From 15d605fee8bc9355d9cc0fb2f0dea9851058d7ea Mon Sep 17 00:00:00 2001 From: Kernel Build Daemon Date: Aug 02 2022 05:11:36 +0000 Subject: Merge branch 'SLE12-SP5' into SLE12-SP5-AZURE --- diff --git a/blacklist.conf b/blacklist.conf index 1fdc4f6..1ff2b3b 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -2190,3 +2190,10 @@ e0fce6f945a26d4e953a147fe7ca11410322c9fe # there is no icmp_ndo_send 39e0f991a62ed5efabd20711a7b6e7da92603170 # Optimization. Breaks kABI 614c0b9fee711dd89b1dd65c88ba83612a373fdc # Missing dependency 6553896666433e7efec589838b400a2a652b3ffa 0f3c66a3c7b4e8b9f654b3c998e9674376a51b0f # there is no .port_set_jumbo_size +e75130f20b1f48e04ccc806aea01f0a361f9cb6b # requires 10f78fd0dabbc3856ddd67b09a46abdedb045913 +10f78fd0dabbc3856ddd67b09a46abdedb045913 # fix for e75130f20b1f48e04ccc806aea01f0a361f9cb6b +7dee93a9a8808b3d8595e1cc79ccb8b1a7bc7a77 # introduces boot_mem_top, 4.12 code uses boot_memory_size indiscriminately +bec53196adf4791d466adf0e339b61186c7b5283 # relies on boot_mem_top, 4.12 code uses boot_memory_size indiscriminately +b38cd3b42fba66cc538edb9cf77e07881f43f8e2 # misattributed. Bug introduced in 4a56f891efceee88d422af2e99d00c8321c671c1, which we don't have +3ad02c27d89d72b3b49ac51899144b7d0942f05f # cleanup breaking kABI +218848835699879ed6260ec49bbb22e9e7839017 # cleanup breaking kABI diff --git a/patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch b/patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch new file mode 100644 index 0000000..e366ff7 --- /dev/null +++ b/patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch @@ -0,0 +1,43 @@ +From 72ef98445aca568a81c2da050532500a8345ad3a Mon Sep 17 00:00:00 2001 +From: Steven Rostedt +Date: Tue, 5 Apr 2022 10:02:00 -0400 +Subject: [PATCH] Bluetooth: hci_qca: Use del_timer_sync() before freeing +Git-commit: 72ef98445aca568a81c2da050532500a8345ad3a +References: git-fixes +Patch-mainline: v5.19-rc1 + +While looking at a crash report on a timer list being corrupted, which +usually happens when a timer is freed while still active. This is +commonly triggered by code calling del_timer() instead of +del_timer_sync() just before freeing. + +One possible culprit is the hci_qca driver, which does exactly that. + +Eric mentioned that wake_retrans_timer could be rearmed via the work +queue, so also move the destruction of the work queue before +del_timer_sync(). + +Cc: Eric Dumazet +Cc: stable@vger.kernel.org +Fixes: 0ff252c1976da ("Bluetooth: hciuart: Add support QCA chipset for UART") +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Marcel Holtmann +Signed-off-by: Oliver Neukum +--- + drivers/bluetooth/hci_qca.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/bluetooth/hci_qca.c ++++ b/drivers/bluetooth/hci_qca.c +@@ -524,9 +524,9 @@ static int qca_close(struct hci_uart *hu + + skb_queue_purge(&qca->tx_wait_q); + skb_queue_purge(&qca->txq); +- del_timer(&qca->tx_idle_timer); +- del_timer(&qca->wake_retrans_timer); + destroy_workqueue(qca->workqueue); ++ del_timer_sync(&qca->tx_idle_timer); ++ del_timer_sync(&qca->wake_retrans_timer); + qca->hu = NULL; + + kfree_skb(qca->rx_skb); diff --git a/patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch b/patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch new file mode 100644 index 0000000..7073ba8 --- /dev/null +++ b/patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch @@ -0,0 +1,62 @@ +From: Paolo Bonzini +Date: Fri, 15 Jul 2022 07:34:55 -0400 +Subject: KVM: emulate: do not adjust size of fastop and setcc subroutines +Git-commit: 79629181607e801c0b41b8790ac4ee2eb5d7bc3e +Patch-mainline: v5.19-rc7 +References: bsc#1201930 + +Instead of doing complicated calculations to find the size of the subroutines +(which are even more complicated because they need to be stringified into +an asm statement), just hardcode to 16. + +It is less dense for a few combinations of IBT/SLS/retbleed, but it has +the advantage of being really simple. + +Cc: stable@vger.kernel.org # 5.15.x: 84e7051c0bc1: x86/kvm: fix FASTOP_SIZE when return thunks are enabled +Cc: stable@vger.kernel.org +Suggested-by: Linus Torvalds +Signed-off-by: Paolo Bonzini +Acked-by: Borislav Petkov +--- + arch/x86/kvm/emulate.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -189,9 +189,6 @@ + #define X8(x...) X4(x), X4(x) + #define X16(x...) X8(x), X8(x) + +-#define NR_FASTOP (ilog2(sizeof(ulong)) + 1) +-#define FASTOP_SIZE 8 +- + /* + * fastop functions have a special calling convention: + * +@@ -207,8 +204,14 @@ + * + * fastop functions are declared as taking a never-defined fastop parameter, + * so they can't be called from C directly. ++ * ++ * The 16 byte alignment, considering 5 bytes for the RET thunk, 3 for ENDBR ++ * and 1 for the straight line speculation INT3, leaves 7 bytes for the ++ * body of the function. Currently none is larger than 4. + */ + ++#define FASTOP_SIZE 16 ++ + struct fastop; + + struct opcode { +@@ -434,10 +437,7 @@ static int fastop(struct x86_emulate_ctx + * RET | JMP __x86_return_thunk [1,5 bytes; CONFIG_RETPOLINE] + * INT3 [1 byte; CONFIG_SLS] + */ +-#define RET_LENGTH (1 + (4 * IS_ENABLED(CONFIG_RETPOLINE)) + \ +- IS_ENABLED(CONFIG_SLS)) +-#define SETCC_LENGTH (3 + RET_LENGTH) +-#define SETCC_ALIGN (4 << ((SETCC_LENGTH > 4) & 1) << ((SETCC_LENGTH > 8) & 1)) ++#define SETCC_ALIGN 16 + + /* Special case for SETcc - 1 instruction per cc */ + #define FOP_SETCC(op) \ diff --git a/patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch b/patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch new file mode 100644 index 0000000..65b436d --- /dev/null +++ b/patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch @@ -0,0 +1,90 @@ +From: Borislav Petkov +Date: Wed, 16 Mar 2022 22:05:52 +0100 +Subject: kvm/emulate: Fix SETcc emulation