Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.18.1 2018-08-15T15:37:34Z 2018-08-15T15:37:34Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2018-08-15T15:37:34Z urn:sha1:529bea37411759c2b5b41a187b3020723c67c16d 2018-08-15T15:37:34Z Vlastimil Babka vbabka@suse.cz 2018-08-14T18:50:47Z urn:sha1:c5b169d4c6bda4e822f7d0994a3a39f55ed412e7 commit 792adb90fa724ce07c0171cbc96b9215af4b1045 upstream. The introduction of generic_max_swapfile_size and arch-specific versions has broken linking on x86 with CONFIG_SWAP=n due to undefined reference to 'generic_max_swapfile_size'. Fix it by compiling the x86-specific max_swapfile_size() only with CONFIG_SWAP=y. Reported-by: Tomas Pruzina <pruzinat@gmail.com> Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:34Z Abel Vesa abelvesa@linux.com 2018-08-14T21:26:00Z urn:sha1:f6be6903fc10637c7cd831b267da5427bd0ce653 commit 269777aa530f3438ec1781586cdac0b5fe47b061 upstream. Commit 0cc3cd21657b ("cpu/hotplug: Boot HT siblings at least once") breaks non-SMP builds. [ I suspect the 'bool' fields should just be made to be bitfields and be exposed regardless of configuration, but that's a separate cleanup that I'll leave to the owners of this file for later. - Linus ] Fixes: 0cc3cd21657b ("cpu/hotplug: Boot HT siblings at least once") Cc: Dave Hansen <dave.hansen@intel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tony Luck <tony.luck@intel.com> Signed-off-by: Abel Vesa <abelvesa@linux.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:34Z Vlastimil Babka vbabka@suse.cz 2018-08-14T21:38:57Z urn:sha1:3b39dc7463a9867208f68de91f665c2d996f2806 commit d0055f351e647f33f3b0329bff022213bf8aa085 upstream. The function has an inline "return false;" definition with CONFIG_SMP=n but the "real" definition is also visible leading to "redefinition of ‘apic_id_is_primary_thread’" compiler error. Guard it with #ifdef CONFIG_SMP Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 6a4d2657e048 ("x86/smp: Provide topology_is_primary_thread()") Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:34Z Josh Poimboeuf jpoimboe@redhat.com 2018-08-10T07:31:10Z urn:sha1:abf914eefa19098727455f11acd895c57621a822 commit 07d981ad4cf1e78361c6db1c28ee5ba105f96cc1 upstream. The kernel unnecessarily prevents late microcode loading when SMT is disabled. It should be safe to allow it if all the primary threads are online. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Borislav Petkov <bp@suse.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:34Z David Woodhouse dwmw@amazon.co.uk 2018-08-08T10:00:16Z urn:sha1:573864e6570eed55a85aba6b4d10d8c673af806f commit e24f14b0ff985f3e09e573ba1134bfdf42987e05 upstream. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:33Z Andi Kleen ak@linux.intel.com 2018-08-07T22:09:38Z urn:sha1:862b9e18a0a33b79635122857ee9c20733542271 commit 1063711b57393c1999248cccb57bebfaf16739e7 upstream. The mmio tracer sets io mapping PTEs and PMDs to non present when enabled without inverting the address bits, which makes the PTE entry vulnerable for L1TF. Make it use the right low level macros to actually invert the address bits to protect against L1TF. In principle this could be avoided because MMIO tracing is not likely to be enabled on production machines, but the fix is straigt forward and for consistency sake it's better to get rid of the open coded PTE manipulation. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:33Z Andi Kleen ak@linux.intel.com 2018-08-07T22:09:39Z urn:sha1:9fc384dd5354b46ef967f7187764a485935b0dc6 commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream. set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. Replace the open coded PTE manipulation with the L1TF protecting low level PTE routines. Passes the CPA self test. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:33Z Andi Kleen ak@linux.intel.com 2018-08-07T22:09:37Z urn:sha1:43b0b90df51125979137b4ca9debb5c479b8e7de commit 0768f91530ff46683e0b372df14fd79fe8d156e5 upstream. Some cases in THP like: - MADV_FREE - mprotect - split mark the PMD non present for temporarily to prevent races. The window for an L1TF attack in these contexts is very small, but it wants to be fixed for correctness sake. Use the proper low level functions for pmd/pud_mknotpresent() to address this. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-15T15:37:33Z Andi Kleen ak@linux.intel.com 2018-08-07T22:09:36Z urn:sha1:330e5973bb501a6ac1a4e52aa14423876e145bfc commit f22cc87f6c1f771b57c407555cfefd811cdd9507 upstream. For kernel mappings PAGE_PROTNONE is not necessarily set for a non present mapping, but the inversion logic explicitely checks for !PRESENT and PROT_NONE. Remove the PROT_NONE check and make the inversion unconditional for all not present mappings. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>