diff -u linux-intel-iotg-5.15.0/Documentation/admin-guide/hw-vuln/spectre.rst linux-intel-iotg-5.15.0/Documentation/admin-guide/hw-vuln/spectre.rst --- linux-intel-iotg-5.15.0/Documentation/admin-guide/hw-vuln/spectre.rst +++ linux-intel-iotg-5.15.0/Documentation/admin-guide/hw-vuln/spectre.rst @@ -138,11 +138,10 @@ the BHB might be shared across privilege levels even in the presence of Enhanced IBRS. -Currently the only known real-world BHB attack vector is via -unprivileged eBPF. Therefore, it's highly recommended to not enable -unprivileged eBPF, especially when eIBRS is used (without retpolines). -For a full mitigation against BHB attacks, it's recommended to use -retpolines (or eIBRS combined with retpolines). +Previously the only known real-world BHB attack vector was via unprivileged +eBPF. Further research has found attacks that don't require unprivileged eBPF. +For a full mitigation against BHB attacks it is recommended to set BHI_DIS_S or +use the BHB clearing sequence. Attack scenarios ---------------- @@ -430,6 +429,23 @@ 'PBRSB-eIBRS: Not affected' CPU is not affected by PBRSB =========================== ======================================================= + - Branch History Injection (BHI) protection status: + +.. list-table:: + + * - BHI: Not affected + - System is not affected + * - BHI: Retpoline + - System is protected by retpoline + * - BHI: BHI_DIS_S + - System is protected by BHI_DIS_S + * - BHI: SW loop; KVM SW loop + - System is protected by software clearing sequence + * - BHI: Syscall hardening + - Syscalls are hardened against BHI + * - BHI: Syscall hardening; KVM: SW loop + - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence + Full mitigation might require a microcode update from the CPU vendor. When the necessary microcode is not available, the kernel will report vulnerability. @@ -484,8 +500,11 @@ Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at boot, by setting the IBRS bit, and they're automatically protected against - Spectre v2 variant attacks, including cross-thread branch target injections - on SMT systems (STIBP). In other words, eIBRS enables STIBP too. + some Spectre v2 variant attacks. The BHB can still influence the choice of + indirect branch predictor entry, and although branch predictor entries are + isolated between modes when eIBRS is enabled, the BHB itself is not isolated + between modes. Systems which support BHI_DIS_S will set it to protect against + BHI attacks. Legacy IBRS systems clear the IBRS bit on exit to userspace and therefore explicitly enable STIBP for that @@ -684,6 +703,24 @@ spectre_v2=off. Spectre variant 1 mitigations cannot be disabled. + spectre_bhi= + + [X86] Control mitigation of Branch History Injection + (BHI) vulnerability. Syscalls are hardened against BHI + regardless of this setting. This setting affects the deployment + of the HW BHI control and the SW BHB clearing sequence. + + on + unconditionally enable. + off + unconditionally disable. + auto + enable if hardware mitigation + control(BHI_DIS_S) is available, otherwise + enable alternate mitigation in KVM. + +For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt + Mitigation selection guide -------------------------- diff -u linux-intel-iotg-5.15.0/Documentation/admin-guide/kernel-parameters.txt linux-intel-iotg-5.15.0/Documentation/admin-guide/kernel-parameters.txt --- linux-intel-iotg-5.15.0/Documentation/admin-guide/kernel-parameters.txt +++ linux-intel-iotg-5.15.0/Documentation/admin-guide/kernel-parameters.txt @@ -5394,6 +5394,18 @@ sonypi.*= [HW] Sony Programmable I/O Control Device driver See Documentation/admin-guide/laptops/sonypi.rst + spectre_bhi= [X86] Control mitigation of Branch History Injection + (BHI) vulnerability. Syscalls are hardened against BHI + reglardless of this setting. This setting affects the + deployment of the HW BHI control and the SW BHB + clearing sequence. + + on - unconditionally enable. + off - unconditionally disable. + auto - (default) enable hardware mitigation + (BHI_DIS_S) if available, otherwise enable + alternate mitigation in KVM. + spectre_v2= [X86] Control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability. The default operation protects the kernel from diff -u linux-intel-iotg-5.15.0/arch/x86/Kconfig linux-intel-iotg-5.15.0/arch/x86/Kconfig --- linux-intel-iotg-5.15.0/arch/x86/Kconfig +++ linux-intel-iotg-5.15.0/arch/x86/Kconfig @@ -2509,6 +2509,31 @@ If in doubt, say N. +choice + prompt "Clear branch history" + depends on CPU_SUP_INTEL + default SPECTRE_BHI_AUTO + help + Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks + where the branch history buffer is poisoned to speculatively steer + indirect branches. + See + +config SPECTRE_BHI_ON + bool "on" + help + Equivalent to setting spectre_bhi=on command line parameter. +config SPECTRE_BHI_OFF + bool "off" + help + Equivalent to setting spectre_bhi=off command line parameter. +config SPECTRE_BHI_AUTO + bool "auto" + help + Equivalent to setting spectre_bhi=auto command line parameter. + +endchoice + endif config ARCH_HAS_ADD_PAGES diff -u linux-intel-iotg-5.15.0/arch/x86/entry/entry_64.S linux-intel-iotg-5.15.0/arch/x86/entry/entry_64.S --- linux-intel-iotg-5.15.0/arch/x86/entry/entry_64.S +++ linux-intel-iotg-5.15.0/arch/x86/entry/entry_64.S @@ -114,6 +114,7 @@ /* clobbers %rax, make sure it is after saving the syscall nr */ IBRS_ENTER UNTRAIN_RET + CLEAR_BRANCH_HISTORY call do_syscall_64 /* returns with IRQs disabled */ @@ -1500,0 +1502,60 @@ + +/* + * This sequence executes branches in order to remove user branch information + * from the branch history tracker in the Branch Predictor, therefore removing + * user influence on subsequent BTB lookups. + * + * It should be used on parts prior to Alder Lake. Newer parts should use the + * BHI_DIS_S hardware control instead. If a pre-Alder Lake part is being + * virtualized on newer hardware the VMM should protect against BHI attacks by + * setting BHI_DIS_S for the guests. + * + * CALLs/RETs are necessary to prevent Loop Stream Detector(LSD) from engaging + * and not clearing the branch history. The call tree looks like: + * + * call 1 + * call 2 + * call 2 + * call 2 + * call 2 + * call 2 + * ret + * ret + * ret + * ret + * ret + * ret + * + * This means that the stack is non-constant and ORC can't unwind it with %rsp + * alone. Therefore we unconditionally set up the frame pointer, which allows + * ORC to unwind properly. + * + * The alignment is for performance and not for safety, and may be safely + * refactored in the future if needed. + */ +SYM_FUNC_START(clear_bhb_loop) + push %rbp + mov %rsp, %rbp + movl $5, %ecx + ANNOTATE_INTRA_FUNCTION_CALL + call 1f + jmp 5f + .align 64, 0xcc + ANNOTATE_INTRA_FUNCTION_CALL +1: call 2f + RET + .align 64, 0xcc +2: movl $5, %eax +3: jmp 4f + nop +4: sub $1, %eax + jnz 3b + sub $1, %ecx + jnz 1b + RET +5: lfence + pop %rbp + RET +SYM_FUNC_END(clear_bhb_loop) +EXPORT_SYMBOL_GPL(clear_bhb_loop) +STACK_FRAME_NON_STANDARD(clear_bhb_loop) diff -u linux-intel-iotg-5.15.0/arch/x86/entry/entry_64_compat.S linux-intel-iotg-5.15.0/arch/x86/entry/entry_64_compat.S --- linux-intel-iotg-5.15.0/arch/x86/entry/entry_64_compat.S +++ linux-intel-iotg-5.15.0/arch/x86/entry/entry_64_compat.S @@ -116,6 +116,7 @@ IBRS_ENTER UNTRAIN_RET + CLEAR_BRANCH_HISTORY /* * SYSENTER doesn't filter flags, so we need to clear NT and AC @@ -259,6 +260,7 @@ IBRS_ENTER UNTRAIN_RET + CLEAR_BRANCH_HISTORY movq %rsp, %rdi call do_fast_syscall_32 @@ -421,6 +423,7 @@ IBRS_ENTER UNTRAIN_RET + CLEAR_BRANCH_HISTORY movq %rsp, %rdi call do_int80_syscall_32 diff -u linux-intel-iotg-5.15.0/arch/x86/include/asm/cpufeatures.h linux-intel-iotg-5.15.0/arch/x86/include/asm/cpufeatures.h --- linux-intel-iotg-5.15.0/arch/x86/include/asm/cpufeatures.h +++ linux-intel-iotg-5.15.0/arch/x86/include/asm/cpufeatures.h @@ -427,4 +427,15 @@ /* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc and Linux defined features. