Message ID | 20180307093942.GA14146@harukaze |
---|---|
State | New |
Headers | show |
Series | [Artful/master-next,v2] KPTI arm64 4.14 backport + Cavium ThunderX fix | expand |
On 03/07/18 10:39, Paolo Pisati wrote: > This a backport of the full KPTI arm64 stack from stable/linux-4.14.y, and it > covers all 3 variants (Variant 1 - CVE-2017-5753, Variant 2 - CVE-2017-5715 > and Variant 3 - CVE-2017-5754). > > All patches were cherry-picked (and have the corresponding sha) and applied > cleanly, except for: > > UBUNTU: SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 > logic > > that is a hot fix we developed to deal with LP1750067 > > and > > arm64: Add missing Falkor part number for branch predictor hardening > > that came from Linux 4.16-rc2 (but it still applied fine) > > and > > arm64: mm: fix thinko in non-global page table attribute check > > that came from 4.16-rc3. > > Compared to the original v1 pull req[*], this one has two more commits: > > 1) syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check > > to fix a FTBFS for armhf > > 2) arm64: mm: fix thinko in non-global page table attribute check > > to fix a kvm bootloop issue on hisilicon db05 > > *: > http://ubuntu.5.x6.nabble.com/Artful-master-next-KPTI-arm64-4-14-backport-Cavium-ThunderX-fix-td5164637.html > > BugLink: https://launchpad.net/bugs/1749040 > BugLink: https://launchpad.net/bugs/1749776 > BugLink: https://launchpad.net/bugs/1750067 > > The following changes since commit a63b2739e97d1f17f279723bb9315dc1c705014a: > > UBUNTU: Start new release (2018-02-22 11:20:48 +0000) > > are available in the git repository at: > > git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 430c0bd9c8271f97593144198a6b5a0d3189c673 > > for you to fetch changes up to 430c0bd9c8271f97593144198a6b5a0d3189c673: > > arm64: mm: fix thinko in non-global page table attribute check (2018-03-07 10:20:13 +0100) > > ---------------------------------------------------------------- > Ard Biesheuvel (6): > arm64: unwind: disregard frame.sp when validating frame pointer > arm64: unwind: reference pt_regs via embedded stack frame > arm64: unwind: remove sp from struct stackframe > arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP > arm64: assembler: allow adr_this_cpu to use the stack pointer > arm64: mm: fix thinko in non-global page table attribute check > > Arnd Bergmann (1): > arm64: fix pmem interface definition > > Arvind Yadav (1): > KVM: arm/arm64: vgic: constify seq_operations and file_operations > > Catalin Marinas (6): > arm64: Convert pte handling from inline asm to using (cmp)xchg > kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() > arm64: Move PTE_RDONLY bit handling out of set_pte_at() > arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() > arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths > arm64: kpti: Fix the interaction between ASID switching and software PAN > > Christoffer Dall (2): > KVM: arm/arm64: Extract GICv3 max APRn index calculation > KVM: arm/arm64: Support uaccess of GICC_APRn > > Dave Martin (1): > arm64: syscallno is secretly an int, make it official > > Dmitry Safonov (1): > arm64/vdso: Support mremap() for vDSO > > James Morse (2): > KVM: arm/arm64: Fix guest external abort matching > arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early > > Jayachandran C (3): > arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs > arm64: Turn on KPTI only on CPUs that need it > arm64: Branch predictor hardening for Cavium ThunderX2 > > Jiri Slaby (1): > futex: Remove duplicated code and fix undefined behaviour > > Kevin Brodsky (1): > arm64: compat: Remove leftover variable declaration > > Marc Zyngier (22): > KVM: arm/arm64: vITS: Drop its_ite->lpi field > arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls > arm64: Force KPTI to be disabled on Cavium ThunderX > arm64: Move post_ttbr_update_workaround to C code > arm64: Move BP hardening to check_and_switch_context > arm64: KVM: Use per-CPU vector