Skip to content

Commit

Permalink
Merge tag 'x86_urgent_for_v6.12' of git://git.kernel.org/pub/scm/linu…
Browse files Browse the repository at this point in the history
…x/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

 - Make sure a kdump kernel with CONFIG_IMA_KEXEC enabled and booted on
   an AMD SME enabled hardware properly decrypts the ima_kexec buffer
   information passed to it from the previous kernel

 - Fix building the kernel with Clang where a non-TLS definition of the
   stack protector guard cookie leads to bogus code generation

 - Clear a wrongly advertised virtualized VMLOAD/VMSAVE feature flag on
   some Zen4 client systems as those insns are not supported on client

* tag 'x86_urgent_for_v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
  x86/stackprotector: Work around strict Clang TLS symbol requirements
  x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
  • Loading branch information
Linus Torvalds committed Nov 17, 2024
2 parents 4a5df37 + 8d9ffb2 commit f66d6ac
Show file tree
Hide file tree
Showing 7 changed files with 42 additions and 4 deletions.
5 changes: 3 additions & 2 deletions arch/x86/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,10 @@ ifeq ($(CONFIG_X86_32),y)

ifeq ($(CONFIG_STACKPROTECTOR),y)
ifeq ($(CONFIG_SMP),y)
KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard
KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \
-mstack-protector-guard-symbol=__ref_stack_chk_guard
else
KBUILD_CFLAGS += -mstack-protector-guard=global
KBUILD_CFLAGS += -mstack-protector-guard=global
endif
endif
else
Expand Down
16 changes: 16 additions & 0 deletions arch/x86/entry/entry.S
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,19 @@ EXPORT_SYMBOL_GPL(mds_verw_sel);
.popsection

THUNK warn_thunk_thunk, __warn_thunk

#ifndef CONFIG_X86_64
/*
* Clang's implementation of TLS stack cookies requires the variable in
* question to be a TLS variable. If the variable happens to be defined as an
* ordinary variable with external linkage in the same compilation unit (which
* amounts to the whole of vmlinux with LTO enabled), Clang will drop the
* segment register prefix from the references, resulting in broken code. Work
* around this by avoiding the symbol used in -mstack-protector-guard-symbol=
* entirely in the C code, and use an alias emitted by the linker script
* instead.
*/
#ifdef CONFIG_STACKPROTECTOR
EXPORT_SYMBOL(__ref_stack_chk_guard);
#endif
#endif
3 changes: 3 additions & 0 deletions arch/x86/include/asm/asm-prototypes.h
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,6 @@
extern void cmpxchg8b_emu(void);
#endif

#if defined(__GENKSYMS__) && defined(CONFIG_STACKPROTECTOR)
extern unsigned long __ref_stack_chk_guard;
#endif
11 changes: 11 additions & 0 deletions arch/x86/kernel/cpu/amd.c
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,17 @@ static void init_amd_zen4(struct cpuinfo_x86 *c)
{
if (!cpu_has(c, X86_FEATURE_HYPERVISOR))
msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT);

/*
* These Zen4 SoCs advertise support for virtualized VMLOAD/VMSAVE
* in some BIOS versions but they can lead to random host reboots.
*/
switch (c->x86_model) {
case 0x18 ... 0x1f:
case 0x60 ... 0x7f:
clear_cpu_cap(c, X86_FEATURE_V_VMSAVE_VMLOAD);
break;
}
}

static void init_amd_zen5(struct cpuinfo_x86 *c)
Expand Down
2 changes: 2 additions & 0 deletions arch/x86/kernel/cpu/common.c
Original file line number Diff line number Diff line change
Expand Up @@ -2089,8 +2089,10 @@ void syscall_init(void)

#ifdef CONFIG_STACKPROTECTOR
DEFINE_PER_CPU(unsigned long, __stack_chk_guard);
#ifndef CONFIG_SMP
EXPORT_PER_CPU_SYMBOL(__stack_chk_guard);
#endif
#endif

#endif /* CONFIG_X86_64 */

Expand Down
3 changes: 3 additions & 0 deletions arch/x86/kernel/vmlinux.lds.S
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,9 @@ SECTIONS
. = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE),
"kernel image bigger than KERNEL_IMAGE_SIZE");

/* needed for Clang - see arch/x86/entry/entry.S */
PROVIDE(__ref_stack_chk_guard = __stack_chk_guard);

#ifdef CONFIG_X86_64
/*
* Per-cpu symbols which need to be offset from __per_cpu_load
Expand Down
6 changes: 4 additions & 2 deletions arch/x86/mm/ioremap.c
Original file line number Diff line number Diff line change
Expand Up @@ -656,7 +656,8 @@ static bool memremap_is_setup_data(resource_size_t phys_addr,
paddr_next = data->next;
len = data->len;

if ((phys_addr > paddr) && (phys_addr < (paddr + len))) {
if ((phys_addr > paddr) &&
(phys_addr < (paddr + sizeof(struct setup_data) + len))) {
memunmap(data);
return true;
}
Expand Down Expand Up @@ -718,7 +719,8 @@ static bool __init early_memremap_is_setup_data(resource_size_t phys_addr,
paddr_next = data->next;
len = data->len;

if ((phys_addr > paddr) && (phys_addr < (paddr + len))) {
if ((phys_addr > paddr) &&
(phys_addr < (paddr + sizeof(struct setup_data) + len))) {
early_memunmap(data, sizeof(*data));
return true;
}
Expand Down

0 comments on commit f66d6ac

Please sign in to comment.