[linux] 11/29: remove KAISER/KPTI patch set
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Jan 23 17:14:06 UTC 2018
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch stretch
in repository linux.
commit bcd56d2178f96d6709effd21bcca8381af77d120
Author: Yves-Alexis Perez <corsac at corsac.net>
Date: Sat Jan 6 16:37:56 2018 +0100
remove KAISER/KPTI patch set
---
...dd-nokaiser-boot-option-using-alternative.patch | 652 ----------
.../kaiser-align-addition-to-x86-mm-makefile.patch | 26 -
...sm-tlbflush.h-handle-nopge-at-lower-level.patch | 86 --
...aiser-cleanups-while-trying-for-gold-link.patch | 134 --
.../kaiser-delete-kaiser_real_switch-option.patch | 79 --
.../all/kpti/kaiser-disabled-on-xen-pv.patch | 42 -
.../kaiser-do-not-set-_page_nx-on-pgd_none.patch | 204 ---
...op-is_atomic-arg-to-kaiser_pagetable_walk.patch | 53 -
.../kaiser-enhanced-by-kernel-and-user-pcids.patch | 402 ------
...iser-enomem-if-kaiser_pagetable_walk-null.patch | 52 -
...r-fix-build-and-fixme-in-alloc_ldt_struct.patch | 53 -
.../all/kpti/kaiser-fix-perf-crashes.patch | 150 ---
...r-fix-regs-to-do_nmi-ifndef-config_kaiser.patch | 72 --
...er-fix-unlikely-error-in-alloc_ldt_struct.patch | 33 -
.../all/kpti/kaiser-kaiser-depends-on-smp.patch | 54 -
...er_flush_tlb_on_return_to_user-check-pcid.patch | 86 --
...-kaiser_remove_mapping-move-along-the-pgd.patch | 50 -
.../all/kpti/kaiser-kernel-address-isolation.patch | 979 ---------------
...new_mm_cr3-let-switch_user_cr3-flush-user.patch | 392 ------
.../features/all/kpti/kaiser-merged-update.patch | 1297 --------------------
...name-that-0x1000-kaiser_shadow_pgd_offset.patch | 66 -
...noid_entry-pass-cr3-need-to-paranoid_exit.patch | 166 ---
...kaiser-pcid-0-for-kernel-and-128-for-user.patch | 129 --
...ck-map-page_size-at-thread_size-page_size.patch | 139 ---
.../kaiser-tidied-up-asm-kaiser.h-somewhat.patch | 105 --
...ied-up-kaiser_add-remove_mapping-slightly.patch | 50 -
...ternative-instead-of-x86_cr3_pcid_noflush.patch | 130 --
...vmstat-show-nr_kaisertable-as-nr_overhead.patch | 116 --
...86_cr3_pcid_noflush-and-x86_cr3_pcid_user.patch | 141 ---
.../kpti/kpti-rename-to-page_table_isolation.patch | 329 -----
.../all/kpti/kpti-report-when-enabled.patch | 48 -
...mdline-parsing-for-options-with-arguments.patch | 178 ---
.../x86-kaiser-check-boottime-cmdline-params.patch | 123 --
.../x86-kaiser-move-feature-detection-up.patch | 79 --
.../all/kpti/x86-kaiser-reenable-paravirt.patch | 28 -
...-and-simplify-x86_feature_kaiser-handling.patch | 97 --
...-64-Fix-reboot-interaction-with-CR4.PCIDE.patch | 45 -
...d-the-nopcid-boot-option-to-turn-off-PCID.patch | 77 --
.../x86-mm-Disable-PCID-on-32-bit-kernels.patch | 82 --
...-mm-Enable-CR4.PCIDE-on-supported-systems.patch | 114 --
.../x86-paravirt-dont-patch-flush_tlb_single.patch | 69 --
debian/patches/series | 45 -
42 files changed, 7252 deletions(-)
diff --git a/debian/patches/features/all/kpti/kaiser-add-nokaiser-boot-option-using-alternative.patch b/debian/patches/features/all/kpti/kaiser-add-nokaiser-boot-option-using-alternative.patch
deleted file mode 100644
index b8d1005..0000000
--- a/debian/patches/features/all/kpti/kaiser-add-nokaiser-boot-option-using-alternative.patch
+++ /dev/null
@@ -1,652 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 24 Sep 2017 16:59:49 -0700
-Subject: kaiser: add "nokaiser" boot option, using ALTERNATIVE
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Added "nokaiser" boot option: an early param like "noinvpcid".
-Most places now check int kaiser_enabled (#defined 0 when not
-CONFIG_KAISER) instead of #ifdef CONFIG_KAISER; but entry_64.S
-and entry_64_compat.S are using the ALTERNATIVE technique, which
-patches in the preferred instructions at runtime. That technique
-is tied to x86 cpu features, so X86_FEATURE_KAISER is fabricated.
-
-Prior to "nokaiser", Kaiser #defined _PAGE_GLOBAL 0: revert that,
-but be careful with both _PAGE_GLOBAL and CR4.PGE: setting them when
-nokaiser like when !CONFIG_KAISER, but not setting either when kaiser -
-neither matters on its own, but it's hard to be sure that _PAGE_GLOBAL
-won't get set in some obscure corner, or something add PGE into CR4.
-By omitting _PAGE_GLOBAL from __supported_pte_mask when kaiser_enabled,
-all page table setup which uses pte_pfn() masks it out of the ptes.
-
-It's slightly shameful that the same declaration versus definition of
-kaiser_enabled appears in not one, not two, but in three header files
-(asm/kaiser.h, asm/pgtable.h, asm/tlbflush.h). I felt safer that way,
-than with #including any of those in any of the others; and did not
-feel it worth an asm/kaiser_enabled.h - kernel/cpu/common.c includes
-them all, so we shall hear about it if they get out of synch.
-
-Cleanups while in the area: removed the silly #ifdef CONFIG_KAISER
-from kaiser.c; removed the unused native_get_normal_pgd(); removed
-the spurious reg clutter from SWITCH_*_CR3 macro stubs; corrected some
-comments. But more interestingly, set CR4.PSE in secondary_startup_64:
-the manual is clear that it does not matter whether it's 0 or 1 when
-4-level-pts are enabled, but I was distracted to find cr4 different on
-BSP and auxiliaries - BSP alone was adding PSE, in probe_page_size_mask().
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- Documentation/kernel-parameters.txt | 2 +
- arch/x86/entry/entry_64.S | 15 ++++++-----
- arch/x86/include/asm/cpufeatures.h | 3 ++
- arch/x86/include/asm/kaiser.h | 27 +++++++++++++++------
- arch/x86/include/asm/pgtable.h | 20 +++++++++++----
- arch/x86/include/asm/pgtable_64.h | 13 +++-------
- arch/x86/include/asm/pgtable_types.h | 4 ---
- arch/x86/include/asm/tlbflush.h | 39 +++++++++++++++++++------------
- arch/x86/kernel/cpu/common.c | 28 +++++++++++++++++++++-
- arch/x86/kernel/espfix_64.c | 3 +-
- arch/x86/kernel/head_64.S | 4 +--
- arch/x86/mm/init.c | 2 -
- arch/x86/mm/init_64.c | 10 +++++++
- arch/x86/mm/kaiser.c | 26 +++++++++++++++++---
- arch/x86/mm/pgtable.c | 8 +-----
- arch/x86/mm/tlb.c | 4 ---
- tools/arch/x86/include/asm/cpufeatures.h | 3 ++
- 17 files changed, 146 insertions(+), 65 deletions(-)
-
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -2763,6 +2763,8 @@ bytes respectively. Such letter suffixes
-
- nojitter [IA-64] Disables jitter checking for ITC timers.
-
-+ nokaiser [X86-64] Disable KAISER isolation of kernel from user.
-+
- no-kvmclock [X86,KVM] Disable paravirtualized KVM clock driver
-
- no-kvmapf [X86,KVM] Disable paravirtualized asynchronous page
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1079,7 +1079,7 @@ ENTRY(paranoid_entry)
- * unconditionally, but we need to find out whether the reverse
- * should be done on return (conveyed to paranoid_exit in %ebx).
- */
-- movq %cr3, %rax
-+ ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
- testl $KAISER_SHADOW_PGD_OFFSET, %eax
- jz 2f
- orl $2, %ebx
-@@ -1111,6 +1111,7 @@ ENTRY(paranoid_exit)
- TRACE_IRQS_OFF_DEBUG
- TRACE_IRQS_IRETQ_DEBUG
- #ifdef CONFIG_KAISER
-+ /* No ALTERNATIVE for X86_FEATURE_KAISER: paranoid_entry sets %ebx */
- testl $2, %ebx /* SWITCH_USER_CR3 needed? */
- jz paranoid_exit_no_switch
- SWITCH_USER_CR3
-@@ -1341,13 +1342,14 @@ ENTRY(nmi)
- #ifdef CONFIG_KAISER
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
-- movq %cr3, %rax
-+ ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
- /* If PCID enabled, NOFLUSH now and NOFLUSH on return */
- orq x86_cr3_pcid_noflush, %rax
- pushq %rax
- /* mask off "user" bit of pgd address and 12 PCID bits: */
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
- movq %rax, %cr3
-+2:
- #endif
- call do_nmi
-
-@@ -1357,8 +1359,7 @@ ENTRY(nmi)
- * kernel code that needs user CR3, but do we ever return
- * to "user mode" where we need the kernel CR3?
- */
-- popq %rax
-- mov %rax, %cr3
-+ ALTERNATIVE "", "popq %rax; movq %rax, %cr3", X86_FEATURE_KAISER
- #endif
-
- /*
-@@ -1585,13 +1586,14 @@ end_repeat_nmi:
- #ifdef CONFIG_KAISER
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
-- movq %cr3, %rax
-+ ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
- /* If PCID enabled, NOFLUSH now and NOFLUSH on return */
- orq x86_cr3_pcid_noflush, %rax
- pushq %rax
- /* mask off "user" bit of pgd address and 12 PCID bits: */
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
- movq %rax, %cr3
-+2:
- #endif
-
- /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
-@@ -1603,8 +1605,7 @@ end_repeat_nmi:
- * kernel code that needs user CR3, like just just before
- * a sysret.
- */
-- popq %rax
-- mov %rax, %cr3
-+ ALTERNATIVE "", "popq %rax; movq %rax, %cr3", X86_FEATURE_KAISER
- #endif
-
- testl %ebx, %ebx /* swapgs needed? */
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -198,6 +198,9 @@
- #define X86_FEATURE_AVX512_4VNNIW (7*32+16) /* AVX-512 Neural Network Instructions */
- #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */
-
-+/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
-+#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */
-+
- /* Virtualization flags: Linux defined, word 8 */
- #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
- #define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -46,28 +46,33 @@ movq \reg, %cr3
- .endm
-
- .macro SWITCH_KERNEL_CR3
--pushq %rax
-+ALTERNATIVE "jmp 8f", "pushq %rax", X86_FEATURE_KAISER
- _SWITCH_TO_KERNEL_CR3 %rax
- popq %rax
-+8:
- .endm
-
- .macro SWITCH_USER_CR3
--pushq %rax
-+ALTERNATIVE "jmp 8f", "pushq %rax", X86_FEATURE_KAISER
- _SWITCH_TO_USER_CR3 %rax %al
- popq %rax
-+8:
- .endm
-
- .macro SWITCH_KERNEL_CR3_NO_STACK
--movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
-+ALTERNATIVE "jmp 8f", \
-+ __stringify(movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)), \
-+ X86_FEATURE_KAISER
- _SWITCH_TO_KERNEL_CR3 %rax
- movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
-+8:
- .endm
-
- #else /* CONFIG_KAISER */
-
--.macro SWITCH_KERNEL_CR3 reg
-+.macro SWITCH_KERNEL_CR3
- .endm
--.macro SWITCH_USER_CR3 reg regb
-+.macro SWITCH_USER_CR3
- .endm
- .macro SWITCH_KERNEL_CR3_NO_STACK
- .endm
-@@ -90,6 +95,16 @@ DECLARE_PER_CPU(unsigned long, x86_cr3_p
-
- extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
-
-+extern int kaiser_enabled;
-+#else
-+#define kaiser_enabled 0
-+#endif /* CONFIG_KAISER */
-+
-+/*
-+ * Kaiser function prototypes are needed even when CONFIG_KAISER is not set,
-+ * so as to build with tests on kaiser_enabled instead of #ifdefs.
-+ */
-+
- /**
- * kaiser_add_mapping - map a virtual memory part to the shadow (user) mapping
- * @addr: the start address of the range
-@@ -119,8 +134,6 @@ extern void kaiser_remove_mapping(unsign
- */
- extern void kaiser_init(void);
-
--#endif /* CONFIG_KAISER */
--
- #endif /* __ASSEMBLY */
-
- #endif /* _ASM_X86_KAISER_H */
---- a/arch/x86/include/asm/pgtable.h
-+++ b/arch/x86/include/asm/pgtable.h
-@@ -18,6 +18,12 @@
- #ifndef __ASSEMBLY__
- #include <asm/x86_init.h>
-
-+#ifdef CONFIG_KAISER
-+extern int kaiser_enabled;
-+#else
-+#define kaiser_enabled 0
-+#endif
-+
- void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
- void ptdump_walk_pgd_level_checkwx(void);
-
-@@ -697,7 +703,7 @@ static inline int pgd_bad(pgd_t pgd)
- * page table by accident; it will fault on the first
- * instruction it tries to run. See native_set_pgd().
- */
-- if (IS_ENABLED(CONFIG_KAISER))
-+ if (kaiser_enabled)
- ignore_flags |= _PAGE_NX;
-
- return (pgd_flags(pgd) & ~ignore_flags) != _KERNPG_TABLE;
-@@ -913,12 +919,14 @@ static inline void pmdp_set_wrprotect(st
- */
- static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
- {
-- memcpy(dst, src, count * sizeof(pgd_t));
-+ memcpy(dst, src, count * sizeof(pgd_t));
- #ifdef CONFIG_KAISER
-- /* Clone the shadow pgd part as well */
-- memcpy(native_get_shadow_pgd(dst),
-- native_get_shadow_pgd(src),
-- count * sizeof(pgd_t));
-+ if (kaiser_enabled) {
-+ /* Clone the shadow pgd part as well */
-+ memcpy(native_get_shadow_pgd(dst),
-+ native_get_shadow_pgd(src),
-+ count * sizeof(pgd_t));
-+ }
- #endif
- }
-
---- a/arch/x86/include/asm/pgtable_64.h
-+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -111,13 +111,12 @@ extern pgd_t kaiser_set_shadow_pgd(pgd_t
-
- static inline pgd_t *native_get_shadow_pgd(pgd_t *pgdp)
- {
-+#ifdef CONFIG_DEBUG_VM
-+ /* linux/mmdebug.h may not have been included at this point */
-+ BUG_ON(!kaiser_enabled);
-+#endif
- return (pgd_t *)((unsigned long)pgdp | (unsigned long)PAGE_SIZE);
- }
--
--static inline pgd_t *native_get_normal_pgd(pgd_t *pgdp)
--{
-- return (pgd_t *)((unsigned long)pgdp & ~(unsigned long)PAGE_SIZE);
--}
- #else
- static inline pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd)
- {
-@@ -128,10 +127,6 @@ static inline pgd_t *native_get_shadow_p
- BUILD_BUG_ON(1);
- return NULL;
- }
--static inline pgd_t *native_get_normal_pgd(pgd_t *pgdp)
--{
-- return pgdp;
--}
- #endif /* CONFIG_KAISER */
-
- static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
---- a/arch/x86/include/asm/pgtable_types.h
-+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -45,11 +45,7 @@
- #define _PAGE_ACCESSED (_AT(pteval_t, 1) << _PAGE_BIT_ACCESSED)
- #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
- #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE)
--#ifdef CONFIG_KAISER
--#define _PAGE_GLOBAL (_AT(pteval_t, 0))
--#else
- #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
--#endif
- #define _PAGE_SOFTW1 (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW1)
- #define _PAGE_SOFTW2 (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW2)
- #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -137,9 +137,11 @@ static inline void cr4_set_bits_and_upda
- * to avoid the need for asm/kaiser.h in unexpected places.
- */
- #ifdef CONFIG_KAISER
-+extern int kaiser_enabled;
- extern void kaiser_setup_pcid(void);
- extern void kaiser_flush_tlb_on_return_to_user(void);
- #else
-+#define kaiser_enabled 0
- static inline void kaiser_setup_pcid(void)
- {
- }
-@@ -164,7 +166,7 @@ static inline void __native_flush_tlb(vo
- * back:
- */
- preempt_disable();
-- if (this_cpu_has(X86_FEATURE_PCID))
-+ if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID))
- kaiser_flush_tlb_on_return_to_user();
- native_write_cr3(native_read_cr3());
- preempt_enable();
-@@ -175,20 +177,30 @@ static inline void __native_flush_tlb_gl
- unsigned long cr4;
-
- cr4 = this_cpu_read(cpu_tlbstate.cr4);
-- /* clear PGE */
-- native_write_cr4(cr4 & ~X86_CR4_PGE);
-- /* write old PGE again and flush TLBs */
-- native_write_cr4(cr4);
-+ if (cr4 & X86_CR4_PGE) {
-+ /* clear PGE and flush TLB of all entries */
-+ native_write_cr4(cr4 & ~X86_CR4_PGE);
-+ /* restore PGE as it was before */
-+ native_write_cr4(cr4);
-+ } else {
-+ /*
-+ * x86_64 microcode update comes this way when CR4.PGE is not
-+ * enabled, and it's safer for all callers to allow this case.
-+ */
-+ native_write_cr3(native_read_cr3());
-+ }
- }
-
- static inline void __native_flush_tlb_global(void)
- {
--#ifdef CONFIG_KAISER
-- /* Globals are not used at all */
-- __native_flush_tlb();
--#else
- unsigned long flags;
-
-+ if (kaiser_enabled) {
-+ /* Globals are not used at all */
-+ __native_flush_tlb();
-+ return;
-+ }
-+
- if (this_cpu_has(X86_FEATURE_INVPCID)) {
- /*
- * Using INVPCID is considerably faster than a pair of writes
-@@ -208,7 +220,6 @@ static inline void __native_flush_tlb_gl
- raw_local_irq_save(flags);
- __native_flush_tlb_global_irq_disabled();
- raw_local_irq_restore(flags);
--#endif
- }
-
- static inline void __native_flush_tlb_single(unsigned long addr)
-@@ -223,7 +234,7 @@ static inline void __native_flush_tlb_si
- */
-
- if (!this_cpu_has(X86_FEATURE_INVPCID_SINGLE)) {
-- if (this_cpu_has(X86_FEATURE_PCID))
-+ if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID))
- kaiser_flush_tlb_on_return_to_user();
- asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
- return;
-@@ -238,9 +249,9 @@ static inline void __native_flush_tlb_si
- * Make sure to do only a single invpcid when KAISER is
- * disabled and we have only a single ASID.
- */
-- if (X86_CR3_PCID_ASID_KERN != X86_CR3_PCID_ASID_USER)
-- invpcid_flush_one(X86_CR3_PCID_ASID_KERN, addr);
-- invpcid_flush_one(X86_CR3_PCID_ASID_USER, addr);
-+ if (kaiser_enabled)
-+ invpcid_flush_one(X86_CR3_PCID_ASID_USER, addr);
-+ invpcid_flush_one(X86_CR3_PCID_ASID_KERN, addr);
- }
-
- static inline void __flush_tlb_all(void)
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -179,6 +179,20 @@ static int __init x86_pcid_setup(char *s
- return 1;
- }
- __setup("nopcid", x86_pcid_setup);
-+
-+static int __init x86_nokaiser_setup(char *s)
-+{
-+ /* nokaiser doesn't accept parameters */
-+ if (s)
-+ return -EINVAL;
-+#ifdef CONFIG_KAISER
-+ kaiser_enabled = 0;
-+ setup_clear_cpu_cap(X86_FEATURE_KAISER);
-+ pr_info("nokaiser: KAISER feature disabled\n");
-+#endif
-+ return 0;
-+}
-+early_param("nokaiser", x86_nokaiser_setup);
- #endif
-
- static int __init x86_noinvpcid_setup(char *s)
-@@ -327,7 +341,7 @@ static __always_inline void setup_smap(s
- static void setup_pcid(struct cpuinfo_x86 *c)
- {
- if (cpu_has(c, X86_FEATURE_PCID)) {
-- if (cpu_has(c, X86_FEATURE_PGE)) {
-+ if (cpu_has(c, X86_FEATURE_PGE) || kaiser_enabled) {
- cr4_set_bits(X86_CR4_PCIDE);
- /*
- * INVPCID has two "groups" of types:
-@@ -799,6 +813,10 @@ void get_cpu_cap(struct cpuinfo_x86 *c)
- c->x86_capability[CPUID_8000_000A_EDX] = cpuid_edx(0x8000000a);
-
- init_scattered_cpuid_features(c);
-+#ifdef CONFIG_KAISER
-+ if (kaiser_enabled)
-+ set_cpu_cap(c, X86_FEATURE_KAISER);
-+#endif
- }
-
- static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
-@@ -1537,6 +1555,14 @@ void cpu_init(void)
- * try to read it.
- */
- cr4_init_shadow();
-+ if (!kaiser_enabled) {
-+ /*
-+ * secondary_startup_64() deferred setting PGE in cr4:
-+ * probe_page_size_mask() sets it on the boot cpu,
-+ * but it needs to be set on each secondary cpu.
-+ */
-+ cr4_set_bits(X86_CR4_PGE);
-+ }
-
- /*
- * Load microcode on this cpu if a valid microcode is available.
---- a/arch/x86/kernel/espfix_64.c
-+++ b/arch/x86/kernel/espfix_64.c
-@@ -132,9 +132,10 @@ void __init init_espfix_bsp(void)
- * area to ensure it is mapped into the shadow user page
- * tables.
- */
-- if (IS_ENABLED(CONFIG_KAISER))
-+ if (kaiser_enabled) {
- set_pgd(native_get_shadow_pgd(pgd_p),
- __pgd(_KERNPG_TABLE | __pa((pud_t *)espfix_pud_page)));
-+ }
-
- /* Randomize the locations */
- init_espfix_random();
---- a/arch/x86/kernel/head_64.S
-+++ b/arch/x86/kernel/head_64.S
-@@ -190,8 +190,8 @@ ENTRY(secondary_startup_64)
- movq $(init_level4_pgt - __START_KERNEL_map), %rax
- 1:
-
-- /* Enable PAE mode and PGE */
-- movl $(X86_CR4_PAE | X86_CR4_PGE), %ecx
-+ /* Enable PAE and PSE, but defer PGE until kaiser_enabled is decided */
-+ movl $(X86_CR4_PAE | X86_CR4_PSE), %ecx
- movq %rcx, %cr4
-
- /* Setup early boot stage 4 level pagetables. */
---- a/arch/x86/mm/init.c
-+++ b/arch/x86/mm/init.c
-@@ -177,7 +177,7 @@ static void __init probe_page_size_mask(
- cr4_set_bits_and_update_boot(X86_CR4_PSE);
-
- /* Enable PGE if available */
-- if (boot_cpu_has(X86_FEATURE_PGE)) {
-+ if (boot_cpu_has(X86_FEATURE_PGE) && !kaiser_enabled) {
- cr4_set_bits_and_update_boot(X86_CR4_PGE);
- __supported_pte_mask |= _PAGE_GLOBAL;
- } else
---- a/arch/x86/mm/init_64.c
-+++ b/arch/x86/mm/init_64.c
-@@ -324,6 +324,16 @@ void __init cleanup_highmap(void)
- continue;
- if (vaddr < (unsigned long) _text || vaddr > end)
- set_pmd(pmd, __pmd(0));
-+ else if (kaiser_enabled) {
-+ /*
-+ * level2_kernel_pgt is initialized with _PAGE_GLOBAL:
-+ * clear that now. This is not important, so long as
-+ * CR4.PGE remains clear, but it removes an anomaly.
-+ * Physical mapping setup below avoids _PAGE_GLOBAL
-+ * by use of massage_pgprot() inside pfn_pte() etc.
-+ */
-+ set_pmd(pmd, pmd_clear_flags(*pmd, _PAGE_GLOBAL));
-+ }
- }
- }
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -16,7 +16,9 @@
- #include <asm/pgalloc.h>
- #include <asm/desc.h>
-
--#ifdef CONFIG_KAISER
-+int kaiser_enabled __read_mostly = 1;
-+EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */
-+
- __visible
- DEFINE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-
-@@ -167,8 +169,8 @@ static pte_t *kaiser_pagetable_walk(unsi
- return pte_offset_kernel(pmd, address);
- }
-
--int kaiser_add_user_map(const void *__start_addr, unsigned long size,
-- unsigned long flags)
-+static int kaiser_add_user_map(const void *__start_addr, unsigned long size,
-+ unsigned long flags)
- {
- int ret = 0;
- pte_t *pte;
-@@ -177,6 +179,15 @@ int kaiser_add_user_map(const void *__st
- unsigned long end_addr = PAGE_ALIGN(start_addr + size);
- unsigned long target_address;
-
-+ /*
-+ * It is convenient for callers to pass in __PAGE_KERNEL etc,
-+ * and there is no actual harm from setting _PAGE_GLOBAL, so
-+ * long as CR4.PGE is not set. But it is nonetheless troubling
-+ * to see Kaiser itself setting _PAGE_GLOBAL (now that "nokaiser"
-+ * requires that not to be #defined to 0): so mask it off here.
-+ */
-+ flags &= ~_PAGE_GLOBAL;
-+
- for (; address < end_addr; address += PAGE_SIZE) {
- target_address = get_pa_from_mapping(address);
- if (target_address == -1) {
-@@ -263,6 +274,8 @@ void __init kaiser_init(void)
- {
- int cpu;
-
-+ if (!kaiser_enabled)
-+ return;
- kaiser_init_all_pgds();
-
- for_each_possible_cpu(cpu) {
-@@ -311,6 +324,8 @@ void __init kaiser_init(void)
- /* Add a mapping to the shadow mapping, and synchronize the mappings */
- int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
- {
-+ if (!kaiser_enabled)
-+ return 0;
- return kaiser_add_user_map((const void *)addr, size, flags);
- }
-
-@@ -322,6 +337,8 @@ void kaiser_remove_mapping(unsigned long
- unsigned long addr, next;
- pgd_t *pgd;
-
-+ if (!kaiser_enabled)
-+ return;
- pgd = native_get_shadow_pgd(pgd_offset_k(start));
- for (addr = start; addr < end; pgd++, addr = next) {
- next = pgd_addr_end(addr, end);
-@@ -343,6 +360,8 @@ static inline bool is_userspace_pgd(pgd_
-
- pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd)
- {
-+ if (!kaiser_enabled)
-+ return pgd;
- /*
- * Do we need to also populate the shadow pgd? Check _PAGE_USER to
- * skip cases like kexec and EFI which make temporary low mappings.
-@@ -399,4 +418,3 @@ void kaiser_flush_tlb_on_return_to_user(
- X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
- }
- EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
--#endif /* CONFIG_KAISER */
---- a/arch/x86/mm/pgtable.c
-+++ b/arch/x86/mm/pgtable.c
-@@ -345,16 +345,12 @@ static inline void _pgd_free(pgd_t *pgd)
- }
- #else
-
--#ifdef CONFIG_KAISER
- /*
-- * Instead of one pmd, we aquire two pmds. Being order-1, it is
-+ * Instead of one pgd, Kaiser acquires two pgds. Being order-1, it is
- * both 8k in size and 8k-aligned. That lets us just flip bit 12
- * in a pointer to swap between the two 4k halves.
- */
--#define PGD_ALLOCATION_ORDER 1
--#else
--#define PGD_ALLOCATION_ORDER 0
--#endif
-+#define PGD_ALLOCATION_ORDER kaiser_enabled
-
- static inline pgd_t *_pgd_alloc(void)
- {
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -39,8 +39,7 @@ static void load_new_mm_cr3(pgd_t *pgdir
- {
- unsigned long new_mm_cr3 = __pa(pgdir);
-
--#ifdef CONFIG_KAISER
-- if (this_cpu_has(X86_FEATURE_PCID)) {
-+ if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID)) {
- /*
- * We reuse the same PCID for different tasks, so we must
- * flush all the entries for the PCID out when we change tasks.
-@@ -57,7 +56,6 @@ static void load_new_mm_cr3(pgd_t *pgdir
- new_mm_cr3 |= X86_CR3_PCID_KERN_FLUSH;
- kaiser_flush_tlb_on_return_to_user();
- }
--#endif /* CONFIG_KAISER */
-
- /*
- * Caution: many callers of this function expect
---- a/tools/arch/x86/include/asm/cpufeatures.h
-+++ b/tools/arch/x86/include/asm/cpufeatures.h
-@@ -197,6 +197,9 @@
- #define X86_FEATURE_AVX512_4VNNIW (7*32+16) /* AVX-512 Neural Network Instructions */
- #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */
-
-+/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
-+#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */
-+
- /* Virtualization flags: Linux defined, word 8 */
- #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
- #define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */
diff --git a/debian/patches/features/all/kpti/kaiser-align-addition-to-x86-mm-makefile.patch b/debian/patches/features/all/kpti/kaiser-align-addition-to-x86-mm-makefile.patch
deleted file mode 100644
index d8217dd..0000000
--- a/debian/patches/features/all/kpti/kaiser-align-addition-to-x86-mm-makefile.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 19:51:10 -0700
-Subject: kaiser: align addition to x86/mm/Makefile
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Use tab not space so they line up properly, kaslr.o also.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/arch/x86/mm/Makefile
-+++ b/arch/x86/mm/Makefile
-@@ -37,5 +37,5 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulatio
-
- obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
- obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
--obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
--obj-$(CONFIG_KAISER) += kaiser.o
-+obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
-+obj-$(CONFIG_KAISER) += kaiser.o
diff --git a/debian/patches/features/all/kpti/kaiser-asm-tlbflush.h-handle-nopge-at-lower-level.patch b/debian/patches/features/all/kpti/kaiser-asm-tlbflush.h-handle-nopge-at-lower-level.patch
deleted file mode 100644
index 2d9ee7e..0000000
--- a/debian/patches/features/all/kpti/kaiser-asm-tlbflush.h-handle-nopge-at-lower-level.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sat, 4 Nov 2017 18:23:24 -0700
-Subject: kaiser: asm/tlbflush.h handle noPGE at lower level
-
-From: Hugh Dickins <hughd at google.com>
-
-
-I found asm/tlbflush.h too twisty, and think it safer not to avoid
-__native_flush_tlb_global_irq_disabled() in the kaiser_enabled case,
-but instead let it handle kaiser_enabled along with cr3: it can just
-use __native_flush_tlb() for that, no harm in re-disabling preemption.
-
-(This is not the same change as Kirill and Dave have suggested for
-upstream, flipping PGE in cr4: that's neat, but needs a cpu_has_pge
-check; cr3 is enough for kaiser, and thought to be cheaper than cr4.)
-
-Also delete the X86_FEATURE_INVPCID invpcid_flush_all_nonglobals()
-preference from __native_flush_tlb(): unlike the invpcid_flush_all()
-preference in __native_flush_tlb_global(), it's not seen in upstream
-4.14, and was recently reported to be surprisingly slow.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/tlbflush.h | 27 +++------------------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -152,14 +152,6 @@ static inline void kaiser_flush_tlb_on_r
-
- static inline void __native_flush_tlb(void)
- {
-- if (this_cpu_has(X86_FEATURE_INVPCID)) {
-- /*
-- * Note, this works with CR4.PCIDE=0 or 1.
-- */
-- invpcid_flush_all_nonglobals();
-- return;
-- }
--
- /*
- * If current->mm == NULL then we borrow a mm which may change during a
- * task switch and therefore we must not be preempted while we write CR3
-@@ -183,11 +175,8 @@ static inline void __native_flush_tlb_gl
- /* restore PGE as it was before */
- native_write_cr4(cr4);
- } else {
-- /*
-- * x86_64 microcode update comes this way when CR4.PGE is not
-- * enabled, and it's safer for all callers to allow this case.
-- */
-- native_write_cr3(native_read_cr3());
-+ /* do it with cr3, letting kaiser flush user PCID */
-+ __native_flush_tlb();
- }
- }
-
-@@ -195,12 +184,6 @@ static inline void __native_flush_tlb_gl
- {
- unsigned long flags;
-
-- if (kaiser_enabled) {
-- /* Globals are not used at all */
-- __native_flush_tlb();
-- return;
-- }
--
- if (this_cpu_has(X86_FEATURE_INVPCID)) {
- /*
- * Using INVPCID is considerably faster than a pair of writes
-@@ -256,11 +239,7 @@ static inline void __native_flush_tlb_si
-
- static inline void __flush_tlb_all(void)
- {
-- if (boot_cpu_has(X86_FEATURE_PGE))
-- __flush_tlb_global();
-- else
-- __flush_tlb();
--
-+ __flush_tlb_global();
- /*
- * Note: if we somehow had PCID but not PGE, then this wouldn't work --
- * we'd end up flushing kernel translations for the current ASID but
diff --git a/debian/patches/features/all/kpti/kaiser-cleanups-while-trying-for-gold-link.patch b/debian/patches/features/all/kpti/kaiser-cleanups-while-trying-for-gold-link.patch
deleted file mode 100644
index 5e95f5b..0000000
--- a/debian/patches/features/all/kpti/kaiser-cleanups-while-trying-for-gold-link.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Mon, 21 Aug 2017 20:11:43 -0700
-Subject: kaiser: cleanups while trying for gold link
-
-From: Hugh Dickins <hughd at google.com>
-
-
-While trying to get our gold link to work, four cleanups:
-matched the gdt_page declaration to its definition;
-in fiddling unsuccessfully with PERCPU_INPUT(), lined up backslashes;
-lined up the backslashes according to convention in percpu-defs.h;
-deleted the unused irq_stack_pointer addition to irq_stack_union.
-
-Sad to report that aligning backslashes does not appear to help gold
-align to 8192: but while these did not help, they are worth keeping.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/desc.h | 2 +-
- arch/x86/include/asm/processor.h | 5 -----
- include/asm-generic/vmlinux.lds.h | 18 ++++++++----------
- include/linux/percpu-defs.h | 24 ++++++++++++------------
- 4 files changed, 21 insertions(+), 28 deletions(-)
-
---- a/arch/x86/include/asm/desc.h
-+++ b/arch/x86/include/asm/desc.h
-@@ -43,7 +43,7 @@ struct gdt_page {
- struct desc_struct gdt[GDT_ENTRIES];
- } __attribute__((aligned(PAGE_SIZE)));
-
--DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
-+DECLARE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(struct gdt_page, gdt_page);
-
- static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
- {
---- a/arch/x86/include/asm/processor.h
-+++ b/arch/x86/include/asm/processor.h
-@@ -335,11 +335,6 @@ union irq_stack_union {
- char gs_base[40];
- unsigned long stack_canary;
- };
--
-- struct {
-- char irq_stack_pointer[64];
-- char unused[IRQ_STACK_SIZE - 64];
-- };
- };
-
- DECLARE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __visible;
---- a/include/asm-generic/vmlinux.lds.h
-+++ b/include/asm-generic/vmlinux.lds.h
-@@ -778,16 +778,14 @@
- */
- #define PERCPU_INPUT(cacheline) \
- VMLINUX_SYMBOL(__per_cpu_start) = .; \
-- \
-- VMLINUX_SYMBOL(__per_cpu_user_mapped_start) = .; \
-- *(.data..percpu..first) \
-- . = ALIGN(cacheline); \
-- *(.data..percpu..user_mapped) \
-- *(.data..percpu..user_mapped..shared_aligned) \
-- . = ALIGN(PAGE_SIZE); \
-- *(.data..percpu..user_mapped..page_aligned) \
-- VMLINUX_SYMBOL(__per_cpu_user_mapped_end) = .; \
-- \
-+ VMLINUX_SYMBOL(__per_cpu_user_mapped_start) = .; \
-+ *(.data..percpu..first) \
-+ . = ALIGN(cacheline); \
-+ *(.data..percpu..user_mapped) \
-+ *(.data..percpu..user_mapped..shared_aligned) \
-+ . = ALIGN(PAGE_SIZE); \
-+ *(.data..percpu..user_mapped..page_aligned) \
-+ VMLINUX_SYMBOL(__per_cpu_user_mapped_end) = .; \
- . = ALIGN(PAGE_SIZE); \
- *(.data..percpu..page_aligned) \
- . = ALIGN(cacheline); \
---- a/include/linux/percpu-defs.h
-+++ b/include/linux/percpu-defs.h
-@@ -121,10 +121,10 @@
- #define DEFINE_PER_CPU(type, name) \
- DEFINE_PER_CPU_SECTION(type, name, "")
-
--#define DECLARE_PER_CPU_USER_MAPPED(type, name) \
-+#define DECLARE_PER_CPU_USER_MAPPED(type, name) \
- DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION)
-
--#define DEFINE_PER_CPU_USER_MAPPED(type, name) \
-+#define DEFINE_PER_CPU_USER_MAPPED(type, name) \
- DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION)
-
- /*
-@@ -156,11 +156,11 @@
- DEFINE_PER_CPU_SECTION(type, name, PER_CPU_SHARED_ALIGNED_SECTION) \
- ____cacheline_aligned_in_smp
-
--#define DECLARE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(type, name) \
-+#define DECLARE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(type, name) \
- DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION PER_CPU_SHARED_ALIGNED_SECTION) \
- ____cacheline_aligned_in_smp
-
--#define DEFINE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(type, name) \
-+#define DEFINE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(type, name) \
- DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION PER_CPU_SHARED_ALIGNED_SECTION) \
- ____cacheline_aligned_in_smp
-
-@@ -185,18 +185,18 @@
- /*
- * Declaration/definition used for per-CPU variables that must be page aligned and need to be mapped in user mode.