when BP hardening is enabled > arm64: KVM: Increment PC after handling an SMC trap > arm/arm64: KVM: Consolidate the PSCI include files > arm/arm64: KVM: Add PSCI_VERSION helper > arm/arm64: KVM: Add smccc accessors to PSCI code > arm/arm64: KVM: Implement PSCI 1.0 support > arm/arm64: KVM: Advertise SMCCC v1.1 > arm64: KVM: Make PSCI_VERSION a fast path > arm/arm64: KVM: Turn kvm_psci_version into a static inline > arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support > arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling > firmware/psci: Expose PSCI conduit > firmware/psci: Expose SMCCC version through psci_ops > arm/arm64: smccc: Make function identifiers an unsigned quantity > arm/arm64: smccc: Implement SMCCC v1.1 inline primitive > arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support > arm64: Kill PSCI_GET_VERSION as a variant-2 workaround > > Mark Rutland (16): > arm64: Add ASM_BUG() > arm64: consistently use bl for C exception entry > arm64: move non-entry code out of .entry.text > arm64: unwind: avoid percpu indirection for irq stack > fork: allow arch-override of VMAP stack alignment > arm64: factor out PAGE_* and CONT_* definitions > arm64: clean up THREAD_* definitions > arm64: clean up irq stack definitions > arm64: move SEGMENT_ALIGN to <asm/memory.h> > efi/arm64: add EFI_KIMG_ALIGN > arm64: factor out entry stack manipulation > arm64: use an irq stack pointer > arm64: add basic VMAP_STACK support > arm64: add on_accessible_stack() > arm64: add VMAP_STACK overflow detection > arm64: Use larger stacks when KASAN is selected > > Paolo Pisati (2): > UBUNTU: [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y > UBUNTU: SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic > > Robin Murphy (10): > arm64: mm: Fix set_memory_valid() declaration > arm64: Convert __inval_cache_range() to area-based > arm64: Expose DC CVAP to userspace > arm64: Handle trapped DC CVAP > arm64: Implement pmem API support > arm64: uaccess: Implement *_flushcache variants > arm64: uaccess: Add the uaccess_flushcache.c file > arm64: Implement array_index_mask_nospec() > arm64: Make USER_DS an inclusive limit > arm64: Use pointer masking to limit uaccess speculation > > Shanker Donthineni (3): > arm64: Define cputype macros for Falkor CPU > arm64: Implement branch predictor hardening for Falkor > arm64: Add missing Falkor part number for branch predictor hardening > > Stephen Boyd (1): > arm64: cpu_errata: Add Kryo to Falkor 1003 errata > > Suzuki K Poulose (2): > arm64: capabilities: Handle duplicate entries for a capability > arm64: Run enable method for errata work arounds on late CPUs > > Thomas Garnier (7): > x86/syscalls: Check address limit on user-mode return > arm/syscalls: Check address limit on user-mode return > arm64/syscalls: Check address limit on user-mode return > Revert "arm/syscalls: Check address limit on user-mode return" > syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check > arm/syscalls: Optimize address limit check > arm64/syscalls: Move address limit check in loop > > Will Deacon (42): > arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm > arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb > arm64: mm: Use non-global mappings for kernel space > arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN > arm64: mm: Move ASID from TTBR0 to TTBR1 > arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 > arm64: mm: Rename post_ttbr0_update_workaround > arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN > arm64: mm: Allocate ASIDs in pairs > arm64: mm: Add arm64_kernel_unmapped_at_el0 helper > arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI > arm64: entry: Add exception trampoline page for exceptions from EL0 > arm64: mm: Map entry trampoline into trampoline and kernel page tables > arm64: entry: Explicitly pass exception level to kernel_ventry macro > arm64: entry: Hook up entry trampoline to exception vectors > arm64: erratum: Work around