From a8d3270837f54821b82d186d96587b7f2e207c95 Mon Sep 17 00:00:00 2001 From: Jan200101 Date: Thu, 15 Oct 2020 21:28:52 +0200 Subject: kernel 5.8.14 --- ...f-xgene_pmu-Fix-uninitialized-resource-st.patch | 128 ++++++++++-------- ...m64-Use-x16-with-indirect-branch-to-bti_c.patch | 149 +++++++++++++++++++++ SPECS/kernel.spec | 19 ++- 3 files changed, 232 insertions(+), 64 deletions(-) create mode 100644 SOURCES/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch diff --git a/SOURCES/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch b/SOURCES/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch index ddd1bb2..00975ae 100644 --- a/SOURCES/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch +++ b/SOURCES/0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch @@ -1,45 +1,15 @@ -From 68912566d659046b12b02e5a316af3760e08eab8 Mon Sep 17 00:00:00 2001 -From: Fedora Kernel Team -Date: Tue, 1 Sep 2020 18:44:00 -0400 +From b0697932d03bd78bd4db6466939680c0fbdd8589 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Tue, 15 Sep 2020 16:41:09 -0400 Subject: [PATCH] drivers/perf: xgene_pmu: Fix uninitialized resource struct This splat was reported on newer Fedora kernels booting on certain -Ampere machines: +X-gene based machines: xgene-pmu APMC0D83:00: X-Gene PMU version 3 - Unable to handle kernel read from unreadable memory at virtual address 0000000000004006 - Mem abort info: - ESR = 0x96000004 - EC = 0x25: DABT (current EL), IL = 32 bits - SET = 0, FnV = 0 - EA = 0, S1PTW = 0 - Data abort info: - ISV = 0, ISS = 0x00000004 - CM = 0, WnR = 0 - [0000000000004006] user address but active_mm is swapper - Internal error: Oops: 96000004 [#1] SMP - Modules linked in: - CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.3-300.fc33.aarch64 #1 - Hardware name: Lenovo HR350A 7X35CTO1WW /HR350A , BIOS HVE104N-1.12 11/29/2019 - pstate: 00400005 (nzcv daif +PAN -UAO BTYPE=--) - pc : string+0x50/0x100 - lr : vsnprintf+0x160/0x750 - sp : ffff800012b4b760 - x29: ffff800012b4b760 x28: 000000000000000c - x27: ffff8000113610d5 x26: ffff8000113610d5 - x25: 0000000000000020 x24: 0000000000000000 - x23: 00000000ffffffe8 x22: ffff800010f8e628 - x21: ffff800012b4b8f0 x20: 0000000000000000 - x19: 0000000000000000 x18: 00000000fffffffc - x17: 000000000000002d x16: 0000000000000001 - x15: 0000000000000020 x14: 0000000000000000 - x13: 0000000000000000 x12: 071c71c71c71c71c - x11: 00000000ffffff76 x10: ffff800012b4b8f0 - x9 : ffff8000109e97d8 x8 : 00000000ffffffff - x7 : 000000000000000b x6 : 0000000000000000 - x5 : 0000000000000000 x4 : 0000000000000000 - x3 : ffff0a00ffffff04 x2 : 0000000000004006 - x1 : ffffffffffffffff x0 : 000000000000000c + Unable to handle kernel read from unreadable memory at virtual \ + address 0000000000004006 + ... Call trace: string+0x50/0x100 vsnprintf+0x160/0x750 @@ -72,38 +42,80 @@ Ampere machines: ret_from_fork+0x10/0x18 Code: 91000400 110004e1 eb08009f 540000c0 (38646846) ---[ end trace f08c10566496a703 ]--- - Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b - SMP: stopping secondary CPUs - Kernel Offset: 0x40000 from 0xffff800010000000 - PHYS_OFFSET: 0x80000000 - CPU features: 0x240002,20802008 - Memory Limit: none -This was due to a local struct resource variable in acpi_get_pmu_hw_inf(). -A pointer to that struct makes it's way to __devm_ioremap_resource() -where the name field is passed to devm_kasprintf() and dereferenced. -The struct was