- */
--#define DECLARE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(type, name) \
-- DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION"..page_aligned") \
-- __aligned(PAGE_SIZE)
--
--#define DEFINE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(type, name) \
-- DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION"..page_aligned") \
-- __aligned(PAGE_SIZE)
-+#define DECLARE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(type, name) \
-+ DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION"..page_aligned") \
-+ __aligned(PAGE_SIZE)
-+
-+#define DEFINE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(type, name) \
-+ DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION"..page_aligned") \
-+ __aligned(PAGE_SIZE)
-
- /*
- * Declaration/definition used for per-CPU variables that must be read mostly.
- */
--#define DECLARE_PER_CPU_READ_MOSTLY(type, name) \
-+#define DECLARE_PER_CPU_READ_MOSTLY(type, name) \
- DECLARE_PER_CPU_SECTION(type, name, "..read_mostly")
-
- #define DEFINE_PER_CPU_READ_MOSTLY(type, name) \
diff --git a/debian/patches/features/all/kpti/kaiser-delete-kaiser_real_switch-option.patch b/debian/patches/features/all/kpti/kaiser-delete-kaiser_real_switch-option.patch
deleted file mode 100644
index bea2039..0000000
--- a/debian/patches/features/all/kpti/kaiser-delete-kaiser_real_switch-option.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 18:30:43 -0700
-Subject: kaiser: delete KAISER_REAL_SWITCH option
-
-From: Hugh Dickins <hughd at google.com>
-
-
-We fail to see what CONFIG_KAISER_REAL_SWITCH is for: it seems to be
-left over from early development, and now just obscures tricky parts
-of the code. Delete it before adding PCIDs, or nokaiser boot option.
-
-(Or if there is some good reason to keep the option, then it needs
-a help text - and a "depends on KAISER", so that all those without
-KAISER are not asked the question. But we'd much rather delete it.)
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 4 ----
- arch/x86/include/asm/kaiser.h | 4 ----
- security/Kconfig | 4 ----
- 3 files changed, 12 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1317,9 +1317,7 @@ ENTRY(nmi)
- /* %rax is saved above, so OK to clobber here */
- movq %cr3, %rax
- pushq %rax
--#ifdef CONFIG_KAISER_REAL_SWITCH
- andq $(~KAISER_SHADOW_PGD_OFFSET), %rax
--#endif
- movq %rax, %cr3
- #endif
- call do_nmi
-@@ -1560,9 +1558,7 @@ end_repeat_nmi:
- /* %rax is saved above, so OK to clobber here */
- movq %cr3, %rax
- pushq %rax
--#ifdef CONFIG_KAISER_REAL_SWITCH
- andq $(~KAISER_SHADOW_PGD_OFFSET), %rax
--#endif
- movq %rax, %cr3
- #endif
-
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -21,17 +21,13 @@
-
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
--#ifdef CONFIG_KAISER_REAL_SWITCH
- andq $(~KAISER_SHADOW_PGD_OFFSET), \reg
--#endif
- movq \reg, %cr3
- .endm
-
- .macro _SWITCH_TO_USER_CR3 reg
- movq %cr3, \reg
--#ifdef CONFIG_KAISER_REAL_SWITCH
- orq $(KAISER_SHADOW_PGD_OFFSET), \reg
--#endif
- movq \reg, %cr3
- .endm
-
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -41,10 +41,6 @@ config KAISER
-
- If you are unsure how to answer this question, answer Y.
-
--config KAISER_REAL_SWITCH
-- bool "KAISER: actually switch page tables"
-- default y
--
- config SECURITYFS
- bool "Enable the securityfs filesystem"
- help
diff --git a/debian/patches/features/all/kpti/kaiser-disabled-on-xen-pv.patch b/debian/patches/features/all/kpti/kaiser-disabled-on-xen-pv.patch
deleted file mode 100644
index c306014..0000000
--- a/debian/patches/features/all/kpti/kaiser-disabled-on-xen-pv.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Jiri Kosina <jkosina at suse.cz>
-Date: Tue, 2 Jan 2018 14:19:49 +0100
-Subject: kaiser: disabled on Xen PV
-
-From: Jiri Kosina <jkosina at suse.cz>
-
-
-Kaiser cannot be used on paravirtualized MMUs (namely reading and writing CR3).
-This does not work with KAISER as the CR3 switch from and to user space PGD
-would require to map the whole XEN_PV machinery into both.
-
-More importantly, enabling KAISER on Xen PV doesn't make too much sense, as PV
-guests use distinct %cr3 values for kernel and user already.
-
-Signed-off-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -263,6 +263,9 @@ void __init kaiser_check_boottime_disabl
- char arg[5];
- int ret;
-
-+ if (boot_cpu_has(X86_FEATURE_XENPV))
-+ goto silent_disable;
-+
- ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
- if (ret > 0) {
- if (!strncmp(arg, "on", 2))
-@@ -290,6 +293,8 @@ enable:
-
- disable:
- pr_info("Kernel/User page tables isolation: disabled\n");
-+
-+silent_disable:
- kaiser_enabled = 0;
- setup_clear_cpu_cap(X86_FEATURE_KAISER);
- }
diff --git a/debian/patches/features/all/kpti/kaiser-do-not-set-_page_nx-on-pgd_none.patch b/debian/patches/features/all/kpti/kaiser-do-not-set-_page_nx-on-pgd_none.patch
deleted file mode 100644
index 63a8639..0000000
--- a/debian/patches/features/all/kpti/kaiser-do-not-set-_page_nx-on-pgd_none.patch
+++ /dev/null
@@ -1,204 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Tue, 5 Sep 2017 12:05:01 -0700
-Subject: kaiser: do not set _PAGE_NX on pgd_none
-
-From: Hugh Dickins <hughd at google.com>
-
-
-native_pgd_clear() uses native_set_pgd(), so native_set_pgd() must
-avoid setting the _PAGE_NX bit on an otherwise pgd_none() entry:
-usually that just generated a warning on exit, but sometimes
-more mysterious and damaging failures (our production machines
-could not complete booting).
-
-The original fix to this just avoided adding _PAGE_NX to
-an empty entry; but eventually more problems surfaced with kexec,
-and EFI mapping expected to be a problem too. So now instead
-change native_set_pgd() to update shadow only if _PAGE_USER:
-
-A few places (kernel/machine_kexec_64.c, platform/efi/efi_64.c for sure)
-use set_pgd() to set up a temporary internal virtual address space, with
-physical pages remapped at what Kaiser regards as userspace addresses:
-Kaiser then assumes a shadow pgd follows, which it will try to corrupt.
-
-This appears to be responsible for the recent kexec and kdump failures;
-though it's unclear how those did not manifest as a problem before.
-Ah, the shadow pgd will only be assumed to "follow" if the requested
-pgd is on an even-numbered page: so I suppose it was going wrong 50%
-of the time all along.
-
-What we need is a flag to set_pgd(), to tell it we're dealing with
-userspace. Er, isn't that what the pgd's _PAGE_USER bit is saying?
-Add a test for that. But we cannot do the same for pgd_clear()
-(which may be called to clear corrupted entries - set aside the
-question of "corrupt in which pgd?" until later), so there just
-rely on pgd_clear() not being called in the problematic cases -
-with a WARN_ON_ONCE() which should fire half the time if it is.
-
-But this is getting too big for an inline function: move it into
-arch/x86/mm/kaiser.c (which then demands a boot/compressed mod);
-and de-void and de-space native_get_shadow/normal_pgd() while here.
-
-Also make an unnecessary change to KASLR's init_trampoline(): it was
-using set_pgd() to assign a pgd-value to a global variable (not in a
-pg directory page), which was rather scary given Kaiser's previous
-set_pgd() implementation: not a problem now, but too scary to leave
-as was, it could easily blow up if we have to change set_pgd() again.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/boot/compressed/misc.h | 1
- arch/x86/include/asm/pgtable_64.h | 51 +++++++++-----------------------------
- arch/x86/mm/kaiser.c | 42 +++++++++++++++++++++++++++++++
- arch/x86/mm/kaslr.c | 4 +-
- 4 files changed, 58 insertions(+), 40 deletions(-)
-
---- a/arch/x86/boot/compressed/misc.h
-+++ b/arch/x86/boot/compressed/misc.h
-@@ -9,6 +9,7 @@
- */
- #undef CONFIG_PARAVIRT
- #undef CONFIG_PARAVIRT_SPINLOCKS
-+#undef CONFIG_KAISER
- #undef CONFIG_KASAN
-
- #include <linux/linkage.h>
---- a/arch/x86/include/asm/pgtable_64.h
-+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -107,61 +107,36 @@ static inline void native_pud_clear(pud_
- }
-
- #ifdef CONFIG_KAISER
--static inline pgd_t * native_get_shadow_pgd(pgd_t *pgdp)
-+extern pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd);
-+
-+static inline pgd_t *native_get_shadow_pgd(pgd_t *pgdp)
- {
-- return (pgd_t *)(void*)((unsigned long)(void*)pgdp | (unsigned long)PAGE_SIZE);
-+ return (pgd_t *)((unsigned long)pgdp | (unsigned long)PAGE_SIZE);
- }
-
--static inline pgd_t * native_get_normal_pgd(pgd_t *pgdp)
-+static inline pgd_t *native_get_normal_pgd(pgd_t *pgdp)
- {
-- return (pgd_t *)(void*)((unsigned long)(void*)pgdp & ~(unsigned long)PAGE_SIZE);
-+ return (pgd_t *)((unsigned long)pgdp & ~(unsigned long)PAGE_SIZE);
- }
- #else
--static inline pgd_t * native_get_shadow_pgd(pgd_t *pgdp)
-+static inline pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd)
-+{
-+ return pgd;
-+}
-+static inline pgd_t *native_get_shadow_pgd(pgd_t *pgdp)
- {
- BUILD_BUG_ON(1);
- return NULL;
- }
--static inline pgd_t * native_get_normal_pgd(pgd_t *pgdp)
-+static inline pgd_t *native_get_normal_pgd(pgd_t *pgdp)
- {
- return pgdp;
- }
- #endif /* CONFIG_KAISER */
-
--/*
-- * Page table pages are page-aligned. The lower half of the top
-- * level is used for userspace and the top half for the kernel.
-- * This returns true for user pages that need to get copied into
-- * both the user and kernel copies of the page tables, and false
-- * for kernel pages that should only be in the kernel copy.
-- */
--static inline bool is_userspace_pgd(void *__ptr)
--{
-- unsigned long ptr = (unsigned long)__ptr;
--
-- return ((ptr % PAGE_SIZE) < (PAGE_SIZE / 2));
--}
--
- static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
- {
--#ifdef CONFIG_KAISER
-- pteval_t extra_kern_pgd_flags = 0;
-- /* Do we need to also populate the shadow pgd? */
-- if (is_userspace_pgd(pgdp)) {
-- native_get_shadow_pgd(pgdp)->pgd = pgd.pgd;
-- /*
-- * Even if the entry is *mapping* userspace, ensure
-- * that userspace can not use it. This way, if we
-- * get out to userspace running on the kernel CR3,
-- * userspace will crash instead of running.
-- */
-- extra_kern_pgd_flags = _PAGE_NX;
-- }
-- pgdp->pgd = pgd.pgd;
-- pgdp->pgd |= extra_kern_pgd_flags;
--#else /* CONFIG_KAISER */
-- *pgdp = pgd;
--#endif
-+ *pgdp = kaiser_set_shadow_pgd(pgdp, pgd);
- }
-
- static inline void native_pgd_clear(pgd_t *pgd)
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -302,4 +302,46 @@ void kaiser_remove_mapping(unsigned long
- unmap_pud_range_nofree(pgd, addr, end);
- }
- }
-+
-+/*
-+ * Page table pages are page-aligned. The lower half of the top
-+ * level is used for userspace and the top half for the kernel.
-+ * This returns true for user pages that need to get copied into
-+ * both the user and kernel copies of the page tables, and false
-+ * for kernel pages that should only be in the kernel copy.
-+ */
-+static inline bool is_userspace_pgd(pgd_t *pgdp)
-+{
-+ return ((unsigned long)pgdp % PAGE_SIZE) < (PAGE_SIZE / 2);
-+}
-+
-+pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd)
-+{
-+ /*
-+ * Do we need to also populate the shadow pgd? Check _PAGE_USER to
-+ * skip cases like kexec and EFI which make temporary low mappings.
-+ */
-+ if (pgd.pgd & _PAGE_USER) {
-+ if (is_userspace_pgd(pgdp)) {
-+ native_get_shadow_pgd(pgdp)->pgd = pgd.pgd;
-+ /*
-+ * Even if the entry is *mapping* userspace, ensure
-+ * that userspace can not use it. This way, if we
-+ * get out to userspace running on the kernel CR3,
-+ * userspace will crash instead of running.
-+ */
-+ pgd.pgd |= _PAGE_NX;
-+ }
-+ } else if (!pgd.pgd) {
-+ /*
-+ * pgd_clear() cannot check _PAGE_USER, and is even used to
-+ * clear corrupted pgd entries: so just rely on cases like
-+ * kexec and EFI never to be using pgd_clear().
-+ */
-+ if (!WARN_ON_ONCE((unsigned long)pgdp & PAGE_SIZE) &&
-+ is_userspace_pgd(pgdp))
-+ native_get_shadow_pgd(pgdp)->pgd = pgd.pgd;
-+ }
-+ return pgd;
-+}
- #endif /* CONFIG_KAISER */
---- a/arch/x86/mm/kaslr.c
-+++ b/arch/x86/mm/kaslr.c
-@@ -189,6 +189,6 @@ void __meminit init_trampoline(void)
- *pud_tramp = *pud;
- }
-
-- set_pgd(&trampoline_pgd_entry,
-- __pgd(_KERNPG_TABLE | __pa(pud_page_tramp)));
-+ /* Avoid set_pgd(), in case it's complicated by CONFIG_KAISER */
-+ trampoline_pgd_entry = __pgd(_KERNPG_TABLE | __pa(pud_page_tramp));
- }
diff --git a/debian/patches/features/all/kpti/kaiser-drop-is_atomic-arg-to-kaiser_pagetable_walk.patch b/debian/patches/features/all/kpti/kaiser-drop-is_atomic-arg-to-kaiser_pagetable_walk.patch
deleted file mode 100644
index 2fed5fc..0000000
--- a/debian/patches/features/all/kpti/kaiser-drop-is_atomic-arg-to-kaiser_pagetable_walk.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 29 Oct 2017 11:36:19 -0700
-Subject: kaiser: drop is_atomic arg to kaiser_pagetable_walk()
-
-From: Hugh Dickins <hughd at google.com>
-
-
-I have not observed a might_sleep() warning from setup_fixmap_gdt()'s
-use of kaiser_add_mapping() in our tree (why not?), but like upstream
-we have not provided a way for that to pass is_atomic true down to
-kaiser_pagetable_walk(), and at startup it's far from a likely source
-of trouble: so just delete the walk's is_atomic arg and might_sleep().
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 10 ++--------
- 1 file changed, 2 insertions(+), 8 deletions(-)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -107,19 +107,13 @@ static inline unsigned long get_pa_from_
- *
- * Returns a pointer to a PTE on success, or NULL on failure.
- */
--static pte_t *kaiser_pagetable_walk(unsigned long address, bool is_atomic)
-+static pte_t *kaiser_pagetable_walk(unsigned long address)
- {
- pmd_t *pmd;
- pud_t *pud;
- pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(address));
- gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
-
-- if (is_atomic) {
-- gfp &= ~GFP_KERNEL;
-- gfp |= __GFP_HIGH | __GFP_ATOMIC;
-- } else
-- might_sleep();
--
- if (pgd_none(*pgd)) {
- WARN_ONCE(1, "All shadow pgds should have been populated");
- return NULL;
-@@ -194,7 +188,7 @@ static int kaiser_add_user_map(const voi
- ret = -EIO;
- break;
- }
-- pte = kaiser_pagetable_walk(address, false);
-+ pte = kaiser_pagetable_walk(address);
- if (!pte) {
- ret = -ENOMEM;
- break;
diff --git a/debian/patches/features/all/kpti/kaiser-enhanced-by-kernel-and-user-pcids.patch b/debian/patches/features/all/kpti/kaiser-enhanced-by-kernel-and-user-pcids.patch
deleted file mode 100644
index 4820b17..0000000
--- a/debian/patches/features/all/kpti/kaiser-enhanced-by-kernel-and-user-pcids.patch
+++ /dev/null
@@ -1,402 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Wed, 30 Aug 2017 16:23:00 -0700
-Subject: kaiser: enhanced by kernel and user PCIDs
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Merged performance improvements to Kaiser, using distinct kernel
-and user Process Context Identifiers to minimize the TLB flushing.
-
-[This work actually all from Dave Hansen 2017-08-30:
-still omitting trackswitch mods, and KAISER_REAL_SWITCH deleted.]
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 10 ++++-
- arch/x86/entry/entry_64_compat.S | 1
- arch/x86/include/asm/cpufeatures.h | 1
- arch/x86/include/asm/kaiser.h | 15 ++++++-
- arch/x86/include/asm/pgtable_types.h | 26 +++++++++++++
- arch/x86/include/asm/tlbflush.h | 54 +++++++++++++++++++++++-----
- arch/x86/include/uapi/asm/processor-flags.h | 3 +
- arch/x86/kernel/cpu/common.c | 34 +++++++++++++++++
- arch/x86/kvm/x86.c | 3 +
- arch/x86/mm/kaiser.c | 7 +++
- arch/x86/mm/tlb.c | 46 ++++++++++++++++++++++-
- 11 files changed, 182 insertions(+), 18 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1317,7 +1317,10 @@ ENTRY(nmi)
- /* %rax is saved above, so OK to clobber here */
- movq %cr3, %rax
- pushq %rax
-- andq $(~KAISER_SHADOW_PGD_OFFSET), %rax
-+ /* mask off "user" bit of pgd address and 12 PCID bits: */
-+ andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-+ /* Add back kernel PCID and "no flush" bit */
-+ orq X86_CR3_PCID_KERN_VAR, %rax
- movq %rax, %cr3
- #endif
- call do_nmi
-@@ -1558,7 +1561,10 @@ end_repeat_nmi:
- /* %rax is saved above, so OK to clobber here */
- movq %cr3, %rax
- pushq %rax
-- andq $(~KAISER_SHADOW_PGD_OFFSET), %rax
-+ /* mask off "user" bit of pgd address and 12 PCID bits: */
-+ andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-+ /* Add back kernel PCID and "no flush" bit */
-+ orq X86_CR3_PCID_KERN_VAR, %rax
- movq %rax, %cr3
- #endif
-
---- a/arch/x86/entry/entry_64_compat.S
-+++ b/arch/x86/entry/entry_64_compat.S
-@@ -13,6 +13,7 @@
- #include <asm/irqflags.h>
- #include <asm/asm.h>
- #include <asm/smap.h>
-+#include <asm/pgtable_types.h>
- #include <asm/kaiser.h>
- #include <linux/linkage.h>
- #include <linux/err.h>
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -189,6 +189,7 @@
-
- #define X86_FEATURE_CPB ( 7*32+ 2) /* AMD Core Performance Boost */
- #define X86_FEATURE_EPB ( 7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */
-+#define X86_FEATURE_INVPCID_SINGLE ( 7*32+ 4) /* Effectively INVPCID && CR4.PCIDE=1 */
-
- #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
- #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -1,5 +1,8 @@
- #ifndef _ASM_X86_KAISER_H
- #define _ASM_X86_KAISER_H
-+
-+#include <uapi/asm/processor-flags.h> /* For PCID constants */
-+
- /*
- * This file includes the definitions for the KAISER feature.
- * KAISER is a counter measure against x86_64 side channel attacks on
-@@ -21,13 +24,21 @@
-
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
--andq $(~KAISER_SHADOW_PGD_OFFSET), \reg
-+andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
-+orq X86_CR3_PCID_KERN_VAR, \reg
- movq \reg, %cr3
- .endm
-
- .macro _SWITCH_TO_USER_CR3 reg
- movq %cr3, \reg
--orq $(KAISER_SHADOW_PGD_OFFSET), \reg
-+andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
-+/*
-+ * This can obviously be one instruction by putting the
-+ * KAISER_SHADOW_PGD_OFFSET bit in the X86_CR3_PCID_USER_VAR.
-+ * But, just leave it now for simplicity.
-+ */
-+orq X86_CR3_PCID_USER_VAR, \reg
-+orq $(KAISER_SHADOW_PGD_OFFSET), \reg
- movq \reg, %cr3
- .endm
-
---- a/arch/x86/include/asm/pgtable_types.h
-+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -141,6 +141,32 @@
- _PAGE_SOFT_DIRTY)
- #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE)
-
-+/* The ASID is the lower 12 bits of CR3 */
-+#define X86_CR3_PCID_ASID_MASK (_AC((1<<12)-1,UL))
-+
-+/* Mask for all the PCID-related bits in CR3: */
-+#define X86_CR3_PCID_MASK (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_MASK)
-+#if defined(CONFIG_KAISER) && defined(CONFIG_X86_64)
-+#define X86_CR3_PCID_ASID_KERN (_AC(0x4,UL))
-+#define X86_CR3_PCID_ASID_USER (_AC(0x6,UL))
-+
-+#define X86_CR3_PCID_KERN_FLUSH (X86_CR3_PCID_ASID_KERN)
-+#define X86_CR3_PCID_USER_FLUSH (X86_CR3_PCID_ASID_USER)
-+#define X86_CR3_PCID_KERN_NOFLUSH (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_KERN)
-+#define X86_CR3_PCID_USER_NOFLUSH (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_USER)
-+#else
-+#define X86_CR3_PCID_ASID_KERN (_AC(0x0,UL))
-+#define X86_CR3_PCID_ASID_USER (_AC(0x0,UL))
-+/*
-+ * PCIDs are unsupported on 32-bit and none of these bits can be
-+ * set in CR3:
-+ */
-+#define X86_CR3_PCID_KERN_FLUSH (0)
-+#define X86_CR3_PCID_USER_FLUSH (0)
-+#define X86_CR3_PCID_KERN_NOFLUSH (0)
-+#define X86_CR3_PCID_USER_NOFLUSH (0)
-+#endif
-+
- /*
- * The cache modes defined here are used to translate between pure SW usage
- * and the HW defined cache mode bits and/or PAT entries.
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -13,7 +13,6 @@ static inline void __invpcid(unsigned lo
- unsigned long type)
- {
- struct { u64 d[2]; } desc = { { pcid, addr } };
--
- /*
- * The memory clobber is because the whole point is to invalidate
- * stale TLB entries and, especially if we're flushing global
-@@ -134,14 +133,25 @@ static inline void cr4_set_bits_and_upda
-
- static inline void __native_flush_tlb(void)
- {
-+ if (!cpu_feature_enabled(X86_FEATURE_INVPCID)) {
-+ /*
-+ * If current->mm == NULL then we borrow a mm which may change during a
-+ * task switch and therefore we must not be preempted while we write CR3
-+ * back:
-+ */
-+ preempt_disable();
-+ native_write_cr3(native_read_cr3());
-+ preempt_enable();
-+ return;
-+ }
- /*
-- * If current->mm == NULL then we borrow a mm which may change during a
-- * task switch and therefore we must not be preempted while we write CR3
-- * back:
-- */
-- preempt_disable();
-- native_write_cr3(native_read_cr3());
-- preempt_enable();
-+ * We are no longer using globals with KAISER, so a
-+ * "nonglobals" flush would work too. But, this is more
-+ * conservative.
-+ *
-+ * Note, this works with CR4.PCIDE=0 or 1.
-+ */
-+ invpcid_flush_all();
- }
-
- static inline void __native_flush_tlb_global_irq_disabled(void)
-@@ -163,6 +173,8 @@ static inline void __native_flush_tlb_gl
- /*
- * Using INVPCID is considerably faster than a pair of writes
- * to CR4 sandwiched inside an IRQ flag save/restore.
-+ *
-+ * Note, this works with CR4.PCIDE=0 or 1.
- */
- invpcid_flush_all();
- return;
-@@ -182,7 +194,31 @@ static inline void __native_flush_tlb_gl
-
- static inline void __native_flush_tlb_single(unsigned long addr)
- {
-- asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
-+ /*
-+ * SIMICS #GP's if you run INVPCID with type 2/3
-+ * and X86_CR4_PCIDE clear. Shame!
-+ *
-+ * The ASIDs used below are hard-coded. But, we must not
-+ * call invpcid(type=1/2) before CR4.PCIDE=1. Just call
-+ * invpcid in the case we are called early.
-+ */
-+ if (!this_cpu_has(X86_FEATURE_INVPCID_SINGLE)) {
-+ asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
-+ return;
-+ }
-+ /* Flush the address out of both PCIDs. */
-+ /*
-+ * An optimization here might be to determine addresses
-+ * that are only kernel-mapped and only flush the kernel
-+ * ASID. But, userspace flushes are probably much more
-+ * important performance-wise.
-+ *
-+ * Make sure to do only a single invpcid when KAISER is
-+ * disabled and we have only a single ASID.
-+ */
-+ if (X86_CR3_PCID_ASID_KERN != X86_CR3_PCID_ASID_USER)
-+ invpcid_flush_one(X86_CR3_PCID_ASID_KERN, addr);
-+ invpcid_flush_one(X86_CR3_PCID_ASID_USER, addr);
- }
-
- static inline void __flush_tlb_all(void)
---- a/arch/x86/include/uapi/asm/processor-flags.h
-+++ b/arch/x86/include/uapi/asm/processor-flags.h
-@@ -77,7 +77,8 @@
- #define X86_CR3_PWT _BITUL(X86_CR3_PWT_BIT)
- #define X86_CR3_PCD_BIT 4 /* Page Cache Disable */
- #define X86_CR3_PCD _BITUL(X86_CR3_PCD_BIT)
--#define X86_CR3_PCID_MASK _AC(0x00000fff,UL) /* PCID Mask */
-+#define X86_CR3_PCID_NOFLUSH_BIT 63 /* Preserve old PCID */
-+#define X86_CR3_PCID_NOFLUSH _BITULL(X86_CR3_PCID_NOFLUSH_BIT)
-
- /*
- * Intel CPU features in CR4
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -324,11 +324,45 @@ static __always_inline void setup_smap(s
- }
- }
-
-+/*
-+ * These can have bit 63 set, so we can not just use a plain "or"
-+ * instruction to get their value or'd into CR3. It would take
-+ * another register. So, we use a memory reference to these
-+ * instead.
-+ *
-+ * This is also handy because systems that do not support
-+ * PCIDs just end up or'ing a 0 into their CR3, which does
-+ * no harm.
-+ */
-+__aligned(PAGE_SIZE) unsigned long X86_CR3_PCID_KERN_VAR = 0;
-+__aligned(PAGE_SIZE) unsigned long X86_CR3_PCID_USER_VAR = 0;
-+
- static void setup_pcid(struct cpuinfo_x86 *c)
- {
- if (cpu_has(c, X86_FEATURE_PCID)) {
- if (cpu_has(c, X86_FEATURE_PGE)) {
- cr4_set_bits(X86_CR4_PCIDE);
-+ /*
-+ * These variables are used by the entry/exit
-+ * code to change PCIDs.
-+ */
-+#ifdef CONFIG_KAISER
-+ X86_CR3_PCID_KERN_VAR = X86_CR3_PCID_KERN_NOFLUSH;
-+ X86_CR3_PCID_USER_VAR = X86_CR3_PCID_USER_NOFLUSH;
-+#endif
-+ /*
-+ * INVPCID has two "groups" of types:
-+ * 1/2: Invalidate an individual address
-+ * 3/4: Invalidate all contexts
-+ *
-+ * 1/2 take a PCID, but 3/4 do not. So, 3/4
-+ * ignore the PCID argument in the descriptor.
-+ * But, we have to be careful not to call 1/2
-+ * with an actual non-zero PCID in them before
-+ * we do the above cr4_set_bits().
-+ */
-+ if (cpu_has(c, X86_FEATURE_INVPCID))
-+ set_cpu_cap(c, X86_FEATURE_INVPCID_SINGLE);
- } else {
- /*
- * flush_tlb_all(), as currently implemented, won't
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -773,7 +773,8 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, u
- return 1;
-
- /* PCID can not be enabled when cr3[11:0]!=000H or EFER.LMA=0 */
-- if ((kvm_read_cr3(vcpu) & X86_CR3_PCID_MASK) || !is_long_mode(vcpu))
-+ if ((kvm_read_cr3(vcpu) & X86_CR3_PCID_ASID_MASK) ||
-+ !is_long_mode(vcpu))
- return 1;
- }
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -239,6 +239,8 @@ static void __init kaiser_init_all_pgds(
- } while (0)
-
- extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
-+extern unsigned long X86_CR3_PCID_KERN_VAR;
-+extern unsigned long X86_CR3_PCID_USER_VAR;
- /*
- * If anything in here fails, we will likely die on one of the
- * first kernel->user transitions and init will die. But, we
-@@ -289,6 +291,11 @@ void __init kaiser_init(void)
- kaiser_add_user_map_early(&debug_idt_table,
- sizeof(gate_desc) * NR_VECTORS,
- __PAGE_KERNEL);
-+
-+ kaiser_add_user_map_early(&X86_CR3_PCID_KERN_VAR, PAGE_SIZE,
-+ __PAGE_KERNEL);
-+ kaiser_add_user_map_early(&X86_CR3_PCID_USER_VAR, PAGE_SIZE,
-+ __PAGE_KERNEL);
- }
-
- /* Add a mapping to the shadow mapping, and synchronize the mappings */
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -34,6 +34,46 @@ struct flush_tlb_info {
- unsigned long flush_end;
- };
-
-+static void load_new_mm_cr3(pgd_t *pgdir)
-+{
-+ unsigned long new_mm_cr3 = __pa(pgdir);
-+
-+ /*
-+ * KAISER, plus PCIDs needs some extra work here. But,
-+ * if either of features is not present, we need no
-+ * PCIDs here and just do a normal, full TLB flush with
-+ * the write_cr3()
-+ */
-+ if (!IS_ENABLED(CONFIG_KAISER) ||
-+ !cpu_feature_enabled(X86_FEATURE_PCID))
-+ goto out_set_cr3;
-+ /*
-+ * We reuse the same PCID for different tasks, so we must
-+ * flush all the entires for the PCID out when we change
-+ * tasks.
-+ */
-+ new_mm_cr3 = X86_CR3_PCID_KERN_FLUSH | __pa(pgdir);
-+
-+ /*
-+ * The flush from load_cr3() may leave old TLB entries
-+ * for userspace in place. We must flush that context
-+ * separately. We can theoretically delay doing this
-+ * until we actually load up the userspace CR3, but
-+ * that's a bit tricky. We have to have the "need to
-+ * flush userspace PCID" bit per-cpu and check it in the
-+ * exit-to-userspace paths.
-+ */
-+ invpcid_flush_single_context(X86_CR3_PCID_ASID_USER);
-+
-+out_set_cr3:
-+ /*
-+ * Caution: many callers of this function expect
-+ * that load_cr3() is serializing and orders TLB
-+ * fills with respect to the mm_cpumask writes.
-+ */
-+ write_cr3(new_mm_cr3);
-+}
-+
- /*
- * We cannot call mmdrop() because we are in interrupt context,
- * instead update mm->cpu_vm_mask.
-@@ -45,7 +85,7 @@ void leave_mm(int cpu)
- BUG();
- if (cpumask_test_cpu(cpu, mm_cpumask(active_mm))) {
- cpumask_clear_cpu(cpu, mm_cpumask(active_mm));
-- load_cr3(swapper_pg_dir);
-+ load_new_mm_cr3(swapper_pg_dir);
- /*
- * This gets called in the idle path where RCU
- * functions differently. Tracing normally
-@@ -120,7 +160,7 @@ void switch_mm_irqs_off(struct mm_struct
- * ordering guarantee we need.
- *
- */
-- load_cr3(next->pgd);
-+ load_new_mm_cr3(next->pgd);
-
- trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
-
-@@ -167,7 +207,7 @@ void switch_mm_irqs_off(struct mm_struct
- * As above, load_cr3() is serializing and orders TLB
- * fills with respect to the mm_cpumask write.
- */
-- load_cr3(next->pgd);
-+ load_new_mm_cr3(next->pgd);
- trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
- load_mm_cr4(next);
- load_mm_ldt(next);
diff --git a/debian/patches/features/all/kpti/kaiser-enomem-if-kaiser_pagetable_walk-null.patch b/debian/patches/features/all/kpti/kaiser-enomem-if-kaiser_pagetable_walk-null.patch
deleted file mode 100644
index c2bd8bc..0000000
--- a/debian/patches/features/all/kpti/kaiser-enomem-if-kaiser_pagetable_walk-null.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 18:48:02 -0700
-Subject: kaiser: ENOMEM if kaiser_pagetable_walk() NULL
-
-From: Hugh Dickins <hughd at google.com>
-
-
-kaiser_add_user_map() took no notice when kaiser_pagetable_walk() failed.
-And avoid its might_sleep() when atomic (though atomic at present unused).
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -98,11 +98,11 @@ static pte_t *kaiser_pagetable_walk(unsi
- pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(address));
- gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
-
-- might_sleep();
- if (is_atomic) {
- gfp &= ~GFP_KERNEL;
- gfp |= __GFP_HIGH | __GFP_ATOMIC;
-- }
-+ } else
-+ might_sleep();
-
- if (pgd_none(*pgd)) {
- WARN_ONCE(1, "All shadow pgds should have been populated");
-@@ -159,13 +159,17 @@ int kaiser_add_user_map(const void *__st
- unsigned long end_addr = PAGE_ALIGN(start_addr + size);
- unsigned long target_address;
-
-- for (;address < end_addr; address += PAGE_SIZE) {
-+ for (; address < end_addr; address += PAGE_SIZE) {
- target_address = get_pa_from_mapping(address);
- if (target_address == -1) {
- ret = -EIO;
- break;
- }
- pte = kaiser_pagetable_walk(address, false);
-+ if (!pte) {
-+ ret = -ENOMEM;
-+ break;
-+ }
- if (pte_none(*pte)) {
- set_pte(pte, __pte(flags | target_address));
- } else {
diff --git a/debian/patches/features/all/kpti/kaiser-fix-build-and-fixme-in-alloc_ldt_struct.patch b/debian/patches/features/all/kpti/kaiser-fix-build-and-fixme-in-alloc_ldt_struct.patch
deleted file mode 100644
index 92d279d..0000000
--- a/debian/patches/features/all/kpti/kaiser-fix-build-and-fixme-in-alloc_ldt_struct.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 17:09:44 -0700
-Subject: kaiser: fix build and FIXME in alloc_ldt_struct()
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Include linux/kaiser.h instead of asm/kaiser.h to build ldt.c without
-CONFIG_KAISER. kaiser_add_mapping() does already return an error code,
-so fix the FIXME.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/kernel/ldt.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
---- a/arch/x86/kernel/ldt.c
-+++ b/arch/x86/kernel/ldt.c
-@@ -16,9 +16,9 @@
- #include <linux/slab.h>
- #include <linux/vmalloc.h>
- #include <linux/uaccess.h>
-+#include <linux/kaiser.h>
-
- #include <asm/ldt.h>
--#include <asm/kaiser.h>
- #include <asm/desc.h>
- #include <asm/mmu_context.h>
- #include <asm/syscalls.h>
-@@ -49,7 +49,7 @@ static struct ldt_struct *alloc_ldt_stru
- {
- struct ldt_struct *new_ldt;
- int alloc_size;
-- int ret = 0;
-+ int ret;
-
- if (size > LDT_ENTRIES)
- return NULL;
-@@ -77,10 +77,8 @@ static struct ldt_struct *alloc_ldt_stru
- return NULL;
- }
-
-- // FIXME: make kaiser_add_mapping() return an error code
-- // when it fails
-- kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size,
-- __PAGE_KERNEL);
-+ ret = kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size,
-+ __PAGE_KERNEL);
- if (ret) {
- __free_ldt_struct(new_ldt);
- return NULL;
diff --git a/debian/patches/features/all/kpti/kaiser-fix-perf-crashes.patch b/debian/patches/features/all/kpti/kaiser-fix-perf-crashes.patch
deleted file mode 100644
index 6a9286c..0000000
--- a/debian/patches/features/all/kpti/kaiser-fix-perf-crashes.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Wed, 23 Aug 2017 14:21:14 -0700
-Subject: kaiser: fix perf crashes
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Avoid perf crashes: place debug_store in the user-mapped per-cpu area
-instead of allocating, and use page allocator plus kaiser_add_mapping()
-to keep the BTS and PEBS buffers user-mapped (that is, present in the
-user mapping, though visible only to kernel and hardware). The PEBS
-fixup buffer does not need this treatment.
