16 May, 2019
2 commits
-
On x86_64, all returns to usermode go through
prepare_exit_to_usermode(), with the sole exception of do_nmi().
This even includes machine checks -- this was added several years
ago to support MCE recovery. Update the documentation.Signed-off-by: Andy Lutomirski
Cc: Borislav Petkov
Cc: Frederic Weisbecker
Cc: Greg Kroah-Hartman
Cc: Jon Masters
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: stable@vger.kernel.org
Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user")
Link: http://lkml.kernel.org/r/999fa9e126ba6a48e9d214d2f18dbde5c62ac55c.1557865329.git.luto@kernel.org
Signed-off-by: Ingo Molnar -
The double fault ESPFIX path doesn't return to user mode at all --
it returns back to the kernel by simulating a #GP fault.
prepare_exit_to_usermode() will run on the way out of
general_protection before running user code.Signed-off-by: Andy Lutomirski
Cc: Borislav Petkov
Cc: Frederic Weisbecker
Cc: Greg Kroah-Hartman
Cc: Jon Masters
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: stable@vger.kernel.org
Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user")
Link: http://lkml.kernel.org/r/ac97612445c0a44ee10374f6ea79c222fe22a5c4.1557865329.git.luto@kernel.org
Signed-off-by: Ingo Molnar
14 May, 2019
1 commit
-
Pull x86 MDS mitigations from Thomas Gleixner:
"Microarchitectural Data Sampling (MDS) is a hardware vulnerability
which allows unprivileged speculative access to data which is
available in various CPU internal buffers. This new set of misfeatures
has the following CVEs assigned:CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable MemoryMDS attacks target microarchitectural buffers which speculatively
forward data under certain conditions. Disclosure gadgets can expose
this data via cache side channels.Contrary to other speculation based vulnerabilities the MDS
vulnerability does not allow the attacker to control the memory target
address. As a consequence the attacks are purely sampling based, but
as demonstrated with the TLBleed attack samples can be postprocessed
successfully.The mitigation is to flush the microarchitectural buffers on return to
user space and before entering a VM. It's bolted on the VERW
instruction and requires a microcode update. As some of the attacks
exploit data structures shared between hyperthreads, full protection
requires to disable hyperthreading. The kernel does not do that by
default to avoid breaking unattended updates.The mitigation set comes with documentation for administrators and a
deeper technical view"* 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits)
x86/speculation/mds: Fix documentation typo
Documentation: Correct the possible MDS sysfs values
x86/mds: Add MDSUM variant to the MDS documentation
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
x86/speculation/mds: Fix comment
x86/speculation/mds: Add SMT warning message
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/speculation/mds: Add mds=full,nosmt cmdline option
Documentation: Add MDS vulnerability documentation
Documentation: Move L1TF to separate directory
x86/speculation/mds: Add mitigation mode VMWERV
x86/speculation/mds: Add sysfs reporting for MDS
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/kvm/vmx: Add MDS protection when L1D Flush is not active
x86/speculation/mds: Clear CPU buffers on exit to user
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
x86/speculation/mds: Add BUG_MSBDS_ONLY
...
11 May, 2019
1 commit
-
Pull more documentation updates from Jonathan Corbet:
"Some late arriving documentation changes. In particular, this contains
the conversion of the x86 docs to RST, which has been in the works for
some time but needed a couple of final tweaks"* tag 'docs-5.2a' of git://git.lwn.net/linux: (29 commits)
Documentation: x86: convert x86_64/machinecheck to reST
Documentation: x86: convert x86_64/cpu-hotplug-spec to reST
Documentation: x86: convert x86_64/fake-numa-for-cpusets to reST
Documentation: x86: convert x86_64/5level-paging.txt to reST
Documentation: x86: convert x86_64/mm.txt to reST
Documentation: x86: convert x86_64/uefi.txt to reST
Documentation: x86: convert x86_64/boot-options.txt to reST
Documentation: x86: convert i386/IO-APIC.txt to reST
Documentation: x86: convert usb-legacy-support.txt to reST
Documentation: x86: convert orc-unwinder.txt to reST
Documentation: x86: convert resctrl_ui.txt to reST
Documentation: x86: convert microcode.txt to reST
Documentation: x86: convert pti.txt to reST
Documentation: x86: convert amd-memory-encryption.txt to reST
Documentation: x86: convert intel_mpx.txt to reST
Documentation: x86: convert protection-keys.txt to reST
Documentation: x86: convert pat.txt to reST
Documentation: x86: convert mtrr.txt to reST
Documentation: x86: convert tlb.txt to reST
Documentation: x86: convert zero-page.txt to reST
...