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_CLEAR_BHB_LOOP (21*32+ 1) /* "" Clear branch history at syscall entry using SW loop */ +#define X86_FEATURE_BHI_CTRL (21*32+ 2) /* "" BHI_DIS_S HW control available */ +#define X86_FEATURE_CLEAR_BHB_HW (21*32+ 3) /* "" BHI_DIS_S HW control enabled */ +#define X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT (21*32+ 4) /* "" Clear branch history at vmexit using SW loop */ + +/* * BUG word(s) */ @@ -473,2 +484,3 @@ #define X86_BUG_DIV0 X86_BUG(1*32 + 1) /* AMD DIV0 speculation bug */ +#define X86_BUG_BHI X86_BUG(1*32 + 3) /* CPU is affected by Branch History Injection */ #endif /* _ASM_X86_CPUFEATURES_H */ diff -u linux-intel-iotg-5.15.0/arch/x86/include/asm/msr-index.h linux-intel-iotg-5.15.0/arch/x86/include/asm/msr-index.h --- linux-intel-iotg-5.15.0/arch/x86/include/asm/msr-index.h +++ linux-intel-iotg-5.15.0/arch/x86/include/asm/msr-index.h @@ -53,10 +53,13 @@ #define SPEC_CTRL_SSBD BIT(SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ #define SPEC_CTRL_RRSBA_DIS_S_SHIFT 6 /* Disable RRSBA behavior */ #define SPEC_CTRL_RRSBA_DIS_S BIT(SPEC_CTRL_RRSBA_DIS_S_SHIFT) +#define SPEC_CTRL_BHI_DIS_S_SHIFT 10 /* Disable Branch History Injection behavior */ +#define SPEC_CTRL_BHI_DIS_S BIT(SPEC_CTRL_BHI_DIS_S_SHIFT) /* A mask for bits which the kernel toggles when controlling mitigations */ #define SPEC_CTRL_MITIGATIONS_MASK (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD \ - | SPEC_CTRL_RRSBA_DIS_S) + | SPEC_CTRL_RRSBA_DIS_S \ + | SPEC_CTRL_BHI_DIS_S) #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ #define PRED_CMD_IBPB BIT(0) /* Indirect Branch Prediction Barrier */ @@ -153,6 +156,10 @@ * are restricted to targets in * kernel. */ +#define ARCH_CAP_BHI_NO BIT(20) /* + * CPU is not affected by Branch + * History Injection. + */ #define ARCH_CAP_PBRSB_NO BIT(24) /* * Not susceptible to Post-Barrier * Return Stack Buffer Predictions. diff -u linux-intel-iotg-5.15.0/arch/x86/include/asm/nospec-branch.h linux-intel-iotg-5.15.0/arch/x86/include/asm/nospec-branch.h --- linux-intel-iotg-5.15.0/arch/x86/include/asm/nospec-branch.h +++ linux-intel-iotg-5.15.0/arch/x86/include/asm/nospec-branch.h @@ -182,6 +182,19 @@ #endif .endm +#ifdef CONFIG_X86_64 +.macro CLEAR_BRANCH_HISTORY + ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP +.endm + +.macro CLEAR_BRANCH_HISTORY_VMEXIT + ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT +.endm +#else +#define CLEAR_BRANCH_HISTORY +#define CLEAR_BRANCH_HISTORY_VMEXIT +#endif + #else /* __ASSEMBLY__ */ #define ANNOTATE_RETPOLINE_SAFE \ @@ -207,6 +220,10 @@ extern void entry_untrain_ret(void); extern void entry_ibpb(void); +#ifdef CONFIG_X86_64 +extern void clear_bhb_loop(void); +#endif + #ifdef CONFIG_RETPOLINE typedef u8 retpoline_thunk_t[RETPOLINE_THUNK_SIZE]; diff -u linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/bugs.c linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/bugs.c --- linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/bugs.c +++ linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/bugs.c @@ -1516,6 +1516,79 @@ dump_stack(); } +/* + * Set BHI_DIS_S to prevent indirect branches in kernel to be influenced by + * branch history in userspace. Not needed if BHI_NO is set. + */ +static bool __init spec_ctrl_bhi_dis(void) +{ + if (!boot_cpu_has(X86_FEATURE_BHI_CTRL)) + return false; + + x86_spec_ctrl_base |= SPEC_CTRL_BHI_DIS_S; + update_spec_ctrl(x86_spec_ctrl_base); + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_HW); + + return true; +} + +enum bhi_mitigations { + BHI_MITIGATION_OFF, + BHI_MITIGATION_ON, + BHI_MITIGATION_AUTO, +}; + +static enum bhi_mitigations bhi_mitigation __ro_after_init = + IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : + IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF : + BHI_MITIGATION_AUTO; + +static int __init spectre_bhi_parse_cmdline(char *str) +{ + if (!str) + return -EINVAL; + + if (!strcmp(str, "off")) + bhi_mitigation = BHI_MITIGATION_OFF; + else if (!strcmp(str, "on")) + bhi_mitigation = BHI_MITIGATION_ON; + else if (!strcmp(str, "auto")) + bhi_mitigation = BHI_MITIGATION_AUTO; + else + pr_err("Ignoring unknown spectre_bhi option (%s)", str); + + return 0; +} +early_param("spectre_bhi", spectre_bhi_parse_cmdline); + +static void __init bhi_select_mitigation(void) +{ + if (bhi_mitigation == BHI_MITIGATION_OFF) + return; + + /* Retpoline mitigates against BHI unless the CPU has RRSBA behavior */ + if (cpu_feature_enabled(X86_FEATURE_RETPOLINE) && + !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA)) + return; + + if (spec_ctrl_bhi_dis()) + return; + + if (!IS_ENABLED(CONFIG_X86_64)) + return; + + /* Mitigate KVM by default */ + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); + pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit\n"); + + if (bhi_mitigation == BHI_MITIGATION_AUTO) + return; + + /* Mitigate syscalls when the mitigation is forced =on */ + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); + pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n"); +} + static void __init spectre_v2_select_mitigation(void) { enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); @@ -1622,6 +1695,9 @@ mode == SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); + if (boot_cpu_has(X86_BUG_BHI)) + bhi_select_mitigation(); + spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); @@ -2502,74 +2578,74 @@ static ssize_t l1tf_show_state(char *buf) { if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) - return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); + return sysfs_emit(buf, "%s\n", L1TF_DEFAULT_MSG); if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && sched_smt_active())) { - return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, - l1tf_vmx_states[l1tf_vmx_mitigation]); + return sysfs_emit(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, + l1tf_vmx_states[l1tf_vmx_mitigation]); } - return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, - l1tf_vmx_states[l1tf_vmx_mitigation], - sched_smt_active() ? "vulnerable" : "disabled"); + return sysfs_emit(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, + l1tf_vmx_states[l1tf_vmx_mitigation], + sched_smt_active() ? "vulnerable" : "disabled"); } static ssize_t itlb_multihit_show_state(char *buf) { if (!boot_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) || !boot_cpu_has(X86_FEATURE_VMX)) - return sprintf(buf, "KVM: Mitigation: VMX unsupported\n"); + return sysfs_emit(buf, "KVM: Mitigation: VMX unsupported\n"); else if (!