never initialized, so the name pointer is whatever -happened to be on the stack. This has been the case since the original -checkin of xgene_pmu.c, but it was a recent change to which added the -use of the name field. +This is due to use of an uninitialized local resource struct in the xgene +pmu driver. The thunderx2_pmu driver avoids this by using the resource list +constructed by acpi_dev_get_resources() rather than using a callback from +that function. The callback in the xgene driver didn't fully initialize +the resource. So get rid of the callback and search the resource list as +done by thunderx2. +Fixes: 832c927d119b ("perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver") Signed-off-by: Mark Salter +Link: https://lore.kernel.org/r/20200915204110.326138-1-msalter@redhat.com +Signed-off-by: Will Deacon --- - drivers/perf/xgene_pmu.c | 1 + - 1 file changed, 1 insertion(+) + drivers/perf/xgene_pmu.c | 32 +++++++++++++++++--------------- + 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/drivers/perf/xgene_pmu.c b/drivers/perf/xgene_pmu.c -index edac28c..fdbbd08 100644 +index edac28cd25dd..633cf07ba672 100644 --- a/drivers/perf/xgene_pmu.c +++ b/drivers/perf/xgene_pmu.c -@@ -1483,6 +1483,7 @@ xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, +@@ -1453,17 +1453,6 @@ static char *xgene_pmu_dev_name(struct device *dev, u32 type, int id) + } + + #if defined(CONFIG_ACPI) +-static int acpi_pmu_dev_add_resource(struct acpi_resource *ares, void *data) +-{ +- struct resource *res = data; +- +- if (ares->type == ACPI_RESOURCE_TYPE_FIXED_MEMORY32) +- acpi_dev_resource_memory(ares, res); +- +- /* Always tell the ACPI core to skip this resource */ +- return 1; +-} +- + static struct + xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, + struct acpi_device *adev, u32 type) +@@ -1475,6 +1464,7 @@ xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, + struct hw_pmu_info *inf; + void __iomem *dev_csr; + struct resource res; ++ struct resource_entry *rentry; + int enable_bit; + int rc; + +@@ -1483,11 +1473,23 @@ xgene_pmu_dev_ctx *acpi_get_pmu_hw_inf(struct xgene_pmu *xgene_pmu, return NULL; INIT_LIST_HEAD(&resource_list); -+ memset(&res, 0, sizeof(res)); - rc = acpi_dev_get_resources(adev, &resource_list, - acpi_pmu_dev_add_resource, &res); +- rc = acpi_dev_get_resources(adev, &resource_list, +- acpi_pmu_dev_add_resource, &res); ++ rc = acpi_dev_get_resources(adev, &resource_list, NULL, NULL); ++ if (rc <= 0) { ++ dev_err(dev, "PMU type %d: No resources found\n", type); ++ return NULL; ++ } ++ ++ list_for_each_entry(rentry, &resource_list, node) { ++ if (resource_type(rentry->res) == IORESOURCE_MEM) { ++ res = *rentry->res; ++ rentry = NULL; ++ break; ++ } ++ } acpi_dev_free_resource_list(&resource_list); +- if (rc < 0) { +- dev_err(dev, "PMU type %d: No resource address found\n", type); ++ ++ if (rentry) { ++ dev_err(dev, "PMU type %d: No memory resource found\n", type); + return NULL; + } + -- -2.26.0 +2.26.2 diff --git a/SOURCES/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch b/SOURCES/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch new file mode 100644 index 0000000..4cc11ce --- /dev/null +++ b/SOURCES/arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch @@ -0,0 +1,149 @@ +From patchwork Tue Oct 6 16:33:26 2020 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Jeremy Linton +X-Patchwork-Id: 11818995 +Return-Path: + +Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org + [172.30.200.123]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 90CE859D + for ; + Tue, 6 Oct 2020 16:35:07 +0000 (UTC) +Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by mail.kernel.org (Postfix) with ESMTPS id 5D82E206D4 + for ; + Tue, 6 Oct 2020 16:35:07 +0000 (UTC) +Authentication-Results: mail.kernel.org; + dkim=pass (2048-bit key) header.d=lists.infradead.org + header.i=@lists.infradead.org header.b="f/oUq3JQ" +DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5D82E206D4 +Authentication-Results: mail.kernel.org; + dmarc=fail (p=none dis=none) header.from=arm.com +Authentication-Results: mail.kernel.org; + spf=none + smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; + d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: + Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: + List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: + Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender + :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; + bh=zNs0I+g5JjqBvhvT5+mF98XNJ/hK7N5NCEi/ndGYagE=; b=f/oUq3JQxCkOkX7IQrzLh7mHuM + vBXmyTI3BhMnGo6oaWvcF/dYeUpO4wAmEHlqyFf6zHzUv8Gwtm5IDH4l0csTqkTEYUdkwD6A9MGX2 + RHpylWVrErZCvcV4kRqENP+0w7j8Ry+ZE4+NZZFcUB/ecGYhJxD3/4Gc5ycmENUkRIAsJrQOPWW+b + SIKpmegcjtJ1AIv7+Y+7II37IhmF579qQoghCSgFaGp6WAEIv80wcrswEnEDc9nsbBMIC1XjlN6g3 + 8PclJ+oXlsNPMLkhu1gJclvRBWzN3OjXVvwAvQuLBW2CqpdTxvYIE6g26kpEbUdGOVaGlieYcN0pd + RrspfWkQ==; +Received: from localhost ([::1] helo=merlin.infradead.org) + by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) + id 1kPpu9-0007rB-Rx; Tue, 06 Oct 2020 16:33:33 +0000 +Received: from foss.arm.com ([217.140.110.172]) + by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) + id 1kPpu6-0007qe-MX + for linux-arm-kernel@lists.infradead.org; Tue, 06 Oct 2020 16:33:31 +0000 +Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) + by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 69DBBD6E; + Tue, 6 Oct 2020 09:33:27 -0700 (PDT) +Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com + [10.118.28.62]) + by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 608393F66B; + Tue, 6 Oct 2020 09:33:27 -0700 (PDT) +From: Jeremy Linton +To: linux-arm-kernel@lists.infradead.org +Subject: [BUG][PATCH v3] crypto: arm64: Use x16 with indirect branch to bti_c +Date: Tue, 6 Oct 2020 11:33:26 -0500 +Message-Id: <20201006163326.2780619-1-jeremy.linton@arm.com> +X-Mailer: git-send-email 2.25.4 +MIME-Version: 1.0 +X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 +X-CRM114-CacheID: sfid-20201006_123330_788327_AA367CD9 +X-CRM114-Status: GOOD ( 11.54 ) +X-Spam-Score: -2.3 (--) +X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: + Content analysis details: (-2.3 points) + pts rule name description + ---- ---------------------- + -------------------------------------------------- + -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, + medium trust [217.140.110.172 listed in list.dnswl.org] + -0.0 SPF_PASS SPF: sender matches SPF record + 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record +X-BeenThere: linux-arm-kernel@lists.infradead.org +X-Mailman-Version: 2.1.29 +Precedence: list +List-Id: +List-Unsubscribe: + , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: + , + +Cc: herbert@gondor.apana.org.au, catalin.marinas@arm.com, + linux-kernel@vger.kernel.org, Jeremy Linton , + ardb@kernel.org, broonie@kernel.org, linux-crypto@vger.kernel.org, + will@kernel.org, davem@davemloft.net, dave.martin@arm.com +Sender: "linux-arm-kernel" +Errors-To: + linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org + +The AES code uses a 'br x7' as part of a function called by +a macro. That branch needs a bti_j as a target. This results +in a panic as seen below. Using x16 (or x17) with an indirect +branch keeps the target bti_c. + + Bad mode in Synchronous Abort handler detected on CPU1, code 0x34000003 -- BTI + CPU: 1 PID: 265 Comm: cryptomgr_test Not tainted 5.8.11-300.fc33.aarch64 #1 + pstate: 20400c05 (nzCv daif +PAN -UAO BTYPE=j-) + pc : aesbs_encrypt8+0x0/0x5f0 [aes_neon_bs] + lr : aesbs_xts_encrypt+0x48/0xe0 [aes_neon_bs] + sp : ffff80001052b730 + + aesbs_encrypt8+0x0/0x5f0 [aes_neon_bs] + __xts_crypt+0xb0/0x2dc [aes_neon_bs] + xts_encrypt+0x28/0x3c [aes_neon_bs] + crypto_skcipher_encrypt+0x50/0x84 + simd_skcipher_encrypt+0xc8/0xe0 + crypto_skcipher_encrypt+0x50/0x84 + test_skcipher_vec_cfg+0x224/0x5f0 + test_skcipher+0xbc/0x120 + alg_test_skcipher+0xa0/0x1b0 + alg_test+0x3dc/0x47c + cryptomgr_test+0x38/0x60 + +Fixes: 0e89640b640d ("crypto: arm64 - Use modern annotations for assembly functions") +Signed-off-by: Jeremy Linton +Reviewed-by: Ard Biesheuvel +Reviewed-by: Mark Brown +--- + arch/arm64/crypto/aes-neonbs-core.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/crypto/aes-neonbs-core.S b/arch/arm64/crypto/aes-neonbs-core.S +index b357164379f6..63a52ad9a75c 100644 +--- a/arch/arm64/crypto/aes-neonbs-core.S ++++ b/arch/arm64/crypto/aes-neonbs-core.S +@@ -788,7 +788,7 @@ SYM_FUNC_START_LOCAL(__xts_crypt8) + + 0: mov bskey, x21 + mov rounds, x22 +- br x7 ++ br x16 + SYM_FUNC_END(__xts_crypt8) + + .macro __xts_crypt, do8, o0, o1, o2, o3, o4, o5, o6, o7 +@@ -806,7 +806,7 @@ SYM_FUNC_END(__xts_crypt8) + uzp1 v30.4s, v30.4s, v25.4s + ld1 {v25.16b}, [x24] + +-99: adr x7, \do8 ++99: adr x16, \do8 + bl __xts_crypt8 + + ldp q16, q17, [sp, #.Lframe_local_offset] diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index db25faf..7d8395f 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 13 +%define stable_update 14 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -869,9 +869,6 @@ Patch107: 0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch Patch110: memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch -# rhbz 1873720 -Patch112: v2-nfs-Fix-security-label-length-not-being-reset.patch - # rhbz 1875339 1875828 1876997 Patch113: pdx86-SW_TABLET_MODE-fixes.patch @@ -884,6 +881,9 @@ Patch117: arm64-pwm-rockchip-Keep-enabled-PWMs-running-while-probing.patch # Backport from 5.9 Patch118: arm64-rockchip-pinebookpro-add-fuel-gauge.patch +# https://patchwork.kernel.org/patch/11818995 +Patch121: arm64-BUG-crypto-arm64-Use-x16-with-indirect-branch-to-bti_c.patch + # Linux-tkg patches - https://github.com/Frogging-Family/linux-tkg/blob/master/linux57-tkg Patch200: 0007-v5.8-fsync.patch @@ -3000,8 +3000,15 @@ fi # # %changelog -* Wed Oct 07 2020 Jan Drögehoff - 5.8.13-201.fsync -- Linux v5.8.13 fsync +* Thu Oct 15 2020 Jan Drögehoff - 5.8.14-201.fsync +- Linux v5.8.14 fsync + +* Wed Oct 7 07:21:23 CDT 2020 Justin M. Forbes - 5.8.14-200 +- Linux v5.8.14 + +* Wed Oct 7 2020 Peter Robinson +- Fix aarch64 boot crash on BTI capable systems +- Fix boot crash on aarch64 Ampere eMAG systems (rhbz #1874117) * Thu Oct 1 12:09:13 CDT 2020 Justin M. Forbes - 5.8.13-200 - Linux v5.8.13 -- cgit v1.2.3