Falkor erratum #E1003 in trampoline code > arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks > arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 > arm64: kaslr: Put kernel vectors address in separate data page > arm64: use RET instruction for exiting the trampoline > arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 > arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry > arm64: Take into account ID_AA64PFR0_EL1.CSV3 > arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR > arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() > arm64: mm: Permit transitioning from Global to Non-Global without BBM > arm64: kpti: Add ->enable callback to remap swapper using nG mappings > arm64: entry: Reword comment about post_ttbr_update_workaround > arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives > arm64: barrier: Add CSDB macros to control data-value prediction > arm64: entry: Ensure branch through syscall table is bounded under speculation > arm64: uaccess: Prevent speculative use of the current addr_limit > arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user > arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user > arm64: futex: Mask __user pointers prior to dereference > arm64: cpufeature: Pass capability structure to ->enable callback > drivers/firmware: Expose psci_get_version through psci_ops structure > arm64: Add skeleton to harden the branch predictor against aliasing attacks > arm64: entry: Apply BP hardening for high-priority synchronous exceptions > arm64: entry: Apply BP hardening for suspicious interrupts from EL0 > arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 > arm64: Implement branch predictor hardening for affected Cortex-A CPUs > > Yury Norov (3): > arm64: introduce separated bits for mm_context_t flags > arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro > arm64: move TASK_* definitions to <asm/processor.h> > > Documentation/arm64/cpu-feature-registers.txt | 2 + > Documentation/arm64/silicon-errata.txt | 2 +- > Documentation/virtual/kvm/devices/arm-vgic.txt | 5 + > arch/alpha/include/asm/futex.h | 26 +- > arch/arc/include/asm/futex.h | 40 +-- > arch/arm/include/asm/futex.h | 26 +- > arch/arm/include/asm/kvm_arm.h | 1 - > arch/arm/include/asm/kvm_emulate.h | 24 +- > arch/arm/include/asm/kvm_host.h | 6 + > arch/arm/include/asm/kvm_mmu.h | 10 + > arch/arm/include/asm/kvm_psci.h | 27 -- > arch/arm/kernel/entry-common.S | 11 + > arch/arm/kernel/signal.c | 7 + > arch/arm/kvm/handle_exit.c | 4 +- > arch/arm64/Kconfig | 59 +++- > arch/arm64/include/asm/asm-bug.h | 54 +++ > arch/arm64/include/asm/asm-uaccess.h | 36 +- > arch/arm64/include/asm/assembler.h | 82 +++-- > arch/arm64/include/asm/barrier.h | 23 ++ > arch/arm64/include/asm/bug.h | 35 +- > arch/arm64/include/asm/cacheflush.h | 4 +- > arch/arm64/include/asm/cpucaps.h | 6 +- > arch/arm64/include/asm/cputype.h | 11 + > arch/arm64/include/asm/efi.h | 24 +- > arch/arm64/include/asm/elf.h | 2 - > arch/arm64/include/asm/esr.h | 3 +- > arch/arm64/include/asm/fixmap.h | 5 + > arch/arm64/include/asm/futex.h | 33 +- > arch/arm64/include/asm/irq.h | 42 --- > arch/arm64/include/asm/kvm_asm.h | 2 + > arch/arm64/include/asm/kvm_emulate.h | 24 +- > arch/arm64/include/asm/kvm_host.h | 5 + > arch/arm64/include/asm/kvm_mmu.h | 59 +++- > arch/arm64/include/asm/kvm_psci.h | 27 -- > arch/arm64/include/asm/memory.h | 75 +++- > arch/arm64/include/asm/mmu.h | 50 +++ > arch/arm64/include/asm/mmu_context.h | 56 +-- > arch/arm64/include/asm/page-def.h | 34 ++ > arch/arm64/include/asm/page.h | 12 +- > arch/arm64/include/asm/pgtable-hwdef.h | 1 + > arch/arm64/include/asm/pgtable-prot.h | 51 +-- > arch/arm64/include/asm/pgtable.h | 104 +++--- > arch/arm64/include/asm/proc-fns.h | 6 - > arch/arm64/include/asm/processor.h | 28 +- > arch/arm64/include/asm/ptrace.h | 10 +- > arch/arm64/include/asm/signal32.h | 2 - > arch/arm64/include/asm/stacktrace.h | 61 +++- > arch/arm64/include/asm/string.h | 4 + > arch/arm64/include/asm/sysreg.h | 3 + > arch/arm64/include/asm/thread_info.h | 17 +- > arch/arm64/include/asm/tlbflush.h | 16 +- > arch/arm64/include/asm/traps.h | 5 + > arch/arm64/include/asm/uaccess.h | 194 ++++++++--- > arch/arm64/include/uapi/asm/hwcap.h | 1 + > arch/arm64/kernel/Makefile | 4 + > arch/arm64/kernel/arm64ksyms.c | 4 +- > arch/arm64/kernel/asm-offsets.c | 7 +- > arch/arm64/kernel/bpi.S | 83 +++++ > arch/arm64/kernel/cpu-reset.S | 2 +- > arch/arm64/kernel/cpu_errata.c | 248 ++++++++++++- > arch/arm64/kernel/cpufeature.c | 151 ++++++-- > arch/arm64/kernel/cpuinfo.c | 1 + > arch/arm64/kernel/entry.S | 461 +++++++++++++++++++------ > arch/arm64/kernel/head.S | 24 +- > arch/arm64/kernel/hibernate.c | 4 +- > arch/arm64/kernel/irq.c | 40 ++- > arch/arm64/kernel/perf_callchain.c | 1 - > arch/arm64/kernel/probes/uprobes.c | 2 +- > arch/arm64/kernel/process.c | 25 +- > arch/arm64/kernel/ptrace.c | 5 +- > arch/arm64/kernel/return_address.c | 1 - > arch/arm64/kernel/signal.c | 11 +- > arch/arm64/kernel/signal32.c | 2 +- > arch/arm64/kernel/sleep.S | 2 +- > arch/arm64/kernel/smp.c | 2 +- > arch/arm64/kernel/stacktrace.c | 60 +--- > arch/arm64/kernel/time.c | 1 - > arch/arm64/kernel/traps.c | 77 +++-- > arch/arm64/kernel/vdso.c | 15 + > arch/arm64/kernel/vmlinux.lds.S | 40 ++- > arch/arm64/kvm/handle_exit.c | 18 +- > arch/arm64/kvm/hyp/entry.S | 12 + > arch/arm64/kvm/hyp/hyp-entry.S | 20 +- > arch/arm64/kvm/hyp/s2-setup.c | 2 +- > arch/arm64/kvm/hyp/switch.c | 15 +- > arch/arm64/kvm/vgic-sys-reg-v3.c | 23 +- > arch/arm64/lib/Makefile | 2 + > arch/arm64/lib/clear_user.S | 10 +- > arch/arm64/lib/copy_from_user.S | 4 +- > arch/arm64/lib/copy_in_user.S | 9 +- > arch/arm64/lib/copy_to_user.S | 4 +- > arch/arm64/lib/uaccess_flushcache.c | 47 +++ > arch/arm64/mm/cache.S | 41 ++- > arch/arm64/mm/context.c | 48 ++- > arch/arm64/mm/fault.c | 66 ++-- > arch/arm64/mm/flush.c | 16 + > arch/arm64/mm/mmu.c | 37 +- > arch/arm64/mm/proc.S | 223 +++++++++++- > arch/arm64/xen/hypercall.S | 4 +- > arch/frv/include/asm/futex.h | 3 +- > arch/frv/kernel/futex.c | 27 +- > arch/hexagon/include/asm/futex.h | 38 +- > arch/ia64/include/asm/futex.h | 25 +- > arch/microblaze/include/asm/futex.h | 38 +- > arch/mips/include/asm/futex.h | 25 +- > arch/openrisc/include/asm/futex.h | 39 +-- > arch/parisc/include/asm/futex.h | 26 +- > arch/powerpc/include/asm/futex.h | 26 +- > arch/s390/include/asm/futex.h | 23 +- > arch/sh/include/asm/futex.h | 26 +- > arch/sparc/include/asm/futex_64.h | 26 +- > arch/tile/include/asm/futex.h | 40 +-- > arch/x86/entry/common.c | 3 + > arch/x86/include/asm/futex.h | 40 +-- > arch/x86/include/asm/thread_info.h | 5 +- > arch/x86/include/asm/uaccess.h | 7 +- > arch/xtensa/include/asm/futex.h | 27 +- > debian.master/config/arm64/config.common.arm64 | 2 +- > debian.master/config/config.common.ubuntu | 3 + > drivers/firmware/efi/libstub/arm64-stub.c | 6 +- > drivers/firmware/psci.c | 57 ++- > include/asm-generic/futex.h | 50 +-- > include/kvm/arm_psci.h | 51 +++ > include/linux/arm-smccc.h | 165 ++++++++- > include/linux/psci.h | 14 + > include/linux/syscalls.h | 20 ++ > include/linux/thread_info.h | 4 + > include/uapi/linux/psci.h | 3 + > kernel/fork.c | 3 +- > kernel/futex.c | 39 +++ > virt/kvm/arm/arm.c | 10 +- > virt/kvm/arm/mmu.c | 40 +-- > virt/kvm/arm/psci.c | 143 ++++++-- > virt/kvm/arm/vgic/vgic-debug.c | 4 +- > virt/kvm/arm/vgic/vgic-its.c | 10 +- > virt/kvm/arm/vgic/vgic-mmio-v2.c | 47 ++- > virt/kvm/arm/vgic/vgic.h | 16 + > 137 files changed, 3052 insertions(+), 1410 deletions(-) > delete mode 100644 arch/arm/include/asm/kvm_psci.h > create mode 100644 arch/arm64/include/asm/asm-bug.h > delete mode 100644 arch/arm64/include/asm/kvm_psci.h > create mode 100644 arch/arm64/include/asm/page-def.h > create mode 100644 arch/arm64/kernel/bpi.S > create mode 100644 arch/arm64/lib/uaccess_flushcache.c > create mode 100644 include/kvm/arm_psci.h > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
