -+ return ", STIBP: conditional"; - } - return ""; - } -@@ -1020,14 +1046,11 @@ static char *stibp_state(void) - static char *ibpb_state(void) - { - if (boot_cpu_has(X86_FEATURE_IBPB)) { -- switch (spectre_v2_user) { -- case SPECTRE_V2_USER_NONE: -- return ", IBPB: disabled"; -- case SPECTRE_V2_USER_STRICT: -+ if (static_key_enabled(&switch_mm_always_ibpb)) - return ", IBPB: always-on"; -- case SPECTRE_V2_USER_PRCTL: -- return ""; -- } -+ if (static_key_enabled(&switch_mm_cond_ibpb)) -+ return ", IBPB: conditional"; -+ return ", IBPB: disabled"; - } - return ""; - } diff --git a/queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch b/queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch deleted file mode 100644 index 3ca5f310..00000000 --- a/queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Ben Hutchings <ben@decadent.org.uk> -Date: Sat, 11 May 2019 23:45:54 +0100 -Subject: x86/speculation/l1tf: Document l1tf in sysfs - -The vulnerabilties/l1tf attribute was added by commit 17dbca119312 -"x86/speculation/l1tf: Add sysfs reporting for l1tf", which has -already been backported to 3.16, but only documented in commit -d90a7a0ec83f "x86/bugs, kvm: Introduce boot-time control of L1TF -mitigations", which has not and probbaly won't be. - -Add just that line of documentation for now. - -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/ABI/testing/sysfs-devices-system-cpu -+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu -@@ -230,6 +230,7 @@ What: /sys/devices/system/cpu/vulnerabi - /sys/devices/system/cpu/vulnerabilities/spectre_v1 - /sys/devices/system/cpu/vulnerabilities/spectre_v2 - /sys/devices/system/cpu/vulnerabilities/spec_store_bypass -+ /sys/devices/system/cpu/vulnerabilities/l1tf - Date: January 2018 - Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> - Description: Information about CPU vulnerabilities diff --git a/queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch b/queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch deleted file mode 100644 index 2466c59d..00000000 --- a/queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:42 +0100 -Subject: x86/speculation: Mark string arrays const correctly - -commit 8770709f411763884535662744a3786a1806afd3 upstream. - -checkpatch.pl muttered when reshuffling the code: - WARNING: static const char * array should probably be static const char * const - -Fix up all the string arrays. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.800018931@linutronix.de -[bwh: Backported to 3.16: drop the part for KVM mitigation modes] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -290,7 +290,7 @@ enum spectre_v2_mitigation_cmd { - SPECTRE_V2_CMD_RETPOLINE_AMD, - }; - --static const char *spectre_v2_strings[] = { -+static const char * const spectre_v2_strings[] = { - [SPECTRE_V2_NONE] = "Vulnerable", - [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", - [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", -@@ -536,7 +536,7 @@ enum ssb_mitigation_cmd { - SPEC_STORE_BYPASS_CMD_SECCOMP, - }; - --static const char *ssb_strings[] = { -+static const char * const ssb_strings[] = { - [SPEC_STORE_BYPASS_NONE] = "Vulnerable", - [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled", - [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl", diff --git a/queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch b/queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch deleted file mode 100644 index 4756087c..00000000 --- a/queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch +++ /dev/null @@ -1,151 +0,0 @@ -From: Andi Kleen <ak@linux.intel.com> -Date: Fri, 18 Jan 2019 16:50:16 -0800 -Subject: x86/speculation/mds: Add basic bug infrastructure for MDS - -commit ed5194c2732c8084af9fd159c146ea92bf137128 upstream. - -Microarchitectural Data Sampling (MDS), is a class of side channel attacks -on internal buffers in Intel CPUs. The variants are: - - - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126) - - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130) - - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127) - -MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a -dependent load (store-to-load forwarding) as an optimization. The forward -can also happen to a faulting or assisting load operation for a different -memory address, which can be exploited under certain conditions. Store -buffers are partitioned between Hyper-Threads so cross thread forwarding is -not possible. But if a thread enters or exits a sleep state the store -buffer is repartitioned which can expose data from one thread to the other. - -MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage -L1 miss situations and to hold data which is returned or sent in response -to a memory or I/O operation. Fill buffers can forward data to a load -operation and also write data to the cache. When the fill buffer is -deallocated it can retain the stale data of the preceding operations which -can then be forwarded to a faulting or assisting load operation, which can -be exploited under certain conditions. Fill buffers are shared between -Hyper-Threads so cross thread leakage is possible. - -MLDPS leaks Load Port Data. Load ports are used to perform load operations -from memory or I/O. The received data is then forwarded to the register -file or a subsequent operation. In some implementations the Load Port can -contain stale data from a previous operation which can be forwarded to -faulting or assisting loads under certain conditions, which again can be -exploited eventually. Load ports are shared between Hyper-Threads so cross -thread leakage is possible. - -All variants have the same mitigation for single CPU thread case (SMT off), -so the kernel can treat them as one MDS issue. - -Add the basic infrastructure to detect if the current CPU is affected by -MDS. - -[ tglx: Rewrote changelog ] - -Signed-off-by: Andi Kleen <ak@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Use CPU feature word 10 and next available bug flag - - Adjust filename, context, indentation] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/cpufeatures.h | 2 ++ - arch/x86/include/uapi/asm/msr-index.h | 5 +++++ - arch/x86/kernel/cpu/common.c | 23 +++++++++++++++-------- - 3 files changed, 22 insertions(+), 8 deletions(-) - ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -243,6 +243,7 @@ - #define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */ - - /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */ -+#define X86_FEATURE_MD_CLEAR (10*32+10) /* VERW clears CPU buffers */ - #define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */ - #define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */ - #define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ -@@ -271,5 +272,6 @@ - #define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */ - #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */ - #define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */ -+#define X86_BUG_MDS X86_BUG(10) /* CPU is affected by Microarchitectural data sampling */ - - #endif /* _ASM_X86_CPUFEATURES_H */ ---- a/arch/x86/include/uapi/asm/msr-index.h -+++ b/arch/x86/include/uapi/asm/msr-index.h -@@ -65,6 +65,11 @@ - * attack, so no Speculative Store Bypass - * control required. - */ -+#define ARCH_CAP_MDS_NO (1UL << 5) /* -+ * Not susceptible to -+ * Microarchitectural Data -+ * Sampling (MDS) vulnerabilities. -+ */ - - #define MSR_IA32_BBL_CR_CTL 0x00000119 - #define MSR_IA32_BBL_CR_CTL3 0x0000011e ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -811,6 +811,7 @@ static void identify_cpu_without_cpuid(s - #define NO_MELTDOWN BIT(1) - #define NO_SSB BIT(2) - #define NO_L1TF BIT(3) -+#define NO_MDS BIT(4) - - #define VULNWL(_vendor, _family, _model, _whitelist) \ - { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } -@@ -827,6 +828,7 @@ static const __initconst struct x86_cpu_ - VULNWL(INTEL, 5, X86_MODEL_ANY, NO_SPECULATION), - VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION), - -+ /* Intel Family 6 */ - VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION), - VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION), - VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION), -@@ -843,17 +845,19 @@ static const __initconst struct x86_cpu_ - VULNWL_INTEL(CORE_YONAH, NO_SSB), - - VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF), -- VULNWL_INTEL(ATOM_GOLDMONT, NO_L1TF), -- VULNWL_INTEL(ATOM_GOLDMONT_X, NO_L1TF), -- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_L1TF), -- -- VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF), -- VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF), -- VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF), -- VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF), -+ -+ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF), -+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF), -+ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF), -+ -+ /* AMD Family 0xf - 0x12 */ -+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), -+ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), -+ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), -+ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), - - /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ -- VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF), -+ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS), - {} - }; - -@@ -884,6 +888,9 @@ static void __init cpu_set_bug_bits(stru - if (ia32_cap & ARCH_CAP_IBRS_ALL) - setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); - -+ if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) -+ setup_force_cpu_bug(X86_BUG_MDS); -+ - if (cpu_matches(NO_MELTDOWN)) - return; - diff --git a/queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch b/queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch deleted file mode 100644 index 0998a3fe..00000000 --- a/queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch +++ /dev/null @@ -1,89 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Fri, 1 Mar 2019 20:21:08 +0100 -Subject: x86/speculation/mds: Add BUG_MSBDS_ONLY - -commit e261f209c3666e842fd645a1e31f001c3a26def9 upstream. - -This bug bit is set on CPUs which are only affected by Microarchitectural -Store Buffer Data Sampling (MSBDS) and not by any other MDS variant. - -This is important because the Store Buffers are partitioned between -Hyper-Threads so cross thread forwarding is not possible. But if a thread -enters or exits a sleep state the store buffer is repartitioned which can -expose data from one thread to the other. This transition can be mitigated. - -That means that for CPUs which are only affected by MSBDS SMT can be -enabled, if the CPU is not affected by other SMT sensitive vulnerabilities, -e.g. L1TF. The XEON PHI variants fall into that category. Also the -Silvermont/Airmont ATOMs, but for them it's not really relevant as they do -not support SMT, but mark them for completeness sake. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Assign the next available bug flag - - Adjust context, indentation] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/cpufeatures.h | 1 + - arch/x86/kernel/cpu/common.c | 20 ++++++++++++-------- - 2 files changed, 13 insertions(+), 8 deletions(-) - ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -273,5 +273,6 @@ - #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */ - #define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */ - #define X86_BUG_MDS X86_BUG(10) /* CPU is affected by Microarchitectural data sampling */ -+#define X86_BUG_MSBDS_ONLY X86_BUG(11) /* CPU is only affected by the MSDBS variant of BUG_MDS */ - - #endif /* _ASM_X86_CPUFEATURES_H */ ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -812,6 +812,7 @@ static void identify_cpu_without_cpuid(s - #define NO_SSB BIT(2) - #define NO_L1TF BIT(3) - #define NO_MDS BIT(4) -+#define MSBDS_ONLY BIT(5) - - #define VULNWL(_vendor, _family, _model, _whitelist) \ - { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } -@@ -835,16 +836,16 @@ static const __initconst struct x86_cpu_ - VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION), - VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION), - -- VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF), -- VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF), -- VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF), -- VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF), -- VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF), -- VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF), -+ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY), -+ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY), -+ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY), -+ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY), -+ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY), -+ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY), - - VULNWL_INTEL(CORE_YONAH, NO_SSB), - -- VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF), -+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY), - - VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF), - VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF), -@@ -888,8 +889,11 @@ static void __init cpu_set_bug_bits(stru - if (ia32_cap & ARCH_CAP_IBRS_ALL) - setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); - -- if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) -+ if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) { - setup_force_cpu_bug(X86_BUG_MDS); -+ if (cpu_matches(MSBDS_ONLY)) -+ setup_force_cpu_bug(X86_BUG_MSBDS_ONLY); -+ } - - if (cpu_matches(NO_MELTDOWN)) - return; diff --git a/queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch b/queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch deleted file mode 100644 index c7c07f17..00000000 --- a/queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch +++ /dev/null @@ -1,174 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Mon, 18 Feb 2019 23:13:06 +0100 -Subject: x86/speculation/mds: Add mds_clear_cpu_buffers() - -commit 6a9e529272517755904b7afa639f6db59ddb793e upstream. - -The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by -clearing the affected CPU buffers. The mechanism for clearing the buffers -uses the unused and obsolete VERW instruction in combination with a -microcode update which triggers a CPU buffer clear when VERW is executed. - -Provide a inline function with the assembly magic. The argument of the VERW -instruction must be a memory operand as documented: - - "MD_CLEAR enumerates that the memory-operand variant of VERW (for - example, VERW m16) has been extended to also overwrite buffers affected - by MDS. This buffer overwriting functionality is not guaranteed for the - register operand variant of VERW." - -Documentation also recommends to use a writable data segment selector: - - "The buffer overwriting occurs regardless of the result of the VERW - permission check, as well as when the selector is null or causes a - descriptor load segment violation. However, for lowest latency we - recommend using a selector that indicates a valid writable data - segment." - -Add x86 specific documentation about MDS and the internal workings of the -mitigation. