2 files changed, 111 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index c06b0d7abcbb..c0d8867359bc 100644
+index 2698999c2aed..5fef2f65f634 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4188,6 +4188,15 @@
+@@ -4209,6 +4209,15 @@
Also, it enforces the PCI Local Bus spec
rule that those bits should be 0 in system reset
events (useful for kexec/kdump cases).
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 07aae60288f9..949b7204cf52 100644
+index ba827a450103..dd2b2b0ce3a5 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
-index 404125e7a57a..365707a07058 100644
+index e1ea81afe37f..6ae53bede3b2 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -10258,7 +10258,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
+@@ -10260,7 +10260,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
if (time_after(jiffies, warning_time +
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
list_for_each_entry(dev, list, todo_list) {
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 327890b2e0c5..1c5775d51495 100644
+index ef53767fb7c8..7d8b14f8807e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -5330,6 +5330,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
+@@ -5335,6 +5335,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
return 0;
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
+Date: Mon, 24 Jul 2023 09:12:50 -0700
+Subject: [PATCH] igc: Fix Kernel Panic during ndo_tx_timeout callback
+
+The Xeon validation group has been carrying out some loaded tests
+with various HW configurations, and they have seen some transmit
+queue time out happening during the test. This will cause the
+reset adapter function to be called by igc_tx_timeout().
+Similar race conditions may arise when the interface is being brought
+down and up in igc_reinit_locked(), an interrupt being generated, and
+igc_clean_tx_irq() being called to complete the TX.
+
+When the igc_tx_timeout() function is invoked, this patch will turn
+off all TX ring HW queues during igc_down() process. TX ring HW queues
+will be activated again during the igc_configure_tx_ring() process
+when performing the igc_up() procedure later.
+
+This patch also moved existing igc_disable_tx_ring_hw() to avoid using
+forward declaration.
+
+Kernel trace:
+[ 7678.747813] ------------[ cut here ]------------
+[ 7678.757914] NETDEV WATCHDOG: enp1s0 (igc): transmit queue 2 timed out
+[ 7678.770117] WARNING: CPU: 0 PID: 13 at net/sched/sch_generic.c:525 dev_watchdog+0x1ae/0x1f0
+[ 7678.784459] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat
+nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO)
+cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) svfs_pci_hotplug(PO)
+vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) svheartbeat(PO) ioapic(PO)
+sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) smbus(PO) spiflash_cdf(PO) arden(PO)
+dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) pch(PO) sviotargets(PO) svbdf(PO) svmem(PO)
+svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO)
+fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO)
+regsupport(O) libnvdimm nls_cp437 snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel
+snd_intel_dspcfg snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci
+[ 7678.784496] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm fuse backlight
+configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic pegasus mmc_block usbhid
+mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa scsi_transport_sas e1000e e1000 e100 ax88179_178a
+usbnet xhci_pci sd_mod xhci_hcd t10_pi crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore
+crct10dif_generic ptp crct10dif_common usb_common pps_core
+[ 7679.200403] RIP: 0010:dev_watchdog+0x1ae/0x1f0
+[ 7679.210201] Code: 28 e9 53 ff ff ff 4c 89 e7 c6 05 06 42 b9 00 01 e8 17 d1 fb ff 44 89 e9 4c
+89 e6 48 c7 c7 40 ad fb 81 48 89 c2 e8 52 62 82 ff <0f> 0b e9 72 ff ff ff 65 8b 05 80 7d 7c 7e
+89 c0 48 0f a3 05 0a c1
+[ 7679.245438] RSP: 0018:ffa00000001f7d90 EFLAGS: 00010282
+[ 7679.256021] RAX: 0000000000000000 RBX: ff11000109938440 RCX: 0000000000000000
+[ 7679.268710] RDX: ff11000361e26cd8 RSI: ff11000361e1b880 RDI: ff11000361e1b880
+[ 7679.281314] RBP: ffa00000001f7da8 R08: ff1100035f8fffe8 R09: 0000000000027ffb
+[ 7679.293840] R10: 0000000000001f0a R11: ff1100035f840000 R12: ff11000109938000
+[ 7679.306276] R13: 0000000000000002 R14: dead000000000122 R15: ffa00000001f7e18
+[ 7679.318648] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
+[ 7679.332064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 7679.342757] CR2: 00007ffff7fca168 CR3: 000000013b08a006 CR4: 0000000000471ef8
+[ 7679.354984] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 7679.367207] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
+[ 7679.379370] PKRU: 55555554
+[ 7679.386446] Call Trace:
+[ 7679.393152] <TASK>
+[ 7679.399363] ? __pfx_dev_watchdog+0x10/0x10
+[ 7679.407870] call_timer_fn+0x31/0x110
+[ 7679.415698] expire_timers+0xb2/0x120
+[ 7679.423403] run_timer_softirq+0x179/0x1e0
+[ 7679.431532] ? __schedule+0x2b1/0x820
+[ 7679.439078] __do_softirq+0xd1/0x295
+[ 7679.446426] ? __pfx_smpboot_thread_fn+0x10/0x10
+[ 7679.454867] run_ksoftirqd+0x22/0x30
+[ 7679.462058] smpboot_thread_fn+0xb7/0x160
+[ 7679.469670] kthread+0xcd/0xf0
+[ 7679.476097] ? __pfx_kthread+0x10/0x10
+[ 7679.483211] ret_from_fork+0x29/0x50
+[ 7679.490047] </TASK>
+[ 7679.495204] ---[ end trace 0000000000000000 ]---
+[ 7679.503179] igc 0000:01:00.0 enp1s0: Register Dump
+[ 7679.511230] igc 0000:01:00.0 enp1s0: Register Name Value
+[ 7679.519892] igc 0000:01:00.0 enp1s0: CTRL 181c0641
+[ 7679.528782] igc 0000:01:00.0 enp1s0: STATUS 40280683
+[ 7679.537551] igc 0000:01:00.0 enp1s0: CTRL_EXT 10000040
+[ 7679.546284] igc 0000:01:00.0 enp1s0: MDIC 180a3800
+[ 7679.554942] igc 0000:01:00.0 enp1s0: ICR 00000081
+[ 7679.563503] igc 0000:01:00.0 enp1s0: RCTL 04408022
+[ 7679.571963] igc 0000:01:00.0 enp1s0: RDLEN[0-3] 00001000 00001000 00001000 00001000
+[ 7679.583075] igc 0000:01:00.0 enp1s0: RDH[0-3] 00000068 000000b6 0000000f 00000031
+[ 7679.594162] igc 0000:01:00.0 enp1s0: RDT[0-3] 00000066 000000b2 0000000e 00000030
+[ 7679.605174] igc 0000:01:00.0 enp1s0: RXDCTL[0-3] 02040808 02040808 02040808 02040808
+[ 7679.616196] igc 0000:01:00.0 enp1s0: RDBAL[0-3] 1bb7c000 1bb7f000 1bb82000 0ef33000
+[ 7679.627242] igc 0000:01:00.0 enp1s0: RDBAH[0-3] 00000001 00000001 00000001 00000001
+[ 7679.638256] igc 0000:01:00.0 enp1s0: TCTL a503f0fa
+[ 7679.646607] igc 0000:01:00.0 enp1s0: TDBAL[0-3] 2ba4a000 1bb6f000 1bb74000 1bb79000
+[ 7679.657609] igc 0000:01:00.0 enp1s0: TDBAH[0-3] 00000001 00000001 00000001 00000001
+[ 7679.668551] igc 0000:01:00.0 enp1s0: TDLEN[0-3] 00001000 00001000 00001000 00001000
+[ 7679.679470] igc 0000:01:00.0 enp1s0: TDH[0-3] 000000a7 0000002d 000000bf 000000d9
+[ 7679.690406] igc 0000:01:00.0 enp1s0: TDT[0-3] 000000a7 0000002d 000000bf 000000d9
+[ 7679.701264] igc 0000:01:00.0 enp1s0: TXDCTL[0-3] 02100108 02100108 02100108 02100108
+[ 7679.712123] igc 0000:01:00.0 enp1s0: Reset adapter
+[ 7683.085967] igc 0000:01:00.0 enp1s0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
+[ 8086.945561] ------------[ cut here ]------------
+Entering kdb (current=0xffffffff8220b200, pid 0) on processor 0
+Oops: (null) due to oops @ 0xffffffff81573888
+RIP: 0010:dql_completed+0x148/0x160
+Code: c9 00 48 89 57 58 e9 46 ff ff ff 45 85 e4 41 0f 95 c4 41 39 db 0f 95
+c1 41 84 cc 74 05 45 85 ed 78 0a 44 89 c1 e9 27 ff ff ff <0f> 0b 01 f6 44 89
+c1 29 f1 0f 48 ca eb 8c cc cc cc cc cc cc cc cc
+RSP: 0018:ffa0000000003e00 EFLAGS: 00010287
+RAX: 000000000000006c RBX: ffa0000003eb0f78 RCX: ff11000109938000
+RDX: 0000000000000003 RSI: 0000000000000160 RDI: ff110001002e9480
+RBP: ffa0000000003ed8 R08: ff110001002e93c0 R09: ffa0000000003d28
+R10: 0000000000007cc0 R11: 0000000000007c54 R12: 00000000ffffffd9
+R13: ff1100037039cb00 R14: 00000000ffffffd9 R15: ff1100037039c048
+FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ <IRQ>
+ ? igc_poll+0x1a9/0x14d0 [igc]
+ __napi_poll+0x2e/0x1b0
+ net_rx_action+0x126/0x250
+ __do_softirq+0xd1/0x295
+ irq_exit_rcu+0xc5/0xf0
+ common_interrupt+0x86/0xa0
+ </IRQ>
+ <TASK>
+ asm_common_interrupt+0x27/0x40
+RIP: 0010:cpuidle_enter_state+0xd3/0x3e0
+Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 31 ff e8 1b
+de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 49 63 cf
+4c 2b 75 c8 48 8d 04 49 48 89 ca 48 8d
+RSP: 0018:ffffffff82203df0 EFLAGS: 00000202
+RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f
+RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000
+RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018
+R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000
+R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002
+ cpuidle_enter+0x2e/0x50
+ call_cpuidle+0x23/0x40
+ do_idle+0x1be/0x220
+ cpu_startup_entry+0x20/0x30
+ rest_init+0xb5/0xc0
+ arch_call_rest_init+0xe/0x30
+ start_kernel+0x448/0x760
+ x86_64_start_kernel+0x109/0x150
+ secondary_startup_64_no_verify+0xe0/0xeb
+ </TASK>
+more>
+[0]kdb>
+
+[0]kdb>
+[0]kdb> go
+Catastrophic error detected
+kdb_continue_catastrophic=0, type go a second time if you really want to
+continue
+[0]kdb> go
+Catastrophic error detected
+kdb_continue_catastrophic=0, attempting to continue
+[ 8086.955689] refcount_t: underflow; use-after-free.
+[ 8086.955697] WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0xc2/0x110
+[ 8086.955706] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat
+nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO)
+cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO)
+svfs_pci_hotplug(PO) vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO)
+svheartbeat(PO) ioapic(PO) sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO)
+smbus(PO) spiflash_cdf(PO) arden(PO) dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO)
+pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO)
+svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O)
+ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) regsupport(O) libnvdimm nls_cp437
+snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg
+snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci
+[ 8086.955751] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm
+fuse backlight configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic
+pegasus mmc_block usbhid mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa
+scsi_transport_sas e1000e e1000 e100 ax88179_178a usbnet xhci_pci sd_mod xhci_hcd t10_pi
+crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore crct10dif_generic ptp crct10dif_common
+usb_common pps_core
+[ 8086.955784] RIP: 0010:refcount_warn_saturate+0xc2/0x110
+[ 8086.955788] Code: 01 e8 82 e7 b4 ff 0f 0b 5d c3 cc cc cc cc 80 3d 68 c6 eb 00 00 75 81
+48 c7 c7 a0 87 f6 81 c6 05 58 c6 eb 00 01 e8 5e e7 b4 ff <0f> 0b 5d c3 cc cc cc cc 80 3d
+42 c6 eb 00 00 0f 85 59 ff ff ff 48
+[ 8086.955790] RSP: 0018:ffa0000000003da0 EFLAGS: 00010286
+[ 8086.955793] RAX: 0000000000000000 RBX: ff1100011da40ee0 RCX: ff11000361e1b888
+[ 8086.955794] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ff11000361e1b880
+[ 8086.955795] RBP: ffa0000000003da0 R08: 80000000ffff9f45 R09: ffa0000000003d28
+[ 8086.955796] R10: ff1100035f840000 R11: 0000000000000028 R12: ff11000319ff8000
+[ 8086.955797] R13: ff1100011bb79d60 R14: 00000000ffffffd6 R15: ff1100037039cb00
+[ 8086.955798] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
+[ 8086.955800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 8086.955801] CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8
+[ 8086.955803] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 8086.955803] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
+[ 8086.955804] PKRU: 55555554
+[ 8086.955805] Call Trace:
+[ 8086.955806] <IRQ>
+[ 8086.955808] tcp_wfree+0x112/0x130
+[ 8086.955814] skb_release_head_state+0x24/0xa0
+[ 8086.955818] napi_consume_skb+0x9c/0x160
+[ 8086.955821] igc_poll+0x5d8/0x14d0 [igc]
+[ 8086.955835] __napi_poll+0x2e/0x1b0
+[ 8086.955839] net_rx_action+0x126/0x250
+[ 8086.955843] __do_softirq+0xd1/0x295
+[ 8086.955846] irq_exit_rcu+0xc5/0xf0
+[ 8086.955851] common_interrupt+0x86/0xa0
+[ 8086.955857] </IRQ>
+[ 8086.955857] <TASK>
+[ 8086.955858] asm_common_interrupt+0x27/0x40
+[ 8086.955862] RIP: 0010:cpuidle_enter_state+0xd3/0x3e0
+[ 8086.955866] Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 31 ff e8
+1b de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 49 63 cf 4c 2b 75
+c8 48 8d 04 49 48 89 ca 48 8d
+[ 8086.955867] RSP: 0018:ffffffff82203df0 EFLAGS: 00000202
+[ 8086.955869] RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f
+[ 8086.955870] RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000
+[ 8086.955871] RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018
+[ 8086.955872] R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000
+[ 8086.955873] R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002
+[ 8086.955875] cpuidle_enter+0x2e/0x50
+[ 8086.955880] call_cpuidle+0x23/0x40
+[ 8086.955884] do_idle+0x1be/0x220
+[ 8086.955887] cpu_startup_entry+0x20/0x30
+[ 8086.955889] rest_init+0xb5/0xc0
+[ 8086.955892] arch_call_rest_init+0xe/0x30
+[ 8086.955895] start_kernel+0x448/0x760
+[ 8086.955898] x86_64_start_kernel+0x109/0x150
+[ 8086.955900] secondary_startup_64_no_verify+0xe0/0xeb
+[ 8086.955904] </TASK>
+[ 8086.955904] ---[ end trace 0000000000000000 ]---
+[ 8086.955912] ------------[ cut here ]------------
+[ 8086.955913] kernel BUG at lib/dynamic_queue_limits.c:27!
+[ 8086.955918] invalid opcode: 0000 [#1] SMP
+[ 8086.955922] RIP: 0010:dql_completed+0x148/0x160
+[ 8086.955925] Code: c9 00 48 89 57 58 e9 46 ff ff ff 45 85 e4 41 0f 95 c4 41 39 db
+0f 95 c1 41 84 cc 74 05 45 85 ed 78 0a 44 89 c1 e9 27 ff ff ff <0f> 0b 01 f6 44 89
+c1 29 f1 0f 48 ca eb 8c cc cc cc cc cc cc cc cc
+[ 8086.955927] RSP: 0018:ffa0000000003e00 EFLAGS: 00010287
+[ 8086.955928] RAX: 000000000000006c RBX: ffa0000003eb0f78 RCX: ff11000109938000
+[ 8086.955929] RDX: 0000000000000003 RSI: 0000000000000160 RDI: ff110001002e9480
+[ 8086.955930] RBP: ffa0000000003ed8 R08: ff110001002e93c0 R09: ffa0000000003d28
+[ 8086.955931] R10: 0000000000007cc0 R11: 0000000000007c54 R12: 00000000ffffffd9
+[ 8086.955932] R13: ff1100037039cb00 R14: 00000000ffffffd9 R15: ff1100037039c048
+[ 8086.955933] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
+[ 8086.955934] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 8086.955935] CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8
+[ 8086.955936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 8086.955937] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
+[ 8086.955938] PKRU: 55555554
+[ 8086.955939] Call Trace:
+[ 8086.955939] <IRQ>
+[ 8086.955940] ? igc_poll+0x1a9/0x14d0 [igc]
+[ 8086.955949] __napi_poll+0x2e/0x1b0
+[ 8086.955952] net_rx_action+0x126/0x250
+[ 8086.955956] __do_softirq+0xd1/0x295
+[ 8086.955958] irq_exit_rcu+0xc5/0xf0
+[ 8086.955961] common_interrupt+0x86/0xa0
+[ 8086.955964] </IRQ>
+[ 8086.955965] <TASK>
+[ 8086.955965] asm_common_interrupt+0x27/0x40
+[ 8086.955968] RIP: 0010:cpuidle_enter_state+0xd3/0x3e0
+[ 8086.955971] Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00
+31 ff e8 1b de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00
+49 63 cf 4c 2b 75 c8 48 8d 04 49 48 89 ca 48 8d
+[ 8086.955972] RSP: 0018:ffffffff82203df0 EFLAGS: 00000202
+[ 8086.955973] RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f
+[ 8086.955974] RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000
+[ 8086.955974] RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018
+[ 8086.955975] R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000
+[ 8086.955976] R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002
+[ 8086.955978] cpuidle_enter+0x2e/0x50
+[ 8086.955981] call_cpuidle+0x23/0x40
+[ 8086.955984] do_idle+0x1be/0x220
+[ 8086.955985] cpu_startup_entry+0x20/0x30
+[ 8086.955987] rest_init+0xb5/0xc0
+[ 8086.955990] arch_call_rest_init+0xe/0x30
+[ 8086.955992] start_kernel+0x448/0x760
+[ 8086.955994] x86_64_start_kernel+0x109/0x150
+[ 8086.955996] secondary_startup_64_no_verify+0xe0/0xeb
+[ 8086.955998] </TASK>
+[ 8086.955999] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype
+nft_compat nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO)
+rktpm(PO) cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO)
+svfs_pci_hotplug(PO) vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO)
+svheartbeat(PO) ioapic(PO) sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO)
+smbus(PO) spiflash_cdf(PO) arden(PO) dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO)
+pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO)
+svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O)
+ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) regsupport(O) libnvdimm nls_cp437
+snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg
+snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci
+[ 8086.956029] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm
+fuse backlight configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic
+pegasus mmc_block usbhid mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa
+scsi_transport_sas e1000e e1000 e100 ax88179_178a usbnet xhci_pci sd_mod xhci_hcd t10_pi
+crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore crct10dif_generic ptp crct10dif_common
+usb_common pps_core
+[16762.543675] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.593 msecs
+[16762.543678] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.595 msecs
+[16762.543673] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.495 msecs
+[16762.543679] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.599 msecs
+[16762.543678] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.598 msecs
+[16762.543690] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.605 msecs
+[16762.543684] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.599 msecs
+[16762.543693] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.613 msecs
+[16762.543784] ---[ end trace 0000000000000000 ]---
+[16762.849099] RIP: 0010:dql_completed+0x148/0x160
+PANIC: Fatal exception in interrupt
+
+Fixes: 9b275176270e ("igc: Add ndo_tx_timeout support")
+Tested-by: Alejandra Victoria Alcaraz <alejandra.victoria.alcaraz@intel.com>
+Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
+Acked-by: Sasha Neftin <sasha.neftin@intel.com>
+Tested-by: Naama Meir <naamax.meir@linux.intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Reviewed-by: Simon Horman <simon.horman@corigine.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+(cherry-picked from commit d4a7ce642100765119a872d4aba1bf63e3a22c8a)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ drivers/net/ethernet/intel/igc/igc_main.c | 40 ++++++++++++++++-------
+ 1 file changed, 28 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c
+index 8b554311518c..a3f89e1dca72 100644
+--- a/drivers/net/ethernet/intel/igc/igc_main.c
++++ b/drivers/net/ethernet/intel/igc/igc_main.c
+@@ -310,6 +310,33 @@ static void igc_clean_all_tx_rings(struct igc_adapter *adapter)
+ igc_clean_tx_ring(adapter->tx_ring[i]);
+ }
+
++static void igc_disable_tx_ring_hw(struct igc_ring *ring)
++{
++ struct igc_hw *hw = &ring->q_vector->adapter->hw;
++ u8 idx = ring->reg_idx;
++ u32 txdctl;
++
++ txdctl = rd32(IGC_TXDCTL(idx));
++ txdctl &= ~IGC_TXDCTL_QUEUE_ENABLE;
++ txdctl |= IGC_TXDCTL_SWFLUSH;
++ wr32(IGC_TXDCTL(idx), txdctl);
++}
++
++/**
++ * igc_disable_all_tx_rings_hw - Disable all transmit queue operation
++ * @adapter: board private structure
++ */
++static void igc_disable_all_tx_rings_hw(struct igc_adapter *adapter)
++{
++ int i;
++
++ for (i = 0; i < adapter->num_tx_queues; i++) {
++ struct igc_ring *tx_ring = adapter->tx_ring[i];
++
++ igc_disable_tx_ring_hw(tx_ring);
++ }
++}
++
+ /**
+ * igc_setup_tx_resources - allocate Tx resources (Descriptors)
+ * @tx_ring: tx descriptor ring (for a specific queue) to setup
+@@ -4993,6 +5020,7 @@ void igc_down(struct igc_adapter *adapter)
+ /* clear VLAN promisc flag so VFTA will be updated if necessary */
+ adapter->flags &= ~IGC_FLAG_VLAN_PROMISC;
+
++ igc_disable_all_tx_rings_hw(adapter);
+ igc_clean_all_tx_rings(adapter);
+ igc_clean_all_rx_rings(adapter);
+ }
+@@ -7094,18 +7122,6 @@ void igc_enable_rx_ring(struct igc_ring *ring)
+ igc_alloc_rx_buffers(ring, igc_desc_unused(ring));
+ }
+
+-static void igc_disable_tx_ring_hw(struct igc_ring *ring)
+-{
+- struct igc_hw *hw = &ring->q_vector->adapter->hw;
+- u8 idx = ring->reg_idx;
+- u32 txdctl;
+-
+- txdctl = rd32(IGC_TXDCTL(idx));
+- txdctl &= ~IGC_TXDCTL_QUEUE_ENABLE;
+- txdctl |= IGC_TXDCTL_SWFLUSH;
+- wr32(IGC_TXDCTL(idx), txdctl);
+-}
+-
+ void igc_disable_tx_ring(struct igc_ring *ring)
+ {
+ igc_disable_tx_ring_hw(ring);
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Borislav Petkov (AMD)" <bp@alien8.de>
-Date: Sat, 15 Jul 2023 13:31:32 +0200
-Subject: [PATCH] x86/cpu/amd: Move the errata checking functionality up
-
-Upstream commit: 8b6f687743dacce83dbb0c7cfacf88bab00f808a
-
-Avoid new and remove old forward declarations.