-
-The need for a user-mapped struct debug_store showed up before doing
-any conscious perf testing: in a couple of kernel paging oopses on
-Westmere, implicating the debug_store offset of the per-cpu area.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/events/intel/ds.c | 57 +++++++++++++++++++++++++++++++++++----------
- 1 file changed, 45 insertions(+), 12 deletions(-)
-
---- a/arch/x86/events/intel/ds.c
-+++ b/arch/x86/events/intel/ds.c
-@@ -2,11 +2,15 @@
- #include <linux/types.h>
- #include <linux/slab.h>
-
-+#include <asm/kaiser.h>
- #include <asm/perf_event.h>
- #include <asm/insn.h>
-
- #include "../perf_event.h"
-
-+static
-+DEFINE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(struct debug_store, cpu_debug_store);
-+
- /* The size of a BTS record in bytes: */
- #define BTS_RECORD_SIZE 24
-
-@@ -268,6 +272,39 @@ void fini_debug_store_on_cpu(int cpu)
-
- static DEFINE_PER_CPU(void *, insn_buffer);
-
-+static void *dsalloc(size_t size, gfp_t flags, int node)
-+{
-+#ifdef CONFIG_KAISER
-+ unsigned int order = get_order(size);
-+ struct page *page;
-+ unsigned long addr;
-+
-+ page = __alloc_pages_node(node, flags | __GFP_ZERO, order);
-+ if (!page)
-+ return NULL;
-+ addr = (unsigned long)page_address(page);
-+ if (kaiser_add_mapping(addr, size, __PAGE_KERNEL) < 0) {
-+ __free_pages(page, order);
-+ addr = 0;
-+ }
-+ return (void *)addr;
-+#else
-+ return kmalloc_node(size, flags | __GFP_ZERO, node);
-+#endif
-+}
-+
-+static void dsfree(const void *buffer, size_t size)
-+{
-+#ifdef CONFIG_KAISER
-+ if (!buffer)
-+ return;
-+ kaiser_remove_mapping((unsigned long)buffer, size);
-+ free_pages((unsigned long)buffer, get_order(size));
-+#else
-+ kfree(buffer);
-+#endif
-+}
-+
- static int alloc_pebs_buffer(int cpu)
- {
- struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds;
-@@ -278,7 +315,7 @@ static int alloc_pebs_buffer(int cpu)
- if (!x86_pmu.pebs)
- return 0;
-
-- buffer = kzalloc_node(x86_pmu.pebs_buffer_size, GFP_KERNEL, node);
-+ buffer = dsalloc(x86_pmu.pebs_buffer_size, GFP_KERNEL, node);
- if (unlikely(!buffer))
- return -ENOMEM;
-
-@@ -289,7 +326,7 @@ static int alloc_pebs_buffer(int cpu)
- if (x86_pmu.intel_cap.pebs_format < 2) {
- ibuffer = kzalloc_node(PEBS_FIXUP_SIZE, GFP_KERNEL, node);
- if (!ibuffer) {
-- kfree(buffer);
-+ dsfree(buffer, x86_pmu.pebs_buffer_size);
- return -ENOMEM;
- }
- per_cpu(insn_buffer, cpu) = ibuffer;
-@@ -315,7 +352,8 @@ static void release_pebs_buffer(int cpu)
- kfree(per_cpu(insn_buffer, cpu));
- per_cpu(insn_buffer, cpu) = NULL;
-
-- kfree((void *)(unsigned long)ds->pebs_buffer_base);
-+ dsfree((void *)(unsigned long)ds->pebs_buffer_base,
-+ x86_pmu.pebs_buffer_size);
- ds->pebs_buffer_base = 0;
- }
-
-@@ -329,7 +367,7 @@ static int alloc_bts_buffer(int cpu)
- if (!x86_pmu.bts)
- return 0;
-
-- buffer = kzalloc_node(BTS_BUFFER_SIZE, GFP_KERNEL | __GFP_NOWARN, node);
-+ buffer = dsalloc(BTS_BUFFER_SIZE, GFP_KERNEL | __GFP_NOWARN, node);
- if (unlikely(!buffer)) {
- WARN_ONCE(1, "%s: BTS buffer allocation failure\n", __func__);
- return -ENOMEM;
-@@ -355,19 +393,15 @@ static void release_bts_buffer(int cpu)
- if (!ds || !x86_pmu.bts)
- return;
-
-- kfree((void *)(unsigned long)ds->bts_buffer_base);
-+ dsfree((void *)(unsigned long)ds->bts_buffer_base, BTS_BUFFER_SIZE);
- ds->bts_buffer_base = 0;
- }
-
- static int alloc_ds_buffer(int cpu)
- {
-- int node = cpu_to_node(cpu);
-- struct debug_store *ds;
--
-- ds = kzalloc_node(sizeof(*ds), GFP_KERNEL, node);
-- if (unlikely(!ds))
-- return -ENOMEM;
-+ struct debug_store *ds = per_cpu_ptr(&cpu_debug_store, cpu);
-
-+ memset(ds, 0, sizeof(*ds));
- per_cpu(cpu_hw_events, cpu).ds = ds;
-
- return 0;
-@@ -381,7 +415,6 @@ static void release_ds_buffer(int cpu)
- return;
-
- per_cpu(cpu_hw_events, cpu).ds = NULL;
-- kfree(ds);
- }
-
- void release_ds_buffers(void)
diff --git a/debian/patches/features/all/kpti/kaiser-fix-regs-to-do_nmi-ifndef-config_kaiser.patch b/debian/patches/features/all/kpti/kaiser-fix-regs-to-do_nmi-ifndef-config_kaiser.patch
deleted file mode 100644
index babde9a..0000000
--- a/debian/patches/features/all/kpti/kaiser-fix-regs-to-do_nmi-ifndef-config_kaiser.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Thu, 21 Sep 2017 20:39:56 -0700
-Subject: kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
-
-From: Hugh Dickins <hughd at google.com>
-
-
-pjt has observed that nmi's second (nmi_from_kernel) call to do_nmi()
-adjusted the %rdi regs arg, rightly when CONFIG_KAISER, but wrongly
-when not CONFIG_KAISER.
-
-Although the minimal change is to add an #ifdef CONFIG_KAISER around
-the addq line, that looks cluttered, and I prefer how the first call
-to do_nmi() handled it: prepare args in %rdi and %rsi before getting
-into the CONFIG_KAISER block, since it does not touch them at all.
-
-And while we're here, place the "#ifdef CONFIG_KAISER" that follows
-each, to enclose the "Unconditionally restore CR3" comment: matching
-how the "Unconditionally use kernel CR3" comment above is enclosed.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1323,12 +1323,13 @@ ENTRY(nmi)
- movq %rax, %cr3
- #endif
- call do_nmi
-+
-+#ifdef CONFIG_KAISER
- /*
- * Unconditionally restore CR3. I know we return to
- * kernel code that needs user CR3, but do we ever return
- * to "user mode" where we need the kernel CR3?
- */
--#ifdef CONFIG_KAISER
- popq %rax
- mov %rax, %cr3
- #endif
-@@ -1552,6 +1553,8 @@ end_repeat_nmi:
- SWAPGS
- xorl %ebx, %ebx
- 1:
-+ movq %rsp, %rdi
-+ movq $-1, %rsi
- #ifdef CONFIG_KAISER
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
-@@ -1564,16 +1567,14 @@ end_repeat_nmi:
- #endif
-
- /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
-- movq %rsp, %rdi
-- addq $8, %rdi /* point %rdi at ptregs, fixed up for CR3 */
-- movq $-1, %rsi
- call do_nmi
-+
-+#ifdef CONFIG_KAISER
- /*
- * Unconditionally restore CR3. We might be returning to
- * kernel code that needs user CR3, like just just before
- * a sysret.
- */
--#ifdef CONFIG_KAISER
- popq %rax
- mov %rax, %cr3
- #endif
diff --git a/debian/patches/features/all/kpti/kaiser-fix-unlikely-error-in-alloc_ldt_struct.patch b/debian/patches/features/all/kpti/kaiser-fix-unlikely-error-in-alloc_ldt_struct.patch
deleted file mode 100644
index 6da60ee..0000000
--- a/debian/patches/features/all/kpti/kaiser-fix-unlikely-error-in-alloc_ldt_struct.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Mon, 4 Dec 2017 20:13:35 -0800
-Subject: kaiser: fix unlikely error in alloc_ldt_struct()
-
-From: Hugh Dickins <hughd at google.com>
-
-
-An error from kaiser_add_mapping() here is not at all likely, but
-Eric Biggers rightly points out that __free_ldt_struct() relies on
-new_ldt->size being initialized: move that up.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/kernel/ldt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/kernel/ldt.c
-+++ b/arch/x86/kernel/ldt.c
-@@ -79,11 +79,11 @@ static struct ldt_struct *alloc_ldt_stru
-
- ret = kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size,
- __PAGE_KERNEL);
-+ new_ldt->size = size;
- if (ret) {
- __free_ldt_struct(new_ldt);
- return NULL;
- }
-- new_ldt->size = size;
- return new_ldt;
- }
-
diff --git a/debian/patches/features/all/kpti/kaiser-kaiser-depends-on-smp.patch b/debian/patches/features/all/kpti/kaiser-kaiser-depends-on-smp.patch
deleted file mode 100644
index d9a4854..0000000
--- a/debian/patches/features/all/kpti/kaiser-kaiser-depends-on-smp.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Wed, 13 Sep 2017 14:03:10 -0700
-Subject: kaiser: KAISER depends on SMP
-
-From: Hugh Dickins <hughd at google.com>
-
-
-It is absurd that KAISER should depend on SMP, but apparently nobody
-has tried a UP build before: which breaks on implicit declaration of
-function 'per_cpu_offset' in arch/x86/mm/kaiser.c.
-
-Now, you would expect that to be trivially fixed up; but looking at
-the System.map when that block is #ifdef'ed out of kaiser_init(),
-I see that in a UP build __per_cpu_user_mapped_end is precisely at
-__per_cpu_user_mapped_start, and the items carefully gathered into
-that section for user-mapping on SMP, dispersed elsewhere on UP.
-
-So, some other kind of section assignment will be needed on UP,
-but implementing that is not a priority: just make KAISER depend
-on SMP for now.
-
-Also inserted a blank line before the option, tidied up the
-brief Kconfig help message, and added an "If unsure, Y".
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- security/Kconfig | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -30,14 +30,16 @@ config SECURITY
- model will be used.
-
- If you are unsure how to answer this question, answer N.
-+
- config KAISER
- bool "Remove the kernel mapping in user mode"
- default y
-- depends on X86_64
-- depends on !PARAVIRT
-+ depends on X86_64 && SMP && !PARAVIRT
- help
-- This enforces a strict kernel and user space isolation in order to close
-- hardware side channels on kernel address information.
-+ This enforces a strict kernel and user space isolation, in order
-+ to close hardware side channels on kernel address information.
-+
-+ If you are unsure how to answer this question, answer Y.
-
- config KAISER_REAL_SWITCH
- bool "KAISER: actually switch page tables"
diff --git a/debian/patches/features/all/kpti/kaiser-kaiser_flush_tlb_on_return_to_user-check-pcid.patch b/debian/patches/features/all/kpti/kaiser-kaiser_flush_tlb_on_return_to_user-check-pcid.patch
deleted file mode 100644
index 75c1365..0000000
--- a/debian/patches/features/all/kpti/kaiser-kaiser_flush_tlb_on_return_to_user-check-pcid.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sat, 4 Nov 2017 18:43:06 -0700
-Subject: kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Let kaiser_flush_tlb_on_return_to_user() do the X86_FEATURE_PCID
-check, instead of each caller doing it inline first: nobody needs
-to optimize for the noPCID case, it's clearer this way, and better
-suits later changes. Replace those no-op X86_CR3_PCID_KERN_FLUSH lines
-by a BUILD_BUG_ON() in load_new_mm_cr3(), in case something changes.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/tlbflush.h | 4 ++--
- arch/x86/mm/kaiser.c | 6 +++---
- arch/x86/mm/tlb.c | 8 ++++----
- 3 files changed, 9 insertions(+), 9 deletions(-)
-
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -158,7 +158,7 @@ static inline void __native_flush_tlb(vo
- * back:
- */
- preempt_disable();
-- if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID))
-+ if (kaiser_enabled)
- kaiser_flush_tlb_on_return_to_user();
- native_write_cr3(native_read_cr3());
- preempt_enable();
-@@ -217,7 +217,7 @@ static inline void __native_flush_tlb_si
- */
-
- if (!this_cpu_has(X86_FEATURE_INVPCID_SINGLE)) {
-- if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID))
-+ if (kaiser_enabled)
- kaiser_flush_tlb_on_return_to_user();
- asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
- return;
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -435,12 +435,12 @@ void kaiser_setup_pcid(void)
-
- /*
- * Make a note that this cpu will need to flush USER tlb on return to user.
-- * Caller checks whether this_cpu_has(X86_FEATURE_PCID) before calling:
-- * if cpu does not, then the NOFLUSH bit will never have been set.
-+ * If cpu does not have PCID, then the NOFLUSH bit will never have been set.
- */
- void kaiser_flush_tlb_on_return_to_user(void)
- {
-- this_cpu_write(x86_cr3_pcid_user,
-+ if (this_cpu_has(X86_FEATURE_PCID))
-+ this_cpu_write(x86_cr3_pcid_user,
- X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
- }
- EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -39,7 +39,7 @@ static void load_new_mm_cr3(pgd_t *pgdir
- {
- unsigned long new_mm_cr3 = __pa(pgdir);
-
-- if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID)) {
-+ if (kaiser_enabled) {
- /*
- * We reuse the same PCID for different tasks, so we must
- * flush all the entries for the PCID out when we change tasks.
-@@ -50,10 +50,10 @@ static void load_new_mm_cr3(pgd_t *pgdir
- * do it here, but can only be used if X86_FEATURE_INVPCID is
- * available - and many machines support pcid without invpcid.
- *
-- * The line below is a no-op: X86_CR3_PCID_KERN_FLUSH is now 0;
-- * but keep that line in there in case something changes.
-+ * If X86_CR3_PCID_KERN_FLUSH actually added something, then it
-+ * would be needed in the write_cr3() below - if PCIDs enabled.
- */
-- new_mm_cr3 |= X86_CR3_PCID_KERN_FLUSH;
-+ BUILD_BUG_ON(X86_CR3_PCID_KERN_FLUSH);
- kaiser_flush_tlb_on_return_to_user();
- }
-
diff --git a/debian/patches/features/all/kpti/kaiser-kaiser_remove_mapping-move-along-the-pgd.patch b/debian/patches/features/all/kpti/kaiser-kaiser_remove_mapping-move-along-the-pgd.patch
deleted file mode 100644
index 66fe640..0000000
--- a/debian/patches/features/all/kpti/kaiser-kaiser_remove_mapping-move-along-the-pgd.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Mon, 2 Oct 2017 10:57:24 -0700
-Subject: kaiser: kaiser_remove_mapping() move along the pgd
-
-From: Hugh Dickins <hughd at google.com>
-
-
-When removing the bogus comment from kaiser_remove_mapping(),
-I really ought to have checked the extent of its bogosity: as
-Neel points out, there is nothing to stop unmap_pud_range_nofree()
-from continuing beyond the end of a pud (and starting in the wrong
-position on the next).
-
-Fix kaiser_remove_mapping() to constrain the extent and advance pgd
-pointer correctly: use pgd_addr_end() macro as used throughout base
-mm (but don't assume page-rounded start and size in this case).
-
-But this bug was very unlikely to trigger in this backport: since
-any buddy allocation is contained within a single pud extent, and
-we are not using vmapped stacks (and are only mapping one page of
-stack anyway): the only way to hit this bug here would be when
-freeing a large modified ldt.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -319,11 +319,13 @@ void kaiser_remove_mapping(unsigned long
- extern void unmap_pud_range_nofree(pgd_t *pgd,
- unsigned long start, unsigned long end);
- unsigned long end = start + size;
-- unsigned long addr;
-+ unsigned long addr, next;
-+ pgd_t *pgd;
-
-- for (addr = start; addr < end; addr += PGDIR_SIZE) {
-- pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(addr));
-- unmap_pud_range_nofree(pgd, addr, end);
-+ pgd = native_get_shadow_pgd(pgd_offset_k(start));
-+ for (addr = start; addr < end; pgd++, addr = next) {
-+ next = pgd_addr_end(addr, end);
-+ unmap_pud_range_nofree(pgd, addr, next);
- }
- }
-
diff --git a/debian/patches/features/all/kpti/kaiser-kernel-address-isolation.patch b/debian/patches/features/all/kpti/kaiser-kernel-address-isolation.patch
deleted file mode 100644
index 079f4d6..0000000
--- a/debian/patches/features/all/kpti/kaiser-kernel-address-isolation.patch
+++ /dev/null
@@ -1,979 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Richard Fellner <richard.fellner at student.tugraz.at>
-Date: Thu, 4 May 2017 14:26:50 +0200
-Subject: KAISER: Kernel Address Isolation
-
-From: Richard Fellner <richard.fellner at student.tugraz.at>
-
-
-This patch introduces our implementation of KAISER (Kernel Address Isolation to
-have Side-channels Efficiently Removed), a kernel isolation technique to close
-hardware side channels on kernel address information.
-
-More information about the patch can be found on:
-
- https://github.com/IAIK/KAISER
-
-From: Richard Fellner <richard.fellner at student.tugraz.at>
-From: Daniel Gruss <daniel.gruss at iaik.tugraz.at>
-Subject: [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode
-Date: Thu, 4 May 2017 14:26:50 +0200
-Link: http://marc.info/?l=linux-kernel&m=149390087310405&w=2
-Kaiser-4.10-SHA1: c4b1831d44c6144d3762ccc72f0c4e71a0c713e5
-
-To: <linux-kernel at vger.kernel.org>
-To: <kernel-hardening at lists.openwall.com>
-Cc: <clementine.maurice at iaik.tugraz.at>
-Cc: <moritz.lipp at iaik.tugraz.at>
-Cc: Michael Schwarz <michael.schwarz at iaik.tugraz.at>
-Cc: Richard Fellner <richard.fellner at student.tugraz.at>
-Cc: Ingo Molnar <mingo at kernel.org>
-Cc: <kirill.shutemov at linux.intel.com>
-Cc: <anders.fogh at gdata-adan.de>
-
-After several recent works [1,2,3] KASLR on x86_64 was basically
-considered dead by many researchers. We have been working on an
-efficient but effective fix for this problem and found that not mapping
-the kernel space when running in user mode is the solution to this
-problem [4] (the corresponding paper [5] will be presented at ESSoS17).
-
-With this RFC patch we allow anybody to configure their kernel with the
-flag CONFIG_KAISER to add our defense mechanism.
-
-If there are any questions we would love to answer them.
-We also appreciate any comments!
-
-Cheers,
-Daniel (+ the KAISER team from Graz University of Technology)
-
-[1] http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf
-[2] https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf
-[3] https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf
-[4] https://github.com/IAIK/KAISER
-[5] https://gruss.cc/files/kaiser.pdf
-
-[patch based also on
-https://raw.githubusercontent.com/IAIK/KAISER/master/KAISER/0001-KAISER-Kernel-Address-Isolation.patch]
-
-Signed-off-by: Richard Fellner <richard.fellner at student.tugraz.at>
-Signed-off-by: Moritz Lipp <moritz.lipp at iaik.tugraz.at>
-Signed-off-by: Daniel Gruss <daniel.gruss at iaik.tugraz.at>
-Signed-off-by: Michael Schwarz <michael.schwarz at iaik.tugraz.at>
-Acked-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 17 +++
- arch/x86/entry/entry_64_compat.S | 7 +
- arch/x86/include/asm/hw_irq.h | 2
- arch/x86/include/asm/kaiser.h | 113 ++++++++++++++++++++++++
- arch/x86/include/asm/pgtable.h | 4
- arch/x86/include/asm/pgtable_64.h | 21 ++++
- arch/x86/include/asm/pgtable_types.h | 12 ++
- arch/x86/include/asm/processor.h | 7 +
- arch/x86/kernel/cpu/common.c | 4
- arch/x86/kernel/espfix_64.c | 6 +
- arch/x86/kernel/head_64.S | 16 ++-
- arch/x86/kernel/irqinit.c | 2
- arch/x86/kernel/process.c | 2
- arch/x86/mm/Makefile | 2
- arch/x86/mm/kaiser.c | 160 +++++++++++++++++++++++++++++++++++
- arch/x86/mm/pageattr.c | 2
- arch/x86/mm/pgtable.c | 26 +++++
- include/asm-generic/vmlinux.lds.h | 11 ++
- include/linux/percpu-defs.h | 30 ++++++
- init/main.c | 6 +
- kernel/fork.c | 8 +
- security/Kconfig | 7 +
- 22 files changed, 449 insertions(+), 16 deletions(-)
- create mode 100644 arch/x86/include/asm/kaiser.h
- create mode 100644 arch/x86/mm/kaiser.c
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -36,6 +36,7 @@
- #include <asm/smap.h>
- #include <asm/pgtable_types.h>
- #include <asm/export.h>
-+#include <asm/kaiser.h>
- #include <linux/err.h>
-
- /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
-@@ -146,6 +147,7 @@ ENTRY(entry_SYSCALL_64)
- * it is too small to ever cause noticeable irq latency.
- */
- SWAPGS_UNSAFE_STACK
-+ SWITCH_KERNEL_CR3_NO_STACK
- /*
- * A hypervisor implementation might want to use a label
- * after the swapgs, so that it can do the swapgs
-@@ -228,6 +230,7 @@ entry_SYSCALL_64_fastpath:
- movq RIP(%rsp), %rcx
- movq EFLAGS(%rsp), %r11
- RESTORE_C_REGS_EXCEPT_RCX_R11
-+ SWITCH_USER_CR3
- movq RSP(%rsp), %rsp
- USERGS_SYSRET64
-
-@@ -323,10 +326,12 @@ return_from_SYSCALL_64:
- syscall_return_via_sysret:
- /* rcx and r11 are already restored (see code above) */
- RESTORE_C_REGS_EXCEPT_RCX_R11
-+ SWITCH_USER_CR3
- movq RSP(%rsp), %rsp
- USERGS_SYSRET64
-
- opportunistic_sysret_failed:
-+ SWITCH_USER_CR3
- SWAPGS
- jmp restore_c_regs_and_iret
- END(entry_SYSCALL_64)
-@@ -424,6 +429,7 @@ ENTRY(ret_from_fork)
- movq %rsp, %rdi
- call syscall_return_slowpath /* returns with IRQs disabled */
- TRACE_IRQS_ON /* user mode is traced as IRQS on */
-+ SWITCH_USER_CR3
- SWAPGS
- jmp restore_regs_and_iret
-
-@@ -478,6 +484,7 @@ END(irq_entries_start)
- * tracking that we're in kernel mode.
- */
- SWAPGS
-+ SWITCH_KERNEL_CR3
-
- /*
- * We need to tell lockdep that IRQs are off. We can't do this until
-@@ -535,6 +542,7 @@ GLOBAL(retint_user)
- mov %rsp,%rdi
- call prepare_exit_to_usermode
- TRACE_IRQS_IRETQ
-+ SWITCH_USER_CR3
- SWAPGS
- jmp restore_regs_and_iret
-
-@@ -612,6 +620,7 @@ native_irq_return_ldt:
-
- pushq %rdi /* Stash user RDI */
- SWAPGS
-+ SWITCH_KERNEL_CR3
- movq PER_CPU_VAR(espfix_waddr), %rdi
- movq %rax, (0*8)(%rdi) /* user RAX */
- movq (1*8)(%rsp), %rax /* user RIP */
-@@ -638,6 +647,7 @@ native_irq_return_ldt:
- * still points to an RO alias of the ESPFIX stack.
- */
- orq PER_CPU_VAR(espfix_stack), %rax
-+ SWITCH_USER_CR3
- SWAPGS
- movq %rax, %rsp
-
-@@ -1034,6 +1044,7 @@ ENTRY(paranoid_entry)
- testl %edx, %edx
- js 1f /* negative -> in kernel */
- SWAPGS
-+ SWITCH_KERNEL_CR3
- xorl %ebx, %ebx
- 1: ret
- END(paranoid_entry)
-@@ -1056,6 +1067,7 @@ ENTRY(paranoid_exit)
- testl %ebx, %ebx /* swapgs needed? */
- jnz paranoid_exit_no_swapgs
- TRACE_IRQS_IRETQ
-+ SWITCH_USER_CR3_NO_STACK
- SWAPGS_UNSAFE_STACK
- jmp paranoid_exit_restore
- paranoid_exit_no_swapgs:
-@@ -1084,6 +1096,7 @@ ENTRY(error_entry)
- * from user mode due to an IRET fault.
- */
- SWAPGS
-+ SWITCH_KERNEL_CR3
-
- .Lerror_entry_from_usermode_after_swapgs:
- /*
-@@ -1135,6 +1148,7 @@ ENTRY(error_entry)
- * Switch to kernel gsbase:
- */
- SWAPGS
-+ SWITCH_KERNEL_CR3
-
- /*
- * Pretend that the exception came from user mode: set up pt_regs
-@@ -1235,6 +1249,7 @@ ENTRY(nmi)
- */
-
- SWAPGS_UNSAFE_STACK
-+ SWITCH_KERNEL_CR3_NO_STACK
- cld
- movq %rsp, %rdx
- movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
-@@ -1275,6 +1290,7 @@ ENTRY(nmi)
- * work, because we don't want to enable interrupts. Fortunately,
- * do_nmi doesn't modify pt_regs.
- */
-+ SWITCH_USER_CR3
- SWAPGS
- jmp restore_c_regs_and_iret
-
-@@ -1486,6 +1502,7 @@ end_repeat_nmi:
- testl %ebx, %ebx /* swapgs needed? */
- jnz nmi_restore
- nmi_swapgs:
-+ SWITCH_USER_CR3_NO_STACK
- SWAPGS_UNSAFE_STACK
- nmi_restore:
- RESTORE_EXTRA_REGS
---- a/arch/x86/entry/entry_64_compat.S
-+++ b/arch/x86/entry/entry_64_compat.S
-@@ -13,6 +13,7 @@
- #include <asm/irqflags.h>
- #include <asm/asm.h>
- #include <asm/smap.h>
-+#include <asm/kaiser.h>
- #include <linux/linkage.h>
- #include <linux/err.h>
-
-@@ -48,6 +49,7 @@
- ENTRY(entry_SYSENTER_compat)
- /* Interrupts are off on entry. */
- SWAPGS_UNSAFE_STACK
-+ SWITCH_KERNEL_CR3_NO_STACK
- movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
-
- /*
-@@ -184,6 +186,7 @@ ENDPROC(entry_SYSENTER_compat)
- ENTRY(entry_SYSCALL_compat)
- /* Interrupts are off on entry. */
- SWAPGS_UNSAFE_STACK
-+ SWITCH_KERNEL_CR3_NO_STACK
-
- /* Stash user ESP and switch to the kernel stack. */
- movl %esp, %r8d
-@@ -259,6 +262,7 @@ sysret32_from_system_call:
- xorq %r8, %r8
- xorq %r9, %r9
- xorq %r10, %r10
-+ SWITCH_USER_CR3
- movq RSP-ORIG_RAX(%rsp), %rsp
- swapgs
- sysretl
-@@ -297,7 +301,7 @@ ENTRY(entry_INT80_compat)
- PARAVIRT_ADJUST_EXCEPTION_FRAME
- ASM_CLAC /* Do this early to minimize exposure */
- SWAPGS
--
-+ SWITCH_KERNEL_CR3_NO_STACK
- /*
- * User tracing code (ptrace or signal handlers) might assume that
- * the saved RAX contains a 32-bit number when we're invoking a 32-bit
-@@ -338,6 +342,7 @@ ENTRY(entry_INT80_compat)
-
- /* Go back to user mode. */
- TRACE_IRQS_ON
-+ SWITCH_USER_CR3_NO_STACK
- SWAPGS
- jmp restore_regs_and_iret
- END(entry_INT80_compat)
---- a/arch/x86/include/asm/hw_irq.h
-+++ b/arch/x86/include/asm/hw_irq.h
-@@ -178,7 +178,7 @@ extern char irq_entries_start[];
- #define VECTOR_RETRIGGERED ((void *)~0UL)
-
- typedef struct irq_desc* vector_irq_t[NR_VECTORS];
--DECLARE_PER_CPU(vector_irq_t, vector_irq);
-+DECLARE_PER_CPU_USER_MAPPED(vector_irq_t, vector_irq);
-
- #endif /* !ASSEMBLY_ */
-
---- /dev/null
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -0,0 +1,113 @@
-+#ifndef _ASM_X86_KAISER_H
-+#define _ASM_X86_KAISER_H
-+
-+/* This file includes the definitions for the KAISER feature.
-+ * KAISER is a counter measure against x86_64 side channel attacks on the kernel virtual memory.
-+ * It has a shodow-pgd for every process. the shadow-pgd has a minimalistic kernel-set mapped,
-+ * but includes the whole user memory. Within a kernel context switch, or when an interrupt is handled,
-+ * the pgd is switched to the normal one. When the system switches to user mode, the shadow pgd is enabled.
-+ * By this, the virtual memory chaches are freed, and the user may not attack the whole kernel memory.
-+ *
-+ * A minimalistic kernel mapping holds the parts needed to be mapped in user mode, as the entry/exit functions
-+ * of the user space, or the stacks.
-+ */
-+#ifdef __ASSEMBLY__
-+#ifdef CONFIG_KAISER
-+
-+.macro _SWITCH_TO_KERNEL_CR3 reg
-+movq %cr3, \reg
-+andq $(~0x1000), \reg
-+movq \reg, %cr3
-+.endm
-+
-+.macro _SWITCH_TO_USER_CR3 reg
-+movq %cr3, \reg
-+orq $(0x1000), \reg
-+movq \reg, %cr3
-+.endm
-+
-+.macro SWITCH_KERNEL_CR3
-+pushq %rax
-+_SWITCH_TO_KERNEL_CR3 %rax
-+popq %rax
-+.endm
-+
-+.macro SWITCH_USER_CR3
-+pushq %rax
-+_SWITCH_TO_USER_CR3 %rax
-+popq %rax
-+.endm
-+
-+.macro SWITCH_KERNEL_CR3_NO_STACK
-+movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
-+_SWITCH_TO_KERNEL_CR3 %rax
-+movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
-+.endm
-+
-+
-+.macro SWITCH_USER_CR3_NO_STACK
-+
-+movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
-+_SWITCH_TO_USER_CR3 %rax
-+movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
-+
-+.endm
-+
-+#else /* CONFIG_KAISER */
-+
-+.macro SWITCH_KERNEL_CR3 reg
-+.endm
-+.macro SWITCH_USER_CR3 reg
-+.endm
-+.macro SWITCH_USER_CR3_NO_STACK
-+.endm
-+.macro SWITCH_KERNEL_CR3_NO_STACK
-+.endm
-+
-+#endif /* CONFIG_KAISER */
-+#else /* __ASSEMBLY__ */
-+
-+
-+#ifdef CONFIG_KAISER
-+// Upon kernel/user mode switch, it may happen that
-+// the address space has to be switched before the registers have been stored.
-+// To change the address space, another register is needed.
-+// A register therefore has to be stored/restored.
-+//
-+DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-+
-+#endif /* CONFIG_KAISER */
-+
-+/**
-+ * shadowmem_add_mapping - map a virtual memory part to the shadow mapping
-+ * @addr: the start address of the range
-+ * @size: the size of the range
-+ * @flags: The mapping flags of the pages
-+ *
-+ * the mapping is done on a global scope, so no bigger synchronization has to be done.
-+ * the pages have to be manually unmapped again when they are not needed any longer.
-+ */
-+extern void kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
-+
-+
-+/**
-+ * shadowmem_remove_mapping - unmap a virtual memory part of the shadow mapping
-+ * @addr: the start address of the range
-+ * @size: the size of the range
-+ */
-+extern void kaiser_remove_mapping(unsigned long start, unsigned long size);
-+
-+/**
-+ * shadowmem_initialize_mapping - Initalize the shadow mapping
-+ *
-+ * most parts of the shadow mapping can be mapped upon boot time.
-+ * only the thread stacks have to be mapped on runtime.
-+ * the mapped regions are not unmapped at all.
-+ */
-+extern void kaiser_init(void);
-+
-+#endif
-+
-+
-+
-+#endif /* _ASM_X86_KAISER_H */
---- a/arch/x86/include/asm/pgtable.h
-+++ b/arch/x86/include/asm/pgtable.h
-@@ -904,6 +904,10 @@ static inline void pmdp_set_wrprotect(st
- static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
- {
- memcpy(dst, src, count * sizeof(pgd_t));
-+#ifdef CONFIG_KAISER
-+ // clone the shadow pgd part as well
-+ memcpy(native_get_shadow_pgd(dst), native_get_shadow_pgd(src), count * sizeof(pgd_t));
-+#endif
- }
-
- #define PTE_SHIFT ilog2(PTRS_PER_PTE)
---- a/arch/x86/include/asm/pgtable_64.h
-+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -106,9 +106,30 @@ static inline void native_pud_clear(pud_
- native_set_pud(pud, native_make_pud(0));
- }
-
-+#ifdef CONFIG_KAISER
-+static inline pgd_t * native_get_shadow_pgd(pgd_t *pgdp) {
-+ return (pgd_t *)(void*)((unsigned long)(void*)pgdp | (unsigned long)PAGE_SIZE);
-+}
-+
-+static inline pgd_t * native_get_normal_pgd(pgd_t *pgdp) {
-+ return (pgd_t *)(void*)((unsigned long)(void*)pgdp & ~(unsigned long)PAGE_SIZE);
-+}
-+#endif /* CONFIG_KAISER */
-+
- static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
- {
-+#ifdef CONFIG_KAISER
-+ // We know that a pgd is page aligned.
-+ // Therefore the lower indices have to be mapped to user space.
-+ // These pages are mapped to the shadow mapping.