function offsets with SLS +Git-commit: fe83f5eae432ccc8e90082d6ed506d5233547473 +Patch-mainline: v5.17 +References: bsc#1201930 + +The commit in Fixes started adding INT3 after RETs as a mitigation +against straight-line speculation. + +The fastop SETcc implementation in kvm's insn emulator uses macro magic +to generate all possible SETcc functions and to jump to them when +emulating the respective instruction. + +However, it hardcodes the size and alignment of those functions to 4: a +three-byte SETcc insn and a single-byte RET. BUT, with SLS, there's an +INT3 that gets slapped after the RET, which brings the whole scheme out +of alignment: + + 15: 0f 90 c0 seto %al + 18: c3 ret + 19: cc int3 + 1a: 0f 1f 00 nopl (%rax) + 1d: 0f 91 c0 setno %al + 20: c3 ret + 21: cc int3 + 22: 0f 1f 00 nopl (%rax) + 25: 0f 92 c0 setb %al + 28: c3 ret + 29: cc int3 + +and this explodes like this: + + int3: 0000 [#1] PREEMPT SMP PTI + CPU: 0 PID: 2435 Comm: qemu-system-x86 Not tainted 5.17.0-rc8-sls #1 + Hardware name: Dell Inc. Precision WorkStation T3400 /0TP412, BIOS A14 04/30/2012 + RIP: 0010:setc+0x5/0x8 [kvm] + Code: 00 00 0f 1f 00 0f b6 05 43 24 06 00 c3 cc 0f 1f 80 00 00 00 00 0f 90 c0 c3 cc 0f \ + 1f 00 0f 91 c0 c3 cc 0f 1f 00 0f 92 c0 c3 cc <0f> 1f 00 0f 93 c0 c3 cc 0f 1f 00 \ + 0f 94 c0 c3 cc 0f 1f 00 0f 95 c0 + Call Trace: + + ? x86_emulate_insn [kvm] + ? x86_emulate_instruction [kvm] + ? vmx_handle_exit [kvm_intel] + ? kvm_arch_vcpu_ioctl_run [kvm] + ? kvm_vcpu_ioctl [kvm] + ? __x64_sys_ioctl + ? do_syscall_64 + ? entry_SYSCALL_64_after_hwframe + + +Raise the alignment value when SLS is enabled and use a macro for that +instead of hard-coding naked numbers. + +Fixes: e463a09af2f0 ("x86: Add straight-line-speculation mitigation") +Reported-by: Jamie Heilman +Signed-off-by: Borislav Petkov +Acked-by: Peter Zijlstra (Intel) +Tested-by: Jamie Heilman +Link: https://lore.kernel.org/r/YjGzJwjrvxg5YZ0Z@audible.transient.net +[Add a comment and a bit of safety checking, since this is going to be changed + again for IBT support. - Paolo] +Signed-off-by: Paolo Bonzini + + [ bp: Backport only the fastop offset finding - the macros are largely + simplified in + + 79629181607e ("KVM: emulate: do not adjust size of fastop and setcc subroutines") + + so no need to backport pieces which will get removed anyway. ] + +--- + arch/x86/kvm/emulate.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c +index 5719d8cfdbd9..e86d610dc6b7 100644 +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -1047,7 +1062,7 @@ static int em_bsr_c(struct x86_emulate_ctxt *ctxt) + static __always_inline u8 test_cc(unsigned int condition, unsigned long flags) + { + u8 rc; +- void (*fop)(void) = (void *)em_setcc + 4 * (condition & 0xf); ++ void (*fop)(void) = (void *)em_setcc + SETCC_ALIGN * (condition & 0xf); + + flags = (flags & EFLAGS_MASK) | X86_EFLAGS_IF; + asm("push %[flags]; popf; " CALL_NOSPEC + diff --git a/patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch b/patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch new file mode 100644 index 0000000..320911e --- /dev/null +++ b/patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch @@ -0,0 +1,62 @@ +From: Josh Poimboeuf +Date: Mon, 18 Jul 2022 07:50:25 -0700 +Subject: lkdtm: Disable return thunks in rodata.c +Git-commit: efc72a665a61fd48c462f5248a9e3dc991398ddd +Patch-mainline: v5.19-rc8 +References: bsc#1114648 + +The following warning was seen: + + WARNING: CPU: 0 PID: 0 at arch/x86/kernel/alternative.c:557 apply_returns (arch/x86/kernel/alternative.c:557 (discriminator 1)) + Modules linked in: + CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc4-00008-gee88d363d156 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014 + RIP: 0010:apply_returns (arch/x86/kernel/alternative.c:557 (discriminator 1)) + Code: ff ff 74 cb 48 83 c5 04 49 39 ee 0f 87 81 fe ff ff e9 22 ff ff ff 0f 0b 48 83 c5 04 49 39 ee 0f 87 6d fe ff ff e9 0e ff ff ff <0f> 0b 48 83 c5 04 49 39 ee 0f 87 59 fe ff ff e9 fa fe ff ff 48 89 + +The warning happened when apply_returns() failed to convert "JMP +__x86_return_thunk" to RET. It was instead a JMP to nowhere, due to the +thunk relocation not getting resolved. + +That rodata.o code is objcopy'd to .rodata, and later memcpy'd, so +relocations don't work (and are apparently silently ignored). + +LKDTM is only used for testing, so the naked RET should be fine. So +just disable return thunks for that file. + +While at it, disable objtool and KCSAN for the file. + +Fixes: 0b53c374b9ef ("x86/retpoline: Use -mfunction-return") +Reported-by: kernel test robot +Debugged-by: Peter Zijlstra +Signed-off-by: Josh Poimboeuf +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lore.kernel.org/lkml/Ys58BxHxoDZ7rfpr@xsang-OptiPlex-9020/ + +Acked-by: Borislav Petkov +--- + arch/x86/Makefile | 2 ++ + drivers/misc/Makefile | 1 + + 2 files changed, 3 insertions(+) + +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -236,6 +236,8 @@ endif + RETHUNK_CFLAGS := -mfunction-return=thunk-extern + RETPOLINE_CFLAGS += $(RETHUNK_CFLAGS) + ++export RETHUNK_CFLAGS ++ + # for vdso Makefile to exclude + export RETPOLINE_CFLAGS + +--- a/drivers/misc/Makefile ++++ b/drivers/misc/Makefile +@@ -64,6 +64,7 @@ lkdtm-$(CONFIG_LKDTM) += lkdtm_rodata_o + lkdtm-$(CONFIG_LKDTM) += lkdtm_usercopy.o + + KCOV_INSTRUMENT_lkdtm_rodata.o := n ++CFLAGS_REMOVE_lkdtm_rodata.o += $(RETHUNK_CFLAGS) + + OBJCOPYFLAGS := + OBJCOPYFLAGS_lkdtm_rodata_objcopy.o := \ diff --git a/patches.suse/media-dib8000-Fix-a-memleak-in-dib8000_init.patch b/patches.suse/media-dib8000-Fix-a-memleak-in-dib8000_init.patch new file mode 100644 index 0000000..d981451 --- /dev/null +++ b/patches.suse/media-dib8000-Fix-a-memleak-in-dib8000_init.patch @@ -0,0 +1,54 @@ +From 8dbdcc7269a83305ee9d677b75064d3530a48ee2 