| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Nov 2017 09:24:21 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...en8.de>
Subject: [GIT PULL] x86 updates for v4.15
Linus,
Please pull the latest x86-asm-for-linus git tree from:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86-asm-for-linus
# HEAD: 91a6a6cfee8ad34ea4cc10a54c0765edfe437cdb Merge branch 'linus' into x86/asm, to resolve conflict
Note that in this cycle most of the x86 topics interacted at a level that caused
them to be merged into tip:x86/asm - but this should be a temporary phenomenon,
hopefully we'll back to the usual patterns in the next merge window.
The main changes in this cycle were:
Hardware enablement:
- Add support for the Intel UMIP (User Mode Instruction Prevention) CPU feature.
This is a security feature that disables certain instructions such as SGDT,
SLDT, SIDT, SMSW and STR. [Note that this is disabled by default for now, there
are some smaller enhancements in the pipeline that I'll follow up with in the
next 1-2 days, which allows this to be enabled by default.] (Ricardo Neri)
- Add support for the AMD SEV (Secure Encrypted Virtualization) CPU feature, on
top of SME (Secure Memory Encryption) support that was added in v4.14.
(Tom Lendacky, Brijesh Singh)
- Enable new SSE/AVX/AVX512 CPU features: AVX512_VBMI2, GFNI, VAES, VPCLMULQDQ,
AVX512_VNNI, AVX512_BITALG. (Gayatri Kammela)
Other changes:
- A big series of entry code simplifications and enhancements (Andy Lutomirski)
- Make the ORC unwinder default on x86 and various objtool enhancements.
(Josh Poimboeuf)
- 5-level paging enhancements (Kirill A. Shutemov)
- Micro-optimize the entry code a bit (Borislav Petkov)
- Improve the handling of interdependent CPU features in the early FPU
init code (Andi Kleen)
- Build system enhancements (Changbin Du, Masahiro Yamada)
- ... plus misc enhancements, fixes and cleanups.
out-of-topic modifications in x86-asm-for-linus:
--------------------------------------------------
Makefile # 11af847446ed: x86/unwind: Rename unwinder
arch/powerpc/kernel/machine_kexec_file_64.c# 1d2e733b13b4: resource: Provide resource s
include/asm-generic/vmlinux.lds.h # ac26963a1175: percpu: Introduce DEFINE_PER
# 11af847446ed: x86/unwind: Rename unwinder
include/linux/ioport.h # 0e4c12b45aa8: x86/mm, resource: Use PAGE_K
# 1d2e733b13b4: resource: Provide resource s
include/linux/kexec.h # 1d2e733b13b4: resource: Provide resource s
include/linux/mem_encrypt.h # d8aa7eea78a1: x86/mm: Add Secure Encrypted
include/linux/mm.h # 15670bfe1990: x86/mm/64: Rename the regist
include/linux/mmzone.h # 83e3c48729d9: mm/sparsemem: Allocate mem_s
include/linux/percpu-defs.h # ac26963a1175: percpu: Introduce DEFINE_PER
kernel/extable.c # e846d1395806: kprobes, x86/alternatives: U
kernel/kexec_file.c # 1d2e733b13b4: resource: Provide resource s
kernel/resource.c # 0e4c12b45aa8: x86/mm, resource: Use PAGE_K
# 1d2e733b13b4: resource: Provide resource s
# 4ac2aed837cb: resource: Consolidate resour
lib/swiotlb.c # d7b417fa08d1: x86/mm: Add DMA support for
mm/gup.c # 5b65c4677a57: mm, x86/mm: Fix performance
mm/sparse.c # 629a359bdb0e: mm/sparsemem: Fix ARM64 boot
# 83e3c48729d9: mm/sparsemem: Allocate mem_s
scripts/Makefile.build # 11af847446ed: x86/unwind: Rename unwinder
tools/objtool/check.c # 00d96180dc38: objtool: Don't report end of
tools/objtool/objtool.c # 6a93bb7e4a7d: objtool: Print top level com
tools/testing/selftests/x86/entry_from_vm86.c# a9e017d5619e: selftests/x86: Add tests for
# 9390afebe1d3: selftests/x86: Add tests for
tools/testing/selftests/x86/ldt_gdt.c# fec8f5ae1715: selftests/x86/ldt_get: Add a
# adedf2893c19: selftests/x86/ldt_gdt: Run m
# d744dcad3909: selftests/x86/ldt_gdt: Add i
# d60ad744c974: selftests/x86/ldt_gdt: Robus
tools/testing/selftests/x86/protection_keys.c# 693cb5580fdb: selftests/x86/protection_key
Thanks,
Ingo
------------------>
Andi Kleen (5):
bitops: Add clear/set_bit32() to linux/bitops.h
