enough in order for the LBR MSR access to not #GP
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLdD5sACgkQEsHwGGHe
VUoaDA//Yiir+zrTjbCOSnma/pgn3wbWQVe2Y1E1+Tj+av3hBuzTdoAqgDDrFTQ7
zKwJBjGRb+yQduFbLpLCD9BittX2yk2WGIP3gvLB0ffCLMKU/NOCSKPDZ+HDtvPE
MkJ1usBLhAYbExgoQVI0Cu9dBL5AR1hKy+ZAw/W7uUhRdR7g9B2gLd1Hg261jmLS
+imOAQiUgbCAl8d7kMk9lB5gCl3j5DZ+FgpCTYWV4n87cvGBIjAESyjhfAKXRwmg
Y7acUtOWB935LleA9su2HCtejeIhRoLlV5qUrc0oMUiM6GSymkd6PBRykQ16kajL
MzKb56daTiK8q4sEhmte0grNNNdyY0nVp2YmvzQ1Cf16Au0XvHIjhLg9WWI+WYmd
rSP1OXrGoUQ9C2Vex008ajIPQFVDCgRV4euzE8CveiBnNzVp6JCScjNlvVpOgaxM
04Yesok4nAhJYSYLg1IWXuF5caOyNODJYRNj18ypt2FCEJdDxuDwqVL8DW/oqFz5
JxTRAuyvojhir/0ztDdMiQ9IkMTjdSboIp1gbjkj0C1J0gJq8Bh9tqNK/uChw58J
UY9rojGnAa2JEXxQ3P5Dj/zSfw5FoCe7VgACrw+lXw0sJ3CKh08ojRjofP4ET+s1
77ru8deYJ4sy0IyGLml6WpA3hWwUvkjxWVx1cdnyeBHW9oc7fGQ=
=nYW6
-----END PGP SIGNATURE-----
Merge tag 'perf_urgent_for_v5.19_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fix from Borislav Petkov:
- Reorganize the perf LBR init code so that a TSX quirk is applied
early enough in order for the LBR MSR access to not #GP
* tag 'perf_urgent_for_v5.19_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel/lbr: Fix unchecked MSR access error on HSW
work if even needed, at all).
- Prevent return thunks patching of the LKDTM modules as it is not needed there
- Avoid writing the SPEC_CTRL MSR on every kernel entry on eIBRS parts
- Enhance error output of apply_returns() when it fails to patch a return thunk
- A sparse fix to the sev-guest module
- Protect EFI fw calls by issuing an IBPB on AMD
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLdCZIACgkQEsHwGGHe
VUpZHw//frU5tCHiP+4UM/kGdrcDxVy+FutkoprrNzhYszkvVGWOU4GOyExjnbXj
cS47AlIAv5o2T+UKN6pwtH1n6Jb+Qf2zsaMlyIcxI7t1PiyddkT9wvrgP52GPNyl
vrxtDVoo1aYF8z7RxTEtjWHzUlfxQTSlo+olQVtW/JYWnqQOPwvPm+bOA+0MBzwA
gbDV2nM1Z0D9ifo536J9P93/HtYwW/fsrutTj0hICxweRGnEN7Gw11Ci+6cT+Rgq
TYO5feaFnnbv0hnfDbWQXAuDVdgi0aJ06CDuoC6U/WmKNpQo2rpjAASVXN/EEQyh
wwy/bqauj8daOpSU/8/hNx1Rwx3gP6FWEzYpylsn3xP7p9y6dWQnBh4i2ZmMhxUt
zbIlwNqSFWluFJaSpOnaPJJVrQbRj03Yb1ynTPCcuTl1K1ydGr03J351K8SfeXqP
bhkecr+BiddFs2Y3udaq/NYJEFRHtbZi3CdDcUulbmEfKOZIQRN0JMSAvR7SH1sZ
4lljsoSCfJgxKmgP9tVhRc19LD6knxTAzVbtjtyuEmsf1dN36rN5r5Y4lc1AN68s
12ymbV0qc/Qh6Cn8x/Cgv3S6kXjYrKdbSQHVnJXsJE0kz/mqyIn3+LChU+PoIvmu
7uGeEouIlDroBgT5WWFWnTgxujFPZD6O2rPsJwOXvTkp9uDof4Q=
=aSDG
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v5.19_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
"A couple more retbleed fallout fixes.
It looks like their urgency is decreasing so it seems like we've
managed to catch whatever snafus the limited -rc testing has exposed.
Maybe we're getting ready... :)
- Make retbleed mitigations 64-bit only (32-bit will need a bit more
work if even needed, at all).
- Prevent return thunks patching of the LKDTM modules as it is not
needed there
- Avoid writing the SPEC_CTRL MSR on every kernel entry on eIBRS
parts
- Enhance error output of apply_returns() when it fails to patch a
return thunk
- A sparse fix to the sev-guest module
- Protect EFI fw calls by issuing an IBPB on AMD"
* tag 'x86_urgent_for_v5.19_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/speculation: Make all RETbleed mitigations 64-bit only
lkdtm: Disable return thunks in rodata.c
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/alternative: Report missing return thunk details
virt: sev-guest: Pass the appropriate argument type to iounmap()
x86/amd: Use IBPB for firmware calls
* Fix use of sched_setaffinity in selftests
* Sync kernel headers to tools
* Fix KVM_STATS_UNIT_MAX
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLaTFwUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroO5Dwf/bRHhFs7XXdC5YU687bEFq/8/XCbY
wczM6cEIsWk0chzx92xIXzjb6DKPhrUFjGNH2C55XhLwHhCCUI+Q0zCfZ89ghjdX
Fe3fNcs6SAq6aLPjRBkk0+vt1jq233KzIV/GQJ5FivocPlWX562FXVEXoB/T26Ml
ljTmtPBn4Hd+LIE+7+HED2qCNzvNYtx3KGGTsZR7hcjoQmfFjXg+OTN0Uqsa+enW
lCEcN/gDMaTWFxY7lII63IJA4mE4WkdfYWjzuzvfUFsNU0IQZk+NrVZpiAP9zXeS
20o9nzetS7h1enLWqdGvJ+m5ot19l24nJeWZ8QQsS3T4XF2h7vL0lY/WBg==
=BDnJ
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
- Check for invalid flags to KVM_CAP_X86_USER_SPACE_MSR
- Fix use of sched_setaffinity in selftests
- Sync kernel headers to tools
- Fix KVM_STATS_UNIT_MAX
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: Protect the unused bits in MSR exiting flags
tools headers UAPI: Sync linux/kvm.h with the kernel sources
KVM: selftests: Fix target thread to be migrated in rseq_test
KVM: stats: Fix value for KVM_STATS_UNIT_MAX for boolean stats
The mitigations for RETBleed are currently ineffective on x86_32 since
entry_32.S does not use the required macros. However, for an x86_32
target, the kconfig symbols for them are still enabled by default and
/sys/devices/system/cpu/vulnerabilities/retbleed will wrongly report
that mitigations are in place.
Make all of these symbols depend on X86_64, and only enable RETHUNK by
default on X86_64.
Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/YtwSR3NNsWp1ohfV@decadent.org.uk
* Two kexec-related build fixes.
* A DTS update to make the GPIO nodes match the upcoming dtschema.