(cr4_read_shadow() & X86_CR4_VMXE)) - return sprintf(buf, "KVM: Mitigation: VMX disabled\n"); + return sysfs_emit(buf, "KVM: Mitigation: VMX disabled\n"); else if (itlb_multihit_kvm_mitigation) - return sprintf(buf, "KVM: Mitigation: Split huge pages\n"); + return sysfs_emit(buf, "KVM: Mitigation: Split huge pages\n"); else - return sprintf(buf, "KVM: Vulnerable\n"); + return sysfs_emit(buf, "KVM: Vulnerable\n"); } #else static ssize_t l1tf_show_state(char *buf) { - return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); + return sysfs_emit(buf, "%s\n", L1TF_DEFAULT_MSG); } static ssize_t itlb_multihit_show_state(char *buf) { - return sprintf(buf, "Processor vulnerable\n"); + return sysfs_emit(buf, "Processor vulnerable\n"); } #endif static ssize_t mds_show_state(char *buf) { if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { - return sprintf(buf, "%s; SMT Host state unknown\n", - mds_strings[mds_mitigation]); + return sysfs_emit(buf, "%s; SMT Host state unknown\n", + mds_strings[mds_mitigation]); } if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) { - return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], - (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" : - sched_smt_active() ? "mitigated" : "disabled")); + return sysfs_emit(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], + (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" : + sched_smt_active() ? "mitigated" : "disabled")); } - return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], - sched_smt_active() ? "vulnerable" : "disabled"); + return sysfs_emit(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], + sched_smt_active() ? "vulnerable" : "disabled"); } static ssize_t tsx_async_abort_show_state(char *buf) { if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLED) || (taa_mitigation == TAA_MITIGATION_OFF)) - return sprintf(buf, "%s\n", taa_strings[taa_mitigation]); + return sysfs_emit(buf, "%s\n", taa_strings[taa_mitigation]); if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { - return sprintf(buf, "%s; SMT Host state unknown\n", - taa_strings[taa_mitigation]); + return sysfs_emit(buf, "%s; SMT Host state unknown\n", + taa_strings[taa_mitigation]); } - return sprintf(buf, "%s; SMT %s\n", taa_strings[taa_mitigation], - sched_smt_active() ? "vulnerable" : "disabled"); + return sysfs_emit(buf, "%s; SMT %s\n", taa_strings[taa_mitigation], + sched_smt_active() ? "vulnerable" : "disabled"); } static ssize_t mmio_stale_data_show_state(char *buf) @@ -2596,15 +2672,15 @@ switch (spectre_v2_user_stibp) { case SPECTRE_V2_USER_NONE: - return ", STIBP: disabled"; + return "; STIBP: disabled"; case SPECTRE_V2_USER_STRICT: - return ", STIBP: forced"; + return "; STIBP: forced"; case SPECTRE_V2_USER_STRICT_PREFERRED: - return ", STIBP: always-on"; + return "; STIBP: always-on"; case SPECTRE_V2_USER_PRCTL: case SPECTRE_V2_USER_SECCOMP: if (static_key_enabled(&switch_to_cond_stibp)) - return ", STIBP: conditional"; + return "; STIBP: conditional"; } return ""; } @@ -2613,10 +2689,10 @@ { if (boot_cpu_has(X86_FEATURE_IBPB)) { if (static_key_enabled(&switch_mm_always_ibpb)) - return ", IBPB: always-on"; + return "; IBPB: always-on"; if (static_key_enabled(&switch_mm_cond_ibpb)) - return ", IBPB: conditional"; - return ", IBPB: disabled"; + return "; IBPB: conditional"; + return "; IBPB: disabled"; } return ""; } @@ -2626,58 +2702,76 @@ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || boot_cpu_has(X86_FEATURE_RSB_VMEXIT)) - return ", PBRSB-eIBRS: SW sequence"; + return "; PBRSB-eIBRS: SW sequence"; else - return ", PBRSB-eIBRS: Vulnerable"; + return "; PBRSB-eIBRS: Vulnerable"; } else { - return ", PBRSB-eIBRS: Not affected"; + return "; PBRSB-eIBRS: Not affected"; } } +static const char * const spectre_bhi_state(void) +{ + if (!boot_cpu_has_bug(X86_BUG_BHI)) + return "; BHI: Not affected"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_HW)) + return "; BHI: BHI_DIS_S"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP)) + return "; BHI: SW loop, KVM: SW loop"; + else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && + !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA)) + return "; BHI: Retpoline"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) + return "; BHI: Syscall hardening, KVM: SW loop"; + + return "; BHI: Vulnerable (Syscall hardening enabled)"; +} + static ssize_t spectre_v2_show_state(char *buf) { if (spectre_v2_enabled == SPECTRE_V2_LFENCE) - return sprintf(buf, "Vulnerable: LFENCE\n"); + return sysfs_emit(buf, "Vulnerable: LFENCE\n"); if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled()) - return sprintf(buf, "Vulnerable: eIBRS with unprivileged eBPF\n"); + return sysfs_emit(buf, "Vulnerable: eIBRS with unprivileged eBPF\n"); if (sched_smt_active() && unprivileged_ebpf_enabled() && spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE) - return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); + return sysfs_emit(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); - return sprintf(buf, "%s%s%s%s%s%s%s\n", - spectre_v2_strings[spectre_v2_enabled], - ibpb_state(), - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", - stibp_state(), - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", - pbrsb_eibrs_state(), - spectre_v2_module_string()); + return sysfs_emit(buf, "%s%s%s%s%s%s%s%s\n", + spectre_v2_strings[spectre_v2_enabled], + ibpb_state(), + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? "; IBRS_FW" : "", + stibp_state(), + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? "; RSB filling" : "", + pbrsb_eibrs_state(), + spectre_bhi_state(), + /* this should always be at the end */ + spectre_v2_module_string()); } static ssize_t srbds_show_state(char *buf) { - return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]); + return sysfs_emit(buf, "%s\n", srbds_strings[srbds_mitigation]); } static ssize_t retbleed_show_state(char *buf) { if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET || retbleed_mitigation == RETBLEED_MITIGATION_IBPB) { - if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD && - boot_cpu_data.x86_vendor != X86_VENDOR_HYGON) - return sprintf(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n"); - - return sprintf(buf, "%s; SMT %s\n", - retbleed_strings[retbleed_mitigation], - !sched_smt_active() ? "disabled" : - spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || - spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ? - "enabled