On 03/07/18 10:39, Paolo Pisati wrote: > This a backport of the full KPTI arm64 stack from stable/linux-4.14.y, and it > covers all 3 variants (Variant 1 - CVE-2017-5753, Variant 2 - CVE-2017-5715 > and Variant 3 - CVE-2017-5754). > > All patches were cherry-picked (and have the corresponding sha) and applied > cleanly, except for: > > UBUNTU: SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 > logic > > that is a hot fix we developed to deal with LP1750067 > > and > > arm64: Add missing Falkor part number for branch predictor hardening > > that came from Linux 4.16-rc2 (but it still applied fine) > > and > > arm64: mm: fix thinko in non-global page table attribute check > > that came from 4.16-rc3. > > Compared to the original v1 pull req[*], this one has two more commits: > > 1) syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check > > to fix a FTBFS for armhf > > 2) arm64: mm: fix thinko in non-global page table attribute check > > to fix a kvm bootloop issue on hisilicon db05 > > *: > http://ubuntu.5.x6.nabble.com/Artful-master-next-KPTI-arm64-4-14-backport-Cavium-ThunderX-fix-td5164637.html > > BugLink: https://launchpad.net/bugs/1749040 > BugLink: https://launchpad.net/bugs/1749776 > BugLink: https://launchpad.net/bugs/1750067 > > The following changes since commit a63b2739e97d1f17f279723bb9315dc1c705014a: > > UBUNTU: Start new release (2018-02-22 11:20:48 +0000) > > are available in the git repository at: > > git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 430c0bd9c8271f97593144198a6b5a0d3189c673 > > for you to fetch changes up to 430c0bd9c8271f97593144198a6b5a0d3189c673: > > arm64: mm: fix thinko in non-global page table attribute check (2018-03-07 10:20:13 +0100) > > ---------------------------------------------------------------- > Ard Biesheuvel (6): > arm64: unwind: disregard frame.sp when validating frame pointer > arm64: unwind: reference pt_regs via embedded stack frame > arm64: unwind: remove sp from struct stackframe > arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP > arm64: assembler: allow adr_this_cpu to use the stack pointer > arm64: mm: fix thinko in non-global page table attribute check > > Arnd Bergmann (1): > arm64: fix pmem interface definition > > Arvind Yadav (1): > KVM: arm/arm64: vgic: constify seq_operations and file_operations > > Catalin Marinas (6): > arm64: Convert pte handling from inline asm to using (cmp)xchg > kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() > arm64: Move PTE_RDONLY bit handling out of set_pte_at() > arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() > arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths > arm64: kpti: Fix the interaction between ASID switching and software PAN > > Christoffer Dall (2): > KVM: arm/arm64: Extract GICv3 max APRn index calculation > KVM: arm/arm64: Support uaccess of GICC_APRn > > Dave Martin (1): > arm64: syscallno is secretly an int, make it official > > Dmitry Safonov (1): > arm64/vdso: Support mremap() for vDSO > > James Morse (2): > KVM: arm/arm64: Fix guest external abort matching > arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early > > Jayachandran C (3): > arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs > arm64: Turn on KPTI only on CPUs that need it > arm64: Branch predictor hardening for Cavium ThunderX2 > > Jiri Slaby (1): > futex: Remove duplicated code and fix undefined behaviour > > Kevin Brodsky (1): > arm64: compat: Remove leftover variable declaration > > Marc Zyngier (22): > KVM: arm/arm64: vITS: Drop its_ite->lpi field > arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls > arm64: Force KPTI to be disabled on Cavium ThunderX > arm64: Move post_ttbr_update_workaround to C code > arm64: Move BP hardening to check_and_switch_context > arm64: KVM: Use per-CPU vector when BP hardening is enabled > arm64: KVM: Increment PC after handling an SMC trap > arm/arm64: KVM: Consolidate the PSCI include files > arm/arm64: KVM: Add PSCI_VERSION helper > arm/arm64: KVM: Add smccc accessors