* A fix that passes -mno-relax directly to the assembler when building
modules, to work around compilers that fail to do so.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAmLavNcTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQfHKD/453cUPBewpQdepY6gKfT6cdGzV7oq6
/faitxnGZwotX2Z5TxN8rTBS7GmuLhfh2IE+zWsMaeNPK+W7pTx4eRMpTkTSbAh3
OpHpx0sy3zbdvMr4g3L4CtGvkBCfDjyxwnYu4djoWl6lj0jbFIvVwSSM0Dnbmzxv
G14p+7QzTzUPO6sGCRVGWqyJY20uAhUYHPs8WMqv0Csdou1M+wjXhusliQvgcQm5
HJOaz8p1V5lXzsjXU4Igg5BvYWsudoEhX9f+RrHxctxaGBVqukfOoZQq0nxMTXYm
OT+Ms+IFP7huYRUgjVlXLgaYhbt2X4An8Jqr97PXRSroOOJzAm/RqyV9m84kOpnL
Q2iSfhIQb7klt1rUec4fN1F6sKnX3jmS48yedOnNy7Sm3I8xxORaDlGPwCv9IwVc
RBY5RgeAPMj7uodx9q+0VFtJpfHAdX5Rgdj98nVVq3n7SM5RGflyctcY/fqo7+Ac
CFpCgSspsq9/COSm88cI2W5xbKfMHXuR/X7/VTfG7qka1l89BO7sNe00LGtGHZGb
+cMQ7tjcHAmU6FSqb1dJsLwoQgm2CDusDxI9ZYPCZJIch0EYAQHchtT2HM+RnqH3
cmwvSysL1RYTyeCC/f6JFHofAylmyrASmzaRujknsRKauTL251UTu85f+4om/MFg
POBZiZPCcpGTlQ==
=CfWz
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-5.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- Two kexec-related build fixes
- A DTS update to make the GPIO nodes match the upcoming dtschema
- A fix that passes -mno-relax directly to the assembler when building
modules, to work around compilers that fail to do so
* tag 'riscv-for-linus-5.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: add as-options for modules with assembly compontents
riscv: dts: align gpio-key node names with dtschema
RISC-V: kexec: Fix build error without CONFIG_KEXEC
RISCV: kexec: Fix build error without CONFIG_MODULES
When trying to load modules built for RISC-V which include assembly files
the kernel loader errors with "unexpected relocation type 'R_RISCV_ALIGN'"
due to R_RISCV_ALIGN relocations being generated by the assembler.
The R_RISCV_ALIGN relocations can be removed at the expense of code space
by adding -mno-relax to gcc and as. In commit 7a8e7da42250138
("RISC-V: Fixes to module loading") -mno-relax is added to the build
variable KBUILD_CFLAGS_MODULE. See [1] for more info.
The issue is that when kbuild builds a .S file, it invokes gcc with
the -mno-relax flag, but this is not being passed through to the
assembler. Adding -Wa,-mno-relax to KBUILD_AFLAGS_MODULE ensures that
the assembler is invoked correctly. This may have now been fixed in
gcc[2] and this addition should not stop newer gcc and as from working.
[1] https://github.com/riscv/riscv-elf-psabi-doc/issues/183
[2] 3b0a7d624e
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Link: https://lore.kernel.org/r/20220529152200.609809-1-ben.dooks@codethink.co.uk
Fixes: ab1ef68e5401 ("RISC-V: Add sections of PLT and GOT for kernel module")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
The previous patch removed the tlb_flush_end() implementation which
used tlb_flush_range(). This means:
- csky did double invalidates, a range invalidate per vma and a full
invalidate at the end
- csky actually has range invalidates and as such the generic
tlb_flush implementation is more efficient for it.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Will Deacon <will@kernel.org>
Tested-by: Guo Ren <guoren@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Scattered across the archs are 3 basic forms of tlb_{start,end}_vma().
Provide two new MMU_GATHER_knobs to enumerate them and remove the per
arch tlb_{start,end}_vma() implementations.
- MMU_GATHER_NO_FLUSH_CACHE indicates the arch has flush_cache_range()
but does *NOT* want to call it for each VMA.
- MMU_GATHER_MERGE_VMAS indicates the arch wants to merge the
invalidate across multiple VMAs if possible.
With these it is possible to capture the three forms:
1) empty stubs;
select MMU_GATHER_NO_FLUSH_CACHE and MMU_GATHER_MERGE_VMAS
2) start: flush_cache_range(), end: empty;
select MMU_GATHER_MERGE_VMAS
3) start: flush_cache_range(), end: flush_tlb_range();
default
Obviously, if the architecture does not have flush_cache_range() then
it also doesn't need to select MMU_GATHER_NO_FLUSH_CACHE.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Will Deacon <will@kernel.org>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The fuzzer triggers the below trace.
[ 7763.384369] unchecked MSR access error: WRMSR to 0x689
(tried to write 0x1fffffff8101349e) at rIP: 0xffffffff810704a4
(native_write_msr+0x4/0x20)
[ 7763.397420] Call Trace:
[ 7763.399881] <TASK>
[ 7763.401994] intel_pmu_lbr_restore+0x9a/0x1f0
[ 7763.406363] intel_pmu_lbr_sched_task+0x91/0x1c0
[ 7763.410992] __perf_event_task_sched_in+0x1cd/0x240
On a machine with the LBR format LBR_FORMAT_EIP_FLAGS2, when the TSX is
disabled, a TSX quirk is required to access LBR from registers.
The lbr_from_signext_quirk_needed() is introduced to determine whether
the TSX quirk should be applied. However, the
lbr_from_signext_quirk_needed() is invoked before the
intel_pmu_lbr_init(), which parses the LBR format information. Without
the correct LBR format information, the TSX quirk never be applied.
Move the lbr_from_signext_quirk_needed() into the intel_pmu_lbr_init().
Checking x86_pmu.lbr_has_tsx in the lbr_from_signext_quirk_needed() is
not required anymore.
Both LBR_FORMAT_EIP_FLAGS2 and LBR_FORMAT_INFO have LBR_TSX flag, but
only the LBR_FORMAT_EIP_FLAGS2 requirs the quirk. Update the comments
accordingly.
Fixes: 1ac7fd8159a8 ("perf/x86/intel/lbr: Support LBR format V7")
Reported-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20220714182630.342107-1-kan.liang@linux.intel.com
The following warning was seen:
WARNING: CPU: 0 PID: 0 at arch/x86/kernel/alternative.c:557 apply_returns (arch/x86/kernel/alternative.c:557 (discriminator 1))
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc4-00008-gee88d363d156 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
RIP: 0010:apply_returns (arch/x86/kernel/alternative.c:557 (discriminator 1))
Code: ff ff 74 cb 48 83 c5 04 49 39 ee 0f 87 81 fe ff ff e9 22 ff ff ff 0f 0b 48 83 c5 04 49 39 ee 0f 87 6d fe ff ff e9 0e ff ff ff <0f> 0b 48 83 c5 04 49 39 ee 0f 87 59 fe ff ff e9 fa fe ff ff 48 89
The warning happened when apply_returns() failed to convert "JMP
__x86_return_thunk" to RET. It was instead a JMP to nowhere, due to the
thunk relocation not getting resolved.
That rodata.o code is objcopy'd to .rodata, and later memcpy'd, so
relocations don't work (and are apparently silently ignored).
LKDTM is only used for testing, so the naked RET should be fine. So
just disable return thunks for that file.
While at it, disable objtool and KCSAN for the file.
Fixes: 0b53c374b9ef ("x86/retpoline: Use -mfunction-return")
Reported-by: kernel test robot <oliver.sang@intel.com>
Debugged-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/lkml/Ys58BxHxoDZ7rfpr@xsang-OptiPlex-9020/
IBRS mitigation for spectre_v2 forces write to MSR_IA32_SPEC_CTRL at
every kernel entry/exit. On Enhanced IBRS parts setting
MSR_IA32_SPEC_CTRL[IBRS] only once at boot is sufficient. MSR writes at
every kernel entry/exit incur unnecessary performance loss.
