linux.git/arch, branch v3.18.22

x86/ldt: Correct LDT access in single stepping logic

2015-09-27T16:18:53+00:00

[ Upstream commit 136d9d83c07c5e30ac49fc83b27e8c4842f108fc ]

Commit 37868fe113ff ("x86/ldt: Make modify_ldt synchronous")
introduced a new struct ldt_struct anchored at mm->context.ldt.

convert_ip_to_linear() was changed to reflect this, but indexing
into the ldt has to be changed as the pointer is no longer void *.

Signed-off-by: Juergen Gross 
Reviewed-by: Andy Lutomirski 
Cc:  # On top of: 37868fe113ff: x86/ldt: Make modify_ldt synchronous
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: bp@suse.de
Link: http://lkml.kernel.org/r/1438848278-12906-1-git-send-email-jgross@suse.com
Signed-off-by: Ingo Molnar 
Signed-off-by: Sasha Levin

x86/ldt: Make modify_ldt synchronous

2015-09-27T16:18:53+00:00

[ Upstream commit 37868fe113ff2ba814b3b4eb12df214df555f8dc ]

modify_ldt() has questionable locking and does not synchronize
threads.  Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.

This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.

This fixes some fallout from the CVE-2015-5157 fixes.

Signed-off-by: Andy Lutomirski 
Reviewed-by: Borislav Petkov 
Cc: Andrew Cooper 
Cc: Andy Lutomirski 
Cc: Boris Ostrovsky 
Cc: Borislav Petkov 
Cc: Brian Gerst 
Cc: Denys Vlasenko 
Cc: H. Peter Anvin 
Cc: Jan Beulich 
Cc: Konrad Rzeszutek Wilk 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Sasha Levin 
Cc: Steven Rostedt 
Cc: Thomas Gleixner 
Cc: security@kernel.org 
Cc: 
Cc: xen-devel 
Link: http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.luto@kernel.org
Signed-off-by: Ingo Molnar 
Signed-off-by: Sasha Levin

x86/nmi/64: Switch stacks on userspace NMI entry

2015-09-27T16:18:52+00:00

[ Upstream commit 9b6e6a8334d56354853f9c255d1395c2ba570e0a ]

Returning to userspace is tricky: IRET can fail, and ESPFIX can
rearrange the stack prior to IRET.

The NMI nesting fixup relies on a precise stack layout and
atomic IRET.  Rather than trying to teach the NMI nesting fixup
to handle ESPFIX and failed IRET, punt: run NMIs that came from
user mode on the normal kernel stack.

This will make some nested NMIs visible to C code, but the C
code is okay with that.

As a side effect, this should speed up perf: it eliminates an
RDMSR when NMIs come from user mode.

Signed-off-by: Andy Lutomirski 
Reviewed-by: Steven Rostedt 
Reviewed-by: Borislav Petkov 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar 
Signed-off-by: Sasha Levin

x86/nmi/64: Remove asm code that saves CR2

2015-09-27T16:18:52+00:00

[ Upstream commit 0e181bb58143cb4a2e8f01c281b0816cd0e4798e ]

Now that do_nmi saves CR2, we don't need to save it in asm.

Signed-off-by: Andy Lutomirski 
Reviewed-by: Steven Rostedt 
Acked-by: Borislav Petkov 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar 
Signed-off-by: Sasha Levin

x86/nmi: Enable nested do_nmi() handling for 64-bit kernels

2015-09-27T16:18:52+00:00

[ Upstream commit 9d05041679904b12c12421cbcf9cb5f4860a8d7b ]

32-bit kernels handle nested NMIs in C.  Enable the exact same
handling on 64-bit kernels as well.  This isn't currently
necessary, but it will become necessary once the asm code starts
allowing limited nesting.

Signed-off-by: Andy Lutomirski 
Reviewed-by: Steven Rostedt 
Cc: Borislav Petkov 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar 
Signed-off-by: Sasha Levin

x86/xen: make CONFIG_XEN depend on CONFIG_X86_LOCAL_APIC

2015-09-22T19:20:20+00:00

[ Upstream commit 87ffd2b9bb74061c120f450e4d0f3409bb603ae0 ]

Since commit feb44f1f7a4ac299d1ab1c3606860e70b9b89d69 (x86/xen:
Provide a "Xen PV" APIC driver to support >255 VCPUs) Xen guests need
a full APIC driver and thus should depend on X86_LOCAL_APIC.