to PSCI code > arm/arm64: KVM: Implement PSCI 1.0 support > arm/arm64: KVM: Advertise SMCCC v1.1 > arm64: KVM: Make PSCI_VERSION a fast path > arm/arm64: KVM: Turn kvm_psci_version into a static inline > arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support > arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling > firmware/psci: Expose PSCI conduit > firmware/psci: Expose SMCCC version through psci_ops > arm/arm64: smccc: Make function identifiers an unsigned quantity > arm/arm64: smccc: Implement SMCCC v1.1 inline primitive > arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support > arm64: Kill PSCI_GET_VERSION as a variant-2 workaround > > Mark Rutland (16): > arm64: Add ASM_BUG() > arm64: consistently use bl for C exception entry > arm64: move non-entry code out of .entry.text > arm64: unwind: avoid percpu indirection for irq stack > fork: allow arch-override of VMAP stack alignment > arm64: factor out PAGE_* and CONT_* definitions > arm64: clean up THREAD_* definitions > arm64: clean up irq stack definitions > arm64: move SEGMENT_ALIGN to <asm/memory.h> > efi/arm64: add EFI_KIMG_ALIGN > arm64: factor out entry stack manipulation > arm64: use an irq stack pointer > arm64: add basic VMAP_STACK support > arm64: add on_accessible_stack() > arm64: add VMAP_STACK overflow detection > arm64: Use larger stacks when KASAN is selected > > Paolo Pisati (2): > UBUNTU: [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y > UBUNTU: SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic > > Robin Murphy (10): > arm64: mm: Fix set_memory_valid() declaration > arm64: Convert __inval_cache_range() to area-based > arm64: Expose DC CVAP to userspace > arm64: Handle trapped DC CVAP > arm64: Implement pmem API support > arm64: uaccess: Implement *_flushcache variants > arm64: uaccess: Add the uaccess_flushcache.c file > arm64: Implement array_index_mask_nospec() > arm64: Make USER_DS an inclusive limit > arm64: Use pointer masking to limit uaccess speculation > > Shanker Donthineni (3): > arm64: Define cputype macros for Falkor CPU > arm64: Implement branch predictor hardening for Falkor > arm64: Add missing Falkor part number for branch predictor hardening > > Stephen Boyd (1): > arm64: cpu_errata: Add Kryo to Falkor 1003 errata > > Suzuki K Poulose (2): > arm64: capabilities: Handle duplicate entries for a capability > arm64: Run enable method for errata work arounds on late CPUs > > Thomas Garnier (7): > x86/syscalls: Check address limit on user-mode return > arm/syscalls: Check address limit on user-mode return > arm64/syscalls: Check address limit on user-mode return > Revert "arm/syscalls: Check address limit on user-mode return" > syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check > arm/syscalls: Optimize address limit check > arm64/syscalls: Move address limit check in loop > > Will Deacon (42): > arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm > arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb > arm64: mm: Use non-global mappings for kernel space > arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN > arm64: mm: Move ASID from TTBR0 to TTBR1 > arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 > arm64: mm: Rename post_ttbr0_update_workaround > arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN > arm64: mm: Allocate ASIDs in pairs > arm64: mm: Add arm64_kernel_unmapped_at_el0 helper > arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI > arm64: entry: Add exception trampoline page for exceptions from EL0 > arm64: mm: Map entry trampoline into trampoline and kernel page tables > arm64: entry: Explicitly pass exception level to kernel_ventry macro > arm64: entry: Hook up entry trampoline to exception vectors > arm64: erratum: Work around Falkor erratum #E1003 in trampoline code > arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks > arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 > arm64: kaslr: Put kernel vectors address in separate