When Enhanced IBRS feature is present, print a warning about this
unnecessary performance loss.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/2a5eaf54583c2bfe0edc4fea64006656256cca17.1657814857.git.pawan.kumar.gupta@linux.intel.com
Debugging missing return thunks is easier if we can see where they're
happening.
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/lkml/Ys66hwtFcGbYmoiZ@hirez.programming.kicks-ass.net/
The flags for KVM_CAP_X86_USER_SPACE_MSR and KVM_X86_SET_MSR_FILTER
have no protection for their unused bits. Without protection, future
development for these features will be difficult. Add the protection
needed to make it possible to extend these features in the future.
Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Message-Id: <20220714161314.1715227-1-aaronlewis@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
On AMD IBRS does not prevent Retbleed; as such use IBPB before a
firmware call to flush the branch history state.
And because in order to do an EFI call, the kernel maps a whole lot of
the kernel page table into the EFI page table, do an IBPB just in case
in order to prevent the scenario of poisoning the BTB and causing an EFI
call using the unprotected RET there.
[ bp: Massage. ]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220715194550.793957-1-cascardo@canonical.com
can accomodate a XenPV guest due to how the latter is setting up the PAT
machinery
Now that the retbleed nightmare is public, here's the first round of
fallout fixes:
- Fix a build failure on 32-bit due to missing include
- Remove an untraining point in espfix64 return path
- other small cleanups
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLTudcACgkQEsHwGGHe
VUrY4BAAtWm7wC6T8rzovbsyticj6kcehRMBEXxtlEP5LOeltR0dbNaIGskrS2Li
Q9YxxtQhbZPXqzqB+xeHVhDPThzsd3+wRvvetmR4fW/c3XCYr+fLLFjHj0NEvX0P
lQzuY8GKWGU/QTrjKSKclGvqyB692Fvdu4YImlnrGSbR6ywwVttditd3YNJR0w1q
7S4zq90uwWuX6cTLqXIcbKbhssOjcR1Agj9+bE8i+rzyB2VtNoihJCJh0pTJAn3P
RaXnxI/7J6Y+5imPf5/ywu8gxhvGBTy5MU/1v2pw939EurU9tmhVkNVWdO2g/qYY
V+Y1nj9xV0ucL4hlUBqAFdM+5jFC89Ey1X2tSgUgSl+44L/d8IIjVCp6inVoyCzE
Olbc6q7A/V8PNXfo4g6gDwVc3Ii53Fwgtu8xVHkwPGfjly6+yZ9O/RUBXcBAOnpU
jfS9LSc/Ro7kxqFy32beUgB7wwhMpkYuHe6ECxrvXj1IK13y3OkdxFzm03ty7S/E
BwjrkltDia9BQ6i4Ywy+qSBYkSH6+sxxt4pboB+ft6/p2JIw4YJIp9PRqzPAG0jx
JTjcZ9YAr7zPNlWp5e30BjGawgbuKPq0wkF1r6QD+3VzNf9+SSDmtkYGWeAyTTP2
SkzLy5QCNBTeeq0FZVYZFm/vcF7wccQhQdwNcezxygKAmihH0xw=
=ND3p
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v5.19_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
- Improve the check whether the kernel supports WP mappings so that it
can accomodate a XenPV guest due to how the latter is setting up the
PAT machinery
- Now that the retbleed nightmare is public, here's the first round of
fallout fixes:
* Fix a build failure on 32-bit due to missing include
* Remove an untraining point in espfix64 return path
* other small cleanups
* tag 'x86_urgent_for_v5.19_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/bugs: Remove apostrophe typo
um: Add missing apply_returns()
x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
x86/bugs: Mark retbleed_strings static
x86/pat: Fix x86_has_pat_wp()
x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
- Fix building of out-of-tree kernel modules without a pre-built
kernel in case CONFIG_EXPOLINE_EXTERN=y.
- Fix a reference counting error that could prevent unloading of
zcrypt modules.
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCYtHZUxccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8ENUAP90iq8LRvI+F16ckFOZSr+r38Mh
FL0eJSiX840uBevfugEAwxXB8xR6qvqW2x6+44NzTXk+gosjZkAv0kb+I0zd0Ag=
=XCBM
-----END PGP SIGNATURE-----
Merge tag 's390-5.19-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Alexander Gordeev:
- Fix building of out-of-tree kernel modules without a pre-built kernel
in case CONFIG_EXPOLINE_EXTERN=y.
- Fix a reference counting error that could prevent unloading of zcrypt
modules.
* tag 's390-5.19-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/ap: fix error handling in __verify_queue_reservations()
s390/nospec: remove unneeded header includes
s390/nospec: build expoline.o for modules_prepare target
Fix more fallout from recent changes of the ACPI CPPC handling on AMD
platforms (Mario Limonciello).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmLRsmYSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxw7AP/i0f3x8wTGby77H9aFHxqYD1az5/nUco
Ymp8+l1Bm9TNbfBa1EqmwGwleho5X2GXUzFX2K3cKqNNp3fG/R0fsp7/+/h8YDmd
DzwidRaIQPMsqdUzjIncB83UNIhFeh3/gix0n+iZM+cVw2dBdluXHiq88HtDjOFz
ZkCF0ka5QcJyLJ4DgIbF5/CV/q3hd0ZT3xKLC0HfedZ7YwPRTL1yefUK3sosLZTW
qDWYL/86+XwoFBntBQ6gfGYS/xQ7nQ50QKa+SD8cqLCSrQFYswLkRnQpDg1XJlMT
XPc5WRrlbMC5VV+daY5/uMflRVdDLSuBKt5uTyFrvgguvw9S0Bgct8l/tABa8KRL
AGDMoqW6V0Lc3z1Jyu4xjjTY6lrhyTB+any8K/roGrAxSYqZveMiAgyyMLbZfxNa
dU1IAIw41g/ucBB/pE0T1jfrVrAIsLVoKXSl4ixpu50yC1DjJrv85zQfOyEVI9jM
/okPONeRLTbXnB7+xRCA8AB5nXgPOqPqpLYPW7IDHghskacqZiAo6fm7tWEC5ijX
epiI/JvwU7Pbt9UuS/7Kui9yC/33ErZEdYRC4QOhBQS4vLVpzQMRFRjdF8d50Jzk
Qm73OzFKDZNm/8ladAWSdyvmvl/Ch8PjAqIBqmZNQYAoBYmWjN1LhuN+d17/ro2I
jE05pwY8TXQL
=Y0dz
-----END PGP SIGNATURE-----
Merge tag 'acpi-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Fix more fallout from recent changes of the ACPI CPPC handling on AMD
platforms (Mario Limonciello)"
* tag 'acpi-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: CPPC: Fix enabling CPPC on AMD systems with shared memory
Remove a superfluous ' in the mitigation string.
Fixes: e8ec1b6e08a2 ("x86/bugs: Enable STIBP for JMP2RET")
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
* A fix to avoid printing a warning when modules do not exercise any
errata-dependent behavior and the SiFive errata are enabled.