with STIBP protection" : "vulnerable"); + if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD && + boot_cpu_data.x86_vendor != X86_VENDOR_HYGON) + return sysfs_emit(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n"); + + return sysfs_emit(buf, "%s; SMT %s\n", retbleed_strings[retbleed_mitigation], + !sched_smt_active() ? "disabled" : + spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || + spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ? + "enabled with STIBP protection" : "vulnerable"); } - return sprintf(buf, "%s\n", retbleed_strings[retbleed_mitigation]); + return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]); } static ssize_t gds_show_state(char *buf) @@ -2699,26 +2793,26 @@ char *buf, unsigned int bug) { if (!boot_cpu_has_bug(bug)) - return sprintf(buf, "Not affected\n"); + return sysfs_emit(buf, "Not affected\n"); switch (bug) { case X86_BUG_CPU_MELTDOWN: if (boot_cpu_has(X86_FEATURE_PTI)) - return sprintf(buf, "Mitigation: PTI\n"); + return sysfs_emit(buf, "Mitigation: PTI\n"); if (hypervisor_is_type(X86_HYPER_XEN_PV)) - return sprintf(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n"); + return sysfs_emit(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n"); break; case X86_BUG_SPECTRE_V1: - return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]); + return sysfs_emit(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]); case X86_BUG_SPECTRE_V2: return spectre_v2_show_state(buf); case X86_BUG_SPEC_STORE_BYPASS: - return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); + return sysfs_emit(buf, "%s\n", ssb_strings[ssb_mode]); case X86_BUG_L1TF: if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV)) @@ -2754,7 +2848,7 @@ break; } - return sprintf(buf, "Vulnerable\n"); + return sysfs_emit(buf, "Vulnerable\n"); } ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) diff -u linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/common.c linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/common.c --- linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/common.c +++ linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/common.c @@ -1109,6 +1109,7 @@ #define NO_SPECTRE_V2 BIT(8) #define NO_MMIO BIT(9) #define NO_EIBRS_PBRSB BIT(10) +#define NO_BHI BIT(11) #define VULNWL(vendor, family, model, whitelist) \ X86_MATCH_VENDOR_FAM_MODEL(vendor, family, model, whitelist) @@ -1169,18 +1170,18 @@ VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), /* AMD Family 0xf - 0x12 */ - VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), + VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ - VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), + VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), /* Zhaoxin Family 7 */ - VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS | NO_MMIO), - VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS | NO_MMIO), + VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS | NO_MMIO | NO_BHI), + VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS | NO_MMIO | NO_BHI), {} }; @@ -1382,6 +1383,13 @@ setup_force_cpu_bug(X86_BUG_SRSO); } + /* When virtualized, eIBRS could be hidden, assume vulnerable */ + if (!(ia32_cap & ARCH_CAP_BHI_NO) && + !cpu_matches(cpu_vuln_whitelist, NO_BHI) && + (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED) || + boot_cpu_has(X86_FEATURE_HYPERVISOR))) + setup_force_cpu_bug(X86_BUG_BHI); + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) return; diff -u linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/scattered.c linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/scattered.c --- linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/scattered.c +++ linux-intel-iotg-5.15.0/arch/x86/kernel/cpu/scattered.c @@ -27,6 +27,7 @@ { X86_FEATURE_APERFMPERF, CPUID_ECX, 0, 0x00000006, 0 }, { X86_FEATURE_EPB, CPUID_ECX, 3, 0x00000006, 0 }, { X86_FEATURE_RRSBA_CTRL, CPUID_EDX, 2, 0x00000007, 2 }, + { X86_FEATURE_BHI_CTRL, CPUID_EDX, 4, 0x00000007, 2 }, { X86_FEATURE_CQM_LLC, CPUID_EDX, 1, 0x0000000f, 0 }, { X86_FEATURE_CQM_OCCUP_LLC, CPUID_EDX, 0, 0x0000000f, 1 }, { X86_FEATURE_CQM_MBM_TOTAL, CPUID_EDX, 1, 0x0000000f, 1 }, diff -u linux-intel-iotg-5.15.0/arch/x86/kvm/cpuid.c linux-intel-iotg-5.15.0/arch/x86/kvm/cpuid.c --- linux-intel-iotg-5.15.0/arch/x86/kvm/cpuid.c +++ linux-intel-iotg-5.15.0/arch/x86/kvm/cpuid.c @@ -355,9 +355,9 @@ } static __always_inline -void kvm_cpu_cap_init_scattered(enum kvm_only_cpuid_leafs leaf, u32 mask) +void kvm_cpu_cap_init_kvm_defined(enum kvm_only_cpuid_leafs leaf, u32 mask) { - /* Use kvm_cpu_cap_mask for non-scattered leafs. */ + /* Use kvm_cpu_cap_mask for leafs that aren't KVM-only. */ BUILD_BUG_ON(leaf < NCAPINTS); kvm_cpu_caps[leaf] = mask; @@ -367,7 +367,7 @@ static __always_inline void kvm_cpu_cap_mask(enum cpuid_leafs leaf, u32 mask) { - /* Use kvm_cpu_cap_init_scattered for scattered leafs. */ + /* Use kvm_cpu_cap_init_kvm_defined for KVM-only leafs. */ BUILD_BUG_ON(leaf >= NCAPINTS); kvm_cpu_caps[leaf] &= mask; @@ -469,11 +469,16 @@ F(AVX_VNNI) | F(AVX512_BF16) ); + kvm_cpu_cap_init_kvm_defined(CPUID_7_2_EDX, + F(INTEL_PSFD) | F(IPRED_CTRL) | F(RRSBA_CTRL) | F(DDPD_U) | + F(BHI_CTRL) | F(MCDT_NO) + ); + kvm_cpu_cap_mask(CPUID_D_1_EAX, F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | F(XSAVES) ); - kvm_cpu_cap_init_scattered(CPUID_12_EAX, + kvm_cpu_cap_init_kvm_defined(CPUID_12_EAX, SF(SGX1) | SF(SGX2) ); @@ -710,13 +715,13 @@ break; /* function 7 has additional index. */ case 7: - entry->eax = min(entry->eax, 1u); + max_idx = entry->eax = min(entry->eax, 2u); cpuid_entry_override(entry, CPUID_7_0_EBX); cpuid_entry_override(entry, CPUID_7_ECX); cpuid_entry_override(entry, CPUID_7_EDX); - /* KVM only supports 0x7.0 and 0x7.1, capped above via min(). */ - if (entry->eax == 1) { + /* KVM only supports up to 0x7.2, capped above via min(). */ + if (max_idx >= 1) { entry = do_host_cpuid(array, function, 1); if (!entry) goto out; @@ -726,6 +731,16 @@ entry->ecx = 0; entry->edx = 0; } + if (max_idx >= 2) { + entry = do_host_cpuid(array, function, 2); + if (!entry) + goto out; + + cpuid_entry_override(entry, CPUID_7_2_EDX); + entry->ecx = 0; + entry->ebx = 0; + entry->eax = 0; + } break; case 0xa: { /* Architectural Performance Monitoring */ struct x86_pmu_capability cap; diff -u linux-intel-iotg-5.15.0/arch/x86/kvm/reverse_cpuid.h linux-intel-iotg-5.15.0/arch/x86/kvm/reverse_cpuid.h --- linux-intel-iotg-5.15.0/arch/x86/kvm/reverse_cpuid.h +++ linux-intel-iotg-5.15.0/arch/x86/kvm/reverse_cpuid.h @@ -7,23 +7,44 @@ #include /* - * Hardware-defined CPUID leafs that are scattered in the kernel, but need to - * be directly used by KVM. Note, these word values conflict with the kernel's - * "bug" caps, but KVM doesn't use those. + * Hardware-defined CPUID leafs that are either scattered by the kernel or are + * unknown to the kernel, but need to be directly used by KVM. Note, these + * word values conflict with the kernel's "bug" caps, but KVM doesn't use those. */ enum kvm_only_cpuid_leafs { CPUID_12_EAX = NCAPINTS, + CPUID_7_2_EDX, NR_KVM_CPU_CAPS, NKVMCAPINTS = NR_KVM_CPU_CAPS - NCAPINTS, }; +/* + * Define a KVM-only feature flag. + * + * For features that are scattered by cpufeatures.h, __feature_translate() also + * needs to be updated to translate the kernel-defined feature into the + * KVM-defined feature. + * + * For features that are 100% KVM-only, i.e. not defined by cpufeatures.h, + * forego the intermediate KVM_X86_FEATURE and directly define X86_FEATURE_* so + * that X86_FEATURE_* can be used in KVM. No __feature_translate() handling is + * needed in this case. + */ #define KVM_X86_FEATURE(w, f) ((w)*32 + (f)) /* Intel-defined SGX sub-features, CPUID level 0x12 (EAX). */ #define KVM_X86_FEATURE_SGX1 KVM_X86_FEATURE(CPUID_12_EAX, 0) #define KVM_X86_FEATURE_SGX2 KVM_X86_FEATURE(CPUID_12_EAX, 1) +/* Intel-defined sub-features, CPUID level 0x00000007:2 (EDX) */ +#define X86_FEATURE_INTEL_PSFD KVM_X86_FEATURE(CPUID_7_2_EDX, 0) +#define X86_FEATURE_IPRED_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 1) +#define KVM_X86_FEATURE_RRSBA_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 2) +#define X86_FEATURE_DDPD_U KVM_X86_FEATURE(CPUID_7_2_EDX, 3) +#define KVM_X86_FEATURE_BHI_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 4) +#define X86_FEATURE_MCDT_NO KVM_X86_FEATURE(CPUID_7_2_EDX, 5) + struct cpuid_reg { u32 function; u32 index; @@ -49,6 +70,7 @@ [CPUID_12_EAX] = {0x00000012, 0, CPUID_EAX}, [CPUID_8000_001F_EAX] = {0x8000001f, 0, CPUID_EAX}, [CPUID_8000_0021_EAX] = {0x80000021, 0, CPUID_EAX}, + [CPUID_7_2_EDX] = { 7, 2, CPUID_EDX}, }; /* @@ -75,12 +97,17 @@ */ static __always_inline u32 __feature_translate(int x86_feature) { - if (x86_feature == X86_FEATURE_SGX1) - return KVM_X86_FEATURE_SGX1; - else if (x86_feature == X86_FEATURE_SGX2) - return KVM_X86_FEATURE_SGX2; +#define KVM_X86_TRANSLATE_FEATURE(f) \ + case X86_FEATURE_##f: return KVM_X86_FEATURE_##f - return x86_feature; + switch (x86_feature) { + KVM_X86_TRANSLATE_FEATURE(SGX1); + KVM_X86_TRANSLATE_FEATURE(SGX2); + KVM_X86_TRANSLATE_FEATURE(RRSBA_CTRL); + KVM_X86_TRANSLATE_FEATURE(BHI_CTRL); + default: + return x86_feature; + } } static __always_inline u32 __feature_leaf(int x86_feature) diff -u linux-intel-iotg-5.15.0/arch/x86/kvm/vmx/vmenter.S linux-intel-iotg-5.15.0/arch/x86/kvm/vmx/vmenter.S --- linux-intel-iotg-5.15.0/arch/x86/kvm/vmx/vmenter.S +++ linux-intel-iotg-5.15.0/arch/x86/kvm/vmx/vmenter.S @@ -239,6 +239,8 @@ call vmx_spec_ctrl_restore_host + CLEAR_BRANCH_HISTORY_VMEXIT + /* Put return value in AX */ mov %_ASM_BX, %_ASM_AX diff -u linux-intel-iotg-5.15.0/arch/x86/kvm/x86.c linux-intel-iotg-5.15.0/arch/x86/kvm/x86.c --- linux-intel-iotg-5.15.0/arch/x86/kvm/x86.c +++ linux-intel-iotg-5.15.0/arch/x86/kvm/x86.c @@ -1498,7 +1498,8 @@ ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ - ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO) + ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \ + ARCH_CAP_BHI_NO) static u64 kvm_get_arch_capabilities(void) { diff -u linux-intel-iotg-5.15.0/debian.intel-iotg/changelog linux-intel-iotg-5.15.0/debian.intel-iotg/changelog --- linux-intel-iotg-5.15.0/debian.intel-iotg/changelog +++ linux-intel-iotg-5.15.0/debian.intel-iotg/changelog @@ -1,10 +1,24 @@ -linux-intel-iotg (5.15.0-1054.60) jammy; urgency=medium +linux-intel-iotg (5.15.0-1056.62) jammy; urgency=medium - * jammy/linux-intel-iotg: 5.15.0-1054.60 -proposed tracker (LP: #2059482) + * jammy/linux-intel-iotg: 5.15.0-1056.62 -proposed tracker (LP: #2061797) - [ Ubuntu: 5.15.0-104.114 ] + [ Ubuntu: 5.15.0-106.116 ] - * jammy/linux: 5.15.0-104.114 -proposed tracker (LP: #2059497) + * jammy/linux: 5.15.0-106.116 -proposed tracker (LP: #2061812) + * CVE-2024-2201 + - x86/bugs: Use sysfs_emit() + - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs + - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace + - KVM: x86: Use a switch statement and macros in __feature_translate() + - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file + - x86/syscall: Don't force use of indirect calls for system calls + - x86/bhi: Add support for clearing branch history at syscall entry + - x86/bhi: Define SPEC_CTRL_BHI_DIS_S + - x86/bhi: Enumerate Branch History Injection (BHI) bug + - x86/bhi: Add BHI mitigation knob + - x86/bhi: Mitigate KVM by default + - KVM: x86: Add BHI_NO + - [Config] Set CONFIG_BHI to enabled (auto) * Drop fips-checks script from trees (LP: #2055083) - [Packaging] Remove fips-checks script * alsa/realtek: adjust max output valume for headphone on 2 LG machines @@ -25,8 +39,6 @@ - ipc: Check permissions for checkpoint_restart sysctls at open time - percpu: add percpu_counter_add_local and percpu_counter_sub_local - ipc/msg: mitigate the lock contention with percpu counter - * Remove getabis scripts (LP: #2059143) - - [Packaging] Remove getabis * Jammy update: v5.15.149 upstream stable release (LP: #2059014) - ksmbd: free ppace array on error in parse_dacl - ksmbd: don't allow O_TRUNC open on read-only share @@ -497,25 +509,15 @@ - drm/msm/dsi: Enable runtime PM - net: bcmgenet: Fix EEE implementation - fs/ntfs3: Add null pointer checks - - smb3: Replace smb2pdu 1-element arrays with flex-arrays - staging: fbtft: core: set smem_len before fb_deferred_io_init call - usb: dwc3: gadget: Don't delay End Transfer on delayed_status - usb: dwc3: gadget: Execute gadget stop after halting the controller - media: Revert "media: rkisp1: Drop IRQF_SHARED" - usb: dwc3: gadget: Ignore End Transfer delay on teardown - Linux 5.15.149 - * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // - CVE-2023-52603 - - UBSAN: array-index-out-of-bounds in dtSplitRoot - * CVE-2023-52600 - - jfs: fix uaf in jfs_evict_inode - * CVE-2023-24023 - - Bluetooth: Add more enc key size check * Fix headphone mic detection issue on ALC897 (LP: #2056418) - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform - * CVE-2024-26581 - - netfilter: nft_set_rbtree: skip end interval element from gc * CVE-2023-6039 - timers: Replace BUG_ON()s * Problems with HVCS and hotplugging (LP: #2056373) @@ -529,7 +531,21 @@ - KVM: arm64: Work out supported block level at compile time - KVM: arm64: Limit stage2_apply_range() batch size to largest block - -- Thibault Ferrante Thu, 11 Apr 2024 15:11:34 +0200 + -- Stefan Bader Mon, 22 Apr 2024 11:54:39 +0200 + +linux-intel-iotg (5.15.0-1055.61) jammy; urgency=medium + + * jammy/linux-intel-iotg: 5.15.0-1055.61 -proposed tracker (LP: #2061492) + + [ Ubuntu: 5.15.0-105.115 ] + + * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372) + * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS + stopped working/is unstable with kernel update to 5.15.0-102.112 + (LP: #2060780) + - smb3: Replace smb2pdu 1-element arrays with flex-arrays + + -- Roxana Nicolescu Mon, 15 Apr 2024 21:12:03 +0200 linux-intel-iotg (5.15.0-1053.59) jammy; urgency=medium diff -u linux-intel-iotg-5.15.0/debian.intel-iotg/tracking-bug