data page > arm64: use RET instruction for exiting the trampoline > arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 > arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry > arm64: Take into account ID_AA64PFR0_EL1.CSV3 > arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR > arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() > arm64: mm: Permit transitioning from Global to Non-Global without BBM > arm64: kpti: Add ->enable callback to remap swapper using nG mappings > arm64: entry: Reword comment about post_ttbr_update_workaround > arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives > arm64: barrier: Add CSDB macros to control data-value prediction > arm64: entry: Ensure branch through syscall table is bounded under speculation > arm64: uaccess: Prevent speculative use of the current addr_limit > arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user > arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user > arm64: futex: Mask __user pointers prior to dereference > arm64: cpufeature: Pass capability structure to ->enable callback > drivers/firmware: Expose psci_get_version through psci_ops structure > arm64: Add skeleton to harden the branch predictor against aliasing attacks > arm64: entry: Apply BP hardening for high-priority synchronous exceptions > arm64: entry: Apply BP hardening for suspicious interrupts from EL0 > arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 > arm64: Implement branch predictor hardening for affected Cortex-A CPUs > > Yury Norov (3): > arm64: introduce separated bits for mm_context_t flags > arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro > arm64: move TASK_* definitions to <asm/processor.h> > > Documentation/arm64/cpu-feature-registers.txt | 2 + > Documentation/arm64/silicon-errata.txt | 2 +- > Documentation/virtual/kvm/devices/arm-vgic.txt | 5 + > arch/alpha/include/asm/futex.h | 26 +- > arch/arc/include/asm/futex.h | 40 +-- > arch/arm/include/asm/futex.h | 26 +- > arch/arm/include/asm/kvm_arm.h | 1 - > arch/arm/include/asm/kvm_emulate.h | 24 +- > arch/arm/include/asm/kvm_host.h | 6 + > arch/arm/include/asm/kvm_mmu.h | 10 + > arch/arm/include/asm/kvm_psci.h | 27 -- > arch/arm/kernel/entry-common.S | 11 + > arch/arm/kernel/signal.c | 7 + > arch/arm/kvm/handle_exit.c | 4 +- > arch/arm64/Kconfig | 59 +++- > arch/arm64/include/asm/asm-bug.h | 54 +++ > arch/arm64/include/asm/asm-uaccess.h | 36 +- > arch/arm64/include/asm/assembler.h | 82 +++-- > arch/arm64/include/asm/barrier.h | 23 ++ > arch/arm64/include/asm/bug.h | 35 +- > arch/arm64/include/asm/cacheflush.h | 4 +- > arch/arm64/include/asm/cpucaps.h | 6 +- > arch/arm64/include/asm/cputype.h | 11 + > arch/arm64/include/asm/efi.h | 24 +- > arch/arm64/include/asm/elf.h | 2 - > arch/arm64/include/asm/esr.h | 3 +- > arch/arm64/include/asm/fixmap.h | 5 + > arch/arm64/include/asm/futex.h | 33 +- > arch/arm64/include/asm/irq.h | 42 --- > arch/arm64/include/asm/kvm_asm.h | 2 + > arch/arm64/include/asm/kvm_emulate.h | 24 +- > arch/arm64/include/asm/kvm_host.h | 5 + > arch/arm64/include/asm/kvm_mmu.h | 59 +++- > arch/arm64/include/asm/kvm_psci.h | 27 -- > arch/arm64/include/asm/memory.h | 75 +++- > arch/arm64/include/asm/mmu.h | 50 +++ > arch/arm64/include/asm/mmu_context.h | 56 +-- > arch/arm64/include/asm/page-def.h | 34 ++ > arch/arm64/include/asm/page.h | 12 +- > arch/arm64/include/asm/pgtable-hwdef.h | 1 + > arch/arm64/include/asm/pgtable-prot.h | 51 +-- > arch/arm64/include/asm/pgtable.h | 104 +++--- > arch/arm64/include/asm/proc-fns.h | 6 - > arch/arm64/include/asm/processor.h | 28 +- > arch/arm64/include/asm/ptrace.h | 10 +- > arch/arm64/include/asm/signal32.h | 2 - > arch/arm64/include/asm/stacktrace.h | 61 +++- > arch/arm64/include/asm/string.h | 4 + > arch/arm64/include/asm/sysreg.h | 3 + > arch/arm64/include/asm/thread_info.h | 17 +- > arch/arm64/include/asm/tlbflush.h | 16 +- > arch/arm64/include/asm/traps.h | 5 + > arch/arm64/include/asm/uaccess.h | 194 ++++++++--- > arch/arm64/include/uapi/asm/hwcap.h | 1 + > arch/arm64/kernel/Makefile | 4 + > arch/arm64/kernel/arm64ksyms.c | 4 +- > arch/arm64/kernel/asm-offsets.c | 7 +- > arch/arm64/kernel/bpi.S | 83 +++++ > arch/arm64/kernel/cpu-reset.S | 2 +- > arch/arm64/kernel/cpu_errata.c | 248 ++++++++++++- > arch/arm64/kernel/cpufeature.c | 151 ++++++-- > arch/arm64/kernel/cpuinfo.c | 1 + > arch/arm64/kernel/entry.S | 461 +++++++++++++++++++------ > arch/arm64/kernel/head.S | 24 +- > arch/arm64/kernel/hibernate.c | 4 +- > arch/arm64/kernel/irq.c | 40 ++- > arch/arm64/kernel/perf_callchain.c | 1 - > arch/arm64/kernel/probes/uprobes.c | 2 +- > arch/arm64/kernel/process.c | 25 +- > arch/arm64/kernel/ptrace.c | 5 +- > arch/arm64/kernel/return_address.c | 1 - > arch/arm64/kernel/signal.c | 11 +- > arch/arm64/kernel/signal32.c | 2 +- > arch/arm64/kernel/sleep.S | 2 +- > arch/arm64/kernel/smp.c | 2 +- > arch/arm64/kernel/stacktrace.c | 60 +--- > arch/arm64/kernel/time.c | 1 - > arch/arm64/kernel/traps.c | 77 +++-- > arch/arm64/kernel/vdso.c | 15 + > arch/arm64/kernel/vmlinux.lds.S | 40 ++- > arch/arm64/kvm/handle_exit.c | 18 +- > arch/arm64/kvm/hyp/entry.S | 12 + > arch/arm64/kvm/hyp/hyp-entry.S | 20 +- > arch/arm64/kvm/hyp/s2-setup.c | 2 +- > arch/arm64/kvm/hyp/switch.c | 15 +- > arch/arm64/kvm/vgic-sys-reg-v3.c | 23 +- > arch/arm64/lib/Makefile | 2 + > arch/arm64/lib/clear_user.S | 10 +- > arch/arm64/lib/copy_from_user.S | 4 +- > arch/arm64/lib/copy_in_user.S | 9 +- > arch/arm64/lib/copy_to_user.S | 4 +- > arch/arm64/lib/uaccess_flushcache.c | 47 +++ > arch/arm64/mm/cache.S | 41 ++- > arch/arm64/mm/context.c | 48 ++- > arch/arm64/mm/fault.c | 66 ++-- > arch/arm64/mm/flush.c | 16 + > arch/arm64/mm/mmu.c | 37 +- > arch/arm64/mm/proc.S | 223 +++++++++++- > arch/arm64/xen/hypercall.S | 4 +- > arch/frv/include/asm/futex.h | 3 +- > arch/frv/kernel/futex.c | 27 +- > arch/hexagon/include/asm/futex.h | 38 +- > arch/ia64/include/asm/futex.h | 25 +- > arch/microblaze/include/asm/futex.h | 38 +- > arch/mips/include/asm/futex.h | 25 +- > arch/openrisc/include/asm/futex.h | 39 +-- > arch/parisc/include/asm/futex.h | 26 +- > arch/powerpc/include/asm/futex.h | 26 +- > arch/s390/include/asm/futex.h | 23 +- > arch/sh/include/asm/futex.h | 26 +- > arch/sparc/include/asm/futex_64.h | 26 +- > arch/tile/include/asm/futex.h | 40 +-- > arch/x86/entry/common.c | 3 + > arch/x86/include/asm/futex.h | 40 +-- > arch/x86/include/asm/thread_info.h | 5 +- > arch/x86/include/asm/uaccess.h | 7 +- > arch/xtensa/include/asm/futex.h | 27 +- > debian.master/config/arm64/config.common.arm64 | 2 +- > debian.master/config/config.common.ubuntu | 3 + > drivers/firmware/efi/libstub/arm64-stub.c | 6 +- > drivers/firmware/psci.c | 57 ++- > include/asm-generic/futex.h | 50 +-- > include/kvm/arm_psci.h | 51 +++ > include/linux/arm-smccc.h | 165 ++++++++- > include/linux/psci.h | 14 + > include/linux/syscalls.h | 20 ++ > include/linux/thread_info.h | 4 + > include/uapi/linux/psci.h | 3 + > kernel/fork.c | 3 +- > kernel/futex.c | 39 +++ > virt/kvm/arm/arm.c | 10 +- > virt/kvm/arm/mmu.c | 40 +-- > virt/kvm/arm/psci.c | 143 ++++++-- > virt/kvm/arm/vgic/vgic-debug.c | 4 +- > virt/kvm/arm/vgic/vgic-its.c | 10 +- > virt/kvm/arm/vgic/vgic-mmio-v2.c | 47 ++- > virt/kvm/arm/vgic/vgic.h | 16 + > 137 files changed, 3052 insertions(+), 1410 deletions(-) > delete mode 100644 arch/arm/include/asm/kvm_psci.h > create mode 100644 arch/arm64/include/asm/asm-bug.h > delete mode 100644 arch/arm64/include/asm/kvm_psci.h > create mode 100644 arch/arm64/include/asm/page-def.h > create mode 100644 arch/arm64/kernel/bpi.S > create mode 100644 arch/arm64/lib/uaccess_flushcache.c > create mode 100644 include/kvm/arm_psci.h > Applied to artful/master-next branch. Notes: removed the final SOB from the patches, given that the commits from the previous PR was removed from the master-next branch to re-apply v2. Also fixed the missing CVE tags for patch "syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check". Thanks, Kleber