-
-No functional changes.
-
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/kernel/cpu/amd.c | 139 ++++++++++++++++++--------------------
- 1 file changed, 67 insertions(+), 72 deletions(-)
-
-diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 06f2ede1544f..57181b9c0474 100644
---- a/arch/x86/kernel/cpu/amd.c
-+++ b/arch/x86/kernel/cpu/amd.c
-@@ -27,11 +27,6 @@
-
- #include "cpu.h"
-
--static const int amd_erratum_383[];
--static const int amd_erratum_400[];
--static const int amd_erratum_1054[];
--static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum);
--
- /*
- * nodes_per_socket: Stores the number of nodes per socket.
- * Refer to Fam15h Models 00-0fh BKDG - CPUID Fn8000_001E_ECX
-@@ -39,6 +34,73 @@ static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum);
- */
- static u32 nodes_per_socket = 1;
-
-+/*
-+ * AMD errata checking
-+ *
-+ * Errata are defined as arrays of ints using the AMD_LEGACY_ERRATUM() or
-+ * AMD_OSVW_ERRATUM() macros. The latter is intended for newer errata that
-+ * have an OSVW id assigned, which it takes as first argument. Both take a
-+ * variable number of family-specific model-stepping ranges created by
-+ * AMD_MODEL_RANGE().
-+ *
-+ * Example:
-+ *
-+ * const int amd_erratum_319[] =
-+ * AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0x4, 0x2),
-+ * AMD_MODEL_RANGE(0x10, 0x8, 0x0, 0x8, 0x0),
-+ * AMD_MODEL_RANGE(0x10, 0x9, 0x0, 0x9, 0x0));
-+ */
-+
-+#define AMD_LEGACY_ERRATUM(...) { -1, __VA_ARGS__, 0 }
-+#define AMD_OSVW_ERRATUM(osvw_id, ...) { osvw_id, __VA_ARGS__, 0 }
-+#define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \
-+ ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end))
-+#define AMD_MODEL_RANGE_FAMILY(range) (((range) >> 24) & 0xff)
-+#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
-+#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
-+
-+static const int amd_erratum_400[] =
-+ AMD_OSVW_ERRATUM(1, AMD_MODEL_RANGE(0xf, 0x41, 0x2, 0xff, 0xf),
-+ AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0xff, 0xf));
-+
-+static const int amd_erratum_383[] =
-+ AMD_OSVW_ERRATUM(3, AMD_MODEL_RANGE(0x10, 0, 0, 0xff, 0xf));
-+
-+/* #1054: Instructions Retired Performance Counter May Be Inaccurate */
-+static const int amd_erratum_1054[] =
-+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
-+
-+static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
-+{
-+ int osvw_id = *erratum++;
-+ u32 range;
-+ u32 ms;
-+
-+ if (osvw_id >= 0 && osvw_id < 65536 &&
-+ cpu_has(cpu, X86_FEATURE_OSVW)) {
-+ u64 osvw_len;
-+
-+ rdmsrl(MSR_AMD64_OSVW_ID_LENGTH, osvw_len);
-+ if (osvw_id < osvw_len) {
-+ u64 osvw_bits;
-+
-+ rdmsrl(MSR_AMD64_OSVW_STATUS + (osvw_id >> 6),
-+ osvw_bits);
-+ return osvw_bits & (1ULL << (osvw_id & 0x3f));
-+ }
-+ }
-+
-+ /* OSVW unavailable or ID unknown, match family-model-stepping range */
-+ ms = (cpu->x86_model << 4) | cpu->x86_stepping;
-+ while ((range = *erratum++))
-+ if ((cpu->x86 == AMD_MODEL_RANGE_FAMILY(range)) &&
-+ (ms >= AMD_MODEL_RANGE_START(range)) &&
-+ (ms <= AMD_MODEL_RANGE_END(range)))
-+ return true;
-+
-+ return false;
-+}
-+
- static inline int rdmsrl_amd_safe(unsigned msr, unsigned long long *p)
- {
- u32 gprs[8] = { 0 };
-@@ -1100,73 +1162,6 @@ static const struct cpu_dev amd_cpu_dev = {
-
- cpu_dev_register(amd_cpu_dev);
-
--/*
-- * AMD errata checking
-- *
-- * Errata are defined as arrays of ints using the AMD_LEGACY_ERRATUM() or
-- * AMD_OSVW_ERRATUM() macros. The latter is intended for newer errata that
-- * have an OSVW id assigned, which it takes as first argument. Both take a
-- * variable number of family-specific model-stepping ranges created by
-- * AMD_MODEL_RANGE().
-- *
-- * Example:
-- *
-- * const int amd_erratum_319[] =
-- * AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0x4, 0x2),
-- * AMD_MODEL_RANGE(0x10, 0x8, 0x0, 0x8, 0x0),
-- * AMD_MODEL_RANGE(0x10, 0x9, 0x0, 0x9, 0x0));
-- */
--
--#define AMD_LEGACY_ERRATUM(...) { -1, __VA_ARGS__, 0 }
--#define AMD_OSVW_ERRATUM(osvw_id, ...) { osvw_id, __VA_ARGS__, 0 }
--#define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \
-- ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end))
--#define AMD_MODEL_RANGE_FAMILY(range) (((range) >> 24) & 0xff)
--#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
--#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
--
--static const int amd_erratum_400[] =
-- AMD_OSVW_ERRATUM(1, AMD_MODEL_RANGE(0xf, 0x41, 0x2, 0xff, 0xf),
-- AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0xff, 0xf));
--
--static const int amd_erratum_383[] =
-- AMD_OSVW_ERRATUM(3, AMD_MODEL_RANGE(0x10, 0, 0, 0xff, 0xf));
--
--/* #1054: Instructions Retired Performance Counter May Be Inaccurate */
--static const int amd_erratum_1054[] =
-- AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
--
--static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
--{
-- int osvw_id = *erratum++;
-- u32 range;
-- u32 ms;
--
-- if (osvw_id >= 0 && osvw_id < 65536 &&
-- cpu_has(cpu, X86_FEATURE_OSVW)) {
-- u64 osvw_len;
--
-- rdmsrl(MSR_AMD64_OSVW_ID_LENGTH, osvw_len);
-- if (osvw_id < osvw_len) {
-- u64 osvw_bits;
--
-- rdmsrl(MSR_AMD64_OSVW_STATUS + (osvw_id >> 6),
-- osvw_bits);
-- return osvw_bits & (1ULL << (osvw_id & 0x3f));
-- }
-- }
--
-- /* OSVW unavailable or ID unknown, match family-model-stepping range */
-- ms = (cpu->x86_model << 4) | cpu->x86_stepping;
-- while ((range = *erratum++))
-- if ((cpu->x86 == AMD_MODEL_RANGE_FAMILY(range)) &&
-- (ms >= AMD_MODEL_RANGE_START(range)) &&
-- (ms <= AMD_MODEL_RANGE_END(range)))
-- return true;
--
-- return false;
--}
--
- void set_dr_addr_mask(unsigned long mask, int dr)
- {
- if (!boot_cpu_has(X86_FEATURE_BPEXT))
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 25 Jul 2023 09:38:32 -0700
+Subject: [PATCH] mm: suppress mm fault logging if fatal signal already pending
+
+Commit eda0047296a1 ("mm: make the page fault mmap locking killable")
+intentionally made it much easier to trigger the "page fault fails
+because a fatal signal is pending" situation, by having the mmap locking
+fail early in that case.
+
+We have long aborted page faults in other fatal cases when the actual IO
+for a page is interrupted by SIGKILL - which is particularly useful for
+the traditional case of NFS hanging due to network issues, but local
+filesystems could cause it too if you happened to get the SIGKILL while
+waiting for a page to be faulted in (eg lock_folio_maybe_drop_mmap()).
+
+So aborting the page fault wasn't a new condition - but it now triggers
+earlier, before we even get to 'handle_mm_fault()'. And as a result the
+error doesn't go through our 'fault_signal_pending()' logic, and doesn't
+get filtered away there.
+
+Normally you'd never even notice, because if a fatal signal is pending,
+the new SIGSEGV we send ends up being ignored anyway.
+
+But it turns out that there is one very noticeable exception: if you
+enable 'show_unhandled_signals', the aborted page fault will be logged
+in the kernel messages, and you'll get a scary line looking something
+like this in your logs:
+
+ pverados[2183248]: segfault at 55e5a00f9ae0 ip 000055e5a00f9ae0 sp 00007ffc0720bea8 error 14 in perl[55e5a00d4000+195000] likely on CPU 10 (core 4, socket 0)
+
+which is rather misleading. It's not really a segfault at all, it's
+just "the thread was killed before the page fault completed, so we
+aborted the page fault".
+
+Fix this by just making it clear that a pending fatal signal means that
+any new signal coming in after that is implicitly handled. This will
+avoid the misleading logging, since now the signal isn't 'unhandled' any
+more.
+
+Reported-and-tested-by: Fiona Ebner <f.ebner@proxmox.com>
+Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Link: https://lore.kernel.org/lkml/8d063a26-43f5-0bb7-3203-c6a04dc159f8@proxmox.com/
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Fixes: eda0047296a1 ("mm: make the page fault mmap locking killable")
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+(cherry-picked from commit 5f0bc0b042fc77ff70e14c790abdec960cde4ec1)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ kernel/signal.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/kernel/signal.c b/kernel/signal.c
+index ae26da61c4d9..060f834e9c1a 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -561,6 +561,10 @@ bool unhandled_signal(struct task_struct *tsk, int sig)
+ if (handler != SIG_IGN && handler != SIG_DFL)
+ return false;
+
++ /* If dying, we handle all new signals by ignoring them */
++ if (fatal_signal_pending(tsk))
++ return false;
++
+ /* if ptraced, let the tracer determine */
+ return !tsk->ptrace;
+ }
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Borislav Petkov (AMD)" <bp@alien8.de>
-Date: Sat, 15 Jul 2023 13:41:28 +0200
-Subject: [PATCH] x86/cpu/amd: Add a Zenbleed fix
-
-Upstream commit: 522b1d69219d8f083173819fde04f994aa051a98
-
-Add a fix for the Zen2 VZEROUPPER data corruption bug where under
-certain circumstances executing VZEROUPPER can cause register
-corruption or leak data.
-
-The optimal fix is through microcode but in the case the proper
-microcode revision has not been applied, enable a fallback fix using
-a chicken bit.
-
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/include/asm/microcode.h | 1 +
- arch/x86/include/asm/microcode_amd.h | 2 +
- arch/x86/include/asm/msr-index.h | 1 +
- arch/x86/kernel/cpu/amd.c | 60 ++++++++++++++++++++++++++++
- arch/x86/kernel/cpu/common.c | 2 +
- 5 files changed, 66 insertions(+)
-
-diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
-index 320566a0443d..66dbba181bd9 100644
---- a/arch/x86/include/asm/microcode.h
-+++ b/arch/x86/include/asm/microcode.h
-@@ -5,6 +5,7 @@
- #include <asm/cpu.h>
- #include <linux/earlycpio.h>
- #include <linux/initrd.h>
-+#include <asm/microcode_amd.h>
-
- struct ucode_patch {
- struct list_head plist;
-diff --git a/arch/x86/include/asm/microcode_amd.h b/arch/x86/include/asm/microcode_amd.h
-index e6662adf3af4..9675c621c1ca 100644
---- a/arch/x86/include/asm/microcode_amd.h
-+++ b/arch/x86/include/asm/microcode_amd.h
-@@ -48,11 +48,13 @@ extern void __init load_ucode_amd_bsp(unsigned int family);
- extern void load_ucode_amd_ap(unsigned int family);
- extern int __init save_microcode_in_initrd_amd(unsigned int family);
- void reload_ucode_amd(unsigned int cpu);
-+extern void amd_check_microcode(void);
- #else
- static inline void __init load_ucode_amd_bsp(unsigned int family) {}
- static inline void load_ucode_amd_ap(unsigned int family) {}
- static inline int __init
- save_microcode_in_initrd_amd(unsigned int family) { return -EINVAL; }
- static inline void reload_ucode_amd(unsigned int cpu) {}
-+static inline void amd_check_microcode(void) {}
- #endif
- #endif /* _ASM_X86_MICROCODE_AMD_H */
-diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index 978a3e203cdb..52a09dbc2c26 100644
---- a/arch/x86/include/asm/msr-index.h
-+++ b/arch/x86/include/asm/msr-index.h
-@@ -538,6 +538,7 @@
- #define MSR_AMD64_DE_CFG 0xc0011029
- #define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT 1
- #define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE BIT_ULL(MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT)
-+#define MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT 9
-
- #define MSR_AMD64_BU_CFG2 0xc001102a
- #define MSR_AMD64_IBSFETCHCTL 0xc0011030
-diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 57181b9c0474..c03b066aaa54 100644
---- a/arch/x86/kernel/cpu/amd.c
-+++ b/arch/x86/kernel/cpu/amd.c
-@@ -70,6 +70,11 @@ static const int amd_erratum_383[] =
- static const int amd_erratum_1054[] =
- AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
-
-+static const int amd_zenbleed[] =
-+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x30, 0x0, 0x4f, 0xf),
-+ AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf),
-+ AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf));
-+
- static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
- {
- int osvw_id = *erratum++;
-@@ -978,6 +983,47 @@ static void init_amd_zn(struct cpuinfo_x86 *c)
- }
- }
-
-+static bool cpu_has_zenbleed_microcode(void)
-+{
-+ u32 good_rev = 0;
-+
-+ switch (boot_cpu_data.x86_model) {
-+ case 0x30 ... 0x3f: good_rev = 0x0830107a; break;
-+ case 0x60 ... 0x67: good_rev = 0x0860010b; break;
-+ case 0x68 ... 0x6f: good_rev = 0x08608105; break;
-+ case 0x70 ... 0x7f: good_rev = 0x08701032; break;
-+ case 0xa0 ... 0xaf: good_rev = 0x08a00008; break;
-+
-+ default:
-+ return false;
-+ break;
-+ }
-+
-+ if (boot_cpu_data.microcode < good_rev)
-+ return false;
-+
-+ return true;
-+}
-+
-+static void zenbleed_check(struct cpuinfo_x86 *c)
-+{
-+ if (!cpu_has_amd_erratum(c, amd_zenbleed))
-+ return;
-+
-+ if (cpu_has(c, X86_FEATURE_HYPERVISOR))
-+ return;
-+
-+ if (!cpu_has(c, X86_FEATURE_AVX))
-+ return;
-+
-+ if (!cpu_has_zenbleed_microcode()) {
-+ pr_notice_once("Zenbleed: please update your microcode for the most optimal fix\n");
-+ msr_set_bit(MSR_AMD64_DE_CFG, MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT);
-+ } else {
-+ msr_clear_bit(MSR_AMD64_DE_CFG, MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT);
-+ }
-+}
-+
- static void init_amd(struct cpuinfo_x86 *c)
- {
- early_init_amd(c);
-@@ -1067,6 +1113,8 @@ static void init_amd(struct cpuinfo_x86 *c)
- msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT);
-
- check_null_seg_clears_base(c);
-+
-+ zenbleed_check(c);
- }
-
- #ifdef CONFIG_X86_32
-@@ -1196,3 +1244,15 @@ u32 amd_get_highest_perf(void)
- return 255;
- }
- EXPORT_SYMBOL_GPL(amd_get_highest_perf);
-+
-+static void zenbleed_check_cpu(void *unused)
-+{
-+ struct cpuinfo_x86 *c = &cpu_data(smp_processor_id());
-+
-+ zenbleed_check(c);
-+}
-+
-+void amd_check_microcode(void)
-+{
-+ on_each_cpu(zenbleed_check_cpu, NULL, 1);
-+}
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 6a25e93f2a87..2ac8ceae0ed1 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -2337,6 +2337,8 @@ void microcode_check(struct cpuinfo_x86 *prev_info)
-
- perf_check_microcode();
-
-+ amd_check_microcode();
-+
- store_cpu_caps(&curr_info);
-
- if (!memcmp(&prev_info->x86_capability, &curr_info.x86_capability,
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:22 +0200
-Subject: [PATCH] init: Provide arch_cpu_finalize_init()
-
-check_bugs() has become a dumping ground for all sorts of activities to
-finalize the CPU initialization before running the rest of the init code.
