~bladernr/ubuntu/+source/linux/+git/bionic:1823037-amd_iommu-cherrypick

Last commit made on 2019-06-07
Get this branch:
git clone -b 1823037-amd_iommu-cherrypick https://git.launchpad.net/~bladernr/ubuntu/+source/linux/+git/bionic
Only Jeff Lane  can upload to this branch. If you are Jeff Lane  please log in for upload directions.

Branch merges

Branch information

Name:
1823037-amd_iommu-cherrypick
Repository:
lp:~bladernr/ubuntu/+source/linux/+git/bionic

Recent commits

ea2fa8f... by Joerg Roedel <email address hidden>

iommu/amd: Set exclusion range correctly

BugLink: https://bugs.launchpad.net/bugs/1823037

The exlcusion range limit register needs to contain the
base-address of the last page that is part of the range, as
bits 0-11 of this register are treated as 0xfff by the
hardware for comparisons.

So correctly set the exclusion range in the hardware to the
last page which is _in_ the range.

Fixes: b2026aa2dce44 ('x86, AMD IOMMU: add functions for programming IOMMU MMIO space')
Signed-off-by: Joerg Roedel <email address hidden>
(cherry picked from commit 3c677d206210f53a4be972211066c0f1cd47fe12 5.2-rc1)
Signed-off-by: Jeffrey Lane <email address hidden>

2d54261... by Joerg Roedel <email address hidden>

iommu/amd: Reserve exclusion range in iova-domain

BugLink: https://bugs.launchpad.net/bugs/1823037

If a device has an exclusion range specified in the IVRS
table, this region needs to be reserved in the iova-domain
of that device. This hasn't happened until now and can cause
data corruption on data transfered with these devices.

Treat exclusion ranges as reserved regions in the iommu-core
to fix the problem.

Fixes: be2a022c0dd0 ('x86, AMD IOMMU: add functions to parse IOMMU memory mapping requirements for devices')
Signed-off-by: Joerg Roedel <email address hidden>
Reviewed-by: Gary R Hook <email address hidden>
(cherry picked from commit 8aafaaf2212192012f5bae305bb31cdf7681d777 5.2-rc1)
Signed-off-by: Jeffrey Lane <email address hidden>

c414530... by Eric Biggers <email address hidden>

crypto: authenc - fix parsing key with misaligned rta_len

BugLink: https://bugs.launchpad.net/bugs/1829725

Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key and an encryption key.
crypto_authenc_extractkeys() parses the key to find the inner keys.

However, it fails to consider the case where the rtattr's payload is
longer than 4 bytes but not 4-byte aligned, and where the key ends
before the next 4-byte aligned boundary. In this case, 'keylen -=
RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This
causes a buffer overread and crash during crypto_ahash_setkey().

Fix it by restricting the rtattr payload to the expected size.

Reproducer using AF_ALG:

 #include <linux/if_alg.h>
 #include <linux/rtnetlink.h>
 #include <sys/socket.h>

 int main()
 {
  int fd;
  struct sockaddr_alg addr = {
   .salg_type = "aead",
   .salg_name = "authenc(hmac(sha256),cbc(aes))",
  };
  struct {
   struct rtattr attr;
   __be32 enckeylen;
   char keys[1];
  } __attribute__((packed)) key = {
   .attr.rta_len = sizeof(key),
   .attr.rta_type = 1 /* CRYPTO_AUTHENC_KEYA_PARAM */,
  };

  fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
  bind(fd, (void *)&addr, sizeof(addr));
  setsockopt(fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key));
 }

It caused:

