[linux] 02/02: Update to 4.15.2
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Feb 11 08:52:35 UTC 2018
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch master
in repository linux.
commit 2ac5e9851ac1d55010118addbb1d0a6b2e140ac8
Author: Bastian Blank <waldi at debian.org>
Date: Sun Feb 11 09:52:17 2018 +0100
Update to 4.15.2
---
debian/changelog | 64 +++++++-
.../x86-make-x32-syscall-support-conditional.patch | 182 +++++++++------------
2 files changed, 140 insertions(+), 106 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 19255af..62518c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.15.1-1~exp1) UNRELEASED; urgency=medium
+linux (4.15.2-1~exp1) UNRELEASED; urgency=medium
* New upstream release: https://kernelnewbies.org/Linux_4.15
* New upstream stable update:
@@ -58,6 +58,68 @@ linux (4.15.1-1~exp1) UNRELEASED; urgency=medium
- Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
- Input: synaptics-rmi4 - do not delete interrupt memory too early
- x86/efi: Clarify that reset attack mitigation needs appropriate userspace
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.2
+ - KVM: x86: Make indirect calls in emulator speculation safe
+ - KVM: VMX: Make indirect call speculation safe
+ - module/retpoline: Warn about missing retpoline in module
+ - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
+ - x86/cpufeatures: Add Intel feature bits for Speculation Control
+ - x86/cpufeatures: Add AMD feature bits for Speculation Control
+ - x86/msr: Add definitions for new speculation control MSRs
+ - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+ - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
+ - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
+ - x86/alternative: Print unadorned pointers
+ - x86/nospec: Fix header guards names
+ - x86/bugs: Drop one "mitigation" from dmesg
+ - x86/cpu/bugs: Make retpoline module warning conditional
+ - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+ - x86/retpoline: Simplify vmexit_fill_RSB()
+ - x86/speculation: Simplify indirect_branch_prediction_barrier()
+ - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+ - iio: adc/accel: Fix up module licenses
+ - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+ - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+ - KVM: nVMX: Eliminate vmcs02 pool
+ - KVM: VMX: introduce alloc_loaded_vmcs
+ - objtool: Improve retpoline alternative handling
+ - objtool: Add support for alternatives at the end of a section
+ - objtool: Warn on stripped section symbol
+ - x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
+ - x86/spectre: Check CONFIG_RETPOLINE in command line parser
+ - x86/entry/64: Remove the SYSCALL64 fast path
+ - x86/entry/64: Push extra regs right away
+ - x86/asm: Move 'status' from thread_struct to thread_info
+ - Documentation: Document array_index_nospec
+ - array_index_nospec: Sanitize speculative array de-references
+ - x86: Implement array_index_mask_nospec
+ - x86: Introduce barrier_nospec
+ - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+ - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
+ - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
+ - x86/get_user: Use pointer masking to limit speculation
+ - x86/syscall: Sanitize syscall table de-references under speculation
+ - vfs, fdtable: Prevent bounds-check bypass via speculative execution
+ - nl80211: Sanitize array index in parse_txq_params
+ - x86/spectre: Report get_user mitigation for spectre_v1
+ - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
+ - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
+ - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
+ - x86/paravirt: Remove 'noreplace-paravirt' cmdline option
+ - KVM: VMX: make MSR bitmaps per-VCPU
+ - x86/kvm: Update spectre-v1 mitigation
+ - x86/retpoline: Avoid retpolines for built-in __init functions
+ - x86/spectre: Simplify spectre_v2 command line parsing
+ - x86/pti: Mark constant arrays as __initconst
+ - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
+ - KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
+ - KVM/x86: Add IBPB support
+ - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
+ - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
+ - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
+ - serial: core: mark port as initialized after successful IRQ change
+ - fpga: region: release of_parse_phandle nodes after use
[ Bastian Blank ]
* Add cloud-amd64 kernel flavour.
diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
index 5e8946e..b97167b 100644
--- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
+++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
@@ -19,18 +19,19 @@ version at boot time. Add a Kconfig parameter to set the default.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
- Documentation/admin-guide/kernel-parameters.txt | 4 ++
- arch/x86/Kconfig | 8 ++++
- arch/x86/entry/common.c | 16 ++++++++-
- arch/x86/entry/entry_64.S | 18 +++++++++--
- arch/x86/entry/syscall_64.c | 39 ++++++++++++++++++++++++
- arch/x86/include/asm/elf.h | 3 +
- arch/x86/include/asm/syscall.h | 6 +++
- 7 files changed, 89 insertions(+), 5 deletions(-)
+ Documentation/admin-guide/kernel-parameters.txt | 4 ++++
+ arch/x86/Kconfig | 8 +++++++
+ arch/x86/entry/common.c | 16 +++++++++++--
+ arch/x86/entry/syscall_64.c | 31 +++++++++++++++++++++++++
+ arch/x86/include/asm/elf.h | 3 ++-
+ arch/x86/include/asm/syscall.h | 6 +++++
+ 6 files changed, 65 insertions(+), 3 deletions(-)
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 1e762c210f1b..9fd9eb61606d 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4048,6 +4048,10 @@
+@@ -4096,6 +4096,10 @@
switches= [HW,M68k]
@@ -41,9 +42,11 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
sysfs.deprecated=0|1 [KNL]
Enable/disable old style sysfs layout for old udev
on older distributions. When this option is enabled
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 20da391b5f32..16f0c88fcc3d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -2850,6 +2850,14 @@ config COMPAT_32
+@@ -2863,6 +2863,14 @@ config COMPAT_32
select HAVE_UID16
select OLD_SIGSUSPEND3
@@ -58,59 +61,42 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
config COMPAT
def_bool y
depends on IA32_EMULATION || X86_X32
---- a/arch/x86/include/asm/elf.h
-+++ b/arch/x86/include/asm/elf.h
-@@ -10,6 +10,7 @@
- #include <asm/ptrace.h>
- #include <asm/user.h>
- #include <asm/auxvec.h>
-+#include <asm/syscall.h>
-
- typedef unsigned long elf_greg_t;
-
-@@ -163,7 +164,7 @@ do { \
-
- #define compat_elf_check_arch(x) \
- (elf_check_arch_ia32(x) || \
-- (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
-+ (x32_enabled && (x)->e_machine == EM_X86_64))
-
- #if __USER32_DS != __USER_DS
- # error "The following code assumes __USER32_DS == __USER_DS"
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -251,8 +251,12 @@ entry_SYSCALL_64_fastpath:
- #if __SYSCALL_MASK == ~0
- cmpq $__NR_syscall_max, %rax
- #else
-- andl $__SYSCALL_MASK, %eax
-- cmpl $__NR_syscall_max, %eax
-+.global system_call_fast_compare
-+.global system_call_fast_compare_end
-+system_call_fast_compare:
-+ cmpq $511, %rax /* x32 syscalls start at 512 */
-+ .byte P6_NOP4
-+system_call_fast_compare_end:
- #endif
- ja 1f /* return -ENOSYS (already in pt_regs->ax) */
- movq %r10, %rcx
-@@ -409,6 +413,16 @@ syscall_return_via_sysret:
- USERGS_SYSRET64
- END(entry_SYSCALL_64)
+diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
+index 21dbdf0e476b..a26c084ecca5 100644
+--- a/arch/x86/entry/common.c
++++ b/arch/x86/entry/common.c
+@@ -270,6 +270,7 @@ __visible void do_syscall_64(struct pt_regs *regs)
+ {
+ struct thread_info *ti = current_thread_info();
+ unsigned long nr = regs->orig_ax;
++ unsigned int syscall_mask, nr_syscalls_enabled;
-+#if __SYSCALL_MASK != ~0
-+ /* This replaces the usual comparisons if syscall.x32 is set */
-+.global system_call_mask_compare
-+.global system_call_mask_compare_end
-+system_call_mask_compare:
-+ andl $__SYSCALL_MASK, %eax
-+ cmpl $__NR_syscall_max, %eax
-+system_call_mask_compare_end:
-+#endif
-+
- ENTRY(stub_ptregs_64)
- /*
- * Syscalls marked as needing ptregs land here.
+ enter_from_user_mode();
+ local_irq_enable();
+@@ -282,8 +283,19 @@ __visible void do_syscall_64(struct pt_regs *regs)
+ * table. The only functional difference is the x32 bit in
+ * regs->orig_ax, which changes the behavior of some syscalls.
+ */
+- if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
+- nr = array_index_nospec(nr & __SYSCALL_MASK, NR_syscalls);
++ if (__SYSCALL_MASK == ~0U || x32_enabled) {
++ syscall_mask = __SYSCALL_MASK;
++ nr_syscalls_enabled = NR_syscalls;
++ } else {
++ /*
++ * x32 syscalls present but not enabled. Don't mask out
++ * the x32 flag and don't enable any x32-specific calls.