x86/cpuid: Add generic table for CPUID dependencies
x86/fpu: Parse clearcpuid= as early XSAVE argument
x86/fpu: Make XSAVE check the base CPUID features before enabling
x86/fpu: Remove the explicit clearing of XSAVE dependent features
Andrey Ryabinin (1):
x86/kasan: Use the same shadow offset for 4- and 5-level paging
Andy Lutomirski (24):
x86/entry/64: Remove the restore_c_regs_and_iret label
x86/entry/64: Split the IRET-to-user and IRET-to-kernel paths
x86/entry/64: Move SWAPGS into the common IRET-to-usermode path
x86/entry/64: Simplify reg restore code in the standard IRET paths
x86/entry/64: Shrink paranoid_exit_restore and make labels local
x86/entry/64: Use pop instead of movq in syscall_return_via_sysret
x86/entry/64: Merge the fast and slow SYSRET paths
x86/entry/64: Use POP instead of MOV to restore regs on NMI return
x86/entry/64: Remove the RESTORE_..._REGS infrastructure
x86/entry/64: De-Xen-ify our NMI code
x86/entry/32: Pull the MSR_IA32_SYSENTER_CS update code out of native_load_sp0()
x86/entry/64: Pass SP0 directly to load_sp0()
x86/entry: Add task_top_of_stack() to find the top of a task's stack
x86/xen/64, x86/entry/64: Clean up SP code in cpu_initialize_context()
x86/entry/64: Stop initializing TSS.sp0 at boot
x86/entry/64: Remove all remaining direct thread_struct::sp0 reads
x86/entry/32: Fix cpu_current_top_of_stack initialization at boot
x86/entry/64: Remove thread_struct::sp0
x86/traps: Use a new on_thread_stack() helper to clean up an assertion
selftests/x86/protection_keys: Fix syscall NR redefinition warnings
selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities
selftests/x86/ldt_gdt: Add infrastructure to test set_thread_area()
selftests/x86/ldt_gdt: Run most existing LDT test cases against the GDT as well
selftests/x86/ldt_get: Add a few additional tests for limits
Baoquan He (1):
x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages'
Borislav Petkov (2):
x86/entry/64: Shorten TEST instructions
x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE
Brijesh Singh (5):
Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description
x86: Add support for changing memory encryption attribute in early boot
percpu: Introduce DEFINE_PER_CPU_DECRYPTED
X86/KVM: Decrypt shared per-cpu variables when SEV is active
X86/KVM: Clear encryption attribute when SEV is active
Changbin Du (5):
x86/build: Factor out fdimage/isoimage generation commands to standalone script
x86/build: Add new paths for isolinux.bin and ldlinux.c32
x86/build: Specify -input-charset=utf-8 for mkisofs
x86/build: Add more generated files to the .gitignore file
x86/build: Make the boot image generation less verbose
Dave Hansen (1):
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
Gayatri Kammela (1):
x86/cpufeatures: Enable new SSE/AVX/AVX512 CPU features
Ingo Molnar (3):
x86/unwinder: Make CONFIG_UNWINDER_ORC=y the default in the 64-bit defconfig
x86/cpufeatures: Re-tabulate the X86_FEATURE definitions
x86/cpufeatures: Fix various details in the feature definitions
Josh Poimboeuf (11):
objtool: Don't report end of section error after an empty unwind hint
x86/head: Remove confusing comment
x86/head: Remove unused 'bad_address' code
x86/head: Fix head ELF function annotations
x86/boot: Annotate verify_cpu() as a callable function
x86/xen: Fix xen head ELF annotations
x86/xen: Add unwind hint annotations
x86/head: Add unwind hint annotations
x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'
x86/unwind: Make CONFIG_UNWINDER_ORC=y the default in kconfig for 64-bit
x86/asm: Don't use the confusing '.ifeq' directive
Juergen Gross (1):
xen, x86/entry/64: Add xen NMI trap entry
Kamalesh Babulal (1):
objtool: Print top level commands on incorrect usage
Kirill A. Shutemov (5):
mm, x86/mm: Fix performance regression in get_user_pages_fast()
mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y
x86/xen: Provide pre-built page tables only for CONFIG_XEN_PV=y and CONFIG_XEN_PVH=y