linux-intel-iotg-5.15.0/debian.intel-iotg/tracking-bug --- linux-intel-iotg-5.15.0/debian.intel-iotg/tracking-bug +++ linux-intel-iotg-5.15.0/debian.intel-iotg/tracking-bug @@ -1 +1 @@ -2059482 2024.04.01-1 +2061797 2024.04.01-3 diff -u linux-intel-iotg-5.15.0/debian.master/changelog linux-intel-iotg-5.15.0/debian.master/changelog --- linux-intel-iotg-5.15.0/debian.master/changelog +++ linux-intel-iotg-5.15.0/debian.master/changelog @@ -1,6 +1,21 @@ -linux (5.15.0-104.114) jammy; urgency=medium +linux (5.15.0-106.116) jammy; urgency=medium - * jammy/linux: 5.15.0-104.114 -proposed tracker (LP: #2059497) + * jammy/linux: 5.15.0-106.116 -proposed tracker (LP: #2061812) + + * CVE-2024-2201 + - x86/bugs: Use sysfs_emit() + - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs + - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace + - KVM: x86: Use a switch statement and macros in __feature_translate() + - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file + - x86/syscall: Don't force use of indirect calls for system calls + - x86/bhi: Add support for clearing branch history at syscall entry + - x86/bhi: Define SPEC_CTRL_BHI_DIS_S + - x86/bhi: Enumerate Branch History Injection (BHI) bug + - x86/bhi: Add BHI mitigation knob + - x86/bhi: Mitigate KVM by default + - KVM: x86: Add BHI_NO + - [Config] Set CONFIG_BHI to enabled (auto) * Drop fips-checks script from trees (LP: #2055083) - [Packaging] Remove fips-checks script @@ -26,9 +41,6 @@ - percpu: add percpu_counter_add_local and percpu_counter_sub_local - ipc/msg: mitigate the lock contention with percpu counter - * Remove getabis scripts (LP: #2059143) - - [Packaging] Remove getabis - * Jammy update: v5.15.149 upstream stable release (LP: #2059014) - ksmbd: free ppace array on error in parse_dacl - ksmbd: don't allow O_TRUNC open on read-only share @@ -499,7 +511,6 @@ - drm/msm/dsi: Enable runtime PM - net: bcmgenet: Fix EEE implementation - fs/ntfs3: Add null pointer checks - - smb3: Replace smb2pdu 1-element arrays with flex-arrays - staging: fbtft: core: set smem_len before fb_deferred_io_init call - usb: dwc3: gadget: Don't delay End Transfer on delayed_status - usb: dwc3: gadget: Execute gadget stop after halting the controller @@ -507,23 +518,10 @@ - usb: dwc3: gadget: Ignore End Transfer delay on teardown - Linux 5.15.149 - * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // - CVE-2023-52603 - - UBSAN: array-index-out-of-bounds in dtSplitRoot - - * CVE-2023-52600 - - jfs: fix uaf in jfs_evict_inode - - * CVE-2023-24023 - - Bluetooth: Add more enc key size check - * Fix headphone mic detection issue on ALC897 (LP: #2056418) - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform - * CVE-2024-26581 - - netfilter: nft_set_rbtree: skip end interval element from gc - * CVE-2023-6039 - timers: Replace BUG_ON()s @@ -539,7 +537,43 @@ - KVM: arm64: Work out supported block level at compile time - KVM: arm64: Limit stage2_apply_range() batch size to largest block - -- Stefan Bader Thu, 28 Mar 2024 15:17:53 +0100 + -- Stefan Bader Tue, 16 Apr 2024 16:11:14 +0200 + +linux (5.15.0-105.115) jammy; urgency=medium + + * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372) + + * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS + stopped working/is unstable with kernel update to 5.15.0-102.112 + (LP: #2060780) + - smb3: Replace smb2pdu 1-element arrays with flex-arrays + + -- Roxana Nicolescu Mon, 15 Apr 2024 10:38:15 +0200 + +linux (5.15.0-103.113) jammy; urgency=medium + + * jammy/linux: 5.15.0-103.113 -proposed tracker (LP: #2059683) + + * Packaging resync (LP: #1786013) + - [Packaging] drop getabis data + + * Remove getabis scripts (LP: #2059143) + - [Packaging] Remove getabis + + * CVE-2023-24023 + - Bluetooth: Add more enc key size check + + * CVE-2023-52600 + - jfs: fix uaf in jfs_evict_inode + + * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // + CVE-2023-52603 + - UBSAN: array-index-out-of-bounds in dtSplitRoot + + * CVE-2024-26581 + - netfilter: nft_set_rbtree: skip end interval element from gc + + -- Manuel Diewald Thu, 28 Mar 2024 19:21:10 +0100 linux (5.15.0-102.112) jammy; urgency=medium diff -u linux-intel-iotg-5.15.0/debian.master/config/annotations linux-intel-iotg-5.15.0/debian.master/config/annotations --- linux-intel-iotg-5.15.0/debian.master/config/annotations +++ linux-intel-iotg-5.15.0/debian.master/config/annotations @@ -11942,6 +11942,9 @@ CONFIG_SPEAKUP_SYNTH_SOFT policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': '-'}> CONFIG_SPEAKUP_SYNTH_SPKOUT policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': '-'}> CONFIG_SPEAKUP_SYNTH_TXPRT policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': '-'}> +CONFIG_SPECTRE_BHI_AUTO policy<{'amd64': 'y'}> +CONFIG_SPECTRE_BHI_OFF policy<{'amd64': 'n'}> +CONFIG_SPECTRE_BHI_ON policy<{'amd64': 'n'}> CONFIG_SPECULATION_MITIGATIONS policy<{'amd64': 'y'}> CONFIG_SPI policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'n'}> CONFIG_SPI_ALTERA policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm'}> reverted: --- linux-intel-iotg-5.15.0/debian.master/etc/getabis +++ linux-intel-iotg-5.15.0.orig/debian.master/etc/getabis @@ -1,19 +0,0 @@ -repo_list=( - "http://archive.ubuntu.com/ubuntu/pool/main/l/linux" - "http://ports.ubuntu.com/ubuntu-ports/pool/main/l/linux" - "http://archive.ubuntu.com/ubuntu/pool/universe/l/linux" - "http://ports.ubuntu.com/ubuntu-ports/pool/universe/l/linux" - "http://ppa.launchpad.net/canonical-kernel-team/ppa/ubuntu/pool/main/l/linux" - "http://ppa.launchpad.net/canonical-kernel-team/ppa2/ubuntu/pool/main/l/linux" - "http://ppa.launchpad.net/canonical-kernel-team/unstable/ubuntu/pool/main/l/linux" - "http://ppa.launchpad.net/canonical-kernel-team/bootstrap/ubuntu/pool/main/l/linux" -) - -package_prefixes linux-buildinfo - -getall armhf generic -getall armhf generic-lpae -getall amd64 generic -getall arm64 generic generic-64k -getall ppc64el generic -getall s390x generic diff -u linux-intel-iotg-5.15.0/debian.master/tracking-bug linux-intel-iotg-5.15.0/debian.master/tracking-bug --- linux-intel-iotg-5.15.0/debian.master/tracking-bug +++ linux-intel-iotg-5.15.0/debian.master/tracking-bug @@ -1 +1 @@ -2059497 2024.04.01-1 +2061812 2024.04.01-3 diff -u linux-intel-iotg-5.15.0/debian/changelog linux-intel-iotg-5.15.0/debian/changelog --- linux-intel-iotg-5.15.0/debian/changelog +++ linux-intel-iotg-5.15.0/debian/changelog @@ -1,10 +1,24 @@ -linux-intel-iotg (5.15.0-1054.60) jammy; urgency=medium +linux-intel-iotg (5.15.0-1056.62) jammy; urgency=medium - * jammy/linux-intel-iotg: 5.15.0-1054.60 -proposed tracker (LP: #2059482) + * jammy/linux-intel-iotg: 5.15.0-1056.62 -proposed tracker (LP: #2061797) - [ Ubuntu: 5.15.0-104.114 ] + [ Ubuntu: 5.15.0-106.116 ] - * jammy/linux: 5.15.0-104.114 -proposed tracker (LP: #2059497) + * jammy/linux: 5.15.0-106.116 -proposed tracker (LP: #2061812) + * CVE-2024-2201 + - x86/bugs: Use