* A fix to the Microchip PFSOC to attach the L2 cache to the CPU nodes.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmLRngwTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYiUR9EAC+X+a9S2GFQixKioNUxvA/6BRUnpn3
lR8DK4Ca8P30NMKymBiMNkppsp/zV9eWqf2w4LnjhGawbJSCGFTV5ghnJ2gb/qYD
HP9IxR2qvxk4RjnK7wViJ67e6NZDuSObZ5uYaDdo5y003JjoVxcX2fOzx0mMIpNj
EWXlqYELXOY/D3c5iypMAtgWiulnWbb3WlcgSuCVuayyxxIES5jWaeGYF9F0ppyu
TGjvh4PVnupUmcTX/JmH8J7BHOJeE/yrqd6w23pBkyQnOBjhUjkjf4PyuLdJFnOm
9KeBewLuQNXOVInSeuv8FJtEI0yJ9WhP4k5Gc7l9M9GG8a8QIws/VJ+PJnY5Lh+O
macWHygAG3ZmgIWM+zdTOTwENLxW0OXOdQHRKk4b0bNwKCbQMDsJVEBCuQwwjHMY
+zxVBU+4JUjJnIo89Lhlx3fnHgUaoNrITqGNtAxeYqIppR+7Lj7ORaKYU1dPYwyC
1S823/GDD2jnZz8uQYdrxu/Zzcd4s7VWHtWU0CqpblvxIeeYyqCsCcXvSs9ojACU
Dqc3omP8Y4Fj/UnCUm4OwnrrT3qIQo2oSEOnsWViTkYNWWlYVCxE0fkXBZ1R9T6f
wOQ2FqPG5jP8B0TD8U3QSnCliPotfOxY+h0TnDpLLGu070MKTHpq3dECLikPbh39
cXw3DP83dB12mg==
=54Dc
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- A fix to avoid printing a warning when modules do not exercise any
errata-dependent behavior and the SiFive errata are enabled.
- A fix to the Microchip PFSOC to attach the L2 cache to the CPU nodes.
* tag 'riscv-for-linus-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: don't warn for sifive erratas in modules
riscv: dts: microchip: hook up the mpfs' l2cache
* Fix missing PAGE_PFN_MASK
* Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests()
x86:
* Fix for nested virtualization when TSC scaling is active
* Estimate the size of fastcc subroutines conservatively, avoiding disastrous
underestimation when return thunks are enabled
* Avoid possible use of uninitialized fields of 'struct kvm_lapic_irq'
Generic:
* Mark as such the boolean values available from the statistics file descriptors
* Clarify statistics documentation
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLRVkcUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroMm4QgAgZHQTSyA4+/xOYs0cBX2Q6YYkDGG
yUTjiiLmXjzKmjRkfhqKO75aqGhbv08U20hfHRdxxYV5b2Ful/xEnryj+mjyEBmv
wFO1Q8Tlwi+6Wwen+VN0tjiQwdY/N6+dI39U2Nn4yCtYyLbCALTWSlq3qr6RjhaI
P8XFXcPweyow3GsFrwgJVJ/vA/gaAhY17NOmdI5icFioTeJbrrAYw88Cbh9PzkGS
IsgmHn8Yt9a3x/rzo2LhhMbzsXDR87l+OlJhmGCUB5L0kRt8rJz30ysCeKgTpkoz
QOBZPdODeJ4Pdk4Z82A7NPUAFaaGGxUMkeIoAIXJ0F/VIpKb7+l3AETlZA==
=x3x6
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"RISC-V:
- Fix missing PAGE_PFN_MASK
- Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests()
x86:
- Fix for nested virtualization when TSC scaling is active
- Estimate the size of fastcc subroutines conservatively, avoiding
disastrous underestimation when return thunks are enabled
- Avoid possible use of uninitialized fields of 'struct
kvm_lapic_irq'
Generic:
- Mark as such the boolean values available from the statistics file
descriptors
- Clarify statistics documentation"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: emulate: do not adjust size of fastop and setcc subroutines
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
Documentation: kvm: clarify histogram units
kvm: stats: tell userspace which values are boolean
x86/kvm: fix FASTOP_SIZE when return thunks are enabled
KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
RISC-V: KVM: Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests()
riscv: Fix missing PAGE_PFN_MASK
Most of the contents are bugfixes for the devicetree files:
- A Qualcomm MSM8974 pin controller regression, caused by a cleanup
patch that gets partially reverted here.
- Missing properties for Broadcom BCM49xx to fix timer detection and
SMP boot.
- Fix touchscreen pinctrl for imx6ull-colibri board
- Multiple fixes for Rockchip rk3399 based machines including the
vdu clock-rate fix, otg port fix on Quartz64-A and ethernet
on Quartz64-B
- Fixes for misspelled DT contents causing minor problems on
imx6qdl-ts7970m, orangepi-zero, sama5d2, kontron-kswitch-d10,
and ls1028a
And a couple of changes elsewhere:
- Fix binding for Allwinner D1 display pipeline
- Trivial code fixes to the TEE and reset controller driver subsystems
and the rockchip platform code.
- Multiple updates to the MAINTAINERS files, marking the Palm Treo
support as orphaned, and fixing some entries for added or changed
file names.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmLRXIcACgkQmmx57+YA
GNkEzxAAl65KpVU88zGDuX/e46T/vxRGzJXZtR+qB7DdzKLN2C0joFfbKRHQa4B5
WrIGxpKj4hLdn2QNE3pqhj0PZb8SpE521CjVcYEeUNrTvN8DASAHD76ZgQh3onFE
oOAY6RsAn37kGB1munbDR7ZnbclGNp4WAuhTMflNmxTiijokiod4/gbzFiD/EHIP
XtdPQHQH/fKqleU5x033SG5evQm/b/md0qNsvzFXTN0skl0it+1eqp3OmTwq7l8s
9AAHf6o/Kx3YoiLhi74NIKyXNJ5uRmITR7MWhn/fwZxlvvEWZwaw97QzaZW0EeT1
vX2BdN4w3CNLxPu+rmKaet1qKYf0KnuYDwzcKFDrzjyznedn2Zyb2sB6PBT+Zp1J
5luaAl/jccC7vQ8l/xsl1YEWwgaJC5P5iQ9PwaMxY/d/rBh+FiSZ3F5UrJfpVTl/
h9I1WNAA7dqiywFQ6yrDuYMgeTDtFwS5bm6J8VPSw9kMiNT4snxcFlAw7py1Ls7O
6yKvPHFJ36ACcc7Jz3IYyZeKI9G+LfMWE1AZ+n6SXCJF7QQSjVmI29K6hLukkxVq
9hQCKdIvKhGAkhSzIHCpR69ZFvdRcAzW6yS05CHaHmyweo3kRQhd+Df2kxxEIVzG
1plLZDk7j7oe6d1y19HweHkGiVBHynyEJR2XIgU2btY7A+R6zEI=
=oSv+
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"Most of the contents are bugfixes for the devicetree files:
- A Qualcomm MSM8974 pin controller regression, caused by a cleanup
patch that gets partially reverted here.
- Missing properties for Broadcom BCM49xx to fix timer detection and
SMP boot.
- Fix touchscreen pinctrl for imx6ull-colibri board
- Multiple fixes for Rockchip rk3399 based machines including the vdu
clock-rate fix, otg port fix on Quartz64-A and ethernet on
Quartz64-B
- Fixes for misspelled DT contents causing minor problems on
imx6qdl-ts7970m, orangepi-zero, sama5d2, kontron-kswitch-d10, and
ls1028a
And a couple of changes elsewhere:
- Fix binding for Allwinner D1 display pipeline
- Trivial code fixes to the TEE and reset controller driver
subsystems and the rockchip platform code.
- Multiple updates to the MAINTAINERS files, marking the Palm Treo
support as orphaned, and fixing some entries for added or changed
file names"
* tag 'soc-fixes-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (21 commits)
arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
ARM: dts: at91: sama5d2: Fix typo in i2s1 node
tee: tee_get_drvdata(): fix description of return value
optee: Remove duplicate 'of' in two places.