++ */
++ syscall_mask = ~0U;
++ nr_syscalls_enabled = 512;
++ }
++ if (likely((nr & syscall_mask) < nr_syscalls_enabled)) {
++ nr = array_index_nospec(nr & syscall_mask, nr_syscalls_enabled);
+ regs->ax = sys_call_table[nr](
+ regs->di, regs->si, regs->dx,
+ regs->r10, regs->r8, regs->r9);
+diff --git a/arch/x86/entry/syscall_64.c b/arch/x86/entry/syscall_64.c
+index c176d2fab1da..0f15e2686d09 100644
--- a/arch/x86/entry/syscall_64.c
+++ b/arch/x86/entry/syscall_64.c
@@ -4,8 +4,14 @@
@@ -126,9 +112,9 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
#include <asm/syscall.h>
+#include <asm/text-patching.h>
- #define __SYSCALL_64_QUAL_(sym) sym
- #define __SYSCALL_64_QUAL_ptregs(sym) ptregs_##sym
-@@ -26,3 +32,36 @@ asmlinkage const sys_call_ptr_t sys_call
+ #define __SYSCALL_64(nr, sym, qual) extern asmlinkage long sym(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
+ #include <asm/syscalls_64.h>
+@@ -23,3 +29,28 @@ asmlinkage const sys_call_ptr_t sys_call_table[__NR_syscall_max+1] = {
[0 ... __NR_syscall_max] = &sys_ni_syscall,
#include <asm/syscalls_64.h>
};
@@ -140,17 +126,9 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+bool x32_enabled = !IS_ENABLED(CONFIG_X86_X32_DISABLED);
+module_param_named(x32, x32_enabled, bool, 0444);
+
-+extern char system_call_fast_compare_end[], system_call_fast_compare[],
-+ system_call_mask_compare_end[], system_call_mask_compare[];
-+
+static int __init x32_enable(void)
+{
-+ BUG_ON(system_call_fast_compare_end - system_call_fast_compare != 10);
-+ BUG_ON(system_call_mask_compare_end - system_call_mask_compare != 10);
-+
+ if (x32_enabled) {
-+ text_poke_early(system_call_fast_compare,
-+ system_call_mask_compare, 10);
+#ifdef CONFIG_X86_X32_DISABLED
+ pr_info("Enabled x32 syscalls\n");
+#endif
@@ -165,41 +143,32 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+late_initcall(x32_enable);
+
+#endif
---- a/arch/x86/entry/common.c
-+++ b/arch/x86/entry/common.c
-@@ -269,6 +269,7 @@ __visible void do_syscall_64(struct pt_r
- {
- struct thread_info *ti = current_thread_info();
- unsigned long nr = regs->orig_ax;
-+ unsigned int syscall_mask, nr_syscalls_enabled;
+diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
+index 0d157d2a1e2a..17e23826a802 100644
+--- a/arch/x86/include/asm/elf.h
++++ b/arch/x86/include/asm/elf.h
+@@ -10,6 +10,7 @@
+ #include <asm/ptrace.h>
+ #include <asm/user.h>
+ #include <asm/auxvec.h>
++#include <asm/syscall.h>
- enter_from_user_mode();
- local_irq_enable();
-@@ -281,8 +282,19 @@ __visible void do_syscall_64(struct pt_r
- * table. The only functional difference is the x32 bit in
- * regs->orig_ax, which changes the behavior of some syscalls.
- */
-- if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
-- regs->ax = sys_call_table[nr & __SYSCALL_MASK](
-+ if (__SYSCALL_MASK == ~0U || x32_enabled) {
-+ syscall_mask = __SYSCALL_MASK;
-+ nr_syscalls_enabled = NR_syscalls;
-+ } else {
-+ /*
-+ * x32 syscalls present but not enabled. Don't mask out
-+ * the x32 flag and don't enable any x32-specific calls.
-+ */
-+ syscall_mask = ~0U;
-+ nr_syscalls_enabled = 512;
-+ }
-+ if (likely((nr & syscall_mask) < nr_syscalls_enabled)) {
-+ regs->ax = sys_call_table[nr & syscall_mask](
- regs->di, regs->si, regs->dx,
- regs->r10, regs->r8, regs->r9);
- }
+ typedef unsigned long elf_greg_t;
+
+@@ -163,7 +164,7 @@ do { \
+
+ #define compat_elf_check_arch(x) \
+ (elf_check_arch_ia32(x) || \
+- (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
++ (x32_enabled && (x)->e_machine == EM_X86_64))
+
+ #if __USER32_DS != __USER_DS
+ # error "The following code assumes __USER32_DS == __USER_DS"
+diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
+index 03eedc21246d..c5bce400ebb4 100644
--- a/arch/x86/include/asm/syscall.h
+++ b/arch/x86/include/asm/syscall.h
-@@ -35,6 +35,12 @@ extern const sys_call_ptr_t sys_call_tab
+@@ -35,6 +35,12 @@ extern const sys_call_ptr_t sys_call_table[];
extern const sys_call_ptr_t ia32_sys_call_table[];
#endif
@@ -212,3 +181,6 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
/*
* Only the low 32 bits of orig_ax are meaningful, so we return int.
* This importantly ignores the high bits on 64-bit, so comparisons
+--
+2.16.1
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list