x86/xen: Drop 5-level paging support code from the XEN_PV code
mm/sparsemem: Fix ARM64 boot crash when CONFIG_SPARSEMEM_EXTREME=y
Masahiro Yamada (1):
x86/build: Beautify build log of syscall headers
Ricardo Neri (31):
x86/mm: Relocate page fault error codes to traps.h
x86/boot: Relocate definition of the initial state of CR0
uprobes/x86: Use existing definitions for segment override prefixes
x86/mpx: Simplify handling of errors when computing linear addresses
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
x86/mpx: Use signed variables to compute effective addresses
x86/mpx: Do not use SIB.index if its value is 100b and ModRM.mod is not 11b
x86/mpx: Do not use SIB.base if its value is 101b and ModRM.mod = 0
x86/mpx, x86/insn: Relocate insn util functions to a new insn-eval file
x86/insn-eval: Do not BUG on invalid register type
x86/insn-eval: Add a utility function to get register offsets
x86/insn-eval: Add utility function to identify string instructions
x86/insn-eval: Add utility functions to get segment selector
x86/insn-eval: Add utility function to get segment descriptor
x86/insn-eval: Add utility functions to get segment descriptor base address and limit
x86/insn-eval: Add function to get default params of code segment
x86/insn-eval: Indicate a 32-bit displacement if ModRM.mod is 0 and ModRM.rm is 101b
x86/insn-eval: Incorporate segment base in linear address computation
x86/insn-eval: Extend get_seg_base_addr() to also obtain segment limit
x86/insn-eval: Compute linear address in several utility functions
x86/insn-eval: Add support to resolve 32-bit address encodings
x86/insn-eval: Add wrapper function for 32 and 64-bit addresses
x86/insn-eval: Handle 32-bit address encodings in virtual-8086 mode
x86/insn-eval: Add support to resolve 16-bit address encodings
x86/cpufeature: Add User-Mode Instruction Prevention definitions
x86/umip: Add emulation code for UMIP instructions
x86/umip: Force a page fault when unable to copy emulated result to user
x86/umip: Enable User-Mode Instruction Prevention at runtime
x86/traps: Fix up general protection faults caused by UMIP
selftests/x86: Add tests for User-Mode Instruction Prevention
selftests/x86: Add tests for the STR and SLDT instructions
Steven Rostedt (VMware) (1):
x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints
Thomas Gleixner (3):
x86/cpuid: Prevent out of bound access in do_clear_cpu_cap()
x86/cpuid: Replace set/clear_bit32()
bitops: Revert cbe96375025e ("bitops: Add clear/set_bit32() to linux/bitops.h")
Tom Lendacky (13):
x86/mm: Remove unnecessary TLB flush for SME in-place encryption
x86/mm: Add Secure Encrypted Virtualization (SEV) support
x86/mm: Don't attempt to encrypt initrd under SEV
x86/realmode: Don't decrypt trampoline area under SEV
x86/mm: Use encrypted access of boot related data with SEV
x86/mm: Include SEV for encryption memory attribute changes
x86/efi: Access EFI data as encrypted when SEV is active
resource: Consolidate resource walking code
resource: Provide resource struct in resource walk callback
x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages
x86/mm: Add DMA support for SEV memory encryption
x86/boot: Add early boot support when running with SEV active
x86/io: Unroll string I/O when SEV is active
Uros Bizjak (1):
x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates
Zhou Chengming (1):
kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules
kbuild test robot (1):
resource: Fix resource_size.cocci warnings
Documentation/x86/amd-memory-encryption.txt | 30 +-
Documentation/x86/orc-unwinder.txt | 2 +-
Documentation/x86/x86_64/mm.txt | 2 +-
Makefile | 4 +-
arch/powerpc/kernel/machine_kexec_file_64.c | 12 +-
arch/x86/Kconfig | 13 +-
arch/x86/Kconfig.debug | 39 +-
arch/x86/boot/.gitignore | 3 +
arch/x86/boot/Makefile | 59 +-
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/head_64.S | 16 +
arch/x86/boot/compressed/mem_encrypt.S | 120 +++