ARM: dts: kswitch-d10: use open drain mode for coma-mode pins
ARM: dts: colibri-imx6ull: fix snvs pinmux group
optee: smc_abi.c: fix wrong pointer passed to IS_ERR/PTR_ERR()
MAINTAINERS: add polarfire rng, pci and clock drivers
MAINTAINERS: mark ARM/PALM TREO SUPPORT orphan
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
arm64: dts: ls1028a: Update SFP node to include clock
dt-bindings: display: sun4i: Fix D1 pipeline count
ARM: dts: qcom: msm8974: re-add missing pinctrl
reset: Fix devm bulk optional exclusive control getter
MAINTAINERS: rectify entry for SYNOPSYS AXS10x RESET CONTROLLER DRIVER
ARM: rockchip: Add missing of_node_put() in rockchip_suspend_init()
arm64: dts: rockchip: Assign RK3399 VDU clock rate
arm64: dts: rockchip: Fix Quartz64-A dwc3 otg port behavior
...
Instead of doing complicated calculations to find the size of the subroutines
(which are even more complicated because they need to be stringified into
an asm statement), just hardcode to 16.
It is less dense for a few combinations of IBT/SLS/retbleed, but it has
the advantage of being really simple.
Cc: stable@vger.kernel.org # 5.15.x: 84e7051c0bc1: x86/kvm: fix FASTOP_SIZE when return thunks are enabled
Cc: stable@vger.kernel.org
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When CONFIG_KEXEC_FILE=y but CONFIG_KEXEC is not set:
kernel/kexec_core.o: In function `kimage_free':
kexec_core.c:(.text+0xa0c): undefined reference to `machine_kexec_cleanup'
kernel/kexec_core.o: In function `.L0 ':
kexec_core.c:(.text+0xde8): undefined reference to `machine_crash_shutdown'
kexec_core.c:(.text+0xdf4): undefined reference to `machine_kexec'
kernel/kexec_core.o: In function `.L231':
kexec_core.c:(.text+0xe1c): undefined reference to `riscv_crash_save_regs'
kernel/kexec_core.o: In function `.L0 ':
kexec_core.c:(.text+0x119e): undefined reference to `machine_shutdown'
kernel/kexec_core.o: In function `.L312':
kexec_core.c:(.text+0x11b2): undefined reference to `machine_kexec'
kernel/kexec_file.o: In function `.L0 ':
kexec_file.c:(.text+0xb84): undefined reference to `machine_kexec_prepare'
kernel/kexec_file.o: In function `.L177':
kexec_file.c:(.text+0xc5a): undefined reference to `machine_kexec_prepare'
Makefile:1160: recipe for target 'vmlinux' failed
make: *** [vmlinux] Error 1
These symbols should depend on CONFIG_KEXEC_CORE rather than CONFIG_KEXEC
when kexec_file has been implemented on RISC-V, like the other archs have
done.
Signed-off-by: Li Zhengyu <lizhengyu3@huawei.com>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220601070204.26882-1-lizhengyu3@huawei.com
Fixes: 6261586e0c91 ("RISC-V: Add kexec_file support")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
When CONFIG_MODULES is not set/enabled:
../arch/riscv/kernel/elf_kexec.c:353:9: error: unknown type name 'Elf_Rela'; did you mean 'Elf64_Rela'?
353 | Elf_Rela *relas;
| ^~~~~~~~
| Elf64_Rela
Replace Elf_Rela by Elf64_Rela to avoid relying on CONFIG_MODULES.
Signed-off-by: Li Zhengyu <lizhengyu3@huawei.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220601063924.13037-1-lizhengyu3@huawei.com
Fixes: 838b3e28488f ("RISC-V: Load purgatory in kexec_file")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
- quieten the spectre-bhb prints
- mark flattened device tree sections as shareable
- remove some obsolete CPU domain code and help text
- fix thumb unaligned access abort emulation
- fix amba_device_add() refcount underflow
- fix literal placement
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEuNNh8scc2k/wOAE+9OeQG+StrGQFAmLQD6IACgkQ9OeQG+St
rGQI2Q//dYODqrByRkrS8uKpriP0CPZcEB3o1ZWioa/CpM+4aoPptqb9nOa2c0Xx
LvBhL6k+fBJ8WCWlAJ50aIbcOwqSSzgf4EQMJo6Cc33vQi2alBLhL66ULF1rpQYm
2V7YRwtid/pRyP8LXaWdy/RbRvcXn5xF7cCvlMrOoZQ7nyloIT3nf0XydgoVn+xo
lbfFdfPT18HQtUOiCSOGdI0pV1QEakMB4eJ9haZHak4l/XXBTRIg8PAxk1C8DfxZ
aLfeI6VfCKLJ5q273QP9hK+Wu+L1xYK5siad1gm2AAfXW+OsNH7rR0VCMCSb6t+h
bN9hvf0iNo/MtTH3PPbOK8kL48PSjARXAJp8MTcJLGAT5BozsvKkpCoT1C/7/uBv
wPeTaAVMe69gNeK6TCkbnIL8C5p9errBsRRQ6YW7u4M1Z1DFFj5YdSmB+RSvKEr6
otvY68BPzZSZxzGXo1sFV+LLjZPUV6RvpOUY2d/aTTTyK8HHaHHLXIV1KyP+c9he
HS+gxDciQe795wOQd5aRqEjGZbdh0aq6OjckAc36YeQwGnk0xXYG8irCPpTB58+q
X7rme9U1zm3WUwbbA5ndrOjGvk6Jz6cjsAWWIX5l7i1EtcB8qzo/+/1KaWdfL5Bw
2MAH0djeFAJIh7Yq9R+JMrF0POUpdCp6c+xAyyTj8/1JFkm84XU=
=g/12
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
- quieten the spectre-bhb prints
- mark flattened device tree sections as shareable
- remove some obsolete CPU domain code and help text
- fix thumb unaligned access abort emulation
- fix amba_device_add() refcount underflow
- fix literal placement
* tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 9208/1: entry: add .ltorg directive to keep literals in range
ARM: 9207/1: amba: fix refcount underflow if amba_device_add() fails
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
ARM: 9213/1: Print message about disabled Spectre workarounds only once
ARM: 9212/1: domain: Modify Kconfig help text
ARM: 9211/1: domain: drop modify_domain()
ARM: 9210/1: Mark the FDT_FIXED sections as shareable
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
The UML function names to_virt() and to_phys() are exposed by UML
headers, and are very generic and may be defined by drivers. As it
turns out, commit 9409c9b6709e ("pmem: refactor pmem_clear_poison()")
did exactly that.
This results in build errors such as the following when trying to build
um:allmodconfig:
drivers/nvdimm/pmem.c: In function ‘pmem_dax_zero_page_range’:
./arch/um/include/asm/page.h:105:20: error: too few arguments to function ‘to_phys’
105 | #define __pa(virt) to_phys((void *) (unsigned long) (virt))
| ^~~~~~~
Use less generic function names for the um specific to_phys() and
to_virt() functions to fix the problem and to avoid similar problems in
the future.
Fixes: 9409c9b6709e ("pmem: refactor pmem_clear_poison()")
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
'vector' and 'trig_mode' fields of 'struct kvm_lapic_irq' are left
uninitialized in kvm_pv_kick_cpu_op(). While these fields are normally
not needed for APIC_DM_REMRD, they're still referenced by
__apic_accept_irq() for trace_kvm_apic_accept_irq(). Fully initialize
the structure to avoid consuming random stack memory.
Fixes: a183b638b61c ("KVM: x86: make apic_accept_irq tracepoint more generic")
Reported-by: syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220708125147.593975-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
LKP reports a build issue on Clang, related to a literal load of
__current issued through the ldr_va macro. This turns out to be due to
the fact that group relocations are disabled when CONFIG_COMPILE_TEST=y,
which means that the ldr_va macro resolves to a pair of LDR
instructions, the first one being a literal load issued too far from its
literal pool.