-
-Most are empty, a few do actual bug checks, some do alternative patching
-and some cobble a CPU advertisement string together....
-
-Aside of that the current implementation requires duplicated function
-declaration and mostly empty header files for them.
-
-Provide a new function arch_cpu_finalize_init(). Provide a generic
-declaration if CONFIG_ARCH_HAS_CPU_FINALIZE_INIT is selected and a stub
-inline otherwise.
-
-This requires a temporary #ifdef in start_kernel() which will be removed
-along with check_bugs() once the architectures are converted over.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224544.957805717@linutronix.de
-
-(cherry picked from commit 7725acaa4f0c04fbefb0e0d342635b967bb7d414)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit c765faa80041002c513c6b356826e11cb78308b3)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/Kconfig | 3 +++
- include/linux/cpu.h | 6 ++++++
- init/main.c | 4 ++++
- 3 files changed, 13 insertions(+)
-
-diff --git a/arch/Kconfig b/arch/Kconfig
-index 12e3ddabac9d..9a75f8457283 100644
---- a/arch/Kconfig
-+++ b/arch/Kconfig
-@@ -285,6 +285,9 @@ config ARCH_HAS_DMA_SET_UNCACHED
- config ARCH_HAS_DMA_CLEAR_UNCACHED
- bool
-
-+config ARCH_HAS_CPU_FINALIZE_INIT
-+ bool
-+
- # Select if arch init_task must go in the __init_task_data section
- config ARCH_TASK_STRUCT_ON_STACK
- bool
-diff --git a/include/linux/cpu.h b/include/linux/cpu.h
-index 314802f98b9d..43b0b7950e33 100644
---- a/include/linux/cpu.h
-+++ b/include/linux/cpu.h
-@@ -187,6 +187,12 @@ void arch_cpu_idle_enter(void);
- void arch_cpu_idle_exit(void);
- void arch_cpu_idle_dead(void);
-
-+#ifdef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT
-+void arch_cpu_finalize_init(void);
-+#else
-+static inline void arch_cpu_finalize_init(void) { }
-+#endif
-+
- int cpu_report_state(int cpu);
- int cpu_check_up_prepare(int cpu);
- void cpu_set_state_online(int cpu);
-diff --git a/init/main.c b/init/main.c
-index e1c3911d7c70..e39055c8698f 100644
---- a/init/main.c
-+++ b/init/main.c
-@@ -1138,7 +1138,11 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
- taskstats_init_early();
- delayacct_init();
-
-+ arch_cpu_finalize_init();
-+ /* Temporary conditional until everything has been converted */
-+#ifndef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT
- check_bugs();
-+#endif
-
- acpi_subsystem_init();
- arch_post_acpi_subsys_init();
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:24 +0200
-Subject: [PATCH] x86/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is a dumping ground for finalizing the CPU bringup. Only parts of
-it has to do with actual CPU bugs.
-
-Split it apart into arch_cpu_finalize_init() and cpu_select_mitigations().
-
-Fixup the bogus 32bit comments while at it.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
-Link: https://lore.kernel.org/r/20230613224545.019583869@linutronix.de
-
-(cherry picked from commit 7c7077a72674402654f3291354720cd73cdf649e)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit d839524be6ba339640b7729353ff14156fad42a7)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/Kconfig | 1 +
- arch/x86/include/asm/bugs.h | 2 --
- arch/x86/kernel/cpu/bugs.c | 51 +---------------------------------
- arch/x86/kernel/cpu/common.c | 53 ++++++++++++++++++++++++++++++++++++
- arch/x86/kernel/cpu/cpu.h | 1 +
- 5 files changed, 56 insertions(+), 52 deletions(-)
-
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index df9e15bcf6d1..598a303819da 100644
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -70,6 +70,7 @@ config X86
- select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
- select ARCH_HAS_CACHE_LINE_SIZE
- select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
-+ select ARCH_HAS_CPU_FINALIZE_INIT
- select ARCH_HAS_CURRENT_STACK_POINTER
- select ARCH_HAS_DEBUG_VIRTUAL
- select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE
-diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h
-index 92ae28389940..f25ca2d709d4 100644
---- a/arch/x86/include/asm/bugs.h
-+++ b/arch/x86/include/asm/bugs.h
-@@ -4,8 +4,6 @@
-
- #include <asm/processor.h>
-
--extern void check_bugs(void);
--
- #if defined(CONFIG_CPU_SUP_INTEL) && defined(CONFIG_X86_32)
- int ppro_with_ram_bug(void);
- #else
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index daad10e7665b..edb670b77294 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -9,7 +9,6 @@
- * - Andrew D. Balsa (code cleanup).
- */
- #include <linux/init.h>
--#include <linux/utsname.h>
- #include <linux/cpu.h>
- #include <linux/module.h>
- #include <linux/nospec.h>
-@@ -27,8 +26,6 @@
- #include <asm/msr.h>
- #include <asm/vmx.h>
- #include <asm/paravirt.h>
--#include <asm/alternative.h>
--#include <asm/set_memory.h>
- #include <asm/intel-family.h>
- #include <asm/e820/api.h>
- #include <asm/hypervisor.h>
-@@ -124,21 +121,8 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush);
- DEFINE_STATIC_KEY_FALSE(mmio_stale_data_clear);
- EXPORT_SYMBOL_GPL(mmio_stale_data_clear);
-
--void __init check_bugs(void)
-+void __init cpu_select_mitigations(void)
- {
-- identify_boot_cpu();
--
-- /*
-- * identify_boot_cpu() initialized SMT support information, let the
-- * core code know.
-- */
-- cpu_smt_check_topology();
--
-- if (!IS_ENABLED(CONFIG_SMP)) {
-- pr_info("CPU: ");
-- print_cpu_info(&boot_cpu_data);
-- }
--
- /*
- * Read the SPEC_CTRL MSR to account for reserved bits which may
- * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
-@@ -175,39 +159,6 @@ void __init check_bugs(void)
- md_clear_select_mitigation();
- srbds_select_mitigation();
- l1d_flush_select_mitigation();
--
-- arch_smt_update();
--
--#ifdef CONFIG_X86_32
-- /*
-- * Check whether we are able to run this kernel safely on SMP.
-- *
-- * - i386 is no longer supported.
-- * - In order to run on anything without a TSC, we need to be
-- * compiled for a i486.
-- */
-- if (boot_cpu_data.x86 < 4)
-- panic("Kernel requires i486+ for 'invlpg' and other features");
--
-- init_utsname()->machine[1] =
-- '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
-- alternative_instructions();
--
-- fpu__init_check_bugs();
--#else /* CONFIG_X86_64 */
-- alternative_instructions();
--
-- /*
-- * Make sure the first 2MB area is not mapped by huge pages
-- * There are typically fixed size MTRRs in there and overlapping
-- * MTRRs into large pages causes slow downs.
-- *
-- * Right now we don't do that with gbpages because there seems
-- * very little benefit for that case.
-- */
-- if (!direct_gbpages)
-- set_memory_4k((unsigned long)__va(0), 1);
--#endif
- }
-
- /*
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 2ac8ceae0ed1..0f32ecfbdeb1 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -19,11 +19,14 @@
- #include <linux/kprobes.h>
- #include <linux/kgdb.h>
- #include <linux/smp.h>
-+#include <linux/cpu.h>
- #include <linux/io.h>
- #include <linux/syscore_ops.h>
- #include <linux/pgtable.h>
- #include <linux/stackprotector.h>
-+#include <linux/utsname.h>
-
-+#include <asm/alternative.h>
- #include <asm/cmdline.h>
- #include <asm/perf_event.h>
- #include <asm/mmu_context.h>
-@@ -59,6 +62,7 @@
- #include <asm/intel-family.h>
- #include <asm/cpu_device_id.h>
- #include <asm/uv/uv.h>
-+#include <asm/set_memory.h>
- #include <asm/sigframe.h>
- #include <asm/traps.h>
- #include <asm/sev.h>
-@@ -2360,3 +2364,52 @@ void arch_smt_update(void)
- /* Check whether IPI broadcasting can be enabled */
- apic_smt_update();
- }
-+
-+void __init arch_cpu_finalize_init(void)
-+{
-+ identify_boot_cpu();
-+
-+ /*
-+ * identify_boot_cpu() initialized SMT support information, let the
-+ * core code know.
-+ */
-+ cpu_smt_check_topology();
-+
-+ if (!IS_ENABLED(CONFIG_SMP)) {
-+ pr_info("CPU: ");
-+ print_cpu_info(&boot_cpu_data);
-+ }
-+
-+ cpu_select_mitigations();
-+
-+ arch_smt_update();
-+
-+ if (IS_ENABLED(CONFIG_X86_32)) {
-+ /*
-+ * Check whether this is a real i386 which is not longer
-+ * supported and fixup the utsname.
-+ */
-+ if (boot_cpu_data.x86 < 4)
-+ panic("Kernel requires i486+ for 'invlpg' and other features");
-+
-+ init_utsname()->machine[1] =
-+ '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
-+ }
-+
-+ alternative_instructions();
-+
-+ if (IS_ENABLED(CONFIG_X86_64)) {
-+ /*
-+ * Make sure the first 2MB area is not mapped by huge pages
-+ * There are typically fixed size MTRRs in there and overlapping
-+ * MTRRs into large pages causes slow downs.
-+ *
-+ * Right now we don't do that with gbpages because there seems
-+ * very little benefit for that case.
-+ */
-+ if (!direct_gbpages)
-+ set_memory_4k((unsigned long)__va(0), 1);
-+ } else {
-+ fpu__init_check_bugs();
-+ }
-+}
-diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
-index 7c9b5893c30a..61dbb9b216e6 100644
---- a/arch/x86/kernel/cpu/cpu.h
-+++ b/arch/x86/kernel/cpu/cpu.h
-@@ -79,6 +79,7 @@ extern void detect_ht(struct cpuinfo_x86 *c);
- extern void check_null_seg_clears_base(struct cpuinfo_x86 *c);
-
- unsigned int aperfmperf_get_khz(int cpu);
-+void cpu_select_mitigations(void);
-
- extern void x86_spec_ctrl_setup_ap(void);
- extern void update_srbds_msr(void);
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:25 +0200
-Subject: [PATCH] ARM: cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.078124882@linutronix.de
-
-(cherry picked from commit ee31bb0524a2e7c99b03f50249a411cc1eaa411f)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 57b198863efe8ec2e2c898f8f3d501734c18afb7)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/arm/Kconfig | 1 +
- arch/arm/include/asm/bugs.h | 4 ----
- arch/arm/kernel/bugs.c | 3 ++-
- 3 files changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 1938a2a957bc..eac5314702b0 100644
---- a/arch/arm/Kconfig
-+++ b/arch/arm/Kconfig
-@@ -5,6 +5,7 @@ config ARM
- select ARCH_32BIT_OFF_T
- select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE if HAVE_KRETPROBES && FRAME_POINTER && !ARM_UNWIND
- select ARCH_HAS_BINFMT_FLAT
-+ select ARCH_HAS_CPU_FINALIZE_INIT if MMU
- select ARCH_HAS_CURRENT_STACK_POINTER
- select ARCH_HAS_DEBUG_VIRTUAL if MMU
- select ARCH_HAS_DMA_WRITE_COMBINE if !ARM_DMA_MEM_BUFFERABLE
-diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h
-index 97a312ba0840..fe385551edec 100644
---- a/arch/arm/include/asm/bugs.h
-+++ b/arch/arm/include/asm/bugs.h
-@@ -1,7 +1,5 @@
- /* SPDX-License-Identifier: GPL-2.0-only */
- /*
-- * arch/arm/include/asm/bugs.h
-- *
- * Copyright (C) 1995-2003 Russell King
- */
- #ifndef __ASM_BUGS_H
-@@ -10,10 +8,8 @@
- extern void check_writebuffer_bugs(void);
-
- #ifdef CONFIG_MMU
--extern void check_bugs(void);
- extern void check_other_bugs(void);
- #else
--#define check_bugs() do { } while (0)
- #define check_other_bugs() do { } while (0)
- #endif
-
-diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c
-index 14c8dbbb7d2d..087bce6ec8e9 100644
---- a/arch/arm/kernel/bugs.c
-+++ b/arch/arm/kernel/bugs.c
-@@ -1,5 +1,6 @@
- // SPDX-License-Identifier: GPL-2.0
- #include <linux/init.h>
-+#include <linux/cpu.h>
- #include <asm/bugs.h>
- #include <asm/proc-fns.h>
-
-@@ -11,7 +12,7 @@ void check_other_bugs(void)
- #endif
- }
-
--void __init check_bugs(void)
-+void __init arch_cpu_finalize_init(void)
- {
- check_writebuffer_bugs();
- check_other_bugs();
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:27 +0200
-Subject: [PATCH] ia64/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.137045745@linutronix.de
-
-(cherry picked from commit 6c38e3005621800263f117fb00d6787a76e16de7)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 7b593af98529e22ee2b54dda992a205bd8935a97)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/ia64/Kconfig | 1 +
- arch/ia64/include/asm/bugs.h | 20 --------------------
- arch/ia64/kernel/setup.c | 3 +--
- 3 files changed, 2 insertions(+), 22 deletions(-)
- delete mode 100644 arch/ia64/include/asm/bugs.h
-
-diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
-index d7e4a24e8644..25ebc90b3ec3 100644
---- a/arch/ia64/Kconfig
-+++ b/arch/ia64/Kconfig
-@@ -9,6 +9,7 @@ menu "Processor type and features"
- config IA64
- bool
- select ARCH_BINFMT_ELF_EXTRA_PHDRS
-+ select ARCH_HAS_CPU_FINALIZE_INIT
- select ARCH_HAS_DMA_MARK_CLEAN
- select ARCH_HAS_STRNCPY_FROM_USER
- select ARCH_HAS_STRNLEN_USER
-diff --git a/arch/ia64/include/asm/bugs.h b/arch/ia64/include/asm/bugs.h
-deleted file mode 100644
-index 0d6b9bded56c..000000000000
---- a/arch/ia64/include/asm/bugs.h
-+++ /dev/null
-@@ -1,20 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--/*
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
-- * Needs:
-- * void check_bugs(void);
-- *
-- * Based on <asm-alpha/bugs.h>.
-- *
-- * Modified 1998, 1999, 2003
-- * David Mosberger-Tang <davidm@hpl.hp.com>, Hewlett-Packard Co.