arch/x86/boot/compressed/misc.h | 2 +
arch/x86/boot/compressed/pagetable.c | 8 +-
arch/x86/boot/genimage.sh | 124 +++
arch/x86/configs/tiny.config | 4 +-
arch/x86/configs/x86_64_defconfig | 1 +
arch/x86/entry/calling.h | 69 +-
arch/x86/entry/entry_64.S | 141 +--
arch/x86/entry/entry_64_compat.S | 3 +-
arch/x86/entry/syscalls/Makefile | 4 +-
arch/x86/entry/vdso/vma.c | 5 +-
arch/x86/include/asm/archrandom.h | 8 +-
arch/x86/include/asm/bitops.h | 10 +-
arch/x86/include/asm/compat.h | 1 +
arch/x86/include/asm/cpufeature.h | 9 +-
arch/x86/include/asm/cpufeatures.h | 537 +++++-----
arch/x86/include/asm/disabled-features.h | 8 +-
arch/x86/include/asm/inat.h | 10 +
arch/x86/include/asm/insn-eval.h | 23 +
arch/x86/include/asm/io.h | 43 +-
arch/x86/include/asm/mem_encrypt.h | 14 +
arch/x86/include/asm/module.h | 2 +-
arch/x86/include/asm/msr-index.h | 3 +
arch/x86/include/asm/paravirt.h | 5 +-
arch/x86/include/asm/paravirt_types.h | 2 +-
arch/x86/include/asm/percpu.h | 2 +-
arch/x86/include/asm/pgtable_types.h | 3 +-
arch/x86/include/asm/processor.h | 52 +-
arch/x86/include/asm/ptrace.h | 6 +-
arch/x86/include/asm/rmwcc.h | 2 +-
arch/x86/include/asm/switch_to.h | 24 +
arch/x86/include/asm/syscalls.h | 2 +-
arch/x86/include/asm/trace/fpu.h | 10 -
arch/x86/include/asm/traps.h | 20 +-
arch/x86/include/asm/umip.h | 12 +
arch/x86/include/asm/unwind.h | 8 +-
arch/x86/include/uapi/asm/kvm_para.h | 1 -
arch/x86/include/uapi/asm/processor-flags.h | 5 +
arch/x86/kernel/Makefile | 11 +-
arch/x86/kernel/alternative.c | 26 +-
arch/x86/kernel/cpu/Makefile | 1 +
arch/x86/kernel/cpu/common.c | 54 +-
arch/x86/kernel/cpu/cpuid-deps.c | 121 +++
arch/x86/kernel/crash.c | 18 +-
arch/x86/kernel/fpu/init.c | 11 +
arch/x86/kernel/fpu/xstate.c | 43 +-
arch/x86/kernel/head_32.S | 5 +-
arch/x86/kernel/head_64.S | 45 +-
arch/x86/kernel/kvm.c | 40 +-
arch/x86/kernel/kvmclock.c | 65 +-
arch/x86/kernel/ldt.c | 16 +-
arch/x86/kernel/pmem.c | 2 +-
arch/x86/kernel/process.c | 8 +-
arch/x86/kernel/process_32.c | 6 +-
arch/x86/kernel/process_64.c | 5 +-
arch/x86/kernel/setup.c | 6 +-
arch/x86/kernel/smpboot.c | 3 +-
arch/x86/kernel/traps.c | 9 +-
arch/x86/kernel/umip.c | 366 +++++++
arch/x86/kernel/uprobes.c | 15 +-
arch/x86/kernel/verify_cpu.S | 3 +-
arch/x86/kernel/vm86_32.c | 20 +-
arch/x86/lib/Makefile | 2 +-
arch/x86/lib/insn-eval.c | 1364 +++++++++++++++++++++++++
arch/x86/mm/fault.c | 88 +-
arch/x86/mm/init_64.c | 10 +-
arch/x86/mm/ioremap.c | 123 ++-
arch/x86/mm/kasan_init_64.c | 101 +-
arch/x86/mm/mem_encrypt.c | 301 +++++-
arch/x86/mm/mpx.c | 120 +--
arch/x86/mm/pageattr.c | 4 +-
arch/x86/platform/efi/efi_64.c | 16 +-
arch/x86/realmode/init.c | 5 +-
arch/x86/um/ldt.c | 7 +-
arch/x86/xen/enlighten_pv.c | 9 +-
arch/x86/xen/mmu_pv.c | 159 ++-
arch/x86/xen/smp_pv.c | 17 +-
arch/x86/xen/xen-asm_64.S | 2 +-
arch/x86/xen/xen-head.S | 11 +-
include/asm-generic/vmlinux.lds.h | 21 +-
include/linux/ioport.h | 7 +-
include/linux/kexec.h | 2 +-
include/linux/mem_encrypt.h | 7 +-
include/linux/mm.h | 2 +-
include/linux/mmzone.h | 6 +-
include/linux/percpu-defs.h | 15 +
kernel/extable.c | 2 +
kernel/kexec_file.c | 5 +-
kernel/resource.c | 76 +-
lib/Kconfig.debug | 2 +-
lib/swiotlb.c | 5 +-
mm/gup.c | 97 +-
mm/sparse.c | 27 +-
scripts/Makefile.build | 2 +-
tools/objtool/check.c | 7 +-
tools/objtool/objtool.c | 6 +-
tools/testing/selftests/x86/entry_from_vm86.c | 89 +-
tools/testing/selftests/x86/ldt_gdt.c | 88 +-
tools/testing/selftests/x86/protection_keys.c | 24 +-
110 files changed, 4067 insertions(+), 1145 deletions(-)
create mode 100644 arch/x86/boot/compressed/mem_encrypt.S
create mode 100644 arch/x86/boot/genimage.sh
create mode 100644 arch/x86/include/asm/insn-eval.h
create mode 100644 arch/x86/include/asm/umip.h
create mode 100644 arch/x86/kernel/cpu/cpuid-deps.c
create mode 100644 arch/x86/kernel/umip.c
create mode 100644 arch/x86/lib/insn-eval.c
Powered by blists - more mailing lists