-+ if ((((unsigned long)pgdp) % PAGE_SIZE) < (PAGE_SIZE / 2)) {
-+ native_get_shadow_pgd(pgdp)->pgd = pgd.pgd;
-+ }
-+
-+ pgdp->pgd = pgd.pgd & ~_PAGE_USER;
-+#else /* CONFIG_KAISER */
- *pgdp = pgd;
-+#endif
- }
-
- static inline void native_pgd_clear(pgd_t *pgd)
---- a/arch/x86/include/asm/pgtable_types.h
-+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -45,7 +45,11 @@
- #define _PAGE_ACCESSED (_AT(pteval_t, 1) << _PAGE_BIT_ACCESSED)
- #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
- #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE)
--#define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
-+#ifdef CONFIG_KAISER
-+#define _PAGE_GLOBAL (_AT(pteval_t, 0))
-+#else
-+#define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
-+#endif
- #define _PAGE_SOFTW1 (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW1)
- #define _PAGE_SOFTW2 (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW2)
- #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
-@@ -119,7 +123,11 @@
- #define _PAGE_DEVMAP (_AT(pteval_t, 0))
- #endif
-
--#define _PAGE_PROTNONE (_AT(pteval_t, 1) << _PAGE_BIT_PROTNONE)
-+#ifdef CONFIG_KAISER
-+#define _PAGE_PROTNONE (_AT(pteval_t, 0))
-+#else
-+#define _PAGE_PROTNONE (_AT(pteval_t, 1) << _PAGE_BIT_PROTNONE)
-+#endif
-
- #define _PAGE_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \
- _PAGE_ACCESSED | _PAGE_DIRTY)
---- a/arch/x86/include/asm/processor.h
-+++ b/arch/x86/include/asm/processor.h
-@@ -308,7 +308,7 @@ struct tss_struct {
-
- } ____cacheline_aligned;
-
--DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss);
-+DECLARE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(struct tss_struct, cpu_tss);
-
- #ifdef CONFIG_X86_32
- DECLARE_PER_CPU(unsigned long, cpu_current_top_of_stack);
-@@ -335,6 +335,11 @@ union irq_stack_union {
- char gs_base[40];
- unsigned long stack_canary;
- };
-+
-+ struct {
-+ char irq_stack_pointer[64];
-+ char unused[IRQ_STACK_SIZE - 64];
-+ };
- };
-
- DECLARE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __visible;
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -93,7 +93,7 @@ static const struct cpu_dev default_cpu
-
- static const struct cpu_dev *this_cpu = &default_cpu;
-
--DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
-+DEFINE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(struct gdt_page, gdt_page) = { .gdt = {
- #ifdef CONFIG_X86_64
- /*
- * We need valid kernel segments for data and code in long mode too
-@@ -1365,7 +1365,7 @@ static const unsigned int exception_stac
- [DEBUG_STACK - 1] = DEBUG_STKSZ
- };
-
--static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks
-+DEFINE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(char, exception_stacks
- [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]);
-
- /* May not be marked __init: used by software suspend */
---- a/arch/x86/kernel/espfix_64.c
-+++ b/arch/x86/kernel/espfix_64.c
-@@ -41,6 +41,7 @@
- #include <asm/pgalloc.h>
- #include <asm/setup.h>
- #include <asm/espfix.h>
-+#include <asm/kaiser.h>
-
- /*
- * Note: we only need 6*8 = 48 bytes for the espfix stack, but round
-@@ -126,6 +127,11 @@ void __init init_espfix_bsp(void)
- /* Install the espfix pud into the kernel page directory */
- pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)];
- pgd_populate(&init_mm, pgd_p, (pud_t *)espfix_pud_page);
-+#ifdef CONFIG_KAISER
-+ // add the esp stack pud to the shadow mapping here.
-+ // This can be done directly, because the fixup stack has its own pud
-+ set_pgd(native_get_shadow_pgd(pgd_p), __pgd(_PAGE_TABLE | __pa((pud_t *)espfix_pud_page)));
-+#endif
-
- /* Randomize the locations */
- init_espfix_random();
---- a/arch/x86/kernel/head_64.S
-+++ b/arch/x86/kernel/head_64.S
-@@ -405,6 +405,14 @@ GLOBAL(early_recursion_flag)
- .balign PAGE_SIZE; \
- GLOBAL(name)
-
-+#ifdef CONFIG_KAISER
-+#define NEXT_PGD_PAGE(name) \
-+ .balign 2 * PAGE_SIZE; \
-+GLOBAL(name)
-+#else
-+#define NEXT_PGD_PAGE(name) NEXT_PAGE(name)
-+#endif
-+
- /* Automate the creation of 1 to 1 mapping pmd entries */
- #define PMDS(START, PERM, COUNT) \
- i = 0 ; \
-@@ -414,7 +422,7 @@ GLOBAL(name)
- .endr
-
- __INITDATA
--NEXT_PAGE(early_level4_pgt)
-+NEXT_PGD_PAGE(early_level4_pgt)
- .fill 511,8,0
- .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
-
-@@ -424,10 +432,10 @@ NEXT_PAGE(early_dynamic_pgts)
- .data
-
- #ifndef CONFIG_XEN
--NEXT_PAGE(init_level4_pgt)
-- .fill 512,8,0
-+NEXT_PGD_PAGE(init_level4_pgt)
-+ .fill 2*512,8,0
- #else
--NEXT_PAGE(init_level4_pgt)
-+NEXT_PGD_PAGE(init_level4_pgt)
- .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
- .org init_level4_pgt + L4_PAGE_OFFSET*8, 0
- .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
---- a/arch/x86/kernel/irqinit.c
-+++ b/arch/x86/kernel/irqinit.c
-@@ -51,7 +51,7 @@ static struct irqaction irq2 = {
- .flags = IRQF_NO_THREAD,
- };
-
--DEFINE_PER_CPU(vector_irq_t, vector_irq) = {
-+DEFINE_PER_CPU_USER_MAPPED(vector_irq_t, vector_irq) = {
- [0 ... NR_VECTORS - 1] = VECTOR_UNUSED,
- };
-
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -41,7 +41,7 @@
- * section. Since TSS's are completely CPU-local, we want them
- * on exact cacheline boundaries, to eliminate cacheline ping-pong.
- */
--__visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
-+__visible DEFINE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(struct tss_struct, cpu_tss) = {
- .x86_tss = {
- .sp0 = TOP_OF_INIT_STACK,
- #ifdef CONFIG_X86_32
---- a/arch/x86/mm/Makefile
-+++ b/arch/x86/mm/Makefile
-@@ -38,4 +38,4 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulatio
- obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
- obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
- obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
--
-+obj-$(CONFIG_KAISER) += kaiser.o
---- /dev/null
-+++ b/arch/x86/mm/kaiser.c
-@@ -0,0 +1,160 @@
-+
-+
-+#include <linux/kernel.h>
-+#include <linux/errno.h>
-+#include <linux/string.h>
-+#include <linux/types.h>
-+#include <linux/bug.h>
-+#include <linux/init.h>
-+#include <linux/spinlock.h>
-+#include <linux/mm.h>
-+
-+#include <linux/uaccess.h>
-+#include <asm/pgtable.h>
-+#include <asm/pgalloc.h>
-+#include <asm/desc.h>
-+#ifdef CONFIG_KAISER
-+
-+__visible DEFINE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-+
-+/**
-+ * Get the real ppn from a address in kernel mapping.
-+ * @param address The virtual adrress
-+ * @return the physical address
-+ */
-+static inline unsigned long get_pa_from_mapping (unsigned long address)
-+{
-+ pgd_t *pgd;
-+ pud_t *pud;
-+ pmd_t *pmd;
-+ pte_t *pte;
-+
-+ pgd = pgd_offset_k(address);
-+ BUG_ON(pgd_none(*pgd) || pgd_large(*pgd));
-+
-+ pud = pud_offset(pgd, address);
-+ BUG_ON(pud_none(*pud));
-+
-+ if (pud_large(*pud)) {
-+ return (pud_pfn(*pud) << PAGE_SHIFT) | (address & ~PUD_PAGE_MASK);
-+ }
-+
-+ pmd = pmd_offset(pud, address);
-+ BUG_ON(pmd_none(*pmd));
-+
-+ if (pmd_large(*pmd)) {
-+ return (pmd_pfn(*pmd) << PAGE_SHIFT) | (address & ~PMD_PAGE_MASK);
-+ }
-+
-+ pte = pte_offset_kernel(pmd, address);
-+ BUG_ON(pte_none(*pte));
-+
-+ return (pte_pfn(*pte) << PAGE_SHIFT) | (address & ~PAGE_MASK);
-+}
-+
-+void _kaiser_copy (unsigned long start_addr, unsigned long size,
-+ unsigned long flags)
-+{
-+ pgd_t *pgd;
-+ pud_t *pud;
-+ pmd_t *pmd;
-+ pte_t *pte;
-+ unsigned long address;
-+ unsigned long end_addr = start_addr + size;
-+ unsigned long target_address;
-+
-+ for (address = PAGE_ALIGN(start_addr - (PAGE_SIZE - 1));
-+ address < PAGE_ALIGN(end_addr); address += PAGE_SIZE) {
-+ target_address = get_pa_from_mapping(address);
-+
-+ pgd = native_get_shadow_pgd(pgd_offset_k(address));
-+
-+ BUG_ON(pgd_none(*pgd) && "All shadow pgds should be mapped at this time\n");
-+ BUG_ON(pgd_large(*pgd));
-+
-+ pud = pud_offset(pgd, address);
-+ if (pud_none(*pud)) {
-+ set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd_alloc_one(0, address))));
-+ }
-+ BUG_ON(pud_large(*pud));
-+
-+ pmd = pmd_offset(pud, address);
-+ if (pmd_none(*pmd)) {
-+ set_pmd(pmd, __pmd(_PAGE_TABLE | __pa(pte_alloc_one_kernel(0, address))));
-+ }
-+ BUG_ON(pmd_large(*pmd));
-+
-+ pte = pte_offset_kernel(pmd, address);
-+ if (pte_none(*pte)) {
-+ set_pte(pte, __pte(flags | target_address));
-+ } else {
-+ BUG_ON(__pa(pte_page(*pte)) != target_address);
-+ }
-+ }
-+}
-+
-+// at first, add a pmd for every pgd entry in the shadowmem-kernel-part of the kernel mapping
-+static inline void __init _kaiser_init(void)
-+{
-+ pgd_t *pgd;
-+ int i = 0;
-+
-+ pgd = native_get_shadow_pgd(pgd_offset_k((unsigned long )0));
-+ for (i = PTRS_PER_PGD / 2; i < PTRS_PER_PGD; i++) {
-+ set_pgd(pgd + i, __pgd(_PAGE_TABLE |__pa(pud_alloc_one(0, 0))));
-+ }
-+}
-+
-+extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
-+spinlock_t shadow_table_lock;
-+void __init kaiser_init(void)
-+{
-+ int cpu;
-+ spin_lock_init(&shadow_table_lock);
-+
-+ spin_lock(&shadow_table_lock);
-+
-+ _kaiser_init();
-+
-+ for_each_possible_cpu(cpu) {
-+ // map the per cpu user variables
-+ _kaiser_copy(
-+ (unsigned long) (__per_cpu_user_mapped_start + per_cpu_offset(cpu)),
-+ (unsigned long) __per_cpu_user_mapped_end - (unsigned long) __per_cpu_user_mapped_start,
-+ __PAGE_KERNEL);
-+ }
-+
-+ // map the entry/exit text section, which is responsible to switch between user- and kernel mode
-+ _kaiser_copy(
-+ (unsigned long) __entry_text_start,
-+ (unsigned long) __entry_text_end - (unsigned long) __entry_text_start,
-+ __PAGE_KERNEL_RX);
-+
-+ // the fixed map address of the idt_table
-+ _kaiser_copy(
-+ (unsigned long) idt_descr.address,
-+ sizeof(gate_desc) * NR_VECTORS,
-+ __PAGE_KERNEL_RO);
-+
-+ spin_unlock(&shadow_table_lock);
-+}
-+
-+// add a mapping to the shadow-mapping, and synchronize the mappings
-+void kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
-+{
-+ spin_lock(&shadow_table_lock);
-+ _kaiser_copy(addr, size, flags);
-+ spin_unlock(&shadow_table_lock);
-+}
-+
-+extern void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end);
-+void kaiser_remove_mapping(unsigned long start, unsigned long size)
-+{
-+ pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(start));
-+ spin_lock(&shadow_table_lock);
-+ do {
-+ unmap_pud_range(pgd, start, start + size);
-+ } while (pgd++ != native_get_shadow_pgd(pgd_offset_k(start + size)));
-+ spin_unlock(&shadow_table_lock);
-+}
-+#endif /* CONFIG_KAISER */
---- a/arch/x86/mm/pageattr.c
-+++ b/arch/x86/mm/pageattr.c
-@@ -823,7 +823,7 @@ static void unmap_pmd_range(pud_t *pud,
- pud_clear(pud);
- }
-
--static void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end)
-+void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end)
- {
- pud_t *pud = pud_offset(pgd, start);
-
---- a/arch/x86/mm/pgtable.c
-+++ b/arch/x86/mm/pgtable.c
-@@ -346,12 +346,38 @@ static inline void _pgd_free(pgd_t *pgd)
- #else
- static inline pgd_t *_pgd_alloc(void)
- {
-+#ifdef CONFIG_KAISER
-+ // Instead of one PML4, we aquire two PML4s and, thus, an 8kb-aligned memory
-+ // block. Therefore, we have to allocate at least 3 pages. However, the
-+ // __get_free_pages returns us 4 pages. Hence, we store the base pointer at
-+ // the beginning of the page of our 8kb-aligned memory block in order to
-+ // correctly free it afterwars.
-+
-+ unsigned long pages = __get_free_pages(PGALLOC_GFP, get_order(4*PAGE_SIZE));
-+
-+ if(native_get_normal_pgd((pgd_t*) pages) == (pgd_t*) pages)
-+ {
-+ *((unsigned long*)(pages + 2 * PAGE_SIZE)) = pages;
-+ return (pgd_t *) pages;
-+ }
-+ else
-+ {
-+ *((unsigned long*)(pages + 3 * PAGE_SIZE)) = pages;
-+ return (pgd_t *) (pages + PAGE_SIZE);
-+ }
-+#else
- return (pgd_t *)__get_free_page(PGALLOC_GFP);
-+#endif
- }
-
- static inline void _pgd_free(pgd_t *pgd)
- {
-+#ifdef CONFIG_KAISER
-+ unsigned long pages = *((unsigned long*) ((char*) pgd + 2 * PAGE_SIZE));
-+ free_pages(pages, get_order(4*PAGE_SIZE));
-+#else
- free_page((unsigned long)pgd);
-+#endif
- }
- #endif /* CONFIG_X86_PAE */
-
---- a/include/asm-generic/vmlinux.lds.h
-+++ b/include/asm-generic/vmlinux.lds.h
-@@ -778,7 +778,16 @@
- */
- #define PERCPU_INPUT(cacheline) \
- VMLINUX_SYMBOL(__per_cpu_start) = .; \
-- *(.data..percpu..first) \
-+ \
-+ VMLINUX_SYMBOL(__per_cpu_user_mapped_start) = .; \
-+ *(.data..percpu..first) \
-+ . = ALIGN(cacheline); \
-+ *(.data..percpu..user_mapped) \
-+ *(.data..percpu..user_mapped..shared_aligned) \
-+ . = ALIGN(PAGE_SIZE); \
-+ *(.data..percpu..user_mapped..page_aligned) \
-+ VMLINUX_SYMBOL(__per_cpu_user_mapped_end) = .; \
-+ \
- . = ALIGN(PAGE_SIZE); \
- *(.data..percpu..page_aligned) \
- . = ALIGN(cacheline); \
---- a/include/linux/percpu-defs.h
-+++ b/include/linux/percpu-defs.h
-@@ -35,6 +35,12 @@
-
- #endif
-
-+#ifdef CONFIG_KAISER
-+#define USER_MAPPED_SECTION "..user_mapped"
-+#else
-+#define USER_MAPPED_SECTION ""
-+#endif
-+
- /*
- * Base implementations of per-CPU variable declarations and definitions, where
- * the section in which the variable is to be placed is provided by the
-@@ -115,6 +121,12 @@
- #define DEFINE_PER_CPU(type, name) \
- DEFINE_PER_CPU_SECTION(type, name, "")
-
-+#define DECLARE_PER_CPU_USER_MAPPED(type, name) \
-+ DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION)
-+
-+#define DEFINE_PER_CPU_USER_MAPPED(type, name) \
-+ DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION)
-+
- /*
- * Declaration/definition used for per-CPU variables that must come first in
- * the set of variables.
-@@ -144,6 +156,14 @@
- DEFINE_PER_CPU_SECTION(type, name, PER_CPU_SHARED_ALIGNED_SECTION) \
- ____cacheline_aligned_in_smp
-
-+#define DECLARE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(type, name) \
-+ DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION PER_CPU_SHARED_ALIGNED_SECTION) \
-+ ____cacheline_aligned_in_smp
-+
-+#define DEFINE_PER_CPU_SHARED_ALIGNED_USER_MAPPED(type, name) \
-+ DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION PER_CPU_SHARED_ALIGNED_SECTION) \
-+ ____cacheline_aligned_in_smp
-+
- #define DECLARE_PER_CPU_ALIGNED(type, name) \
- DECLARE_PER_CPU_SECTION(type, name, PER_CPU_ALIGNED_SECTION) \
- ____cacheline_aligned
-@@ -162,6 +182,16 @@
- #define DEFINE_PER_CPU_PAGE_ALIGNED(type, name) \
- DEFINE_PER_CPU_SECTION(type, name, "..page_aligned") \
- __aligned(PAGE_SIZE)
-+/*
-+ * Declaration/definition used for per-CPU variables that must be page aligned and need to be mapped in user mode.
-+ */
-+#define DECLARE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(type, name) \
-+ DECLARE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION"..page_aligned") \
-+ __aligned(PAGE_SIZE)
-+
-+#define DEFINE_PER_CPU_PAGE_ALIGNED_USER_MAPPED(type, name) \
-+ DEFINE_PER_CPU_SECTION(type, name, USER_MAPPED_SECTION"..page_aligned") \
-+ __aligned(PAGE_SIZE)
-
- /*
- * Declaration/definition used for per-CPU variables that must be read mostly.
---- a/init/main.c
-+++ b/init/main.c
-@@ -86,6 +86,9 @@
- #include <asm/setup.h>
- #include <asm/sections.h>
- #include <asm/cacheflush.h>
-+#ifdef CONFIG_KAISER
-+#include <asm/kaiser.h>
-+#endif
-
- static int kernel_init(void *);
-
-@@ -473,6 +476,9 @@ static void __init mm_init(void)
- pgtable_init();
- vmalloc_init();
- ioremap_huge_init();
-+#ifdef CONFIG_KAISER
-+ kaiser_init();
-+#endif
- }
-
- asmlinkage __visible void __init start_kernel(void)
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -211,8 +211,12 @@ static unsigned long *alloc_thread_stack
- #endif
- }
-
-+extern void kaiser_remove_mapping(unsigned long start_addr, unsigned long size);
- static inline void free_thread_stack(struct task_struct *tsk)
- {
-+#ifdef CONFIG_KAISER
-+ kaiser_remove_mapping((unsigned long)tsk->stack, THREAD_SIZE);
-+#endif
- #ifdef CONFIG_VMAP_STACK
- if (task_stack_vm_area(tsk)) {
- unsigned long flags;
-@@ -468,6 +472,7 @@ void set_task_stack_end_magic(struct tas
- *stackend = STACK_END_MAGIC; /* for overflow detection */
- }
-
-+extern void kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
- static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
- {
- struct task_struct *tsk;
-@@ -495,6 +500,9 @@ static struct task_struct *dup_task_stru
- * functions again.
- */
- tsk->stack = stack;
-+#ifdef CONFIG_KAISER
-+ kaiser_add_mapping((unsigned long)tsk->stack, THREAD_SIZE, __PAGE_KERNEL);
-+#endif
- #ifdef CONFIG_VMAP_STACK
- tsk->stack_vm_area = stack_vm_area;
- #endif
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -30,6 +30,13 @@ config SECURITY
- model will be used.
-
- If you are unsure how to answer this question, answer N.
-+config KAISER
-+ bool "Remove the kernel mapping in user mode"
-+ depends on X86_64
-+ depends on !PARAVIRT
-+ help
-+ This enforces a strict kernel and user space isolation in order to close
-+ hardware side channels on kernel address information.
-
- config SECURITYFS
- bool "Enable the securityfs filesystem"
diff --git a/debian/patches/features/all/kpti/kaiser-load_new_mm_cr3-let-switch_user_cr3-flush-user.patch b/debian/patches/features/all/kpti/kaiser-load_new_mm_cr3-let-switch_user_cr3-flush-user.patch
deleted file mode 100644
index b03e07b..0000000
--- a/debian/patches/features/all/kpti/kaiser-load_new_mm_cr3-let-switch_user_cr3-flush-user.patch
+++ /dev/null
@@ -1,392 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Thu, 17 Aug 2017 15:00:37 -0700
-Subject: kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
-
-From: Hugh Dickins <hughd at google.com>
-
-
-We have many machines (Westmere, Sandybridge, Ivybridge) supporting
-PCID but not INVPCID: on these load_new_mm_cr3() simply crashed.
-
-Flushing user context inside load_new_mm_cr3() without the use of
-invpcid is difficult: momentarily switch from kernel to user context
-and back to do so? I'm not sure whether that can be safely done at
-all, and would risk polluting user context with kernel internals,
-and kernel context with stale user externals.
-
-Instead, follow the hint in the comment that was there: change
-X86_CR3_PCID_USER_VAR to be a per-cpu variable, then load_new_mm_cr3()
-can leave a note in it, for SWITCH_USER_CR3 on return to userspace to
-flush user context TLB, instead of default X86_CR3_PCID_USER_NOFLUSH.
-
-Which works well enough that there's no need to do it this way only
-when invpcid is unsupported: it's a good alternative to invpcid here.
-But there's a couple of inlines in asm/tlbflush.h that need to do the
-same trick, so it's best to localize all this per-cpu business in
-mm/kaiser.c: moving that part of the initialization from setup_pcid()
-to kaiser_setup_pcid(); with kaiser_flush_tlb_on_return_to_user() the
-function for noting an X86_CR3_PCID_USER_FLUSH. And let's keep a
-KAISER_SHADOW_PGD_OFFSET in there, to avoid the extra OR on exit.
-
-I did try to make the feature tests in asm/tlbflush.h more consistent
-with each other: there seem to be far too many ways of performing such
-tests, and I don't have a good grasp of their differences. At first
-I converted them all to be static_cpu_has(): but that proved to be a
-mistake, as the comment in __native_flush_tlb_single() hints; so then
-I reversed and made them all this_cpu_has(). Probably all gratuitous
-change, but that's the way it's working at present.
-
-I am slightly bothered by the way non-per-cpu X86_CR3_PCID_KERN_VAR
-gets re-initialized by each cpu (before and after these changes):
-no problem when (as usual) all cpus on a machine have the same
-features, but in principle incorrect. However, my experiment
-to per-cpu-ify that one did not end well...
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/kaiser.h | 18 +++++++-----
- arch/x86/include/asm/tlbflush.h | 56 +++++++++++++++++++++++++++-------------
- arch/x86/kernel/cpu/common.c | 22 ---------------
- arch/x86/mm/kaiser.c | 50 +++++++++++++++++++++++++++++++----
- arch/x86/mm/tlb.c | 46 ++++++++++++--------------------
- 5 files changed, 113 insertions(+), 79 deletions(-)
-
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -32,13 +32,12 @@ movq \reg, %cr3
- .macro _SWITCH_TO_USER_CR3 reg
- movq %cr3, \reg
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
--/*
-- * This can obviously be one instruction by putting the
-- * KAISER_SHADOW_PGD_OFFSET bit in the X86_CR3_PCID_USER_VAR.
-- * But, just leave it now for simplicity.
-- */
--orq X86_CR3_PCID_USER_VAR, \reg
--orq $(KAISER_SHADOW_PGD_OFFSET), \reg
-+orq PER_CPU_VAR(X86_CR3_PCID_USER_VAR), \reg
-+js 9f
-+// FLUSH this time, reset to NOFLUSH for next time
-+// But if nopcid? Consider using 0x80 for user pcid?
-+movb $(0x80), PER_CPU_VAR(X86_CR3_PCID_USER_VAR+7)
-+9:
- movq \reg, %cr3
- .endm
-
-@@ -90,6 +89,11 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- */
- DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-
-+extern unsigned long X86_CR3_PCID_KERN_VAR;
-+DECLARE_PER_CPU(unsigned long, X86_CR3_PCID_USER_VAR);
-+
-+extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
-+
- /**
- * kaiser_add_mapping - map a virtual memory part to the shadow (user) mapping
- * @addr: the start address of the range
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -12,6 +12,7 @@ static inline void __invpcid(unsigned lo
- unsigned long type)
- {
- struct { u64 d[2]; } desc = { { pcid, addr } };
-+
- /*
- * The memory clobber is because the whole point is to invalidate
- * stale TLB entries and, especially if we're flushing global
-@@ -132,27 +133,42 @@ static inline void cr4_set_bits_and_upda
- cr4_set_bits(mask);
- }
-
-+/*
-+ * Declare a couple of kaiser interfaces here for convenience,
-+ * to avoid the need for asm/kaiser.h in unexpected places.
-+ */
-+#ifdef CONFIG_KAISER
-+extern void kaiser_setup_pcid(void);
-+extern void kaiser_flush_tlb_on_return_to_user(void);
-+#else
-+static inline void kaiser_setup_pcid(void)
-+{
-+}
-+static inline void kaiser_flush_tlb_on_return_to_user(void)
-+{
-+}
-+#endif
-+
- static inline void __native_flush_tlb(void)
- {
-- if (!cpu_feature_enabled(X86_FEATURE_INVPCID)) {
-+ if (this_cpu_has(X86_FEATURE_INVPCID)) {
- /*
-- * If current->mm == NULL then we borrow a mm which may change during a
-- * task switch and therefore we must not be preempted while we write CR3
-- * back:
-+ * Note, this works with CR4.PCIDE=0 or 1.
- */
-- preempt_disable();
-- native_write_cr3(native_read_cr3());
-- preempt_enable();
-+ invpcid_flush_all_nonglobals();
- return;
- }
-+
- /*
-- * We are no longer using globals with KAISER, so a
-- * "nonglobals" flush would work too. But, this is more
-- * conservative.
-- *
-- * Note, this works with CR4.PCIDE=0 or 1.
-+ * If current->mm == NULL then we borrow a mm which may change during a
-+ * task switch and therefore we must not be preempted while we write CR3
-+ * back:
- */
-- invpcid_flush_all();
-+ preempt_disable();
-+ if (this_cpu_has(X86_FEATURE_PCID))
-+ kaiser_flush_tlb_on_return_to_user();
-+ native_write_cr3(native_read_cr3());
-+ preempt_enable();
- }
-
- static inline void __native_flush_tlb_global_irq_disabled(void)
-@@ -168,9 +184,13 @@ static inline void __native_flush_tlb_gl
-
- static inline void __native_flush_tlb_global(void)
- {
-+#ifdef CONFIG_KAISER
-+ /* Globals are not used at all */
-+ __native_flush_tlb();
-+#else
- unsigned long flags;
-
-- if (static_cpu_has(X86_FEATURE_INVPCID)) {
-+ if (this_cpu_has(X86_FEATURE_INVPCID)) {
- /*
- * Using INVPCID is considerably faster than a pair of writes
- * to CR4 sandwiched inside an IRQ flag save/restore.
-@@ -187,10 +207,9 @@ static inline void __native_flush_tlb_gl
- * be called from deep inside debugging code.)
- */
- raw_local_irq_save(flags);
--
- __native_flush_tlb_global_irq_disabled();
--
- raw_local_irq_restore(flags);
-+#endif
- }
-
- static inline void __native_flush_tlb_single(unsigned long addr)
-@@ -201,9 +220,12 @@ static inline void __native_flush_tlb_si
- *
- * The ASIDs used below are hard-coded. But, we must not
- * call invpcid(type=1/2) before CR4.PCIDE=1. Just call
-- * invpcid in the case we are called early.
-+ * invlpg in the case we are called early.
- */
-+
- if (!this_cpu_has(X86_FEATURE_INVPCID_SINGLE)) {
-+ if (this_cpu_has(X86_FEATURE_PCID))
-+ kaiser_flush_tlb_on_return_to_user();
- asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
- return;
- }
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -306,33 +306,12 @@ static __always_inline void setup_smap(s
- }
- }
-
--/*
-- * These can have bit 63 set, so we can not just use a plain "or"
-- * instruction to get their value or'd into CR3. It would take
-- * another register. So, we use a memory reference to these
-- * instead.
-- *
-- * This is also handy because systems that do not support
-- * PCIDs just end up or'ing a 0 into their CR3, which does
-- * no harm.
-- */
--__aligned(PAGE_SIZE) unsigned long X86_CR3_PCID_KERN_VAR = 0;
--__aligned(PAGE_SIZE) unsigned long X86_CR3_PCID_USER_VAR = 0;
--
- static void setup_pcid(struct cpuinfo_x86 *c)
- {
- if (cpu_has(c, X86_FEATURE_PCID)) {
- if (cpu_has(c, X86_FEATURE_PGE)) {
- cr4_set_bits(X86_CR4_PCIDE);
- /*
-- * These variables are used by the entry/exit
-- * code to change PCIDs.
-- */
--#ifdef CONFIG_KAISER
-- X86_CR3_PCID_KERN_VAR = X86_CR3_PCID_KERN_NOFLUSH;
-- X86_CR3_PCID_USER_VAR = X86_CR3_PCID_USER_NOFLUSH;
--#endif
-- /*
- * INVPCID has two "groups" of types:
- * 1/2: Invalidate an individual address
- * 3/4: Invalidate all contexts
-@@ -357,6 +336,7 @@ static void setup_pcid(struct cpuinfo_x8
- clear_cpu_cap(c, X86_FEATURE_PCID);
- }
- }
-+ kaiser_setup_pcid();
- }
-
- /*
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -11,12 +11,26 @@
- #include <linux/uaccess.h>
-
- #include <asm/kaiser.h>
-+#include <asm/tlbflush.h> /* to verify its kaiser declarations */
- #include <asm/pgtable.h>
- #include <asm/pgalloc.h>
- #include <asm/desc.h>
-+
- #ifdef CONFIG_KAISER
-+__visible
-+DEFINE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-+
-+/*
-+ * These can have bit 63 set, so we can not just use a plain "or"
-+ * instruction to get their value or'd into CR3. It would take
-+ * another register. So, we use a memory reference to these instead.
-+ *
-+ * This is also handy because systems that do not support PCIDs
-+ * just end up or'ing a 0 into their CR3, which does no harm.
-+ */
-+__aligned(PAGE_SIZE) unsigned long X86_CR3_PCID_KERN_VAR;
-+DEFINE_PER_CPU(unsigned long, X86_CR3_PCID_USER_VAR);
-
--__visible DEFINE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
- /*
- * At runtime, the only things we map are some things for CPU
- * hotplug, and stacks for new processes. No two CPUs will ever
-@@ -238,9 +252,6 @@ static void __init kaiser_init_all_pgds(
- WARN_ON(__ret); \
- } while (0)
-
--extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
--extern unsigned long X86_CR3_PCID_KERN_VAR;
--extern unsigned long X86_CR3_PCID_USER_VAR;
- /*
- * If anything in here fails, we will likely die on one of the
- * first kernel->user transitions and init will die. But, we
-@@ -294,8 +305,6 @@ void __init kaiser_init(void)
-
- kaiser_add_user_map_early(&X86_CR3_PCID_KERN_VAR, PAGE_SIZE,
- __PAGE_KERNEL);
-- kaiser_add_user_map_early(&X86_CR3_PCID_USER_VAR, PAGE_SIZE,
-- __PAGE_KERNEL);
- }
-
- /* Add a mapping to the shadow mapping, and synchronize the mappings */
-@@ -358,4 +367,33 @@ pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp,
- }
- return pgd;
- }
-+
-+void kaiser_setup_pcid(void)
-+{
-+ unsigned long kern_cr3 = 0;
-+ unsigned long user_cr3 = KAISER_SHADOW_PGD_OFFSET;
-+
-+ if (this_cpu_has(X86_FEATURE_PCID)) {
-+ kern_cr3 |= X86_CR3_PCID_KERN_NOFLUSH;
-+ user_cr3 |= X86_CR3_PCID_USER_NOFLUSH;
-+ }
-+ /*
-+ * These variables are used by the entry/exit
-+ * code to change PCID and pgd and TLB flushing.
-+ */
-+ X86_CR3_PCID_KERN_VAR = kern_cr3;
-+ this_cpu_write(X86_CR3_PCID_USER_VAR, user_cr3);
-+}
-+
-+/*
-+ * Make a note that this cpu will need to flush USER tlb on return to user.
-+ * Caller checks whether this_cpu_has(X86_FEATURE_PCID) before calling:
-+ * if cpu does not, then the NOFLUSH bit will never have been set.
-+ */
-+void kaiser_flush_tlb_on_return_to_user(void)
-+{
-+ this_cpu_write(X86_CR3_PCID_USER_VAR,
-+ X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
-+}
-+EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
- #endif /* CONFIG_KAISER */
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -6,13 +6,14 @@
- #include <linux/interrupt.h>
- #include <linux/export.h>
- #include <linux/cpu.h>
-+#include <linux/debugfs.h>
-
- #include <asm/tlbflush.h>
- #include <asm/mmu_context.h>
- #include <asm/cache.h>
- #include <asm/apic.h>
- #include <asm/uv/uv.h>
--#include <linux/debugfs.h>
-+#include <asm/kaiser.h>
-
- /*
- * Smarter SMP flushing macros.
-@@ -40,34 +41,23 @@ static void load_new_mm_cr3(pgd_t *pgdir
- {
- unsigned long new_mm_cr3 = __pa(pgdir);
-
-- /*
-- * KAISER, plus PCIDs needs some extra work here. But,
-- * if either of features is not present, we need no
-- * PCIDs here and just do a normal, full TLB flush with
-- * the write_cr3()
-- */
-- if (!IS_ENABLED(CONFIG_KAISER) ||
-- !cpu_feature_enabled(X86_FEATURE_PCID))
-- goto out_set_cr3;
-- /*
-- * We reuse the same PCID for different tasks, so we must
-- * flush all the entires for the PCID out when we change
-- * tasks.
-- */
-- new_mm_cr3 = X86_CR3_PCID_KERN_FLUSH | __pa(pgdir);
--
-- /*
-- * The flush from load_cr3() may leave old TLB entries
-- * for userspace in place. We must flush that context
-- * separately. We can theoretically delay doing this
-- * until we actually load up the userspace CR3, but
-- * that's a bit tricky. We have to have the "need to
-- * flush userspace PCID" bit per-cpu and check it in the
-- * exit-to-userspace paths.
-- */
-- invpcid_flush_single_context(X86_CR3_PCID_ASID_USER);
-+#ifdef CONFIG_KAISER
-+ if (this_cpu_has(X86_FEATURE_PCID)) {
-+ /*
-+ * We reuse the same PCID for different tasks, so we must
-+ * flush all the entries for the PCID out when we change tasks.
-+ * Flush KERN below, flush USER when returning to userspace in
-+ * kaiser's SWITCH_USER_CR3 (_SWITCH_TO_USER_CR3) macro.
-+ *
-+ * invpcid_flush_single_context(X86_CR3_PCID_ASID_USER) could
-+ * do it here, but can only be used if X86_FEATURE_INVPCID is
-+ * available - and many machines support pcid without invpcid.
-+ */
-+ new_mm_cr3 |= X86_CR3_PCID_KERN_FLUSH;
-+ kaiser_flush_tlb_on_return_to_user();
-+ }
-+#endif /* CONFIG_KAISER */
-
--out_set_cr3:
- /*
- * Caution: many callers of this function expect
- * that load_cr3() is serializing and orders TLB
diff --git a/debian/patches/features/all/kpti/kaiser-merged-update.patch b/debian/patches/features/all/kpti/kaiser-merged-update.patch
deleted file mode 100644
index 70ba1cf..0000000
--- a/debian/patches/features/all/kpti/kaiser-merged-update.patch
+++ /dev/null
@@ -1,1297 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Dave Hansen <dave.hansen at linux.intel.com>
-Date: Wed, 30 Aug 2017 16:23:00 -0700
-Subject: kaiser: merged update
-
-From: Dave Hansen <dave.hansen at linux.intel.com>
-
-
-Merged fixes and cleanups, rebased to 4.9.51 tree (no 5-level paging).
