# git rev-parse -q --verify 457afdc0071dbd343a59426890b9677ca2882c23^{commit} # git fetch -q -n -f git://gitlab.ozlabs.ibm.com/linuxppc/linux.git fixes-test warning: The last gc run reported the following. Please correct the root cause and remove .git/gc.log. Automatic cleanup will not be performed until the file is removed. warning: There are too many unreachable loose objects; run 'git prune' to remove them. # git rev-parse -q --verify 457afdc0071dbd343a59426890b9677ca2882c23^{commit} 457afdc0071dbd343a59426890b9677ca2882c23 # git checkout -q -f -B kisskb 457afdc0071dbd343a59426890b9677ca2882c23 # git clean -qxdf # < git log -1 # commit 457afdc0071dbd343a59426890b9677ca2882c23 # Author: Gustavo Romero # Date: Tue Sep 3 14:47:17 2019 +1000 # # powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts # # When in userspace and MSR FP=0 the hardware FP state is unrelated to # the current process. This is extended for transactions where if tbegin # is run with FP=0, the hardware checkpoint FP state will also be # unrelated to the current process. Due to this, we need to ensure this # hardware checkpoint is updated with the correct state before we enable # FP for this process. # # Unfortunately we get this wrong when returning to a process from a # hardware interrupt. A process that starts a transaction with FP=0 can # take an interrupt. When the kernel returns back to that process, we # change to FP=1 but with hardware checkpoint FP state not updated. If # this transaction is then rolled back, the FP registers now contain the # wrong state. # # The process looks like this: # Userspace: Kernel # # Start userspace # with MSR FP=0 TM=1 # < ----- # ... # tbegin # bne # Hardware interrupt # ---- > # # .... # ret_from_except # restore_math() # /* sees FP=0 */ # restore_fp() # tm_active_with_fp() # /* sees FP=1 (Incorrect) */ # load_fp_state() # FP = 0 -> 1 # < ----- # Return to userspace # with MSR TM=1 FP=1 # with junk in the FP TM checkpoint # TM rollback # reads FP junk # # When returning from the hardware exception, tm_active_with_fp() is # incorrectly making restore_fp() call load_fp_state() which is setting # FP=1. # # The fix is to remove tm_active_with_fp(). # # tm_active_with_fp() is attempting to handle the case where FP state # has been changed inside a transaction. In this case the checkpointed # and transactional FP state is different and hence we must restore the # FP state (ie. we can't do lazy FP restore inside a transaction that's # used FP). It's safe to remove tm_active_with_fp() as this case is # handled by restore_tm_state(). restore_tm_state() detects if FP has # been using inside a transaction and will set load_fp and call # restore_math() to ensure the FP state (checkpoint and transaction) is # restored. # # This is a data integrity problem for the current process as the FP # registers are corrupted. It's also a security problem as the FP # registers from one process may be leaked to another. # # Similarly for VMX. # # A simple testcase to replicate this will be posted to # tools/testing/selftests/powerpc/tm/tm-poison.c # # This fixes CVE-2019-15031. # # Fixes: a7771176b439 ("powerpc: Don't enable FP/Altivec if not checkpointed") # Cc: stable@vger.kernel.org # 4.15+ # Signed-off-by: Gustavo Romero # Signed-off-by: Michael Neuling # Signed-off-by: Michael Ellerman # Link: https://lore.kernel.org/r/20190903044718.13773-2-mikey@neuling.org # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 457afdc0071dbd343a59426890b9677ca2882c23 # < make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- mpc85xx_defconfig # Added to kconfig CONFIG_PPC_E500MC=y # Added to kconfig CONFIG_VIRTUALIZATION=y # Added to kconfig CONFIG_KVM_E500MC=y # Added to kconfig # yes \n | make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- oldconfig yes: standard output: Broken pipe # make -s -j 48 ARCH=powerpc O=/kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- /kisskb/src/drivers/dma/fsldma.c: In function 'fsl_dma_chan_probe': /kisskb/src/drivers/dma/fsldma.c:1165:26: warning: this statement may fall through [-Wimplicit-fallthrough=] chan->toggle_ext_pause = fsl_chan_toggle_ext_pause; ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/dma/fsldma.c:1166:2: note: here case FSL_DMA_IP_83XX: ^~~~ /kisskb/src/drivers/crypto/talitos.c: In function 'talitos_remove': /kisskb/src/drivers/crypto/talitos.c:3142:4: warning: this statement may fall through [-Wimplicit-fallthrough=] crypto_unregister_aead(&t_alg->algt.alg.aead); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/crypto/talitos.c:3143:3: note: here case CRYPTO_ALG_TYPE_AHASH: ^~~~ In file included from /kisskb/src/include/linux/kernel.h:11, from /kisskb/src/include/linux/list.h:9, from /kisskb/src/include/linux/module.h:9, from /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c:15: /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c: In function 'allocate_bd': /kisskb/src/include/linux/err.h:22:49: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] #define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO) ^ /kisskb/src/include/linux/compiler.h:78:42: note: in definition of macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c:139:6: note: in expansion of macro 'IS_ERR_VALUE' if (IS_ERR_VALUE(fep->ring_mem_addr)) ^~~~~~~~~~~~ In file included from /kisskb/src/include/linux/acpi.h:15, from /kisskb/src/include/linux/i2c.h:13, from /kisskb/src/include/uapi/linux/fb.h:6, from /kisskb/src/include/linux/fb.h:6, from /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c:20: /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c: In function 'fsl_diu_ioctl': /kisskb/src/include/linux/device.h:1501:2: warning: this statement may fall through [-Wimplicit-fallthrough=] _dev_warn(dev, dev_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c:1287:3: note: in expansion of macro 'dev_warn' dev_warn(info->dev, ^~~~~~~~ /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c:1290:2: note: here case MFB_SET_PIXFMT: ^~~~ In file included from /kisskb/src/include/linux/acpi.h:15, from /kisskb/src/include/linux/i2c.h:13, from /kisskb/src/include/uapi/linux/fb.h:6, from /kisskb/src/include/linux/fb.h:6, from /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c:20: /kisskb/src/include/linux/device.h:1501:2: warning: this statement may fall through [-Wimplicit-fallthrough=] _dev_warn(dev, dev_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c:1296:3: note: in expansion of macro 'dev_warn' dev_warn(info->dev, ^~~~~~~~ /kisskb/src/drivers/video/fbdev/fsl-diu-fb.c:1299:2: note: here case MFB_GET_PIXFMT: ^~~~ /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8555cds.dts:330.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8541cds.dts:330.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xde2970) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) INFO: Uncompressed kernel (size 0xdd213c) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xe00000) Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:26 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6513403 Bytes = 6360.75 KiB = 6.21 MiB Load Address: 00000000 Entry Point: 00000000 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:28 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548176 Bytes = 6394.70 KiB = 6.24 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:28 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6550416 Bytes = 6396.89 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:28 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548806 Bytes = 6395.32 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:28 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548691 Bytes = 6395.21 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e00314 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:28 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548526 Bytes = 6395.04 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e00314 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:29 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548847 Bytes = 6395.36 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e00314 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:29 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548594 Bytes = 6395.11 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:29 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6550199 Bytes = 6396.68 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548690 Bytes = 6395.21 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e00314 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6549329 Bytes = 6395.83 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548642 Bytes = 6395.16 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e00314 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548785 Bytes = 6395.30 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6549435 Bytes = 6395.93 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548690 Bytes = 6395.21 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Image Name: Linux-5.3.0-rc2-g457afdc0071d Created: Wed Sep 4 21:51:30 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6548600 Bytes = 6395.12 KiB = 6.25 MiB Load Address: 00e00000 Entry Point: 00e002b4 Completed OK # rm -rf /kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 # Build took: 0:02:23.602322