Mon Sep 17 00:00:00 2001 +From: Zhou Qingyang +Date: Tue, 30 Nov 2021 16:38:05 +0100 +Subject: [PATCH] media: dib8000: Fix a memleak in dib8000_init() +Git-commit: 8dbdcc7269a83305ee9d677b75064d3530a48ee2 +References: git-fixes +Patch-mainline: v5.17-rc1 + +In dib8000_init(), the variable fe is not freed or passed out on the +failure of dib8000_identify(&state->i2c), which could lead to a memleak. + +Fix this bug by adding a kfree of fe in the error path. + +This bug was found by a static analyzer. The analysis employs +differential checking to identify inconsistent security operations +(e.g., checks or kfrees) between two code paths and confirms that the +inconsistent operations are not recovered in the current function or +the callers, so they constitute bugs. + +Note that, as a bug found by static analysis, it can be a false +positive or hard to trigger. Multiple researchers have cross-reviewed +the bug. + +Builds with CONFIG_DVB_DIB8000=m show no new warnings, +and our static analyzer no longer warns about this code. + +Fixes: 77e2c0f5d471 ("V4L/DVB (12900): DiB8000: added support for DiBcom ISDB-T/ISDB-Tsb demodulator DiB8000") +Signed-off-by: Zhou Qingyang +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/dvb-frontends/dib8000.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c +index bb02354a48b8..d67f2dd997d0 100644 +--- a/drivers/media/dvb-frontends/dib8000.c ++++ b/drivers/media/dvb-frontends/dib8000.c +@@ -4473,8 +4473,10 @@ static struct dvb_frontend *dib8000_init(struct i2c_adapter *i2c_adap, u8 i2c_ad + + state->timf_default = cfg->pll->timf; + +- if (dib8000_identify(&state->i2c) == 0) ++ if (dib8000_identify(&state->i2c) == 0) { ++ kfree(fe); + goto error; ++ } + + dibx000_init_i2c_master(&state->i2c_master, DIB8000, state->i2c.adap, state->i2c.addr); + +-- +2.35.3 + diff --git a/patches.suse/media-saa7146-mxb-Fix-a-NULL-pointer-dereference-in-.patch b/patches.suse/media-saa7146-mxb-Fix-a-NULL-pointer-dereference-in-.patch new file mode 100644 index 0000000..f249807 --- /dev/null +++ b/patches.suse/media-saa7146-mxb-Fix-a-NULL-pointer-dereference-in-.patch @@ -0,0 +1,64 @@ +From 0407c49ebe330333478440157c640fffd986f41b Mon Sep 17 00:00:00 2001 +From: Zhou Qingyang +Date: Tue, 30 Nov 2021 17:34:44 +0100 +Subject: [PATCH] media: saa7146: mxb: Fix a NULL pointer dereference in + mxb_attach() +Git-commit: 0407c49ebe330333478440157c640fffd986f41b +References: git-fixes +Patch-mainline: v5.17-rc1 + +In mxb_attach(dev, info), saa7146_vv_init() is called to allocate a +new memory for dev->vv_data. saa7146_vv_release() will be called on +failure of mxb_probe(dev). There is a dereference of dev->vv_data +in saa7146_vv_release(), which could lead to a NULL pointer dereference +on failure of saa7146_vv_init(). + +Fix this bug by adding a check of saa7146_vv_init(). + +This bug was found by a static analyzer. The analysis employs +differential checking to identify inconsistent security operations +(e.g., checks or kfrees) between two code paths and confirms that the +inconsistent operations are not recovered in the current function or +the callers, so they constitute bugs. + +Note that, as a bug found by static analysis, it can be a false +positive or hard to trigger. Multiple researchers have cross-reviewed +the bug. + +Builds with CONFIG_VIDEO_MXB=m show no new warnings, +and our static analyzer no longer warns about this code. + +Fixes: 03b1930efd3c ("V4L/DVB: saa7146: fix regression of the av7110/budget-av driver") +Signed-off-by: Zhou Qingyang +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/pci/saa7146/mxb.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/pci/saa7146/mxb.c b/drivers/media/pci/saa7146/mxb.c +index 73fc901ecf3d..bf0b9b0914cd 100644 +--- a/drivers/media/pci/saa7146/mxb.c ++++ b/drivers/media/pci/saa7146/mxb.c +@@ -683,10 +683,16 @@ static struct saa7146_ext_vv vv_data; + static int mxb_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info) + { + struct mxb *mxb; ++ int ret; + + DEB_EE("dev:%p\n", dev); + +- saa7146_vv_init(dev, &vv_data); ++ ret = saa7146_vv_init(dev, &vv_data); ++ if (ret) { ++ ERR("Error in saa7146_vv_init()"); ++ return ret; ++ } ++ + if (mxb_probe(dev)) { + saa7146_vv_release(dev); + return -1; +-- +2.35.3 + diff --git a/patches.suse/media-uvcvideo-fix-division-by-zero-at-stream-start.patch b/patches.suse/media-uvcvideo-fix-division-by-zero-at-stream-start.patch new file mode 100644 index 0000000..3c3c2c8 --- /dev/null +++ b/patches.suse/media-uvcvideo-fix-division-by-zero-at-stream-start.patch @@ -0,0 +1,47 @@ +From 8aa637bf6d70d2fb2ad4d708d8b9dd02b1c095df Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 26 Oct 2021 11:55:11 +0200 +Subject: [PATCH] media: uvcvideo: fix division by zero at stream start +Git-commit: 8aa637bf6d70d2fb2ad4d708d8b9dd02b1c095df +References: git-fixes +Patch-mainline: v5.17-rc1 + +Add the missing bulk-endpoint max-packet sanity check to +uvc_video_start_transfer() to avoid division by zero in +uvc_alloc_urb_buffers() in case a malicious device has broken +descriptors (or when doing descriptor fuzz testing). + +Note that USB core will reject URBs submitted for endpoints with zero +wMaxPacketSize but that drivers doing packet-size calculations still +need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip +endpoint descriptors with maxpacket=0")). + +Fixes: c0efd232929c ("V4L/DVB (8145a): USB Video Class driver") +Cc: stable@vger.kernel.org # 2.6.26 +Signed-off-by: Johan Hovold +Reviewed-by: Kieran Bingham +Signed-off-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/usb/uvc/uvc_video.