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 105 ++++++++++-
- arch/x86/include/asm/kaiser.h | 43 ++--
- arch/x86/include/asm/pgtable.h | 18 +
- arch/x86/include/asm/pgtable_64.h | 48 ++++-
- arch/x86/include/asm/pgtable_types.h | 6
- arch/x86/kernel/espfix_64.c | 13 -
- arch/x86/kernel/head_64.S | 19 +-
- arch/x86/kernel/ldt.c | 27 ++
- arch/x86/kernel/tracepoint.c | 2
- arch/x86/mm/kaiser.c | 317 +++++++++++++++++++++++++----------
- arch/x86/mm/pageattr.c | 63 +++++-
- arch/x86/mm/pgtable.c | 40 +---
- include/linux/kaiser.h | 26 ++
- kernel/fork.c | 9
- security/Kconfig | 5
- 15 files changed, 551 insertions(+), 190 deletions(-)
- create mode 100644 include/linux/kaiser.h
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -230,6 +230,13 @@ entry_SYSCALL_64_fastpath:
- movq RIP(%rsp), %rcx
- movq EFLAGS(%rsp), %r11
- RESTORE_C_REGS_EXCEPT_RCX_R11
-+ /*
-+ * This opens a window where we have a user CR3, but are
-+ * running in the kernel. This makes using the CS
-+ * register useless for telling whether or not we need to
-+ * switch CR3 in NMIs. Normal interrupts are OK because
-+ * they are off here.
-+ */
- SWITCH_USER_CR3
- movq RSP(%rsp), %rsp
- USERGS_SYSRET64
-@@ -326,11 +333,25 @@ return_from_SYSCALL_64:
- syscall_return_via_sysret:
- /* rcx and r11 are already restored (see code above) */
- RESTORE_C_REGS_EXCEPT_RCX_R11
-+ /*
-+ * This opens a window where we have a user CR3, but are
-+ * running in the kernel. This makes using the CS
-+ * register useless for telling whether or not we need to
-+ * switch CR3 in NMIs. Normal interrupts are OK because
-+ * they are off here.
-+ */
- SWITCH_USER_CR3
- movq RSP(%rsp), %rsp
- USERGS_SYSRET64
-
- opportunistic_sysret_failed:
-+ /*
-+ * This opens a window where we have a user CR3, but are
-+ * running in the kernel. This makes using the CS
-+ * register useless for telling whether or not we need to
-+ * switch CR3 in NMIs. Normal interrupts are OK because
-+ * they are off here.
-+ */
- SWITCH_USER_CR3
- SWAPGS
- jmp restore_c_regs_and_iret
-@@ -1087,6 +1108,13 @@ ENTRY(error_entry)
- cld
- SAVE_C_REGS 8
- SAVE_EXTRA_REGS 8
-+ /*
-+ * error_entry() always returns with a kernel gsbase and
-+ * CR3. We must also have a kernel CR3/gsbase before
-+ * calling TRACE_IRQS_*. Just unconditionally switch to
-+ * the kernel CR3 here.
-+ */
-+ SWITCH_KERNEL_CR3
- xorl %ebx, %ebx
- testb $3, CS+8(%rsp)
- jz .Lerror_kernelspace
-@@ -1096,7 +1124,6 @@ ENTRY(error_entry)
- * from user mode due to an IRET fault.
- */
- SWAPGS
-- SWITCH_KERNEL_CR3
-
- .Lerror_entry_from_usermode_after_swapgs:
- /*
-@@ -1148,7 +1175,6 @@ ENTRY(error_entry)
- * Switch to kernel gsbase:
- */
- SWAPGS
-- SWITCH_KERNEL_CR3
-
- /*
- * Pretend that the exception came from user mode: set up pt_regs
-@@ -1249,7 +1275,10 @@ ENTRY(nmi)
- */
-
- SWAPGS_UNSAFE_STACK
-- SWITCH_KERNEL_CR3_NO_STACK
-+ /*
-+ * percpu variables are mapped with user CR3, so no need
-+ * to switch CR3 here.
-+ */
- cld
- movq %rsp, %rdx
- movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
-@@ -1283,14 +1312,33 @@ ENTRY(nmi)
-
- movq %rsp, %rdi
- movq $-1, %rsi
-+#ifdef CONFIG_KAISER
-+ /* Unconditionally use kernel CR3 for do_nmi() */
-+ /* %rax is saved above, so OK to clobber here */
-+ movq %cr3, %rax
-+ pushq %rax
-+#ifdef CONFIG_KAISER_REAL_SWITCH
-+ andq $(~0x1000), %rax
-+#endif
-+ movq %rax, %cr3
-+#endif
- call do_nmi
-+ /*
-+ * Unconditionally restore CR3. I know we return to
-+ * kernel code that needs user CR3, but do we ever return
-+ * to "user mode" where we need the kernel CR3?
-+ */
-+#ifdef CONFIG_KAISER
-+ popq %rax
-+ mov %rax, %cr3
-+#endif
-
- /*
- * Return back to user mode. We must *not* do the normal exit
-- * work, because we don't want to enable interrupts. Fortunately,
-- * do_nmi doesn't modify pt_regs.
-+ * work, because we don't want to enable interrupts. Do not
-+ * switch to user CR3: we might be going back to kernel code
-+ * that had a user CR3 set.
- */
-- SWITCH_USER_CR3
- SWAPGS
- jmp restore_c_regs_and_iret
-
-@@ -1486,23 +1534,54 @@ end_repeat_nmi:
- ALLOC_PT_GPREGS_ON_STACK
-
- /*
-- * Use paranoid_entry to handle SWAPGS, but no need to use paranoid_exit
-- * as we should not be calling schedule in NMI context.
-- * Even with normal interrupts enabled. An NMI should not be
-- * setting NEED_RESCHED or anything that normal interrupts and
-- * exceptions might do.
-+ * Use the same approach as paranoid_entry to handle SWAPGS, but
-+ * without CR3 handling since we do that differently in NMIs. No
-+ * need to use paranoid_exit as we should not be calling schedule
-+ * in NMI context. Even with normal interrupts enabled. An NMI
-+ * should not be setting NEED_RESCHED or anything that normal
-+ * interrupts and exceptions might do.
- */
-- call paranoid_entry
-+ cld
-+ SAVE_C_REGS
-+ SAVE_EXTRA_REGS
-+ movl $1, %ebx
-+ movl $MSR_GS_BASE, %ecx
-+ rdmsr
-+ testl %edx, %edx
-+ js 1f /* negative -> in kernel */
-+ SWAPGS
-+ xorl %ebx, %ebx
-+1:
-+#ifdef CONFIG_KAISER
-+ /* Unconditionally use kernel CR3 for do_nmi() */
-+ /* %rax is saved above, so OK to clobber here */
-+ movq %cr3, %rax
-+ pushq %rax
-+#ifdef CONFIG_KAISER_REAL_SWITCH
-+ andq $(~0x1000), %rax
-+#endif
-+ movq %rax, %cr3
-+#endif
-
- /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
- movq %rsp, %rdi
-+ addq $8, %rdi /* point %rdi at ptregs, fixed up for CR3 */
- movq $-1, %rsi
- call do_nmi
-+ /*
-+ * Unconditionally restore CR3. We might be returning to
-+ * kernel code that needs user CR3, like just just before
-+ * a sysret.
-+ */
-+#ifdef CONFIG_KAISER
-+ popq %rax
-+ mov %rax, %cr3
-+#endif
-
- testl %ebx, %ebx /* swapgs needed? */
- jnz nmi_restore
- nmi_swapgs:
-- SWITCH_USER_CR3_NO_STACK
-+ /* We fixed up CR3 above, so no need to switch it here */
- SWAPGS_UNSAFE_STACK
- nmi_restore:
- RESTORE_EXTRA_REGS
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -16,13 +16,17 @@
-
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
-+#ifdef CONFIG_KAISER_REAL_SWITCH
- andq $(~0x1000), \reg
-+#endif
- movq \reg, %cr3
- .endm
-
- .macro _SWITCH_TO_USER_CR3 reg
- movq %cr3, \reg
-+#ifdef CONFIG_KAISER_REAL_SWITCH
- orq $(0x1000), \reg
-+#endif
- movq \reg, %cr3
- .endm
-
-@@ -65,48 +69,53 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- .endm
-
- #endif /* CONFIG_KAISER */
-+
- #else /* __ASSEMBLY__ */
-
-
- #ifdef CONFIG_KAISER
--// Upon kernel/user mode switch, it may happen that
--// the address space has to be switched before the registers have been stored.
--// To change the address space, another register is needed.
--// A register therefore has to be stored/restored.
--//
--DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-+/*
-+ * Upon kernel/user mode switch, it may happen that the address
-+ * space has to be switched before the registers have been
-+ * stored. To change the address space, another register is
-+ * needed. A register therefore has to be stored/restored.
-+*/
-
--#endif /* CONFIG_KAISER */
-+DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-
- /**
-- * shadowmem_add_mapping - map a virtual memory part to the shadow mapping
-+ * kaiser_add_mapping - map a virtual memory part to the shadow (user) mapping
- * @addr: the start address of the range
- * @size: the size of the range
- * @flags: The mapping flags of the pages
- *
-- * the mapping is done on a global scope, so no bigger synchronization has to be done.
-- * the pages have to be manually unmapped again when they are not needed any longer.
-+ * The mapping is done on a global scope, so no bigger
-+ * synchronization has to be done. the pages have to be
-+ * manually unmapped again when they are not needed any longer.
- */
--extern void kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
-+extern int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
-
-
- /**
-- * shadowmem_remove_mapping - unmap a virtual memory part of the shadow mapping
-+ * kaiser_remove_mapping - unmap a virtual memory part of the shadow mapping
- * @addr: the start address of the range
- * @size: the size of the range
- */
- extern void kaiser_remove_mapping(unsigned long start, unsigned long size);
-
- /**
-- * shadowmem_initialize_mapping - Initalize the shadow mapping
-+ * kaiser_initialize_mapping - Initalize the shadow mapping
- *
-- * most parts of the shadow mapping can be mapped upon boot time.
-- * only the thread stacks have to be mapped on runtime.
-- * the mapped regions are not unmapped at all.
-+ * Most parts of the shadow mapping can be mapped upon boot
-+ * time. Only per-process things like the thread stacks
-+ * or a new LDT have to be mapped at runtime. These boot-
-+ * time mappings are permanent and nevertunmapped.
- */
- extern void kaiser_init(void);
-
--#endif
-+#endif /* CONFIG_KAISER */
-+
-+#endif /* __ASSEMBLY */
-
-
-
---- a/arch/x86/include/asm/pgtable.h
-+++ b/arch/x86/include/asm/pgtable.h
-@@ -690,7 +690,17 @@ static inline pud_t *pud_offset(pgd_t *p
-
- static inline int pgd_bad(pgd_t pgd)
- {
-- return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE;
-+ pgdval_t ignore_flags = _PAGE_USER;
-+ /*
-+ * We set NX on KAISER pgds that map userspace memory so
-+ * that userspace can not meaningfully use the kernel
-+ * page table by accident; it will fault on the first
-+ * instruction it tries to run. See native_set_pgd().
-+ */
-+ if (IS_ENABLED(CONFIG_KAISER))
-+ ignore_flags |= _PAGE_NX;
-+
-+ return (pgd_flags(pgd) & ~ignore_flags) != _KERNPG_TABLE;
- }
-
- static inline int pgd_none(pgd_t pgd)
-@@ -905,8 +915,10 @@ static inline void clone_pgd_range(pgd_t
- {
- memcpy(dst, src, count * sizeof(pgd_t));
- #ifdef CONFIG_KAISER
-- // clone the shadow pgd part as well
-- memcpy(native_get_shadow_pgd(dst), native_get_shadow_pgd(src), count * sizeof(pgd_t));
-+ /* Clone the shadow pgd part as well */
-+ memcpy(native_get_shadow_pgd(dst),
-+ native_get_shadow_pgd(src),
-+ count * sizeof(pgd_t));
- #endif
- }
-
---- a/arch/x86/include/asm/pgtable_64.h
-+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -107,26 +107,58 @@ static inline void native_pud_clear(pud_
- }
-
- #ifdef CONFIG_KAISER
--static inline pgd_t * native_get_shadow_pgd(pgd_t *pgdp) {
-+static inline pgd_t * native_get_shadow_pgd(pgd_t *pgdp)
-+{
- return (pgd_t *)(void*)((unsigned long)(void*)pgdp | (unsigned long)PAGE_SIZE);
- }
-
--static inline pgd_t * native_get_normal_pgd(pgd_t *pgdp) {
-+static inline pgd_t * native_get_normal_pgd(pgd_t *pgdp)
-+{
- return (pgd_t *)(void*)((unsigned long)(void*)pgdp & ~(unsigned long)PAGE_SIZE);
- }
-+#else
-+static inline pgd_t * native_get_shadow_pgd(pgd_t *pgdp)
-+{
-+ BUILD_BUG_ON(1);
-+ return NULL;
-+}
-+static inline pgd_t * native_get_normal_pgd(pgd_t *pgdp)
-+{
-+ return pgdp;
-+}
- #endif /* CONFIG_KAISER */
-
-+/*
-+ * Page table pages are page-aligned. The lower half of the top
-+ * level is used for userspace and the top half for the kernel.
-+ * This returns true for user pages that need to get copied into
-+ * both the user and kernel copies of the page tables, and false
-+ * for kernel pages that should only be in the kernel copy.
-+ */
-+static inline bool is_userspace_pgd(void *__ptr)
-+{
-+ unsigned long ptr = (unsigned long)__ptr;
-+
-+ return ((ptr % PAGE_SIZE) < (PAGE_SIZE / 2));
-+}
-+
- static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
- {
- #ifdef CONFIG_KAISER
-- // We know that a pgd is page aligned.
-- // Therefore the lower indices have to be mapped to user space.
-- // These pages are mapped to the shadow mapping.
-- if ((((unsigned long)pgdp) % PAGE_SIZE) < (PAGE_SIZE / 2)) {
-+ pteval_t extra_kern_pgd_flags = 0;
-+ /* Do we need to also populate the shadow pgd? */
-+ if (is_userspace_pgd(pgdp)) {
- native_get_shadow_pgd(pgdp)->pgd = pgd.pgd;
-+ /*
-+ * Even if the entry is *mapping* userspace, ensure
-+ * that userspace can not use it. This way, if we
-+ * get out to userspace running on the kernel CR3,
-+ * userspace will crash instead of running.
-+ */
-+ extra_kern_pgd_flags = _PAGE_NX;
- }
--
-- pgdp->pgd = pgd.pgd & ~_PAGE_USER;
-+ pgdp->pgd = pgd.pgd;
-+ pgdp->pgd |= extra_kern_pgd_flags;
- #else /* CONFIG_KAISER */
- *pgdp = pgd;
- #endif
---- a/arch/x86/include/asm/pgtable_types.h
-+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -48,7 +48,7 @@
- #ifdef CONFIG_KAISER
- #define _PAGE_GLOBAL (_AT(pteval_t, 0))
- #else
--#define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
-+#define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
- #endif
- #define _PAGE_SOFTW1 (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW1)
- #define _PAGE_SOFTW2 (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW2)
-@@ -123,11 +123,7 @@
- #define _PAGE_DEVMAP (_AT(pteval_t, 0))
- #endif
-
--#ifdef CONFIG_KAISER
--#define _PAGE_PROTNONE (_AT(pteval_t, 0))
--#else
- #define _PAGE_PROTNONE (_AT(pteval_t, 1) << _PAGE_BIT_PROTNONE)
--#endif
-
- #define _PAGE_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \
- _PAGE_ACCESSED | _PAGE_DIRTY)
---- a/arch/x86/kernel/espfix_64.c
-+++ b/arch/x86/kernel/espfix_64.c
-@@ -127,11 +127,14 @@ void __init init_espfix_bsp(void)
- /* Install the espfix pud into the kernel page directory */
- pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)];
- pgd_populate(&init_mm, pgd_p, (pud_t *)espfix_pud_page);
--#ifdef CONFIG_KAISER
-- // add the esp stack pud to the shadow mapping here.
-- // This can be done directly, because the fixup stack has its own pud
-- set_pgd(native_get_shadow_pgd(pgd_p), __pgd(_PAGE_TABLE | __pa((pud_t *)espfix_pud_page)));
--#endif
-+ /*
-+ * Just copy the top-level PGD that is mapping the espfix
-+ * area to ensure it is mapped into the shadow user page
-+ * tables.
-+ */
-+ if (IS_ENABLED(CONFIG_KAISER))
-+ set_pgd(native_get_shadow_pgd(pgd_p),
-+ __pgd(_KERNPG_TABLE | __pa((pud_t *)espfix_pud_page)));
-
- /* Randomize the locations */
- init_espfix_random();
---- a/arch/x86/kernel/head_64.S
-+++ b/arch/x86/kernel/head_64.S
-@@ -406,11 +406,24 @@ GLOBAL(early_recursion_flag)
- GLOBAL(name)
-
- #ifdef CONFIG_KAISER
-+/*
-+ * Each PGD needs to be 8k long and 8k aligned. We do not
-+ * ever go out to userspace with these, so we do not
-+ * strictly *need* the second page, but this allows us to
-+ * have a single set_pgd() implementation that does not
-+ * need to worry about whether it has 4k or 8k to work
-+ * with.
-+ *
-+ * This ensures PGDs are 8k long:
-+ */
-+#define KAISER_USER_PGD_FILL 512
-+/* This ensures they are 8k-aligned: */
- #define NEXT_PGD_PAGE(name) \
- .balign 2 * PAGE_SIZE; \
- GLOBAL(name)
- #else
- #define NEXT_PGD_PAGE(name) NEXT_PAGE(name)
-+#define KAISER_USER_PGD_FILL 0
- #endif
-
- /* Automate the creation of 1 to 1 mapping pmd entries */
-@@ -425,6 +438,7 @@ GLOBAL(name)
- NEXT_PGD_PAGE(early_level4_pgt)
- .fill 511,8,0
- .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
-+ .fill KAISER_USER_PGD_FILL,8,0
-
- NEXT_PAGE(early_dynamic_pgts)
- .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0
-@@ -433,7 +447,8 @@ NEXT_PAGE(early_dynamic_pgts)
-
- #ifndef CONFIG_XEN
- NEXT_PGD_PAGE(init_level4_pgt)
-- .fill 2*512,8,0
-+ .fill 512,8,0
-+ .fill KAISER_USER_PGD_FILL,8,0
- #else
- NEXT_PGD_PAGE(init_level4_pgt)
- .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
-@@ -442,6 +457,7 @@ NEXT_PGD_PAGE(init_level4_pgt)
- .org init_level4_pgt + L4_START_KERNEL*8, 0
- /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
- .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
-+ .fill KAISER_USER_PGD_FILL,8,0
-
- NEXT_PAGE(level3_ident_pgt)
- .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
-@@ -452,6 +468,7 @@ NEXT_PAGE(level2_ident_pgt)
- */
- PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
- #endif
-+ .fill KAISER_USER_PGD_FILL,8,0
-
- NEXT_PAGE(level3_kernel_pgt)
- .fill L3_START_KERNEL,8,0
---- a/arch/x86/kernel/ldt.c
-+++ b/arch/x86/kernel/ldt.c
-@@ -18,6 +18,7 @@
- #include <linux/uaccess.h>
-
- #include <asm/ldt.h>
-+#include <asm/kaiser.h>
- #include <asm/desc.h>
- #include <asm/mmu_context.h>
- #include <asm/syscalls.h>
-@@ -34,11 +35,21 @@ static void flush_ldt(void *current_mm)
- set_ldt(pc->ldt->entries, pc->ldt->size);
- }
-
-+static void __free_ldt_struct(struct ldt_struct *ldt)
-+{
-+ if (ldt->size * LDT_ENTRY_SIZE > PAGE_SIZE)
-+ vfree(ldt->entries);
-+ else
-+ free_page((unsigned long)ldt->entries);
-+ kfree(ldt);
-+}
-+
- /* The caller must call finalize_ldt_struct on the result. LDT starts zeroed. */
- static struct ldt_struct *alloc_ldt_struct(int size)
- {
- struct ldt_struct *new_ldt;
- int alloc_size;
-+ int ret = 0;
-
- if (size > LDT_ENTRIES)
- return NULL;
-@@ -66,6 +77,14 @@ static struct ldt_struct *alloc_ldt_stru
- return NULL;
- }
-
-+ // FIXME: make kaiser_add_mapping() return an error code
-+ // when it fails
-+ kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size,
-+ __PAGE_KERNEL);
-+ if (ret) {
-+ __free_ldt_struct(new_ldt);
-+ return NULL;
-+ }
- new_ldt->size = size;
- return new_ldt;
- }
-@@ -92,12 +111,10 @@ static void free_ldt_struct(struct ldt_s
- if (likely(!ldt))
- return;
-
-+ kaiser_remove_mapping((unsigned long)ldt->entries,
-+ ldt->size * LDT_ENTRY_SIZE);
- paravirt_free_ldt(ldt->entries, ldt->size);
-- if (ldt->size * LDT_ENTRY_SIZE > PAGE_SIZE)
-- vfree(ldt->entries);
-- else
-- free_page((unsigned long)ldt->entries);
-- kfree(ldt);
-+ __free_ldt_struct(ldt);
- }
-
- /*
---- a/arch/x86/kernel/tracepoint.c
-+++ b/arch/x86/kernel/tracepoint.c
-@@ -9,10 +9,12 @@
- #include <linux/atomic.h>
-
- atomic_t trace_idt_ctr = ATOMIC_INIT(0);
-+__aligned(PAGE_SIZE)
- struct desc_ptr trace_idt_descr = { NR_VECTORS * 16 - 1,
- (unsigned long) trace_idt_table };
-
- /* No need to be aligned, but done to keep all IDTs defined the same way. */
-+__aligned(PAGE_SIZE)
- gate_desc trace_idt_table[NR_VECTORS] __page_aligned_bss;
-
- static int trace_irq_vector_refcount;
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -1,160 +1,305 @@
--
--
-+#include <linux/bug.h>
- #include <linux/kernel.h>
- #include <linux/errno.h>
- #include <linux/string.h>
- #include <linux/types.h>
- #include <linux/bug.h>
- #include <linux/init.h>
-+#include <linux/interrupt.h>
- #include <linux/spinlock.h>
- #include <linux/mm.h>
--
- #include <linux/uaccess.h>
-+
-+#include <asm/kaiser.h>
- #include <asm/pgtable.h>
- #include <asm/pgalloc.h>
- #include <asm/desc.h>
- #ifdef CONFIG_KAISER
-
- __visible DEFINE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-+/*
-+ * At runtime, the only things we map are some things for CPU
-+ * hotplug, and stacks for new processes. No two CPUs will ever
-+ * be populating the same addresses, so we only need to ensure
-+ * that we protect between two CPUs trying to allocate and
-+ * populate the same page table page.
-+ *
-+ * Only take this lock when doing a set_p[4um]d(), but it is not
-+ * needed for doing a set_pte(). We assume that only the *owner*
-+ * of a given allocation will be doing this for _their_
-+ * allocation.
-+ *
-+ * This ensures that once a system has been running for a while
-+ * and there have been stacks all over and these page tables
-+ * are fully populated, there will be no further acquisitions of
-+ * this lock.
-+ */
-+static DEFINE_SPINLOCK(shadow_table_allocation_lock);
-
--/**
-- * Get the real ppn from a address in kernel mapping.
-- * @param address The virtual adrress
-- * @return the physical address
-+/*
-+ * Returns -1 on error.
- */
--static inline unsigned long get_pa_from_mapping (unsigned long address)
-+static inline unsigned long get_pa_from_mapping(unsigned long vaddr)
- {
- pgd_t *pgd;
- pud_t *pud;
- pmd_t *pmd;
- pte_t *pte;
-
-- pgd = pgd_offset_k(address);
-- BUG_ON(pgd_none(*pgd) || pgd_large(*pgd));
-+ pgd = pgd_offset_k(vaddr);
-+ /*
-+ * We made all the kernel PGDs present in kaiser_init().
-+ * We expect them to stay that way.
-+ */
-+ BUG_ON(pgd_none(*pgd));
-+ /*
-+ * PGDs are either 512GB or 128TB on all x86_64
-+ * configurations. We don't handle these.
-+ */
-+ BUG_ON(pgd_large(*pgd));
-+
-+ pud = pud_offset(pgd, vaddr);
-+ if (pud_none(*pud)) {
-+ WARN_ON_ONCE(1);
-+ return -1;
-+ }
-
-- pud = pud_offset(pgd, address);
-- BUG_ON(pud_none(*pud));
-+ if (pud_large(*pud))
-+ return (pud_pfn(*pud) << PAGE_SHIFT) | (vaddr & ~PUD_PAGE_MASK);
-
-- if (pud_large(*pud)) {
-- return (pud_pfn(*pud) << PAGE_SHIFT) | (address & ~PUD_PAGE_MASK);
-+ pmd = pmd_offset(pud, vaddr);
-+ if (pmd_none(*pmd)) {
-+ WARN_ON_ONCE(1);
-+ return -1;
- }
-
-- pmd = pmd_offset(pud, address);
-- BUG_ON(pmd_none(*pmd));
-+ if (pmd_large(*pmd))
-+ return (pmd_pfn(*pmd) << PAGE_SHIFT) | (vaddr & ~PMD_PAGE_MASK);
-
-- if (pmd_large(*pmd)) {
-- return (pmd_pfn(*pmd) << PAGE_SHIFT) | (address & ~PMD_PAGE_MASK);
-+ pte = pte_offset_kernel(pmd, vaddr);
-+ if (pte_none(*pte)) {
-+ WARN_ON_ONCE(1);
-+ return -1;
- }
-
-- pte = pte_offset_kernel(pmd, address);
-- BUG_ON(pte_none(*pte));
--
-- return (pte_pfn(*pte) << PAGE_SHIFT) | (address & ~PAGE_MASK);
-+ return (pte_pfn(*pte) << PAGE_SHIFT) | (vaddr & ~PAGE_MASK);
- }
-
--void _kaiser_copy (unsigned long start_addr, unsigned long size,
-- unsigned long flags)
-+/*
-+ * This is a relatively normal page table walk, except that it
-+ * also tries to allocate page tables pages along the way.
-+ *
-+ * Returns a pointer to a PTE on success, or NULL on failure.
-+ */
-+static pte_t *kaiser_pagetable_walk(unsigned long address, bool is_atomic)
- {
-- pgd_t *pgd;
-- pud_t *pud;
- pmd_t *pmd;
-- pte_t *pte;
-- unsigned long address;
-- unsigned long end_addr = start_addr + size;
-- unsigned long target_address;
-+ pud_t *pud;
-+ pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(address));
-+ gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
-
-- for (address = PAGE_ALIGN(start_addr - (PAGE_SIZE - 1));
-- address < PAGE_ALIGN(end_addr); address += PAGE_SIZE) {
-- target_address = get_pa_from_mapping(address);
-+ might_sleep();
-+ if (is_atomic) {
-+ gfp &= ~GFP_KERNEL;
-+ gfp |= __GFP_HIGH | __GFP_ATOMIC;
-+ }
-
-- pgd = native_get_shadow_pgd(pgd_offset_k(address));
-+ if (pgd_none(*pgd)) {
-+ WARN_ONCE(1, "All shadow pgds should have been populated");
-+ return NULL;
-+ }
-+ BUILD_BUG_ON(pgd_large(*pgd) != 0);
-
-- BUG_ON(pgd_none(*pgd) && "All shadow pgds should be mapped at this time\n");
-- BUG_ON(pgd_large(*pgd));
-+ pud = pud_offset(pgd, address);
-+ /* The shadow page tables do not use large mappings: */
-+ if (pud_large(*pud)) {
-+ WARN_ON(1);
-+ return NULL;
-+ }
-+ if (pud_none(*pud)) {
-+ unsigned long new_pmd_page = __get_free_page(gfp);
-+ if (!new_pmd_page)
-+ return NULL;
-+ spin_lock(&shadow_table_allocation_lock);
-+ if (pud_none(*pud))
-+ set_pud(pud, __pud(_KERNPG_TABLE | __pa(new_pmd_page)));
-+ else
-+ free_page(new_pmd_page);
-+ spin_unlock(&shadow_table_allocation_lock);
-+ }
-
-- pud = pud_offset(pgd, address);
-- if (pud_none(*pud)) {
-- set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd_alloc_one(0, address))));
-- }
-- BUG_ON(pud_large(*pud));
-+ pmd = pmd_offset(pud, address);
-+ /* The shadow page tables do not use large mappings: */
-+ if (pmd_large(*pmd)) {
-+ WARN_ON(1);
-+ return NULL;
-+ }
-+ if (pmd_none(*pmd)) {
-+ unsigned long new_pte_page = __get_free_page(gfp);
-+ if (!new_pte_page)
-+ return NULL;
-+ spin_lock(&shadow_table_allocation_lock);
-+ if (pmd_none(*pmd))
-+ set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(new_pte_page)));
-+ else
-+ free_page(new_pte_page);
-+ spin_unlock(&shadow_table_allocation_lock);
-+ }
-
-- pmd = pmd_offset(pud, address);
-- if (pmd_none(*pmd)) {
-- set_pmd(pmd, __pmd(_PAGE_TABLE | __pa(pte_alloc_one_kernel(0, address))));
-- }
-- BUG_ON(pmd_large(*pmd));
-+ return pte_offset_kernel(pmd, address);
-+}
-
-- pte = pte_offset_kernel(pmd, address);
-+int kaiser_add_user_map(const void *__start_addr, unsigned long size,
-+ unsigned long flags)
-+{
-+ int ret = 0;
-+ pte_t *pte;
-+ unsigned long start_addr = (unsigned long )__start_addr;
-+ unsigned long address = start_addr & PAGE_MASK;
-+ unsigned long end_addr = PAGE_ALIGN(start_addr + size);
-+ unsigned long target_address;
-+
-+ for (;address < end_addr; address += PAGE_SIZE) {
-+ target_address = get_pa_from_mapping(address);
-+ if (target_address == -1) {
-+ ret = -EIO;
-+ break;
-+ }
-+ pte = kaiser_pagetable_walk(address, false);
- if (pte_none(*pte)) {
- set_pte(pte, __pte(flags | target_address));
- } else {
-- BUG_ON(__pa(pte_page(*pte)) != target_address);
-+ pte_t tmp;
-+ set_pte(&tmp, __pte(flags | target_address));
-+ WARN_ON_ONCE(!pte_same(*pte, tmp));
- }
- }
-+ return ret;
- }
-
--// at first, add a pmd for every pgd entry in the shadowmem-kernel-part of the kernel mapping
--static inline void __init _kaiser_init(void)
-+static int kaiser_add_user_map_ptrs(const void *start, const void *end, unsigned long flags)
-+{
-+ unsigned long size = end - start;
-+
-+ return kaiser_add_user_map(start, size, flags);
-+}
-+
-+/*
-+ * Ensure that the top level of the (shadow) page tables are
-+ * entirely populated. This ensures that all processes that get
-+ * forked have the same entries. This way, we do not have to
-+ * ever go set up new entries in older processes.
-+ *
-+ * Note: we never free these, so there are no updates to them
-+ * after this.
-+ */
-+static void __init kaiser_init_all_pgds(void)
- {
- pgd_t *pgd;
- int i = 0;
-
- pgd = native_get_shadow_pgd(pgd_offset_k((unsigned long )0));
- for (i = PTRS_PER_PGD / 2; i < PTRS_PER_PGD; i++) {
-- set_pgd(pgd + i, __pgd(_PAGE_TABLE |__pa(pud_alloc_one(0, 0))));
-+ pgd_t new_pgd;
-+ pud_t *pud = pud_alloc_one(&init_mm, PAGE_OFFSET + i * PGDIR_SIZE);
-+ if (!pud) {
-+ WARN_ON(1);
-+ break;
-+ }
-+ new_pgd = __pgd(_KERNPG_TABLE |__pa(pud));
-+ /*
-+ * Make sure not to stomp on some other pgd entry.
-+ */
-+ if (!pgd_none(pgd[i])) {
-+ WARN_ON(1);
-+ continue;
-+ }
-+ set_pgd(pgd + i, new_pgd);
- }
- }
-
-+#define kaiser_add_user_map_early(start, size, flags) do { \
-+ int __ret = kaiser_add_user_map(start, size, flags); \
-+ WARN_ON(__ret); \
-+} while (0)
-+
-+#define kaiser_add_user_map_ptrs_early(start, end, flags) do { \
-+ int __ret = kaiser_add_user_map_ptrs(start, end, flags); \
-+ WARN_ON(__ret); \
-+} while (0)
-+
- extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
--spinlock_t shadow_table_lock;
-+/*
-+ * If anything in here fails, we will likely die on one of the
-+ * first kernel->user transitions and init will die. But, we
-+ * will have most of the kernel up by then and should be able to
-+ * get a clean warning out of it. If we BUG_ON() here, we run
-+ * the risk of being before we have good console output.
-+ */
- void __init kaiser_init(void)
- {
- int cpu;
-- spin_lock_init(&shadow_table_lock);
--
-- spin_lock(&shadow_table_lock);
-
-- _kaiser_init();
-+ kaiser_init_all_pgds();
-
- for_each_possible_cpu(cpu) {
-- // map the per cpu user variables
-- _kaiser_copy(
-- (unsigned long) (__per_cpu_user_mapped_start + per_cpu_offset(cpu)),
-- (unsigned long) __per_cpu_user_mapped_end - (unsigned long) __per_cpu_user_mapped_start,
-- __PAGE_KERNEL);
-- }
--
-- // map the entry/exit text section, which is responsible to switch between user- and kernel mode
-- _kaiser_copy(
-- (unsigned long) __entry_text_start,
-- (unsigned long) __entry_text_end - (unsigned long) __entry_text_start,
-- __PAGE_KERNEL_RX);
--
-- // the fixed map address of the idt_table
-- _kaiser_copy(
-- (unsigned long) idt_descr.address,
-- sizeof(gate_desc) * NR_VECTORS,
-- __PAGE_KERNEL_RO);
-+ void *percpu_vaddr = __per_cpu_user_mapped_start +
-+ per_cpu_offset(cpu);
-+ unsigned long percpu_sz = __per_cpu_user_mapped_end -
-+ __per_cpu_user_mapped_start;
-+ kaiser_add_user_map_early(percpu_vaddr, percpu_sz,
-+ __PAGE_KERNEL);
-+ }
-
-- spin_unlock(&shadow_table_lock);
-+ /*
-+ * Map the entry/exit text section, which is needed at
-+ * switches from user to and from kernel.
-+ */
-+ kaiser_add_user_map_ptrs_early(__entry_text_start, __entry_text_end,
-+ __PAGE_KERNEL_RX);
-+
-+#if defined(CONFIG_FUNCTION_GRAPH_TRACER) || defined(CONFIG_KASAN)
-+ kaiser_add_user_map_ptrs_early(__irqentry_text_start,
-+ __irqentry_text_end,
-+ __PAGE_KERNEL_RX);
-+#endif
-+ kaiser_add_user_map_early((void *)idt_descr.address,
-+ sizeof(gate_desc) * NR_VECTORS,
-+ __PAGE_KERNEL_RO);
-+#ifdef CONFIG_TRACING
-+ kaiser_add_user_map_early(&trace_idt_descr,
-+ sizeof(trace_idt_descr),
-+ __PAGE_KERNEL);
-+ kaiser_add_user_map_early(&trace_idt_table,
-+ sizeof(gate_desc) * NR_VECTORS,
-+ __PAGE_KERNEL);
-+#endif
-+ kaiser_add_user_map_early(&debug_idt_descr, sizeof(debug_idt_descr),
-+ __PAGE_KERNEL);
-+ kaiser_add_user_map_early(&debug_idt_table,
-+ sizeof(gate_desc) * NR_VECTORS,
-+ __PAGE_KERNEL);
- }
-
-+extern void unmap_pud_range_nofree(pgd_t *pgd, unsigned long start, unsigned long end);
- // add a mapping to the shadow-mapping, and synchronize the mappings
--void kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
-+int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
- {
-- spin_lock(&shadow_table_lock);
-- _kaiser_copy(addr, size, flags);
-- spin_unlock(&shadow_table_lock);
-+ return kaiser_add_user_map((const void *)addr, size, flags);
- }
-
--extern void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end);
- void kaiser_remove_mapping(unsigned long start, unsigned long size)
- {
-- pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(start));
-- spin_lock(&shadow_table_lock);
-- do {
-- unmap_pud_range(pgd, start, start + size);
-- } while (pgd++ != native_get_shadow_pgd(pgd_offset_k(start + size)));
-- spin_unlock(&shadow_table_lock);
-+ unsigned long end = start + size;
-+ unsigned long addr;
-+
-+ for (addr = start; addr < end; addr += PGDIR_SIZE) {
-+ pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(addr));
-+ /*
-+ * unmap_p4d_range() handles > P4D_SIZE unmaps,
-+ * so no need to trim 'end'.