09 May, 2019
28 commits
-
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Cc: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.Signed-off-by: Changbin Du
Cc: Mauro Carvalho Chehab
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
Add a index.rst for x86 support. More docs will be added later.
Signed-off-by: Changbin Du
Reviewed-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet -
Pull documentation updates from Jonathan Corbet:
"A reasonably busy cycle for docs, including:- Lots of work on the Chinese and Italian translations
- Some license-rules clarifications from Christoph
- Various build-script fixes
- A new document on memory models
- RST conversion of the live-patching docs
- The usual collection of typo fixes and corrections"
* tag 'docs-5.2' of git://git.lwn.net/linux: (140 commits)
docs/livepatch: Unify style of livepatch documentation in the ReST format
docs: livepatch: convert docs to ReST and rename to *.rst
scripts/documentation-file-ref-check: detect broken :doc:`foo`
scripts/documentation-file-ref-check: don't parse Next/ dir
LICENSES: Rename other to deprecated
LICENSES: Clearly mark dual license only licenses
docs: Don't reference the ZLib license in license-rules.rst
docs/vm: Minor editorial changes in the THP and hugetlbfs
docs/vm: add documentation of memory models
doc:it_IT: translation alignment
doc: fix typo in PGP guide
dontdiff: update with Kconfig build artifacts
docs/zh_CN: fix typos in 1.Intro.rst file
docs/zh_CN: redirect CoC docs to Chinese version
doc: mm: migration doesn't use FOLL_SPLIT anymore
docs: doc-guide: remove the extension from .rst files
doc: kselftest: Fix KBUILD_OUTPUT usage instructions
docs: trace: fix some Sphinx warnings
docs: speculation.txt: mark example blocks as such
docs: ntb.txt: add blank lines to clean up some Sphinx warnings
...
08 May, 2019
2 commits
-
Fix a minor typo in the MDS documentation: "eanbled" -> "enabled".
Reported-by: Jeff Bastian
Signed-off-by: Josh Poimboeuf
Signed-off-by: Thomas Gleixner -
Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
Sampling Uncacheable Memory (MDSUM) which is a variant of
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
attacks on internal buffers in Intel CPUs.MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
memory that takes a fault or assist can leave data in a microarchitectural
structure that may later be observed using one of the same methods used by
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
The existing mitigation for MDS applies to MDSUM as well.Signed-off-by: Pawan Gupta
Signed-off-by: Thomas Gleixner
Reviewed-by: Tyler Hicks
Reviewed-by: Jon Masters
07 May, 2019
2 commits
-
Pull x86 topology updates from Ingo Molnar:
"Two main changes: preparatory changes for Intel multi-die topology
support, plus a syslog message tweak"* 'x86-topology-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/topology: Make DEBUG_HOTPLUG_CPU0 pr_info() more descriptive
x86/smpboot: Rename match_die() to match_pkg()
topology: Simplify cputopology.txt formatting and wording
x86/topology: Fix documentation typo -
Pull x86 mm updates from Ingo Molnar:
"The changes in here are:- text_poke() fixes and an extensive set of executability lockdowns,
to (hopefully) eliminate the last residual circumstances under
which we are using W|X mappings even temporarily on x86 kernels.
This required a broad range of surgery in text patching facilities,
module loading, trampoline handling and other bits.- tweak page fault messages to be more informative and more
structured.- remove DISCONTIGMEM support on x86-32 and make SPARSEMEM the
default.- reduce KASLR granularity on 5-level paging kernels from 512 GB to
1 GB.- misc other changes and updates"
* 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits)
x86/mm: Initialize PGD cache during mm initialization
x86/alternatives: Add comment about module removal races
x86/kprobes: Use vmalloc special flag
x86/ftrace: Use vmalloc special flag
bpf: Use vmalloc special flag
modules: Use vmalloc special flag
mm/vmalloc: Add flag for freeing of special permsissions
mm/hibernation: Make hibernation handle unmapped pages
x86/mm/cpa: Add set_direct_map_*() functions
x86/alternatives: Remove the return value of text_poke_*()
x86/jump-label: Remove support for custom text poker
x86/modules: Avoid breaking W^X while loading modules
x86/kprobes: Set instruction page as executable
x86/ftrace: Set trampoline pages as executable
x86/kgdb: Avoid redundant comparison of patched code
x86/alternatives: Use temporary mm for text poking
x86/alternatives: Initialize temporary mm for patching
fork: Provide a function for copying init_mm
uprobes: Initialize uprobes earlier
x86/mm: Save debug registers when loading a temporary mm
...