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c +index 9f37eaf28ce7..1b4cc934109e 100644 +--- a/drivers/media/usb/uvc/uvc_video.c ++++ b/drivers/media/usb/uvc/uvc_video.c +@@ -1963,6 +1963,10 @@ static int uvc_video_start_transfer(struct uvc_streaming *stream, + if (ep == NULL) + return -EIO; + ++ /* Reject broken descriptors. */ ++ if (usb_endpoint_maxp(&ep->desc) == 0) ++ return -EIO; ++ + ret = uvc_init_video_bulk(stream, ep, gfp_flags); + } + +-- +2.35.3 + diff --git a/patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch b/patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch index c01752d..b11a94d 100644 --- a/patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch +++ b/patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch @@ -30,13 +30,20 @@ Link: https://lore.kernel.org/r/20220502074255.16901-1-decui@microsoft.com Signed-off-by: Wei Liu Acked-by: Olaf Hering --- - drivers/pci/host/pci-hyperv.c | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) + drivers/pci/host/pci-hyperv.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) -diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c --- a/drivers/pci/host/pci-hyperv.c +++ b/drivers/pci/host/pci-hyperv.c -@@ -2103,12 +2103,17 @@ static void prepopulate_bars(struct hv_pcibus_device *hbus) +@@ -1401,7 +1401,6 @@ static void prepopulate_bars(struct hv_p + struct hv_pci_dev *hpdev; + unsigned long flags; + u64 bar_val; +- u32 command; + bool high; + int i; + +@@ -1459,12 +1458,17 @@ static void prepopulate_bars(struct hv_p } } if (high_size <= 1 && low_size <= 1) { diff --git a/patches.suse/powerpc-fadump-fix-PT_LOAD-segment-for-boot-memory-a.patch b/patches.suse/powerpc-fadump-fix-PT_LOAD-segment-for-boot-memory-a.patch new file mode 100644 index 0000000..c5fce0b --- /dev/null +++ b/patches.suse/powerpc-fadump-fix-PT_LOAD-segment-for-boot-memory-a.patch @@ -0,0 +1,62 @@ +From 15eb77f873255cf9f4d703b63cfbd23c46579654 Mon Sep 17 00:00:00 2001 +From: Hari Bathini +Date: Wed, 6 Apr 2022 15:08:37 +0530 +Subject: [PATCH] powerpc/fadump: fix PT_LOAD segment for boot memory area + +References: bsc#1103269 ltc#169948 git-fixes +Patch-mainline: v5.19-rc1 +Git-commit: 15eb77f873255cf9f4d703b63cfbd23c46579654 + +Boot memory area is setup as separate PT_LOAD segment in the vmcore +as it is moved by f/w, on crash, to a destination address provided by +the kernel. Having separate PT_LOAD segment helps in handling the +different physical address and offset for boot memory area in the +vmcore. + +Commit ced1bf52f477 ("powerpc/fadump: merge adjacent memory ranges to +reduce PT_LOAD segements") inadvertly broke this pre-condition for +cases where some of the first kernel memory is available adjacent to +boot memory area. This scenario is rare but possible when memory for +fadump could not be reserved adjacent to boot memory area owing to +memory hole or such. Reading memory from a vmcore exported in such +scenario provides incorrect data. Fix it by ensuring no other region +is folded into boot memory area. + +Fixes: ced1bf52f477 ("powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements") +Signed-off-by: Hari Bathini +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220406093839.206608-2-hbathini@linux.ibm.com +[ms: we don't have boot_mem_top, use boot_memory_size instead] +Acked-by: Michal Suchanek +--- + arch/powerpc/kernel/fadump.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c +--- a/arch/powerpc/kernel/fadump.c ++++ b/arch/powerpc/kernel/fadump.c +@@ -867,7 +867,6 @@ static int fadump_alloc_mem_ranges(struct fadump_mrange_info *mrange_info) + sizeof(struct fadump_memory_range)); + return 0; + } +- + static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info, + u64 base, u64 end) + { +@@ -886,7 +885,12 @@ static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info, + start = mem_ranges[mrange_info->mem_range_cnt - 1].base; + size = mem_ranges[mrange_info->mem_range_cnt - 1].size; + +- if ((start + size) == base) ++ /* ++ * Boot memory area needs separate PT_LOAD segment(s) as it ++ * is moved to a different location at the time of crash. ++ * So, fold only if the region is not boot memory area. ++ */ ++ if ((start + size) == base && start >= fw_dump.boot_memory_size) + is_adjacent = true; + } + if (!is_adjacent) { +-- +2.35.3 + diff --git a/patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch b/patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch index c53f8fc..a6d0c36 100644 --- a/patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch +++ b/patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch @@ -103,8 +103,8 @@ Acked-by: Michal Suchanek +static atomic_t cpus_in_fadump; + static DEFINE_MUTEX(fadump_mutex); - struct fad_crash_memory_ranges *crash_memory_ranges; - int crash_memory_ranges_size; + struct fadump_mrange_info crash_mrange_info = { "crash", NULL, 0, 0, 0 }; + @@ -665,8 +675,11 @@ static int register_fw_dump(struct fadum void crash_fadump(struct pt_regs *regs, const char *str) diff --git a/patches.suse/powerpc-fadump-make-crash-memory-ranges-array-alloca.patch b/patches.suse/powerpc-fadump-make-crash-memory-ranges-array-alloca.patch new file mode 100644 index 0000000..a665270 --- /dev/null +++ b/patches.suse/powerpc-fadump-make-crash-memory-ranges-array-alloca.patch @@ -0,0 +1,277 @@ +From e4fc48fb4d34f7e7d42eb980a9c130bb93aba3b9 Mon Sep 17 00:00:00 2001 +From: Hari Bathini +Date: Wed, 11 Sep 2019 20:25:05 +0530 +Subject: [PATCH] powerpc/fadump: make crash memory ranges array allocation + generic + +References: bsc#1103269 ltc#169948 git-fixes +Patch-mainline: v5.4-rc1 +Git-commit: e4fc48fb4d34f7e7d42eb980a9c130bb93aba3b9 + +Make allocate_crash_memory_ranges() and free_crash_memory_ranges() +functions generic to reuse them for memory management of all types of +dynamic memory range arrays. This change helps in memory management +of reserved ranges array to be added later. + +Signed-off-by: Hari Bathini +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/156821369863.5656.4375667005352155892.stgit@hbathini.in.