-+ */
-+ unmap_pud_range_nofree(pgd, addr, end);
-+ }
- }
- #endif /* CONFIG_KAISER */
---- a/arch/x86/mm/pageattr.c
-+++ b/arch/x86/mm/pageattr.c
-@@ -52,6 +52,7 @@ static DEFINE_SPINLOCK(cpa_lock);
- #define CPA_FLUSHTLB 1
- #define CPA_ARRAY 2
- #define CPA_PAGES_ARRAY 4
-+#define CPA_FREE_PAGETABLES 8
-
- #ifdef CONFIG_PROC_FS
- static unsigned long direct_pages_count[PG_LEVEL_NUM];
-@@ -729,10 +730,13 @@ static int split_large_page(struct cpa_d
- return 0;
- }
-
--static bool try_to_free_pte_page(pte_t *pte)
-+static bool try_to_free_pte_page(struct cpa_data *cpa, pte_t *pte)
- {
- int i;
-
-+ if (!(cpa->flags & CPA_FREE_PAGETABLES))
-+ return false;
-+
- for (i = 0; i < PTRS_PER_PTE; i++)
- if (!pte_none(pte[i]))
- return false;
-@@ -741,10 +745,13 @@ static bool try_to_free_pte_page(pte_t *
- return true;
- }
-
--static bool try_to_free_pmd_page(pmd_t *pmd)
-+static bool try_to_free_pmd_page(struct cpa_data *cpa, pmd_t *pmd)
- {
- int i;
-
-+ if (!(cpa->flags & CPA_FREE_PAGETABLES))
-+ return false;
-+
- for (i = 0; i < PTRS_PER_PMD; i++)
- if (!pmd_none(pmd[i]))
- return false;
-@@ -753,7 +760,9 @@ static bool try_to_free_pmd_page(pmd_t *
- return true;
- }
-
--static bool unmap_pte_range(pmd_t *pmd, unsigned long start, unsigned long end)
-+static bool unmap_pte_range(struct cpa_data *cpa, pmd_t *pmd,
-+ unsigned long start,
-+ unsigned long end)
- {
- pte_t *pte = pte_offset_kernel(pmd, start);
-
-@@ -764,22 +773,23 @@ static bool unmap_pte_range(pmd_t *pmd,
- pte++;
- }
-
-- if (try_to_free_pte_page((pte_t *)pmd_page_vaddr(*pmd))) {
-+ if (try_to_free_pte_page(cpa, (pte_t *)pmd_page_vaddr(*pmd))) {
- pmd_clear(pmd);
- return true;
- }
- return false;
- }
-
--static void __unmap_pmd_range(pud_t *pud, pmd_t *pmd,
-+static void __unmap_pmd_range(struct cpa_data *cpa, pud_t *pud, pmd_t *pmd,
- unsigned long start, unsigned long end)
- {
-- if (unmap_pte_range(pmd, start, end))
-- if (try_to_free_pmd_page((pmd_t *)pud_page_vaddr(*pud)))
-+ if (unmap_pte_range(cpa, pmd, start, end))
-+ if (try_to_free_pmd_page(cpa, (pmd_t *)pud_page_vaddr(*pud)))
- pud_clear(pud);
- }
-
--static void unmap_pmd_range(pud_t *pud, unsigned long start, unsigned long end)
-+static void unmap_pmd_range(struct cpa_data *cpa, pud_t *pud,
-+ unsigned long start, unsigned long end)
- {
- pmd_t *pmd = pmd_offset(pud, start);
-
-@@ -790,7 +800,7 @@ static void unmap_pmd_range(pud_t *pud,
- unsigned long next_page = (start + PMD_SIZE) & PMD_MASK;
- unsigned long pre_end = min_t(unsigned long, end, next_page);
-
-- __unmap_pmd_range(pud, pmd, start, pre_end);
-+ __unmap_pmd_range(cpa, pud, pmd, start, pre_end);
-
- start = pre_end;
- pmd++;
-@@ -803,7 +813,8 @@ static void unmap_pmd_range(pud_t *pud,
- if (pmd_large(*pmd))
- pmd_clear(pmd);
- else
-- __unmap_pmd_range(pud, pmd, start, start + PMD_SIZE);
-+ __unmap_pmd_range(cpa, pud, pmd,
-+ start, start + PMD_SIZE);
-
- start += PMD_SIZE;
- pmd++;
-@@ -813,17 +824,19 @@ static void unmap_pmd_range(pud_t *pud,
- * 4K leftovers?
- */
- if (start < end)
-- return __unmap_pmd_range(pud, pmd, start, end);
-+ return __unmap_pmd_range(cpa, pud, pmd, start, end);
-
- /*
- * Try again to free the PMD page if haven't succeeded above.
- */
- if (!pud_none(*pud))
-- if (try_to_free_pmd_page((pmd_t *)pud_page_vaddr(*pud)))
-+ if (try_to_free_pmd_page(cpa, (pmd_t *)pud_page_vaddr(*pud)))
- pud_clear(pud);
- }
-
--void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end)
-+static void __unmap_pud_range(struct cpa_data *cpa, pgd_t *pgd,
-+ unsigned long start,
-+ unsigned long end)
- {
- pud_t *pud = pud_offset(pgd, start);
-
-@@ -834,7 +847,7 @@ void unmap_pud_range(pgd_t *pgd, unsigne
- unsigned long next_page = (start + PUD_SIZE) & PUD_MASK;
- unsigned long pre_end = min_t(unsigned long, end, next_page);
-
-- unmap_pmd_range(pud, start, pre_end);
-+ unmap_pmd_range(cpa, pud, start, pre_end);
-
- start = pre_end;
- pud++;
-@@ -848,7 +861,7 @@ void unmap_pud_range(pgd_t *pgd, unsigne
- if (pud_large(*pud))
- pud_clear(pud);
- else
-- unmap_pmd_range(pud, start, start + PUD_SIZE);
-+ unmap_pmd_range(cpa, pud, start, start + PUD_SIZE);
-
- start += PUD_SIZE;
- pud++;
-@@ -858,7 +871,7 @@ void unmap_pud_range(pgd_t *pgd, unsigne
- * 2M leftovers?
- */
- if (start < end)
-- unmap_pmd_range(pud, start, end);
-+ unmap_pmd_range(cpa, pud, start, end);
-
- /*
- * No need to try to free the PUD page because we'll free it in
-@@ -866,6 +879,24 @@ void unmap_pud_range(pgd_t *pgd, unsigne
- */
- }
-
-+static void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end)
-+{
-+ struct cpa_data cpa = {
-+ .flags = CPA_FREE_PAGETABLES,
-+ };
-+
-+ __unmap_pud_range(&cpa, pgd, start, end);
-+}
-+
-+void unmap_pud_range_nofree(pgd_t *pgd, unsigned long start, unsigned long end)
-+{
-+ struct cpa_data cpa = {
-+ .flags = 0,
-+ };
-+
-+ __unmap_pud_range(&cpa, pgd, start, end);
-+}
-+
- static int alloc_pte_page(pmd_t *pmd)
- {
- pte_t *pte = (pte_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK);
---- a/arch/x86/mm/pgtable.c
-+++ b/arch/x86/mm/pgtable.c
-@@ -344,40 +344,26 @@ static inline void _pgd_free(pgd_t *pgd)
- kmem_cache_free(pgd_cache, pgd);
- }
- #else
--static inline pgd_t *_pgd_alloc(void)
--{
--#ifdef CONFIG_KAISER
-- // Instead of one PML4, we aquire two PML4s and, thus, an 8kb-aligned memory
-- // block. Therefore, we have to allocate at least 3 pages. However, the
-- // __get_free_pages returns us 4 pages. Hence, we store the base pointer at
-- // the beginning of the page of our 8kb-aligned memory block in order to
-- // correctly free it afterwars.
-
-- unsigned long pages = __get_free_pages(PGALLOC_GFP, get_order(4*PAGE_SIZE));
--
-- if(native_get_normal_pgd((pgd_t*) pages) == (pgd_t*) pages)
-- {
-- *((unsigned long*)(pages + 2 * PAGE_SIZE)) = pages;
-- return (pgd_t *) pages;
-- }
-- else
-- {
-- *((unsigned long*)(pages + 3 * PAGE_SIZE)) = pages;
-- return (pgd_t *) (pages + PAGE_SIZE);
-- }
-+#ifdef CONFIG_KAISER
-+/*
-+ * Instead of one pmd, we aquire two pmds. Being order-1, it is
-+ * both 8k in size and 8k-aligned. That lets us just flip bit 12
-+ * in a pointer to swap between the two 4k halves.
-+ */
-+#define PGD_ALLOCATION_ORDER 1
- #else
-- return (pgd_t *)__get_free_page(PGALLOC_GFP);
-+#define PGD_ALLOCATION_ORDER 0
- #endif
-+
-+static inline pgd_t *_pgd_alloc(void)
-+{
-+ return (pgd_t *)__get_free_pages(PGALLOC_GFP, PGD_ALLOCATION_ORDER);
- }
-
- static inline void _pgd_free(pgd_t *pgd)
- {
--#ifdef CONFIG_KAISER
-- unsigned long pages = *((unsigned long*) ((char*) pgd + 2 * PAGE_SIZE));
-- free_pages(pages, get_order(4*PAGE_SIZE));
--#else
-- free_page((unsigned long)pgd);
--#endif
-+ free_pages((unsigned long)pgd, PGD_ALLOCATION_ORDER);
- }
- #endif /* CONFIG_X86_PAE */
-
---- /dev/null
-+++ b/include/linux/kaiser.h
-@@ -0,0 +1,26 @@
-+#ifndef _INCLUDE_KAISER_H
-+#define _INCLUDE_KAISER_H
-+
-+#ifdef CONFIG_KAISER
-+#include <asm/kaiser.h>
-+#else
-+
-+/*
-+ * These stubs are used whenever CONFIG_KAISER is off, which
-+ * includes architectures that support KAISER, but have it
-+ * disabled.
-+ */
-+
-+static inline void kaiser_init(void)
-+{
-+}
-+static inline void kaiser_remove_mapping(unsigned long start, unsigned long size)
-+{
-+}
-+static inline int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
-+{
-+ return 0;
-+}
-+
-+#endif /* !CONFIG_KAISER */
-+#endif /* _INCLUDE_KAISER_H */
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -58,6 +58,7 @@
- #include <linux/tsacct_kern.h>
- #include <linux/cn_proc.h>
- #include <linux/freezer.h>
-+#include <linux/kaiser.h>
- #include <linux/delayacct.h>
- #include <linux/taskstats_kern.h>
- #include <linux/random.h>
-@@ -472,7 +473,6 @@ void set_task_stack_end_magic(struct tas
- *stackend = STACK_END_MAGIC; /* for overflow detection */
- }
-
--extern void kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
- static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
- {
- struct task_struct *tsk;
-@@ -500,9 +500,10 @@ static struct task_struct *dup_task_stru
- * functions again.
- */
- tsk->stack = stack;
--#ifdef CONFIG_KAISER
-- kaiser_add_mapping((unsigned long)tsk->stack, THREAD_SIZE, __PAGE_KERNEL);
--#endif
-+
-+ err= kaiser_add_mapping((unsigned long)tsk->stack, THREAD_SIZE, __PAGE_KERNEL);
-+ if (err)
-+ goto free_stack;
- #ifdef CONFIG_VMAP_STACK
- tsk->stack_vm_area = stack_vm_area;
- #endif
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -32,12 +32,17 @@ config SECURITY
- If you are unsure how to answer this question, answer N.
- config KAISER
- bool "Remove the kernel mapping in user mode"
-+ default y
- depends on X86_64
- depends on !PARAVIRT
- help
- This enforces a strict kernel and user space isolation in order to close
- hardware side channels on kernel address information.
-
-+config KAISER_REAL_SWITCH
-+ bool "KAISER: actually switch page tables"
-+ default y
-+
- config SECURITYFS
- bool "Enable the securityfs filesystem"
- help
diff --git a/debian/patches/features/all/kpti/kaiser-name-that-0x1000-kaiser_shadow_pgd_offset.patch b/debian/patches/features/all/kpti/kaiser-name-that-0x1000-kaiser_shadow_pgd_offset.patch
deleted file mode 100644
index 447c040..0000000
--- a/debian/patches/features/all/kpti/kaiser-name-that-0x1000-kaiser_shadow_pgd_offset.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sat, 9 Sep 2017 17:31:18 -0700
-Subject: kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
-
-From: Hugh Dickins <hughd at google.com>
-
-
-There's a 0x1000 in various places, which looks better with a name.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 4 ++--
- arch/x86/include/asm/kaiser.h | 7 +++++--
- 2 files changed, 7 insertions(+), 4 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1318,7 +1318,7 @@ ENTRY(nmi)
- movq %cr3, %rax
- pushq %rax
- #ifdef CONFIG_KAISER_REAL_SWITCH
-- andq $(~0x1000), %rax
-+ andq $(~KAISER_SHADOW_PGD_OFFSET), %rax
- #endif
- movq %rax, %cr3
- #endif
-@@ -1561,7 +1561,7 @@ end_repeat_nmi:
- movq %cr3, %rax
- pushq %rax
- #ifdef CONFIG_KAISER_REAL_SWITCH
-- andq $(~0x1000), %rax
-+ andq $(~KAISER_SHADOW_PGD_OFFSET), %rax
- #endif
- movq %rax, %cr3
- #endif
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -13,13 +13,16 @@
- * A minimalistic kernel mapping holds the parts needed to be mapped in user
- * mode, such as the entry/exit functions of the user space, or the stacks.
- */
-+
-+#define KAISER_SHADOW_PGD_OFFSET 0x1000
-+
- #ifdef __ASSEMBLY__
- #ifdef CONFIG_KAISER
-
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
- #ifdef CONFIG_KAISER_REAL_SWITCH
--andq $(~0x1000), \reg
-+andq $(~KAISER_SHADOW_PGD_OFFSET), \reg
- #endif
- movq \reg, %cr3
- .endm
-@@ -27,7 +30,7 @@ movq \reg, %cr3
- .macro _SWITCH_TO_USER_CR3 reg
- movq %cr3, \reg
- #ifdef CONFIG_KAISER_REAL_SWITCH
--orq $(0x1000), \reg
-+orq $(KAISER_SHADOW_PGD_OFFSET), \reg
- #endif
- movq \reg, %cr3
- .endm
diff --git a/debian/patches/features/all/kpti/kaiser-paranoid_entry-pass-cr3-need-to-paranoid_exit.patch b/debian/patches/features/all/kpti/kaiser-paranoid_entry-pass-cr3-need-to-paranoid_exit.patch
deleted file mode 100644
index f0ec889..0000000
--- a/debian/patches/features/all/kpti/kaiser-paranoid_entry-pass-cr3-need-to-paranoid_exit.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Tue, 26 Sep 2017 18:43:07 -0700
-Subject: kaiser: paranoid_entry pass cr3 need to paranoid_exit
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Neel Natu points out that paranoid_entry() was wrong to assume that
-an entry that did not need swapgs would not need SWITCH_KERNEL_CR3:
-paranoid_entry (used for debug breakpoint, int3, double fault or MCE;
-though I think it's only the MCE case that is cause for concern here)
-can break in at an awkward time, between cr3 switch and swapgs, but
-its handling always needs kernel gs and kernel cr3.
-
-Easy to fix in itself, but paranoid_entry() also needs to convey to
-paranoid_exit() (and my reading of macro idtentry says paranoid_entry
-and paranoid_exit are always paired) how to restore the prior state.
-The swapgs state is already conveyed by %ebx (0 or 1), so extend that
-also to convey when SWITCH_USER_CR3 will be needed (2 or 3).
-
-(Yes, I'd much prefer that 0 meant no swapgs, whereas it's the other
-way round: and a convention shared with error_entry() and error_exit(),
-which I don't want to touch. Perhaps I should have inverted the bit
-for switch cr3 too, but did not.)
-
-paranoid_exit() would be straightforward, except for TRACE_IRQS: it
-did TRACE_IRQS_IRETQ when doing swapgs, but TRACE_IRQS_IRETQ_DEBUG
-when not: which is it supposed to use when SWITCH_USER_CR3 is split
-apart from that? As best as I can determine, commit 5963e317b1e9
-("ftrace/x86: Do not change stacks in DEBUG when calling lockdep")
-missed the swapgs case, and should have used TRACE_IRQS_IRETQ_DEBUG
-there too (the discrepancy has nothing to do with the liberal use
-of _NO_STACK and _UNSAFE_STACK hereabouts: TRACE_IRQS_OFF_DEBUG has
-just been used in all cases); discrepancy lovingly preserved across
-several paranoid_exit() cleanups, but I'm now removing it.
-
-Neel further indicates that to use SWITCH_USER_CR3_NO_STACK there in
-paranoid_exit() is now not only unnecessary but unsafe: might corrupt
-syscall entry's unsafe_stack_register_backup of %rax. Just use
-SWITCH_USER_CR3: and delete SWITCH_USER_CR3_NO_STACK altogether,
-before we make the mistake of using it again.
-
-hughd adds: this commit fixes an issue in the Kaiser-without-PCIDs
-part of the series, and ought to be moved earlier, if you decided
-to make a release of Kaiser-without-PCIDs.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 46 ++++++++++++++++++++++++++++++---------
- arch/x86/entry/entry_64_compat.S | 2 -
- arch/x86/include/asm/kaiser.h | 8 ------
- 3 files changed, 37 insertions(+), 19 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1053,7 +1053,11 @@ idtentry machine_check has_error_cod
- /*
- * Save all registers in pt_regs, and switch gs if needed.
- * Use slow, but surefire "are we in kernel?" check.
-- * Return: ebx=0: need swapgs on exit, ebx=1: otherwise
-+ *
-+ * Return: ebx=0: needs swapgs but not SWITCH_USER_CR3 in paranoid_exit
-+ * ebx=1: needs neither swapgs nor SWITCH_USER_CR3 in paranoid_exit
-+ * ebx=2: needs both swapgs and SWITCH_USER_CR3 in paranoid_exit
-+ * ebx=3: needs SWITCH_USER_CR3 but not swapgs in paranoid_exit
- */
- ENTRY(paranoid_entry)
- cld
-@@ -1065,9 +1069,26 @@ ENTRY(paranoid_entry)
- testl %edx, %edx
- js 1f /* negative -> in kernel */
- SWAPGS
-- SWITCH_KERNEL_CR3
- xorl %ebx, %ebx
--1: ret
-+1:
-+#ifdef CONFIG_KAISER
-+ /*
-+ * We might have come in between a swapgs and a SWITCH_KERNEL_CR3
-+ * on entry, or between a SWITCH_USER_CR3 and a swapgs on exit.
-+ * Do a conditional SWITCH_KERNEL_CR3: this could safely be done
-+ * unconditionally, but we need to find out whether the reverse
-+ * should be done on return (conveyed to paranoid_exit in %ebx).
-+ */
-+ movq %cr3, %rax
-+ testl $KAISER_SHADOW_PGD_OFFSET, %eax
-+ jz 2f
-+ orl $2, %ebx
-+ andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-+ orq x86_cr3_pcid_noflush, %rax
-+ movq %rax, %cr3
-+2:
-+#endif
-+ ret
- END(paranoid_entry)
-
- /*
-@@ -1080,20 +1101,25 @@ END(paranoid_entry)
- * be complicated. Fortunately, we there's no good reason
- * to try to handle preemption here.
- *
-- * On entry, ebx is "no swapgs" flag (1: don't need swapgs, 0: need it)
-+ * On entry: ebx=0: needs swapgs but not SWITCH_USER_CR3
-+ * ebx=1: needs neither swapgs nor SWITCH_USER_CR3
-+ * ebx=2: needs both swapgs and SWITCH_USER_CR3
-+ * ebx=3: needs SWITCH_USER_CR3 but not swapgs
- */
- ENTRY(paranoid_exit)
- DISABLE_INTERRUPTS(CLBR_NONE)
- TRACE_IRQS_OFF_DEBUG
-- testl %ebx, %ebx /* swapgs needed? */
-+ TRACE_IRQS_IRETQ_DEBUG
-+#ifdef CONFIG_KAISER
-+ testl $2, %ebx /* SWITCH_USER_CR3 needed? */
-+ jz paranoid_exit_no_switch
-+ SWITCH_USER_CR3
-+paranoid_exit_no_switch:
-+#endif
-+ testl $1, %ebx /* swapgs needed? */
- jnz paranoid_exit_no_swapgs
-- TRACE_IRQS_IRETQ
-- SWITCH_USER_CR3_NO_STACK
- SWAPGS_UNSAFE_STACK
-- jmp paranoid_exit_restore
- paranoid_exit_no_swapgs:
-- TRACE_IRQS_IRETQ_DEBUG
--paranoid_exit_restore:
- RESTORE_EXTRA_REGS
- RESTORE_C_REGS
- REMOVE_PT_GPREGS_FROM_STACK 8
---- a/arch/x86/entry/entry_64_compat.S
-+++ b/arch/x86/entry/entry_64_compat.S
-@@ -343,7 +343,7 @@ ENTRY(entry_INT80_compat)
-
- /* Go back to user mode. */
- TRACE_IRQS_ON
-- SWITCH_USER_CR3_NO_STACK
-+ SWITCH_USER_CR3
- SWAPGS
- jmp restore_regs_and_iret
- END(entry_INT80_compat)
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -63,20 +63,12 @@ _SWITCH_TO_KERNEL_CR3 %rax
- movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
- .endm
-
--.macro SWITCH_USER_CR3_NO_STACK
--movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
--_SWITCH_TO_USER_CR3 %rax %al
--movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
--.endm
--
- #else /* CONFIG_KAISER */
-
- .macro SWITCH_KERNEL_CR3 reg
- .endm
- .macro SWITCH_USER_CR3 reg regb
- .endm
--.macro SWITCH_USER_CR3_NO_STACK
--.endm
- .macro SWITCH_KERNEL_CR3_NO_STACK
- .endm
-
diff --git a/debian/patches/features/all/kpti/kaiser-pcid-0-for-kernel-and-128-for-user.patch b/debian/patches/features/all/kpti/kaiser-pcid-0-for-kernel-and-128-for-user.patch
deleted file mode 100644
index 7e8f7e2..0000000
--- a/debian/patches/features/all/kpti/kaiser-pcid-0-for-kernel-and-128-for-user.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Fri, 8 Sep 2017 19:26:30 -0700
-Subject: kaiser: PCID 0 for kernel and 128 for user
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Why was 4 chosen for kernel PCID and 6 for user PCID?
-No good reason in a backport where PCIDs are only used for Kaiser.
-
-If we continue with those, then we shall need to add Andy Lutomirski's
-4.13 commit 6c690ee1039b ("x86/mm: Split read_cr3() into read_cr3_pa()
-and __read_cr3()"), which deals with the problem of read_cr3() callers
-finding stray bits in the cr3 that they expected to be page-aligned;
-and for hibernation, his 4.14 commit f34902c5c6c0 ("x86/hibernate/64:
-Mask off CR3's PCID bits in the saved CR3").
-
-But if 0 is used for kernel PCID, then there's no need to add in those
-commits - whenever the kernel looks, it sees 0 in the lower bits; and
-0 for kernel seems an obvious choice.
-
-And I naughtily propose 128 for user PCID. Because there's a place
-in _SWITCH_TO_USER_CR3 where it takes note of the need for TLB FLUSH,
-but needs to reset that to NOFLUSH for the next occasion. Currently
-it does so with a "movb $(0x80)" into the high byte of the per-cpu
-quadword, but that will cause a machine without PCID support to crash.
-Now, if %al just happened to have 0x80 in it at that point, on a
-machine with PCID support, but 0 on a machine without PCID support...
-
-(That will go badly wrong once the pgd can be at a physical address
-above 2^56, but even with 5-level paging, physical goes up to 2^52.)
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/kaiser.h | 19 ++++++++++++-------
- arch/x86/include/asm/pgtable_types.h | 7 ++++---
- arch/x86/mm/tlb.c | 3 +++
- 3 files changed, 19 insertions(+), 10 deletions(-)
-
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -29,14 +29,19 @@ orq X86_CR3_PCID_KERN_VAR, \reg
- movq \reg, %cr3
- .endm
-
--.macro _SWITCH_TO_USER_CR3 reg
-+.macro _SWITCH_TO_USER_CR3 reg regb
-+/*
-+ * regb must be the low byte portion of reg: because we have arranged
-+ * for the low byte of the user PCID to serve as the high byte of NOFLUSH
-+ * (0x80 for each when PCID is enabled, or 0x00 when PCID and NOFLUSH are
-+ * not enabled): so that the one register can update both memory and cr3.
-+ */
- movq %cr3, \reg
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
- orq PER_CPU_VAR(X86_CR3_PCID_USER_VAR), \reg
- js 9f
--// FLUSH this time, reset to NOFLUSH for next time
--// But if nopcid? Consider using 0x80 for user pcid?
--movb $(0x80), PER_CPU_VAR(X86_CR3_PCID_USER_VAR+7)
-+/* FLUSH this time, reset to NOFLUSH for next time (if PCID enabled) */
-+movb \regb, PER_CPU_VAR(X86_CR3_PCID_USER_VAR+7)
- 9:
- movq \reg, %cr3
- .endm
-@@ -49,7 +54,7 @@ popq %rax
-
- .macro SWITCH_USER_CR3
- pushq %rax
--_SWITCH_TO_USER_CR3 %rax
-+_SWITCH_TO_USER_CR3 %rax %al
- popq %rax
- .endm
-
-@@ -61,7 +66,7 @@ movq PER_CPU_VAR(unsafe_stack_register_b
-
- .macro SWITCH_USER_CR3_NO_STACK
- movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
--_SWITCH_TO_USER_CR3 %rax
-+_SWITCH_TO_USER_CR3 %rax %al
- movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
- .endm
-
-@@ -69,7 +74,7 @@ movq PER_CPU_VAR(unsafe_stack_register_b
-
- .macro SWITCH_KERNEL_CR3 reg
- .endm
--.macro SWITCH_USER_CR3 reg
-+.macro SWITCH_USER_CR3 reg regb
- .endm
- .macro SWITCH_USER_CR3_NO_STACK
- .endm
---- a/arch/x86/include/asm/pgtable_types.h
-+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -146,16 +146,17 @@
-
- /* Mask for all the PCID-related bits in CR3: */
- #define X86_CR3_PCID_MASK (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_MASK)
-+#define X86_CR3_PCID_ASID_KERN (_AC(0x0,UL))
-+
- #if defined(CONFIG_KAISER) && defined(CONFIG_X86_64)
--#define X86_CR3_PCID_ASID_KERN (_AC(0x4,UL))
--#define X86_CR3_PCID_ASID_USER (_AC(0x6,UL))
-+/* Let X86_CR3_PCID_ASID_USER be usable for the X86_CR3_PCID_NOFLUSH bit */
-+#define X86_CR3_PCID_ASID_USER (_AC(0x80,UL))
-
- #define X86_CR3_PCID_KERN_FLUSH (X86_CR3_PCID_ASID_KERN)
- #define X86_CR3_PCID_USER_FLUSH (X86_CR3_PCID_ASID_USER)
- #define X86_CR3_PCID_KERN_NOFLUSH (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_KERN)
- #define X86_CR3_PCID_USER_NOFLUSH (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_USER)
- #else
--#define X86_CR3_PCID_ASID_KERN (_AC(0x0,UL))
- #define X86_CR3_PCID_ASID_USER (_AC(0x0,UL))
- /*
- * PCIDs are unsupported on 32-bit and none of these bits can be
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -50,6 +50,9 @@ static void load_new_mm_cr3(pgd_t *pgdir
- * invpcid_flush_single_context(X86_CR3_PCID_ASID_USER) could
- * do it here, but can only be used if X86_FEATURE_INVPCID is
- * available - and many machines support pcid without invpcid.
-+ *
-+ * The line below is a no-op: X86_CR3_PCID_KERN_FLUSH is now 0;
-+ * but keep that line in there in case something changes.
- */
- new_mm_cr3 |= X86_CR3_PCID_KERN_FLUSH;
- kaiser_flush_tlb_on_return_to_user();
diff --git a/debian/patches/features/all/kpti/kaiser-stack-map-page_size-at-thread_size-page_size.patch b/debian/patches/features/all/kpti/kaiser-stack-map-page_size-at-thread_size-page_size.patch
deleted file mode 100644
index 6ea3930..0000000
--- a/debian/patches/features/all/kpti/kaiser-stack-map-page_size-at-thread_size-page_size.patch
+++ /dev/null
@@ -1,139 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 18:57:03 -0700
-Subject: kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Kaiser only needs to map one page of the stack; and
-kernel/fork.c did not build on powerpc (no __PAGE_KERNEL).
-It's all cleaner if linux/kaiser.h provides kaiser_map_thread_stack()
-and kaiser_unmap_thread_stack() wrappers around asm/kaiser.h's
-kaiser_add_mapping() and kaiser_remove_mapping(). And use
-linux/kaiser.h in init/main.c to avoid the #ifdefs there.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- include/linux/kaiser.h | 40 +++++++++++++++++++++++++++++++++-------
- init/main.c | 6 +-----
- kernel/fork.c | 7 ++-----
- 3 files changed, 36 insertions(+), 17 deletions(-)
-
---- a/include/linux/kaiser.h
-+++ b/include/linux/kaiser.h
-@@ -1,26 +1,52 @@
--#ifndef _INCLUDE_KAISER_H
--#define _INCLUDE_KAISER_H
-+#ifndef _LINUX_KAISER_H
-+#define _LINUX_KAISER_H
-
- #ifdef CONFIG_KAISER
- #include <asm/kaiser.h>
-+
-+static inline int kaiser_map_thread_stack(void *stack)
-+{
-+ /*
-+ * Map that page of kernel stack on which we enter from user context.
-+ */
-+ return kaiser_add_mapping((unsigned long)stack +
-+ THREAD_SIZE - PAGE_SIZE, PAGE_SIZE, __PAGE_KERNEL);
-+}
-+
-+static inline void kaiser_unmap_thread_stack(void *stack)
-+{
-+ /*
-+ * Note: may be called even when kaiser_map_thread_stack() failed.
-+ */
-+ kaiser_remove_mapping((unsigned long)stack +
-+ THREAD_SIZE - PAGE_SIZE, PAGE_SIZE);
-+}
- #else
-
- /*
- * These stubs are used whenever CONFIG_KAISER is off, which
-- * includes architectures that support KAISER, but have it
-- * disabled.
-+ * includes architectures that support KAISER, but have it disabled.
- */
-
- static inline void kaiser_init(void)
- {
- }
--static inline void kaiser_remove_mapping(unsigned long start, unsigned long size)
-+static inline int kaiser_add_mapping(unsigned long addr,
-+ unsigned long size, unsigned long flags)
-+{
-+ return 0;
-+}
-+static inline void kaiser_remove_mapping(unsigned long start,
-+ unsigned long size)
- {
- }
--static inline int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
-+static inline int kaiser_map_thread_stack(void *stack)
- {
- return 0;
- }
-+static inline void kaiser_unmap_thread_stack(void *stack)
-+{
-+}
-
- #endif /* !CONFIG_KAISER */
--#endif /* _INCLUDE_KAISER_H */
-+#endif /* _LINUX_KAISER_H */
---- a/init/main.c
-+++ b/init/main.c
-@@ -80,15 +80,13 @@
- #include <linux/integrity.h>
- #include <linux/proc_ns.h>
- #include <linux/io.h>
-+#include <linux/kaiser.h>
-
- #include <asm/io.h>
- #include <asm/bugs.h>
- #include <asm/setup.h>
- #include <asm/sections.h>
- #include <asm/cacheflush.h>
--#ifdef CONFIG_KAISER
--#include <asm/kaiser.h>
--#endif
-
- static int kernel_init(void *);
-
-@@ -476,9 +474,7 @@ static void __init mm_init(void)
- pgtable_init();
- vmalloc_init();
- ioremap_huge_init();
--#ifdef CONFIG_KAISER
- kaiser_init();
--#endif
- }
-
- asmlinkage __visible void __init start_kernel(void)
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -212,12 +212,9 @@ static unsigned long *alloc_thread_stack
- #endif
- }
-
--extern void kaiser_remove_mapping(unsigned long start_addr, unsigned long size);
- static inline void free_thread_stack(struct task_struct *tsk)
- {
--#ifdef CONFIG_KAISER
-- kaiser_remove_mapping((unsigned long)tsk->stack, THREAD_SIZE);
--#endif
-+ kaiser_unmap_thread_stack(tsk->stack);
- #ifdef CONFIG_VMAP_STACK
- if (task_stack_vm_area(tsk)) {
- unsigned long flags;
-@@ -501,7 +498,7 @@ static struct task_struct *dup_task_stru
- */
- tsk->stack = stack;
-
-- err= kaiser_add_mapping((unsigned long)tsk->stack, THREAD_SIZE, __PAGE_KERNEL);
-+ err= kaiser_map_thread_stack(tsk->stack);
- if (err)
- goto free_stack;
- #ifdef CONFIG_VMAP_STACK
diff --git a/debian/patches/features/all/kpti/kaiser-tidied-up-asm-kaiser.h-somewhat.patch b/debian/patches/features/all/kpti/kaiser-tidied-up-asm-kaiser.h-somewhat.patch
deleted file mode 100644
index 2007d66..0000000
--- a/debian/patches/features/all/kpti/kaiser-tidied-up-asm-kaiser.h-somewhat.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 19:18:07 -0700
-Subject: kaiser: tidied up asm/kaiser.h somewhat
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Mainly deleting a surfeit of blank lines, and reflowing header comment.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/kaiser.h | 32 +++++++++++++-------------------
- 1 file changed, 13 insertions(+), 19 deletions(-)
-
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -1,15 +1,17 @@
- #ifndef _ASM_X86_KAISER_H
- #define _ASM_X86_KAISER_H
--
--/* This file includes the definitions for the KAISER feature.
-- * KAISER is a counter measure against x86_64 side channel attacks on the kernel virtual memory.
-- * It has a shodow-pgd for every process. the shadow-pgd has a minimalistic kernel-set mapped,
-- * but includes the whole user memory. Within a kernel context switch, or when an interrupt is handled,
-- * the pgd is switched to the normal one. When the system switches to user mode, the shadow pgd is enabled.
-- * By this, the virtual memory chaches are freed, and the user may not attack the whole kernel memory.
-+/*
-+ * This file includes the definitions for the KAISER feature.
-+ * KAISER is a counter measure against x86_64 side channel attacks on
-+ * the kernel virtual memory. It has a shadow pgd for every process: the
-+ * shadow pgd has a minimalistic kernel-set mapped, but includes the whole
-+ * user memory. Within a kernel context switch, or when an interrupt is handled,
-+ * the pgd is switched to the normal one. When the system switches to user mode,
-+ * the shadow pgd is enabled. By this, the virtual memory caches are freed,
-+ * and the user may not attack the whole kernel memory.
- *
-- * A minimalistic kernel mapping holds the parts needed to be mapped in user mode, as the entry/exit functions
-- * of the user space, or the stacks.
-+ * A minimalistic kernel mapping holds the parts needed to be mapped in user
-+ * mode, such as the entry/exit functions of the user space, or the stacks.
- */
- #ifdef __ASSEMBLY__
- #ifdef CONFIG_KAISER
-@@ -48,13 +50,10 @@ _SWITCH_TO_KERNEL_CR3 %rax
- movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
- .endm
-
--
- .macro SWITCH_USER_CR3_NO_STACK
--
- movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
- _SWITCH_TO_USER_CR3 %rax
- movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
--
- .endm
-
- #else /* CONFIG_KAISER */
-@@ -72,7 +71,6 @@ movq PER_CPU_VAR(unsafe_stack_register_b
-
- #else /* __ASSEMBLY__ */
-
--
- #ifdef CONFIG_KAISER
- /*
- * Upon kernel/user mode switch, it may happen that the address
-@@ -80,7 +78,6 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- * stored. To change the address space, another register is
- * needed. A register therefore has to be stored/restored.