sysfs_emit() + - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs + - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace + - KVM: x86: Use a switch statement and macros in __feature_translate() + - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file + - x86/syscall: Don't force use of indirect calls for system calls + - x86/bhi: Add support for clearing branch history at syscall entry + - x86/bhi: Define SPEC_CTRL_BHI_DIS_S + - x86/bhi: Enumerate Branch History Injection (BHI) bug + - x86/bhi: Add BHI mitigation knob + - x86/bhi: Mitigate KVM by default + - KVM: x86: Add BHI_NO + - [Config] Set CONFIG_BHI to enabled (auto) * Drop fips-checks script from trees (LP: #2055083) - [Packaging] Remove fips-checks script * alsa/realtek: adjust max output valume for headphone on 2 LG machines @@ -25,8 +39,6 @@ - ipc: Check permissions for checkpoint_restart sysctls at open time - percpu: add percpu_counter_add_local and percpu_counter_sub_local - ipc/msg: mitigate the lock contention with percpu counter - * Remove getabis scripts (LP: #2059143) - - [Packaging] Remove getabis * Jammy update: v5.15.149 upstream stable release (LP: #2059014) - ksmbd: free ppace array on error in parse_dacl - ksmbd: don't allow O_TRUNC open on read-only share @@ -497,25 +509,15 @@ - drm/msm/dsi: Enable runtime PM - net: bcmgenet: Fix EEE implementation - fs/ntfs3: Add null pointer checks - - smb3: Replace smb2pdu 1-element arrays with flex-arrays - staging: fbtft: core: set smem_len before fb_deferred_io_init call - usb: dwc3: gadget: Don't delay End Transfer on delayed_status - usb: dwc3: gadget: Execute gadget stop after halting the controller - media: Revert "media: rkisp1: Drop IRQF_SHARED" - usb: dwc3: gadget: Ignore End Transfer delay on teardown - Linux 5.15.149 - * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // - CVE-2023-52603 - - UBSAN: array-index-out-of-bounds in dtSplitRoot - * CVE-2023-52600 - - jfs: fix uaf in jfs_evict_inode - * CVE-2023-24023 - - Bluetooth: Add more enc key size check * Fix headphone mic detection issue on ALC897 (LP: #2056418) - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform - * CVE-2024-26581 - - netfilter: nft_set_rbtree: skip end interval element from gc * CVE-2023-6039 - timers: Replace BUG_ON()s * Problems with HVCS and hotplugging (LP: #2056373) @@ -529,7 +531,21 @@ - KVM: arm64: Work out supported block level at compile time - KVM: arm64: Limit stage2_apply_range() batch size to largest block - -- Thibault Ferrante Thu, 11 Apr 2024 15:11:34 +0200 + -- Stefan Bader Mon, 22 Apr 2024 11:54:39 +0200 + +linux-intel-iotg (5.15.0-1055.61) jammy; urgency=medium + + * jammy/linux-intel-iotg: 5.15.0-1055.61 -proposed tracker (LP: #2061492) + + [ Ubuntu: 5.15.0-105.115 ] + + * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372) + * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS + stopped working/is unstable with kernel update to 5.15.0-102.112 + (LP: #2060780) + - smb3: Replace smb2pdu 1-element arrays with flex-arrays + + -- Roxana Nicolescu Mon, 15 Apr 2024 21:12:03 +0200 linux-intel-iotg (5.15.0-1053.59) jammy; urgency=medium diff -u linux-intel-iotg-5.15.0/debian/control linux-intel-iotg-5.15.0/debian/control --- linux-intel-iotg-5.15.0/debian/control +++ linux-intel-iotg-5.15.0/debian/control @@ -61,7 +61,7 @@ XS-Testsuite: autopkgtest #XS-Testsuite-Depends: gcc-4.7 binutils -Package: linux-intel-iotg-headers-5.15.0-1054 +Package: linux-intel-iotg-headers-5.15.0-1056 Build-Profiles: Architecture: all Multi-Arch: foreign @@ -71,7 +71,7 @@ Description: Header files related to Linux kernel version 5.15.0 This package provides kernel header files for version 5.15.0, for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-intel-iotg-headers-5.15.0-1054/debian.README.gz for details + /usr/share/doc/linux-intel-iotg-headers-5.15.0-1056/debian.README.gz for details Package: linux-intel-iotg-tools-common Build-Profiles: @@ -85,18 +85,18 @@ version locked tools (such as perf and x86_energy_perf_policy) for version 5.15.0. -Package: linux-intel-iotg-tools-5.15.0-1054 +Package: linux-intel-iotg-tools-5.15.0-1056 Build-Profiles: Architecture: amd64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common -Description: Linux kernel version specific tools for version 5.15.0-1054 +Description: Linux kernel version specific tools for version 5.15.0-1056 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.15.0-1054 on + version 5.15.0-1056 on 64 bit x86. - You probably want to install linux-tools-5.15.0-1054-. + You probably want to install linux-tools-5.15.0-1056-. Package: linux-intel-iotg-cloud-tools-common Build-Profiles: @@ -109,17 +109,17 @@ This package provides the architecture independent parts for kernel version locked tools for cloud tools for version 5.15.0. -Package: linux-intel-iotg-cloud-tools-5.15.0-1054 +Package: linux-intel-iotg-cloud-tools-5.15.0-1056 Build-Profiles: Architecture: amd64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-cloud-tools-common -Description: Linux kernel version specific cloud tools for version 5.15.0-1054 +Description: Linux kernel version specific cloud tools for version 5.15.0-1056 This package provides the architecture dependant parts for kernel - version locked tools for cloud tools for version 5.15.0-1054 on + version locked tools for cloud tools for version 5.15.0-1056 on 64 bit x86. - You probably want to install linux-cloud-tools-5.15.0-1054-. + You probably want to install linux-cloud-tools-5.15.0-1056-. Package: linux-intel-iotg-tools-host Build-Profiles: @@ -132,17 +132,17 @@ This package provides kernel tools useful for VM hosts. -Package: linux-image-unsigned-5.15.0-1054-intel-iotg +Package: linux-image-unsigned-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Provides: linux-image, fuse-module, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.15.0-1054-intel-iotg +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.15.0-1056-intel-iotg Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | lilo [amd64], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-5.15.0-1054-intel-iotg -Suggests: fdutils, linux-doc | linux-intel-iotg-source-5.15.0, linux-intel-iotg-tools, linux-headers-5.15.0-1054-intel-iotg, linux-modules-extra-5.15.0-1054-intel-iotg +Conflicts: linux-image-5.15.0-1056-intel-iotg +Suggests: fdutils, linux-doc | linux-intel-iotg-source-5.15.0, linux-intel-iotg-tools, linux-headers-5.15.0-1056-intel-iotg, linux-modules-extra-5.15.0-1056-intel-iotg Description: Linux kernel image for version 5.15.