 BUG: unable to handle kernel paging request at ffff88007ffdc000
 PGD 2e01067 P4D 2e01067 PUD 2e04067 PMD 2e05067 PTE 0
 Oops: 0000 [#1] SMP
 CPU: 0 PID: 883 Comm: authenc Not tainted 4.20.0-rc1-00108-g00c9fe37a7f27 #13
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
 RIP: 0010:sha256_ni_transform+0xb3/0x330 arch/x86/crypto/sha256_ni_asm.S:155
 [...]
 Call Trace:
  sha256_ni_finup+0x10/0x20 arch/x86/crypto/sha256_ssse3_glue.c:321
  crypto_shash_finup+0x1a/0x30 crypto/shash.c:178
  shash_digest_unaligned+0x45/0x60 crypto/shash.c:186
  crypto_shash_digest+0x24/0x40 crypto/shash.c:202
  hmac_setkey+0x135/0x1e0 crypto/hmac.c:66
  crypto_shash_setkey+0x2b/0xb0 crypto/shash.c:66
  shash_async_setkey+0x10/0x20 crypto/shash.c:223
  crypto_ahash_setkey+0x2d/0xa0 crypto/ahash.c:202
  crypto_authenc_setkey+0x68/0x100 crypto/authenc.c:96
  crypto_aead_setkey+0x2a/0xc0 crypto/aead.c:62
  aead_setkey+0xc/0x10 crypto/algif_aead.c:526
  alg_setkey crypto/af_alg.c:223 [inline]
  alg_setsockopt+0xfe/0x130 crypto/af_alg.c:256
  __sys_setsockopt+0x6d/0xd0 net/socket.c:1902
  __do_sys_setsockopt net/socket.c:1913 [inline]
  __se_sys_setsockopt net/socket.c:1910 [inline]
  __x64_sys_setsockopt+0x1f/0x30 net/socket.c:1910
  do_syscall_64+0x4a/0x180 arch/x86/entry/common.c:290
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: e236d4a89a2f ("[CRYPTO] authenc: Move enckeylen into key itself")
Cc: <email address hidden> # v2.6.25+
Signed-off-by: Eric Biggers <email address hidden>
Signed-off-by: Herbert Xu <email address hidden>
(cherry picked from commit 8f9c469348487844328e162db57112f7d347c49f)
Signed-off-by: Po-Hsu Lin <email address hidden>
Acked-by: Khalid Elmously <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

5e954af... by Josh Poimboeuf

x86/speculation/mds: Fix documentation typo

Fix a minor typo in the MDS documentation: "eanbled" -> "enabled".

Reported-by: Jeff Bastian <email address hidden>
Signed-off-by: Josh Poimboeuf <email address hidden>
Signed-off-by: Thomas Gleixner <email address hidden>

CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091

(cherry picked from commit 95310e348a321b45fb746c176961d4da72344282)
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

6d8afb6... by Tyler Hicks

Documentation: Correct the possible MDS sysfs values

Adjust the last two rows in the table that display possible values when
MDS mitigation is enabled. They both were slightly innacurate.

In addition, convert the table of possible values and their descriptions
to a list-table. The simple table format uses the top border of equals
signs to determine cell width which resulted in the first column being
far too wide in comparison to the second column that contained the
majority of the text.

Signed-off-by: Tyler Hicks <email address hidden>
Signed-off-by: Thomas Gleixner <email address hidden>

CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091

(cherry picked from commit ea01668f9f43021b28b3f4d5ffad50106a1e1301)
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

90a351d... by speck for Pawan Gupta <email address hidden>

x86/mds: Add MDSUM variant to the MDS documentation

Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
Sampling Uncacheable Memory (MDSUM) which is a variant of
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
attacks on internal buffers in Intel CPUs.

MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
memory that takes a fault or assist can leave data in a microarchitectural
structure that may later be observed using one of the same methods used by
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
The existing mitigation for MDS applies to MDSUM as well.

Signed-off-by: Pawan Gupta <email address hidden>
Signed-off-by: Thomas Gleixner <email address hidden>
Reviewed-by: Tyler Hicks <email address hidden>
Reviewed-by: Jon Masters <email address hidden>

CVE-2019-11091

(cherry picked from commit e672f8bf71c66253197e503f75c771dd28ada4a0)
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

9ab2083... by Tyler Hicks

UBUNTU: SAUCE: Synchronize MDS mitigations with upstream

Bring the Ubuntu MDS mitigations in sync with the upstream mitigations.
The initial Ubuntu backport was based on the next to last revision of
the base patch series from upstream.