- */
--
- DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-
- /**
-@@ -95,7 +92,6 @@ DECLARE_PER_CPU_USER_MAPPED(unsigned lon
- */
- extern int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
-
--
- /**
- * kaiser_remove_mapping - unmap a virtual memory part of the shadow mapping
- * @addr: the start address of the range
-@@ -104,12 +100,12 @@ extern int kaiser_add_mapping(unsigned l
- extern void kaiser_remove_mapping(unsigned long start, unsigned long size);
-
- /**
-- * kaiser_initialize_mapping - Initalize the shadow mapping
-+ * kaiser_init - Initialize the shadow mapping
- *
- * Most parts of the shadow mapping can be mapped upon boot
- * time. Only per-process things like the thread stacks
- * or a new LDT have to be mapped at runtime. These boot-
-- * time mappings are permanent and nevertunmapped.
-+ * time mappings are permanent and never unmapped.
- */
- extern void kaiser_init(void);
-
-@@ -117,6 +113,4 @@ extern void kaiser_init(void);
-
- #endif /* __ASSEMBLY */
-
--
--
- #endif /* _ASM_X86_KAISER_H */
diff --git a/debian/patches/features/all/kpti/kaiser-tidied-up-kaiser_add-remove_mapping-slightly.patch b/debian/patches/features/all/kpti/kaiser-tidied-up-kaiser_add-remove_mapping-slightly.patch
deleted file mode 100644
index 4bb0110..0000000
--- a/debian/patches/features/all/kpti/kaiser-tidied-up-kaiser_add-remove_mapping-slightly.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 3 Sep 2017 19:23:08 -0700
-Subject: kaiser: tidied up kaiser_add/remove_mapping slightly
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Yes, unmap_pud_range_nofree()'s declaration ought to be in a
-header file really, but I'm not sure we want to use it anyway:
-so for now just declare it inside kaiser_remove_mapping().
-And there doesn't seem to be such a thing as unmap_p4d_range(),
-even in a 5-level paging tree.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -285,8 +285,7 @@ void __init kaiser_init(void)
- __PAGE_KERNEL);
- }
-
--extern void unmap_pud_range_nofree(pgd_t *pgd, unsigned long start, unsigned long end);
--// add a mapping to the shadow-mapping, and synchronize the mappings
-+/* Add a mapping to the shadow mapping, and synchronize the mappings */
- int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags)
- {
- return kaiser_add_user_map((const void *)addr, size, flags);
-@@ -294,15 +293,13 @@ int kaiser_add_mapping(unsigned long add
-
- void kaiser_remove_mapping(unsigned long start, unsigned long size)
- {
-+ extern void unmap_pud_range_nofree(pgd_t *pgd,
-+ unsigned long start, unsigned long end);
- unsigned long end = start + size;
- unsigned long addr;
-
- for (addr = start; addr < end; addr += PGDIR_SIZE) {
- pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(addr));
-- /*
-- * unmap_p4d_range() handles > P4D_SIZE unmaps,
-- * so no need to trim 'end'.
-- */
- unmap_pud_range_nofree(pgd, addr, end);
- }
- }
diff --git a/debian/patches/features/all/kpti/kaiser-use-alternative-instead-of-x86_cr3_pcid_noflush.patch b/debian/patches/features/all/kpti/kaiser-use-alternative-instead-of-x86_cr3_pcid_noflush.patch
deleted file mode 100644
index 44bbb7a..0000000
--- a/debian/patches/features/all/kpti/kaiser-use-alternative-instead-of-x86_cr3_pcid_noflush.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Tue, 3 Oct 2017 20:49:04 -0700
-Subject: kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Now that we're playing the ALTERNATIVE game, use that more efficient
-method: instead of user-mapping an extra page, and reading an extra
-cacheline each time for x86_cr3_pcid_noflush.
-
-Neel has found that __stringify(bts $X86_CR3_PCID_NOFLUSH_BIT, %rax)
-is a working substitute for the "bts $63, %rax" in these ALTERNATIVEs;
-but the one line with $63 in looks clearer, so let's stick with that.
-
-Worried about what happens with an ALTERNATIVE between the jump and
-jump label in another ALTERNATIVE? I was, but have checked the
-combinations in SWITCH_KERNEL_CR3_NO_STACK at entry_SYSCALL_64,
-and it does a good job.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Jiri Kosina <jkosina at suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 7 ++++---
- arch/x86/include/asm/kaiser.h | 6 +++---
- arch/x86/mm/kaiser.c | 11 +----------
- 3 files changed, 8 insertions(+), 16 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1084,7 +1084,8 @@ ENTRY(paranoid_entry)
- jz 2f
- orl $2, %ebx
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-- orq x86_cr3_pcid_noflush, %rax
-+ /* If PCID enabled, set X86_CR3_PCID_NOFLUSH_BIT */
-+ ALTERNATIVE "", "bts $63, %rax", X86_FEATURE_PCID
- movq %rax, %cr3
- 2:
- #endif
-@@ -1344,7 +1345,7 @@ ENTRY(nmi)
- /* %rax is saved above, so OK to clobber here */
- ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
- /* If PCID enabled, NOFLUSH now and NOFLUSH on return */
-- orq x86_cr3_pcid_noflush, %rax
-+ ALTERNATIVE "", "bts $63, %rax", X86_FEATURE_PCID
- pushq %rax
- /* mask off "user" bit of pgd address and 12 PCID bits: */
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-@@ -1588,7 +1589,7 @@ end_repeat_nmi:
- /* %rax is saved above, so OK to clobber here */
- ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
- /* If PCID enabled, NOFLUSH now and NOFLUSH on return */
-- orq x86_cr3_pcid_noflush, %rax
-+ ALTERNATIVE "", "bts $63, %rax", X86_FEATURE_PCID
- pushq %rax
- /* mask off "user" bit of pgd address and 12 PCID bits: */
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -25,7 +25,8 @@
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
--orq x86_cr3_pcid_noflush, \reg
-+/* If PCID enabled, set X86_CR3_PCID_NOFLUSH_BIT */
-+ALTERNATIVE "", "bts $63, \reg", X86_FEATURE_PCID
- movq \reg, %cr3
- .endm
-
-@@ -39,7 +40,7 @@ movq \reg, %cr3
- movq %cr3, \reg
- orq PER_CPU_VAR(x86_cr3_pcid_user), \reg
- js 9f
--/* FLUSH this time, reset to NOFLUSH for next time (if PCID enabled) */
-+/* If PCID enabled, FLUSH this time, reset to NOFLUSH for next time */
- movb \regb, PER_CPU_VAR(x86_cr3_pcid_user+7)
- 9:
- movq \reg, %cr3
-@@ -90,7 +91,6 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- */
- DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-
--extern unsigned long x86_cr3_pcid_noflush;
- DECLARE_PER_CPU(unsigned long, x86_cr3_pcid_user);
-
- extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -31,7 +31,6 @@ DEFINE_PER_CPU_USER_MAPPED(unsigned long
- * This is also handy because systems that do not support PCIDs
- * just end up or'ing a 0 into their CR3, which does no harm.
- */
--unsigned long x86_cr3_pcid_noflush __read_mostly;
- DEFINE_PER_CPU(unsigned long, x86_cr3_pcid_user);
-
- /*
-@@ -356,10 +355,6 @@ void __init kaiser_init(void)
- kaiser_add_user_map_early(&debug_idt_table,
- sizeof(gate_desc) * NR_VECTORS,
- __PAGE_KERNEL);
--
-- kaiser_add_user_map_early(&x86_cr3_pcid_noflush,
-- sizeof(x86_cr3_pcid_noflush),
-- __PAGE_KERNEL);
- }
-
- /* Add a mapping to the shadow mapping, and synchronize the mappings */
-@@ -433,18 +428,14 @@ pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp,
-
- void kaiser_setup_pcid(void)
- {
-- unsigned long kern_cr3 = 0;
- unsigned long user_cr3 = KAISER_SHADOW_PGD_OFFSET;
-
-- if (this_cpu_has(X86_FEATURE_PCID)) {
-- kern_cr3 |= X86_CR3_PCID_KERN_NOFLUSH;
-+ if (this_cpu_has(X86_FEATURE_PCID))
- user_cr3 |= X86_CR3_PCID_USER_NOFLUSH;
-- }
- /*
- * These variables are used by the entry/exit
- * code to change PCID and pgd and TLB flushing.
- */
-- x86_cr3_pcid_noflush = kern_cr3;
- this_cpu_write(x86_cr3_pcid_user, user_cr3);
- }
-
diff --git a/debian/patches/features/all/kpti/kaiser-vmstat-show-nr_kaisertable-as-nr_overhead.patch b/debian/patches/features/all/kpti/kaiser-vmstat-show-nr_kaisertable-as-nr_overhead.patch
deleted file mode 100644
index f7c6026..0000000
--- a/debian/patches/features/all/kpti/kaiser-vmstat-show-nr_kaisertable-as-nr_overhead.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sat, 9 Sep 2017 21:27:32 -0700
-Subject: kaiser: vmstat show NR_KAISERTABLE as nr_overhead
-
-From: Hugh Dickins <hughd at google.com>
-
-
-The kaiser update made an interesting choice, never to free any shadow
-page tables. Contention on global spinlock was worrying, particularly
-with it held across page table scans when freeing. Something had to be
-done: I was going to add refcounting; but simply never to free them is
-an appealing choice, minimizing contention without complicating the code
-(the more a page table is found already, the less the spinlock is used).
-
-But leaking pages in this way is also a worry: can we get away with it?
-At the very least, we need a count to show how bad it actually gets:
-in principle, one might end up wasting about 1/256 of memory that way
-(1/512 for when direct-mapped pages have to be user-mapped, plus 1/512
-for when they are user-mapped from the vmalloc area on another occasion
-(but we don't have vmalloc'ed stacks, so only large ldts are vmalloc'ed).
-
-Add per-cpu stat NR_KAISERTABLE: including 256 at startup for the
-shared pgd entries, and 1 for each intermediate page table added
-thereafter for user-mapping - but leave out the 1 per mm, for its
-shadow pgd, because that distracts from the monotonic increase.
-Shown in /proc/vmstat as nr_overhead (0 if kaiser not enabled).
-
-In practice, it doesn't look so bad so far: more like 1/12000 after
-nine hours of gtests below; and movable pageblock segregation should
-tend to cluster the kaiser tables into a subset of the address space
-(if not, they will be bad for compaction too). But production may
-tell a different story: keep an eye on this number, and bring back
-lighter freeing if it gets out of control (maybe a shrinker).
-
-["nr_overhead" should of course say "nr_kaisertable", if it needs
-to stay; but for the moment we are being coy, preferring that when
-Joe Blow notices a new line in his /proc/vmstat, he does not get
-too curious about what this "kaiser" stuff might be.]
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 16 +++++++++++-----
- include/linux/mmzone.h | 3 ++-
- mm/vmstat.c | 1 +
- 3 files changed, 14 insertions(+), 6 deletions(-)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -121,9 +121,11 @@ static pte_t *kaiser_pagetable_walk(unsi
- if (!new_pmd_page)
- return NULL;
- spin_lock(&shadow_table_allocation_lock);
-- if (pud_none(*pud))
-+ if (pud_none(*pud)) {
- set_pud(pud, __pud(_KERNPG_TABLE | __pa(new_pmd_page)));
-- else
-+ __inc_zone_page_state(virt_to_page((void *)
-+ new_pmd_page), NR_KAISERTABLE);
-+ } else
- free_page(new_pmd_page);
- spin_unlock(&shadow_table_allocation_lock);
- }
-@@ -139,9 +141,11 @@ static pte_t *kaiser_pagetable_walk(unsi
- if (!new_pte_page)
- return NULL;
- spin_lock(&shadow_table_allocation_lock);
-- if (pmd_none(*pmd))
-+ if (pmd_none(*pmd)) {
- set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(new_pte_page)));
-- else
-+ __inc_zone_page_state(virt_to_page((void *)
-+ new_pte_page), NR_KAISERTABLE);
-+ } else
- free_page(new_pte_page);
- spin_unlock(&shadow_table_allocation_lock);
- }
-@@ -205,11 +209,13 @@ static void __init kaiser_init_all_pgds(
- pgd = native_get_shadow_pgd(pgd_offset_k((unsigned long )0));
- for (i = PTRS_PER_PGD / 2; i < PTRS_PER_PGD; i++) {
- pgd_t new_pgd;
-- pud_t *pud = pud_alloc_one(&init_mm, PAGE_OFFSET + i * PGDIR_SIZE);
-+ pud_t *pud = pud_alloc_one(&init_mm,
-+ PAGE_OFFSET + i * PGDIR_SIZE);
- if (!pud) {
- WARN_ON(1);
- break;
- }
-+ inc_zone_page_state(virt_to_page(pud), NR_KAISERTABLE);
- new_pgd = __pgd(_KERNPG_TABLE |__pa(pud));
- /*
- * Make sure not to stomp on some other pgd entry.
---- a/include/linux/mmzone.h
-+++ b/include/linux/mmzone.h
-@@ -124,8 +124,9 @@ enum zone_stat_item {
- NR_SLAB_UNRECLAIMABLE,
- NR_PAGETABLE, /* used for pagetables */
- NR_KERNEL_STACK_KB, /* measured in KiB */
-- /* Second 128 byte cacheline */
-+ NR_KAISERTABLE,
- NR_BOUNCE,
-+ /* Second 128 byte cacheline */
- #if IS_ENABLED(CONFIG_ZSMALLOC)
- NR_ZSPAGES, /* allocated in zsmalloc */
- #endif
---- a/mm/vmstat.c
-+++ b/mm/vmstat.c
-@@ -932,6 +932,7 @@ const char * const vmstat_text[] = {
- "nr_slab_unreclaimable",
- "nr_page_table_pages",
- "nr_kernel_stack",
-+ "nr_overhead",
- "nr_bounce",
- #if IS_ENABLED(CONFIG_ZSMALLOC)
- "nr_zspages",
diff --git a/debian/patches/features/all/kpti/kaiser-x86_cr3_pcid_noflush-and-x86_cr3_pcid_user.patch b/debian/patches/features/all/kpti/kaiser-x86_cr3_pcid_noflush-and-x86_cr3_pcid_user.patch
deleted file mode 100644
index 2098b48..0000000
--- a/debian/patches/features/all/kpti/kaiser-x86_cr3_pcid_noflush-and-x86_cr3_pcid_user.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Hugh Dickins <hughd at google.com>
-Date: Sun, 27 Aug 2017 16:24:27 -0700
-Subject: kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
-
-From: Hugh Dickins <hughd at google.com>
-
-
-Mostly this commit is just unshouting X86_CR3_PCID_KERN_VAR and
-X86_CR3_PCID_USER_VAR: we usually name variables in lower-case.
-
-But why does x86_cr3_pcid_noflush need to be __aligned(PAGE_SIZE)?
-Ah, it's a leftover from when kaiser_add_user_map() once complained
-about mapping the same page twice. Make it __read_mostly instead.
-(I'm a little uneasy about all the unrelated data which shares its
-page getting user-mapped too, but that was so before, and not a big
-deal: though we call it user-mapped, it's not mapped with _PAGE_USER.)
-
-And there is a little change around the two calls to do_nmi().
-Previously they set the NOFLUSH bit (if PCID supported) when
-forcing to kernel context before do_nmi(); now they also have the
-NOFLUSH bit set (if PCID supported) when restoring context after:
-nothing done in do_nmi() should require a TLB to be flushed here.
-
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/entry/entry_64.S | 8 ++++----
- arch/x86/include/asm/kaiser.h | 11 +++++------
- arch/x86/mm/kaiser.c | 13 +++++++------
- 3 files changed, 16 insertions(+), 16 deletions(-)
-
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1316,11 +1316,11 @@ ENTRY(nmi)
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
- movq %cr3, %rax
-+ /* If PCID enabled, NOFLUSH now and NOFLUSH on return */
-+ orq x86_cr3_pcid_noflush, %rax
- pushq %rax
- /* mask off "user" bit of pgd address and 12 PCID bits: */
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-- /* Add back kernel PCID and "no flush" bit */
-- orq X86_CR3_PCID_KERN_VAR, %rax
- movq %rax, %cr3
- #endif
- call do_nmi
-@@ -1560,11 +1560,11 @@ end_repeat_nmi:
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
- movq %cr3, %rax
-+ /* If PCID enabled, NOFLUSH now and NOFLUSH on return */
-+ orq x86_cr3_pcid_noflush, %rax
- pushq %rax
- /* mask off "user" bit of pgd address and 12 PCID bits: */
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), %rax
-- /* Add back kernel PCID and "no flush" bit */
-- orq X86_CR3_PCID_KERN_VAR, %rax
- movq %rax, %cr3
- #endif
-
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -25,7 +25,7 @@
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
- andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
--orq X86_CR3_PCID_KERN_VAR, \reg
-+orq x86_cr3_pcid_noflush, \reg
- movq \reg, %cr3
- .endm
-
-@@ -37,11 +37,10 @@ movq \reg, %cr3
- * not enabled): so that the one register can update both memory and cr3.
- */
- movq %cr3, \reg
--andq $(~(X86_CR3_PCID_ASID_MASK | KAISER_SHADOW_PGD_OFFSET)), \reg
--orq PER_CPU_VAR(X86_CR3_PCID_USER_VAR), \reg
-+orq PER_CPU_VAR(x86_cr3_pcid_user), \reg
- js 9f
- /* FLUSH this time, reset to NOFLUSH for next time (if PCID enabled) */
--movb \regb, PER_CPU_VAR(X86_CR3_PCID_USER_VAR+7)
-+movb \regb, PER_CPU_VAR(x86_cr3_pcid_user+7)
- 9:
- movq \reg, %cr3
- .endm
-@@ -94,8 +93,8 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- */
- DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
-
--extern unsigned long X86_CR3_PCID_KERN_VAR;
--DECLARE_PER_CPU(unsigned long, X86_CR3_PCID_USER_VAR);
-+extern unsigned long x86_cr3_pcid_noflush;
-+DECLARE_PER_CPU(unsigned long, x86_cr3_pcid_user);
-
- extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -28,8 +28,8 @@ DEFINE_PER_CPU_USER_MAPPED(unsigned long
- * This is also handy because systems that do not support PCIDs
- * just end up or'ing a 0 into their CR3, which does no harm.
- */
--__aligned(PAGE_SIZE) unsigned long X86_CR3_PCID_KERN_VAR;
--DEFINE_PER_CPU(unsigned long, X86_CR3_PCID_USER_VAR);
-+unsigned long x86_cr3_pcid_noflush __read_mostly;
-+DEFINE_PER_CPU(unsigned long, x86_cr3_pcid_user);
-
- /*
- * At runtime, the only things we map are some things for CPU
-@@ -303,7 +303,8 @@ void __init kaiser_init(void)
- sizeof(gate_desc) * NR_VECTORS,
- __PAGE_KERNEL);
-
-- kaiser_add_user_map_early(&X86_CR3_PCID_KERN_VAR, PAGE_SIZE,
-+ kaiser_add_user_map_early(&x86_cr3_pcid_noflush,
-+ sizeof(x86_cr3_pcid_noflush),
- __PAGE_KERNEL);
- }
-
-@@ -381,8 +382,8 @@ void kaiser_setup_pcid(void)
- * These variables are used by the entry/exit
- * code to change PCID and pgd and TLB flushing.
- */
-- X86_CR3_PCID_KERN_VAR = kern_cr3;
-- this_cpu_write(X86_CR3_PCID_USER_VAR, user_cr3);
-+ x86_cr3_pcid_noflush = kern_cr3;
-+ this_cpu_write(x86_cr3_pcid_user, user_cr3);
- }
-
- /*
-@@ -392,7 +393,7 @@ void kaiser_setup_pcid(void)
- */
- void kaiser_flush_tlb_on_return_to_user(void)
- {
-- this_cpu_write(X86_CR3_PCID_USER_VAR,
-+ this_cpu_write(x86_cr3_pcid_user,
- X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
- }
- EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
diff --git a/debian/patches/features/all/kpti/kpti-rename-to-page_table_isolation.patch b/debian/patches/features/all/kpti/kpti-rename-to-page_table_isolation.patch
deleted file mode 100644
index f77732d..0000000
--- a/debian/patches/features/all/kpti/kpti-rename-to-page_table_isolation.patch
+++ /dev/null
@@ -1,329 +0,0 @@
-From keescook at chromium.org Wed Jan 3 20:47:22 2018
-From: Kees Cook <keescook at chromium.org>
-Date: Wed, 3 Jan 2018 10:17:35 -0800
-Subject: KPTI: Rename to PAGE_TABLE_ISOLATION
-To: Greg KH <gregkh at linuxfoundation.org>
-Message-ID: <20180103181735.GA33341 at beast>
-Content-Disposition: inline
-
-From: Kees Cook <keescook at chromium.org>
-
-This renames CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION.
-
-Signed-off-by: Kees Cook <keescook at chromium.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/boot/compressed/misc.h | 2 +-
- arch/x86/entry/entry_64.S | 12 ++++++------
- arch/x86/events/intel/ds.c | 4 ++--
- arch/x86/include/asm/cpufeatures.h | 2 +-
- arch/x86/include/asm/kaiser.h | 12 ++++++------
- arch/x86/include/asm/pgtable.h | 4 ++--
- arch/x86/include/asm/pgtable_64.h | 4 ++--
- arch/x86/include/asm/pgtable_types.h | 2 +-
- arch/x86/include/asm/tlbflush.h | 2 +-
- arch/x86/kernel/head_64.S | 2 +-
- arch/x86/mm/Makefile | 2 +-
- arch/x86/mm/kaslr.c | 2 +-
- include/linux/kaiser.h | 6 +++---
- include/linux/percpu-defs.h | 2 +-
- security/Kconfig | 2 +-
- tools/arch/x86/include/asm/cpufeatures.h | 2 +-
- 16 files changed, 31 insertions(+), 31 deletions(-)
-
---- a/arch/x86/boot/compressed/misc.h
-+++ b/arch/x86/boot/compressed/misc.h
-@@ -9,7 +9,7 @@
- */
- #undef CONFIG_PARAVIRT
- #undef CONFIG_PARAVIRT_SPINLOCKS
--#undef CONFIG_KAISER
-+#undef CONFIG_PAGE_TABLE_ISOLATION
- #undef CONFIG_KASAN
-
- #include <linux/linkage.h>
---- a/arch/x86/entry/entry_64.S
-+++ b/arch/x86/entry/entry_64.S
-@@ -1071,7 +1071,7 @@ ENTRY(paranoid_entry)
- SWAPGS
- xorl %ebx, %ebx
- 1:
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /*
- * We might have come in between a swapgs and a SWITCH_KERNEL_CR3
- * on entry, or between a SWITCH_USER_CR3 and a swapgs on exit.
-@@ -1111,7 +1111,7 @@ ENTRY(paranoid_exit)
- DISABLE_INTERRUPTS(CLBR_NONE)
- TRACE_IRQS_OFF_DEBUG
- TRACE_IRQS_IRETQ_DEBUG
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /* No ALTERNATIVE for X86_FEATURE_KAISER: paranoid_entry sets %ebx */
- testl $2, %ebx /* SWITCH_USER_CR3 needed? */
- jz paranoid_exit_no_switch
-@@ -1340,7 +1340,7 @@ ENTRY(nmi)
-
- movq %rsp, %rdi
- movq $-1, %rsi
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
- ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
-@@ -1354,7 +1354,7 @@ ENTRY(nmi)
- #endif
- call do_nmi
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /*
- * Unconditionally restore CR3. I know we return to
- * kernel code that needs user CR3, but do we ever return
-@@ -1584,7 +1584,7 @@ end_repeat_nmi:
- 1:
- movq %rsp, %rdi
- movq $-1, %rsi
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /* Unconditionally use kernel CR3 for do_nmi() */
- /* %rax is saved above, so OK to clobber here */
- ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER
-@@ -1600,7 +1600,7 @@ end_repeat_nmi:
- /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
- call do_nmi
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /*
- * Unconditionally restore CR3. We might be returning to
- * kernel code that needs user CR3, like just just before
---- a/arch/x86/events/intel/ds.c
-+++ b/arch/x86/events/intel/ds.c
-@@ -274,7 +274,7 @@ static DEFINE_PER_CPU(void *, insn_buffe
-
- static void *dsalloc(size_t size, gfp_t flags, int node)
- {
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- unsigned int order = get_order(size);
- struct page *page;
- unsigned long addr;
-@@ -295,7 +295,7 @@ static void *dsalloc(size_t size, gfp_t
-
- static void dsfree(const void *buffer, size_t size)
- {
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- if (!buffer)
- return;
- kaiser_remove_mapping((unsigned long)buffer, size);
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -199,7 +199,7 @@
- #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */
-
- /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
--#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */
-+#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */
-
- /* Virtualization flags: Linux defined, word 8 */
- #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -20,7 +20,7 @@
- #define KAISER_SHADOW_PGD_OFFSET 0x1000
-
- #ifdef __ASSEMBLY__
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
-
- .macro _SWITCH_TO_KERNEL_CR3 reg
- movq %cr3, \reg
-@@ -69,7 +69,7 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- 8:
- .endm
-
--#else /* CONFIG_KAISER */
-+#else /* CONFIG_PAGE_TABLE_ISOLATION */
-
- .macro SWITCH_KERNEL_CR3
- .endm
-@@ -78,11 +78,11 @@ movq PER_CPU_VAR(unsafe_stack_register_b
- .macro SWITCH_KERNEL_CR3_NO_STACK
- .endm
-
--#endif /* CONFIG_KAISER */
-+#endif /* CONFIG_PAGE_TABLE_ISOLATION */
-
- #else /* __ASSEMBLY__ */
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /*
- * Upon kernel/user mode switch, it may happen that the address
- * space has to be switched before the registers have been
-@@ -100,10 +100,10 @@ extern void __init kaiser_check_boottime
- #else
- #define kaiser_enabled 0
- static inline void __init kaiser_check_boottime_disable(void) {}
--#endif /* CONFIG_KAISER */
-+#endif /* CONFIG_PAGE_TABLE_ISOLATION */
-
- /*
-- * Kaiser function prototypes are needed even when CONFIG_KAISER is not set,
-+ * Kaiser function prototypes are needed even when CONFIG_PAGE_TABLE_ISOLATION is not set,
- * so as to build with tests on kaiser_enabled instead of #ifdefs.
- */
-
---- a/arch/x86/include/asm/pgtable.h
-+++ b/arch/x86/include/asm/pgtable.h
-@@ -18,7 +18,7 @@
- #ifndef __ASSEMBLY__
- #include <asm/x86_init.h>
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- extern int kaiser_enabled;
- #else
- #define kaiser_enabled 0
-@@ -920,7 +920,7 @@ static inline void pmdp_set_wrprotect(st
- static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
- {
- memcpy(dst, src, count * sizeof(pgd_t));
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- if (kaiser_enabled) {
- /* Clone the shadow pgd part as well */
- memcpy(native_get_shadow_pgd(dst),
---- a/arch/x86/include/asm/pgtable_64.h
-+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -106,7 +106,7 @@ static inline void native_pud_clear(pud_
- native_set_pud(pud, native_make_pud(0));
- }
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- extern pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd);
-
- static inline pgd_t *native_get_shadow_pgd(pgd_t *pgdp)
-@@ -127,7 +127,7 @@ static inline pgd_t *native_get_shadow_p
- BUILD_BUG_ON(1);
- return NULL;
- }
--#endif /* CONFIG_KAISER */
-+#endif /* CONFIG_PAGE_TABLE_ISOLATION */
-
- static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
- {
---- a/arch/x86/include/asm/pgtable_types.h
-+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -144,7 +144,7 @@
- #define X86_CR3_PCID_MASK (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_MASK)
- #define X86_CR3_PCID_ASID_KERN (_AC(0x0,UL))
-
--#if defined(CONFIG_KAISER) && defined(CONFIG_X86_64)
-+#if defined(CONFIG_PAGE_TABLE_ISOLATION) && defined(CONFIG_X86_64)
- /* Let X86_CR3_PCID_ASID_USER be usable for the X86_CR3_PCID_NOFLUSH bit */
- #define X86_CR3_PCID_ASID_USER (_AC(0x80,UL))
-
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -136,7 +136,7 @@ static inline void cr4_set_bits_and_upda
- * Declare a couple of kaiser interfaces here for convenience,
- * to avoid the need for asm/kaiser.h in unexpected places.
- */
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- extern int kaiser_enabled;
- extern void kaiser_setup_pcid(void);
- extern void kaiser_flush_tlb_on_return_to_user(void);
---- a/arch/x86/kernel/head_64.S
-+++ b/arch/x86/kernel/head_64.S
-@@ -405,7 +405,7 @@ GLOBAL(early_recursion_flag)
- .balign PAGE_SIZE; \
- GLOBAL(name)
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- /*
- * Each PGD needs to be 8k long and 8k aligned. We do not
- * ever go out to userspace with these, so we do not
---- a/arch/x86/mm/Makefile
-+++ b/arch/x86/mm/Makefile
-@@ -38,4 +38,4 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulatio
- obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
- obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
- obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
--obj-$(CONFIG_KAISER) += kaiser.o
-+obj-$(CONFIG_PAGE_TABLE_ISOLATION) += kaiser.o
---- a/arch/x86/mm/kaslr.c
-+++ b/arch/x86/mm/kaslr.c
-@@ -189,6 +189,6 @@ void __meminit init_trampoline(void)
- *pud_tramp = *pud;
- }
-
-- /* Avoid set_pgd(), in case it's complicated by CONFIG_KAISER */
-+ /* Avoid set_pgd(), in case it's complicated by CONFIG_PAGE_TABLE_ISOLATION */
- trampoline_pgd_entry = __pgd(_KERNPG_TABLE | __pa(pud_page_tramp));
- }
---- a/include/linux/kaiser.h
-+++ b/include/linux/kaiser.h
-@@ -1,7 +1,7 @@
- #ifndef _LINUX_KAISER_H
- #define _LINUX_KAISER_H
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- #include <asm/kaiser.h>
-
- static inline int kaiser_map_thread_stack(void *stack)
-@@ -24,7 +24,7 @@ static inline void kaiser_unmap_thread_s
- #else
-
- /*
-- * These stubs are used whenever CONFIG_KAISER is off, which
-+ * These stubs are used whenever CONFIG_PAGE_TABLE_ISOLATION is off, which
- * includes architectures that support KAISER, but have it disabled.
- */
-
-@@ -48,5 +48,5 @@ static inline void kaiser_unmap_thread_s
- {
- }
-
--#endif /* !CONFIG_KAISER */
-+#endif /* !CONFIG_PAGE_TABLE_ISOLATION */
- #endif /* _LINUX_KAISER_H */
---- a/include/linux/percpu-defs.h
-+++ b/include/linux/percpu-defs.h
-@@ -35,7 +35,7 @@
-
- #endif
-
--#ifdef CONFIG_KAISER
-+#ifdef CONFIG_PAGE_TABLE_ISOLATION
- #define USER_MAPPED_SECTION "..user_mapped"
- #else
- #define USER_MAPPED_SECTION ""
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -31,7 +31,7 @@ config SECURITY
-
- If you are unsure how to answer this question, answer N.
-
--config KAISER
-+config PAGE_TABLE_ISOLATION
- bool "Remove the kernel mapping in user mode"
- default y
- depends on X86_64 && SMP
---- a/tools/arch/x86/include/asm/cpufeatures.h
-+++ b/tools/arch/x86/include/asm/cpufeatures.h
-@@ -198,7 +198,7 @@
- #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */
-
- /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
--#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */
-+#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */
-
- /* Virtualization flags: Linux defined, word 8 */
- #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
diff --git a/debian/patches/features/all/kpti/kpti-report-when-enabled.patch b/debian/patches/features/all/kpti/kpti-report-when-enabled.patch
deleted file mode 100644
index dbd4233..0000000
--- a/debian/patches/features/all/kpti/kpti-report-when-enabled.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From keescook at chromium.org Wed Jan 3 20:48:07 2018
-From: Kees Cook <keescook at chromium.org>
-Date: Wed, 3 Jan 2018 10:18:01 -0800
-Subject: KPTI: Report when enabled
-To: Greg KH <gregkh at linuxfoundation.org>
-Message-ID: <20180103181801.GA33383 at beast>
-Content-Disposition: inline
-
-From: Kees Cook <keescook at chromium.org>
-
-Make sure dmesg reports when KPTI is enabled.
-
-Signed-off-by: Kees Cook <keescook at chromium.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/mm/kaiser.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -10,6 +10,9 @@
- #include <linux/mm.h>
- #include <linux/uaccess.h>
-
-+#undef pr_fmt
-+#define pr_fmt(fmt) "Kernel/User page tables isolation: " fmt
-+
- #include <asm/kaiser.h>
- #include <asm/tlbflush.h> /* to verify its kaiser declarations */
- #include <asm/pgtable.h>
-@@ -292,7 +295,7 @@ enable:
- return;
-
- disable:
-- pr_info("Kernel/User page tables isolation: disabled\n");
-+ pr_info("disabled\n");
-
- silent_disable:
- kaiser_enabled = 0;
-@@ -352,6 +355,8 @@ void __init kaiser_init(void)
- kaiser_add_user_map_early(&debug_idt_table,
- sizeof(gate_desc) * NR_VECTORS,
- __PAGE_KERNEL);
-+
-+ pr_info("enabled\n");
- }
-
- /* Add a mapping to the shadow mapping, and synchronize the mappings */
diff --git a/debian/patches/features/all/kpti/x86-boot-add-early-cmdline-parsing-for-options-with-arguments.patch b/debian/patches/features/all/kpti/x86-boot-add-early-cmdline-parsing-for-options-with-arguments.patch
deleted file mode 100644
index bb7c7d3..0000000
--- a/debian/patches/features/all/kpti/x86-boot-add-early-cmdline-parsing-for-options-with-arguments.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-From e505371dd83963caae1a37ead9524e8d997341be Mon Sep 17 00:00:00 2001
-From: Tom Lendacky <thomas.lendacky at amd.com>
-Date: Mon, 17 Jul 2017 16:10:33 -0500
-Subject: x86/boot: Add early cmdline parsing for options with arguments
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Tom Lendacky <thomas.lendacky at amd.com>
-
-commit e505371dd83963caae1a37ead9524e8d997341be upstream.
-
-Add a cmdline_find_option() function to look for cmdline options that
-take arguments. The argument is returned in a supplied buffer and the
-argument length (regardless of whether it fits in the supplied buffer)
-is returned, with -1 indicating not found.
-
-Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com>
-Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: Alexander Potapenko <glider at google.com>
-Cc: Andrey Ryabinin <aryabinin at virtuozzo.com>
-Cc: Andy Lutomirski <luto at kernel.org>
-Cc: Arnd Bergmann <arnd at arndb.de>
-Cc: Borislav Petkov <bp at alien8.de>
-Cc: Brijesh Singh <brijesh.singh at amd.com>
-Cc: Dave Young <dyoung at redhat.com>
-Cc: Dmitry Vyukov <dvyukov at google.com>
-Cc: Jonathan Corbet <corbet at lwn.net>
-Cc: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
-Cc: Larry Woodman <lwoodman at redhat.com>
-Cc: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Matt Fleming <matt at codeblueprint.co.uk>
-Cc: Michael S. Tsirkin <mst at redhat.com>
-Cc: Paolo Bonzini <pbonzini at redhat.com>
-Cc: Peter Zijlstra <peterz at infradead.org>
-Cc: Radim Krčmář <rkrcmar at redhat.com>
-Cc: Rik van Riel <riel at redhat.com>
-Cc: Toshimitsu Kani <toshi.kani at hpe.com>
-Cc: kasan-dev at googlegroups.com
-Cc: kvm at vger.kernel.org
-Cc: linux-arch at vger.kernel.org
-Cc: linux-doc at vger.kernel.org
-Cc: linux-efi at vger.kernel.org
-Cc: linux-mm at kvack.org
-Link: http://lkml.kernel.org/r/36b5f97492a9745dce27682305f990fc20e5cf8a.1500319216.git.thomas.lendacky@amd.com
-Signed-off-by: Ingo Molnar <mingo at kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
-
----
- arch/x86/include/asm/cmdline.h | 2
- arch/x86/lib/cmdline.c | 105 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 107 insertions(+)
-
---- a/arch/x86/include/asm/cmdline.h
-+++ b/arch/x86/include/asm/cmdline.h
-@@ -2,5 +2,7 @@
- #define _ASM_X86_CMDLINE_H
-
- int cmdline_find_option_bool(const char *cmdline_ptr, const char *option);
-+int cmdline_find_option(const char *cmdline_ptr, const char *option,
-+ char *buffer, int bufsize);
-
- #endif /* _ASM_X86_CMDLINE_H */
---- a/arch/x86/lib/cmdline.c
-+++ b/arch/x86/lib/cmdline.c
-@@ -104,7 +104,112 @@ __cmdline_find_option_bool(const char *c
- return 0; /* Buffer overrun */
- }
-
-+/*
-+ * Find a non-boolean option (i.e. option=argument). In accordance with
-+ * standard Linux practice, if this option is repeated, this returns the
-+ * last instance on the command line.