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.15.0 on 64 bit x86 SMP. @@ -155,12 +155,12 @@ the linux-intel-iotg meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.15.0-1054-intel-iotg +Package: linux-modules-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.15.0-1054-intel-iotg | linux-image-unsigned-5.15.0-1054-intel-iotg +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.15.0-1056-intel-iotg | linux-image-unsigned-5.15.0-1056-intel-iotg Built-Using: ${linux:BuiltUsing} Description: Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP Contains the corresponding System.map file, the modules built by the @@ -175,12 +175,12 @@ the linux-intel-iotg meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.15.0-1054-intel-iotg +Package: linux-modules-extra-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.15.0-1054-intel-iotg | linux-image-unsigned-5.15.0-1054-intel-iotg, wireless-regdb +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.15.0-1056-intel-iotg | linux-image-unsigned-5.15.0-1056-intel-iotg, wireless-regdb Description: Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP. @@ -197,21 +197,21 @@ the linux-intel-iotg meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.15.0-1054-intel-iotg +Package: linux-headers-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-intel-iotg-headers-5.15.0-1054, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-intel-iotg-headers-5.15.0-1056, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.15.0 on 64 bit x86 SMP This package provides kernel header files for version 5.15.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.15.0-1054/debian.README.gz for details. + /usr/share/doc/linux-headers-5.15.0-1056/debian.README.gz for details. -Package: linux-image-unsigned-5.15.0-1054-intel-iotg-dbgsym +Package: linux-image-unsigned-5.15.0-1056-intel-iotg-dbgsym Build-Profiles: Architecture: amd64 Section: devel @@ -228,30 +228,30 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.15.0-1054-intel-iotg +Package: linux-tools-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-intel-iotg-tools-5.15.0-1054 -Description: Linux kernel version specific tools for version 5.15.0-1054 +Depends: ${misc:Depends}, linux-intel-iotg-tools-5.15.0-1056 +Description: Linux kernel version specific tools for version 5.15.0-1056 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.15.0-1054 on + version 5.15.0-1056 on 64 bit x86. -Package: linux-cloud-tools-5.15.0-1054-intel-iotg +Package: linux-cloud-tools-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-intel-iotg-cloud-tools-5.15.0-1054 -Description: Linux kernel version specific cloud tools for version 5.15.0-1054 +Depends: ${misc:Depends}, linux-intel-iotg-cloud-tools-5.15.0-1056 +Description: Linux kernel version specific cloud tools for version 5.15.0-1056 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.15.0-1054 on + version locked tools for cloud for version 5.15.0-1056 on 64 bit x86. -Package: linux-buildinfo-5.15.0-1054-intel-iotg +Package: linux-buildinfo-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: kernel @@ -265,18 +265,18 @@ You likely do not want to install this package. -Package: linux-modules-iwlwifi-5.15.0-1054-intel-iotg +Package: linux-modules-iwlwifi-5.15.0-1056-intel-iotg Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-5.15.0-1054-intel-iotg | linux-image-unsigned-5.15.0-1054-intel-iotg, + linux-image-5.15.0-1056-intel-iotg | linux-image-unsigned-5.15.0-1056-intel-iotg, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel iwlwifi modules for version 5.15.0-1054 +Description: Linux kernel iwlwifi modules for version 5.15.0-1056 This package provides the Linux kernel iwlwifi modules for version - 5.15.0-1054. + 5.15.0-1056. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-iwlwifi-intel-iotg* meta-packages, only in patch2: unchanged: --- linux-intel-iotg-5.15.0.orig/arch/x86/entry/common.c +++ linux-intel-iotg-5.15.0/arch/x86/entry/common.c @@ -47,7 +47,7 @@ if (likely(unr < NR_syscalls)) { unr = array_index_nospec(unr, NR_syscalls); - regs->ax = sys_call_table[unr](regs); + regs->ax = x64_sys_call(regs, unr); return true; } return false; @@ -64,7 +64,7 @@ if (IS_ENABLED(CONFIG_X86_X32_ABI) && likely(xnr < X32_NR_syscalls)) { xnr = array_index_nospec(xnr, X32_NR_syscalls); - regs->ax = x32_sys_call_table[xnr](regs); + regs->ax = x32_sys_call(regs, xnr); return true; } return false; @@ -109,7 +109,7 @@ if (likely(unr < IA32_NR_syscalls)) { unr = array_index_nospec(unr, IA32_NR_syscalls); - regs->ax = ia32_sys_call_table[unr](regs); + regs->ax = ia32_sys_call(regs, unr); } else if (nr != -1) { regs->ax = __ia32_sys_ni_syscall(regs); } only in patch2: unchanged: --- linux-intel-iotg-5.15.0.orig/arch/x86/entry/syscall_32.c +++ linux-intel-iotg-5.15.0/arch/x86/entry/syscall_32.c @@ -18,8 +18,25 @@ #include #undef __SYSCALL +/* + * The sys_call_table[] is no longer used for system calls, but + * kernel/trace/trace_syscalls.c still wants to know the system + * call address. + */ +#ifdef CONFIG_X86_32 #define __SYSCALL(nr, sym) __ia32_##sym, - -__visible const sys_call_ptr_t ia32_sys_call_table[] = { +const sys_call_ptr_t sys_call_table[] = { #include }; +#undef __SYSCALL +#endif + +#define __SYSCALL(nr, sym) case nr: return __ia32_##sym(regs); + +long ia32_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __ia32_sys_ni_syscall(regs); + } +}; only in patch2: unchanged: --- linux-intel-iotg-5.15.0.orig/arch/x86/entry/syscall_64.c +++ linux-intel-iotg-5.15.0/arch/x86/entry/syscall_64.c @@ -11,8 +11,23 @@ #include #undef __SYSCALL +/* + * The sys_call_table[] is no longer used for system calls, but + * kernel/trace/trace_syscalls.c still wants to know the system + * call address. + */ #define __SYSCALL(nr, sym) __x64_##sym, - -asmlinkage const sys_call_ptr_t sys_call_table[] = { +const sys_call_ptr_t sys_call_table[] = { #include }; +#undef __SYSCALL + +#define __SYSCALL(nr, sym) case nr: return __x64_##sym(regs); + +long x64_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __x64_sys_ni_syscall(regs); + } +}; only in patch2: unchanged: --- linux-intel-iotg-5.15.0.orig/arch/x86/entry/syscall_x32.c +++ linux-intel-iotg-5.15.0/arch/x86/entry/syscall_x32.c @@ -11,8 +11,12 @@ #include #undef __SYSCALL -#define __SYSCALL(nr, sym) __x64_##sym, +#define __SYSCALL(nr, sym) case nr: return __x64_##sym(regs); -asmlinkage const sys_call_ptr_t x32_sys_call_table[] = { -#include +long x32_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __x64_sys_ni_syscall(regs); + } }; only in patch2: unchanged: --- linux-intel-iotg-5.15.0.orig/arch/x86/include/asm/syscall.h +++ linux-intel-iotg-5.15.0/arch/x86/include/asm/syscall.h @@ -16,19 +16,17 @@ #include /* for TS_COMPAT */ #include +/* This is used purely for kernel/trace/trace_syscalls.c */ typedef long (*sys_call_ptr_t)(const struct pt_regs *); extern const sys_call_ptr_t sys_call_table[]; -#if defined(CONFIG_X86_32) -#define ia32_sys_call_table sys_call_table -#else /* * These may not exist, but still put the prototypes in so we * can use IS_ENABLED(). */ -extern const sys_call_ptr_t ia32_sys_call_table[]; -extern const sys_call_ptr_t x32_sys_call_table[]; -#endif +extern long ia32_sys_call(const struct pt_regs *, unsigned int nr); +extern long x32_sys_call(const struct pt_regs *, unsigned int nr); +extern long x64_sys_call(const struct pt_regs *, unsigned int nr); /* * Only the low 32 bits of orig_ax are meaningful, so we return int.