Due to the introduction of a couple of new uses of this macro in commit
508074607c7b95b2 ("ARM: 9195/1: entry: avoid explicit literal loads"),
the literal pools end up getting rearranged in a way that causes the
literal for __current to go out of range. Let's fix this up by putting a
.ltorg directive in a suitable place in the code.
Link: https://lore.kernel.org/all/202205290805.1vZLAr36-lkp@intel.com/
Fixes: 508074607c7b95b2 ("ARM: 9195/1: entry: avoid explicit literal loads")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Some of the statistics values exported by KVM are always only 0 or 1.
It can be useful to export this fact to userspace so that it can track
them specially (for example by polling the value every now and then to
compute a % of time spent in a specific state).
Therefore, add "boolean value" as a new "unit". While it is not exactly
a unit, it walks and quacks like one. In particular, using the type
would be wrong because boolean values could be instantaneous or peak
values (e.g. "is the rmap allocated?") or even two-bucket histograms
(e.g. "number of posted vs. non-posted interrupt injections").
Suggested-by: Amneesh Singh <natto@weirdnatto.in>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Windows 10/11 guests with Hyper-V role (WSL2) enabled are observed to
hang upon boot or shortly after when a non-default TSC frequency was
set for L1. The issue is observed on a host where TSC scaling is
supported. The problem appears to be that Windows doesn't use TSC
frequency for its guests even when the feature is advertised and KVM
filters SECONDARY_EXEC_TSC_SCALING out when creating L2 controls from
L1's. This leads to L2 running with the default frequency (matching
host's) while L1 is running with an altered one.
Keep SECONDARY_EXEC_TSC_SCALING in secondary exec controls for L2 when
it was set for L1. TSC_MULTIPLIER is already correctly computed and
written by prepare_vmcs02().
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20220712135009.952805-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Implement apply_returns() stub for UM, just like all the other patching
routines.
Fixes: 15e67227c49a ("x86: Undo return-thunk damage")
Reported-by: Randy Dunlap <rdunlap@infradead.org)
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/Ys%2Ft45l%2FgarIrD0u@worktop.programming.kicks-ass.net
UNTRAIN_RET is not needed in native_irq_return_ldt because RET
untraining has already been done at this point.
In addition, when the RETBleed mitigation is IBPB, UNTRAIN_RET clobbers
several registers (AX, CX, DX) so here it trashes user values which are
in these registers.
Signed-off-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/35b0d50f-12d1-10c3-f5e8-d6c140486d4a@oracle.com
When commit 72f2ecb7ece7 ("ACPI: bus: Set CPPC _OSC bits for all
and when CPPC_LIB is supported") was introduced, we found collateral
damage that a number of AMD systems that supported CPPC but
didn't advertise support in _OSC stopped having a functional
amd-pstate driver. The _OSC was only enforced on Intel systems at that
time.
This was fixed for the MSR based designs by commit 8b356e536e69f
("ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported")
but some shared memory based designs also support CPPC but haven't
advertised support in the _OSC. Add support for those designs as well by
hardcoding the list of systems.
Fixes: 72f2ecb7ece7 ("ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is supported")
Fixes: 8b356e536e69f ("ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported")
Link: https://lore.kernel.org/all/3559249.JlDtxWtqDm@natalenko.name/
Cc: 5.18+ <stable@vger.kernel.org> # 5.18+
Reported-and-tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
A single fix for mpfs.dtsi:
- The l2 cache controller was never hooked up in the dt, so userspace
is presented with the wrong topology information, so it has been
hooked up.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCYshz9AAKCRB4tDGHoIJi
0v1VAQDT+6S7lwdKr05bg/m/l6d+RqQdIngh9vFr4lHf8rMqiQD/WTIIOXpyTGPt
DRUhMqmu//pQVTBTKYe6oqF/zDtTTgs=
=mGP9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAmLPBIETHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQUeuD/0cu2DmFFc7OUhICuyKRqKKVPEFFHGC
P3vnZrwOmznFAt+zDZ/y3Fb6ergxA8MN+OP5cTBN+zvJo3Zi3wrCLpGGy/50fnJl
p+BlLsrqLUTrtMPK3PKDJxMI0v/kWMq3eowPNiVxuNFaCZOp93YDzcN6ky8M6isL
kE25i9DN0ERZoo/QHD3xXpPWjEFAoGU0dXatyQMH7mWImeOjwXPXtTgEP9Cp5fYc
0b2lWMt5VlBdFuV04hegfpIhLZp0wPZ56B3khVO0Pd36oMsNr0/ott3Gp4c3Pcmt
ncrmH//KfDnA73MIb9VRe7/x/n7JzwoE220mtbw77etePhm0D3urJ5lR0k44NfCf
Nj96mLmhtI4nWKqmQguHRjGju+bQo8aKVplLB+VlnKRb7lMcwxDkLPDWmXk1ebjP
eKwU9kkqS8BgnDaPLCJPp3f92lVGdOv3IZncK+5yuiKUXSNK3lxBj2a+bCbmzTn2
jFllO67Btwg/SZAD0DzmsBtOtGkcuFGuIx0rSXFM0+aDiKJQXDW87yPa57Gp0RHC
utP3NOZPql8zNXZKcuD92ja2WP3K8+YbVQbqVS/SxRUYnBtHZl+dQgOG7TyusKCi
104Oy1u5gjqbDqGf1w+jkXb/bEinBkB/+QnB7SQeEI/HEFy5opHO3LJxA46DRCmO
AeyRedlgovOpxA==
=ZF4z
-----END PGP SIGNATURE-----
Merge tag 'dt-fixes-for-palmer-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/conor/linux.git into fixes
Microchip RISC-V devicetree fixes for 5.19-rc6
A single fix for mpfs.dtsi:
- The l2 cache controller was never hooked up in the dt, so userspace
is presented with the wrong topology information, so it has been
hooked up.
* tag 'dt-fixes-for-palmer-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/conor/linux.git:
riscv: dts: microchip: hook up the mpfs' l2cache
Commit 4efd417f298b ("s390: raise minimum supported machine generation
to z10") removed the usage of alternatives and lowcore in expolines
macros. Remove unneeded header includes as well.
With that, expoline.S doesn't require asm-offsets.h and
expoline_prepare target dependency could be removed.
Tested-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://lore.kernel.org/r/patch-2.thread-d13b6c.git-d13b6c96fb5f.your-ad-here.call-01656331067-ext-4899@work.hours
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
When CONFIG_EXPOLINE_EXTERN is used expoline thunks are generated
from arch/s390/lib/expoline.S and postlinked into every module.
This is also true for external modules. Add expoline.o build to
the modules_prepare target.
Fixes: 1d2ad084800e ("s390/nospec: add an option to use thunk-extern")
Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Tested-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
Acked-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
Tested-by: C. Erastus Toe <ctoe@redhat.com>
Tested-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://lore.kernel.org/r/patch-1.thread-d13b6c.git-a2387a74dc49.your-ad-here.call-01656331067-ext-4899@work.hours
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
x86_has_pat_wp() is using a wrong test, as it relies on the normal
PAT configuration used by the kernel. In case the PAT MSR has been
setup by another entity (e.g. Xen hypervisor) it might return false
even if the PAT configuration is allowing WP mappings. This due to the
fact that when running as Xen PV guest the PAT MSR is setup by the
hypervisor and cannot be changed by the guest. This results in the WP
related entry to be at a different position when running as Xen PV
guest compared to the bare metal or fully virtualized case.
The correct way to test for WP support is:
1. Get the PTE protection bits needed to select WP mode by reading
__cachemode2pte_tbl[_PAGE_CACHE_MODE_WP] (depending on the PAT MSR
setting this might return protection bits for a stronger mode, e.g.