-+ *
-+ * @cmdline: the cmdline string
-+ * @max_cmdline_size: the maximum size of cmdline
-+ * @option: option string to look for
-+ * @buffer: memory buffer to return the option argument
-+ * @bufsize: size of the supplied memory buffer
-+ *
-+ * Returns the length of the argument (regardless of if it was
-+ * truncated to fit in the buffer), or -1 on not found.
-+ */
-+static int
-+__cmdline_find_option(const char *cmdline, int max_cmdline_size,
-+ const char *option, char *buffer, int bufsize)
-+{
-+ char c;
-+ int pos = 0, len = -1;
-+ const char *opptr = NULL;
-+ char *bufptr = buffer;
-+ enum {
-+ st_wordstart = 0, /* Start of word/after whitespace */
-+ st_wordcmp, /* Comparing this word */
-+ st_wordskip, /* Miscompare, skip */
-+ st_bufcpy, /* Copying this to buffer */
-+ } state = st_wordstart;
-+
-+ if (!cmdline)
-+ return -1; /* No command line */
-+
-+ /*
-+ * This 'pos' check ensures we do not overrun
-+ * a non-NULL-terminated 'cmdline'
-+ */
-+ while (pos++ < max_cmdline_size) {
-+ c = *(char *)cmdline++;
-+ if (!c)
-+ break;
-+
-+ switch (state) {
-+ case st_wordstart:
-+ if (myisspace(c))
-+ break;
-+
-+ state = st_wordcmp;
-+ opptr = option;
-+ /* fall through */
-+
-+ case st_wordcmp:
-+ if ((c == '=') && !*opptr) {
-+ /*
-+ * We matched all the way to the end of the
-+ * option we were looking for, prepare to
-+ * copy the argument.
-+ */
-+ len = 0;
-+ bufptr = buffer;
-+ state = st_bufcpy;
-+ break;
-+ } else if (c == *opptr++) {
-+ /*
-+ * We are currently matching, so continue
-+ * to the next character on the cmdline.
-+ */
-+ break;
-+ }
-+ state = st_wordskip;
-+ /* fall through */
-+
-+ case st_wordskip:
-+ if (myisspace(c))
-+ state = st_wordstart;
-+ break;
-+
-+ case st_bufcpy:
-+ if (myisspace(c)) {
-+ state = st_wordstart;
-+ } else {
-+ /*
-+ * Increment len, but don't overrun the
-+ * supplied buffer and leave room for the
-+ * NULL terminator.
-+ */
-+ if (++len < bufsize)
-+ *bufptr++ = c;
-+ }
-+ break;
-+ }
-+ }
-+
-+ if (bufsize)
-+ *bufptr = '\0';
-+
-+ return len;
-+}
-+
- int cmdline_find_option_bool(const char *cmdline, const char *option)
- {
- return __cmdline_find_option_bool(cmdline, COMMAND_LINE_SIZE, option);
- }
-+
-+int cmdline_find_option(const char *cmdline, const char *option, char *buffer,
-+ int bufsize)
-+{
-+ return __cmdline_find_option(cmdline, COMMAND_LINE_SIZE, option,
-+ buffer, bufsize);
-+}
diff --git a/debian/patches/features/all/kpti/x86-kaiser-check-boottime-cmdline-params.patch b/debian/patches/features/all/kpti/x86-kaiser-check-boottime-cmdline-params.patch
deleted file mode 100644
index 3476e16..0000000
--- a/debian/patches/features/all/kpti/x86-kaiser-check-boottime-cmdline-params.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Borislav Petkov <bp at suse.de>
-Date: Tue, 2 Jan 2018 14:19:48 +0100
-Subject: x86/kaiser: Check boottime cmdline params
-
-From: Borislav Petkov <bp at suse.de>
-
-
-AMD (and possibly other vendors) are not affected by the leak
-KAISER is protecting against.
-
-Keep the "nopti" for traditional reasons and add pti=<on|off|auto>
-like upstream.
-
-Signed-off-by: Borislav Petkov <bp at suse.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- Documentation/kernel-parameters.txt | 6 +++
- arch/x86/mm/kaiser.c | 59 +++++++++++++++++++++++++-----------
- 2 files changed, 47 insertions(+), 18 deletions(-)
-
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -3327,6 +3327,12 @@ bytes respectively. Such letter suffixes
- pt. [PARIDE]
- See Documentation/blockdev/paride.txt.
-
-+ pti= [X86_64]
-+ Control KAISER user/kernel address space isolation:
-+ on - enable
-+ off - disable
-+ auto - default setting
-+
- pty.legacy_count=
- [KNL] Number of legacy pty's. Overwrites compiled-in
- default number.
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -15,6 +15,7 @@
- #include <asm/pgtable.h>
- #include <asm/pgalloc.h>
- #include <asm/desc.h>
-+#include <asm/cmdline.h>
-
- int kaiser_enabled __read_mostly = 1;
- EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */
-@@ -263,6 +264,43 @@ static void __init kaiser_init_all_pgds(
- WARN_ON(__ret); \
- } while (0)
-
-+void __init kaiser_check_boottime_disable(void)
-+{
-+ bool enable = true;
-+ char arg[5];
-+ int ret;
-+
-+ ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
-+ if (ret > 0) {
-+ if (!strncmp(arg, "on", 2))
-+ goto enable;
-+
-+ if (!strncmp(arg, "off", 3))
-+ goto disable;
-+
-+ if (!strncmp(arg, "auto", 4))
-+ goto skip;
-+ }
-+
-+ if (cmdline_find_option_bool(boot_command_line, "nopti"))
-+ goto disable;
-+
-+skip:
-+ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
-+ goto disable;
-+
-+enable:
-+ if (enable)
-+ setup_force_cpu_cap(X86_FEATURE_KAISER);
-+
-+ return;
-+
-+disable:
-+ pr_info("Kernel/User page tables isolation: disabled\n");
-+ kaiser_enabled = 0;
-+ setup_clear_cpu_cap(X86_FEATURE_KAISER);
-+}
-+
- /*
- * If anything in here fails, we will likely die on one of the
- * first kernel->user transitions and init will die. But, we
-@@ -274,12 +312,10 @@ void __init kaiser_init(void)
- {
- int cpu;
-
-- if (!kaiser_enabled) {
-- setup_clear_cpu_cap(X86_FEATURE_KAISER);
-- return;
-- }
-+ kaiser_check_boottime_disable();
-
-- setup_force_cpu_cap(X86_FEATURE_KAISER);
-+ if (!kaiser_enabled)
-+ return;
-
- kaiser_init_all_pgds();
-
-@@ -423,16 +459,3 @@ void kaiser_flush_tlb_on_return_to_user(
- X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
- }
- EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
--
--static int __init x86_nokaiser_setup(char *s)
--{
-- /* nopti doesn't accept parameters */
-- if (s)
-- return -EINVAL;
--
-- kaiser_enabled = 0;
-- pr_info("Kernel/User page tables isolation: disabled\n");
--
-- return 0;
--}
--early_param("nopti", x86_nokaiser_setup);
diff --git a/debian/patches/features/all/kpti/x86-kaiser-move-feature-detection-up.patch b/debian/patches/features/all/kpti/x86-kaiser-move-feature-detection-up.patch
deleted file mode 100644
index 5d61f21..0000000
--- a/debian/patches/features/all/kpti/x86-kaiser-move-feature-detection-up.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Borislav Petkov <bp at suse.de>
-Date: Mon, 25 Dec 2017 13:57:16 +0100
-Subject: x86/kaiser: Move feature detection up
-
-From: Borislav Petkov <bp at suse.de>
-
-
-... before the first use of kaiser_enabled as otherwise funky
-things happen:
-
- about to get started...
- (XEN) d0v0 Unhandled page fault fault/trap [#14, ec=0000]
- (XEN) Pagetable walk from ffff88022a449090:
- (XEN) L4[0x110] = 0000000229e0e067 0000000000001e0e
- (XEN) L3[0x008] = 0000000000000000 ffffffffffffffff
- (XEN) domain_crash_sync called from entry.S: fault at ffff82d08033fd08
- entry.o#create_bounce_frame+0x135/0x14d
- (XEN) Domain 0 (vcpu#0) crashed on cpu#0:
- (XEN) ----[ Xen-4.9.1_02-3.21 x86_64 debug=n Not tainted ]----
- (XEN) CPU: 0
- (XEN) RIP: e033:[<ffffffff81007460>]
- (XEN) RFLAGS: 0000000000000286 EM: 1 CONTEXT: pv guest (d0v0)
-
-Signed-off-by: Borislav Petkov <bp at suse.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/kaiser.h | 2 ++
- arch/x86/kernel/setup.c | 7 +++++++
- arch/x86/mm/kaiser.c | 2 --
- 3 files changed, 9 insertions(+), 2 deletions(-)
-
---- a/arch/x86/include/asm/kaiser.h
-+++ b/arch/x86/include/asm/kaiser.h
-@@ -96,8 +96,10 @@ DECLARE_PER_CPU(unsigned long, x86_cr3_p
- extern char __per_cpu_user_mapped_start[], __per_cpu_user_mapped_end[];
-
- extern int kaiser_enabled;
-+extern void __init kaiser_check_boottime_disable(void);
- #else
- #define kaiser_enabled 0
-+static inline void __init kaiser_check_boottime_disable(void) {}
- #endif /* CONFIG_KAISER */
-
- /*
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -114,6 +114,7 @@
- #include <asm/microcode.h>
- #include <asm/mmu_context.h>
- #include <asm/kaslr.h>
-+#include <asm/kaiser.h>
-
- /*
- * max_low_pfn_mapped: highest direct mapped pfn under 4GB
-@@ -1019,6 +1020,12 @@ void __init setup_arch(char **cmdline_p)
- */
- init_hypervisor_platform();
-
-+ /*
-+ * This needs to happen right after XENPV is set on xen and
-+ * kaiser_enabled is checked below in cleanup_highmap().
-+ */
-+ kaiser_check_boottime_disable();
-+
- x86_init.resources.probe_roms();
-
- /* after parse_early_param, so could debug it */
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -310,8 +310,6 @@ void __init kaiser_init(void)
- {
- int cpu;
-
-- kaiser_check_boottime_disable();
--
- if (!kaiser_enabled)
- return;
-
diff --git a/debian/patches/features/all/kpti/x86-kaiser-reenable-paravirt.patch b/debian/patches/features/all/kpti/x86-kaiser-reenable-paravirt.patch
deleted file mode 100644
index d081b61..0000000
--- a/debian/patches/features/all/kpti/x86-kaiser-reenable-paravirt.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Borislav Petkov <bp at suse.de>
-Date: Tue, 2 Jan 2018 14:19:49 +0100
-Subject: x86/kaiser: Reenable PARAVIRT
-
-From: Borislav Petkov <bp at suse.de>
-
-
-Now that the required bits have been addressed, reenable
-PARAVIRT.
-
-Signed-off-by: Borislav Petkov <bp at suse.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- security/Kconfig | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -34,7 +34,7 @@ config SECURITY
- config KAISER
- bool "Remove the kernel mapping in user mode"
- default y
-- depends on X86_64 && SMP && !PARAVIRT
-+ depends on X86_64 && SMP
- help
- This enforces a strict kernel and user space isolation, in order
- to close hardware side channels on kernel address information.
diff --git a/debian/patches/features/all/kpti/x86-kaiser-rename-and-simplify-x86_feature_kaiser-handling.patch b/debian/patches/features/all/kpti/x86-kaiser-rename-and-simplify-x86_feature_kaiser-handling.patch
deleted file mode 100644
index 804ffac..0000000
--- a/debian/patches/features/all/kpti/x86-kaiser-rename-and-simplify-x86_feature_kaiser-handling.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Borislav Petkov <bp at suse.de>
-Date: Tue, 2 Jan 2018 14:19:48 +0100
-Subject: x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
-
-From: Borislav Petkov <bp at suse.de>
-
-
-Concentrate it in arch/x86/mm/kaiser.c and use the upstream string "nopti".
-
-Signed-off-by: Borislav Petkov <bp at suse.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- Documentation/kernel-parameters.txt | 2 +-
- arch/x86/kernel/cpu/common.c | 18 ------------------
- arch/x86/mm/kaiser.c | 20 +++++++++++++++++++-
- 3 files changed, 20 insertions(+), 20 deletions(-)
-
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -2763,7 +2763,7 @@ bytes respectively. Such letter suffixes
-
- nojitter [IA-64] Disables jitter checking for ITC timers.
-
-- nokaiser [X86-64] Disable KAISER isolation of kernel from user.
-+ nopti [X86-64] Disable KAISER isolation of kernel from user.
-
- no-kvmclock [X86,KVM] Disable paravirtualized KVM clock driver
-
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -179,20 +179,6 @@ static int __init x86_pcid_setup(char *s
- return 1;
- }
- __setup("nopcid", x86_pcid_setup);
--
--static int __init x86_nokaiser_setup(char *s)
--{
-- /* nokaiser doesn't accept parameters */
-- if (s)
-- return -EINVAL;
--#ifdef CONFIG_KAISER
-- kaiser_enabled = 0;
-- setup_clear_cpu_cap(X86_FEATURE_KAISER);
-- pr_info("nokaiser: KAISER feature disabled\n");
--#endif
-- return 0;
--}
--early_param("nokaiser", x86_nokaiser_setup);
- #endif
-
- static int __init x86_noinvpcid_setup(char *s)
-@@ -813,10 +799,6 @@ void get_cpu_cap(struct cpuinfo_x86 *c)
- c->x86_capability[CPUID_8000_000A_EDX] = cpuid_edx(0x8000000a);
-
- init_scattered_cpuid_features(c);
--#ifdef CONFIG_KAISER
-- if (kaiser_enabled)
-- set_cpu_cap(c, X86_FEATURE_KAISER);
--#endif
- }
-
- static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -274,8 +274,13 @@ void __init kaiser_init(void)
- {
- int cpu;
-
-- if (!kaiser_enabled)
-+ if (!kaiser_enabled) {
-+ setup_clear_cpu_cap(X86_FEATURE_KAISER);
- return;
-+ }
-+
-+ setup_force_cpu_cap(X86_FEATURE_KAISER);
-+
- kaiser_init_all_pgds();
-
- for_each_possible_cpu(cpu) {
-@@ -418,3 +423,16 @@ void kaiser_flush_tlb_on_return_to_user(
- X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
- }
- EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
-+
-+static int __init x86_nokaiser_setup(char *s)
-+{
-+ /* nopti doesn't accept parameters */
-+ if (s)
-+ return -EINVAL;
-+
-+ kaiser_enabled = 0;
-+ pr_info("Kernel/User page tables isolation: disabled\n");
-+
-+ return 0;
-+}
-+early_param("nopti", x86_nokaiser_setup);
diff --git a/debian/patches/features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch b/debian/patches/features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch
deleted file mode 100644
index 123ad0f..0000000
--- a/debian/patches/features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 04bdf71d9f7412364e9bae93f321e6bf776cd1d4 Mon Sep 17 00:00:00 2001
-From: Andy Lutomirski <luto at kernel.org>
-Date: Sun, 8 Oct 2017 21:53:05 -0700
-Subject: [PATCH] x86/mm/64: Fix reboot interaction with CR4.PCIDE
-
-commit 924c6b900cfdf376b07bccfd80e62b21914f8a5a upstream.
-
-Trying to reboot via real mode fails with PCID on: long mode cannot
-be exited while CR4.PCIDE is set. (No, I have no idea why, but the
-SDM and actual CPUs are in agreement here.) The result is a GPF and
-a hang instead of a reboot.
-
-I didn't catch this in testing because neither my computer nor my VM
-reboots this way. I can trigger it with reboot=bios, though.
-
-Fixes: 660da7c9228f ("x86/mm: Enable CR4.PCIDE on supported systems")
-Reported-and-tested-by: Steven Rostedt (VMware) <rostedt at goodmis.org>
-Signed-off-by: Andy Lutomirski <luto at kernel.org>
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: Borislav Petkov <bp at alien8.de>
-Link: https://lkml.kernel.org/r/f1e7d965998018450a7a70c2823873686a8b21c0.1507524746.git.luto@kernel.org
-Cc: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/kernel/reboot.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index 067f9813fd2c..ce020a69bba9 100644
---- a/arch/x86/kernel/reboot.c
-+++ b/arch/x86/kernel/reboot.c
-@@ -106,6 +106,10 @@ void __noreturn machine_real_restart(unsigned int type)
- load_cr3(initial_page_table);
- #else
- write_cr3(real_mode_header->trampoline_pgd);
-+
-+ /* Exiting long mode will fail if CR4.PCIDE is set. */
-+ if (static_cpu_has(X86_FEATURE_PCID))
-+ cr4_clear_bits(X86_CR4_PCIDE);
- #endif
-
- /* Jump to the identity-mapped low memory code */
---
-2.15.1
-
diff --git a/debian/patches/features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch b/debian/patches/features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch
deleted file mode 100644
index 1aa7e74..0000000
--- a/debian/patches/features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From e6a29320de005792c06f2deec2c77b19c42d1e6a Mon Sep 17 00:00:00 2001
-From: Andy Lutomirski <luto at kernel.org>
-Date: Thu, 29 Jun 2017 08:53:20 -0700
-Subject: [PATCH] x86/mm: Add the 'nopcid' boot option to turn off PCID
-
-commit 0790c9aad84901ca1bdc14746175549c8b5da215 upstream.
-
-The parameter is only present on x86_64 systems to save a few bytes,
-as PCID is always disabled on x86_32.
-
-Signed-off-by: Andy Lutomirski <luto at kernel.org>
-Reviewed-by: Nadav Amit <nadav.amit at gmail.com>
-Reviewed-by: Borislav Petkov <bp at suse.de>
-Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: Andrew Morton <akpm at linux-foundation.org>
-Cc: Arjan van de Ven <arjan at linux.intel.com>
-Cc: Borislav Petkov <bp at alien8.de>
-Cc: Dave Hansen <dave.hansen at intel.com>
-Cc: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Mel Gorman <mgorman at suse.de>
-Cc: Peter Zijlstra <peterz at infradead.org>
-Cc: Rik van Riel <riel at redhat.com>
-Cc: linux-mm at kvack.org
-Link: http://lkml.kernel.org/r/8bbb2e65bcd249a5f18bfb8128b4689f08ac2b60.1498751203.git.luto@kernel.org
-Signed-off-by: Ingo Molnar <mingo at kernel.org>
-Cc: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- Documentation/kernel-parameters.txt | 2 ++
- arch/x86/kernel/cpu/common.c | 18 ++++++++++++++++++
- 2 files changed, 20 insertions(+)
-
-diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 86a6746f6833..152ec4e87b57 100644
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -2795,6 +2795,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
- nopat [X86] Disable PAT (page attribute table extension of
- pagetables) support.
-
-+ nopcid [X86-64] Disable the PCID cpu feature.
-+
- norandmaps Don't use address space randomization. Equivalent to
- echo 0 > /proc/sys/kernel/randomize_va_space
-
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 4eece91ada37..81c8a535175d 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -163,6 +163,24 @@ static int __init x86_mpx_setup(char *s)
- }
- __setup("nompx", x86_mpx_setup);
-
-+#ifdef CONFIG_X86_64
-+static int __init x86_pcid_setup(char *s)
-+{
-+ /* require an exact match without trailing characters */
-+ if (strlen(s))
-+ return 0;
-+
-+ /* do not emit a message if the feature is not present */
-+ if (!boot_cpu_has(X86_FEATURE_PCID))
-+ return 1;
-+
-+ setup_clear_cpu_cap(X86_FEATURE_PCID);
-+ pr_info("nopcid: PCID feature disabled\n");
-+ return 1;
-+}
-+__setup("nopcid", x86_pcid_setup);
-+#endif
-+
- static int __init x86_noinvpcid_setup(char *s)
- {
- /* noinvpcid doesn't accept parameters */
---
-2.15.1
-
diff --git a/debian/patches/features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch b/debian/patches/features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch
deleted file mode 100644
index 2cefbc2..0000000
--- a/debian/patches/features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 1e7f3d8875ee92983bd754982af7f4f044dd057d Mon Sep 17 00:00:00 2001
-From: Andy Lutomirski <luto at kernel.org>
-Date: Thu, 29 Jun 2017 08:53:19 -0700
-Subject: [PATCH] x86/mm: Disable PCID on 32-bit kernels
-
-commit cba4671af7550e008f7a7835f06df0763825bf3e upstream.
-
-32-bit kernels on new hardware will see PCID in CPUID, but PCID can
-only be used in 64-bit mode. Rather than making all PCID code
-conditional, just disable the feature on 32-bit builds.
-
-Signed-off-by: Andy Lutomirski <luto at kernel.org>
-Reviewed-by: Nadav Amit <nadav.amit at gmail.com>
-Reviewed-by: Borislav Petkov <bp at suse.de>
-Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: Andrew Morton <akpm at linux-foundation.org>
-Cc: Arjan van de Ven <arjan at linux.intel.com>
-Cc: Borislav Petkov <bp at alien8.de>
-Cc: Dave Hansen <dave.hansen at intel.com>
-Cc: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Mel Gorman <mgorman at suse.de>
-Cc: Peter Zijlstra <peterz at infradead.org>
-Cc: Rik van Riel <riel at redhat.com>
-Cc: linux-mm at kvack.org
-Link: http://lkml.kernel.org/r/2e391769192a4d31b808410c383c6bf0734bc6ea.1498751203.git.luto@kernel.org
-Signed-off-by: Ingo Molnar <mingo at kernel.org>
-Cc: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/disabled-features.h | 4 +++-
- arch/x86/kernel/cpu/bugs.c | 8 ++++++++
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
-index 85599ad4d024..21c5ac15657b 100644
---- a/arch/x86/include/asm/disabled-features.h
-+++ b/arch/x86/include/asm/disabled-features.h
-@@ -21,11 +21,13 @@
- # define DISABLE_K6_MTRR (1<<(X86_FEATURE_K6_MTRR & 31))
- # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31))
- # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31))
-+# define DISABLE_PCID 0
- #else
- # define DISABLE_VME 0
- # define DISABLE_K6_MTRR 0
- # define DISABLE_CYRIX_ARR 0
- # define DISABLE_CENTAUR_MCR 0
-+# define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31))
- #endif /* CONFIG_X86_64 */
-
- #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
-@@ -43,7 +45,7 @@
- #define DISABLED_MASK1 0
- #define DISABLED_MASK2 0
- #define DISABLED_MASK3 (DISABLE_CYRIX_ARR|DISABLE_CENTAUR_MCR|DISABLE_K6_MTRR)
--#define DISABLED_MASK4 0
-+#define DISABLED_MASK4 (DISABLE_PCID)
- #define DISABLED_MASK5 0
- #define DISABLED_MASK6 0
- #define DISABLED_MASK7 0
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index bd17db15a2c1..0b6124315441 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -19,6 +19,14 @@
-
- void __init check_bugs(void)
- {
-+#ifdef CONFIG_X86_32
-+ /*
-+ * Regardless of whether PCID is enumerated, the SDM says
-+ * that it can't be enabled in 32-bit mode.
-+ */
-+ setup_clear_cpu_cap(X86_FEATURE_PCID);
-+#endif
-+
- identify_boot_cpu();
- #ifndef CONFIG_SMP
- pr_info("CPU: ");
---
-2.15.1
-
diff --git a/debian/patches/features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch b/debian/patches/features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch
deleted file mode 100644
index dc5f904..0000000
--- a/debian/patches/features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From b52f937eccd4c68000ba80cd03609bcf1f97c141 Mon Sep 17 00:00:00 2001
-From: Andy Lutomirski <luto at kernel.org>
-Date: Thu, 29 Jun 2017 08:53:21 -0700
-Subject: [PATCH] x86/mm: Enable CR4.PCIDE on supported systems
-
-commit 660da7c9228f685b2ebe664f9fd69aaddcc420b5 upstream.
-
-We can use PCID if the CPU has PCID and PGE and we're not on Xen.
-
-By itself, this has no effect. A followup patch will start using PCID.
-
-Signed-off-by: Andy Lutomirski <luto at kernel.org>
-Reviewed-by: Nadav Amit <nadav.amit at gmail.com>
-Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
-Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: Andrew Morton <akpm at linux-foundation.org>
-Cc: Arjan van de Ven <arjan at linux.intel.com>
-Cc: Borislav Petkov <bp at alien8.de>
-Cc: Dave Hansen <dave.hansen at intel.com>
-Cc: Juergen Gross <jgross at suse.com>
-Cc: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Mel Gorman <mgorman at suse.de>
-Cc: Peter Zijlstra <peterz at infradead.org>
-Cc: Rik van Riel <riel at redhat.com>
-Cc: linux-mm at kvack.org
-Link: http://lkml.kernel.org/r/6327ecd907b32f79d5aa0d466f04503bbec5df88.1498751203.git.luto@kernel.org
-Signed-off-by: Ingo Molnar <mingo at kernel.org>
-Cc: Hugh Dickins <hughd at google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/include/asm/tlbflush.h | 8 ++++++++
- arch/x86/kernel/cpu/common.c | 22 ++++++++++++++++++++++
- arch/x86/xen/enlighten.c | 6 ++++++
- 3 files changed, 36 insertions(+)
-
-diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 12dedd6c9e42..7d2ea6b1f7d9 100644
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -191,6 +191,14 @@ static inline void __flush_tlb_all(void)
- __flush_tlb_global();
- else
- __flush_tlb();
-+
-+ /*
-+ * Note: if we somehow had PCID but not PGE, then this wouldn't work --
-+ * we'd end up flushing kernel translations for the current ASID but
-+ * we might fail to flush kernel translations for other cached ASIDs.
-+ *
-+ * To avoid this issue, we force PCID off if PGE is off.
-+ */
- }
-
- static inline void __flush_tlb_one(unsigned long addr)
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 81c8a535175d..91588be529b9 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -324,6 +324,25 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
- }
- }
-
-+static void setup_pcid(struct cpuinfo_x86 *c)
-+{
-+ if (cpu_has(c, X86_FEATURE_PCID)) {
-+ if (cpu_has(c, X86_FEATURE_PGE)) {
-+ cr4_set_bits(X86_CR4_PCIDE);
-+ } else {
-+ /*
-+ * flush_tlb_all(), as currently implemented, won't
-+ * work if PCID is on but PGE is not. Since that
-+ * combination doesn't exist on real hardware, there's
-+ * no reason to try to fully support it, but it's
-+ * polite to avoid corrupting data if we're on
-+ * an improperly configured VM.
-+ */
-+ clear_cpu_cap(c, X86_FEATURE_PCID);
-+ }
-+ }
-+}
-+
- /*
- * Protection Keys are not available in 32-bit mode.
- */
-@@ -1082,6 +1101,9 @@ static void identify_cpu(struct cpuinfo_x86 *c)
- setup_smep(c);
- setup_smap(c);
-
-+ /* Set up PCID */
-+ setup_pcid(c);
-+
- /*
- * The vendor-specific functions might have changed features.
- * Now we do "generic changes."
-diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 8f1f7efa848c..2bea87cc0ff2 100644
---- a/arch/x86/xen/enlighten.c
-+++ b/arch/x86/xen/enlighten.c
-@@ -444,6 +444,12 @@ static void __init xen_init_cpuid_mask(void)
- ~((1 << X86_FEATURE_MTRR) | /* disable MTRR */
- (1 << X86_FEATURE_ACC)); /* thermal monitoring */
-
-+ /*
-+ * Xen PV would need some work to support PCID: CR3 handling as well
-+ * as xen_flush_tlb_others() would need updating.
-+ */
-+ cpuid_leaf1_ecx_mask &= ~(1 << (X86_FEATURE_PCID % 32)); /* disable PCID */
-+
- if (!xen_initial_domain())
- cpuid_leaf1_edx_mask &=
- ~((1 << X86_FEATURE_ACPI)); /* disable ACPI */
---
-2.15.1
-
diff --git a/debian/patches/features/all/kpti/x86-paravirt-dont-patch-flush_tlb_single.patch b/debian/patches/features/all/kpti/x86-paravirt-dont-patch-flush_tlb_single.patch
deleted file mode 100644
index 26b3eb3..0000000
--- a/debian/patches/features/all/kpti/x86-paravirt-dont-patch-flush_tlb_single.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From foo at baz Wed Jan 3 20:37:21 CET 2018
-From: Thomas Gleixner <tglx at linutronix.de>
-Date: Mon, 4 Dec 2017 15:07:30 +0100
-Subject: x86/paravirt: Dont patch flush_tlb_single
-
-From: Thomas Gleixner <tglx at linutronix.de>
-
-
-commit a035795499ca1c2bd1928808d1a156eda1420383 upstream
-
-native_flush_tlb_single() will be changed with the upcoming
-PAGE_TABLE_ISOLATION feature. This requires to have more code in
-there than INVLPG.
-
-Remove the paravirt patching for it.
-
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Reviewed-by: Josh Poimboeuf <jpoimboe at redhat.com>
-Reviewed-by: Juergen Gross <jgross at suse.com>
-Acked-by: Peter Zijlstra <peterz at infradead.org>
-Cc: Andy Lutomirski <luto at kernel.org>
-Cc: Boris Ostrovsky <boris.ostrovsky at oracle.com>
-Cc: Borislav Petkov <bp at alien8.de>
-Cc: Borislav Petkov <bpetkov at suse.de>
-Cc: Brian Gerst <brgerst at gmail.com>
-Cc: Dave Hansen <dave.hansen at intel.com>
-Cc: Dave Hansen <dave.hansen at linux.intel.com>
-Cc: David Laight <David.Laight at aculab.com>
-Cc: Denys Vlasenko <dvlasenk at redhat.com>
-Cc: Eduardo Valentin <eduval at amazon.com>
-Cc: Greg KH <gregkh at linuxfoundation.org>
-Cc: H. Peter Anvin <hpa at zytor.com>
-Cc: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Rik van Riel <riel at redhat.com>
-Cc: Will Deacon <will.deacon at arm.com>
-Cc: aliguori at amazon.com
-Cc: daniel.gruss at iaik.tugraz.at
-Cc: hughd at google.com
-Cc: keescook at google.com
-Cc: linux-mm at kvack.org
-Cc: michael.schwarz at iaik.tugraz.at
-Cc: moritz.lipp at iaik.tugraz.at
-Cc: richard.fellner at student.tugraz.at
-Link: https://lkml.kernel.org/r/20171204150606.828111617@linutronix.de
-Signed-off-by: Ingo Molnar <mingo at kernel.org>
-Acked-by: Borislav Petkov <bp at suse.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- arch/x86/kernel/paravirt_patch_64.c | 2 --
- 1 file changed, 2 deletions(-)
-
---- a/arch/x86/kernel/paravirt_patch_64.c
-+++ b/arch/x86/kernel/paravirt_patch_64.c
-@@ -9,7 +9,6 @@ DEF_NATIVE(pv_irq_ops, save_fl, "pushfq;
- DEF_NATIVE(pv_mmu_ops, read_cr2, "movq %cr2, %rax");
- DEF_NATIVE(pv_mmu_ops, read_cr3, "movq %cr3, %rax");
- DEF_NATIVE(pv_mmu_ops, write_cr3, "movq %rdi, %cr3");
--DEF_NATIVE(pv_mmu_ops, flush_tlb_single, "invlpg (%rdi)");
- DEF_NATIVE(pv_cpu_ops, clts, "clts");
- DEF_NATIVE(pv_cpu_ops, wbinvd, "wbinvd");
-
-@@ -59,7 +58,6 @@ unsigned native_patch(u8 type, u16 clobb
- PATCH_SITE(pv_mmu_ops, read_cr3);
- PATCH_SITE(pv_mmu_ops, write_cr3);
- PATCH_SITE(pv_cpu_ops, clts);
-- PATCH_SITE(pv_mmu_ops, flush_tlb_single);
- PATCH_SITE(pv_cpu_ops, wbinvd);
- #if defined(CONFIG_PARAVIRT_SPINLOCKS)
- case PARAVIRT_PATCH(pv_lock_ops.queued_spin_unlock):
diff --git a/debian/patches/series b/debian/patches/series
index aeef684..e652444 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -176,51 +176,6 @@ bugfix/all/liblockdep-fix-unused-value-warnings.patch
bugfix/all/liblockdep-fix-set-but-not-used-warnings.patch
bugfix/all/liblockdep-fix-defined-but-not-used-warning-for-init.patch
-# Setup PCID, prepare for KPTI
-features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch
-features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch
-features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch
-features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch
-
-# Kernel Page Table Isolation
-features/all/kpti/x86-boot-add-early-cmdline-parsing-for-options-with-arguments.patch
-features/all/kpti/kaiser-kernel-address-isolation.patch
-features/all/kpti/kaiser-merged-update.patch
-features/all/kpti/kaiser-do-not-set-_page_nx-on-pgd_none.patch
-features/all/kpti/kaiser-stack-map-page_size-at-thread_size-page_size.patch
-features/all/kpti/kaiser-fix-build-and-fixme-in-alloc_ldt_struct.patch
-features/all/kpti/kaiser-kaiser-depends-on-smp.patch
-features/all/kpti/kaiser-fix-regs-to-do_nmi-ifndef-config_kaiser.patch
-features/all/kpti/kaiser-fix-perf-crashes.patch
-features/all/kpti/kaiser-enomem-if-kaiser_pagetable_walk-null.patch
-features/all/kpti/kaiser-tidied-up-asm-kaiser.h-somewhat.patch
-features/all/kpti/kaiser-tidied-up-kaiser_add-remove_mapping-slightly.patch
-features/all/kpti/kaiser-align-addition-to-x86-mm-makefile.patch
-features/all/kpti/kaiser-cleanups-while-trying-for-gold-link.patch
-features/all/kpti/kaiser-name-that-0x1000-kaiser_shadow_pgd_offset.patch
-features/all/kpti/kaiser-delete-kaiser_real_switch-option.patch
-features/all/kpti/kaiser-vmstat-show-nr_kaisertable-as-nr_overhead.patch
-features/all/kpti/kaiser-enhanced-by-kernel-and-user-pcids.patch
-features/all/kpti/kaiser-load_new_mm_cr3-let-switch_user_cr3-flush-user.patch
-features/all/kpti/kaiser-pcid-0-for-kernel-and-128-for-user.patch
-features/all/kpti/kaiser-x86_cr3_pcid_noflush-and-x86_cr3_pcid_user.patch
-features/all/kpti/kaiser-paranoid_entry-pass-cr3-need-to-paranoid_exit.patch
-features/all/kpti/kaiser-kaiser_remove_mapping-move-along-the-pgd.patch
-features/all/kpti/kaiser-fix-unlikely-error-in-alloc_ldt_struct.patch
-features/all/kpti/kaiser-add-nokaiser-boot-option-using-alternative.patch
-features/all/kpti/x86-kaiser-rename-and-simplify-x86_feature_kaiser-handling.patch
-features/all/kpti/x86-kaiser-check-boottime-cmdline-params.patch
-features/all/kpti/kaiser-use-alternative-instead-of-x86_cr3_pcid_noflush.patch
-features/all/kpti/kaiser-drop-is_atomic-arg-to-kaiser_pagetable_walk.patch
-features/all/kpti/kaiser-asm-tlbflush.h-handle-nopge-at-lower-level.patch
-features/all/kpti/kaiser-kaiser_flush_tlb_on_return_to_user-check-pcid.patch
-features/all/kpti/x86-paravirt-dont-patch-flush_tlb_single.patch
-features/all/kpti/x86-kaiser-reenable-paravirt.patch
-features/all/kpti/kaiser-disabled-on-xen-pv.patch
-features/all/kpti/x86-kaiser-move-feature-detection-up.patch
-features/all/kpti/kpti-rename-to-page_table_isolation.patch
-features/all/kpti/kpti-report-when-enabled.patch
-
# ABI maintenance
debian/ip6_fib-avoid-abi-change-in-4.9.51.patch
debian/inet_frag-limit-abi-change-in-4.9.51.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list