This fixes an i386 build failure with !SMP && !CONFIG_X86_UP_APIC by
disabling Xen support in this configuration.

Users needing Xen support in a non-SMP i386 kernel will need to enable
CONFIG_X86_UP_APIC.

Signed-off-by: David Vrabel 
Cc: 
Signed-off-by: Sasha Levin

arm64: KVM: Fix host crash when injecting a fault into a 32bit guest

2015-09-22T19:20:20+00:00

[ Upstream commit 126c69a0bd0e441bf6766a5d9bf20de011be9f68 ]

When injecting a fault into a misbehaving 32bit guest, it seems
rather idiotic to also inject a 64bit fault that is only going
to corrupt the guest state. This leads to a situation where we
perform an illegal exception return at EL2 causing the host
to crash instead of killing the guest.

Just fix the stupid bug that has been there from day 1.

Cc: 
Reported-by: Russell King 
Tested-by: Russell King 
Signed-off-by: Marc Zyngier 
Signed-off-by: Will Deacon 
Signed-off-by: Sasha Levin

MIPS: Fix seccomp syscall argument for MIPS64

2015-09-17T05:30:15+00:00

[ Upstream commit 9f161439e4104b641a7bfb9b89581d801159fec8 ]

Commit 4c21b8fd8f14 ("MIPS: seccomp: Handle indirect system calls (o32)")
fixed indirect system calls on O32 but it also introduced a bug for MIPS64
where it erroneously modified the v0 (syscall) register with the assumption
that the sycall offset hasn't been taken into consideration. This breaks
seccomp on MIPS64 n64 and n32 ABIs. We fix this by replacing the addition
with a move instruction.

Fixes: 4c21b8fd8f14 ("MIPS: seccomp: Handle indirect system calls (o32)")
Cc:  # 3.15+
Reviewed-by: James Hogan 
Signed-off-by: Markos Chandras 
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/10951/
Signed-off-by: Ralf Baechle 
Signed-off-by: Sasha Levin

x86/xen: build "Xen PV" APIC driver for domU as well

2015-09-15T17:58:51+00:00

[ Upstream commit fc5fee86bdd3d720e2d1d324e4fae0c35845fa63 ]

It turns out that a PV domU also requires the "Xen PV" APIC
driver. Otherwise, the flat driver is used and we get stuck in busy
loops that never exit, such as in this stack trace:

(gdb) target remote localhost:9999
Remote debugging using localhost:9999
__xapic_wait_icr_idle () at ./arch/x86/include/asm/ipi.h:56
56              while (native_apic_mem_read(APIC_ICR) & APIC_ICR_BUSY)
(gdb) bt
 #0  __xapic_wait_icr_idle () at ./arch/x86/include/asm/ipi.h:56
 #1  __default_send_IPI_shortcut (shortcut=,
dest=, vector=) at
./arch/x86/include/asm/ipi.h:75
 #2  apic_send_IPI_self (vector=246) at arch/x86/kernel/apic/probe_64.c:54
 #3  0xffffffff81011336 in arch_irq_work_raise () at
arch/x86/kernel/irq_work.c:47
 #4  0xffffffff8114990c in irq_work_queue (work=0xffff88000fc0e400) at
kernel/irq_work.c:100
 #5  0xffffffff8110c29d in wake_up_klogd () at kernel/printk/printk.c:2633
 #6  0xffffffff8110ca60 in vprintk_emit (facility=0, level=, dict=0x0 , dictlen=,
fmt=, args=)
    at kernel/printk/printk.c:1778
 #7  0xffffffff816010c8 in printk (fmt=) at
kernel/printk/printk.c:1868
 #8  0xffffffffc00013ea in ?? ()
 #9  0x0000000000000000 in ?? ()

Mailing-list-thread: https://lkml.org/lkml/2015/8/4/755
Signed-off-by: Jason A. Donenfeld 
Cc: 
Signed-off-by: David Vrabel 
Signed-off-by: Sasha Levin

x86/xen: Initialize cr4 shadow for 64-bit PV(H) guests

2015-09-03T14:51:29+00:00

[ Upstream commit 5054daa285beaf706f051fbd395dc36c9f0f907f ]

Commit 1e02ce4cccdc ("x86: Store a per-cpu shadow copy of CR4")
introduced CR4 shadows.

These shadows are initialized in early boot code. The commit missed
initialization for 64-bit PV(H) guests that this patch adds.

Signed-off-by: Boris Ostrovsky 
Signed-off-by: David Vrabel 
Signed-off-by: Sasha Levin