19 Apr, 2019
1 commit
-
Syntax only, no functional or semantic change.
reflect actual cpuinfo_x86 field name:
s/logical_id/logical_proc_id/
Signed-off-by: Len Brown
Cc: Andrew Morton
Cc: Linus Torvalds
Cc: Paul E. McKenney
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: Will Deacon
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/e2810a5317d3a109a98204e883fd1461f77b9339.1551160674.git.len.brown@intel.com
Signed-off-by: Ingo Molnar
17 Apr, 2019
2 commits
-
The debug IST stack is actually two separate debug stacks to handle #DB
recursion. This is required because the CPU starts always at top of stack
on exception entry, which means on #DB recursion the second #DB would
overwrite the stack of the first.The low level entry code therefore adjusts the top of stack on entry so a
secondary #DB starts from a different stack page. But the stack pages are
adjacent without a guard page between them.Split the debug stack into 3 stacks which are separated by guard pages. The
3rd stack is never mapped into the cpu_entry_area and is only there to
catch triple #DB nesting:--- top of DB_stack
Signed-off-by: Thomas Gleixner
Signed-off-by: Borislav Petkov
Reviewed-by: Sean Christopherson
Cc: Andy Lutomirski
Cc: Baoquan He
Cc: "Chang S. Bae"
Cc: Dave Hansen
Cc: Dominik Brodowski
Cc: "H. Peter Anvin"
Cc: Ingo Molnar
Cc: Joerg Roedel
Cc: Jonathan Corbet
Cc: Josh Poimboeuf
Cc: Juergen Gross
Cc: "Kirill A. Shutemov"
Cc: Konrad Rzeszutek Wilk
Cc: linux-doc@vger.kernel.org
Cc: Masahiro Yamada
Cc: Peter Zijlstra
Cc: Qian Cai
Cc: Sean Christopherson
Cc: x86-ml
Link: https://lkml.kernel.org/r/20190414160145.439944544@linutronix.de -
The defines for the exception stack (IST) array in the TSS are using the
SDM convention IST1 - IST7. That causes all sorts of code to subtract 1 for
array indices related to IST. That's confusing at best and does not provide
any value.Make the indices zero based and fixup the usage sites. The only code which
needs to adjust the 0 based index is the interrupt descriptor setup which
needs to add 1 now.Signed-off-by: Thomas Gleixner
Signed-off-by: Borislav Petkov
Reviewed-by: Sean Christopherson
Cc: Andy Lutomirski
Cc: Baoquan He
Cc: "Chang S. Bae"
Cc: Dave Hansen
Cc: Dominik Brodowski
Cc: Dou Liyang
Cc: "H. Peter Anvin"
Cc: Ingo Molnar
Cc: Jonathan Corbet
Cc: Josh Poimboeuf
Cc: "Kirill A. Shutemov"
Cc: Konrad Rzeszutek Wilk
Cc: linux-doc@vger.kernel.org
Cc: Nicolai Stange
Cc: Peter Zijlstra
Cc: Qian Cai
Cc: x86-ml
Link: https://lkml.kernel.org/r/20190414160144.331772825@linutronix.de
16 Apr, 2019
1 commit
-
This fixes a PT typo, and the following 56-bit address-space
addresses:* the hole extends from 0100000000000000 to feffffffffffffff
* the KASAN shadow memory area stops at fffffbffffffffff (see kasan.h)Signed-off-by: Stephen Kitt
Cc: Andy Lutomirski
Cc: Borislav Petkov
Cc: Brian Gerst
Cc: Dave Hansen
Cc: H. Peter Anvin
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Rik van Riel
Cc: Thomas Gleixner
Cc: alex.popov@linux.com
Cc: bhe@redhat.com
Cc: corbet@lwn.net
Cc: kirill.shutemov@linux.intel.com
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/20190415150853.10354-1-steve@sk2.org
Signed-off-by: Ingo Molnar