UC-)
2. Translate those bits back into the real cache mode selected by those
PTE bits by reading __pte2cachemode_tbl[__pte2cm_idx(prot)]
3. Test for the cache mode to be _PAGE_CACHE_MODE_WP
Fixes: f88a68facd9a ("x86/mm: Extend early_memremap() support with additional attrs")
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org> # 4.14
Link: https://lore.kernel.org/r/20220503132207.17234-1-jgross@suse.com
The build on x86_32 currently fails after commit
9bb2ec608a20 (objtool: Update Retpoline validation)
with:
arch/x86/kernel/../../x86/xen/xen-head.S:35: Error: no such instruction: `annotate_unret_safe'
ANNOTATE_UNRET_SAFE is defined in nospec-branch.h. And head_32.S is
missing this include. Fix this.
Fixes: 9bb2ec608a20 ("objtool: Update Retpoline validation")
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/63e23f80-033f-f64e-7522-2816debbc367@kernel.org
The pinctrl state was lost in the recent refactoring of the MSM8974
Devicetree, this contains a fix for this.
-----BEGIN PGP SIGNATURE-----
iQJPBAABCAA5FiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAmLONnUbHGJqb3JuLmFu
ZGVyc3NvbkBsaW5hcm8ub3JnAAoJEAsfOT8Nma3Fdp4P/RFShMtWotQDcfUDgoeJ
BpePe0NpR+Bp++amN5k+UHKfx48EwztLvY4xD/a5neekAKMdu65CO5WN1MIoX0Iz
jR0G61zCf0Cem0lru+kO++eVR1ELc/n5lSI2VxgY0hgQvkXr2BRbOBP6W96fTTlx
kH+IGZAoOiDElHX15oMt4obEcbyJLREPWGF2RZcEE37p1Hqd2Io5okclqCkhNe7e
/Mf1SI359pMsQIzdtE3gny13Q62VVlpB5jak3tg++iekjOHzuldhGxJeVFbEGK6y
Z5Y+H5zUM4/YC+iDZDpPWnV0ju+P+TcrxxdBofoo4ZdwC5B6oQAJv6A/QBUhF/VU
FNyFib5ISTvtTZ0v4EifWm3gy4AP0+K0VuC2MVi+06K4RZslLI1ne4gkfr0c3xTu
eG0jc6Ff6lWQ7KK7uxWzXVTOLk0b4FOJoQNFbNqTAoLYdcwU2rn6IwjOE11BAjbm
VThW5Ouf7N5fMa3Z/gh/5yTMrHc8HFWBRw8n4HdDiZJc2SV+7RL16/3DFfnfBJXz
aWJezOGsOSTRpbfnwt27Tn+fWvd/ipomBumd1sayoIhU6TrzfBRpqg7GTYaZ16Dt
J9w75MEoZzoi9GqHt0q+F0bwIFaCFuNkqNweXqmg3XTdgCA86X1oLcHmkZsUBRtB
8gAmazFdd/KZdaxBcBPAciks
=APeV
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmLOdjAACgkQmmx57+YA
GNnimQ//aKumUxDxkfgAvKhm1caZuLoFmonFPKPD0Zj4OIHGeyWtiHVQLFt+hnaO
cOvp3MUpiwkyKoezTKw9/m9gd2vuPtU4tPjoomFt63JnVZ94La1u3suPEnE8OsEN
Fk079hmJO9fnQo0FHjeWzpJ4RQNVhHzaeU25FF9Gus+CY4ZpiEONZtx56a/fb5us
0XfP+B3iNm/XZa+UxBqi4EpwkEteud/gp4eOz8eFGyJl6b36H7rdhEjKfZmQavYc
jGH6CVUWfthZsAfAcyQ7ihjzlbUPT7r72b1E/GV0Q5JDFnXtXVRp2fEgwsiQgU5s
/TUdjfDGpXERyDChMuxQhk4GqP8Vyp4cXK7je9gr1L3g1qkcbSfjWeKGL0VOg0YY
QglPp2efogv0YjTalZrWRVN7eDD6/msUqnrPFfjb4xtHF0CiKqX6Wzk4EhVFFgR5
BgSIsi1lZKkEgqg0e8E7iuNQgvMbEFU6ExwtH42bBg2N9cESNlj6gAveclijAhVj
DPFwWuXxQyrM+jGRBRJXIAVEBNfNCRVXcQ/9APLxyX6gJskv0wHFqb1G5HtRU+y+
P7I7dFPWfQEwimdYk9WK3vQrdyAj6Pc59nozRuBSOjLnjTwOPIGdrym5KjYNI+Ta
JMzf4wANaYxN5zclIG9JYeETFJkLGV0PPxA8uwFJ4ckPXhxh370=
=GNqz
-----END PGP SIGNATURE-----
Merge tag 'qcom-dts-fixes-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/fixes
Qualcomm DTS fixe for 5.19
The pinctrl state was lost in the recent refactoring of the MSM8974
Devicetree, this contains a fix for this.
* tag 'qcom-dts-fixes-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux:
ARM: dts: qcom: msm8974: re-add missing pinctrl
Link: https://lore.kernel.org/r/20220713030627.1371156-1-bjorn.andersson@linaro.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
for 5.19, please pull the following:
- William corrects the BCM4906 DTS to have an armv8-timer Device Tree,
necessary for booting, and fixes the BCM4908 DTS to have a proper
'enable-method' and 'cpu-release-addr' properties for the kernel to boot
when using u-boot
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEm+Rq3+YGJdiR9yuFh9CWnEQHBwQFAmLImAoACgkQh9CWnEQH
BwTPPw/7BJju72g3IHXsaX1oHmjudLWbLpL2anJD0M/CVBClxkO7pj8o2yOKUNMv
61zNzVkR8teNNJFNQiY3GF5uzEvxt+SaYV0hCexQVHTXOrkRXQtfhBze0NBgNjnN
YptyW8NUkczhUkkzcdCOVBUDPd2FFG6iZu3tF0s1yz8IOAh7Hkyww12MfVLEska1
Ct1VIn2aRWgmEeT6NTs6Gbz4GQYcaG2Z0A1bLjOj/szhd37E5clB9QtMG9oRgER9
DMk9Ar6v0lupfQDhPMwDbF9/TfbRNimV2449zpENWea+m4bl1Q9vjZBNMYJ/LPD/
MGzduIWpdUBvJnyKlmGyV3cgNPFS4fXhv8G57S7Zp/ypv1eBd/TGoz5P4AiJzNRj
T8y2+Q9QMejC3IyX/jJCzeIKS8S6qcM5Ll8YNX33g6KswBaNdWUcWyDfFxOPf2Tl
NVYyBAX5ui5aILHReoBpnbg1OGqrpoMN7wvv2oxgkMUzanrYiz8TYCGqRXs6UNEj
qhmrMfXTgQYTA0TIdbrAC+3r9YiyMItyUwKhWqkQgfLs0sJtnl6QMAIPflyYo74o
yYwYIFKJ7/in2yQsdIC9NpWdEJwnz0LueSfUX2M31U3Hb2BvM1c8fVRx/04WZ82L
APJchkkDk09N2qapoyF1ZjYf/x5oQZ9rKJgvUwE0t17i+aiQFkA=
=iorV
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmLOddwACgkQmmx57+YA
GNlJDQ/9HWy5Xx87PSFBUuWGwe+xrexArsfZ1TBDbCOBNAvAmeIGUu7XOqkO1uSg
+pBBJUMGqKrRadPv5qVqo44DcgVIySyxbWxxblNKtkU73PcxlfJCQsgzQi8I3G8O
wJ2BnMRvPDO5hqisHciLVG2THGUtaVh4sm9bnXexs/p5Zdg379EBK5yYontMd6A9
LQk1VzerfpxRDbfwEiP1biIeGCx5q5JojvVeP1Ih4tWBLjeHaLN9ccQAdn7UxglS
ftm7awRkoXKoEUmsdoa92nOnFPTV2XTpw7nFzqdO0w49Ns8p+3f6lgmPmY0nVM/o
4FRwtLNZmDoWo0d20N+d49C6aEBuPo37IQlpA8KWOn5s1VcuwY/1I0Na/kE6Jo39
Rbei+lEkfVKsItCQxi8FsQ6+i1TKJlpLNsEoD4sEH9E+VIdDkNz21jYJj/x6Styo
WCLWRlT7TYa+GfN2nrJSQ8ecov+D8tGyAAP305x/x9exc5CM4Xunaw4vdFGxEVtO
yGIYuih4hsXNWQY31OcYC1mtKzo8sdwZCOG2jtzXi2FoZt2bgmX7CzAziXk1rpMw
I82EWkmx4sI0OJ3vAwsAKaYuPe4wJf7RM+dN1N5CN6hbBzdVRTWrHguCLpOaNrk4
0EBdpUEzmGkyZf5MGXE4oqt2vdCpMmkZuf6W0/MxyLTdpBicx3o=
=SOlL
-----END PGP SIGNATURE-----
Merge tag 'arm-soc/for-5.19/devicetree-arm64-fixes' of https://github.com/Broadcom/stblinux into arm/fixes
This pull request contains Broadcom ARM64-based SoCs Device Tree fixes
for 5.19, please pull the following:
- William corrects the BCM4906 DTS to have an armv8-timer Device Tree,
necessary for booting, and fixes the BCM4908 DTS to have a proper
'enable-method' and 'cpu-release-addr' properties for the kernel to boot
when using u-boot
* tag 'arm-soc/for-5.19/devicetree-arm64-fixes' of https://github.com/Broadcom/stblinux:
arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
Link: https://lore.kernel.org/r/20220712231222.97850-1-f.fainelli@gmail.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
solved and the nightmare is complete, here's the next one: speculating
after RET instructions and leaking privileged information using the now
pretty much classical covert channels.