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/include/asm/fadump-internal.h | 15 ++- + arch/powerpc/kernel/fadump.c | 113 +++++++++++---------- + 2 files changed, 72 insertions(+), 56 deletions(-) + +diff --git a/arch/powerpc/include/asm/fadump-internal.h b/arch/powerpc/include/asm/fadump-internal.h +--- a/arch/powerpc/include/asm/fadump.h ++++ b/arch/powerpc/include/asm/fadump.h +@@ -72,9 +72,18 @@ struct fadump_crash_info_header { + struct cpumask online_mask; + }; + +-struct fad_crash_memory_ranges { +- unsigned long long base; +- unsigned long long size; ++struct fadump_memory_range { ++ u64 base; ++ u64 size; ++}; ++ ++/* fadump memory ranges info */ ++struct fadump_mrange_info { ++ char name[16]; ++ struct fadump_memory_range *mem_ranges; ++ u32 mem_ranges_sz; ++ u32 mem_range_cnt; ++ u32 max_mem_ranges; + }; + + extern int is_fadump_memory_area(u64 addr, ulong size); +diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c +--- a/arch/powerpc/kernel/fadump.c ++++ b/arch/powerpc/kernel/fadump.c +@@ -35,10 +35,7 @@ + #endif + + static DEFINE_MUTEX(fadump_mutex); +-struct fad_crash_memory_ranges *crash_memory_ranges; +-int crash_memory_ranges_size; +-int crash_mem_ranges; +-int max_crash_mem_ranges; ++struct fadump_mrange_info crash_mrange_info = { "crash", NULL, 0, 0, 0 }; + + #ifdef CONFIG_CMA + /* +@@ -629,46 +626,48 @@ void fadump_free_cpu_notes_buf(void) + return 0; + } + +-static void free_crash_memory_ranges(void) ++static void fadump_free_mem_ranges(struct fadump_mrange_info *mrange_info) + { +- kfree(crash_memory_ranges); +- crash_memory_ranges = NULL; +- crash_memory_ranges_size = 0; +- max_crash_mem_ranges = 0; ++ kfree(mrange_info->mem_ranges); ++ mrange_info->mem_ranges = NULL; ++ mrange_info->mem_ranges_sz = 0; ++ mrange_info->max_mem_ranges = 0; + } + + /* +- * Allocate or reallocate crash memory ranges array in incremental units ++ * Allocate or reallocate mem_ranges array in incremental units + * of PAGE_SIZE. + */ +-static int allocate_crash_memory_ranges(void) ++static int fadump_alloc_mem_ranges(struct fadump_mrange_info *mrange_info) + { +- struct fad_crash_memory_ranges *new_array; ++ struct fadump_memory_range *new_array; + u64 new_size; + +- new_size = crash_memory_ranges_size + PAGE_SIZE; +- pr_debug("Allocating %llu bytes of memory for crash memory ranges\n", +- new_size); ++ new_size = mrange_info->mem_ranges_sz + PAGE_SIZE; ++ pr_debug("Allocating %llu bytes of memory for %s memory ranges\n", ++ new_size, mrange_info->name); + +- new_array = krealloc(crash_memory_ranges, new_size, GFP_KERNEL); ++ new_array = krealloc(mrange_info->mem_ranges, new_size, GFP_KERNEL); + if (new_array == NULL) { +- pr_err("Insufficient memory for setting up crash memory ranges\n"); +- free_crash_memory_ranges(); ++ pr_err("Insufficient memory for setting up %s memory ranges\n", ++ mrange_info->name); ++ fadump_free_mem_ranges(mrange_info); + return -ENOMEM; + } + +- crash_memory_ranges = new_array; +- crash_memory_ranges_size = new_size; +- max_crash_mem_ranges = (new_size / +- sizeof(struct fad_crash_memory_ranges)); ++ mrange_info->mem_ranges = new_array; ++ mrange_info->mem_ranges_sz = new_size; ++ mrange_info->max_mem_ranges = (new_size / ++ sizeof(struct fadump_memory_range)); + return 0; + } + +-static inline int fadump_add_crash_memory(unsigned long long base, +- unsigned long long end) ++static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info, ++ u64 base, u64 end) + { +- u64 start, size; ++ struct fadump_memory_range *mem_ranges = mrange_info->mem_ranges; + bool is_adjacent = false; ++ u64 start, size; + + if (base == end) + return 0; +@@ -677,38 +676,41 @@ static inline int fadump_add_crash_memory(unsigned long long base, + * Fold adjacent memory ranges to bring down the memory ranges/ + * PT_LOAD segments count. + */ +- if (crash_mem_ranges) { +- start = crash_memory_ranges[crash_mem_ranges - 1].base; +- size = crash_memory_ranges[crash_mem_ranges - 1].size; ++ if (mrange_info->mem_range_cnt) { ++ start = mem_ranges[mrange_info->mem_range_cnt - 1].base; ++ size = mem_ranges[mrange_info->mem_range_cnt - 1].size; + + if ((start + size) == base) + is_adjacent = true; + } + if (!is_adjacent) { + /* resize the array on reaching the limit */ +- if (crash_mem_ranges == max_crash_mem_ranges) { ++ if (mrange_info->mem_range_cnt == mrange_info->max_mem_ranges) { + int ret; + +- ret = allocate_crash_memory_ranges(); ++ ret = fadump_alloc_mem_ranges(mrange_info); + if (ret) + return ret; ++ ++ /* Update to the new resized array */ ++ mem_ranges = mrange_info->mem_ranges; + } + + start = base; +- crash_memory_ranges[crash_mem_ranges].base = start; +- crash_mem_ranges++; ++ mem_ranges[mrange_info->mem_range_cnt].base = start; ++ mrange_info->mem_range_cnt++; + } + +- crash_memory_ranges[crash_mem_ranges - 1].size = (end - start); +- pr_debug("crash_memory_range[%d] [%#016llx-%#016llx], %#llx bytes\n", +- (crash_mem_ranges - 1), start, end - 1, (end - start)); ++ mem_ranges[mrange_info->mem_range_cnt - 1].size = (end - start); ++ pr_debug("%s_memory_range[%d] [%#016llx-%#016llx], %#llx bytes\n", ++ mrange_info->name, (mrange_info->mem_range_cnt - 1), ++ start, end - 1, (end - start)); + return 0; + } + +-static int fadump_exclude_reserved_area(unsigned long long start, +- unsigned long long end) ++static int fadump_exclude_reserved_area(u64 start, u64 end) + { +- unsigned long long ra_start, ra_end; ++ u64 ra_start, ra_end; + int ret = 0; + + ra_start = fw_dump.reserve_dump_area_start; +@@ -716,18 +718,22 @@ static int fadump_exclude_reserved_area(unsigned long long start, + + if ((ra_start < end) && (ra_end > start)) { + if ((start < ra_start) && (end > ra_end)) { +- ret = fadump_add_crash_memory(start, ra_start); ++ ret = fadump_add_mem_range(&crash_mrange_info, ++ start, ra_start); + if (ret) + return ret; + +- ret = fadump_add_crash_memory(ra_end, end); ++ ret = fadump_add_mem_range(&crash_mrange_info, ++ ra_end, end); + } else if (start < ra_start) { +- ret = fadump_add_crash_memory(start, ra_start); ++ ret = fadump_add_mem_range(&crash_mrange_info, ++ start, ra_start); + } else if (ra_end < end) { +- ret = fadump_add_crash_memory(ra_end, end); ++ ret = fadump_add_mem_range(&crash_mrange_info, ++ ra_end, end); + } + } else +- ret = fadump_add_crash_memory(start, end); ++ ret = fadump_add_mem_range(&crash_mrange_info, start, end); + + return ret; + } +@@ -772,11 +778,11 @@ static int fadump_init_elfcore_header(char *bufp) + static int fadump_setup_crash_memory_ranges(void) + { + struct memblock_region *reg; +- unsigned long long start, end; ++ u64 start, end; + int ret; + + pr_debug("Setup crash memory ranges.\n"); +- crash_mem_ranges = 0; ++ crash_mrange_info.mem_range_cnt = 0; + + /* + * add the first memory chunk (RMA_START through boot_memory_size) as +@@ -785,13 +791,14 @@ static int fadump_setup_crash_memory_ranges(void) + * specified during fadump registration. We need to create a separate + * program header for this chunk with the correct offset. + */ +- ret = fadump_add_crash_memory(RMA_START, fw_dump.boot_memory_size); ++ ret = fadump_add_mem_range(&crash_mrange_info, ++ RMA_START, fw_dump.boot_memory_size); + if (ret) + return ret; + + for_each_memblock(memory, reg) { +- start = (unsigned long long)reg->base; +- end = start + (unsigned long long)reg->size; ++ start = (u64)reg->base; ++ end = start + (u64)reg->size; + + /* + * skip the first memory chunk that is already added (RMA_START +@@ -876,11 +883,11 @@ static int fadump_create_elfcore_headers(char *bufp) + + /* setup PT_LOAD sections. */ + +- for (i = 0; i < crash_mem_ranges; i++) { +- unsigned long long mbase, msize; +- mbase = crash_memory_ranges[i].base; +- msize = crash_memory_ranges[i].size; ++ for (i = 0; i < crash_mrange_info.mem_range_cnt; i++) { ++ u64 mbase, msize; + ++ mbase = crash_mrange_info.mem_ranges[i].base; ++ msize = crash_mrange_info.mem_ranges[i].size; + if (!msize) + continue; + +@@ -973,7 +980,7 @@ void fadump_cleanup(void) + } else if (fw_dump.dump_registered) { + /* Un-register Firmware-assisted dump if it was registered. */ + fadump_unregister_dump(&fdm); +- free_crash_memory_ranges(); ++ fadump_free_mem_ranges(&crash_mrange_info); + } + } + +-- +2.35.3 + diff --git a/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch b/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch index 85d8d2c..a75f33b 100644 --- a/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch +++ b/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch @@ -20,23 +20,27 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org --- arch/x86/boot/compressed/efi_thunk_64.S | 2 - arch/x86/boot/compressed/mem_encrypt.S | 4 +- + arch/x86/crypto/aes-x86_64-asm_64.S | 2 - arch/x86/crypto/aes_ctrby8_avx-x86_64.S | 2 - arch/x86/crypto/aesni-intel_asm.S | 42 +++++++++++++-------------- arch/x86/crypto/blowfish-x86_64-asm_64.S | 12 +++---- - arch/x86/crypto/camellia-aesni-avx-asm_64.S | 14 ++++----- - arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 14 ++++----- + arch/x86/crypto/camellia-aesni-avx-asm_64.S | 18 +++++------ + arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 18 +++++------ + arch/x86/crypto/camellia-x86_64-asm_64.S | 12 +++---- arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 12 +++---- - arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 10 +++--- + arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 16 +++++----- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 2 - arch/x86/crypto/crct10dif-pcl-asm_64.S | 2 - arch/x86/crypto/des3_ede-asm_64.S | 4 +- arch/x86/crypto/ghash-clmulni-intel_asm.S | 6 +-- - arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 10 +++--- - arch/x86/crypto/serpent-avx2-asm_64.S | 10 +++--- + arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 16 +++++----- + arch/x86/crypto/serpent-avx2-asm_64.S | 16 +++++----- + arch/x86/crypto/serpent-sse2-i586-asm_32.S | 6 +-- + arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 6 +-- arch/x86/crypto/sha512-avx-asm.S | 2 - arch/x86/crypto/sha512-avx2-asm.S | 2 - arch/x86/crypto/sha512-ssse3-asm.S | 2 - - arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 10 +++--- + arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 16 +++++----- arch/x86/crypto/twofish-i586-asm_32.S | 4 +- arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 6 +-- arch/x86/crypto/twofish-x86_64-asm_64.S | 4 +- @@ -51,6 +55,7 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org arch/x86/kernel/verify_cpu.S | 4 +- arch/x86/lib/atomic64_386_32.S | 2 - arch/x86/lib/atomic64_cx8_32.S | 16 +++++----- + arch/x86/lib/checksum_32.S | 8 ++--- arch/x86/lib/cmpxchg8b_emu.S | 4 +- arch/x86/lib/copy_page_64.S | 4 +- arch/x86/lib/copy_user_64.S | 8 ++--- @@ -80,7 +85,7 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org arch/x86/um/checksum_32.S | 4 +- arch/x86/um/setjmp_32.S | 2 - arch/x86/um/setjmp_64.S | 2 - - 62 files changed, 193 insertions(+), 193 deletions(-) + 67 files changed, 226 insertions(+), 226 deletions(-) --- a/arch/x86/boot/compressed/efi_thunk_64.S +++ b/arch/x86/boot/compressed/efi_thunk_64.S @@ -315,6 +320,17 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(aesni_xts_decrypt) #endif +--- a/arch/x86/crypto/aes-x86_64-asm_64.S ++++ b/arch/x86/crypto/aes-x86_64-asm_64.S +@@ -77,7 +77,7 @@ + movl r6 ## E,4(r9); \ + movl r7 ## E,8(r9); \ + movl r8 ## E,12(r9); \ +- ret; \ ++ RET; \ + ENDPROC(FUNC); + + #define round(TAB,OFFSET,r1,r2,r3,r4,r5,r6,r7,r8,ra,rb,rc,rd) \ --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -150,10 +150,10 @@ ENTRY(__blowfish_enc_blk) @@ -428,6 +444,24 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(camellia_cbc_dec_32way) #define inc_le128(x, minus_one, tmp) \ +@@ -1204,7 +1204,7 @@ ENTRY(camellia_ctr_32way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(camellia_ctr_32way) + + #define gf128mul_x_ble(iv, mask, tmp) \ +@@ -1371,7 +1371,7 @@ camellia_xts_crypt_32way: + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(camellia_xts_crypt_32way) + + ENTRY(camellia_xts_enc_32way) --- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S +++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S @@ -193,7 +193,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_ @@ -493,6 +527,75 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(camellia_cbc_dec_16way) #define inc_le128(x, minus_one, tmp) \ +@@ -1109,7 +1109,7 @@ ENTRY(camellia_ctr_16way) + %xmm8, %rsi); + + FRAME_END +- ret; ++ RET; + ENDPROC(camellia_ctr_16way) + + #define gf128mul_x_ble(iv, mask, tmp) \ +@@ -1253,7 +1253,7 @@ camellia_xts_crypt_16way: + %xmm8, %rsi); + + FRAME_END +- ret; ++ RET; + ENDPROC(camellia_xts_crypt_16way) + + ENTRY(camellia_xts_enc_16way) +--- a/arch/x86/crypto/camellia-x86_64-asm_64.S ++++ b/arch/x86/crypto/camellia-x86_64-asm_64.S +@@ -228,13 +228,13 @@ ENTRY(__camellia_enc_blk) + enc_outunpack(mov, RT1); + + movq RR12, %r12; +- ret; ++ RET; + + .L__enc_xor: + enc_outunpack(xor, RT1); + + movq RR12, %r12; +- ret; ++ RET; + ENDPROC(__camellia_enc_blk) + + ENTRY(camellia_dec_blk) +@@ -272,7 +272,7 @@ ENTRY(camellia_dec_blk) + dec_outunpack(); + + movq RR12, %r12; +- ret; ++ RET; + ENDPROC(camellia_dec_blk) + + /********************************************************************** +@@ -463,14 +463,14 @@ ENTRY(__camellia_enc_blk_2way) + + movq RR12, %r12; + popq %rbx; +- ret; ++ RET; + + .L__enc2_xor: + enc_outunpack2(xor, RT2); + + movq RR12, %r12; + popq %rbx; +- ret; ++ RET; + ENDPROC(__camellia_enc_blk_2way) + + ENTRY(camellia_dec_blk_2way) +@@ -510,5 +510,5 @@ ENTRY(camellia_dec_blk_2way) + + movq RR12, %r12; + movq RXOR, %rbx; +- ret; ++ RET; + ENDPROC(camellia_dec_blk_2way) --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S @@ -294,7 +294,7 @@ __cast5_enc_blk16: @@ -594,6 +697,31 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(cast6_cbc_dec_8way) ENTRY(cast6_ctr_8way) +@@ -453,7 +453,7 @@ ENTRY(cast6_ctr_8way) + popq %r15; + popq %r12; + FRAME_END +- ret; ++ RET; + ENDPROC(cast6_ctr_8way) + + ENTRY(cast6_xts_enc_8way) +@@ -480,7 +480,7 @@ ENTRY(cast6_xts_enc_8way) + + popq %r15; + FRAME_END +- ret; ++ RET; + ENDPROC(cast6_xts_enc_8way) + + ENTRY(cast6_xts_dec_8way) +@@ -507,5 +507,5 @@ ENTRY(cast6_xts_dec_8way) + + popq %r15; + FRAME_END +- ret; ++ RET; + ENDPROC(cast6_xts_dec_8way) --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -310,7 +310,7 @@ do_return: @@ -710,6 +838,31 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(serpent_cbc_dec_16way) ENTRY(serpent_ctr_16way) +@@ -762,7 +762,7 @@ ENTRY(serpent_ctr_16way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_ctr_16way) + + ENTRY(serpent_xts_enc_16way) +@@ -788,7 +788,7 @@ ENTRY(serpent_xts_enc_16way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_enc_16way) + + ENTRY(serpent_xts_dec_16way) +@@ -814,5 +814,5 @@ ENTRY(serpent_xts_dec_16way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_dec_16way) --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S @@ -620,7 +620,7 @@ __serpent_enc_blk8_avx: @@ -757,6 +910,80 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(serpent_cbc_dec_8way_avx) ENTRY(serpent_ctr_8way_avx) +@@ -748,7 +748,7 @@ ENTRY(serpent_ctr_8way_avx) + store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_ctr_8way_avx) + + ENTRY(serpent_xts_enc_8way_avx) +@@ -770,7 +770,7 @@ ENTRY(serpent_xts_enc_8way_avx) + store_xts_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_enc_8way_avx) + + ENTRY(serpent_xts_dec_8way_avx) +@@ -792,5 +792,5 @@ ENTRY(serpent_xts_dec_8way_avx) + store_xts_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_dec_8way_avx) +--- a/arch/x86/crypto/serpent-sse2-i586-asm_32.S ++++ b/arch/x86/crypto/serpent-sse2-i586-asm_32.S +@@ -568,12 +568,12 @@ ENTRY(__serpent_enc_blk_4way) + + write_blocks(%eax, RA, RB, RC, RD, RT0, RT1, RE); + +- ret; ++ RET; + + .L__enc_xor4: + xor_blocks(%eax, RA, RB, RC, RD, RT0, RT1, RE); + +- ret; ++ RET; + ENDPROC(__serpent_enc_blk_4way) + + ENTRY(serpent_dec_blk_4way) +@@ -627,5 +627,5 @@ ENTRY(serpent_dec_blk_4way) + movl arg_dst(%esp), %eax; + write_blocks(%eax, RC, RD, RB, RE, RT0, RT1, RA); + +- ret; ++ RET; + ENDPROC(serpent_dec_blk_4way) +--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S ++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +@@ -690,13 +690,13 @@ ENTRY(__serpent_enc_blk_8way) + write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + +- ret; ++ RET; + + .L__enc_xor8: + xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + +- ret; ++ RET; + ENDPROC(__serpent_enc_blk_8way) + + ENTRY(serpent_dec_blk_8way) +@@ -750,5 +750,5 @@ ENTRY(serpent_dec_blk_8way) + write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); + +- ret; ++ RET; + ENDPROC(serpent_dec_blk_8way) --- a/arch/x86/crypto/sha512-avx2-asm.S +++ b/arch/x86/crypto/sha512-avx2-asm.S @@ -681,7 +681,7 @@ done_hash: @@ -837,6 +1064,31 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(twofish_cbc_dec_8way) ENTRY(twofish_ctr_8way) +@@ -419,7 +419,7 @@ ENTRY(twofish_ctr_8way) + popq %r12; + + FRAME_END +- ret; ++ RET; + ENDPROC(twofish_ctr_8way) + + ENTRY(twofish_xts_enc_8way) +@@ -443,7 +443,7 @@ ENTRY(twofish_xts_enc_8way) + store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + + FRAME_END +- ret; ++ RET; + ENDPROC(twofish_xts_enc_8way) + + ENTRY(twofish_xts_dec_8way) +@@ -467,5 +467,5 @@ ENTRY(twofish_xts_dec_8way) + store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + + FRAME_END +- ret; ++ RET; + ENDPROC(twofish_xts_dec_8way) --- a/arch/x86/crypto/twofish-i586-asm_32.S +++ b/arch/x86/crypto/twofish-i586-asm_32.S @@ -273,7 +273,7 @@ ENTRY(twofish_enc_blk) @@ -1211,6 +1463,44 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org - ret + RET ENDPROC(atomic64_inc_not_zero_cx8) +--- a/arch/x86/lib/checksum_32.S ++++ b/arch/x86/lib/checksum_32.S +@@ -131,7 +131,7 @@ ENTRY(csum_partial) + 8: + popl %ebx + popl %esi +- ret ++ RET + ENDPROC(csum_partial) + + #else +@@ -249,7 +249,7 @@ ENTRY(csum_partial) + 90: + popl %ebx + popl %esi +- ret ++ RET + ENDPROC(csum_partial) + + #endif +@@ -401,7 +401,7 @@ DST( movb %cl, (%edi) ) + popl %esi + popl %edi + popl %ecx # equivalent to addl $4,%esp +- ret ++ RET + ENDPROC(csum_partial_copy_generic) + + #else +@@ -486,7 +486,7 @@ DST( movb %dl, (%edi) ) + popl %esi + popl %edi + popl %ebx +- ret ++ RET + ENDPROC(csum_partial_copy_generic) + + #undef ROUND --- a/arch/x86/lib/cmpxchg8b_emu.S +++ b/arch/x86/lib/cmpxchg8b_emu.S @@ -38,7 +38,7 @@ ENTRY(cmpxchg8b_emu) diff --git a/patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch b/patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch new file mode 100644 index 0000000..d882047 --- /dev/null +++ b/patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch @@ -0,0 +1,37 @@ +From: Peter Zijlstra +Date: Mon, 27 Jun 2022 22:21:17 +0000 +Subject: x86/retbleed: Add fine grained Kconfig knobs +Git-commit: f43b9876e857c739d407bc56df288b0ebe1a9164 +Patch-mainline: v5.19-rc7 +References: bsc#1114648 + +Do fine-grained Kconfig for all the various retbleed parts. + +NOTE: if your compiler doesn't support return thunks this will +silently 'upgrade' your mitigation to IBPB, you might not like this. + +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Borislav Petkov + + [ bp: just the RETPOLINE_CFLAGS changes in order to simplify a later backport. ] +--- +--- + arch/x86/Makefile | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -230,10 +230,12 @@ KBUILD_AFLAGS += $(mflags-y) + # Avoid indirect branches in kernel to deal with Spectre + ifdef CONFIG_RETPOLINE + RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register) +- RETPOLINE_CFLAGS += $(call cc-option,-mfunction-return=thunk-extern) + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE + endif + ++RETHUNK_CFLAGS := -mfunction-return=thunk-extern ++RETPOLINE_CFLAGS += $(RETHUNK_CFLAGS) ++ + # for vdso Makefile to exclude + export RETPOLINE_CFLAGS + diff --git a/series.conf b/series.conf index b1e0563..589cc77 100644 --- a/series.conf +++ b/series.conf @@ -52375,6 +52375,7 @@ patches.suse/powerpc-Add-attributes-for-setjmp-longjmp.patch patches.suse/powerpc-pseries-correctly-track-irq-state-in-default.patch patches.suse/powerpc-xive-Fix-bogus-error-code-returned-by-OPAL.patch + patches.suse/powerpc-fadump-make-crash-memory-ranges-array-alloca.patch patches.suse/powerpc-dump-kernel-log-before-carrying-out-fadump-o.patch patches.suse/vfio_pci-Restore-original-state-on-release.patch patches.suse/clk-qoriq-Fix-Wunused-const-variable.patch @@ -61072,6 +61073,9 @@ patches.suse/media-stk1160-fix-control-message-timeouts.patch patches.suse/media-dmxdev-fix-UAF-when-dvb_register_device-fails.patch patches.suse/media-dib0700-fix-undefined-behavior-in-tuner-shutdo.patch + patches.suse/media-uvcvideo-fix-division-by-zero-at-stream-start.patch + patches.suse/media-dib8000-Fix-a-memleak-in-dib8000_init.patch + patches.suse/media-saa7146-mxb-Fix-a-NULL-pointer-dereference-in-.patch patches.suse/Bluetooth-bfusb-fix-division-by-zero-in-send-path.patch patches.suse/msft-hv-2486-net-mana-Add-XDP-support.patch patches.suse/ibmvnic-Update-driver-return-codes.patch @@ -61255,6 +61259,7 @@ patches.suse/net-bcmgenet-Don-t-claim-WOL-when-its-not-available.patch patches.suse/af_key-add-__GFP_ZERO-flag-for-compose_sadb_supporte.patch patches.suse/Input-aiptek-properly-check-endpoint-type.patch + patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch patches.suse/arm64-module-remove-NOLOAD-from-linker-script.patch patches.suse/arm64-mm-avoid-fixmap-race-condition-when-create-pud-mapping.patch patches.suse/hwrng-cavium-HW_RANDOM_CAVIUM-should-depend-on-ARCH_.patch @@ -61472,6 +61477,7 @@ patches.suse/ext4-avoid-cycles-in-directory-h-tree.patch patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch patches.suse/iomap-iomap_write_failed-fix.patch + patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch patches.suse/scsi-qla2xxx-Remove-free_sg-command-flag.patch patches.suse/scsi-ufs-qcom-Fix-ufs_qcom_resume.patch patches.suse/scsi-qla2xxx-Remove-unneeded-flush_workqueue.patch @@ -61490,6 +61496,7 @@ patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch + patches.suse/powerpc-fadump-fix-PT_LOAD-segment-for-boot-memory-a.patch patches.suse/powerpc-idle-Fix-return-value-of-__setup-handler.patch patches.suse/powerpc-perf-Fix-the-threshold-compare-group-constra.patch patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_spapr_init.patch @@ -61567,10 +61574,13 @@ patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch patches.suse/x86-common-Stamp-out-the-stepping-madness.patch patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch + patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch patches.suse/x86-kexec-disable-ret-on-kexec.patch patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch + patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch patches.suse/serial-mvebu-uart-correctly-report-configured-baudra.patch + patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch patches.suse/netfilter-nf_queue-do-not-allow-packet-truncation-be.patch # jejb/scsi for-next