There is no functional change except for adjusting L1TF warning messages
to use the new URL for the L1TF admin guide.

The Atom Silvermont and Airmont changes in the cpu_vuln_whitelist[]
cause no functional changes because Silvermont and Airmont do not
support Intel Hyper-Threading. Therefore, even without this change, the
CPU buffers would be properly flushed as the CPU thread goes into sleep
state and MDS would be reported as being mitigated.

This commit contains changes from the following upstream commits:

 5999bbe7a6ea ("Documentation: Add MDS vulnerability documentation")
 65fd4cb65b2d ("Documentation: Move L1TF to separate directory")
 bc1241700acd ("x86/speculation/mds: Add mitigation control for MDS")
 22dd8365088b ("x86/speculation/mds: Add mitigation mode VMWERV")
 e261f209c366 ("x86/speculation/mds: Add BUG_MSBDS_ONLY")

CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

638294e... by zhenyuw

drm/i915/gvt: Fix mmap range check

This is to fix missed mmap range check on vGPU bar2 region
and only allow to map vGPU allocated GMADDR range, which means
user space should support sparse mmap to get proper offset for
mmap vGPU aperture. And this takes care of actual pgoff in mmap
request as original code always does from beginning of vGPU
aperture.

Fixes: 659643f7d814 ("drm/i915/gvt/kvmgt: add vfio/mdev support to KVMGT")
Cc: "Monroy, Rodrigo Axel" <email address hidden>
Cc: "Orrala Contreras, Alfredo" <email address hidden>
Cc: <email address hidden> # v4.10+
Reviewed-by: Hang Yuan <email address hidden>
Signed-off-by: Zhenyu Wang <email address hidden>

CVE-2019-11085

(cherry picked from commit 51b00d8509dc69c98740da2ad07308b630d3eb7d)
Signed-off-by: Timo Aaltonen <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Tyler Hicks <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

7abf834... by Michael Ellerman

selftests/powerpc: Remove Power9 copy_unaligned test

BugLink: https://bugs.launchpad.net/bugs/1813118

This is a test of the ISA 3.0 "copy" instruction. That instruction has
an L field, which if set to 1 specifies that "the instruction
identifies the beginning of a move group" (pp 858). That's also
referred to as "copy first" vs "copy".

In ISA 3.0B the copy instruction does not have an L field, and the
corresponding bit in the instruction must be set to 1.

This test is generating a "copy" instruction, not a "copy first", and
so on Power9 (which implements 3.0B), this results in an illegal
instruction.

So just drop the test entirely. We still have copy_first_unaligned to
test the "copy first" behaviour.

Signed-off-by: Michael Ellerman <email address hidden>
Acked-by: Michael Neuling <email address hidden>
Signed-off-by: Michael Ellerman <email address hidden>
(cherry picked from commit 83039f22ba2f6aff935a2acbb6bf671374e8317d)
Signed-off-by: Po-Hsu Lin <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

58844f1... by Kees Cook

selftests/seccomp: Enhance per-arch ptrace syscall skip tests

BugLink: https://bugs.launchpad.net/bugs/1812796

Passing EPERM during syscall skipping was confusing since the test wasn't
actually exercising the errno evaluation -- it was just passing a literal
"1" (EPERM). Instead, expand the tests to check both direct value returns
(positive, 45000 in this case), and errno values (negative, -ESRCH in this
case) to check both fake success and fake failure during syscall skipping.

Reported-by: Colin Ian King <email address hidden>
Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
Cc: <email address hidden>
Signed-off-by: Kees Cook <email address hidden>
Signed-off-by: Shuah Khan <email address hidden>
(cherry picked from commit ed5f13261cb65b02c611ae9971677f33581d4286)
Signed-off-by: Po-Hsu Lin <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>