It is called RETBleed and the mitigation effort and controlling
functionality has been modelled similar to what already existing
mitigations provide.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLNdDYACgkQEsHwGGHe
VUrNAw/+OTFF7md0+17Ju6vvagc/nXfUxk/r0lWU9/KzbRXvPTZdPKTW4NN5c0IS
VnogyUGFFpzU3dKU2os9ejTD4kHNx0oLuBfQt4w7t4qR+g3+nAH0ywNjH/N1VTJt
iDpww7CxqloV+i9RCsWV+zQPMPfc2VMUhe6xqNB2CgEDrruzFrDASZR6zzarsKxY
x4rwHn0ZkV7zNJfcNpV2323qktqHgBtAFf7GlZK8hBsgsiSk+xDk9CODkfxfWIV7
o4BNvNmaUKDJL51hpuzvIzYwDSiRO5AXdjxHG/0CHc3r3dtA6Xt1elHbERAyUMuM
P+6XievP5ZV/xXXjoZ5Vla67o3bbGKmTo2WluvVGeg8ahzQEwyPGqeXn77hk+of+
BtasZyLgfdwSeWExxp0n5Nhh972TMpy5K4gqOFXcxvPSuTl6tTw77F1u0UQLaVVH
QzHNu+RO/2iQ/P30cOM11IbZ9sfcBOj+5mjfoDoR4qCtoCQfyfHK+HlwXjZ+uk98
xU/FnQbOKPRVxiyCVhrbKFxjW7iL7AIb0nRgxHzGGoIJ6A71Tbwa/5gGakE7WEBz
e7ce8NW2JFucGBFYyiBab6I6fB7lbvmqbNPerYEVoU5YxZkMu+xxyToqBnsyPfHZ
lxgEGREUaY8aZmGDfrD9EYyhhtQU/MwdpN+FY3xXQdUJkvkNaLg=
=0Ca0
-----END PGP SIGNATURE-----
Merge tag 'x86_bugs_retbleed' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull lockdep fix for x86 retbleed from Borislav Petkov:
- Fix lockdep complaint for __static_call_fixup()
* tag 'x86_bugs_retbleed' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/static_call: Serialize __static_call_fixup() properly
__static_call_fixup() invokes __static_call_transform() without holding
text_mutex, which causes lockdep to complain in text_poke_bp().
Adding the proper locking cures that, but as this is either used during
early boot or during module finalizing, it's not required to use
text_poke_bp(). Add an argument to __static_call_transform() which tells
it to use text_poke_early() for it.
Fixes: ee88d363d156 ("x86,static_call: Use alternative RET encoding")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
solved and the nightmare is complete, here's the next one: speculating
after RET instructions and leaking privileged information using the now
pretty much classical covert channels.
It is called RETBleed and the mitigation effort and controlling
functionality has been modelled similar to what already existing
mitigations provide.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLKqAgACgkQEsHwGGHe
VUoM5w/8CSvwPZ3otkhmu8MrJPtWc7eLDPjYN4qQP+19e+bt094MoozxeeWG2wmp
hkDJAYHT2Oik/qDuEdhFgNYwS7XGgbV3Py3B8syO4//5SD5dkOSG+QqFXvXMdFri
YsVqqNkjJOWk/YL9Ql5RS/xQewsrr0OqEyWWocuI6XAvfWV4kKvlRSd+6oPqtZEO
qYlAHTXElyIrA/gjmxChk1HTt5HZtK3uJLf4twNlUfzw7LYFf3+sw3bdNuiXlyMr
WcLXMwGpS0idURwP3mJa7JRuiVBzb4+kt8mWwWqA02FkKV45FRRRFhFUsy667r00
cdZBaWdy+b7dvXeliO3FN/x1bZwIEUxmaNy1iAClph4Ifh0ySPUkxAr8EIER7YBy
bstDJEaIqgYg8NIaD4oF1UrG0ZbL0ImuxVaFdhG1hopQsh4IwLSTLgmZYDhfn/0i
oSqU0Le+A7QW9s2A2j6qi7BoAbRW+gmBuCgg8f8ECYRkFX1ZF6mkUtnQxYrU7RTq
rJWGW9nhwM9nRxwgntZiTjUUJ2HtyXEgYyCNjLFCbEBfeG5QTg7XSGFhqDbgoymH
85vsmSXYxgTgQ/kTW7Fs26tOqnP2h1OtLJZDL8rg49KijLAnISClEgohYW01CWQf
ZKMHtz3DM0WBiLvSAmfGifScgSrLB5AjtvFHT0hF+5/okEkinVk=
=09fW
-----END PGP SIGNATURE-----
Merge tag 'x86_bugs_retbleed' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 retbleed fixes from Borislav Petkov:
"Just when you thought that all the speculation bugs were addressed and
solved and the nightmare is complete, here's the next one: speculating
after RET instructions and leaking privileged information using the
now pretty much classical covert channels.
It is called RETBleed and the mitigation effort and controlling
functionality has been modelled similar to what already existing
mitigations provide"
* tag 'x86_bugs_retbleed' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (54 commits)
x86/speculation: Disable RRSBA behavior
x86/kexec: Disable RET on kexec
x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/retbleed: Add fine grained Kconfig knobs
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
KVM: VMX: Prevent RSB underflow before vmenter
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
KVM: VMX: Convert launched argument to flags
KVM: VMX: Flatten __vmx_vcpu_run()
objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
...