-- */
--#ifndef _ASM_IA64_BUGS_H
--#define _ASM_IA64_BUGS_H
--
--#include <asm/processor.h>
--
--extern void check_bugs (void);
--
--#endif /* _ASM_IA64_BUGS_H */
-diff --git a/arch/ia64/kernel/setup.c b/arch/ia64/kernel/setup.c
-index c05728044272..9009f1871e3b 100644
---- a/arch/ia64/kernel/setup.c
-+++ b/arch/ia64/kernel/setup.c
-@@ -1067,8 +1067,7 @@ cpu_init (void)
- }
- }
-
--void __init
--check_bugs (void)
-+void __init arch_cpu_finalize_init(void)
- {
- ia64_patch_mckinley_e9((unsigned long) __start___mckinley_e9_bundles,
- (unsigned long) __end___mckinley_e9_bundles);
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:30 +0200
-Subject: [PATCH] m68k/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
-Link: https://lore.kernel.org/r/20230613224545.254342916@linutronix.de
-
-(cherry picked from commit 9ceecc2589b9d7cef6b321339ed8de484eac4b20)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 51d4827f4d3adf26415b6447d88611a35738e062)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/m68k/Kconfig | 1 +
- arch/m68k/include/asm/bugs.h | 21 ---------------------
- arch/m68k/kernel/setup_mm.c | 3 ++-
- 3 files changed, 3 insertions(+), 22 deletions(-)
- delete mode 100644 arch/m68k/include/asm/bugs.h
-
-diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
-index 7bff88118507..1fe5b2018745 100644
---- a/arch/m68k/Kconfig
-+++ b/arch/m68k/Kconfig
-@@ -4,6 +4,7 @@ config M68K
- default y
- select ARCH_32BIT_OFF_T
- select ARCH_HAS_BINFMT_FLAT
-+ select ARCH_HAS_CPU_FINALIZE_INIT if MMU
- select ARCH_HAS_CURRENT_STACK_POINTER
- select ARCH_HAS_DMA_PREP_COHERENT if HAS_DMA && MMU && !COLDFIRE
- select ARCH_HAS_SYNC_DMA_FOR_DEVICE if HAS_DMA
-diff --git a/arch/m68k/include/asm/bugs.h b/arch/m68k/include/asm/bugs.h
-deleted file mode 100644
-index 745530651e0b..000000000000
---- a/arch/m68k/include/asm/bugs.h
-+++ /dev/null
-@@ -1,21 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--/*
-- * include/asm-m68k/bugs.h
-- *
-- * Copyright (C) 1994 Linus Torvalds
-- */
--
--/*
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
-- * Needs:
-- * void check_bugs(void);
-- */
--
--#ifdef CONFIG_MMU
--extern void check_bugs(void); /* in arch/m68k/kernel/setup.c */
--#else
--static void check_bugs(void)
--{
--}
--#endif
-diff --git a/arch/m68k/kernel/setup_mm.c b/arch/m68k/kernel/setup_mm.c
-index fbff1cea62ca..6f1ae01f322c 100644
---- a/arch/m68k/kernel/setup_mm.c
-+++ b/arch/m68k/kernel/setup_mm.c
-@@ -10,6 +10,7 @@
- */
-
- #include <linux/kernel.h>
-+#include <linux/cpu.h>
- #include <linux/mm.h>
- #include <linux/sched.h>
- #include <linux/delay.h>
-@@ -504,7 +505,7 @@ static int __init proc_hardware_init(void)
- module_init(proc_hardware_init);
- #endif
-
--void check_bugs(void)
-+void __init arch_cpu_finalize_init(void)
- {
- #if defined(CONFIG_FPU) && !defined(CONFIG_M68KFPU_EMU)
- if (m68k_fputype == 0) {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:32 +0200
-Subject: [PATCH] mips/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.312438573@linutronix.de
-
-(backported from commit 7f066a22fe353a827a402ee2835e81f045b1574d)
-[cascardo: only removed check_bugs from arch/mips/include/asm/bugs.h]
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 7753934cdd362695ffbc0f1db941ff6d4c72fa96)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/mips/Kconfig | 1 +
- arch/mips/include/asm/bugs.h | 17 -----------------
- arch/mips/kernel/setup.c | 13 +++++++++++++
- 3 files changed, 14 insertions(+), 17 deletions(-)
-
-diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
-index f11dda15aa54..fcf59a375c5b 100644
---- a/arch/mips/Kconfig
-+++ b/arch/mips/Kconfig
-@@ -4,6 +4,7 @@ config MIPS
- default y
- select ARCH_32BIT_OFF_T if !64BIT
- select ARCH_BINFMT_ELF_STATE if MIPS_FP_SUPPORT
-+ select ARCH_HAS_CPU_FINALIZE_INIT
- select ARCH_HAS_CURRENT_STACK_POINTER if !CC_IS_CLANG || CLANG_VERSION >= 140000
- select ARCH_HAS_DEBUG_VIRTUAL if !64BIT
- select ARCH_HAS_FORTIFY_SOURCE
-diff --git a/arch/mips/include/asm/bugs.h b/arch/mips/include/asm/bugs.h
-index d72dc6e1cf3c..8d4cf29861b8 100644
---- a/arch/mips/include/asm/bugs.h
-+++ b/arch/mips/include/asm/bugs.h
-@@ -1,17 +1,11 @@
- /* SPDX-License-Identifier: GPL-2.0 */
- /*
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
- * Copyright (C) 2007 Maciej W. Rozycki
-- *
-- * Needs:
-- * void check_bugs(void);
- */
- #ifndef _ASM_BUGS_H
- #define _ASM_BUGS_H
-
- #include <linux/bug.h>
--#include <linux/delay.h>
- #include <linux/smp.h>
-
- #include <asm/cpu.h>
-@@ -30,17 +24,6 @@ static inline void check_bugs_early(void)
- check_bugs64_early();
- }
-
--static inline void check_bugs(void)
--{
-- unsigned int cpu = smp_processor_id();
--
-- cpu_data[cpu].udelay_val = loops_per_jiffy;
-- check_bugs32();
--
-- if (IS_ENABLED(CONFIG_CPU_R4X00_BUGS64))
-- check_bugs64();
--}
--
- static inline int r4k_daddiu_bug(void)
- {
- if (!IS_ENABLED(CONFIG_CPU_R4X00_BUGS64))
-diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c
-index f1c88f8a1dc5..4d950f666ef6 100644
---- a/arch/mips/kernel/setup.c
-+++ b/arch/mips/kernel/setup.c
-@@ -11,6 +11,8 @@
- * Copyright (C) 2000, 2001, 2002, 2007 Maciej W. Rozycki
- */
- #include <linux/init.h>
-+#include <linux/cpu.h>
-+#include <linux/delay.h>
- #include <linux/ioport.h>
- #include <linux/export.h>
- #include <linux/screen_info.h>
-@@ -839,3 +841,14 @@ static int __init setnocoherentio(char *str)
- }
- early_param("nocoherentio", setnocoherentio);
- #endif
-+
-+void __init arch_cpu_finalize_init(void)
-+{
-+ unsigned int cpu = smp_processor_id();
-+
-+ cpu_data[cpu].udelay_val = loops_per_jiffy;
-+ check_bugs32();
-+
-+ if (IS_ENABLED(CONFIG_CPU_R4X00_BUGS64))
-+ check_bugs64();
-+}
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:33 +0200
-Subject: [PATCH] sh/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.371697797@linutronix.de
-
-(cherry picked from commit 01eb454e9bfe593f320ecbc9aaec60bf87cd453d)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 5228732d7ec3b9d13ee33b613dd3ed9c7f6a4695)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/sh/Kconfig | 1 +
- arch/sh/include/asm/bugs.h | 74 ---------------------------------
- arch/sh/include/asm/processor.h | 2 +
- arch/sh/kernel/idle.c | 1 +
- arch/sh/kernel/setup.c | 55 ++++++++++++++++++++++++
- 5 files changed, 59 insertions(+), 74 deletions(-)
- delete mode 100644 arch/sh/include/asm/bugs.h
-
-diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
-index 101a0d094a66..b0284730e761 100644
---- a/arch/sh/Kconfig
-+++ b/arch/sh/Kconfig
-@@ -7,6 +7,7 @@ config SUPERH
- select ARCH_HAVE_CUSTOM_GPIO_H
- select ARCH_HAVE_NMI_SAFE_CMPXCHG if (GUSA_RB || CPU_SH4A)
- select ARCH_HAS_BINFMT_FLAT if !MMU
-+ select ARCH_HAS_CPU_FINALIZE_INIT
- select ARCH_HAS_CURRENT_STACK_POINTER
- select ARCH_HAS_GIGANTIC_PAGE
- select ARCH_HAS_GCOV_PROFILE_ALL
-diff --git a/arch/sh/include/asm/bugs.h b/arch/sh/include/asm/bugs.h
-deleted file mode 100644
-index fe52abb69cea..000000000000
---- a/arch/sh/include/asm/bugs.h
-+++ /dev/null
-@@ -1,74 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--#ifndef __ASM_SH_BUGS_H
--#define __ASM_SH_BUGS_H
--
--/*
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
-- * Needs:
-- * void check_bugs(void);
-- */
--
--/*
-- * I don't know of any Super-H bugs yet.
-- */
--
--#include <asm/processor.h>
--
--extern void select_idle_routine(void);
--
--static void __init check_bugs(void)
--{
-- extern unsigned long loops_per_jiffy;
-- char *p = &init_utsname()->machine[2]; /* "sh" */
--
-- select_idle_routine();
--
-- current_cpu_data.loops_per_jiffy = loops_per_jiffy;
--
-- switch (current_cpu_data.family) {
-- case CPU_FAMILY_SH2:
-- *p++ = '2';
-- break;
-- case CPU_FAMILY_SH2A:
-- *p++ = '2';
-- *p++ = 'a';
-- break;
-- case CPU_FAMILY_SH3:
-- *p++ = '3';
-- break;
-- case CPU_FAMILY_SH4:
-- *p++ = '4';
-- break;
-- case CPU_FAMILY_SH4A:
-- *p++ = '4';
-- *p++ = 'a';
-- break;
-- case CPU_FAMILY_SH4AL_DSP:
-- *p++ = '4';
-- *p++ = 'a';
-- *p++ = 'l';
-- *p++ = '-';
-- *p++ = 'd';
-- *p++ = 's';
-- *p++ = 'p';
-- break;
-- case CPU_FAMILY_UNKNOWN:
-- /*
-- * Specifically use CPU_FAMILY_UNKNOWN rather than
-- * default:, so we're able to have the compiler whine
-- * about unhandled enumerations.
-- */
-- break;
-- }
--
-- printk("CPU: %s\n", get_cpu_subtype(¤t_cpu_data));
--
--#ifndef __LITTLE_ENDIAN__
-- /* 'eb' means 'Endian Big' */
-- *p++ = 'e';
-- *p++ = 'b';
--#endif
-- *p = '\0';
--}
--#endif /* __ASM_SH_BUGS_H */
-diff --git a/arch/sh/include/asm/processor.h b/arch/sh/include/asm/processor.h
-index 85a6c1c3c16e..73fba7c922f9 100644
---- a/arch/sh/include/asm/processor.h
-+++ b/arch/sh/include/asm/processor.h
-@@ -166,6 +166,8 @@ extern unsigned int instruction_size(unsigned int insn);
- #define instruction_size(insn) (2)
- #endif
-
-+void select_idle_routine(void);
-+
- #endif /* __ASSEMBLY__ */
-
- #include <asm/processor_32.h>
-diff --git a/arch/sh/kernel/idle.c b/arch/sh/kernel/idle.c
-index f59814983bd5..a80b2a5b25c7 100644
---- a/arch/sh/kernel/idle.c
-+++ b/arch/sh/kernel/idle.c
-@@ -14,6 +14,7 @@
- #include <linux/irqflags.h>
- #include <linux/smp.h>
- #include <linux/atomic.h>
-+#include <asm/processor.h>
- #include <asm/smp.h>
- #include <asm/bl_bit.h>
-
-diff --git a/arch/sh/kernel/setup.c b/arch/sh/kernel/setup.c
-index af977ec4ca5e..cf7c0f72f293 100644
---- a/arch/sh/kernel/setup.c
-+++ b/arch/sh/kernel/setup.c
-@@ -43,6 +43,7 @@
- #include <asm/smp.h>
- #include <asm/mmu_context.h>
- #include <asm/mmzone.h>
-+#include <asm/processor.h>
- #include <asm/sparsemem.h>
- #include <asm/platform_early.h>
-
-@@ -354,3 +355,57 @@ int test_mode_pin(int pin)
- {
- return sh_mv.mv_mode_pins() & pin;
- }
-+
-+void __init arch_cpu_finalize_init(void)
-+{
-+ char *p = &init_utsname()->machine[2]; /* "sh" */
-+
-+ select_idle_routine();
-+
-+ current_cpu_data.loops_per_jiffy = loops_per_jiffy;
-+
-+ switch (current_cpu_data.family) {
-+ case CPU_FAMILY_SH2:
-+ *p++ = '2';
-+ break;
-+ case CPU_FAMILY_SH2A:
-+ *p++ = '2';
-+ *p++ = 'a';
-+ break;
-+ case CPU_FAMILY_SH3:
-+ *p++ = '3';
-+ break;
-+ case CPU_FAMILY_SH4:
-+ *p++ = '4';
-+ break;
-+ case CPU_FAMILY_SH4A:
-+ *p++ = '4';
-+ *p++ = 'a';
-+ break;
-+ case CPU_FAMILY_SH4AL_DSP:
-+ *p++ = '4';
-+ *p++ = 'a';
-+ *p++ = 'l';
-+ *p++ = '-';
-+ *p++ = 'd';
-+ *p++ = 's';
-+ *p++ = 'p';
-+ break;
-+ case CPU_FAMILY_UNKNOWN:
-+ /*
-+ * Specifically use CPU_FAMILY_UNKNOWN rather than
-+ * default:, so we're able to have the compiler whine
-+ * about unhandled enumerations.
-+ */
-+ break;
-+ }
-+
-+ pr_info("CPU: %s\n", get_cpu_subtype(¤t_cpu_data));
-+
-+#ifndef __LITTLE_ENDIAN__
-+ /* 'eb' means 'Endian Big' */
-+ *p++ = 'e';
-+ *p++ = 'b';
-+#endif
-+ *p = '\0';
-+}
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:35 +0200
-Subject: [PATCH] sparc/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
-Link: https://lore.kernel.org/r/20230613224545.431995857@linutronix.de
-
-(cherry picked from commit 44ade508e3bfac45ae97864587de29eb1a881ec0)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 5f02f99c6d6fd4f2c7b77f6d01bac14cc6fae2f6)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/sparc/Kconfig | 1 +
- arch/sparc/include/asm/bugs.h | 18 ------------------
- arch/sparc/kernel/setup_32.c | 7 +++++++
- 3 files changed, 8 insertions(+), 18 deletions(-)
- delete mode 100644 arch/sparc/include/asm/bugs.h
-
-diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
-index dbb1760cbe8c..b67d96e3392e 100644
---- a/arch/sparc/Kconfig
-+++ b/arch/sparc/Kconfig
-@@ -51,6 +51,7 @@ config SPARC
- config SPARC32
- def_bool !64BIT
- select ARCH_32BIT_OFF_T
-+ select ARCH_HAS_CPU_FINALIZE_INIT if !SMP
- select ARCH_HAS_SYNC_DMA_FOR_CPU
- select CLZ_TAB
- select DMA_DIRECT_REMAP
-diff --git a/arch/sparc/include/asm/bugs.h b/arch/sparc/include/asm/bugs.h
-deleted file mode 100644
-index 02fa369b9c21..000000000000
---- a/arch/sparc/include/asm/bugs.h
-+++ /dev/null
-@@ -1,18 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--/* include/asm/bugs.h: Sparc probes for various bugs.
-- *
-- * Copyright (C) 1996, 2007 David S. Miller (davem@davemloft.net)
-- */
--
--#ifdef CONFIG_SPARC32
--#include <asm/cpudata.h>
--#endif
--
--extern unsigned long loops_per_jiffy;
--
--static void __init check_bugs(void)
--{
--#if defined(CONFIG_SPARC32) && !defined(CONFIG_SMP)
-- cpu_data(0).udelay_val = loops_per_jiffy;
--#endif
--}
-diff --git a/arch/sparc/kernel/setup_32.c b/arch/sparc/kernel/setup_32.c
-index c8e0dd99f370..c9d1ba4f311b 100644
---- a/arch/sparc/kernel/setup_32.c
-+++ b/arch/sparc/kernel/setup_32.c
-@@ -412,3 +412,10 @@ static int __init topology_init(void)
- }
-
- subsys_initcall(topology_init);
-+
-+#if defined(CONFIG_SPARC32) && !defined(CONFIG_SMP)
-+void __init arch_cpu_finalize_init(void)
-+{
-+ cpu_data(0).udelay_val = loops_per_jiffy;
-+}
-+#endif
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:36 +0200
-Subject: [PATCH] um/cpu: Switch to arch_cpu_finalize_init()
-
-check_bugs() is about to be phased out. Switch over to the new
-arch_cpu_finalize_init() implementation.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Acked-by: Richard Weinberger <richard@nod.at>
-Link: https://lore.kernel.org/r/20230613224545.493148694@linutronix.de
-
-(cherry picked from commit 9349b5cd0908f8afe95529fc7a8cbb1417df9b0c)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 37d44a1fca2e73fabeaf042a5bcdff3bd8e03224)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/um/Kconfig | 1 +
- arch/um/include/asm/bugs.h | 7 -------
- arch/um/kernel/um_arch.c | 3 ++-
- 3 files changed, 3 insertions(+), 8 deletions(-)
- delete mode 100644 arch/um/include/asm/bugs.h
-
-diff --git a/arch/um/Kconfig b/arch/um/Kconfig
-index ad4ff3b0e91e..82709bc36df7 100644
---- a/arch/um/Kconfig
-+++ b/arch/um/Kconfig
-@@ -6,6 +6,7 @@ config UML
- bool
- default y
- select ARCH_EPHEMERAL_INODES
-+ select ARCH_HAS_CPU_FINALIZE_INIT
- select ARCH_HAS_FORTIFY_SOURCE
- select ARCH_HAS_GCOV_PROFILE_ALL
- select ARCH_HAS_KCOV
-diff --git a/arch/um/include/asm/bugs.h b/arch/um/include/asm/bugs.h
-deleted file mode 100644
-index 4473942a0839..000000000000
---- a/arch/um/include/asm/bugs.h
-+++ /dev/null
-@@ -1,7 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--#ifndef __UM_BUGS_H
--#define __UM_BUGS_H
--
--void check_bugs(void);
--
--#endif
-diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c
-index 786b44dc20c9..664f477fe084 100644
---- a/arch/um/kernel/um_arch.c
-+++ b/arch/um/kernel/um_arch.c
-@@ -3,6 +3,7 @@
- * Copyright (C) 2000 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
- */
-
-+#include <linux/cpu.h>
- #include <linux/delay.h>
- #include <linux/init.h>
- #include <linux/mm.h>
-@@ -426,7 +427,7 @@ void __init setup_arch(char **cmdline_p)
- }
- }
-
--void __init check_bugs(void)
-+void __init arch_cpu_finalize_init(void)
- {
- arch_check_bugs();
- os_check_bugs();
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:38 +0200
-Subject: [PATCH] init: Remove check_bugs() leftovers
-
-Everything is converted over to arch_cpu_finalize_init(). Remove the
-check_bugs() leftovers including the empty stubs in asm-generic, alpha,
-parisc, powerpc and xtensa.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Link: https://lore.kernel.org/r/20230613224545.553215951@linutronix.de
-
-(cherry picked from commit 61235b24b9cb37c13fcad5b9596d59a1afdcec30)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit f6914d2bea4df361881adc56f02dde9bddfa1b0a)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/alpha/include/asm/bugs.h | 20 --------------------
- arch/parisc/include/asm/bugs.h | 20 --------------------
- arch/powerpc/include/asm/bugs.h | 15 ---------------
- arch/xtensa/include/asm/bugs.h | 18 ------------------
- include/asm-generic/bugs.h | 11 -----------
- init/main.c | 5 -----
- 6 files changed, 89 deletions(-)
- delete mode 100644 arch/alpha/include/asm/bugs.h
- delete mode 100644 arch/parisc/include/asm/bugs.h
- delete mode 100644 arch/powerpc/include/asm/bugs.h
- delete mode 100644 arch/xtensa/include/asm/bugs.h
- delete mode 100644 include/asm-generic/bugs.h
-
-diff --git a/arch/alpha/include/asm/bugs.h b/arch/alpha/include/asm/bugs.h
-deleted file mode 100644
-index 78030d1c7e7e..000000000000
---- a/arch/alpha/include/asm/bugs.h
-+++ /dev/null
-@@ -1,20 +0,0 @@
--/*
-- * include/asm-alpha/bugs.h
-- *
-- * Copyright (C) 1994 Linus Torvalds
-- */
--
--/*
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
-- * Needs:
-- * void check_bugs(void);
-- */
--
--/*
-- * I don't know of any alpha bugs yet.. Nice chip
-- */
--
--static void check_bugs(void)
--{
--}
-diff --git a/arch/parisc/include/asm/bugs.h b/arch/parisc/include/asm/bugs.h
-deleted file mode 100644
-index 0a7f9db6bd1c..000000000000
---- a/arch/parisc/include/asm/bugs.h
-+++ /dev/null
-@@ -1,20 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--/*
-- * include/asm-parisc/bugs.h
-- *
-- * Copyright (C) 1999 Mike Shaver
-- */
--
--/*
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
-- * Needs:
-- * void check_bugs(void);
-- */
--
--#include <asm/processor.h>
--
--static inline void check_bugs(void)
--{
--// identify_cpu(&boot_cpu_data);
--}
-diff --git a/arch/powerpc/include/asm/bugs.h b/arch/powerpc/include/asm/bugs.h
-deleted file mode 100644
-index 01b8f6ca4dbb..000000000000
---- a/arch/powerpc/include/asm/bugs.h
-+++ /dev/null
-@@ -1,15 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0-or-later */
--#ifndef _ASM_POWERPC_BUGS_H
--#define _ASM_POWERPC_BUGS_H
--
--/*
-- */
--
--/*
-- * This file is included by 'init/main.c' to check for
-- * architecture-dependent bugs.
-- */
--
--static inline void check_bugs(void) { }
--
--#endif /* _ASM_POWERPC_BUGS_H */
-diff --git a/arch/xtensa/include/asm/bugs.h b/arch/xtensa/include/asm/bugs.h
-deleted file mode 100644
-index 69b29d198249..000000000000
---- a/arch/xtensa/include/asm/bugs.h
-+++ /dev/null
-@@ -1,18 +0,0 @@
--/*
-- * include/asm-xtensa/bugs.h
-- *
-- * This is included by init/main.c to check for architecture-dependent bugs.
-- *
-- * Xtensa processors don't have any bugs. :)
-- *
-- * This file is subject to the terms and conditions of the GNU General
-- * Public License. See the file "COPYING" in the main directory of
-- * this archive for more details.
-- */
--
--#ifndef _XTENSA_BUGS_H
--#define _XTENSA_BUGS_H
--
--static void check_bugs(void) { }
--
--#endif /* _XTENSA_BUGS_H */
-diff --git a/include/asm-generic/bugs.h b/include/asm-generic/bugs.h
-deleted file mode 100644
-index 69021830f078..000000000000
---- a/include/asm-generic/bugs.h
-+++ /dev/null
-@@ -1,11 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--#ifndef __ASM_GENERIC_BUGS_H
--#define __ASM_GENERIC_BUGS_H
--/*
-- * This file is included by 'init/main.c' to check for
-- * architecture-dependent bugs.