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: drop changes to doc index and configuration] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- /dev/null -+++ b/Documentation/x86/mds.rst -@@ -0,0 +1,99 @@ -+Microarchitectural Data Sampling (MDS) mitigation -+================================================= -+ -+.. _mds: -+ -+Overview -+-------- -+ -+Microarchitectural Data Sampling (MDS) is a family of side channel attacks -+on internal buffers in Intel CPUs. The variants are: -+ -+ - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126) -+ - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130) -+ - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127) -+ -+MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a -+dependent load (store-to-load forwarding) as an optimization. The forward -+can also happen to a faulting or assisting load operation for a different -+memory address, which can be exploited under certain conditions. Store -+buffers are partitioned between Hyper-Threads so cross thread forwarding is -+not possible. But if a thread enters or exits a sleep state the store -+buffer is repartitioned which can expose data from one thread to the other. -+ -+MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage -+L1 miss situations and to hold data which is returned or sent in response -+to a memory or I/O operation. Fill buffers can forward data to a load -+operation and also write data to the cache. When the fill buffer is -+deallocated it can retain the stale data of the preceding operations which -+can then be forwarded to a faulting or assisting load operation, which can -+be exploited under certain conditions. Fill buffers are shared between -+Hyper-Threads so cross thread leakage is possible. -+ -+MLPDS leaks Load Port Data. Load ports are used to perform load operations -+from memory or I/O. The received data is then forwarded to the register -+file or a subsequent operation. In some implementations the Load Port can -+contain stale data from a previous operation which can be forwarded to -+faulting or assisting loads under certain conditions, which again can be -+exploited eventually. Load ports are shared between Hyper-Threads so cross -+thread leakage is possible. -+ -+ -+Exposure assumptions -+-------------------- -+ -+It is assumed that attack code resides in user space or in a guest with one -+exception. The rationale behind this assumption is that the code construct -+needed for exploiting MDS requires: -+ -+ - to control the load to trigger a fault or assist -+ -+ - to have a disclosure gadget which exposes the speculatively accessed -+ data for consumption through a side channel. -+ -+ - to control the pointer through which the disclosure gadget exposes the -+ data -+ -+The existence of such a construct in the kernel cannot be excluded with -+100% certainty, but the complexity involved makes it extremly unlikely. -+ -+There is one exception, which is untrusted BPF. The functionality of -+untrusted BPF is limited, but it needs to be thoroughly investigated -+whether it can be used to create such a construct. -+ -+ -+Mitigation strategy -+------------------- -+ -+All variants have the same mitigation strategy at least for the single CPU -+thread case (SMT off): Force the CPU to clear the affected buffers. -+ -+This is achieved by using the otherwise unused and obsolete VERW -+instruction in combination with a microcode update. The microcode clears -+the affected CPU buffers when the VERW instruction is executed. -+ -+For virtualization there are two ways to achieve CPU buffer -+clearing. Either the modified VERW instruction or via the L1D Flush -+command. The latter is issued when L1TF mitigation is enabled so the extra -+VERW can be avoided. If the CPU is not affected by L1TF then VERW needs to -+be issued. -+ -+If the VERW instruction with the supplied segment selector argument is -+executed on a CPU without the microcode update there is no side effect -+other than a small number of pointlessly wasted CPU cycles. -+ -+This does not protect against cross Hyper-Thread attacks except for MSBDS -+which is only exploitable cross Hyper-thread when one of the Hyper-Threads -+enters a C-state. -+ -+The kernel provides a function to invoke the buffer clearing: -+ -+ mds_clear_cpu_buffers() -+ -+The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state -+(idle) transitions. -+ -+According to current knowledge additional mitigations inside the kernel -+itself are not required because the necessary gadgets to expose the leaked -+data cannot be controlled in a way which allows exploitation from malicious -+user space or VM guests. ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -262,5 +262,30 @@ DECLARE_STATIC_KEY_FALSE(switch_to_cond_ - DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); - DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - -+#include <asm/segment.h> -+ -+/** -+ * mds_clear_cpu_buffers - Mitigation for MDS vulnerability -+ * -+ * This uses the otherwise unused and obsolete VERW instruction in -+ * combination with microcode which triggers a CPU buffer flush when the -+ * instruction is executed. -+ */ -+static inline void mds_clear_cpu_buffers(void) -+{ -+ static const u16 ds = __KERNEL_DS; -+ -+ /* -+ * Has to be the memory-operand variant because only that -+ * guarantees the CPU buffer flush functionality according to -+ * documentation. The register-operand variant does not. -+ * Works with any segment selector, but a valid writable -+ * data segment is the fastest variant. -+ * -+ * "cc" clobber is required because VERW modifies ZF. -+ */ -+ asm volatile("verw %[ds]" : : [ds] "m" (ds) : "cc"); -+} -+ - #endif /* __ASSEMBLY__ */ - #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */ diff --git a/queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch b/queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch deleted file mode 100644 index 8962edef..00000000 --- a/queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch +++ /dev/null @@ -1,184 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Mon, 18 Feb 2019 22:04:08 +0100 -Subject: x86/speculation/mds: Add mitigation control for MDS - -commit bc1241700acd82ec69fde98c5763ce51086269f8 upstream. - -Now that the mitigations are in place, add a command line parameter to -control the mitigation, a mitigation selector function and a SMT update -mechanism. - -This is the minimal straight forward initial implementation which just -provides an always on/off mode. The command line parameter is: - - mds=[full|off] - -This is consistent with the existing mitigations for other speculative -hardware vulnerabilities. - -The idle invocation is dynamically updated according to the SMT state of -the system similar to the dynamic update of the STIBP mitigation. The idle -mitigation is limited to CPUs which are only affected by MSBDS and not any -other variant, because the other variants cannot be mitigated on SMT -enabled systems. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Drop " __ro_after_init" - - Adjust filename, context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -1774,6 +1774,28 @@ bytes respectively. Such letter suffixes - Format: <first>,<last> - Specifies range of consoles to be captured by the MDA. - -+ mds= [X86,INTEL] -+ Control mitigation for the Micro-architectural Data -+ Sampling (MDS) vulnerability. -+ -+ Certain CPUs are vulnerable to an exploit against CPU -+ internal buffers which can forward information to a -+ disclosure gadget under certain conditions. -+ -+ In vulnerable processors, the speculatively -+ forwarded data can be used in a cache side channel -+ attack, to access data to which the attacker does -+ not have direct access. -+ -+ This parameter controls the MDS mitigation. The -+ options are: -+ -+ full - Enable MDS mitigation on vulnerable CPUs -+ off - Unconditionally disable MDS mitigation -+ -+ Not specifying this option is equivalent to -+ mds=full. -+ - mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory - Amount of memory to be used when the kernel is not able - to see the whole system memory or for test. ---- a/arch/x86/include/asm/processor.h -+++ b/arch/x86/include/asm/processor.h -@@ -953,4 +953,10 @@ bool xen_set_default_idle(void); - - void stop_this_cpu(void *dummy); - void df_debug(struct pt_regs *regs, long error_code); -+ -+enum mds_mitigations { -+ MDS_MITIGATION_OFF, -+ MDS_MITIGATION_FULL, -+}; -+ - #endif /* _ASM_X86_PROCESSOR_H */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -32,6 +32,7 @@ - static void __init spectre_v2_select_mitigation(void); - static void __init ssb_select_mitigation(void); - static void __init l1tf_select_mitigation(void); -+static void __init mds_select_mitigation(void); - - /* The base value of the SPEC_CTRL MSR that always has to be preserved. */ - u64 x86_spec_ctrl_base; -@@ -157,6 +158,8 @@ void __init check_bugs(void) - - l1tf_select_mitigation(); - -+ mds_select_mitigation(); -+ - #ifdef CONFIG_X86_32 - /* - * Check whether we are able to run this kernel safely on SMP. -@@ -268,6 +271,50 @@ static void x86_amd_ssb_disable(void) - } - - #undef pr_fmt -+#define pr_fmt(fmt) "MDS: " fmt -+ -+/* Default mitigation for L1TF-affected CPUs */ -+static enum mds_mitigations mds_mitigation = MDS_MITIGATION_FULL; -+ -+static const char * const mds_strings[] = { -+ [MDS_MITIGATION_OFF] = "Vulnerable", -+ [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers" -+}; -+ -+static void __init mds_select_mitigation(void) -+{ -+ if (!boot_cpu_has_bug(X86_BUG_MDS)) { -+ mds_mitigation = MDS_MITIGATION_OFF; -+ return; -+ } -+ -+ if (mds_mitigation == MDS_MITIGATION_FULL) { -+ if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) -+ static_branch_enable(&mds_user_clear); -+ else -+ mds_mitigation = MDS_MITIGATION_OFF; -+ } -+ pr_info("%s\n", mds_strings[mds_mitigation]); -+} -+ -+static int __init mds_cmdline(char *str) -+{ -+ if (!boot_cpu_has_bug(X86_BUG_MDS)) -+ return 0; -+ -+ if (!str) -+ return -EINVAL; -+ -+ if (!strcmp(str, "off")) -+ mds_mitigation = MDS_MITIGATION_OFF; -+ else if (!strcmp(str, "full")) -+ mds_mitigation = MDS_MITIGATION_FULL; -+ -+ return 0; -+} -+early_param("mds", mds_cmdline); -+ -+#undef pr_fmt - #define pr_fmt(fmt) "Spectre V2 : " fmt - - static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; -@@ -665,6 +712,26 @@ static void update_indir_branch_cond(voi - static_branch_disable(&switch_to_cond_stibp); - } - -+/* Update the static key controlling the MDS CPU buffer clear in idle */ -+static void update_mds_branch_idle(void) -+{ -+ /* -+ * Enable the idle clearing if SMT is active on CPUs which are -+ * affected only by MSBDS and not any other MDS variant. -+ * -+ * The other variants cannot be mitigated when SMT is enabled, so -+ * clearing the buffers on idle just to prevent the Store Buffer -+ * repartitioning leak would be a window dressing exercise. -+ */ -+ if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY)) -+ return; -+ -+ if (sched_smt_active()) -+ static_branch_enable(&mds_idle_clear); -+ else -+ static_branch_disable(&mds_idle_clear); -+} -+ - void arch_smt_update(void) - { - /* Enhanced IBRS implies STIBP. No update required. */ -@@ -685,6 +752,9 @@ void arch_smt_update(void) - break; - } - -+ if (mds_mitigation == MDS_MITIGATION_FULL) -+ update_mds_branch_idle(); -+ - mutex_unlock(&spec_ctrl_mutex); - } - diff --git a/queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch b/queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch deleted file mode 100644 index 4ca8f887..00000000 --- a/queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch +++ /dev/null @@ -1,118 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 20 Feb 2019 09:40:40 +0100 -Subject: x86/speculation/mds: Add mitigation mode VMWERV - -commit 22dd8365088b6403630b82423cf906491859b65e upstream. - -In virtualized environments it can happen that the host has the microcode -update which utilizes the VERW instruction to clear CPU buffers, but the -hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit -to guests. - -Introduce an internal mitigation mode VMWERV which enables the invocation -of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the -system has no updated microcode this results in a pointless execution of -the VERW instruction wasting a few CPU cycles. If the microcode is updated, -but not exposed to a guest then the CPU buffers will be cleared. - -That said: Virtual Machines Will Eventually Receive Vaccine - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/x86/mds.rst -+++ b/Documentation/x86/mds.rst -@@ -93,11 +93,38 @@ The kernel provides a function to invoke - The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state - (idle) transitions. - -+As a special quirk to address virtualization scenarios where the host has -+the microcode updated, but the hypervisor does not (yet) expose the -+MD_CLEAR CPUID bit to guests, the kernel issues the VERW instruction in the -+hope that it might actually clear the buffers. The state is reflected -+accordingly. -+ - According to current knowledge additional mitigations inside the kernel - itself are not required because the necessary gadgets to expose the leaked - data cannot be controlled in a way which allows exploitation from malicious - user space or VM guests. - -+Kernel internal mitigation modes -+-------------------------------- -+ -+ ======= ============================================================ -+ off Mitigation is disabled. Either the CPU is not affected or -+ mds=off is supplied on the kernel command line -+ -+ full Mitigation is eanbled. CPU is affected and MD_CLEAR is -+ advertised in CPUID. -+ -+ vmwerv Mitigation is enabled. CPU is affected and MD_CLEAR is not -+ advertised in CPUID. That is mainly for virtualization -+ scenarios where the host has the updated microcode but the -+ hypervisor does not expose MD_CLEAR in CPUID. It's a best -+ effort approach without guarantee. -+ ======= ============================================================ -+ -+If the CPU is affected and mds=off is not supplied on the kernel command -+line then the kernel selects the appropriate mitigation mode depending on -+the availability of the MD_CLEAR CPUID bit. -+ - Mitigation points - ----------------- - ---- a/arch/x86/include/asm/processor.h -+++ b/arch/x86/include/asm/processor.h -@@ -957,6 +957,7 @@ void df_debug(struct pt_regs *regs, long - enum mds_mitigations { - MDS_MITIGATION_OFF, - MDS_MITIGATION_FULL, -+ MDS_MITIGATION_VMWERV, - }; - - #endif /* _ASM_X86_PROCESSOR_H */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -279,7 +279,8 @@ static enum mds_mitigations mds_mitigati - - static const char * const mds_strings[] = { - [MDS_MITIGATION_OFF] = "Vulnerable", -- [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers" -+ [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers", -+ [MDS_MITIGATION_VMWERV] = "Vulnerable: Clear CPU buffers attempted, no microcode", - }; - - static void __init mds_select_mitigation(void) -@@ -290,10 +291,9 @@ static void __init mds_select_mitigation - } - - if (mds_mitigation == MDS_MITIGATION_FULL) { -- if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) -- static_branch_enable(&mds_user_clear); -- else -- mds_mitigation = MDS_MITIGATION_OFF; -+ if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) -+ mds_mitigation = MDS_MITIGATION_VMWERV; -+ static_branch_enable(&mds_user_clear); - } - pr_info("%s\n", mds_strings[mds_mitigation]); - } -@@ -753,8 +753,14 @@ void arch_smt_update(void) - break; - } - -- if (mds_mitigation == MDS_MITIGATION_FULL) -+ switch (mds_mitigation) { -+ case MDS_MITIGATION_FULL: -+ case MDS_MITIGATION_VMWERV: - update_mds_branch_idle(); -+ break; -+ case MDS_MITIGATION_OFF: -+ break; -+ } - - mutex_unlock(&spec_ctrl_mutex); - } diff --git a/queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch b/queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch deleted file mode 100644 index 9c5e1bfe..00000000 --- a/queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Josh Poimboeuf <jpoimboe@redhat.com> -Date: Wed, 17 Apr 2019 16:39:02 -0500 -Subject: x86/speculation/mds: Add 'mitigations=' support for MDS - -commit 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12 upstream. - -Add MDS to the new 'mitigations=' cmdline option. - -Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -[bwh: Backported to 3.16: - - Drop the auto,nosmt option, which we can't support - - Adjust filenames, context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -1920,6 +1920,7 @@ bytes respectively. Such letter suffixes - nospectre_v2 [X86] - spectre_v2_user=off [X86] - spec_store_bypass_disable=off [X86] -+ mds=off [X86] - - auto (default) - Mitigate all CPU vulnerabilities, but leave SMT ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -287,7 +287,7 @@ static const char * const mds_strings[] - - static void __init mds_select_mitigation(void) - { -- if (!boot_cpu_has_bug(X86_BUG_MDS)) { -+ if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) { - mds_mitigation = MDS_MITIGATION_OFF; - return; - } diff --git a/queue-3.16/x86-speculation-mds-add-smt-warning-message.patch b/queue-3.16/x86-speculation-mds-add-smt-warning-message.patch deleted file mode 100644 index ded23589..00000000 --- a/queue-3.16/x86-speculation-mds-add-smt-warning-message.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Josh Poimboeuf <jpoimboe@redhat.com> -Date: Tue, 2 Apr 2019 10:00:51 -0500 -Subject: x86/speculation/mds: Add SMT warning message - -commit 39226ef02bfb43248b7db12a4fdccb39d95318e3 upstream. - -MDS is vulnerable with SMT. Make that clear with a one-time printk -whenever SMT first gets enabled. - -Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Tyler Hicks <tyhicks@canonical.com> -Acked-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -712,6 +712,9 @@ static void update_indir_branch_cond(voi - static_branch_disable(&switch_to_cond_stibp); - } - -+#undef pr_fmt -+#define pr_fmt(fmt) fmt -+ - /* Update the static key controlling the MDS CPU buffer clear in idle */ - static void update_mds_branch_idle(void) - { -@@ -732,6 +735,8 @@ static void update_mds_branch_idle(void) - static_branch_disable(&mds_idle_clear); - } - -+#define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n" -+ - void arch_smt_update(void) - { - /* Enhanced IBRS implies STIBP. No update required. */ -@@ -755,6 +760,8 @@ void arch_smt_update(void) - switch (mds_mitigation) { - case MDS_MITIGATION_FULL: - case MDS_MITIGATION_VMWERV: -+ if (sched_smt_active() && !boot_cpu_has(X86_BUG_MSBDS_ONLY)) -+ pr_warn_once(MDS_MSG_SMT); - update_mds_branch_idle(); - break; - case MDS_MITIGATION_OFF: -@@ -1134,6 +1141,7 @@ static void __init l1tf_select_mitigatio - setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV); - } - #undef pr_fmt -+#define pr_fmt(fmt) fmt - - #ifdef CONFIG_SYSFS - diff --git a/queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch b/queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch deleted file mode 100644 index a2595438..00000000 --- a/queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch +++ /dev/null @@ -1,125 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Mon, 18 Feb 2019 22:51:43 +0100 -Subject: x86/speculation/mds: Add sysfs reporting for MDS - -commit 8a4b06d391b0a42a373808979b5028f5c84d9c6a upstream. - -Add the sysfs reporting file for MDS. It exposes the vulnerability and -mitigation state similar to the existing files for the other speculative -hardware vulnerabilities. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Test x86_hyper instead of using hypervisor_is_type() - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/ABI/testing/sysfs-devices-system-cpu -+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu -@@ -231,6 +231,7 @@ What: /sys/devices/system/cpu/vulnerabi - /sys/devices/system/cpu/vulnerabilities/spectre_v2 - /sys/devices/system/cpu/vulnerabilities/spec_store_bypass - /sys/devices/system/cpu/vulnerabilities/l1tf -+ /sys/devices/system/cpu/vulnerabilities/mds - Date: January 2018 - Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> - Description: Information about CPU vulnerabilities ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -24,6 +24,7 @@ - #include <asm/msr.h> - #include <asm/paravirt.h> - #include <asm/alternative.h> -+#include <asm/hypervisor.h> - #include <asm/pgtable.h> - #include <asm/cacheflush.h> - #include <asm/intel-family.h> -@@ -1131,6 +1132,24 @@ static void __init l1tf_select_mitigatio - - #ifdef CONFIG_SYSFS - -+static ssize_t mds_show_state(char *buf) -+{ -+#ifdef CONFIG_HYPERVISOR_GUEST -+ if (x86_hyper) { -+ return sprintf(buf, "%s; SMT Host state unknown\n", -+ mds_strings[mds_mitigation]); -+ } -+#endif -+ -+ if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) { -+ return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], -+ sched_smt_active() ? "mitigated" : "disabled"); -+ } -+ -+ return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], -+ sched_smt_active() ? "vulnerable" : "disabled"); -+} -+ - static char *stibp_state(void) - { - if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -@@ -1193,6 +1212,9 @@ static ssize_t cpu_show_common(struct de - return sprintf(buf, "Mitigation: Page Table Inversion\n"); - break; - -+ case X86_BUG_MDS: -+ return mds_show_state(buf); -+ - default: - break; - } -@@ -1224,4 +1246,9 @@ ssize_t cpu_show_l1tf(struct device *dev - { - return cpu_show_common(dev, attr, buf, X86_BUG_L1TF); - } -+ -+ssize_t cpu_show_mds(struct device *dev, struct device_attribute *attr, char *buf) -+{ -+ return cpu_show_common(dev, attr, buf, X86_BUG_MDS); -+} - #endif ---- a/drivers/base/cpu.c -+++ b/drivers/base/cpu.c -@@ -450,11 +450,18 @@ ssize_t __weak cpu_show_l1tf(struct devi - return sprintf(buf, "Not affected\n"); - } - -+ssize_t __weak cpu_show_mds(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ return sprintf(buf, "Not affected\n"); -+} -+ - static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); - static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); - static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); - static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL); - static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL); -+static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL); - - static struct attribute *cpu_root_vulnerabilities_attrs[] = { - &dev_attr_meltdown.attr, -@@ -462,6 +469,7 @@ static struct attribute *cpu_root_vulner - &dev_attr_spectre_v2.attr, - &dev_attr_spec_store_bypass.attr, - &dev_attr_l1tf.attr, -+ &dev_attr_mds.attr, - NULL - }; - ---- a/include/linux/cpu.h -+++ b/include/linux/cpu.h -@@ -49,6 +49,8 @@ extern ssize_t cpu_show_spec_store_bypas - struct device_attribute *attr, char *buf); - extern ssize_t cpu_show_l1tf(struct device *dev, - struct device_attribute *attr, char *buf); -+extern ssize_t cpu_show_mds(struct device *dev, -+ struct device_attribute *attr, char *buf); - - #ifdef CONFIG_HOTPLUG_CPU - extern void unregister_cpu(struct cpu *cpu); diff --git a/queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch b/queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch deleted file mode 100644 index 19c190ea..00000000 --- a/queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch +++ /dev/null @@ -1,261 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Mon, 18 Feb 2019 23:42:51 +0100 -Subject: x86/speculation/mds: Clear CPU buffers on exit to user - -commit 04dcbdb8057827b043b3c71aa397c4c63e67d086 upstream. - -Add a static key which controls the invocation of the CPU buffer clear -mechanism on exit to user space and add the call into -prepare_exit_to_usermode() and do_nmi() right before actually returning. - -Add documentation which kernel to user space transition this covers and -explain why some corner cases are not mitigated. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: Add an assembly macro equivalent to - mds_user_clear_cpu_buffers() and use this in the system call exit path, - as we don't have prepare_exit_to_usermode()] -Cc: Dominik Brodowski <linux@dominikbrodowski.net> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: x86@kernel.org -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/x86/mds.rst -+++ b/Documentation/x86/mds.rst -@@ -97,3 +97,55 @@ According to current knowledge additiona - itself are not required because the necessary gadgets to expose the leaked - data cannot be controlled in a way which allows exploitation from malicious - user space or VM guests. -+ -+Mitigation points -+----------------- -+ -+1. Return to user space -+^^^^^^^^^^^^^^^^^^^^^^^ -+ -+ When transitioning from kernel to user space the CPU buffers are flushed -+ on affected CPUs when the mitigation is not disabled on the kernel -+ command line. The migitation is enabled through the static key -+ mds_user_clear. -+ -+ The mitigation is invoked in prepare_exit_to_usermode() which covers -+ most of the kernel to user space transitions. There are a few exceptions -+ which are not invoking prepare_exit_to_usermode() on return to user -+ space. These exceptions use the paranoid exit code. -+ -+ - Non Maskable Interrupt (NMI): -+ -+ Access to sensible data like keys, credentials in the NMI context is -+ mostly theoretical: The CPU can do prefetching or execute a -+ misspeculated code path and thereby fetching data which might end up -+ leaking through a buffer. -+ -+ But for mounting other attacks the kernel stack address of the task is -+ already valuable information. So in full mitigation mode, the NMI is -+ mitigated on the return from do_nmi() to provide almost complete -+ coverage. -+ -+ - Double fault (#DF): -+ -+ A double fault is usually fatal, but the ESPFIX workaround, which can -+ be triggered from user space through modify_ldt(2) is a recoverable -+ double fault. #DF uses the paranoid exit path, so explicit mitigation -+ in the double fault handler is required. -+ -+ - Machine Check Exception (#MC): -+ -+ Another corner case is a #MC which hits between the CPU buffer clear -+ invocation and the actual return to user. As this still is in kernel -+ space it takes the paranoid exit path which does not clear the CPU -+ buffers. So the #MC handler repopulates the buffers to some -+ extent. Machine checks are not reliably controllable and the window is -+ extremly small so mitigation would just tick a checkbox that this -+ theoretical corner case is covered. To keep the amount of special -+ cases small, ignore #MC. -+ -+ - Debug Exception (#DB): -+ -+ This takes the paranoid exit path only when the INT1 breakpoint is in -+ kernel space. #DB on a user space address takes the regular exit path, -+ so no extra mitigation required. ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -262,6 +262,8 @@ DECLARE_STATIC_KEY_FALSE(switch_to_cond_ - DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); - DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - -+DECLARE_STATIC_KEY_FALSE(mds_user_clear); -+ - #include <asm/segment.h> - - /** -@@ -287,5 +289,31 @@ static inline void mds_clear_cpu_buffers - asm volatile("verw %[ds]" : : [ds] "m" (ds) : "cc"); - } - -+/** -+ * mds_user_clear_cpu_buffers - Mitigation for MDS vulnerability -+ * -+ * Clear CPU buffers if the corresponding static key is enabled -+ */ -+static inline void mds_user_clear_cpu_buffers(void) -+{ -+ if (static_branch_likely(&mds_user_clear)) -+ mds_clear_cpu_buffers(); -+} -+ - #endif /* __ASSEMBLY__ */ -+ -+#ifdef __ASSEMBLY__ -+.macro MDS_USER_CLEAR_CPU_BUFFERS -+#ifdef CONFIG_JUMP_LABEL -+ STATIC_JUMP_IF_FALSE .Lmds_skip_clear_\@, mds_user_clear, def=0 -+#endif -+#ifdef CONFIG_X86_64 -+ verw mds_clear_cpu_buffers_ds(%rip) -+#else -+ verw mds_clear_cpu_buffers_ds -+#endif -+.Lmds_skip_clear_\@: -+.endm -+#endif -+ - #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -58,6 +58,12 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_cond_i - /* Control unconditional IBPB in switch_mm() */ - DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - -+/* Control MDS CPU buffer clear before returning to user space */ -+DEFINE_STATIC_KEY_FALSE(mds_user_clear); -+ -+/* For use by asm MDS_CLEAR_CPU_BUFFERS */ -+const u16 mds_clear_cpu_buffers_ds = __KERNEL_DS; -+ - #ifdef CONFIG_X86_32 - - static double __initdata x = 4195835.0; ---- a/arch/x86/kernel/nmi.c -+++ b/arch/x86/kernel/nmi.c -@@ -29,6 +29,7 @@ - #include <asm/mach_traps.h> - #include <asm/nmi.h> - #include <asm/x86_init.h> -+#include <asm/nospec-branch.h> - - #define CREATE_TRACE_POINTS - #include <trace/events/nmi.h> -@@ -522,6 +523,9 @@ nmi_restart: - write_cr2(this_cpu_read(nmi_cr2)); - if (this_cpu_dec_return(nmi_state)) - goto nmi_restart; -+ -+ if (user_mode(regs)) -+ mds_user_clear_cpu_buffers(); - } - NOKPROBE_SYMBOL(do_nmi); - ---- a/arch/x86/kernel/traps.c -+++ b/arch/x86/kernel/traps.c -@@ -55,6 +55,7 @@ - #include <asm/fixmap.h> - #include <asm/mach_traps.h> - #include <asm/alternative.h> -+#include <asm/nospec-branch.h> - - #ifdef CONFIG_X86_64 - #include <asm/x86_init.h> -@@ -258,6 +259,14 @@ dotraplinkage void do_double_fault(struc - normal_regs->orig_ax = 0; /* Missing (lost) #GP error code */ - regs->ip = (unsigned long)general_protection; - regs->sp = (unsigned long)&normal_regs->orig_ax; -+ -+ /* -+ * This situation can be triggered by userspace via -+ * modify_ldt(2) and the return does not take the regular -+ * user space exit, so a CPU buffer clear is required when -+ * MDS mitigation is enabled. -+ */ -+ mds_user_clear_cpu_buffers(); - return; - } - #endif ---- a/arch/x86/kernel/entry_32.S -+++ b/arch/x86/kernel/entry_32.S -@@ -443,6 +443,7 @@ sysenter_after_call: - testl $_TIF_ALLWORK_MASK, %ecx - jne sysexit_audit - sysenter_exit: -+ MDS_USER_CLEAR_CPU_BUFFERS - /* if something modifies registers it must also disable sysexit */ - movl PT_EIP(%esp), %edx - movl PT_OLDESP(%esp), %ecx -@@ -531,6 +532,7 @@ syscall_exit: - jne syscall_exit_work - - restore_all: -+ MDS_USER_CLEAR_CPU_BUFFERS - TRACE_IRQS_IRET - restore_all_notrace: - #ifdef CONFIG_X86_ESPFIX32 ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -475,6 +475,7 @@ sysret_check: - movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx - andl %edi,%edx - jnz sysret_careful -+ MDS_USER_CLEAR_CPU_BUFFERS - CFI_REMEMBER_STATE - /* - * sysretq will re-enable interrupts: -@@ -870,6 +871,7 @@ retint_swapgs: /* return to user-space - * The iretq could re-enable interrupts: - */ - DISABLE_INTERRUPTS(CLBR_ANY) -+ MDS_USER_CLEAR_CPU_BUFFERS - TRACE_IRQS_IRETQ - /* - * This opens a window where we have a user CR3, but are -@@ -1384,7 +1386,7 @@ paranoid_userspace: - GET_THREAD_INFO(%rcx) - movl TI_flags(%rcx),%ebx - andl $_TIF_WORK_MASK,%ebx -- jz paranoid_kernel -+ jz paranoid_userspace_done - movq %rsp,%rdi /* &pt_regs */ - call sync_regs - movq %rax,%rsp /* switch stack for scheduling */ -@@ -1406,6 +1408,9 @@ paranoid_schedule: - DISABLE_INTERRUPTS(CLBR_ANY) - TRACE_IRQS_OFF - jmp paranoid_userspace -+paranoid_userspace_done: -+ MDS_USER_CLEAR_CPU_BUFFERS -+ jmp paranoid_kernel - CFI_ENDPROC - END(paranoid_exit) - ---- a/arch/x86/ia32/ia32entry.S -+++ b/arch/x86/ia32/ia32entry.S -@@ -188,6 +188,7 @@ sysenter_dispatch: - testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) - jnz sysexit_audit - sysexit_from_sys_call: -+ MDS_USER_CLEAR_CPU_BUFFERS - andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - /* clear IF, that popfq doesn't enable interrupts early */ - andl $~0x200,EFLAGS-R11(%rsp) -@@ -362,6 +363,7 @@ cstar_dispatch: - testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) - jnz sysretl_audit - sysretl_from_sys_call: -+ MDS_USER_CLEAR_CPU_BUFFERS - andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - RESTORE_ARGS 0,-ARG_SKIP,0,0,0 - movl RIP-ARGOFFSET(%rsp),%ecx diff --git a/queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch b/queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch deleted file mode 100644 index 91685f54..00000000 --- a/queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch +++ /dev/null @@ -1,200 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Mon, 18 Feb 2019 23:04:01 +0100 -Subject: x86/speculation/mds: Conditionally clear CPU buffers on idle entry - -commit 07f07f55a29cb705e221eda7894dd67ab81ef343 upstream. - -Add a static key which controls the invocation of the CPU buffer clear -mechanism on idle entry. This is independent of other MDS mitigations -because the idle entry invocation to mitigate the potential leakage due to -store buffer repartitioning is only necessary on SMT systems. - -Add the actual invocations to the different halt/mwait variants which -covers all usage sites. mwaitx is not patched as it's not available on -Intel CPUs. - -The buffer clear is only invoked before entering the C-State to prevent -that stale data from the idling CPU is spilled to the Hyper-Thread sibling -after the Store buffer got repartitioned and all entries are available to -the non idle sibling. - -When coming out of idle the store buffer is partitioned again so each -sibling has half of it available. Now CPU which returned from idle could be -speculatively exposed to contents of the sibling, but the buffers are -flushed either on exit to user space or on VMENTER. - -When later on conditional buffer clearing is implemented on top of this, -then there is no action required either because before returning to user -space the context switch will set the condition flag which causes a flush -on the return to user path. - -Note, that the buffer clearing on idle is only sensible on CPUs which are -solely affected by MSBDS and not any other variant of MDS because the other -MDS variants cannot be mitigated when SMT is enabled, so the buffer -clearing on idle would be a window dressing exercise. - -This intentionally does not handle the case in the acpi/processor_idle -driver which uses the legacy IO port interface for C-State transitions for -two reasons: - - - The acpi/processor_idle driver was replaced by the intel_idle driver - almost a decade ago. Anything Nehalem upwards supports it and defaults - to that new driver. - - - The legacy IO port interface is likely to be used on older and therefore - unaffected CPUs or on systems which do not receive microcode updates - anymore, so there is no point in adding that. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Reviewed-by: Frederic Weisbecker <frederic@kernel.org> -Reviewed-by: Jon Masters <jcm@redhat.com> -Tested-by: Jon Masters <jcm@redhat.com> -[bwh: Backported to 3.16: - - Drop change in _mwaitx() - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/x86/mds.rst -+++ b/Documentation/x86/mds.rst -@@ -149,3 +149,45 @@ Mitigation points - This takes the paranoid exit path only when the INT1 breakpoint is in - kernel space. #DB on a user space address takes the regular exit path, - so no extra mitigation required. -+ -+ -+2. C-State transition -+^^^^^^^^^^^^^^^^^^^^^ -+ -+ When a CPU goes idle and enters a C-State the CPU buffers need to be -+ cleared on affected CPUs when SMT is active. This addresses the -+ repartitioning of the store buffer when one of the Hyper-Threads enters -+ a C-State. -+ -+ When SMT is inactive, i.e. either the CPU does not support it or all -+ sibling threads are offline CPU buffer clearing is not required. -+ -+ The idle clearing is enabled on CPUs which are only affected by MSBDS -+ and not by any other MDS variant. The other MDS variants cannot be -+ protected against cross Hyper-Thread attacks because the Fill Buffer and -+ the Load Ports are shared. So on CPUs affected by other variants, the -+ idle clearing would be a window dressing exercise and is therefore not -+ activated. -+ -+ The invocation is controlled by the static key mds_idle_clear which is -+ switched depending on the chosen mitigation mode and the SMT state of -+ the system. -+ -+ The buffer clear is only invoked before entering the C-State to prevent -+ that stale data from the idling CPU from spilling to the Hyper-Thread -+ sibling after the store buffer got repartitioned and all entries are -+ available to the non idle sibling. -+ -+ When coming out of idle the store buffer is partitioned again so each -+ sibling has half of it available. The back from idle CPU could be then -+ speculatively exposed to contents of the sibling. The buffers are -+ flushed either on exit to user space or on VMENTER so malicious code -+ in user space or the guest cannot speculatively access them. -+ -+ The mitigation is hooked into all variants of halt()/mwait(), but does -+ not cover the legacy ACPI IO-Port mechanism because the ACPI idle driver -+ has been superseded by the intel_idle driver around 2010 and is -+ preferred on all affected CPUs which are expected to gain the MD_CLEAR -+ functionality in microcode. Aside of that the IO-Port mechanism is a -+ legacy interface which is only used on older systems which are either -+ not affected or do not receive microcode updates anymore. ---- a/arch/x86/include/asm/irqflags.h -+++ b/arch/x86/include/asm/irqflags.h -@@ -4,6 +4,9 @@ - #include <asm/processor-flags.h> - - #ifndef __ASSEMBLY__ -+ -+#include <asm/nospec-branch.h> -+ - /* - * Interrupt control: - */ -@@ -46,11 +49,13 @@ static inline void native_irq_enable(voi - - static inline void native_safe_halt(void) - { -+ mds_idle_clear_cpu_buffers(); - asm volatile("sti; hlt": : :"memory"); - } - - static inline void native_halt(void) - { -+ mds_idle_clear_cpu_buffers(); - asm volatile("hlt": : :"memory"); - } - ---- a/arch/x86/include/asm/mwait.h -+++ b/arch/x86/include/asm/mwait.h -@@ -4,6 +4,7 @@ - #include <linux/sched.h> - - #include <asm/cpufeature.h> -+#include <asm/nospec-branch.h> - - #define MWAIT_SUBSTATE_MASK 0xf - #define MWAIT_CSTATE_MASK 0xf -@@ -27,6 +28,8 @@ static inline void __monitor(const void - - static inline void __mwait(unsigned long eax, unsigned long ecx) - { -+ mds_idle_clear_cpu_buffers(); -+ - /* "mwait %eax, %ecx;" */ - asm volatile(".byte 0x0f, 0x01, 0xc9;" - :: "a" (eax), "c" (ecx)); -@@ -34,6 +37,8 @@ static inline void __mwait(unsigned long - - static inline void __sti_mwait(unsigned long eax, unsigned long ecx) - { -+ mds_idle_clear_cpu_buffers(); -+ - trace_hardirqs_on(); - /* "mwait %eax, %ecx;" */ - asm volatile("sti; .byte 0x0f, 0x01, 0xc9;" ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -263,6 +263,7 @@ DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ - DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - - DECLARE_STATIC_KEY_FALSE(mds_user_clear); -+DECLARE_STATIC_KEY_FALSE(mds_idle_clear); - - #include <asm/segment.h> - -@@ -300,6 +301,17 @@ static inline void mds_user_clear_cpu_bu - mds_clear_cpu_buffers(); - } - -+/** -+ * mds_idle_clear_cpu_buffers - Mitigation for MDS vulnerability -+ * -+ * Clear CPU buffers if the corresponding static key is enabled -+ */ -+static inline void mds_idle_clear_cpu_buffers(void) -+{ -+ if (static_branch_likely(&mds_idle_clear)) -+ mds_clear_cpu_buffers(); -+} -+ - #endif /* __ASSEMBLY__ */ - - #ifdef __ASSEMBLY__ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -60,6 +60,9 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_always - - /* Control MDS CPU buffer clear before returning to user space */ - DEFINE_STATIC_KEY_FALSE(mds_user_clear); -+/* Control MDS CPU buffer clear before idling (halt, mwait) */ -+DEFINE_STATIC_KEY_FALSE(mds_idle_clear); -+EXPORT_SYMBOL_GPL(mds_idle_clear); - - /* For use by asm MDS_CLEAR_CPU_BUFFERS */ - const u16 mds_clear_cpu_buffers_ds = __KERNEL_DS; diff --git a/queue-3.16/x86-speculation-mds-fix-comment.patch b/queue-3.16/x86-speculation-mds-fix-comment.patch deleted file mode 100644 index e118d0f4..00000000 --- a/queue-3.16/x86-speculation-mds-fix-comment.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Date: Fri, 12 Apr 2019 17:50:57 -0400 -Subject: x86/speculation/mds: Fix comment - -commit cae5ec342645746d617dd420d206e1588d47768a upstream. - -s/L1TF/MDS/ - -Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Tyler Hicks <tyhicks@canonical.com> -Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -276,7 +276,7 @@ static void x86_amd_ssb_disable(void) - #undef pr_fmt - #define pr_fmt(fmt) "MDS: " fmt - --/* Default mitigation for L1TF-affected CPUs */ -+/* Default mitigation for MDS-affected CPUs */ - static enum mds_mitigations mds_mitigation = MDS_MITIGATION_FULL; - - static const char * const mds_strings[] = { diff --git a/queue-3.16/x86-speculation-mds-fix-documentation-typo.patch b/queue-3.16/x86-speculation-mds-fix-documentation-typo.patch deleted file mode 100644 index 87af1c89..00000000 --- a/queue-3.16/x86-speculation-mds-fix-documentation-typo.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Josh Poimboeuf <jpoimboe@redhat.com> -Date: Tue, 7 May 2019 15:05:22 -0500 -Subject: x86/speculation/mds: Fix documentation typo - -commit 95310e348a321b45fb746c176961d4da72344282 upstream. - -Fix a minor typo in the MDS documentation: "eanbled" -> "enabled". - -Reported-by: Jeff Bastian <jbastian@redhat.com> -Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/x86/mds.rst | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/Documentation/x86/mds.rst -+++ b/Documentation/x86/mds.rst -@@ -116,7 +116,7 @@ Kernel internal mitigation modes - off Mitigation is disabled. Either the CPU is not affected or - mds=off is supplied on the kernel command line - -- full Mitigation is eanbled. CPU is affected and MD_CLEAR is -+ full Mitigation is enabled. CPU is affected and MD_CLEAR is - advertised in CPUID. - - vmwerv Mitigation is enabled. CPU is affected and MD_CLEAR is not diff --git a/queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch b/queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch deleted file mode 100644 index 778bf88b..00000000 --- a/queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Date: Fri, 12 Apr 2019 17:50:58 -0400 -Subject: x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations - off - -commit e2c3c94788b08891dcf3dbe608f9880523ecd71b upstream. - -This code is only for CPUs which are affected by MSBDS, but are *not* -affected by the other two MDS issues. - -For such CPUs, enabling the mds_idle_clear mitigation is enough to -mitigate SMT. - -However if user boots with 'mds=off' and still has SMT enabled, we should -not report that SMT is mitigated: - -$cat /sys//devices/system/cpu/vulnerabilities/mds -Vulnerable; SMT mitigated - -But rather: -Vulnerable; SMT vulnerable - -Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Tyler Hicks <tyhicks@canonical.com> -Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> -Link: https://lkml.kernel.org/r/20190412215118.294906495@localhost.localdomain -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -1156,7 +1156,8 @@ static ssize_t mds_show_state(char *buf) - - if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) { - return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], -- sched_smt_active() ? "mitigated" : "disabled"); -+ (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" : -+ sched_smt_active() ? "mitigated" : "disabled")); - } - - return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], diff --git a/queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch b/queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch deleted file mode 100644 index 4f92dbc3..00000000 --- a/queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Josh Poimboeuf <jpoimboe@redhat.com> -Date: Tue, 2 Apr 2019 10:00:14 -0500 -Subject: x86/speculation: Move arch_smt_update() call to after mitigation - decisions - -commit 7c3658b20194a5b3209a143f63bc9c643c6a3ae2 upstream. - -arch_smt_update() now has a dependency on both Spectre v2 and MDS -mitigations. Move its initial call to after all the mitigation decisions -have been made. - -Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Tyler Hicks <tyhicks@canonical.com> -Acked-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -161,6 +161,8 @@ void __init check_bugs(void) - - mds_select_mitigation(); - -+ arch_smt_update(); -+ - #ifdef CONFIG_X86_32 - /* - * Check whether we are able to run this kernel safely on SMP. -@@ -677,9 +679,6 @@ specv2_set_mode: - - /* Set up IBPB and STIBP depending on the general spectre V2 command */ - spectre_v2_user_select_mitigation(cmd); -- -- /* Enable STIBP if appropriate */ -- arch_smt_update(); - } - - static void update_stibp_msr(void * __unused) diff --git a/queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch b/queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch deleted file mode 100644 index b857b9c6..00000000 --- a/queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:32 +0100 -Subject: x86/speculation: Move STIPB/IBPB string conditionals out of - cpu_show_common() - -commit a8f76ae41cd633ac00be1b3019b1eb4741be3828 upstream. - -The Spectre V2 printout in cpu_show_common() handles conditionals for the -various mitigation methods directly in the sprintf() argument list. That's -hard to read and will become unreadable if more complex decisions need to -be made for a particular method. - -Move the conditionals for STIBP and IBPB string selection into helper -functions, so they can be extended later on. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185003.874479208@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -821,6 +821,22 @@ static void __init l1tf_select_mitigatio - - #ifdef CONFIG_SYSFS - -+static char *stibp_state(void) -+{ -+ if (x86_spec_ctrl_base & SPEC_CTRL_STIBP) -+ return ", STIBP"; -+ else -+ return ""; -+} -+ -+static char *ibpb_state(void) -+{ -+ if (boot_cpu_has(X86_FEATURE_USE_IBPB)) -+ return ", IBPB"; -+ else -+ return ""; -+} -+ - static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, - char *buf, unsigned int bug) - { -@@ -839,9 +855,9 @@ static ssize_t cpu_show_common(struct de - - case X86_BUG_SPECTRE_V2: - return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], -- boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", -+ ibpb_state(), - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", -- (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "", -+ stibp_state(), - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", - spectre_v2_module_string()); - diff --git a/queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch b/queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch deleted file mode 100644 index 25473f8c..00000000 --- a/queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch +++ /dev/null @@ -1,107 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:52 +0100 -Subject: x86/speculation: Prepare arch_smt_update() for PRCTL mode - -commit 6893a959d7fdebbab5f5aa112c277d5a44435ba1 upstream. - -The upcoming fine grained per task STIBP control needs to be updated on CPU -hotplug as well. - -Split out the code which controls the strict mode so the prctl control code -can be added later. Mark the SMP function call argument __unused while at it. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.759457117@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 46 +++++++++++++++++++++----------------- - 1 file changed, 25 insertions(+), 21 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -588,40 +588,44 @@ specv2_set_mode: - arch_smt_update(); - } - --static bool stibp_needed(void) -+static void update_stibp_msr(void * __unused) - { -- /* Enhanced IBRS makes using STIBP unnecessary. */ -- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -- return false; -- -- /* Check for strict user mitigation mode */ -- return spectre_v2_user == SPECTRE_V2_USER_STRICT; -+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); - } - --static void update_stibp_msr(void *info) -+/* Update x86_spec_ctrl_base in case SMT state changed. */ -+static void update_stibp_strict(void) - { -- wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); -+ u64 mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; -+ -+ if (sched_smt_active()) -+ mask |= SPEC_CTRL_STIBP; -+ -+ if (mask == x86_spec_ctrl_base) -+ return; -+ -+ pr_info("Update user space SMT mitigation: STIBP %s\n", -+ mask & SPEC_CTRL_STIBP ? "always-on" : "off"); -+ x86_spec_ctrl_base = mask; -+ on_each_cpu(update_stibp_msr, NULL, 1); - } - - void arch_smt_update(void) - { -- u64 mask; -- -- if (!stibp_needed()) -+ /* Enhanced IBRS implies STIBP. No update required. */ -+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) - return; - - mutex_lock(&spec_ctrl_mutex); - -- mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; -- if (sched_smt_active()) -- mask |= SPEC_CTRL_STIBP; -- -- if (mask != x86_spec_ctrl_base) { -- pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n", -- mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling"); -- x86_spec_ctrl_base = mask; -- on_each_cpu(update_stibp_msr, NULL, 1); -+ switch (spectre_v2_user) { -+ case SPECTRE_V2_USER_NONE: -+ break; -+ case SPECTRE_V2_USER_STRICT: -+ update_stibp_strict(); -+ break; - } -+ - mutex_unlock(&spec_ctrl_mutex); - } - diff --git a/queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch b/queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch deleted file mode 100644 index 56eb052d..00000000 --- a/queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch +++ /dev/null @@ -1,292 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:49 +0100 -Subject: x86/speculation: Prepare for conditional IBPB in switch_mm() - -commit 4c71a2b6fd7e42814aa68a6dec88abf3b42ea573 upstream. - -The IBPB speculation barrier is issued from switch_mm() when the kernel -switches to a user space task with a different mm than the user space task -which ran last on the same CPU. - -An additional optimization is to avoid IBPB when the incoming task can be -ptraced by the outgoing task. This optimization only works when switching -directly between two user space tasks. When switching from a kernel task to -a user space task the optimization fails because the previous task cannot -be accessed anymore. So for quite some scenarios the optimization is just -adding overhead. - -The upcoming conditional IBPB support will issue IBPB only for user space -tasks which have the TIF_SPEC_IB bit set. This requires to handle the -following cases: - - 1) Switch from a user space task (potential attacker) which has - TIF_SPEC_IB set to a user space task (potential victim) which has - TIF_SPEC_IB not set. - - 2) Switch from a user space task (potential attacker) which has - TIF_SPEC_IB not set to a user space task (potential victim) which has - TIF_SPEC_IB set. - -This needs to be optimized for the case where the IBPB can be avoided when -only kernel threads ran in between user space tasks which belong to the -same process. - -The current check whether two tasks belong to the same context is using the -tasks context id. While correct, it's simpler to use the mm pointer because -it allows to mangle the TIF_SPEC_IB bit into it. The context id based -mechanism requires extra storage, which creates worse code. - -When a task is scheduled out its TIF_SPEC_IB bit is mangled as bit 0 into -the per CPU storage which is used to track the last user space mm which was -running on a CPU. This bit can be used together with the TIF_SPEC_IB bit of -the incoming task to make the decision whether IBPB needs to be issued or -not to cover the two cases above. - -As conditional IBPB is going to be the default, remove the dubious ptrace -check for the IBPB always case and simply issue IBPB always when the -process changes. - -Move the storage to a different place in the struct as the original one -created a hole. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.466447057@linutronix.de -[bwh: Backported to 3.16: - - Drop changes in initialize_tlbstate_and_flush() - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -257,6 +257,8 @@ do { \ - } while (0) - - DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp); -+DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); -+DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - - #endif /* __ASSEMBLY__ */ - #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */ ---- a/arch/x86/include/asm/tlbflush.h -+++ b/arch/x86/include/asm/tlbflush.h -@@ -268,6 +268,12 @@ void native_flush_tlb_others(const struc - struct tlb_state { - struct mm_struct *active_mm; - int state; -+ -+ /* Last user mm for optimizing IBPB */ -+ union { -+ struct mm_struct *last_user_mm; -+ unsigned long last_user_mm_ibpb; -+ }; - }; - DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -53,6 +53,10 @@ u64 x86_amd_ls_cfg_ssbd_mask; - - /* Control conditional STIPB in switch_to() */ - DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp); -+/* Control conditional IBPB in switch_mm() */ -+DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); -+/* Control unconditional IBPB in switch_mm() */ -+DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - - #ifdef CONFIG_X86_32 - -@@ -382,7 +386,17 @@ spectre_v2_user_select_mitigation(enum s - /* Initialize Indirect Branch Prediction Barrier */ - if (boot_cpu_has(X86_FEATURE_IBPB)) { - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); -- pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); -+ -+ switch (mode) { -+ case SPECTRE_V2_USER_STRICT: -+ static_branch_enable(&switch_mm_always_ibpb); -+ break; -+ default: -+ break; -+ } -+ -+ pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", -+ mode == SPECTRE_V2_USER_STRICT ? "always-on" : "conditional"); - } - - /* If enhanced IBRS is enabled no STIPB required */ -@@ -929,10 +943,15 @@ static char *stibp_state(void) - - static char *ibpb_state(void) - { -- if (boot_cpu_has(X86_FEATURE_USE_IBPB)) -- return ", IBPB"; -- else -- return ""; -+ if (boot_cpu_has(X86_FEATURE_IBPB)) { -+ switch (spectre_v2_user) { -+ case SPECTRE_V2_USER_NONE: -+ return ", IBPB: disabled"; -+ case SPECTRE_V2_USER_STRICT: -+ return ", IBPB: always-on"; -+ } -+ } -+ return ""; - } - - static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, ---- a/arch/x86/mm/tlb.c -+++ b/arch/x86/mm/tlb.c -@@ -7,7 +7,6 @@ - #include <linux/module.h> - #include <linux/cpu.h> - #include <linux/debugfs.h> --#include <linux/ptrace.h> - - #include <asm/tlbflush.h> - #include <asm/mmu_context.h> -@@ -34,6 +33,12 @@ DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb - * Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi - */ - -+/* -+ * Use bit 0 to mangle the TIF_SPEC_IB state into the mm pointer which is -+ * stored in cpu_tlb_state.last_user_mm_ibpb. -+ */ -+#define LAST_USER_MM_IBPB 0x1UL -+ - struct flush_tlb_info { - struct mm_struct *flush_mm; - unsigned long flush_start; -@@ -96,17 +101,87 @@ void switch_mm(struct mm_struct *prev, s - local_irq_restore(flags); - } - --static bool ibpb_needed(struct task_struct *tsk) -+static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next) -+{ -+ unsigned long next_tif = task_thread_info(next)->flags; -+ unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB; -+ -+ return (unsigned long)next->mm | ibpb; -+} -+ -+static void cond_ibpb(struct task_struct *next) - { -+ if (!next || !next->mm) -+ return; -+ - /* -- * Check if the current (previous) task has access to the memory -- * of the @tsk (next) task. If access is denied, make sure to -- * issue a IBPB to stop user->user Spectre-v2 attacks. -- * -- * Note: __ptrace_may_access() returns 0 or -ERRNO. -+ * Both, the conditional and the always IBPB mode use the mm -+ * pointer to avoid the IBPB when switching between tasks of the -+ * same process. Using the mm pointer instead of mm->context.ctx_id -+ * opens a hypothetical hole vs. mm_struct reuse, which is more or -+ * less impossible to control by an attacker. Aside of that it -+ * would only affect the first schedule so the theoretically -+ * exposed data is not really interesting. - */ -- return (tsk && tsk->mm && -- ptrace_may_access_sched(tsk, PTRACE_MODE_SPEC_IBPB)); -+ if (static_branch_likely(&switch_mm_cond_ibpb)) { -+ unsigned long prev_mm, next_mm; -+ -+ /* -+ * This is a bit more complex than the always mode because -+ * it has to handle two cases: -+ * -+ * 1) Switch from a user space task (potential attacker) -+ * which has TIF_SPEC_IB set to a user space task -+ * (potential victim) which has TIF_SPEC_IB not set. -+ * -+ * 2) Switch from a user space task (potential attacker) -+ * which has TIF_SPEC_IB not set to a user space task -+ * (potential victim) which has TIF_SPEC_IB set. -+ * -+ * This could be done by unconditionally issuing IBPB when -+ * a task which has TIF_SPEC_IB set is either scheduled in -+ * or out. Though that results in two flushes when: -+ * -+ * - the same user space task is scheduled out and later -+ * scheduled in again and only a kernel thread ran in -+ * between. -+ * -+ * - a user space task belonging to the same process is -+ * scheduled in after a kernel thread ran in between -+ * -+ * - a user space task belonging to the same process is -+ * scheduled in immediately. -+ * -+ * Optimize this with reasonably small overhead for the -+ * above cases. Mangle the TIF_SPEC_IB bit into the mm -+ * pointer of the incoming task which is stored in -+ * cpu_tlbstate.last_user_mm_ibpb for comparison. -+ */ -+ next_mm = mm_mangle_tif_spec_ib(next); -+ prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_ibpb); -+ -+ /* -+ * Issue IBPB only if the mm's are different and one or -+ * both have the IBPB bit set. -+ */ -+ if (next_mm != prev_mm && -+ (next_mm | prev_mm) & LAST_USER_MM_IBPB) -+ indirect_branch_prediction_barrier(); -+ -+ this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, next_mm); -+ } -+ -+ if (static_branch_unlikely(&switch_mm_always_ibpb)) { -+ /* -+ * Only flush when switching to a user space task with a -+ * different context than the user space task which ran -+ * last on this CPU. -+ */ -+ if (this_cpu_read(cpu_tlbstate.last_user_mm) != next->mm) { -+ indirect_branch_prediction_barrier(); -+ this_cpu_write(cpu_tlbstate.last_user_mm, next->mm); -+ } -+ } - } - - void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, -@@ -119,15 +194,8 @@ void switch_mm_irqs_off(struct mm_struct - * Avoid user/user BTB poisoning by flushing the branch - * predictor when switching between processes. This stops - * one process from doing Spectre-v2 attacks on another. -- * -- * As an optimization, flush indirect branches only when -- * switching into a processes that can't be ptrace by the -- * current one (as in such case, attacker has much more -- * convenient way how to tamper with the next process than -- * branch buffer poisoning). - */ -- if (static_cpu_has(X86_FEATURE_USE_IBPB) && ibpb_needed(tsk)) -- indirect_branch_prediction_barrier(); -+ cond_ibpb(tsk); - - this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); - this_cpu_write(cpu_tlbstate.active_mm, next); diff --git a/queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch b/queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch deleted file mode 100644 index 29ecf208..00000000 --- a/queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch +++ /dev/null @@ -1,188 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:46 +0100 -Subject: x86/speculation: Prepare for per task indirect branch speculation - control - -commit 5bfbe3ad5840d941b89bcac54b821ba14f50a0ba upstream. - -To avoid the overhead of STIBP always on, it's necessary to allow per task -control of STIBP. - -Add a new task flag TIF_SPEC_IB and evaluate it during context switch if -SMT is active and flag evaluation is enabled by the speculation control -code. Add the conditional evaluation to x86_virt_spec_ctrl() as well so the -guest/host switch works properly. - -This has no effect because TIF_SPEC_IB cannot be set yet and the static key -which controls evaluation is off. Preparatory patch for adding the control -code. - -[ tglx: Simplify the context switch logic and make the TIF evaluation - depend on SMP=y and on the static key controlling the conditional - update. Rename it to TIF_SPEC_IB because it controls both STIBP and - IBPB ] - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.176917199@linutronix.de -[bwh: Backported to 3.16: - - Exclude _TIF_SPEC_IB from _TIF_WORK_MASK and _TIF_ALLWORK_MASK - - Adjust filename, context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/include/asm/spec-ctrl.h -+++ b/arch/x86/include/asm/spec-ctrl.h -@@ -53,12 +53,24 @@ static inline u64 ssbd_tif_to_spec_ctrl( - return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); - } - -+static inline u64 stibp_tif_to_spec_ctrl(u64 tifn) -+{ -+ BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); -+ return (tifn & _TIF_SPEC_IB) >> (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); -+} -+ - static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl) - { - BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); - return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); - } - -+static inline unsigned long stibp_spec_ctrl_to_tif(u64 spec_ctrl) -+{ -+ BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); -+ return (spec_ctrl & SPEC_CTRL_STIBP) << (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); -+} -+ - static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn) - { - return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL; ---- a/arch/x86/include/asm/thread_info.h -+++ b/arch/x86/include/asm/thread_info.h -@@ -76,6 +76,7 @@ struct thread_info { - #define TIF_SYSCALL_EMU 6 /* syscall emulation active */ - #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ - #define TIF_SECCOMP 8 /* secure computing */ -+#define TIF_SPEC_IB 9 /* Indirect branch speculation mitigation */ - #define TIF_MCE_NOTIFY 10 /* notify userspace of an MCE */ - #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */ - #define TIF_UPROBE 12 /* breakpointed or singlestepping */ -@@ -102,6 +103,7 @@ struct thread_info { - #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) - #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) - #define _TIF_SECCOMP (1 << TIF_SECCOMP) -+#define _TIF_SPEC_IB (1 << TIF_SPEC_IB) - #define _TIF_MCE_NOTIFY (1 << TIF_MCE_NOTIFY) - #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY) - #define _TIF_UPROBE (1 << TIF_UPROBE) -@@ -133,11 +135,12 @@ struct thread_info { - #define _TIF_WORK_MASK \ - (0x0000FFFF & \ - ~(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT| \ -- _TIF_SINGLESTEP|_TIF_SSBD|_TIF_SECCOMP|_TIF_SYSCALL_EMU)) -+ _TIF_SINGLESTEP|_TIF_SSBD|_TIF_SECCOMP|_TIF_SYSCALL_EMU| \ -+ _TIF_SPEC_IB)) - - /* work to do on any return to user space */ - #define _TIF_ALLWORK_MASK \ -- ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP)) | \ -+ ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP | _TIF_SPEC_IB)) | \ - _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ) - - /* Only used for 64 bit */ -@@ -147,7 +150,8 @@ struct thread_info { - - /* flags to check in __switch_to() */ - #define _TIF_WORK_CTXSW \ -- (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD) -+ (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP| \ -+ _TIF_SSBD|_TIF_SPEC_IB) - - #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) - #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) ---- a/arch/x86/include/uapi/asm/msr-index.h -+++ b/arch/x86/include/uapi/asm/msr-index.h -@@ -34,9 +34,10 @@ - /* Intel MSRs. Some also available on other CPUs */ - #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ - #define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ --#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */ -+#define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */ -+#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ - #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ --#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ -+#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ - - #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ - #define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -202,6 +202,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, - static_cpu_has(X86_FEATURE_AMD_SSBD)) - hostval |= ssbd_tif_to_spec_ctrl(ti->flags); - -+ /* Conditional STIBP enabled? */ -+ if (static_branch_unlikely(&switch_to_cond_stibp)) -+ hostval |= stibp_tif_to_spec_ctrl(ti->flags); -+ - if (hostval != guestval) { - msrval = setguest ? guestval : hostval; - wrmsrl(MSR_IA32_SPEC_CTRL, msrval); ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -344,11 +344,17 @@ static __always_inline void amd_set_ssb_ - static __always_inline void __speculation_ctrl_update(unsigned long tifp, - unsigned long tifn) - { -+ unsigned long tif_diff = tifp ^ tifn; - u64 msr = x86_spec_ctrl_base; - bool updmsr = false; - -- /* If TIF_SSBD is different, select the proper mitigation method */ -- if ((tifp ^ tifn) & _TIF_SSBD) { -+ /* -+ * If TIF_SSBD is different, select the proper mitigation -+ * method. Note that if SSBD mitigation is disabled or permanentely -+ * enabled this branch can't be taken because nothing can set -+ * TIF_SSBD. -+ */ -+ if (tif_diff & _TIF_SSBD) { - if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) { - amd_set_ssb_virt_state(tifn); - } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) { -@@ -360,6 +366,16 @@ static __always_inline void __speculatio - } - } - -+ /* -+ * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled, -+ * otherwise avoid the MSR write. -+ */ -+ if (IS_ENABLED(CONFIG_SMP) && -+ static_branch_unlikely(&switch_to_cond_stibp)) { -+ updmsr |= !!(tif_diff & _TIF_SPEC_IB); -+ msr |= stibp_tif_to_spec_ctrl(tifn); -+ } -+ - if (updmsr) - wrmsrl(MSR_IA32_SPEC_CTRL, msr); - } diff --git a/queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch b/queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch deleted file mode 100644 index de3dc7b7..00000000 --- a/queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch +++ /dev/null @@ -1,236 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Wed, 28 Nov 2018 10:56:57 +0100 -Subject: x86/speculation: Prevent stale SPEC_CTRL msr content - -commit 6d991ba509ebcfcc908e009d1db51972a4f7a064 upstream. - -The seccomp speculation control operates on all tasks of a process, but -only the current task of a process can update the MSR immediately. For the -other threads the update is deferred to the next context switch. - -This creates the following situation with Process A and B: - -Process A task 2 and Process B task 1 are pinned on CPU1. Process A task 2 -does not have the speculation control TIF bit set. Process B task 1 has the -speculation control TIF bit set. - -CPU0 CPU1 - MSR bit is set - ProcB.T1 schedules out - ProcA.T2 schedules in - MSR bit is cleared -ProcA.T1 - seccomp_update() - set TIF bit on ProcA.T2 - ProcB.T1 schedules in - MSR is not updated <-- FAIL - -This happens because the context switch code tries to avoid the MSR update -if the speculation control TIF bits of the incoming and the outgoing task -are the same. In the worst case ProcB.T1 and ProcA.T2 are the only tasks -scheduling back and forth on CPU1, which keeps the MSR stale forever. - -In theory this could be remedied by IPIs, but chasing the remote task which -could be migrated is complex and full of races. - -The straight forward solution is to avoid the asychronous update of the TIF -bit and defer it to the next context switch. The speculation control state -is stored in task_struct::atomic_flags by the prctl and seccomp updates -already. - -Add a new TIF_SPEC_FORCE_UPDATE bit and set this after updating the -atomic_flags. Check the bit on context switch and force a synchronous -update of the speculation control if set. Use the same mechanism for -updating the current task. - -Reported-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1811272247140.1875@nanos.tec.linutronix.de -[bwh: Backported to 3.16: - - Assign the first available thread_info flag - - Exclude _TIF_SPEC_FORCE_UPDATE from _TIF_WORK_MASK and _TIF_ALLWORK_MASK] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/spec-ctrl.h | 6 +----- - arch/x86/include/asm/thread_info.h | 4 +++- - arch/x86/kernel/cpu/bugs.c | 18 +++++++----------- - arch/x86/kernel/process.c | 30 +++++++++++++++++++++++++++++- - 4 files changed, 40 insertions(+), 18 deletions(-) - ---- a/arch/x86/include/asm/spec-ctrl.h -+++ b/arch/x86/include/asm/spec-ctrl.h -@@ -83,10 +83,6 @@ static inline void speculative_store_byp - #endif - - extern void speculation_ctrl_update(unsigned long tif); -- --static inline void speculation_ctrl_update_current(void) --{ -- speculation_ctrl_update(current_thread_info()->flags); --} -+extern void speculation_ctrl_update_current(void); - - #endif ---- a/arch/x86/include/asm/thread_info.h -+++ b/arch/x86/include/asm/thread_info.h -@@ -80,6 +80,7 @@ struct thread_info { - #define TIF_MCE_NOTIFY 10 /* notify userspace of an MCE */ - #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */ - #define TIF_UPROBE 12 /* breakpointed or singlestepping */ -+#define TIF_SPEC_FORCE_UPDATE 13 /* Force speculation MSR update in context switch */ - #define TIF_NOTSC 16 /* TSC is not accessible in userland */ - #define TIF_IA32 17 /* IA32 compatibility process */ - #define TIF_FORK 18 /* ret_from_fork */ -@@ -107,6 +108,7 @@ struct thread_info { - #define _TIF_MCE_NOTIFY (1 << TIF_MCE_NOTIFY) - #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY) - #define _TIF_UPROBE (1 << TIF_UPROBE) -+#define _TIF_SPEC_FORCE_UPDATE (1 << TIF_SPEC_FORCE_UPDATE) - #define _TIF_NOTSC (1 << TIF_NOTSC) - #define _TIF_IA32 (1 << TIF_IA32) - #define _TIF_FORK (1 << TIF_FORK) -@@ -136,11 +138,12 @@ struct thread_info { - (0x0000FFFF & \ - ~(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT| \ - _TIF_SINGLESTEP|_TIF_SSBD|_TIF_SECCOMP|_TIF_SYSCALL_EMU| \ -- _TIF_SPEC_IB)) -+ _TIF_SPEC_IB|_TIF_SPEC_FORCE_UPDATE)) - - /* work to do on any return to user space */ - #define _TIF_ALLWORK_MASK \ -- ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP | _TIF_SPEC_IB)) | \ -+ ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP | _TIF_SPEC_IB | \ -+ _TIF_SPEC_FORCE_UPDATE)) | \ - _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ) - - /* Only used for 64 bit */ -@@ -151,7 +154,7 @@ struct thread_info { - /* flags to check in __switch_to() */ - #define _TIF_WORK_CTXSW_BASE \ - (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP| \ -- _TIF_SSBD) -+ _TIF_SSBD | _TIF_SPEC_FORCE_UPDATE) - - /* - * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated. ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -764,14 +764,10 @@ static void ssb_select_mitigation(void) - #undef pr_fmt - #define pr_fmt(fmt) "Speculation prctl: " fmt - --static void task_update_spec_tif(struct task_struct *tsk, int tifbit, bool on) -+static void task_update_spec_tif(struct task_struct *tsk) - { -- bool update; -- -- if (on) -- update = !test_and_set_tsk_thread_flag(tsk, tifbit); -- else -- update = test_and_clear_tsk_thread_flag(tsk, tifbit); -+ /* Force the update of the real TIF bits */ -+ set_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE); - - /* - * Immediately update the speculation control MSRs for the current -@@ -781,7 +777,7 @@ static void task_update_spec_tif(struct - * This can only happen for SECCOMP mitigation. For PRCTL it's - * always the current task. - */ -- if (tsk == current && update) -+ if (tsk == current) - speculation_ctrl_update_current(); - } - -@@ -797,16 +793,16 @@ static int ssb_prctl_set(struct task_str - if (task_spec_ssb_force_disable(task)) - return -EPERM; - task_clear_spec_ssb_disable(task); -- task_update_spec_tif(task, TIF_SSBD, false); -+ task_update_spec_tif(task); - break; - case PR_SPEC_DISABLE: - task_set_spec_ssb_disable(task); -- task_update_spec_tif(task, TIF_SSBD, true); -+ task_update_spec_tif(task); - break; - case PR_SPEC_FORCE_DISABLE: - task_set_spec_ssb_disable(task); - task_set_spec_ssb_force_disable(task); -- task_update_spec_tif(task, TIF_SSBD, true); -+ task_update_spec_tif(task); - break; - default: - return -ERANGE; ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -383,6 +383,18 @@ static __always_inline void __speculatio - wrmsrl(MSR_IA32_SPEC_CTRL, msr); - } - -+static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk) -+{ -+ if (test_and_clear_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE)) { -+ if (task_spec_ssb_disable(tsk)) -+ set_tsk_thread_flag(tsk, TIF_SSBD); -+ else -+ clear_tsk_thread_flag(tsk, TIF_SSBD); -+ } -+ /* Return the updated threadinfo flags*/ -+ return task_thread_info(tsk)->flags; -+} -+ - void speculation_ctrl_update(unsigned long tif) - { - /* Forced update. Make sure all relevant TIF flags are different */ -@@ -391,6 +403,14 @@ void speculation_ctrl_update(unsigned lo - preempt_enable(); - } - -+/* Called from seccomp/prctl update */ -+void speculation_ctrl_update_current(void) -+{ -+ preempt_disable(); -+ speculation_ctrl_update(speculation_ctrl_update_tif(current)); -+ preempt_enable(); -+} -+ - void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p) - { - struct thread_struct *prev, *next; -@@ -423,7 +443,15 @@ void __switch_to_xtra(struct task_struct - hard_enable_TSC(); - } - -- __speculation_ctrl_update(tifp, tifn); -+ if (likely(!((tifp | tifn) & _TIF_SPEC_FORCE_UPDATE))) { -+ __speculation_ctrl_update(tifp, tifn); -+ } else { -+ speculation_ctrl_update_tif(prev_p); -+ tifn = speculation_ctrl_update_tif(next_p); -+ -+ /* Enforce MSR update to ensure consistent state */ -+ __speculation_ctrl_update(~tifn, tifn); -+ } - } - - /* diff --git a/queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch b/queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch deleted file mode 100644 index 7299b8cb..00000000 --- a/queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Jiri Kosina <jkosina@suse.cz> -Date: Tue, 25 Sep 2018 14:39:28 +0200 -Subject: x86/speculation: Propagate information about RSB filling mitigation - to sysfs - -commit bb4b3b7762735cdaba5a40fd94c9303d9ffa147a upstream. - -If spectrev2 mitigation has been enabled, RSB is filled on context switch -in order to protect from various classes of spectrev2 attacks. - -If this mitigation is enabled, say so in sysfs for spectrev2. - -Signed-off-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: "WoodhouseDavid" <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: "SchauflerCasey" <casey.schaufler@intel.com> -Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251438580.15880@cbobk.fhfr.pm -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -841,10 +841,11 @@ static ssize_t cpu_show_common(struct de - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); - - case X86_BUG_SPECTRE_V2: -- ret = sprintf(buf, "%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], -+ ret = sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], - boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", - (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "", -+ boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", - spectre_v2_module_string()); - return ret; - diff --git a/queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch b/queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch deleted file mode 100644 index 90b53d2c..00000000 --- a/queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch +++ /dev/null @@ -1,158 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:56 +0100 -Subject: x86/speculation: Provide IBPB always command line options - -commit 55a974021ec952ee460dc31ca08722158639de72 upstream. - -Provide the possibility to enable IBPB always in combination with 'prctl' -and 'seccomp'. - -Add the extra command line options and rework the IBPB selection to -evaluate the command instead of the mode selected by the STIPB switch case. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185006.144047038@linutronix.de -[bwh: Backported to 3.16: adjust filename] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - Documentation/kernel-parameters.txt | 12 +++++++ - arch/x86/kernel/cpu/bugs.c | 34 +++++++++++++------ - 2 files changed, 35 insertions(+), 11 deletions(-) - ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3223,11 +3223,23 @@ bytes respectively. Such letter suffixes - per thread. The mitigation control state - is inherited on fork. - -+ prctl,ibpb -+ - Like "prctl" above, but only STIBP is -+ controlled per thread. IBPB is issued -+ always when switching between different user -+ space processes. -+ - seccomp - - Same as "prctl" above, but all seccomp - threads will enable the mitigation unless - they explicitly opt out. - -+ seccomp,ibpb -+ - Like "seccomp" above, but only STIBP is -+ controlled per thread. IBPB is issued -+ always when switching between different -+ user space processes. -+ - auto - Kernel selects the mitigation depending on - the available CPU features and vulnerability. - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -308,7 +308,9 @@ enum spectre_v2_user_cmd { - SPECTRE_V2_USER_CMD_AUTO, - SPECTRE_V2_USER_CMD_FORCE, - SPECTRE_V2_USER_CMD_PRCTL, -+ SPECTRE_V2_USER_CMD_PRCTL_IBPB, - SPECTRE_V2_USER_CMD_SECCOMP, -+ SPECTRE_V2_USER_CMD_SECCOMP_IBPB, - }; - - static const char * const spectre_v2_user_strings[] = { -@@ -323,11 +325,13 @@ static const struct { - enum spectre_v2_user_cmd cmd; - bool secure; - } v2_user_options[] __initdata = { -- { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, -- { "off", SPECTRE_V2_USER_CMD_NONE, false }, -- { "on", SPECTRE_V2_USER_CMD_FORCE, true }, -- { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, -- { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, -+ { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, -+ { "off", SPECTRE_V2_USER_CMD_NONE, false }, -+ { "on", SPECTRE_V2_USER_CMD_FORCE, true }, -+ { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, -+ { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, -+ { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, -+ { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, - }; - - static void __init spec_v2_user_print_cond(const char *reason, bool secure) -@@ -373,6 +377,7 @@ spectre_v2_user_select_mitigation(enum s - { - enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; - bool smt_possible = IS_ENABLED(CONFIG_SMP); -+ enum spectre_v2_user_cmd cmd; - - if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) - return; -@@ -380,17 +385,20 @@ spectre_v2_user_select_mitigation(enum s - if (!IS_ENABLED(CONFIG_X86_HT)) - smt_possible = false; - -- switch (spectre_v2_parse_user_cmdline(v2_cmd)) { -+ cmd = spectre_v2_parse_user_cmdline(v2_cmd); -+ switch (cmd) { - case SPECTRE_V2_USER_CMD_NONE: - goto set_mode; - case SPECTRE_V2_USER_CMD_FORCE: - mode = SPECTRE_V2_USER_STRICT; - break; - case SPECTRE_V2_USER_CMD_PRCTL: -+ case SPECTRE_V2_USER_CMD_PRCTL_IBPB: - mode = SPECTRE_V2_USER_PRCTL; - break; - case SPECTRE_V2_USER_CMD_AUTO: - case SPECTRE_V2_USER_CMD_SECCOMP: -+ case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: - if (IS_ENABLED(CONFIG_SECCOMP)) - mode = SPECTRE_V2_USER_SECCOMP; - else -@@ -402,12 +410,15 @@ spectre_v2_user_select_mitigation(enum s - if (boot_cpu_has(X86_FEATURE_IBPB)) { - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); - -- switch (mode) { -- case SPECTRE_V2_USER_STRICT: -+ switch (cmd) { -+ case SPECTRE_V2_USER_CMD_FORCE: -+ case SPECTRE_V2_USER_CMD_PRCTL_IBPB: -+ case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: - static_branch_enable(&switch_mm_always_ibpb); - break; -- case SPECTRE_V2_USER_PRCTL: -- case SPECTRE_V2_USER_SECCOMP: -+ case SPECTRE_V2_USER_CMD_PRCTL: -+ case SPECTRE_V2_USER_CMD_AUTO: -+ case SPECTRE_V2_USER_CMD_SECCOMP: - static_branch_enable(&switch_mm_cond_ibpb); - break; - default: -@@ -415,7 +426,8 @@ spectre_v2_user_select_mitigation(enum s - } - - pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", -- mode == SPECTRE_V2_USER_STRICT ? "always-on" : "conditional"); -+ static_key_enabled(&switch_mm_always_ibpb) ? -+ "always-on" : "conditional"); - } - - /* If enhanced IBRS is enabled no STIPB required */ diff --git a/queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch b/queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch deleted file mode 100644 index f47c0795..00000000 --- a/queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Jiang Biao <jiang.biao2@zte.com.cn> -Date: Wed, 18 Jul 2018 08:03:14 +0800 -Subject: x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation - -commit d9f4426c73002957be5dd39936f44a09498f7560 upstream. - -SPECTRE_V2_IBRS in enum spectre_v2_mitigation is never used. Remove it. - -Signed-off-by: Jiang Biao <jiang.biao2@zte.com.cn> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: hpa@zytor.com -Cc: dwmw2@amazon.co.uk -Cc: konrad.wilk@oracle.com -Cc: bp@suse.de -Cc: zhong.weidong@zte.com.cn -Link: https://lkml.kernel.org/r/1531872194-39207-1-git-send-email-jiang.biao2@zte.com.cn -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/nospec-branch.h | 1 - - 1 file changed, 1 deletion(-) - ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -169,7 +169,6 @@ enum spectre_v2_mitigation { - SPECTRE_V2_RETPOLINE_MINIMAL_AMD, - SPECTRE_V2_RETPOLINE_GENERIC, - SPECTRE_V2_RETPOLINE_AMD, -- SPECTRE_V2_IBRS, - SPECTRE_V2_IBRS_ENHANCED, - }; - diff --git a/queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch b/queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch deleted file mode 100644 index 7ba3880f..00000000 --- a/queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:31 +0100 -Subject: x86/speculation: Remove unnecessary ret variable in cpu_show_common() - -commit b86bda0426853bfe8a3506c7d2a5b332760ae46b upstream. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185003.783903657@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -824,8 +824,6 @@ static void __init l1tf_select_mitigatio - static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, - char *buf, unsigned int bug) - { -- int ret; -- - if (!boot_cpu_has_bug(bug)) - return sprintf(buf, "Not affected\n"); - -@@ -840,13 +838,12 @@ static ssize_t cpu_show_common(struct de - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); - - case X86_BUG_SPECTRE_V2: -- ret = sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], -+ return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], - boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", - (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "", - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", - spectre_v2_module_string()); -- return ret; - - case X86_BUG_SPEC_STORE_BYPASS: - return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); diff --git a/queue-3.16/x86-speculation-rename-ssbd-update-functions.patch b/queue-3.16/x86-speculation-rename-ssbd-update-functions.patch deleted file mode 100644 index 84f8b19a..00000000 --- a/queue-3.16/x86-speculation-rename-ssbd-update-functions.patch +++ /dev/null @@ -1,129 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:34 +0100 -Subject: x86/speculation: Rename SSBD update functions - -commit 26c4d75b234040c11728a8acb796b3a85ba7507c upstream. - -During context switch, the SSBD bit in SPEC_CTRL MSR is updated according -to changes of the TIF_SSBD flag in the current and next running task. - -Currently, only the bit controlling speculative store bypass disable in -SPEC_CTRL MSR is updated and the related update functions all have -"speculative_store" or "ssb" in their names. - -For enhanced mitigation control other bits in SPEC_CTRL MSR need to be -updated as well, which makes the SSB names inadequate. - -Rename the "speculative_store*" functions to a more generic name. No -functional change. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.058866968@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/spec-ctrl.h | 6 +++--- - arch/x86/kernel/cpu/bugs.c | 4 ++-- - arch/x86/kernel/process.c | 12 ++++++------ - 3 files changed, 11 insertions(+), 11 deletions(-) - ---- a/arch/x86/include/asm/spec-ctrl.h -+++ b/arch/x86/include/asm/spec-ctrl.h -@@ -70,11 +70,11 @@ extern void speculative_store_bypass_ht_ - static inline void speculative_store_bypass_ht_init(void) { } - #endif - --extern void speculative_store_bypass_update(unsigned long tif); -+extern void speculation_ctrl_update(unsigned long tif); - --static inline void speculative_store_bypass_update_current(void) -+static inline void speculation_ctrl_update_current(void) - { -- speculative_store_bypass_update(current_thread_info()->flags); -+ speculation_ctrl_update(current_thread_info()->flags); - } - - #endif ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -255,7 +255,7 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, - tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) : - ssbd_spec_ctrl_to_tif(hostval); - -- speculative_store_bypass_update(tif); -+ speculation_ctrl_update(tif); - } - } - EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl); -@@ -692,7 +692,7 @@ static int ssb_prctl_set(struct task_str - * mitigation until it is next scheduled. - */ - if (task == current && update) -- speculative_store_bypass_update_current(); -+ speculation_ctrl_update_current(); - - return 0; - } ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -335,27 +335,27 @@ static __always_inline void amd_set_ssb_ - wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); - } - --static __always_inline void intel_set_ssb_state(unsigned long tifn) -+static __always_inline void spec_ctrl_update_msr(unsigned long tifn) - { - u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); - - wrmsrl(MSR_IA32_SPEC_CTRL, msr); - } - --static __always_inline void __speculative_store_bypass_update(unsigned long tifn) -+static __always_inline void __speculation_ctrl_update(unsigned long tifn) - { - if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) - amd_set_ssb_virt_state(tifn); - else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) - amd_set_core_ssb_state(tifn); - else -- intel_set_ssb_state(tifn); -+ spec_ctrl_update_msr(tifn); - } - --void speculative_store_bypass_update(unsigned long tif) -+void speculation_ctrl_update(unsigned long tif) - { - preempt_disable(); -- __speculative_store_bypass_update(tif); -+ __speculation_ctrl_update(tif); - preempt_enable(); - } - -@@ -393,7 +393,7 @@ void __switch_to_xtra(struct task_struct - } - - if ((tifp ^ tifn) & _TIF_SSBD) -- __speculative_store_bypass_update(tifn); -+ __speculation_ctrl_update(tifn); - } - - /* diff --git a/queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch b/queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch deleted file mode 100644 index fec2f64a..00000000 --- a/queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch +++ /dev/null @@ -1,257 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:41 +0100 -Subject: x86/speculation: Reorder the spec_v2 code - -commit 15d6b7aab0793b2de8a05d8a828777dd24db424e upstream. - -Reorder the code so it is better grouped. No functional change. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.707122879@linutronix.de -[bwh: Backported to 3.16: - - We still have the minimal mitigation modes - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -178,30 +178,6 @@ void __init check_bugs(void) - #endif - } - --/* The kernel command line selection */ --enum spectre_v2_mitigation_cmd { -- SPECTRE_V2_CMD_NONE, -- SPECTRE_V2_CMD_AUTO, -- SPECTRE_V2_CMD_FORCE, -- SPECTRE_V2_CMD_RETPOLINE, -- SPECTRE_V2_CMD_RETPOLINE_GENERIC, -- SPECTRE_V2_CMD_RETPOLINE_AMD, --}; -- --static const char *spectre_v2_strings[] = { -- [SPECTRE_V2_NONE] = "Vulnerable", -- [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", -- [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", -- [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", -- [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", -- [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", --}; -- --#undef pr_fmt --#define pr_fmt(fmt) "Spectre V2 : " fmt -- --static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; -- - void - x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) - { -@@ -271,6 +247,11 @@ static void x86_amd_ssb_disable(void) - wrmsrl(MSR_AMD64_LS_CFG, msrval); - } - -+#undef pr_fmt -+#define pr_fmt(fmt) "Spectre V2 : " fmt -+ -+static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; -+ - #ifdef RETPOLINE - static bool spectre_v2_bad_module; - -@@ -292,6 +273,45 @@ static inline const char *spectre_v2_mod - static inline const char *spectre_v2_module_string(void) { return ""; } - #endif - -+static inline bool match_option(const char *arg, int arglen, const char *opt) -+{ -+ int len = strlen(opt); -+ -+ return len == arglen && !strncmp(arg, opt, len); -+} -+ -+/* The kernel command line selection for spectre v2 */ -+enum spectre_v2_mitigation_cmd { -+ SPECTRE_V2_CMD_NONE, -+ SPECTRE_V2_CMD_AUTO, -+ SPECTRE_V2_CMD_FORCE, -+ SPECTRE_V2_CMD_RETPOLINE, -+ SPECTRE_V2_CMD_RETPOLINE_GENERIC, -+ SPECTRE_V2_CMD_RETPOLINE_AMD, -+}; -+ -+static const char *spectre_v2_strings[] = { -+ [SPECTRE_V2_NONE] = "Vulnerable", -+ [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", -+ [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", -+ [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", -+ [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", -+ [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", -+}; -+ -+static const struct { -+ const char *option; -+ enum spectre_v2_mitigation_cmd cmd; -+ bool secure; -+} mitigation_options[] = { -+ { "off", SPECTRE_V2_CMD_NONE, false }, -+ { "on", SPECTRE_V2_CMD_FORCE, true }, -+ { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, -+ { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, -+ { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, -+ { "auto", SPECTRE_V2_CMD_AUTO, false }, -+}; -+ - static void __init spec2_print_if_insecure(const char *reason) - { - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) -@@ -309,31 +329,11 @@ static inline bool retp_compiler(void) - return __is_defined(RETPOLINE); - } - --static inline bool match_option(const char *arg, int arglen, const char *opt) --{ -- int len = strlen(opt); -- -- return len == arglen && !strncmp(arg, opt, len); --} -- --static const struct { -- const char *option; -- enum spectre_v2_mitigation_cmd cmd; -- bool secure; --} mitigation_options[] = { -- { "off", SPECTRE_V2_CMD_NONE, false }, -- { "on", SPECTRE_V2_CMD_FORCE, true }, -- { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, -- { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, -- { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, -- { "auto", SPECTRE_V2_CMD_AUTO, false }, --}; -- - static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) - { -+ enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; - char arg[20]; - int ret, i; -- enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; - - if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) - return SPECTRE_V2_CMD_NONE; -@@ -376,48 +376,6 @@ static enum spectre_v2_mitigation_cmd __ - return cmd; - } - --static bool stibp_needed(void) --{ -- if (spectre_v2_enabled == SPECTRE_V2_NONE) -- return false; -- -- /* Enhanced IBRS makes using STIBP unnecessary. */ -- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -- return false; -- -- if (!boot_cpu_has(X86_FEATURE_STIBP)) -- return false; -- -- return true; --} -- --static void update_stibp_msr(void *info) --{ -- wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); --} -- --void arch_smt_update(void) --{ -- u64 mask; -- -- if (!stibp_needed()) -- return; -- -- mutex_lock(&spec_ctrl_mutex); -- -- mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; -- if (sched_smt_active()) -- mask |= SPEC_CTRL_STIBP; -- -- if (mask != x86_spec_ctrl_base) { -- pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n", -- mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling"); -- x86_spec_ctrl_base = mask; -- on_each_cpu(update_stibp_msr, NULL, 1); -- } -- mutex_unlock(&spec_ctrl_mutex); --} -- - static void __init spectre_v2_select_mitigation(void) - { - enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); -@@ -522,6 +480,48 @@ specv2_set_mode: - arch_smt_update(); - } - -+static bool stibp_needed(void) -+{ -+ if (spectre_v2_enabled == SPECTRE_V2_NONE) -+ return false; -+ -+ /* Enhanced IBRS makes using STIBP unnecessary. */ -+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) -+ return false; -+ -+ if (!boot_cpu_has(X86_FEATURE_STIBP)) -+ return false; -+ -+ return true; -+} -+ -+static void update_stibp_msr(void *info) -+{ -+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); -+} -+ -+void arch_smt_update(void) -+{ -+ u64 mask; -+ -+ if (!stibp_needed()) -+ return; -+ -+ mutex_lock(&spec_ctrl_mutex); -+ -+ mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; -+ if (sched_smt_active()) -+ mask |= SPEC_CTRL_STIBP; -+ -+ if (mask != x86_spec_ctrl_base) { -+ pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n", -+ mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling"); -+ x86_spec_ctrl_base = mask; -+ on_each_cpu(update_stibp_msr, NULL, 1); -+ } -+ mutex_unlock(&spec_ctrl_mutex); -+} -+ - #undef pr_fmt - #define pr_fmt(fmt) "Speculative Store Bypass: " fmt - diff --git a/queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch b/queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch deleted file mode 100644 index 358eea14..00000000 --- a/queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch +++ /dev/null @@ -1,110 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:35 +0100 -Subject: x86/speculation: Reorganize speculation control MSRs update - -commit 01daf56875ee0cd50ed496a09b20eb369b45dfa5 upstream. - -The logic to detect whether there's a change in the previous and next -task's flag relevant to update speculation control MSRs is spread out -across multiple functions. - -Consolidate all checks needed for updating speculation control MSRs into -the new __speculation_ctrl_update() helper function. - -This makes it easy to pick the right speculation control MSR and the bits -in MSR_IA32_SPEC_CTRL that need updating based on TIF flags changes. - -Originally-by: Thomas Lendacky <Thomas.Lendacky@amd.com> -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.151077005@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/process.c | 46 ++++++++++++++++++++++++--------------- - 1 file changed, 29 insertions(+), 17 deletions(-) - ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -335,27 +335,40 @@ static __always_inline void amd_set_ssb_ - wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); - } - --static __always_inline void spec_ctrl_update_msr(unsigned long tifn) -+/* -+ * Update the MSRs managing speculation control, during context switch. -+ * -+ * tifp: Previous task's thread flags -+ * tifn: Next task's thread flags -+ */ -+static __always_inline void __speculation_ctrl_update(unsigned long tifp, -+ unsigned long tifn) - { -- u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); -+ u64 msr = x86_spec_ctrl_base; -+ bool updmsr = false; - -- wrmsrl(MSR_IA32_SPEC_CTRL, msr); --} -+ /* If TIF_SSBD is different, select the proper mitigation method */ -+ if ((tifp ^ tifn) & _TIF_SSBD) { -+ if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) { -+ amd_set_ssb_virt_state(tifn); -+ } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) { -+ amd_set_core_ssb_state(tifn); -+ } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) || -+ static_cpu_has(X86_FEATURE_AMD_SSBD)) { -+ msr |= ssbd_tif_to_spec_ctrl(tifn); -+ updmsr = true; -+ } -+ } - --static __always_inline void __speculation_ctrl_update(unsigned long tifn) --{ -- if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) -- amd_set_ssb_virt_state(tifn); -- else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) -- amd_set_core_ssb_state(tifn); -- else -- spec_ctrl_update_msr(tifn); -+ if (updmsr) -+ wrmsrl(MSR_IA32_SPEC_CTRL, msr); - } - - void speculation_ctrl_update(unsigned long tif) - { -+ /* Forced update. Make sure all relevant TIF flags are different */ - preempt_disable(); -- __speculation_ctrl_update(tif); -+ __speculation_ctrl_update(~tif, tif); - preempt_enable(); - } - -@@ -392,8 +405,7 @@ void __switch_to_xtra(struct task_struct - hard_enable_TSC(); - } - -- if ((tifp ^ tifn) & _TIF_SSBD) -- __speculation_ctrl_update(tifn); -+ __speculation_ctrl_update(tifp, tifn); - } - - /* diff --git a/queue-3.16/x86-speculation-rework-smt-state-change.patch b/queue-3.16/x86-speculation-rework-smt-state-change.patch deleted file mode 100644 index ad92d088..00000000 --- a/queue-3.16/x86-speculation-rework-smt-state-change.patch +++ /dev/null @@ -1,126 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:39 +0100 -Subject: x86/speculation: Rework SMT state change - -commit a74cfffb03b73d41e08f84c2e5c87dec0ce3db9f upstream. - -arch_smt_update() is only called when the sysfs SMT control knob is -changed. This means that when SMT is enabled in the sysfs control knob the -system is considered to have SMT active even if all siblings are offline. - -To allow finegrained control of the speculation mitigations, the actual SMT -state is more interesting than the fact that siblings could be enabled. - -Rework the code, so arch_smt_update() is invoked from each individual CPU -hotplug function, and simplify the update function while at it. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.521974984@linutronix.de -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 11 +++++------ - include/linux/sched/smt.h | 2 ++ - kernel/cpu.c | 15 +++++++++------ - 3 files changed, 16 insertions(+), 12 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -13,6 +13,7 @@ - #include <linux/module.h> - #include <linux/nospec.h> - #include <linux/prctl.h> -+#include <linux/sched/smt.h> - - #include <asm/spec-ctrl.h> - #include <asm/cmdline.h> -@@ -403,16 +404,14 @@ void arch_smt_update(void) - return; - - mutex_lock(&spec_ctrl_mutex); -- mask = x86_spec_ctrl_base; -- if (IS_ENABLED(CONFIG_X86_HT)) -+ -+ mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; -+ if (sched_smt_active()) - mask |= SPEC_CTRL_STIBP; -- else -- mask &= ~SPEC_CTRL_STIBP; - - if (mask != x86_spec_ctrl_base) { - pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n", -- IS_ENABLED(CONFIG_X86_HT) ? -- "Enabling" : "Disabling"); -+ mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling"); - x86_spec_ctrl_base = mask; - on_each_cpu(update_stibp_msr, NULL, 1); - } ---- a/include/linux/sched/smt.h -+++ b/include/linux/sched/smt.h -@@ -15,4 +15,6 @@ static __always_inline bool sched_smt_ac - static inline bool sched_smt_active(void) { return false; } - #endif - -+void arch_smt_update(void); -+ - #endif ---- a/kernel/cpu.c -+++ b/kernel/cpu.c -@@ -8,6 +8,7 @@ - #include <linux/init.h> - #include <linux/notifier.h> - #include <linux/sched.h> -+#include <linux/sched/smt.h> - #include <linux/unistd.h> - #include <linux/cpu.h> - #include <linux/oom.h> -@@ -179,6 +180,12 @@ void cpu_hotplug_enable(void) - - #endif /* CONFIG_HOTPLUG_CPU */ - -+/* -+ * Architectures that need SMT-specific errata handling during SMT hotplug -+ * should override this. -+ */ -+void __weak arch_smt_update(void) { } -+ - /* Need to know about CPUs going up/down? */ - int __ref register_cpu_notifier(struct notifier_block *nb) - { -@@ -394,6 +401,7 @@ out_release: - cpu_hotplug_done(); - if (!err) - cpu_notify_nofail(CPU_POST_DEAD | mod, hcpu); -+ arch_smt_update(); - return err; - } - -@@ -495,7 +503,7 @@ out_notify: - __cpu_notify(CPU_UP_CANCELED | mod, hcpu, nr_calls, NULL); - out: - cpu_hotplug_done(); -- -+ arch_smt_update(); - return ret; - } - diff --git a/queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch b/queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch deleted file mode 100644 index d28bae09..00000000 --- a/queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: Dominik Brodowski <linux@dominikbrodowski.net> -Date: Tue, 22 May 2018 11:05:39 +0200 -Subject: x86/speculation: Simplify the CPU bug detection logic - -commit 8ecc4979b1bd9c94168e6fc92960033b7a951336 upstream. - -Only CPUs which speculate can speculate. Therefore, it seems prudent -to test for cpu_no_speculation first and only then determine whether -a specific speculating CPU is susceptible to store bypass speculation. -This is underlined by all CPUs currently listed in cpu_no_speculation -were present in cpu_no_spec_store_bypass as well. - -Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: bp@suse.de -Cc: konrad.wilk@oracle.com -Link: https://lkml.kernel.org/r/20180522090539.GA24668@light.dominikbrodowski.net -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/common.c | 22 +++++++--------------- - 1 file changed, 7 insertions(+), 15 deletions(-) - ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -825,12 +825,8 @@ static const __initconst struct x86_cpu_ - {} - }; - -+/* Only list CPUs which speculate but are non susceptible to SSB */ - static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = { -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW }, -- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 }, -@@ -838,14 +834,10 @@ static const __initconst struct x86_cpu_ - { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, - { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, -- { X86_VENDOR_CENTAUR, 5, }, -- { X86_VENDOR_INTEL, 5, }, -- { X86_VENDOR_NSC, 5, }, - { X86_VENDOR_AMD, 0x12, }, - { X86_VENDOR_AMD, 0x11, }, - { X86_VENDOR_AMD, 0x10, }, - { X86_VENDOR_AMD, 0xf, }, -- { X86_VENDOR_ANY, 4, }, - {} - }; - -@@ -868,6 +860,12 @@ static void __init cpu_set_bug_bits(stru - { - u64 ia32_cap = 0; - -+ if (x86_match_cpu(cpu_no_speculation)) -+ return; -+ -+ setup_force_cpu_bug(X86_BUG_SPECTRE_V1); -+ setup_force_cpu_bug(X86_BUG_SPECTRE_V2); -+ - if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) - rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); - -@@ -876,12 +874,6 @@ static void __init cpu_set_bug_bits(stru - !cpu_has(c, X86_FEATURE_AMD_SSB_NO)) - setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS); - -- if (x86_match_cpu(cpu_no_speculation)) -- return; -- -- setup_force_cpu_bug(X86_BUG_SPECTRE_V1); -- setup_force_cpu_bug(X86_BUG_SPECTRE_V2); -- - if (ia32_cap & ARCH_CAP_IBRS_ALL) - setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); - diff --git a/queue-3.16/x86-speculation-split-out-tif-update.patch b/queue-3.16/x86-speculation-split-out-tif-update.patch deleted file mode 100644 index 586f3819..00000000 --- a/queue-3.16/x86-speculation-split-out-tif-update.patch +++ /dev/null @@ -1,106 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:51 +0100 -Subject: x86/speculation: Split out TIF update - -commit e6da8bb6f9abb2628381904b24163c770e630bac upstream. - -The update of the TIF_SSBD flag and the conditional speculation control MSR -update is done in the ssb_prctl_set() function directly. The upcoming prctl -support for controlling indirect branch speculation via STIBP needs the -same mechanism. - -Split the code out and make it reusable. Reword the comment about updates -for other tasks. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185005.652305076@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 35 +++++++++++++++++++++++------------ - 1 file changed, 23 insertions(+), 12 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -760,10 +760,29 @@ static void ssb_select_mitigation(void) - #undef pr_fmt - #define pr_fmt(fmt) "Speculation prctl: " fmt - --static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) -+static void task_update_spec_tif(struct task_struct *tsk, int tifbit, bool on) - { - bool update; - -+ if (on) -+ update = !test_and_set_tsk_thread_flag(tsk, tifbit); -+ else -+ update = test_and_clear_tsk_thread_flag(tsk, tifbit); -+ -+ /* -+ * Immediately update the speculation control MSRs for the current -+ * task, but for a non-current task delay setting the CPU -+ * mitigation until it is scheduled next. -+ * -+ * This can only happen for SECCOMP mitigation. For PRCTL it's -+ * always the current task. -+ */ -+ if (tsk == current && update) -+ speculation_ctrl_update_current(); -+} -+ -+static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) -+{ - if (ssb_mode != SPEC_STORE_BYPASS_PRCTL && - ssb_mode != SPEC_STORE_BYPASS_SECCOMP) - return -ENXIO; -@@ -774,28 +793,20 @@ static int ssb_prctl_set(struct task_str - if (task_spec_ssb_force_disable(task)) - return -EPERM; - task_clear_spec_ssb_disable(task); -- update = test_and_clear_tsk_thread_flag(task, TIF_SSBD); -+ task_update_spec_tif(task, TIF_SSBD, false); - break; - case PR_SPEC_DISABLE: - task_set_spec_ssb_disable(task); -- update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); -+ task_update_spec_tif(task, TIF_SSBD, true); - break; - case PR_SPEC_FORCE_DISABLE: - task_set_spec_ssb_disable(task); - task_set_spec_ssb_force_disable(task); -- update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); -+ task_update_spec_tif(task, TIF_SSBD, true); - break; - default: - return -ERANGE; - } -- -- /* -- * If being set on non-current task, delay setting the CPU -- * mitigation until it is next scheduled. -- */ -- if (task == current && update) -- speculation_ctrl_update_current(); -- - return 0; - } - diff --git a/queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch b/queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch deleted file mode 100644 index f6e83838..00000000 --- a/queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch +++ /dev/null @@ -1,152 +0,0 @@ -From: Sai Praneeth <sai.praneeth.prakhya@intel.com> -Date: Wed, 1 Aug 2018 11:42:25 -0700 -Subject: x86/speculation: Support Enhanced IBRS on future CPUs - -commit 706d51681d636a0c4a5ef53395ec3b803e45ed4d upstream. - -Future Intel processors will support "Enhanced IBRS" which is an "always -on" mode i.e. IBRS bit in SPEC_CTRL MSR is enabled once and never -disabled. - -From the specification [1]: - - "With enhanced IBRS, the predicted targets of indirect branches - executed cannot be controlled by software that was executed in a less - privileged predictor mode or on another logical processor. As a - result, software operating on a processor with enhanced IBRS need not - use WRMSR to set IA32_SPEC_CTRL.IBRS after every transition to a more - privileged predictor mode. Software can isolate predictor modes - effectively simply by setting the bit once. Software need not disable - enhanced IBRS prior to entering a sleep state such as MWAIT or HLT." - -If Enhanced IBRS is supported by the processor then use it as the -preferred spectre v2 mitigation mechanism instead of Retpoline. Intel's -Retpoline white paper [2] states: - - "Retpoline is known to be an effective branch target injection (Spectre - variant 2) mitigation on Intel processors belonging to family 6 - (enumerated by the CPUID instruction) that do not have support for - enhanced IBRS. On processors that support enhanced IBRS, it should be - used for mitigation instead of retpoline." - -The reason why Enhanced IBRS is the recommended mitigation on processors -which support it is that these processors also support CET which -provides a defense against ROP attacks. Retpoline is very similar to ROP -techniques and might trigger false positives in the CET defense. - -If Enhanced IBRS is selected as the mitigation technique for spectre v2, -the IBRS bit in SPEC_CTRL MSR is set once at boot time and never -cleared. Kernel also has to make sure that IBRS bit remains set after -VMEXIT because the guest might have cleared the bit. This is already -covered by the existing x86_spec_ctrl_set_guest() and -x86_spec_ctrl_restore_host() speculation control functions. - -Enhanced IBRS still requires IBPB for full mitigation. - -[1] Speculative-Execution-Side-Channel-Mitigations.pdf -[2] Retpoline-A-Branch-Target-Injection-Mitigation.pdf -Both documents are available at: -https://bugzilla.kernel.org/show_bug.cgi?id=199511 - -Originally-by: David Woodhouse <dwmw@amazon.co.uk> -Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Tim C Chen <tim.c.chen@intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Ravi Shankar <ravi.v.shankar@intel.com> -Link: https://lkml.kernel.org/r/1533148945-24095-1-git-send-email-sai.praneeth.prakhya@intel.com -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -[bwh: Backported to 3.16: - - Use the first available bit from word 7 - - Adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/cpufeatures.h | 1 + - arch/x86/include/asm/nospec-branch.h | 1 + - arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++-- - arch/x86/kernel/cpu/common.c | 3 +++ - 4 files changed, 23 insertions(+), 2 deletions(-) - ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -196,6 +196,7 @@ - #define X86_FEATURE_SSBD ( 7*32+20) /* Speculative Store Bypass Disable */ - #define X86_FEATURE_ZEN ( 7*32+21) /* "" CPU is AMD family 0x17 (Zen) */ - #define X86_FEATURE_L1TF_PTEINV ( 7*32+22) /* "" L1TF workaround PTE inversion */ -+#define X86_FEATURE_IBRS_ENHANCED ( 7*32+23) /* Enhanced IBRS */ - #define X86_FEATURE_RETPOLINE ( 7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */ - #define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */ - /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -170,6 +170,7 @@ enum spectre_v2_mitigation { - SPECTRE_V2_RETPOLINE_GENERIC, - SPECTRE_V2_RETPOLINE_AMD, - SPECTRE_V2_IBRS, -+ SPECTRE_V2_IBRS_ENHANCED, - }; - - /* The Speculative Store Bypass disable variants */ ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -195,6 +195,7 @@ static const char *spectre_v2_strings[] - [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", - [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", - [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", -+ [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", - }; - - #undef pr_fmt -@@ -396,6 +397,13 @@ static void __init spectre_v2_select_mit - - case SPECTRE_V2_CMD_FORCE: - case SPECTRE_V2_CMD_AUTO: -+ if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { -+ mode = SPECTRE_V2_IBRS_ENHANCED; -+ /* Force it so VMEXIT will restore correctly */ -+ x86_spec_ctrl_base |= SPEC_CTRL_IBRS; -+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); -+ goto specv2_set_mode; -+ } - if (IS_ENABLED(CONFIG_RETPOLINE)) - goto retpoline_auto; - break; -@@ -433,6 +441,7 @@ retpoline_auto: - setup_force_cpu_cap(X86_FEATURE_RETPOLINE); - } - -+specv2_set_mode: - spectre_v2_enabled = mode; - pr_info("%s\n", spectre_v2_strings[mode]); - -@@ -455,9 +464,16 @@ retpoline_auto: - - /* - * Retpoline means the kernel is safe because it has no indirect -- * branches. But firmware isn't, so use IBRS to protect that. -+ * branches. Enhanced IBRS protects firmware too, so, enable restricted -+ * speculation around firmware calls only when Enhanced IBRS isn't -+ * supported. -+ * -+ * Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because -+ * the user might select retpoline on the kernel command line and if -+ * the CPU supports Enhanced IBRS, kernel might un-intentionally not -+ * enable IBRS around firmware calls. - */ -- if (boot_cpu_has(X86_FEATURE_IBRS)) { -+ if (boot_cpu_has(X86_FEATURE_IBRS) && mode != SPECTRE_V2_IBRS_ENHANCED) { - setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); - pr_info("Enabling Restricted Speculation for firmware calls\n"); - } ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -882,6 +882,9 @@ static void __init cpu_set_bug_bits(stru - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); - -+ if (ia32_cap & ARCH_CAP_IBRS_ALL) -+ setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); -+ - if (x86_match_cpu(cpu_no_meltdown)) - return; - diff --git a/queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch b/queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch deleted file mode 100644 index 95c5ff12..00000000 --- a/queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch +++ /dev/null @@ -1,125 +0,0 @@ -From: Josh Poimboeuf <jpoimboe@redhat.com> -Date: Fri, 12 Apr 2019 15:39:29 -0500 -Subject: x86/speculation: Support 'mitigations=' cmdline option - -commit d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812 upstream. - -Configure x86 runtime CPU speculation bug mitigations in accordance with -the 'mitigations=' cmdline option. This affects Meltdown, Spectre v2, -Speculative Store Bypass, and L1TF. - -The default behavior is unchanged. - -Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86) -Reviewed-by: Jiri Kosina <jkosina@suse.cz> -Cc: Borislav Petkov <bp@alien8.de> -Cc: "H . Peter Anvin" <hpa@zytor.com> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Jiri Kosina <jikos@kernel.org> -Cc: Waiman Long <longman@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> -Cc: Paul Mackerras <paulus@samba.org> -Cc: Michael Ellerman <mpe@ellerman.id.au> -Cc: linuxppc-dev@lists.ozlabs.org -Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> -Cc: Heiko Carstens <heiko.carstens@de.ibm.com> -Cc: linux-s390@vger.kernel.org -Cc: Catalin Marinas <catalin.marinas@arm.com> -Cc: Will Deacon <will.deacon@arm.com> -Cc: linux-arm-kernel@lists.infradead.org -Cc: linux-arch@vger.kernel.org -Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Cc: Tyler Hicks <tyhicks@canonical.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Randy Dunlap <rdunlap@infradead.org> -Cc: Steven Price <steven.price@arm.com> -Cc: Phil Auld <pauld@redhat.com> -Link: https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com -[bwh: Backported to 3.16: - - Drop the auto,nosmt option and the l1tf mitigation selection, which we can't - support - - Adjust filenames, context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -1907,15 +1907,19 @@ bytes respectively. Such letter suffixes - http://repo.or.cz/w/linux-2.6/mini2440.git - - mitigations= -- Control optional mitigations for CPU vulnerabilities. -- This is a set of curated, arch-independent options, each -- of which is an aggregation of existing arch-specific -- options. -+ [X86] Control optional mitigations for CPU -+ vulnerabilities. This is a set of curated, -+ arch-independent options, each of which is an -+ aggregation of existing arch-specific options. - - off - Disable all optional CPU mitigations. This - improves system performance, but it may also - expose users to several CPU vulnerabilities. -+ Equivalent to: nopti [X86] -+ nospectre_v2 [X86] -+ spectre_v2_user=off [X86] -+ spec_store_bypass_disable=off [X86] - - auto (default) - Mitigate all CPU vulnerabilities, but leave SMT -@@ -1923,7 +1927,7 @@ bytes respectively. Such letter suffixes - users who don't want to be surprised by SMT - getting disabled across kernel upgrades, or who - have other ways of avoiding SMT-based attacks. -- This is the default behavior. -+ Equivalent to: (default behavior) - - mminit_loglevel= - [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -545,7 +545,8 @@ static enum spectre_v2_mitigation_cmd __ - char arg[20]; - int ret, i; - -- if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) -+ if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") || -+ cpu_mitigations_off()) - return SPECTRE_V2_CMD_NONE; - - ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); -@@ -809,7 +810,8 @@ static enum ssb_mitigation_cmd __init ss - char arg[20]; - int ret, i; - -- if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) { -+ if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") || -+ cpu_mitigations_off()) { - return SPEC_STORE_BYPASS_CMD_NONE; - } else { - ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", ---- a/arch/x86/mm/kaiser.c -+++ b/arch/x86/mm/kaiser.c -@@ -10,6 +10,7 @@ - #include <linux/mm.h> - #include <linux/uaccess.h> - #include <linux/ftrace.h> -+#include <linux/cpu.h> - #include <xen/xen.h> - - #undef pr_fmt -@@ -294,7 +295,8 @@ void __init kaiser_check_boottime_disabl - goto skip; - } - -- if (cmdline_find_option_bool(boot_command_line, "nopti")) -+ if (cmdline_find_option_bool(boot_command_line, "nopti") || -+ cpu_mitigations_off()) - goto disable; - - skip: diff --git a/queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch b/queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch deleted file mode 100644 index 94f20990..00000000 --- a/queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch +++ /dev/null @@ -1,70 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 25 Nov 2018 19:33:44 +0100 -Subject: x86/speculation: Unify conditional spectre v2 print functions - -commit 495d470e9828500e0155027f230449ac5e29c025 upstream. - -There is no point in having two functions and a conditional at the call -site. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Tim Chen <tim.c.chen@linux.intel.com> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185004.986890749@linutronix.de -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/kernel/cpu/bugs.c | 17 ++++------------- - 1 file changed, 4 insertions(+), 13 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -312,15 +312,9 @@ static const struct { - { "auto", SPECTRE_V2_CMD_AUTO, false }, - }; - --static void __init spec2_print_if_insecure(const char *reason) -+static void __init spec_v2_print_cond(const char *reason, bool secure) - { -- if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) -- pr_info("%s selected on command line.\n", reason); --} -- --static void __init spec2_print_if_secure(const char *reason) --{ -- if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) -+ if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) - pr_info("%s selected on command line.\n", reason); - } - -@@ -368,11 +362,8 @@ static enum spectre_v2_mitigation_cmd __ - return SPECTRE_V2_CMD_AUTO; - } - -- if (mitigation_options[i].secure) -- spec2_print_if_secure(mitigation_options[i].option); -- else -- spec2_print_if_insecure(mitigation_options[i].option); -- -+ spec_v2_print_cond(mitigation_options[i].option, -+ mitigation_options[i].secure); - return cmd; - } - diff --git a/queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch b/queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch deleted file mode 100644 index 33053dfd..00000000 --- a/queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Tim Chen <tim.c.chen@linux.intel.com> -Date: Sun, 25 Nov 2018 19:33:29 +0100 -Subject: x86/speculation: Update the TIF_SSBD comment - -commit 8eb729b77faf83ac4c1f363a9ad68d042415f24c upstream. - -"Reduced Data Speculation" is an obsolete term. The correct new name is -"Speculative store bypass disable" - which is abbreviated into SSBD. - -Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Jiri Kosina <jkosina@suse.cz> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Andrea Arcangeli <aarcange@redhat.com> -Cc: David Woodhouse <dwmw@amazon.co.uk> -Cc: Andi Kleen <ak@linux.intel.com> -Cc: Dave Hansen <dave.hansen@intel.com> -Cc: Casey Schaufler <casey.schaufler@intel.com> -Cc: Asit Mallick <asit.k.mallick@intel.com> -Cc: Arjan van de Ven <arjan@linux.intel.com> -Cc: Jon Masters <jcm@redhat.com> -Cc: Waiman Long <longman9394@gmail.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: Dave Stewart <david.c.stewart@intel.com> -Cc: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20181125185003.593893901@linutronix.de -[bwh: Backported to 3.16: adjust context] -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - arch/x86/include/asm/thread_info.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/arch/x86/include/asm/thread_info.h -+++ b/arch/x86/include/asm/thread_info.h -@@ -72,7 +72,7 @@ struct thread_info { - #define TIF_SIGPENDING 2 /* signal pending */ - #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ - #define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/ --#define TIF_SSBD 5 /* Reduced data speculation */ -+#define TIF_SSBD 5 /* Speculative store bypass disable */ - #define TIF_SYSCALL_EMU 6 /* syscall emulation active */ - #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ - #define TIF_SECCOMP 8 /* secure computing */ |