~anthonywong/ubuntu/+source/linux-intel/+git/focal:intel-5.13-next

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

cdca0b7... by Andrea Righi on 2021-09-28

UBUNTU: Ubuntu-intel-5.13-5.13.0-1005.5

Signed-off-by: Andrea Righi <email address hidden>

707f730... by Andrea Righi on 2021-09-28

UBUNTU: [Config] intel-5.13: update configs and annotations after rebase

Signed-off-by: Andrea Righi <email address hidden>

0acde40... by Andrea Righi on 2021-09-28

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/1945276
Properties: no-test-build
Signed-off-by: Andrea Righi <email address hidden>

6fd3d78... by Andrea Righi on 2021-09-28

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Andrea Righi <email address hidden>

80950af... by Alex Hung on 2021-09-17

UBUNTU: [Config] Enable Intel Shadow Stack support

BugLink: https://bugs.launchpad.net/bugs/1929889

This includes setting Intel Shadow Stack (X86_SHADOW_STACK) and
Intel Indirect Branch Tracking (X86_IBT) to 'y'

Signed-off-by: Alex Hung <email address hidden>
Signed-off-by: Wen-chien Jesse Sung <email address hidden>

cbe0d74... by Yu-cheng Yu on 2020-09-08

Provide back compatibility of ALLOC_SHSTK

BugLink: https://bugs.launchpad.net/bugs/1929889

Signed-off-by: Yu-cheng Yu <email address hidden>
Signed-off-by: Alex Hung <email address hidden>
Signed-off-by: Wen-chien Jesse Sung <email address hidden>

1e9dae3... by "H.J. Lu" <email address hidden> on 2020-01-30

Discard .note.gnu.property sections in generic NOTES

BugLink: https://bugs.launchpad.net/bugs/1929889

With the command-line option, -mx86-used-note=yes, the x86 assembler
in binutils 2.32 and above generates a program property note in a note
section, .note.gnu.property, to encode used x86 ISAs and features. But
kernel linker script only contains a single NOTE segment:

PHDRS {
 text PT_LOAD FLAGS(5);
 data PT_LOAD FLAGS(6);
 percpu PT_LOAD FLAGS(6);
 init PT_LOAD FLAGS(7);
 note PT_NOTE FLAGS(0);
}
SECTIONS
{
...
 .notes : AT(ADDR(.notes) - 0xffffffff80000000) { __start_notes = .; KEEP(*(.not
e.*)) __stop_notes = .; } :text :note
...
}

The NOTE segment generated by kernel linker script is aligned to 4 bytes.
But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
we get

[hjl@gnu-skx-1 linux]$ readelf -n vmlinux

Displaying notes found in: .notes
  Owner Data size Description
  Xen 0x00000006 Unknown note type: (0x00000006)
   description data: 6c 69 6e 75 78 00
  Xen 0x00000004 Unknown note type: (0x00000007)
   description data: 32 2e 36 00
  xen-3.0 0x00000005 Unknown note type: (0x006e6558)
   description data: 08 00 00 00 03
readelf: Warning: note with invalid namesz and/or descsz found at offset 0x50
readelf: Warning: type: 0xffffffff, namesize: 0x006e6558, descsize:
0x80000000, alignment: 8
[hjl@gnu-skx-1 linux]$

Since note.gnu.property section in kernel image is never used, this patch
discards .note.gnu.property sections in kernel linker script by adding

/DISCARD/ : {
  *(.note.gnu.property)
}

before kernel NOTE segment in generic NOTES.

Signed-off-by: H.J. Lu <email address hidden>
Reviewed-by: Kees Cook <email address hidden>
Signed-off-by: Alex Hung <email address hidden>
Signed-off-by: Wen-chien Jesse Sung <email address hidden>

043fb2c... by "H.J. Lu" <email address hidden> on 2020-04-27

powerpc: Keep .rela* sections when CONFIG_RELOCATABLE is defined

BugLink: https://bugs.launchpad.net/bugs/1929889

arch/powerpc/kernel/vmlinux.lds.S has

 #ifdef CONFIG_RELOCATABLE
 ...
        .rela.dyn : AT(ADDR(.rela.dyn) - LOAD_OFFSET)
        {
                __rela_dyn_start = .;
                *(.rela*)
        }
 #endif
 ...
        DISCARDS
        /DISCARD/ : {
                *(*.EMB.apuinfo)
                *(.glink .iplt .plt .rela* .comment)
                *(.gnu.version*)
                *(.gnu.attributes)
                *(.eh_frame)
        }

Since .rela* sections are needed when CONFIG_RELOCATABLE is defined,
don't discard .rela* sections if CONFIG_RELOCATABLE is defined.

Signed-off-by: H.J. Lu <email address hidden>
Acked-by: Michael Ellerman <email address hidden> (powerpc)
Signed-off-by: Alex Hung <email address hidden>
Signed-off-by: Wen-chien Jesse Sung <email address hidden>

bfe62ba... by Yu-cheng Yu on 2018-04-23

x86/cet: Add PTRACE interface for CET

BugLink: https://bugs.launchpad.net/bugs/1929889

Add REGSET_CET64/REGSET_CET32 to get/set CET MSRs:

    IA32_U_CET (user-mode CET settings) and
    IA32_PL3_SSP (user-mode Shadow Stack)

Signed-off-by: Yu-cheng Yu <email address hidden>

v12:
- Return -ENODEV when CET registers are in INIT state.
- Check reserved/non-support bits from user input.

Signed-off-by: Alex Hung <email address hidden>
Signed-off-by: Wen-chien Jesse Sung <email address hidden>

e66b05d... by Yu-cheng Yu on 2021-02-23

x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave

BugLink: https://bugs.launchpad.net/bugs/1929889

ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
component of CET. IBT prevents attacks by ensuring that (most) indirect
branches and function calls may only land at ENDBR instructions. Branches
that don't follow the rules will result in control flow (#CF) exceptions.

ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR
instructions are inserted automatically by the compiler, but branch
targets written in assembly must have ENDBR added manually.

Add ENDBR to __vdso_sgx_enter_enclave() indirect branch targets, including
EEXIT, which is considered an indirect branch.

Signed-off-by: Yu-cheng Yu <email address hidden>
Reviewed-by: Kees Cook <email address hidden>
Acked-by: Jarkko Sakkinen <email address hidden>
Cc: Andy Lutomirski <email address hidden>
Cc: Borislav Petkov <email address hidden>
Cc: Dave Hansen <email address hidden>
Cc: Peter Zijlstra <email address hidden>

v28:
- Move ENDBR64 below EEXIT comment (no functional change).
- Update change log, state EEXIT is considered an indirect branch.

Signed-off-by: Alex Hung <email address hidden>
Signed-off-by: Wen-chien Jesse Sung <email address hidden>