-- */
--
--static inline void check_bugs(void) { }
--
--#endif /* __ASM_GENERIC_BUGS_H */
-diff --git a/init/main.c b/init/main.c
-index e39055c8698f..0370df27746f 100644
---- a/init/main.c
-+++ b/init/main.c
-@@ -104,7 +104,6 @@
- #include <net/net_namespace.h>
-
- #include <asm/io.h>
--#include <asm/bugs.h>
- #include <asm/setup.h>
- #include <asm/sections.h>
- #include <asm/cacheflush.h>
-@@ -1139,10 +1138,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
- delayacct_init();
-
- arch_cpu_finalize_init();
-- /* Temporary conditional until everything has been converted */
--#ifndef CONFIG_ARCH_HAS_CPU_FINALIZE_INIT
-- check_bugs();
--#endif
-
- acpi_subsystem_init();
- arch_post_acpi_subsys_init();
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:39 +0200
-Subject: [PATCH] init: Invoke arch_cpu_finalize_init() earlier
-
-X86 is reworking the boot process so that initializations which are not
-required during early boot can be moved into the late boot process and out
-of the fragile and restricted initial boot phase.
-
-arch_cpu_finalize_init() is the obvious place to do such initializations,
-but arch_cpu_finalize_init() is invoked too late in start_kernel() e.g. for
-initializing the FPU completely. fork_init() requires that the FPU is
-initialized as the size of task_struct on X86 depends on the size of the
-required FPU register buffer.
-
-Fortunately none of the init calls between calibrate_delay() and
-arch_cpu_finalize_init() is relevant for the functionality of
-arch_cpu_finalize_init().
-
-Invoke it right after calibrate_delay() where everything which is relevant
-for arch_cpu_finalize_init() has been set up already.
-
-No functional change intended.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
-Link: https://lore.kernel.org/r/20230613224545.612182854@linutronix.de
-
-(backported from commit 9df9d2f0471b4c4702670380b8d8a45b40b23a7d)
-[cascardo: fixed conflict due to call to mem_encrypt_init]
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 919915fc47211940789c8bde231b2f15d1b8d427)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- init/main.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/init/main.c b/init/main.c
-index 0370df27746f..967584e8c3af 100644
---- a/init/main.c
-+++ b/init/main.c
-@@ -1111,6 +1111,9 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
- late_time_init();
- sched_clock_init();
- calibrate_delay();
-+
-+ arch_cpu_finalize_init();
-+
- pid_idr_init();
- anon_vma_init();
- #ifdef CONFIG_X86
-@@ -1137,8 +1140,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
- taskstats_init_early();
- delayacct_init();
-
-- arch_cpu_finalize_init();
--
- acpi_subsystem_init();
- arch_post_acpi_subsys_init();
- kcsan_init();
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:41 +0200
-Subject: [PATCH] init, x86: Move mem_encrypt_init() into
- arch_cpu_finalize_init()
-
-Invoke the X86ism mem_encrypt_init() from X86 arch_cpu_finalize_init() and
-remove the weak fallback from the core code.
-
-No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.670360645@linutronix.de
-
-(backported from commit 439e17576eb47f26b78c5bbc72e344d4206d2327)
-[cascardo: really remove mem_encrypt_init from init/main.c]
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 439b49f26bc9ee74a3ac4b356c12d41f68c49cbd)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/include/asm/mem_encrypt.h | 7 ++++---
- arch/x86/kernel/cpu/common.c | 11 +++++++++++
- init/main.c | 11 -----------
- 3 files changed, 15 insertions(+), 14 deletions(-)
-
-diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
-index 72ca90552b6a..a95914f479b8 100644
---- a/arch/x86/include/asm/mem_encrypt.h
-+++ b/arch/x86/include/asm/mem_encrypt.h
-@@ -51,6 +51,8 @@ void __init mem_encrypt_free_decrypted_mem(void);
-
- void __init sev_es_init_vc_handling(void);
-
-+void __init mem_encrypt_init(void);
-+
- #define __bss_decrypted __section(".bss..decrypted")
-
- #else /* !CONFIG_AMD_MEM_ENCRYPT */
-@@ -82,13 +84,12 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}
-
- static inline void mem_encrypt_free_decrypted_mem(void) { }
-
-+static inline void mem_encrypt_init(void) { }
-+
- #define __bss_decrypted
-
- #endif /* CONFIG_AMD_MEM_ENCRYPT */
-
--/* Architecture __weak replacement functions */
--void __init mem_encrypt_init(void);
--
- void add_encrypt_protection_map(void);
-
- /*
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 0f32ecfbdeb1..637817d0d819 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -18,6 +18,7 @@
- #include <linux/init.h>
- #include <linux/kprobes.h>
- #include <linux/kgdb.h>
-+#include <linux/mem_encrypt.h>
- #include <linux/smp.h>
- #include <linux/cpu.h>
- #include <linux/io.h>
-@@ -2412,4 +2413,14 @@ void __init arch_cpu_finalize_init(void)
- } else {
- fpu__init_check_bugs();
- }
-+
-+ /*
-+ * This needs to be called before any devices perform DMA
-+ * operations that might use the SWIOTLB bounce buffers. It will
-+ * mark the bounce buffers as decrypted so that their usage will
-+ * not cause "plain-text" data to be decrypted when accessed. It
-+ * must be called after late_time_init() so that Hyper-V x86/x64
-+ * hypercalls work when the SWIOTLB bounce buffers are decrypted.
-+ */
-+ mem_encrypt_init();
- }
-diff --git a/init/main.c b/init/main.c
-index 967584e8c3af..7533b4da4fb2 100644
---- a/init/main.c
-+++ b/init/main.c
-@@ -96,7 +96,6 @@
- #include <linux/cache.h>
- #include <linux/rodata_test.h>
- #include <linux/jump_label.h>
--#include <linux/mem_encrypt.h>
- #include <linux/kcsan.h>
- #include <linux/init_syscalls.h>
- #include <linux/stackdepot.h>
-@@ -783,8 +782,6 @@ void __init __weak thread_stack_cache_init(void)
- }
- #endif
-
--void __init __weak mem_encrypt_init(void) { }
--
- void __init __weak poking_init(void) { }
-
- void __init __weak pgtable_cache_init(void) { }
-@@ -1087,14 +1084,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
- */
- locking_selftest();
-
-- /*
-- * This needs to be called before any devices perform DMA
-- * operations that might use the SWIOTLB bounce buffers. It will
-- * mark the bounce buffers as decrypted so that their usage will
-- * not cause "plain-text" data to be decrypted when accessed.
-- */
-- mem_encrypt_init();
--
- #ifdef CONFIG_BLK_DEV_INITRD
- if (initrd_start && !initrd_below_start_ok &&
- page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:42 +0200
-Subject: [PATCH] x86/init: Initialize signal frame size late
-
-No point in doing this during really early boot. Move it to an early
-initcall so that it is set up before possible user mode helpers are started
-during device initialization.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.727330699@linutronix.de
-
-(cherry picked from commit 54d9a91a3d6713d1332e93be13b4eaf0fa54349d)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit cae51198acf57beecfe60bd11710d15b0f0a2856)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/include/asm/sigframe.h | 2 --
- arch/x86/kernel/cpu/common.c | 3 ---
- arch/x86/kernel/signal.c | 4 +++-
- 3 files changed, 3 insertions(+), 6 deletions(-)
-
-diff --git a/arch/x86/include/asm/sigframe.h b/arch/x86/include/asm/sigframe.h
-index 5b1ed650b124..84eab2724875 100644
---- a/arch/x86/include/asm/sigframe.h
-+++ b/arch/x86/include/asm/sigframe.h
-@@ -85,6 +85,4 @@ struct rt_sigframe_x32 {
-
- #endif /* CONFIG_X86_64 */
-
--void __init init_sigframe_size(void);
--
- #endif /* _ASM_X86_SIGFRAME_H */
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 637817d0d819..256083661fb2 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -64,7 +64,6 @@
- #include <asm/cpu_device_id.h>
- #include <asm/uv/uv.h>
- #include <asm/set_memory.h>
--#include <asm/sigframe.h>
- #include <asm/traps.h>
- #include <asm/sev.h>
-
-@@ -1599,8 +1598,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
-
- fpu__init_system(c);
-
-- init_sigframe_size();
--
- #ifdef CONFIG_X86_32
- /*
- * Regardless of whether PCID is enumerated, the SDM says
-diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 004cb30b7419..cfeec3ee877e 100644
---- a/arch/x86/kernel/signal.c
-+++ b/arch/x86/kernel/signal.c
-@@ -182,7 +182,7 @@ get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size,
- static unsigned long __ro_after_init max_frame_size;
- static unsigned int __ro_after_init fpu_default_state_size;
-
--void __init init_sigframe_size(void)
-+static int __init init_sigframe_size(void)
- {
- fpu_default_state_size = fpu__get_fpstate_size();
-
-@@ -194,7 +194,9 @@ void __init init_sigframe_size(void)
- max_frame_size = round_up(max_frame_size, FRAME_ALIGNMENT);
-
- pr_info("max sigframe size: %lu\n", max_frame_size);
-+ return 0;
- }
-+early_initcall(init_sigframe_size);
-
- unsigned long get_sigframe_size(void)
- {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:43 +0200
-Subject: [PATCH] x86/fpu: Remove cpuinfo argument from init functions
-
-Nothing in the call chain requires it
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.783704297@linutronix.de
-
-(cherry picked from commit 1f34bb2a24643e0087652d81078e4f616562738d)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit df2f3fc430e187551eb4aaa14aa21640d7ef44ca)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/include/asm/fpu/api.h | 2 +-
- arch/x86/kernel/cpu/common.c | 2 +-
- arch/x86/kernel/fpu/init.c | 6 +++---
- 3 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h
-index 503a577814b2..b475d9a582b8 100644
---- a/arch/x86/include/asm/fpu/api.h
-+++ b/arch/x86/include/asm/fpu/api.h
-@@ -109,7 +109,7 @@ extern void fpu_reset_from_exception_fixup(void);
-
- /* Boot, hotplug and resume */
- extern void fpu__init_cpu(void);
--extern void fpu__init_system(struct cpuinfo_x86 *c);
-+extern void fpu__init_system(void);
- extern void fpu__init_check_bugs(void);
- extern void fpu__resume_cpu(void);
-
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 256083661fb2..794eb851cb0d 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -1596,7 +1596,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
-
- sld_setup(c);
-
-- fpu__init_system(c);
-+ fpu__init_system();
-
- #ifdef CONFIG_X86_32
- /*
-diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
-index 851eb13edc01..5001df943828 100644
---- a/arch/x86/kernel/fpu/init.c
-+++ b/arch/x86/kernel/fpu/init.c
-@@ -71,7 +71,7 @@ static bool fpu__probe_without_cpuid(void)
- return fsw == 0 && (fcw & 0x103f) == 0x003f;
- }
-
--static void fpu__init_system_early_generic(struct cpuinfo_x86 *c)
-+static void fpu__init_system_early_generic(void)
- {
- if (!boot_cpu_has(X86_FEATURE_CPUID) &&
- !test_bit(X86_FEATURE_FPU, (unsigned long *)cpu_caps_cleared)) {
-@@ -211,10 +211,10 @@ static void __init fpu__init_system_xstate_size_legacy(void)
- * Called on the boot CPU once per system bootup, to set up the initial
- * FPU state that is later cloned into all processes:
- */
--void __init fpu__init_system(struct cpuinfo_x86 *c)
-+void __init fpu__init_system(void)
- {
- fpstate_reset(¤t->thread.fpu);
-- fpu__init_system_early_generic(c);
-+ fpu__init_system_early_generic();
-
- /*
- * The FPU has to be operational for some of the
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:45 +0200
-Subject: [PATCH] x86/fpu: Mark init functions __init
-
-No point in keeping them around.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.841685728@linutronix.de
-
-(cherry picked from commit 1703db2b90c91b2eb2d699519fc505fe431dde0e)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 368569c00f730c2f530d3d5431fd3fe8ca81cba3)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/kernel/fpu/init.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
-index 5001df943828..998a08f17e33 100644
---- a/arch/x86/kernel/fpu/init.c
-+++ b/arch/x86/kernel/fpu/init.c
-@@ -53,7 +53,7 @@ void fpu__init_cpu(void)
- fpu__init_cpu_xstate();
- }
-
--static bool fpu__probe_without_cpuid(void)
-+static bool __init fpu__probe_without_cpuid(void)
- {
- unsigned long cr0;
- u16 fsw, fcw;
-@@ -71,7 +71,7 @@ static bool fpu__probe_without_cpuid(void)
- return fsw == 0 && (fcw & 0x103f) == 0x003f;
- }
-
--static void fpu__init_system_early_generic(void)
-+static void __init fpu__init_system_early_generic(void)
- {
- if (!boot_cpu_has(X86_FEATURE_CPUID) &&
- !test_bit(X86_FEATURE_FPU, (unsigned long *)cpu_caps_cleared)) {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 14 Jun 2023 01:39:46 +0200
-Subject: [PATCH] x86/fpu: Move FPU initialization into
- arch_cpu_finalize_init()
-
-Initializing the FPU during the early boot process is a pointless
-exercise. Early boot is convoluted and fragile enough.
-
-Nothing requires that the FPU is set up early. It has to be initialized
-before fork_init() because the task_struct size depends on the FPU register
-buffer size.
-
-Move the initialization to arch_cpu_finalize_init() which is the perfect
-place to do so.
-
-No functional change.
-
-This allows to remove quite some of the custom early command line parsing,
-but that's subject to the next installment.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230613224545.902376621@linutronix.de
-
-(cherry picked from commit b81fac906a8f9e682e513ddd95697ec7a20878d4)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 010f3814ec351195c9d0a9a408798f9c66fdb906)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/kernel/cpu/common.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 794eb851cb0d..9b53d1cb424d 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -1596,8 +1596,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
-
- sld_setup(c);
-
-- fpu__init_system();
--
- #ifdef CONFIG_X86_32
- /*
- * Regardless of whether PCID is enumerated, the SDM says
-@@ -2283,8 +2281,6 @@ void cpu_init(void)
-
- doublefault_init_cpu_tss();
-
-- fpu__init_cpu();
--
- if (is_uv_system())
- uv_cpu_init();
-
-@@ -2300,6 +2296,7 @@ void cpu_init_secondary(void)
- */
- cpu_init_exception_handling();
- cpu_init();
-+ fpu__init_cpu();
- }
- #endif
-
-@@ -2394,6 +2391,13 @@ void __init arch_cpu_finalize_init(void)
- '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
- }
-
-+ /*
-+ * Must be before alternatives because it might set or clear
-+ * feature bits.
-+ */
-+ fpu__init_system();
-+ fpu__init_cpu();
-+
- alternative_instructions();
-
- if (IS_ENABLED(CONFIG_X86_64)) {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Fri, 16 Jun 2023 22:15:31 +0200
-Subject: [PATCH] x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
-
-Moving mem_encrypt_init() broke the AMD_MEM_ENCRYPT=n because the
-declaration of that function was under #ifdef CONFIG_AMD_MEM_ENCRYPT and
-the obvious placement for the inline stub was the #else path.
-
-This is a leftover of commit 20f07a044a76 ("x86/sev: Move common memory
-encryption code to mem_encrypt.c") which made mem_encrypt_init() depend on
-X86_MEM_ENCRYPT without moving the prototype. That did not fail back then
-because there was no stub inline as the core init code had a weak function.
-
-Move both the declaration and the stub out of the CONFIG_AMD_MEM_ENCRYPT
-section and guard it with CONFIG_X86_MEM_ENCRYPT.
-
-Fixes: 439e17576eb4 ("init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()")
-Reported-by: kernel test robot <lkp@intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Closes: https://lore.kernel.org/oe-kbuild-all/202306170247.eQtCJPE8-lkp@intel.com/
-
-(cherry picked from commit 0a9567ac5e6a40cdd9c8cd15b19a62a15250f450)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 305ba9053fdf1503a6717e3a96a7d9e0cd48ef15)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/include/asm/mem_encrypt.h | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
-index a95914f479b8..8f513372cd8d 100644
---- a/arch/x86/include/asm/mem_encrypt.h
-+++ b/arch/x86/include/asm/mem_encrypt.h
-@@ -17,6 +17,12 @@
-
- #include <asm/bootparam.h>
-
-+#ifdef CONFIG_X86_MEM_ENCRYPT
-+void __init mem_encrypt_init(void);
-+#else
-+static inline void mem_encrypt_init(void) { }
-+#endif
-+
- #ifdef CONFIG_AMD_MEM_ENCRYPT
-
- extern u64 sme_me_mask;
-@@ -51,8 +57,6 @@ void __init mem_encrypt_free_decrypted_mem(void);
-
- void __init sev_es_init_vc_handling(void);
-
--void __init mem_encrypt_init(void);
--
- #define __bss_decrypted __section(".bss..decrypted")
-
- #else /* !CONFIG_AMD_MEM_ENCRYPT */
-@@ -84,8 +88,6 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}
-
- static inline void mem_encrypt_free_decrypted_mem(void) { }
-
--static inline void mem_encrypt_init(void) { }
--
- #define __bss_decrypted
-
- #endif /* CONFIG_AMD_MEM_ENCRYPT */
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Juergen Gross <jgross@suse.com>
-Date: Mon, 3 Jul 2023 15:00:32 +0200
-Subject: [PATCH] x86/xen: Fix secondary processors' FPU initialization
-
-Moving the call of fpu__init_cpu() from cpu_init() to start_secondary()
-broke Xen PV guests, as those don't call start_secondary() for APs.
-
-Call fpu__init_cpu() in Xen's cpu_bringup(), which is the Xen PV
-replacement of start_secondary().
-
-Fixes: b81fac906a8f ("x86/fpu: Move FPU initialization into arch_cpu_finalize_init()")
-Signed-off-by: Juergen Gross <jgross@suse.com>
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
-Acked-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lore.kernel.org/r/20230703130032.22916-1-jgross@suse.com
-
-(cherry picked from commit fe3e0a13e597c1c8617814bf9b42ab732db5c26e)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 96617ee9a5943f6c58fa503257e18b191e84d117)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/xen/smp_pv.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
-index 6175f2c5c822..e97bab7b0010 100644
---- a/arch/x86/xen/smp_pv.c
-+++ b/arch/x86/xen/smp_pv.c
-@@ -63,6 +63,7 @@ static void cpu_bringup(void)
-
- cr4_init();
- cpu_init();
-+ fpu__init_cpu();
- touch_softlockup_watchdog();
-
- /* PVH runs in ring 0 and allows us to do native syscalls. Yay! */
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Date: Wed, 12 Jul 2023 19:43:11 -0700
-Subject: [PATCH] x86/speculation: Add Gather Data Sampling mitigation
-
-Gather Data Sampling (GDS) is a hardware vulnerability which allows
-unprivileged speculative access to data which was previously stored in
-vector registers.
-
-Intel processors that support AVX2 and AVX512 have gather instructions
-that fetch non-contiguous data elements from memory. On vulnerable
-hardware, when a gather instruction is transiently executed and
-encounters a fault, stale data from architectural or internal vector
-registers may get transiently stored to the destination vector
-register allowing an attacker to infer the stale data using typical
-side channel techniques like cache timing attacks.
-
-This mitigation is different from many earlier ones for two reasons.
-First, it is enabled by default and a bit must be set to *DISABLE* it.
-This is the opposite of normal mitigation polarity. This means GDS can
-be mitigated simply by updating microcode and leaving the new control
-bit alone.
