Ubuntu
linux package

~kmously/ubuntu/+source/linux/+git/artful:paolo-fixed

  1. Git
  2. lp:~kmously/ubuntu/+source/linux/+git/artful
  3. paolo-fixed
Last commit made on 2018-02-28
Get this branch:
git clone -b paolo-fixed https://git.launchpad.net/~kmously/ubuntu/+source/linux/+git/artful
Only Khaled El Mously can upload to this branch. If you are Khaled El Mously please log in for upload directions.

Branch merges

Branch information

Name:
paolo-fixed
Repository:
lp:~kmously/ubuntu/+source/linux/+git/artful

Recent commits

29b2566... by Shanker Donthineni <email address hidden>

arm64: Add missing Falkor part number for branch predictor hardening

References to CPU part number MIDR_QCOM_FALKOR were dropped from the
mailing list patch due to mainline/arm64 branch dependency. So this
patch adds the missing part number.

Fixes: ec82b567a74f ("arm64: Implement branch predictor hardening for Falkor")
Acked-by: Marc Zyngier <email address hidden>
Signed-off-by: Shanker Donthineni <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
(cherry picked from commit 16e574d762ac5512eb922ac0ac5eed360b7db9d8)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

8aa9c9d... by Paolo Pisati

UBUNTU: SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic

Signed-off-by: dann frazier <email address hidden>

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

c2e4bcf... by Paolo Pisati

UBUNTU: [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

41167ce... by Marc Zyngier

arm64: Kill PSCI_GET_VERSION as a variant-2 workaround

Commit 3a0a397ff5ff upstream.

Now that we've standardised on SMCCC v1.1 to perform the branch
prediction invalidation, let's drop the previous band-aid.
If vendors haven't updated their firmware to do SMCCC 1.1, they
haven't updated PSCI either, so we don't loose anything.

Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit c584c903bae9a1ec6e881847713df9c1b8b87df0)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

ebbd554... by Marc Zyngier

arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

Commit b092201e0020 upstream.

Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1.
It is lovely. Really.

Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit dbca45b996550f1ab646011f48bede5b9c2e2ea9)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

b3e4935... by Marc Zyngier

arm/arm64: smccc: Implement SMCCC v1.1 inline primitive

Commit f2d3b2e8759a upstream.

One of the major improvement of SMCCC v1.1 is that it only clobbers
the first 4 registers, both on 32 and 64bit. This means that it
becomes very easy to provide an inline version of the SMC call
primitive, and avoid performing a function call to stash the
registers that would otherwise be clobbered by SMCCC v1.0.

Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit ac63fdb4a2b229bdd7ad8449a88791ad5da5f572)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

093534b... by Marc Zyngier

arm/arm64: smccc: Make function identifiers an unsigned quantity

Commit ded4c39e93f3 upstream.

Function identifiers are a 32bit, unsigned quantity. But we never
tell so to the compiler, resulting in the following:

 4ac: b26187e0 mov x0, #0xffffffff80000001

We thus rely on the firmware narrowing it for us, which is not
always a reasonable expectation.

Cc: <email address hidden>
Reported-by: Ard Biesheuvel <email address hidden>
Acked-by: Ard Biesheuvel <email address hidden>
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 37dc3e6c117eced753d6ce6cce85535cec3ad013)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

7a4c2fc... by Marc Zyngier

firmware/psci: Expose SMCCC version through psci_ops

Commit e78eef554a91 upstream.

Since PSCI 1.0 allows the SMCCC version to be (indirectly) probed,
let's do that at boot time, and expose the version of the calling
convention as part of the psci_ops structure.

Acked-by: Lorenzo Pieralisi <email address hidden>
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 908ad7a1484d78228bc88d242121574f86eb35e8)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

061c4bd... by Marc Zyngier

firmware/psci: Expose PSCI conduit

Commit 09a8d6d48499 upstream.

In order to call into the firmware to apply workarounds, it is
useful to find out whether we're using HVC or SMC. Let's expose
this through the psci_ops.

Acked-by: Lorenzo Pieralisi <email address hidden>
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 906a9f396cc8005807f6741e881da0ad317c4091)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

b36aa71... by Marc Zyngier

arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling

Commit f72af90c3783 upstream.

We want SMCCC_ARCH_WORKAROUND_1 to be fast. As fast as possible.
So let's intercept it as early as we can by testing for the
function call number as soon as we've identified a HVC call
coming from the guest.

Tested-by: Ard Biesheuvel <email address hidden>
Reviewed-by: Christoffer Dall <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 6db26ad1dc4685843ab3c4d655b51777e04d131e)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>