-
-Second, GDS has a "lock" bit. This lock bit is there because the
-mitigation affects the hardware security features KeyLocker and SGX.
-It needs to be enabled and *STAY* enabled for these features to be
-mitigated against GDS.
-
-The mitigation is enabled in the microcode by default. Disable it by
-setting gather_data_sampling=off or by disabling all mitigations with
-mitigations=off. The mitigation status can be checked by reading:
-
- /sys/devices/system/cpu/vulnerabilities/gather_data_sampling
-
-Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
-
-(cherry picked from commit 8974eb588283b7d44a7c91fa09fcbaf380339f3a)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit a82fd9ff16b574fc42677c7b5f9e05b2f965d709)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- .../ABI/testing/sysfs-devices-system-cpu | 13 +-
- .../hw-vuln/gather_data_sampling.rst | 99 ++++++++++++++
- Documentation/admin-guide/hw-vuln/index.rst | 1 +
- .../admin-guide/kernel-parameters.txt | 41 ++++--
- arch/x86/include/asm/cpufeatures.h | 1 +
- arch/x86/include/asm/msr-index.h | 11 ++
- arch/x86/kernel/cpu/bugs.c | 129 ++++++++++++++++++
- arch/x86/kernel/cpu/common.c | 34 +++--
- arch/x86/kernel/cpu/cpu.h | 1 +
- drivers/base/cpu.c | 8 ++
- 10 files changed, 310 insertions(+), 28 deletions(-)
- create mode 100644 Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-
-diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
-index f54867cadb0f..13c01b641dc7 100644
---- a/Documentation/ABI/testing/sysfs-devices-system-cpu
-+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
-@@ -513,17 +513,18 @@ Description: information about CPUs heterogeneity.
- cpu_capacity: capacity of cpuX.
-
- What: /sys/devices/system/cpu/vulnerabilities
-+ /sys/devices/system/cpu/vulnerabilities/gather_data_sampling
-+ /sys/devices/system/cpu/vulnerabilities/itlb_multihit
-+ /sys/devices/system/cpu/vulnerabilities/l1tf
-+ /sys/devices/system/cpu/vulnerabilities/mds
- /sys/devices/system/cpu/vulnerabilities/meltdown
-+ /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
-+ /sys/devices/system/cpu/vulnerabilities/retbleed
-+ /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
- /sys/devices/system/cpu/vulnerabilities/spectre_v1
- /sys/devices/system/cpu/vulnerabilities/spectre_v2
-- /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
-- /sys/devices/system/cpu/vulnerabilities/l1tf
-- /sys/devices/system/cpu/vulnerabilities/mds
- /sys/devices/system/cpu/vulnerabilities/srbds
- /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
-- /sys/devices/system/cpu/vulnerabilities/itlb_multihit
-- /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
-- /sys/devices/system/cpu/vulnerabilities/retbleed
- Date: January 2018
- Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
- Description: Information about CPU vulnerabilities
-diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-new file mode 100644
-index 000000000000..74dab6af7fe1
---- /dev/null
-+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-@@ -0,0 +1,99 @@
-+.. SPDX-License-Identifier: GPL-2.0
-+
-+GDS - Gather Data Sampling
-+==========================
-+
-+Gather Data Sampling is a hardware vulnerability which allows unprivileged
-+speculative access to data which was previously stored in vector registers.
-+
-+Problem
-+-------
-+When a gather instruction performs loads from memory, different data elements
-+are merged into the destination vector register. However, when a gather
-+instruction that is transiently executed encounters a fault, stale data from
-+architectural or internal vector registers may get transiently forwarded to the
-+destination vector register instead. This will allow a malicious attacker to
-+infer stale data using typical side channel techniques like cache timing
-+attacks. GDS is a purely sampling-based attack.
-+
-+The attacker uses gather instructions to infer the stale vector register data.
-+The victim does not need to do anything special other than use the vector
-+registers. The victim does not need to use gather instructions to be
-+vulnerable.
-+
-+Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
-+are possible.
-+
-+Attack scenarios
-+----------------
-+Without mitigation, GDS can infer stale data across virtually all
-+permission boundaries:
-+
-+ Non-enclaves can infer SGX enclave data
-+ Userspace can infer kernel data
-+ Guests can infer data from hosts
-+ Guest can infer guest from other guests
-+ Users can infer data from other users
-+
-+Because of this, it is important to ensure that the mitigation stays enabled in
-+lower-privilege contexts like guests and when running outside SGX enclaves.
-+
-+The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure
-+that guests are not allowed to disable the GDS mitigation. If a host erred and
-+allowed this, a guest could theoretically disable GDS mitigation, mount an
-+attack, and re-enable it.
-+
-+Mitigation mechanism
-+--------------------
-+This issue is mitigated in microcode. The microcode defines the following new
-+bits:
-+
-+ ================================ === ============================
-+ IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability
-+ and mitigation support.
-+ IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable.
-+ IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation
-+ 0 by default.
-+ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes
-+ to GDS_MITG_DIS are ignored
-+ Can't be cleared once set.
-+ ================================ === ============================
-+
-+GDS can also be mitigated on systems that don't have updated microcode by
-+disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel
-+command-line.
-+
-+Mitigation control on the kernel command line
-+---------------------------------------------
-+The mitigation can be disabled by setting "gather_data_sampling=off" or
-+"mitigations=off" on the kernel command line. Not specifying either will
-+default to the mitigation being enabled.
-+
-+GDS System Information
-+------------------------
-+The kernel provides vulnerability status information through sysfs. For
-+GDS this can be accessed by the following sysfs file:
-+
-+/sys/devices/system/cpu/vulnerabilities/gather_data_sampling
-+
-+The possible values contained in this file are:
-+
-+ ============================== =============================================
-+ Not affected Processor not vulnerable.
-+ Vulnerable Processor vulnerable and mitigation disabled.
-+ Vulnerable: No microcode Processor vulnerable and microcode is missing
-+ mitigation.
-+ Mitigation: Microcode Processor is vulnerable and mitigation is in
-+ effect.
-+ Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
-+ effect and cannot be disabled.
-+ Unknown: Dependent on
-+ hypervisor status Running on a virtual guest processor that is
-+ affected but with no way to know if host
-+ processor is mitigated or vulnerable.
-+ ============================== =============================================
-+
-+GDS Default mitigation
-+----------------------
-+The updated microcode will enable the mitigation by default. The kernel's
-+default action is to leave the mitigation enabled.
-diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
-index e0614760a99e..436fac0bd9c3 100644
---- a/Documentation/admin-guide/hw-vuln/index.rst
-+++ b/Documentation/admin-guide/hw-vuln/index.rst
-@@ -19,3 +19,4 @@ are configurable at compile, boot or run time.
- l1d_flush.rst
- processor_mmio_stale_data.rst
- cross-thread-rsb.rst
-+ gather_data_sampling.rst
-diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index c0d8867359bc..380e1e46ffa1 100644
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -1610,6 +1610,20 @@
- Format: off | on
- default: on
-
-+ gather_data_sampling=
-+ [X86,INTEL] Control the Gather Data Sampling (GDS)
-+ mitigation.
-+
-+ Gather Data Sampling is a hardware vulnerability which
-+ allows unprivileged speculative access to data which was
-+ previously stored in vector registers.
-+
-+ This issue is mitigated by default in updated microcode.
-+ The mitigation may have a performance impact but can be
-+ disabled.
-+
-+ off: Disable GDS mitigation.
-+
- gcov_persist= [GCOV] When non-zero (default), profiling data for
- kernel modules is saved and remains accessible via
- debugfs, even when the module is unloaded/reloaded.
-@@ -3245,24 +3259,25 @@
- Disable all optional CPU mitigations. This
- improves system performance, but it may also
- expose users to several CPU vulnerabilities.
-- Equivalent to: nopti [X86,PPC]
-- if nokaslr then kpti=0 [ARM64]
-- nospectre_v1 [X86,PPC]
-- nobp=0 [S390]
-- nospectre_v2 [X86,PPC,S390,ARM64]
-- spectre_v2_user=off [X86]
-- spec_store_bypass_disable=off [X86,PPC]
-- ssbd=force-off [ARM64]
-- nospectre_bhb [ARM64]
-+ Equivalent to: if nokaslr then kpti=0 [ARM64]
-+ gather_data_sampling=off [X86]
-+ kvm.nx_huge_pages=off [X86]
- l1tf=off [X86]
- mds=off [X86]
-- tsx_async_abort=off [X86]
-- kvm.nx_huge_pages=off [X86]
-- srbds=off [X86,INTEL]
-+ mmio_stale_data=off [X86]
- no_entry_flush [PPC]
- no_uaccess_flush [PPC]
-- mmio_stale_data=off [X86]
-+ nobp=0 [S390]
-+ nopti [X86,PPC]
-+ nospectre_bhb [ARM64]
-+ nospectre_v1 [X86,PPC]
-+ nospectre_v2 [X86,PPC,S390,ARM64]
- retbleed=off [X86]
-+ spec_store_bypass_disable=off [X86,PPC]
-+ spectre_v2_user=off [X86]
-+ srbds=off [X86,INTEL]
-+ ssbd=force-off [ARM64]
-+ tsx_async_abort=off [X86]
-
- Exceptions:
- This does not have any effect on
-diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
-index 8f39c46197b8..93f232eb9786 100644
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -467,5 +467,6 @@
- #define X86_BUG_RETBLEED X86_BUG(27) /* CPU is affected by RETBleed */
- #define X86_BUG_EIBRS_PBRSB X86_BUG(28) /* EIBRS is vulnerable to Post Barrier RSB Predictions */
- #define X86_BUG_SMT_RSB X86_BUG(29) /* CPU is vulnerable to Cross-Thread Return Address Predictions */
-+#define X86_BUG_GDS X86_BUG(30) /* CPU is affected by Gather Data Sampling */
-
- #endif /* _ASM_X86_CPUFEATURES_H */
-diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index 52a09dbc2c26..b030a03ca8d6 100644
---- a/arch/x86/include/asm/msr-index.h
-+++ b/arch/x86/include/asm/msr-index.h
-@@ -153,6 +153,15 @@
- * Not susceptible to Post-Barrier
- * Return Stack Buffer Predictions.
- */
-+#define ARCH_CAP_GDS_CTRL BIT(25) /*
-+ * CPU is vulnerable to Gather
-+ * Data Sampling (GDS) and
-+ * has controls for mitigation.
-+ */
-+#define ARCH_CAP_GDS_NO BIT(26) /*
-+ * CPU is not vulnerable to Gather
-+ * Data Sampling (GDS).
-+ */
-
- #define ARCH_CAP_XAPIC_DISABLE BIT(21) /*
- * IA32_XAPIC_DISABLE_STATUS MSR
-@@ -176,6 +185,8 @@
- #define RNGDS_MITG_DIS BIT(0) /* SRBDS support */
- #define RTM_ALLOW BIT(1) /* TSX development mode */
- #define FB_CLEAR_DIS BIT(3) /* CPU Fill buffer clear disable */
-+#define GDS_MITG_DIS BIT(4) /* Disable GDS mitigation */
-+#define GDS_MITG_LOCKED BIT(5) /* GDS mitigation locked */
-
- #define MSR_IA32_SYSENTER_CS 0x00000174
- #define MSR_IA32_SYSENTER_ESP 0x00000175
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index edb670b77294..a1c1c8e4995c 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -46,6 +46,7 @@ static void __init taa_select_mitigation(void);
- static void __init mmio_select_mitigation(void);
- static void __init srbds_select_mitigation(void);
- static void __init l1d_flush_select_mitigation(void);
-+static void __init gds_select_mitigation(void);
-
- /* The base value of the SPEC_CTRL MSR without task-specific bits set */
- u64 x86_spec_ctrl_base;
-@@ -159,6 +160,7 @@ void __init cpu_select_mitigations(void)
- md_clear_select_mitigation();
- srbds_select_mitigation();
- l1d_flush_select_mitigation();
-+ gds_select_mitigation();
- }
-
- /*
-@@ -644,6 +646,120 @@ static int __init l1d_flush_parse_cmdline(char *str)
- }
- early_param("l1d_flush", l1d_flush_parse_cmdline);
-
-+#undef pr_fmt
-+#define pr_fmt(fmt) "GDS: " fmt
-+
-+enum gds_mitigations {
-+ GDS_MITIGATION_OFF,
-+ GDS_MITIGATION_UCODE_NEEDED,
-+ GDS_MITIGATION_FULL,
-+ GDS_MITIGATION_FULL_LOCKED,
-+ GDS_MITIGATION_HYPERVISOR,
-+};
-+
-+static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL;
-+
-+static const char * const gds_strings[] = {
-+ [GDS_MITIGATION_OFF] = "Vulnerable",
-+ [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
-+ [GDS_MITIGATION_FULL] = "Mitigation: Microcode",
-+ [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)",
-+ [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
-+};
-+
-+void update_gds_msr(void)
-+{
-+ u64 mcu_ctrl_after;
-+ u64 mcu_ctrl;
-+
-+ switch (gds_mitigation) {
-+ case GDS_MITIGATION_OFF:
-+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
-+ mcu_ctrl |= GDS_MITG_DIS;
-+ break;
-+ case GDS_MITIGATION_FULL_LOCKED:
-+ /*
-+ * The LOCKED state comes from the boot CPU. APs might not have
-+ * the same state. Make sure the mitigation is enabled on all
-+ * CPUs.
-+ */
-+ case GDS_MITIGATION_FULL:
-+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
-+ mcu_ctrl &= ~GDS_MITG_DIS;
-+ break;
-+ case GDS_MITIGATION_UCODE_NEEDED:
-+ case GDS_MITIGATION_HYPERVISOR:
-+ return;
-+ };
-+
-+ wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
-+
-+ /*
-+ * Check to make sure that the WRMSR value was not ignored. Writes to
-+ * GDS_MITG_DIS will be ignored if this processor is locked but the boot
-+ * processor was not.
-+ */
-+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl_after);
-+ WARN_ON_ONCE(mcu_ctrl != mcu_ctrl_after);
-+}
-+
-+static void __init gds_select_mitigation(void)
-+{
-+ u64 mcu_ctrl;
-+
-+ if (!boot_cpu_has_bug(X86_BUG_GDS))
-+ return;
-+
-+ if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
-+ gds_mitigation = GDS_MITIGATION_HYPERVISOR;
-+ goto out;
-+ }
-+
-+ if (cpu_mitigations_off())
-+ gds_mitigation = GDS_MITIGATION_OFF;
-+ /* Will verify below that mitigation _can_ be disabled */
-+
-+ /* No microcode */
-+ if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) {
-+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
-+ goto out;
-+ }
-+
-+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
-+ if (mcu_ctrl & GDS_MITG_LOCKED) {
-+ if (gds_mitigation == GDS_MITIGATION_OFF)
-+ pr_warn("Mitigation locked. Disable failed.\n");
-+
-+ /*
-+ * The mitigation is selected from the boot CPU. All other CPUs
-+ * _should_ have the same state. If the boot CPU isn't locked
-+ * but others are then update_gds_msr() will WARN() of the state
-+ * mismatch. If the boot CPU is locked update_gds_msr() will
-+ * ensure the other CPUs have the mitigation enabled.
-+ */
-+ gds_mitigation = GDS_MITIGATION_FULL_LOCKED;
-+ }
-+
-+ update_gds_msr();
-+out:
-+ pr_info("%s\n", gds_strings[gds_mitigation]);
-+}
-+
-+static int __init gds_parse_cmdline(char *str)
-+{
-+ if (!str)
-+ return -EINVAL;
-+
-+ if (!boot_cpu_has_bug(X86_BUG_GDS))
-+ return 0;
-+
-+ if (!strcmp(str, "off"))
-+ gds_mitigation = GDS_MITIGATION_OFF;
-+
-+ return 0;
-+}
-+early_param("gather_data_sampling", gds_parse_cmdline);
-+
- #undef pr_fmt
- #define pr_fmt(fmt) "Spectre V1 : " fmt
-
-@@ -2385,6 +2501,11 @@ static ssize_t retbleed_show_state(char *buf)
- return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]);
- }
-
-+static ssize_t gds_show_state(char *buf)
-+{
-+ return sysfs_emit(buf, "%s\n", gds_strings[gds_mitigation]);
-+}
-+
- static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
- char *buf, unsigned int bug)
- {
-@@ -2434,6 +2555,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
- case X86_BUG_RETBLEED:
- return retbleed_show_state(buf);
-
-+ case X86_BUG_GDS:
-+ return gds_show_state(buf);
-+
- default:
- break;
- }
-@@ -2498,4 +2622,9 @@ ssize_t cpu_show_retbleed(struct device *dev, struct device_attribute *attr, cha
- {
- return cpu_show_common(dev, attr, buf, X86_BUG_RETBLEED);
- }
-+
-+ssize_t cpu_show_gds(struct device *dev, struct device_attribute *attr, char *buf)
-+{
-+ return cpu_show_common(dev, attr, buf, X86_BUG_GDS);
-+}
- #endif
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 9b53d1cb424d..d950fb5ac0b4 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -1262,6 +1262,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
- #define RETBLEED BIT(3)
- /* CPU is affected by SMT (cross-thread) return predictions */
- #define SMT_RSB BIT(4)
-+/* CPU is affected by GDS */
-+#define GDS BIT(5)
-
- static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
- VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS),
-@@ -1274,19 +1276,21 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
- VULNBL_INTEL_STEPPINGS(BROADWELL_X, X86_STEPPING_ANY, MMIO),
- VULNBL_INTEL_STEPPINGS(BROADWELL, X86_STEPPING_ANY, SRBDS),
- VULNBL_INTEL_STEPPINGS(SKYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
-- VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED),
-+ VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED | GDS),
- VULNBL_INTEL_STEPPINGS(SKYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
-- VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
-- VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
-+ VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS),
-+ VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS),
- VULNBL_INTEL_STEPPINGS(CANNONLAKE_L, X86_STEPPING_ANY, RETBLEED),
-- VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
-- VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO),
-- VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPING_ANY, MMIO),
-- VULNBL_INTEL_STEPPINGS(COMETLAKE, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
-+ VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
-+ VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO | GDS),
-+ VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPING_ANY, MMIO | GDS),
-+ VULNBL_INTEL_STEPPINGS(COMETLAKE, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO | RETBLEED),
-- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
-+ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
-+ VULNBL_INTEL_STEPPINGS(TIGERLAKE_L, X86_STEPPING_ANY, GDS),
-+ VULNBL_INTEL_STEPPINGS(TIGERLAKE, X86_STEPPING_ANY, GDS),
- VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED),
-- VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED),
-+ VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS),
- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS),
- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO),
- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS),
-@@ -1415,6 +1419,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
- if (cpu_matches(cpu_vuln_blacklist, SMT_RSB))
- setup_force_cpu_bug(X86_BUG_SMT_RSB);
-
-+ /*
-+ * Check if CPU is vulnerable to GDS. If running in a virtual machine on
-+ * an affected processor, the VMM may have disabled the use of GATHER by
-+ * disabling AVX2. The only way to do this in HW is to clear XCR0[2],
-+ * which means that AVX will be disabled.
-+ */
-+ if (cpu_matches(cpu_vuln_blacklist, GDS) && !(ia32_cap & ARCH_CAP_GDS_NO) &&
-+ boot_cpu_has(X86_FEATURE_AVX))
-+ setup_force_cpu_bug(X86_BUG_GDS);
-+
- if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
- return;
-
-@@ -1977,6 +1991,8 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c)
- validate_apic_and_package_id(c);
- x86_spec_ctrl_setup_ap();
- update_srbds_msr();
-+ if (boot_cpu_has_bug(X86_BUG_GDS))
-+ update_gds_msr();
-
- tsx_ap_init();
- }
-diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
-index 61dbb9b216e6..d9aeb335002d 100644
---- a/arch/x86/kernel/cpu/cpu.h
-+++ b/arch/x86/kernel/cpu/cpu.h
-@@ -83,6 +83,7 @@ void cpu_select_mitigations(void);
-
- extern void x86_spec_ctrl_setup_ap(void);
- extern void update_srbds_msr(void);
-+extern void update_gds_msr(void);
-
- extern u64 x86_read_arch_cap_msr(void);
-
-diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
-index 7af8e33735a3..cc6cf06ce88e 100644
---- a/drivers/base/cpu.c
-+++ b/drivers/base/cpu.c
-@@ -577,6 +577,12 @@ ssize_t __weak cpu_show_retbleed(struct device *dev,
- return sysfs_emit(buf, "Not affected\n");
- }
-
-+ssize_t __weak cpu_show_gds(struct device *dev,
-+ struct device_attribute *attr, char *buf)
-+{
-+ return sysfs_emit(buf, "Not affected\n");
-+}
-+
- static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
- static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
- static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
-@@ -588,6 +594,7 @@ static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
- static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL);
- static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL);
- static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL);
-+static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL);
-
- static struct attribute *cpu_root_vulnerabilities_attrs[] = {
- &dev_attr_meltdown.attr,
-@@ -601,6 +608,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
- &dev_attr_srbds.attr,
- &dev_attr_mmio_stale_data.attr,
- &dev_attr_retbleed.attr,
-+ &dev_attr_gather_data_sampling.attr,
- NULL
- };
-
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Date: Wed, 12 Jul 2023 19:43:12 -0700
-Subject: [PATCH] x86/speculation: Add force option to GDS mitigation
-
-The Gather Data Sampling (GDS) vulnerability allows malicious software
-to infer stale data previously stored in vector registers. This may
-include sensitive data such as cryptographic keys. GDS is mitigated in
-microcode, and systems with up-to-date microcode are protected by
-default. However, any affected system that is running with older
-microcode will still be vulnerable to GDS attacks.
-
-Since the gather instructions used by the attacker are part of the
-AVX2 and AVX512 extensions, disabling these extensions prevents gather
-instructions from being executed, thereby mitigating the system from
-GDS. Disabling AVX2 is sufficient, but we don't have the granularity
-to do this. The XCR0[2] disables AVX, with no option to just disable
-AVX2.
-
-Add a kernel parameter gather_data_sampling=force that will enable the
-microcode mitigation if available, otherwise it will disable AVX on
-affected systems.
-
-This option will be ignored if cmdline mitigations=off.
-
-This is a *big* hammer. It is known to break buggy userspace that
-uses incomplete, buggy AVX enumeration. Unfortunately, such userspace
-does exist in the wild:
-
- https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html
-
-[ dhansen: add some more ominous warnings about disabling AVX ]
-
-Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
-
-(cherry picked from commit 553a5c03e90a6087e88f8ff878335ef0621536fb)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit b73421edcd9b8f1b1db51168e4568667d74422db)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- .../hw-vuln/gather_data_sampling.rst | 18 +++++++++++++----
- .../admin-guide/kernel-parameters.txt | 8 +++++++-
- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++-
- 3 files changed, 40 insertions(+), 6 deletions(-)
-
-diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-index 74dab6af7fe1..40b7a6260010 100644
---- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-@@ -60,14 +60,21 @@ bits:
- ================================ === ============================
-
- GDS can also be mitigated on systems that don't have updated microcode by
--disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel
--command-line.
-+disabling AVX. This can be done by setting gather_data_sampling="force" or
-+"clearcpuid=avx" on the kernel command-line.
-+
-+If used, these options will disable AVX use by turning on XSAVE YMM support.
-+However, the processor will still enumerate AVX support. Userspace that
-+does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
-+support will break.
-
- Mitigation control on the kernel command line
- ---------------------------------------------
- The mitigation can be disabled by setting "gather_data_sampling=off" or
--"mitigations=off" on the kernel command line. Not specifying either will
--default to the mitigation being enabled.
-+"mitigations=off" on the kernel command line. Not specifying either will default
-+to the mitigation being enabled. Specifying "gather_data_sampling=force" will
-+use the microcode mitigation when available or disable AVX on affected systems
-+where the microcode hasn't been updated to include the mitigation.
-
- GDS System Information
- ------------------------
-@@ -83,6 +90,9 @@ The possible values contained in this file are:
- Vulnerable Processor vulnerable and mitigation disabled.
- Vulnerable: No microcode Processor vulnerable and microcode is missing
- mitigation.
-+ Mitigation: AVX disabled,
-+ no microcode Processor is vulnerable and microcode is missing
-+ mitigation. AVX disabled as mitigation.
- Mitigation: Microcode Processor is vulnerable and mitigation is in
- effect.
- Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
-diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 380e1e46ffa1..5fef2f65f634 100644
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -1620,7 +1620,13 @@
-
- This issue is mitigated by default in updated microcode.
- The mitigation may have a performance impact but can be
-- disabled.
-+ disabled. On systems without the microcode mitigation
-+ disabling AVX serves as a mitigation.
-+
-+ force: Disable AVX to mitigate systems without
-+ microcode mitigation. No effect if the microcode
-+ mitigation is present. Known to cause crashes in
-+ userspace with buggy AVX enumeration.
-
- off: Disable GDS mitigation.
-
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index a1c1c8e4995c..0cc3c4f09dd7 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -652,6 +652,7 @@ early_param("l1d_flush", l1d_flush_parse_cmdline);
- enum gds_mitigations {
- GDS_MITIGATION_OFF,
- GDS_MITIGATION_UCODE_NEEDED,
-+ GDS_MITIGATION_FORCE,
- GDS_MITIGATION_FULL,
- GDS_MITIGATION_FULL_LOCKED,
- GDS_MITIGATION_HYPERVISOR,
-@@ -662,6 +663,7 @@ static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL
- static const char * const gds_strings[] = {
- [GDS_MITIGATION_OFF] = "Vulnerable",
- [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
-+ [GDS_MITIGATION_FORCE] = "Mitigation: AVX disabled, no microcode",
- [GDS_MITIGATION_FULL] = "Mitigation: Microcode",
- [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)",
- [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
-@@ -687,6 +689,7 @@ void update_gds_msr(void)
- rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
- mcu_ctrl &= ~GDS_MITG_DIS;
- break;
-+ case GDS_MITIGATION_FORCE:
- case GDS_MITIGATION_UCODE_NEEDED:
- case GDS_MITIGATION_HYPERVISOR:
- return;
-@@ -721,10 +724,23 @@ static void __init gds_select_mitigation(void)
-
- /* No microcode */
- if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) {
-- gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
-+ if (gds_mitigation == GDS_MITIGATION_FORCE) {
-+ /*
-+ * This only needs to be done on the boot CPU so do it
-+ * here rather than in update_gds_msr()
-+ */
-+ setup_clear_cpu_cap(X86_FEATURE_AVX);
-+ pr_warn("Microcode update needed! Disabling AVX as mitigation.\n");
-+ } else {
-+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
-+ }
- goto out;
- }
-
-+ /* Microcode has mitigation, use it */
-+ if (gds_mitigation == GDS_MITIGATION_FORCE)
-+ gds_mitigation = GDS_MITIGATION_FULL;
-+
- rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
- if (mcu_ctrl & GDS_MITG_LOCKED) {
- if (gds_mitigation == GDS_MITIGATION_OFF)
-@@ -755,6 +771,8 @@ static int __init gds_parse_cmdline(char *str)
-
- if (!strcmp(str, "off"))
- gds_mitigation = GDS_MITIGATION_OFF;
-+ else if (!strcmp(str, "force"))
-+ gds_mitigation = GDS_MITIGATION_FORCE;
-
- return 0;
- }
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Date: Wed, 12 Jul 2023 19:43:13 -0700
-Subject: [PATCH] x86/speculation: Add Kconfig option for GDS
-
-Gather Data Sampling (GDS) is mitigated in microcode. However, on
-systems that haven't received the updated microcode, disabling AVX
-can act as a mitigation. Add a Kconfig option that uses the microcode
-mitigation if available and disables AVX otherwise. Setting this
-option has no effect on systems not affected by GDS. This is the
-equivalent of setting gather_data_sampling=force.
-
-Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
-
-(cherry picked from commit 53cf5797f114ba2bd86d23a862302119848eff19)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 92bd969bbe475c5bca376d007ed6558085b237ba)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/Kconfig | 19 +++++++++++++++++++
- arch/x86/kernel/cpu/bugs.c | 4 ++++
- 2 files changed, 23 insertions(+)
-
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 598a303819da..8451e0f36c66 100644
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -2640,6 +2640,25 @@ config SLS
- against straight line speculation. The kernel image might be slightly
- larger.
-
-+config GDS_FORCE_MITIGATION
-+ bool "Force GDS Mitigation"
-+ depends on CPU_SUP_INTEL
-+ default n
-+ help
-+ Gather Data Sampling (GDS) is a hardware vulnerability which allows
-+ unprivileged speculative access to data which was previously stored in
-+ vector registers.
-+
-+ This option is equivalent to setting gather_data_sampling=force on the
-+ command line. The microcode mitigation is used if present, otherwise
-+ AVX is disabled as a mitigation. On affected systems that are missing
-+ the microcode any userspace code that unconditionally uses AVX will
-+ break with this option set.
-+
-+ Setting this option on systems not vulnerable to GDS has no effect.
-+
-+ If in doubt, say N.
-+
- endif
-
- config ARCH_HAS_ADD_PAGES
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index 0cc3c4f09dd7..819a8aa0c706 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -658,7 +658,11 @@ enum gds_mitigations {
- GDS_MITIGATION_HYPERVISOR,
- };
-
-+#if IS_ENABLED(CONFIG_GDS_FORCE_MITIGATION)
-+static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE;
-+#else
- static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL;
-+#endif
-
- static const char * const gds_strings[] = {
- [GDS_MITIGATION_OFF] = "Vulnerable",
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Date: Wed, 12 Jul 2023 19:43:14 -0700
-Subject: [PATCH] KVM: Add GDS_NO support to KVM
-
-Gather Data Sampling (GDS) is a transient execution attack using
-gather instructions from the AVX2 and AVX512 extensions. This attack
-allows malicious code to infer data that was previously stored in
-vector registers. Systems that are not vulnerable to GDS will set the
-GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
-guests that may think they are on vulnerable systems that are, in
-fact, not affected. Guests that are running on affected hosts where
-the mitigation is enabled are protected as if they were running
-on an unaffected system.
-
-On all hosts that are not affected or that are mitigated, set the
-GDS_NO bit.
-
-Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
-
-(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit cd25885269804c59063c52ef587bde0d8fe17131)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/kernel/cpu/bugs.c | 7 +++++++
- arch/x86/kvm/x86.c | 7 ++++++-
- 2 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index 819a8aa0c706..63ec50ef7d7c 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -673,6 +673,13 @@ static const char * const gds_strings[] = {
- [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
- };
-
-+bool gds_ucode_mitigated(void)
-+{
-+ return (gds_mitigation == GDS_MITIGATION_FULL ||
-+ gds_mitigation == GDS_MITIGATION_FULL_LOCKED);
-+}
-+EXPORT_SYMBOL_GPL(gds_ucode_mitigated);
-+
- void update_gds_msr(void)
- {
- u64 mcu_ctrl_after;
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 1c5775d51495..7d8b14f8807e 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -310,6 +310,8 @@ u64 __read_mostly host_xcr0;
-
- static struct kmem_cache *x86_emulator_cache;
-
-+extern bool gds_ucode_mitigated(void);
-+
- /*
- * When called, it means the previous get/set msr reached an invalid msr.
- * Return true if we want to ignore/silent this failed msr access.
-@@ -1598,7 +1600,7 @@ static unsigned int num_msr_based_features;
- ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \
- ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \
- ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \
-- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO)
-+ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO)
-
- static u64 kvm_get_arch_capabilities(void)
- {
-@@ -1655,6 +1657,9 @@ static u64 kvm_get_arch_capabilities(void)
- */
- }
-
-+ if (!boot_cpu_has_bug(X86_BUG_GDS) || gds_ucode_mitigated())
-+ data |= ARCH_CAP_GDS_NO;
-+
- return data;
- }
-
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dave Hansen <dave.hansen@linux.intel.com>
-Date: Tue, 1 Aug 2023 07:31:07 -0700
-Subject: [PATCH] Documentation/x86: Fix backwards on/off logic about YMM
- support
-
-These options clearly turn *off* XSAVE YMM support. Correct the
-typo.
-
-Reported-by: Ben Hutchings <ben@decadent.org.uk>
-Fixes: 553a5c03e90a ("x86/speculation: Add force option to GDS mitigation")
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-
-(cherry picked from commit 1b0fc0345f2852ffe54fb9ae0e12e2ee69ad6a20)
-CVE-2022-40982
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit f88fa53e3623291b52b8a6656c1ea9a5d6f6f284)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- Documentation/admin-guide/hw-vuln/gather_data_sampling.rst | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-index 40b7a6260010..264bfa937f7d 100644
---- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-@@ -63,7 +63,7 @@ GDS can also be mitigated on systems that don't have updated microcode by
- disabling AVX. This can be done by setting gather_data_sampling="force" or
- "clearcpuid=avx" on the kernel command-line.
-
--If used, these options will disable AVX use by turning on XSAVE YMM support.
-+If used, these options will disable AVX use by turning off XSAVE YMM support.
- However, the processor will still enumerate AVX support. Userspace that
- does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
- support will break.
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
-Date: Mon, 24 Jul 2023 09:12:50 -0700
-Subject: [PATCH] igc: Fix Kernel Panic during ndo_tx_timeout callback
-
-The Xeon validation group has been carrying out some loaded tests
-with various HW configurations, and they have seen some transmit
-queue time out happening during the test. This will cause the
-reset adapter function to be called by igc_tx_timeout().
-Similar race conditions may arise when the interface is being brought
-down and up in igc_reinit_locked(), an interrupt being generated, and
-igc_clean_tx_irq() being called to complete the TX.
-
-When the igc_tx_timeout() function is invoked, this patch will turn
-off all TX ring HW queues during igc_down() process. TX ring HW queues
-will be activated again during the igc_configure_tx_ring() process
-when performing the igc_up() procedure later.
-
-This patch also moved existing igc_disable_tx_ring_hw() to avoid using
-forward declaration.
-
-Kernel trace:
-[ 7678.747813] ------------[ cut here ]------------
-[ 7678.757914] NETDEV WATCHDOG: enp1s0 (igc): transmit queue 2 timed out
-[ 7678.770117] WARNING: CPU: 0 PID: 13 at net/sched/sch_generic.c:525 dev_watchdog+0x1ae/0x1f0
-[ 7678.784459] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat
-nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO)
-cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) svfs_pci_hotplug(PO)
-vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) svheartbeat(PO) ioapic(PO)
-sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) smbus(PO) spiflash_cdf(PO) arden(PO)
-dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) pch(PO) sviotargets(PO) svbdf(PO) svmem(PO)
-svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO)
-fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO)
-regsupport(O) libnvdimm nls_cp437 snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel
-snd_intel_dspcfg snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci
-[ 7678.784496] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm fuse backlight
-configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic pegasus mmc_block usbhid
-mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa scsi_transport_sas e1000e e1000 e100 ax88179_178a
-usbnet xhci_pci sd_mod xhci_hcd t10_pi crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore
-crct10dif_generic ptp crct10dif_common usb_common pps_core
-[ 7679.200403] RIP: 0010:dev_watchdog+0x1ae/0x1f0
-[ 7679.210201] Code: 28 e9 53 ff ff ff 4c 89 e7 c6 05 06 42 b9 00 01 e8 17 d1 fb ff 44 89 e9 4c
-89 e6 48 c7 c7 40 ad fb 81 48 89 c2 e8 52 62 82 ff <0f> 0b e9 72 ff ff ff 65 8b 05 80 7d 7c 7e
-89 c0 48 0f a3 05 0a c1
-[ 7679.245438] RSP: 0018:ffa00000001f7d90 EFLAGS: 00010282
-[ 7679.256021] RAX: 0000000000000000 RBX: ff11000109938440 RCX: 0000000000000000
-[ 7679.268710] RDX: ff11000361e26cd8 RSI: ff11000361e1b880 RDI: ff11000361e1b880
-[ 7679.281314] RBP: ffa00000001f7da8 R08: ff1100035f8fffe8 R09: 0000000000027ffb
-[ 7679.293840] R10: 0000000000001f0a R11: ff1100035f840000 R12: ff11000109938000
-[ 7679.306276] R13: 0000000000000002 R14: dead000000000122 R15: ffa00000001f7e18
-[ 7679.318648] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
-[ 7679.332064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[ 7679.342757] CR2: 00007ffff7fca168 CR3: 000000013b08a006 CR4: 0000000000471ef8
-[ 7679.354984] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-[ 7679.367207] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
-[ 7679.379370] PKRU: 55555554
-[ 7679.386446] Call Trace:
-[ 7679.393152] <TASK>
-[ 7679.399363] ? __pfx_dev_watchdog+0x10/0x10
-[ 7679.407870] call_timer_fn+0x31/0x110
-[ 7679.415698] expire_timers+0xb2/0x120
-[ 7679.423403] run_timer_softirq+0x179/0x1e0
-[ 7679.431532] ? __schedule+0x2b1/0x820
-[ 7679.439078] __do_softirq+0xd1/0x295
-[ 7679.446426] ? __pfx_smpboot_thread_fn+0x10/0x10
-[ 7679.454867] run_ksoftirqd+0x22/0x30
-[ 7679.462058] smpboot_thread_fn+0xb7/0x160
-[ 7679.469670] kthread+0xcd/0xf0
-[ 7679.476097] ? __pfx_kthread+0x10/0x10
-[ 7679.483211] ret_from_fork+0x29/0x50
-[ 7679.490047] </TASK>
-[ 7679.495204] ---[ end trace 0000000000000000 ]---
-[ 7679.503179] igc 0000:01:00.0 enp1s0: Register Dump
-[ 7679.511230] igc 0000:01:00.0 enp1s0: Register Name Value
-[ 7679.519892] igc 0000:01:00.0 enp1s0: CTRL 181c0641
-[ 7679.528782] igc 0000:01:00.0 enp1s0: STATUS 40280683
-[ 7679.537551] igc 0000:01:00.0 enp1s0: CTRL_EXT 10000040
-[ 7679.546284] igc 0000:01:00.0 enp1s0: MDIC 180a3800
-[ 7679.554942] igc 0000:01:00.0 enp1s0: ICR 00000081
-[ 7679.563503] igc 0000:01:00.0 enp1s0: RCTL 04408022
-[ 7679.571963] igc 0000:01:00.0 enp1s0: RDLEN[0-3] 00001000 00001000 00001000 00001000
-[ 7679.583075] igc 0000:01:00.0 enp1s0: RDH[0-3] 00000068 000000b6 0000000f 00000031
-[ 7679.594162] igc 0000:01:00.0 enp1s0: RDT[0-3] 00000066 000000b2 0000000e 00000030
-[ 7679.605174] igc 0000:01:00.0 enp1s0: RXDCTL[0-3] 02040808 02040808 02040808 02040808
-[ 7679.616196] igc 0000:01:00.0 enp1s0: RDBAL[0-3] 1bb7c000 1bb7f000 1bb82000 0ef33000
-[ 7679.627242] igc 0000:01:00.0 enp1s0: RDBAH[0-3] 00000001 00000001 00000001 00000001
-[ 7679.638256] igc 0000:01:00.0 enp1s0: TCTL a503f0fa
-[ 7679.646607] igc 0000:01:00.0 enp1s0: TDBAL[0-3] 2ba4a000 1bb6f000 1bb74000 1bb79000
-[ 7679.657609] igc 0000:01:00.0 enp1s0: TDBAH[0-3] 00000001 00000001 00000001 00000001
-[ 7679.668551] igc 0000:01:00.0 enp1s0: TDLEN[0-3] 00001000 00001000 00001000 00001000
-[ 7679.679470] igc 0000:01:00.0 enp1s0: TDH[0-3] 000000a7 0000002d 000000bf 000000d9
-[ 7679.690406] igc 0000:01:00.0 enp1s0: TDT[0-3] 000000a7 0000002d 000000bf 000000d9
-[ 7679.701264] igc 0000:01:00.0 enp1s0: TXDCTL[0-3] 02100108 02100108 02100108 02100108
-[ 7679.712123] igc 0000:01:00.0 enp1s0: Reset adapter
-[ 7683.085967] igc 0000:01:00.0 enp1s0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
-[ 8086.945561] ------------[ cut here ]------------
-Entering kdb (current=0xffffffff8220b200, pid 0) on processor 0
-Oops: (null) due to oops @ 0xffffffff81573888
-RIP: 0010:dql_completed+0x148/0x160
-Code: c9 00 48 89 57 58 e9 46 ff ff ff 45 85 e4 41 0f 95 c4 41 39 db 0f 95
-c1 41 84 cc 74 05 45 85 ed 78 0a 44 89 c1 e9 27 ff ff ff <0f> 0b 01 f6 44 89
-c1 29 f1 0f 48 ca eb 8c cc cc cc cc cc cc cc cc
-RSP: 0018:ffa0000000003e00 EFLAGS: 00010287
-RAX: 000000000000006c RBX: ffa0000003eb0f78 RCX: ff11000109938000
-RDX: 0000000000000003 RSI: 0000000000000160 RDI: ff110001002e9480
-RBP: ffa0000000003ed8 R08: ff110001002e93c0 R09: ffa0000000003d28
-R10: 0000000000007cc0 R11: 0000000000007c54 R12: 00000000ffffffd9
-R13: ff1100037039cb00 R14: 00000000ffffffd9 R15: ff1100037039c048
-FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
-CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8
-DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
-PKRU: 55555554
-Call Trace:
- <IRQ>
- ? igc_poll+0x1a9/0x14d0 [igc]
- __napi_poll+0x2e/0x1b0
- net_rx_action+0x126/0x250
- __do_softirq+0xd1/0x295
- irq_exit_rcu+0xc5/0xf0
- common_interrupt+0x86/0xa0
- </IRQ>
- <TASK>
- asm_common_interrupt+0x27/0x40
-RIP: 0010:cpuidle_enter_state+0xd3/0x3e0
-Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 31 ff e8 1b
-de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 49 63 cf
-4c 2b 75 c8 48 8d 04 49 48 89 ca 48 8d
-RSP: 0018:ffffffff82203df0 EFLAGS: 00000202
-RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f
-RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000
-RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018
-R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000
-R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002
- cpuidle_enter+0x2e/0x50
- call_cpuidle+0x23/0x40
- do_idle+0x1be/0x220
- cpu_startup_entry+0x20/0x30
- rest_init+0xb5/0xc0
- arch_call_rest_init+0xe/0x30
- start_kernel+0x448/0x760
- x86_64_start_kernel+0x109/0x150
- secondary_startup_64_no_verify+0xe0/0xeb
- </TASK>
-more>
-[0]kdb>
-
-[0]kdb>
-[0]kdb> go
-Catastrophic error detected
-kdb_continue_catastrophic=0, type go a second time if you really want to
-continue
-[0]kdb> go
-Catastrophic error detected
-kdb_continue_catastrophic=0, attempting to continue
-[ 8086.955689] refcount_t: underflow; use-after-free.
-[ 8086.955697] WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0xc2/0x110
-[ 8086.955706] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat
-nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO)
-cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO)
-svfs_pci_hotplug(PO) vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO)
-svheartbeat(PO) ioapic(PO) sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO)
-smbus(PO) spiflash_cdf(PO) arden(PO) dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO)
-pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO)
-svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O)
-ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) regsupport(O) libnvdimm nls_cp437
-snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg
-snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci
-[ 8086.955751] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm
-fuse backlight configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic
-pegasus mmc_block usbhid mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa
-scsi_transport_sas e1000e e1000 e100 ax88179_178a usbnet xhci_pci sd_mod xhci_hcd t10_pi
-crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore crct10dif_generic ptp crct10dif_common
-usb_common pps_core
-[ 8086.955784] RIP: 0010:refcount_warn_saturate+0xc2/0x110
-[ 8086.955788] Code: 01 e8 82 e7 b4 ff 0f 0b 5d c3 cc cc cc cc 80 3d 68 c6 eb 00 00 75 81
-48 c7 c7 a0 87 f6 81 c6 05 58 c6 eb 00 01 e8 5e e7 b4 ff <0f> 0b 5d c3 cc cc cc cc 80 3d
-42 c6 eb 00 00 0f 85 59 ff ff ff 48
-[ 8086.955790] RSP: 0018:ffa0000000003da0 EFLAGS: 00010286
-[ 8086.955793] RAX: 0000000000000000 RBX: ff1100011da40ee0 RCX: ff11000361e1b888
-[ 8086.955794] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ff11000361e1b880
-[ 8086.955795] RBP: ffa0000000003da0 R08: 80000000ffff9f45 R09: ffa0000000003d28
-[ 8086.955796] R10: ff1100035f840000 R11: 0000000000000028 R12: ff11000319ff8000
-[ 8086.955797] R13: ff1100011bb79d60 R14: 00000000ffffffd6 R15: ff1100037039cb00
-[ 8086.955798] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
-[ 8086.955800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[ 8086.955801] CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8
-[ 8086.955803] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-[ 8086.955803] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
-[ 8086.955804] PKRU: 55555554
-[ 8086.955805] Call Trace:
-[ 8086.955806] <IRQ>
-[ 8086.955808] tcp_wfree+0x112/0x130
-[ 8086.955814] skb_release_head_state+0x24/0xa0
-[ 8086.955818] napi_consume_skb+0x9c/0x160
-[ 8086.955821] igc_poll+0x5d8/0x14d0 [igc]
-[ 8086.955835] __napi_poll+0x2e/0x1b0
-[ 8086.955839] net_rx_action+0x126/0x250
-[ 8086.955843] __do_softirq+0xd1/0x295
-[ 8086.955846] irq_exit_rcu+0xc5/0xf0
-[ 8086.955851] common_interrupt+0x86/0xa0
-[ 8086.955857] </IRQ>
-[ 8086.955857] <TASK>
-[ 8086.955858] asm_common_interrupt+0x27/0x40
-[ 8086.955862] RIP: 0010:cpuidle_enter_state+0xd3/0x3e0
-[ 8086.955866] Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 31 ff e8
-1b de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 49 63 cf 4c 2b 75
-c8 48 8d 04 49 48 89 ca 48 8d
-[ 8086.955867] RSP: 0018:ffffffff82203df0 EFLAGS: 00000202
-[ 8086.955869] RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f
-[ 8086.955870] RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000
-[ 8086.955871] RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018
-[ 8086.955872] R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000
-[ 8086.955873] R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002
-[ 8086.955875] cpuidle_enter+0x2e/0x50
-[ 8086.955880] call_cpuidle+0x23/0x40
-[ 8086.955884] do_idle+0x1be/0x220
-[ 8086.955887] cpu_startup_entry+0x20/0x30
-[ 8086.955889] rest_init+0xb5/0xc0
-[ 8086.955892] arch_call_rest_init+0xe/0x30
-[ 8086.955895] start_kernel+0x448/0x760
-[ 8086.955898] x86_64_start_kernel+0x109/0x150
-[ 8086.955900] secondary_startup_64_no_verify+0xe0/0xeb
-[ 8086.955904] </TASK>
-[ 8086.955904] ---[ end trace 0000000000000000 ]---
-[ 8086.955912] ------------[ cut here ]------------
-[ 8086.955913] kernel BUG at lib/dynamic_queue_limits.c:27!
-[ 8086.955918] invalid opcode: 0000 [#1] SMP
-[ 8086.955922] RIP: 0010:dql_completed+0x148/0x160
-[ 8086.955925] Code: c9 00 48 89 57 58 e9 46 ff ff ff 45 85 e4 41 0f 95 c4 41 39 db
-0f 95 c1 41 84 cc 74 05 45 85 ed 78 0a 44 89 c1 e9 27 ff ff ff <0f> 0b 01 f6 44 89
-c1 29 f1 0f 48 ca eb 8c cc cc cc cc cc cc cc cc
-[ 8086.955927] RSP: 0018:ffa0000000003e00 EFLAGS: 00010287
-[ 8086.955928] RAX: 000000000000006c RBX: ffa0000003eb0f78 RCX: ff11000109938000
-[ 8086.955929] RDX: 0000000000000003 RSI: 0000000000000160 RDI: ff110001002e9480
-[ 8086.955930] RBP: ffa0000000003ed8 R08: ff110001002e93c0 R09: ffa0000000003d28
-[ 8086.955931] R10: 0000000000007cc0 R11: 0000000000007c54 R12: 00000000ffffffd9
-[ 8086.955932] R13: ff1100037039cb00 R14: 00000000ffffffd9 R15: ff1100037039c048
-[ 8086.955933] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000
-[ 8086.955934] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[ 8086.955935] CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8
-[ 8086.955936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-[ 8086.955937] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
-[ 8086.955938] PKRU: 55555554
-[ 8086.955939] Call Trace:
-[ 8086.955939] <IRQ>
-[ 8086.955940] ? igc_poll+0x1a9/0x14d0 [igc]
-[ 8086.955949] __napi_poll+0x2e/0x1b0
-[ 8086.955952] net_rx_action+0x126/0x250
-[ 8086.955956] __do_softirq+0xd1/0x295
-[ 8086.955958] irq_exit_rcu+0xc5/0xf0
-[ 8086.955961] common_interrupt+0x86/0xa0
-[ 8086.955964] </IRQ>
-[ 8086.955965] <TASK>
-[ 8086.955965] asm_common_interrupt+0x27/0x40
-[ 8086.955968] RIP: 0010:cpuidle_enter_state+0xd3/0x3e0
-[ 8086.955971] Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00
-31 ff e8 1b de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00
-49 63 cf 4c 2b 75 c8 48 8d 04 49 48 89 ca 48 8d
-[ 8086.955972] RSP: 0018:ffffffff82203df0 EFLAGS: 00000202
-[ 8086.955973] RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f
-[ 8086.955974] RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000
-[ 8086.955974] RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018
-[ 8086.955975] R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000
-[ 8086.955976] R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002
-[ 8086.955978] cpuidle_enter+0x2e/0x50
-[ 8086.955981] call_cpuidle+0x23/0x40
-[ 8086.955984] do_idle+0x1be/0x220
-[ 8086.955985] cpu_startup_entry+0x20/0x30
-[ 8086.955987] rest_init+0xb5/0xc0
-[ 8086.955990] arch_call_rest_init+0xe/0x30
-[ 8086.955992] start_kernel+0x448/0x760
-[ 8086.955994] x86_64_start_kernel+0x109/0x150
-[ 8086.955996] secondary_startup_64_no_verify+0xe0/0xeb
-[ 8086.955998] </TASK>
-[ 8086.955999] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype
-nft_compat nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO)
-rktpm(PO) cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO)
-svfs_pci_hotplug(PO) vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO)
-svheartbeat(PO) ioapic(PO) sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO)
-smbus(PO) spiflash_cdf(PO) arden(PO) dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO)
-pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO)
-svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O)
-ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) regsupport(O) libnvdimm nls_cp437
-snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg
-snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci
-[ 8086.956029] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm
-fuse backlight configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic
-pegasus mmc_block usbhid mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa
-scsi_transport_sas e1000e e1000 e100 ax88179_178a usbnet xhci_pci sd_mod xhci_hcd t10_pi
-crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore crct10dif_generic ptp crct10dif_common
-usb_common pps_core
-[16762.543675] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.593 msecs
-[16762.543678] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.595 msecs
-[16762.543673] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.495 msecs
-[16762.543679] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.599 msecs
-[16762.543678] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.598 msecs
-[16762.543690] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.605 msecs
-[16762.543684] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.599 msecs
-[16762.543693] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.613 msecs
-[16762.543784] ---[ end trace 0000000000000000 ]---
-[16762.849099] RIP: 0010:dql_completed+0x148/0x160
-PANIC: Fatal exception in interrupt
-
-Fixes: 9b275176270e ("igc: Add ndo_tx_timeout support")
-Tested-by: Alejandra Victoria Alcaraz <alejandra.victoria.alcaraz@intel.com>
-Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
-Acked-by: Sasha Neftin <sasha.neftin@intel.com>
-Tested-by: Naama Meir <naamax.meir@linux.intel.com>
-Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
-Reviewed-by: Simon Horman <simon.horman@corigine.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-(cherry-picked from commit d4a7ce642100765119a872d4aba1bf63e3a22c8a)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- drivers/net/ethernet/intel/igc/igc_main.c | 40 ++++++++++++++++-------
- 1 file changed, 28 insertions(+), 12 deletions(-)
-
-diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c
-index 8b554311518c..a3f89e1dca72 100644
---- a/drivers/net/ethernet/intel/igc/igc_main.c
-+++ b/drivers/net/ethernet/intel/igc/igc_main.c
-@@ -310,6 +310,33 @@ static void igc_clean_all_tx_rings(struct igc_adapter *adapter)
- igc_clean_tx_ring(adapter->tx_ring[i]);
- }
-
-+static void igc_disable_tx_ring_hw(struct igc_ring *ring)
-+{
-+ struct igc_hw *hw = &ring->q_vector->adapter->hw;
-+ u8 idx = ring->reg_idx;
-+ u32 txdctl;
-+
-+ txdctl = rd32(IGC_TXDCTL(idx));
-+ txdctl &= ~IGC_TXDCTL_QUEUE_ENABLE;
-+ txdctl |= IGC_TXDCTL_SWFLUSH;
-+ wr32(IGC_TXDCTL(idx), txdctl);
-+}
-+
-+/**
-+ * igc_disable_all_tx_rings_hw - Disable all transmit queue operation
-+ * @adapter: board private structure
-+ */
-+static void igc_disable_all_tx_rings_hw(struct igc_adapter *adapter)
-+{
-+ int i;
-+
-+ for (i = 0; i < adapter->num_tx_queues; i++) {
-+ struct igc_ring *tx_ring = adapter->tx_ring[i];
-+
-+ igc_disable_tx_ring_hw(tx_ring);
-+ }
-+}
-+
- /**
- * igc_setup_tx_resources - allocate Tx resources (Descriptors)
- * @tx_ring: tx descriptor ring (for a specific queue) to setup
-@@ -4993,6 +5020,7 @@ void igc_down(struct igc_adapter *adapter)
- /* clear VLAN promisc flag so VFTA will be updated if necessary */
- adapter->flags &= ~IGC_FLAG_VLAN_PROMISC;
-
-+ igc_disable_all_tx_rings_hw(adapter);
- igc_clean_all_tx_rings(adapter);
- igc_clean_all_rx_rings(adapter);
- }
-@@ -7094,18 +7122,6 @@ void igc_enable_rx_ring(struct igc_ring *ring)
- igc_alloc_rx_buffers(ring, igc_desc_unused(ring));
- }
-
--static void igc_disable_tx_ring_hw(struct igc_ring *ring)
--{
-- struct igc_hw *hw = &ring->q_vector->adapter->hw;
-- u8 idx = ring->reg_idx;
-- u32 txdctl;
--
-- txdctl = rd32(IGC_TXDCTL(idx));
-- txdctl &= ~IGC_TXDCTL_QUEUE_ENABLE;
-- txdctl |= IGC_TXDCTL_SWFLUSH;
-- wr32(IGC_TXDCTL(idx), txdctl);
--}
--
- void igc_disable_tx_ring(struct igc_ring *ring)
- {
- igc_disable_tx_ring_hw(ring);
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Linus Torvalds <torvalds@linux-foundation.org>
-Date: Tue, 25 Jul 2023 09:38:32 -0700
-Subject: [PATCH] mm: suppress mm fault logging if fatal signal already pending
-
-Commit eda0047296a1 ("mm: make the page fault mmap locking killable")
-intentionally made it much easier to trigger the "page fault fails
-because a fatal signal is pending" situation, by having the mmap locking
-fail early in that case.
-
-We have long aborted page faults in other fatal cases when the actual IO
-for a page is interrupted by SIGKILL - which is particularly useful for
-the traditional case of NFS hanging due to network issues, but local
-filesystems could cause it too if you happened to get the SIGKILL while
-waiting for a page to be faulted in (eg lock_folio_maybe_drop_mmap()).
-
-So aborting the page fault wasn't a new condition - but it now triggers
-earlier, before we even get to 'handle_mm_fault()'. And as a result the
-error doesn't go through our 'fault_signal_pending()' logic, and doesn't
-get filtered away there.
-
-Normally you'd never even notice, because if a fatal signal is pending,
-the new SIGSEGV we send ends up being ignored anyway.
-
-But it turns out that there is one very noticeable exception: if you
-enable 'show_unhandled_signals', the aborted page fault will be logged
-in the kernel messages, and you'll get a scary line looking something
-like this in your logs:
-
- pverados[2183248]: segfault at 55e5a00f9ae0 ip 000055e5a00f9ae0 sp 00007ffc0720bea8 error 14 in perl[55e5a00d4000+195000] likely on CPU 10 (core 4, socket 0)
-
-which is rather misleading. It's not really a segfault at all, it's
-just "the thread was killed before the page fault completed, so we
-aborted the page fault".
-
-Fix this by just making it clear that a pending fatal signal means that
-any new signal coming in after that is implicitly handled. This will
-avoid the misleading logging, since now the signal isn't 'unhandled' any
-more.
-
-Reported-and-tested-by: Fiona Ebner <f.ebner@proxmox.com>
-Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Link: https://lore.kernel.org/lkml/8d063a26-43f5-0bb7-3203-c6a04dc159f8@proxmox.com/
-Acked-by: Oleg Nesterov <oleg@redhat.com>
-Fixes: eda0047296a1 ("mm: make the page fault mmap locking killable")
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-(cherry-picked from commit 5f0bc0b042fc77ff70e14c790abdec960cde4ec1)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- kernel/signal.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/kernel/signal.c b/kernel/signal.c
-index ae26da61c4d9..060f834e9c1a 100644
---- a/kernel/signal.c
-+++ b/kernel/signal.c
-@@ -561,6 +561,10 @@ bool unhandled_signal(struct task_struct *tsk, int sig)
- if (handler != SIG_IGN && handler != SIG_DFL)
- return false;
-
-+ /* If dying, we handle all new signals by ignoring them */
-+ if (fatal_signal_pending(tsk))
-+ return false;
-+
- /* if ptraced, let the tracer determine */
- return !tsk->ptrace;
- }
projects / pve-kernel.git / commitdiff