diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60-r1.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60-r1.ebuild index 77eaa0bc62..b66d13b93c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60-r1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="" +COREOS_SOURCE_REVISION="-r1" inherit coreos-kernel DESCRIPTION="CoreOS Linux kernel" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.12-r1.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.12.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.12-r1.ebuild index 77eaa0bc62..b66d13b93c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.12.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.12-r1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="" +COREOS_SOURCE_REVISION="-r1" inherit coreos-kernel DESCRIPTION="CoreOS Linux kernel" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60-r1.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60-r1.ebuild index 685aa802e6..6c70281dca 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60-r1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="" +COREOS_SOURCE_REVISION="-r1" inherit coreos-kernel savedconfig DESCRIPTION="CoreOS Linux kernel modules" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.12-r1.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.12.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.12-r1.ebuild index 685aa802e6..6c70281dca 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.12.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.12-r1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="" +COREOS_SOURCE_REVISION="-r1" inherit coreos-kernel savedconfig DESCRIPTION="CoreOS Linux kernel modules" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60-r1.ebuild similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60-r1.ebuild index 637435320a..bbebbba39c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60-r1.ebuild @@ -37,4 +37,5 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch \ ${PATCH_DIR}/z0005-xen-netfront-Update-features-after-registering-netde.patch \ ${PATCH_DIR}/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch \ + ${PATCH_DIR}/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.12-r1.ebuild similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.12.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.12-r1.ebuild index fda167a8ac..82fdef9e03 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.12.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.12-r1.ebuild @@ -39,4 +39,5 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0002-Add-arm64-coreos-verity-hash.patch \ ${PATCH_DIR}/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch \ ${PATCH_DIR}/z0004-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch \ + ${PATCH_DIR}/z0005-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index d711ca9176..23dcc4aa53 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,7 +1,7 @@ From 741a20d2c9ab8fe50df1fbb1d3fd95b22f77065b Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 -Subject: [PATCH 1/6] kbuild: derive relative path for KBUILD_SRC from CURDIR +Subject: [PATCH 1/7] kbuild: derive relative path for KBUILD_SRC from CURDIR This enables relocating source and build trees to different roots, provided they stay reachable relative to one another. Useful for diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch index e1b7c6f81e..5d49c953b1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch @@ -1,7 +1,7 @@ From 0e0d8f76240259b590047c39768ddbfe1695d313 Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Fri, 11 Nov 2016 17:28:52 -0800 -Subject: [PATCH 2/6] Add arm64 coreos verity hash +Subject: [PATCH 2/7] Add arm64 coreos verity hash Signed-off-by: Geoff Levand --- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch index 503b55139c..6d82620337 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch @@ -1,7 +1,7 @@ From d14e8b24ed70176794ab95521cc62f5cb14175de Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 8 Feb 2018 21:23:12 -0500 -Subject: [PATCH 3/6] tools/objtool/Makefile: Don't fail on fallthrough with +Subject: [PATCH 3/7] tools/objtool/Makefile: Don't fail on fallthrough with new GCCs --- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch index e19c9a59fa..4c7780f20c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch @@ -1,7 +1,7 @@ From b65e40359a4d927c704ad7170dd7b6e77d3aaaa4 Mon Sep 17 00:00:00 2001 From: Ross Lagerwall Date: Thu, 21 Jun 2018 14:00:20 +0100 -Subject: [PATCH 4/6] xen-netfront: Fix mismatched rtnl_unlock +Subject: [PATCH 4/7] xen-netfront: Fix mismatched rtnl_unlock Fixes: f599c64fdf7d ("xen-netfront: Fix race between device setup and open") Reported-by: Ben Hutchings diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch index 2ca0f50b02..633a8efea4 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch @@ -1,7 +1,7 @@ From db8a5080561668bdd8cc989c8c02e2dddb42e7b8 Mon Sep 17 00:00:00 2001 From: Ross Lagerwall Date: Thu, 21 Jun 2018 14:00:21 +0100 -Subject: [PATCH 5/6] xen-netfront: Update features after registering netdev +Subject: [PATCH 5/7] xen-netfront: Update features after registering netdev Update the features after calling register_netdev() otherwise the device features are not set up correctly and it not possible to change diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch index 19305c971e..a3bc3934b0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch @@ -1,7 +1,7 @@ From 9768a3646f317194d886fd7369d265f3907ddb73 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Sun, 8 Jul 2018 19:35:02 -0400 -Subject: [PATCH 6/6] ext4: fix false negatives *and* false positives in +Subject: [PATCH 6/7] ext4: fix false negatives *and* false positives in ext4_check_descriptors() commit 44de022c4382541cebdd6de4465d1f4f465ff1dd upstream. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch new file mode 100644 index 0000000000..6216e67edf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch @@ -0,0 +1,133 @@ +From 127c328736c4a8a91faf7845e99e7bbfdd248cf2 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Sun, 22 Jul 2018 11:05:09 -0700 +Subject: [PATCH 7/7] x86/entry/64: Remove %ebx handling from error_entry/exit + +error_entry and error_exit communicate the user vs. kernel status of +the frame using %ebx. This is unnecessary -- the information is in +regs->cs. Just use regs->cs. + +This makes error_entry simpler and makes error_exit more robust. + +It also fixes a nasty bug. Before all the Spectre nonsense, the +xen_failsafe_callback entry point returned like this: + + ALLOC_PT_GPREGS_ON_STACK + SAVE_C_REGS + SAVE_EXTRA_REGS + ENCODE_FRAME_POINTER + jmp error_exit + +And it did not go through error_entry. This was bogus: RBX +contained garbage, and error_exit expected a flag in RBX. + +Fortunately, it generally contained *nonzero* garbage, so the +correct code path was used. As part of the Spectre fixes, code was +added to clear RBX to mitigate certain speculation attacks. Now, +depending on kernel configuration, RBX got zeroed and, when running +some Wine workloads, the kernel crashes. This was introduced by: + + commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") + +With this patch applied, RBX is no longer needed as a flag, and the +problem goes away. + +I suspect that malicious userspace could use this bug to crash the +kernel even without the offending patch applied, though. + +[ Historical note: I wrote this patch as a cleanup before I was aware + of the bug it fixed. ] + +[ Note to stable maintainers: this should probably get applied to all + kernels. If you're nervous about that, a more conservative fix to + add xorl %ebx,%ebx; incl %ebx before the jump to error_exit should + also fix the problem. ] + +Reported-and-tested-by: M. Vefa Bicakci +Signed-off-by: Andy Lutomirski +Cc: Boris Ostrovsky +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Dave Hansen +Cc: Denys Vlasenko +Cc: Dominik Brodowski +Cc: Greg KH +Cc: H. Peter Anvin +Cc: Josh Poimboeuf +Cc: Juergen Gross +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: stable@vger.kernel.org +Cc: xen-devel@lists.xenproject.org +Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") +Link: http://lkml.kernel.org/r/b5010a090d3586b2d6e06c7ad3ec5542d1241c45.1532282627.git.luto@kernel.org +Signed-off-by: Ingo Molnar +--- + arch/x86/entry/entry_64.S | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S +index f7bfa701219b..0fae7096ae23 100644 +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -933,7 +933,7 @@ ENTRY(\sym) + + call \do_sym + +- jmp error_exit /* %ebx: no swapgs flag */ ++ jmp error_exit + .endif + END(\sym) + .endm +@@ -1166,7 +1166,6 @@ END(paranoid_exit) + + /* + * Save all registers in pt_regs, and switch GS if needed. +- * Return: EBX=0: came from user mode; EBX=1: otherwise + */ + ENTRY(error_entry) + UNWIND_HINT_FUNC +@@ -1213,7 +1212,6 @@ ENTRY(error_entry) + * for these here too. + */ + .Lerror_kernelspace: +- incl %ebx + leaq native_irq_return_iret(%rip), %rcx + cmpq %rcx, RIP+8(%rsp) + je .Lerror_bad_iret +@@ -1247,28 +1245,20 @@ ENTRY(error_entry) + + /* + * Pretend that the exception came from user mode: set up pt_regs +- * as if we faulted immediately after IRET and clear EBX so that +- * error_exit knows that we will be returning to user mode. ++ * as if we faulted immediately after IRET. + */ + mov %rsp, %rdi + call fixup_bad_iret + mov %rax, %rsp +- decl %ebx + jmp .Lerror_entry_from_usermode_after_swapgs + END(error_entry) + +- +-/* +- * On entry, EBX is a "return to kernel mode" flag: +- * 1: already in kernel mode, don't need SWAPGS +- * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode +- */ + ENTRY(error_exit) + UNWIND_HINT_REGS + DISABLE_INTERRUPTS(CLBR_ANY) + TRACE_IRQS_OFF +- testl %ebx, %ebx +- jnz retint_kernel ++ testb $3, CS(%rsp) ++ jz retint_kernel + jmp retint_user + END(error_exit) + +-- +2.17.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index b58ff4cc03..197dadabe2 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,7 +1,7 @@ From 1565054e3925885a5a727c59145485eb928b65c8 Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 -Subject: [PATCH 1/4] kbuild: derive relative path for KBUILD_SRC from CURDIR +Subject: [PATCH 1/5] kbuild: derive relative path for KBUILD_SRC from CURDIR This enables relocating source and build trees to different roots, provided they stay reachable relative to one another. Useful for diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch index 7f32749d5c..2f764c949d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch @@ -1,7 +1,7 @@ From d1a996e00fc7b58bfffc3cfcd807c9dde2949634 Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Fri, 11 Nov 2016 17:28:52 -0800 -Subject: [PATCH 2/4] Add arm64 coreos verity hash +Subject: [PATCH 2/5] Add arm64 coreos verity hash Signed-off-by: Geoff Levand --- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch index 3706b4b343..7346c569fe 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch @@ -1,7 +1,7 @@ From 178edc68fcd926a894972ea889b5265428fdc5ac Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 8 Feb 2018 21:23:12 -0500 -Subject: [PATCH 3/4] tools/objtool/Makefile: Don't fail on fallthrough with +Subject: [PATCH 3/5] tools/objtool/Makefile: Don't fail on fallthrough with new GCCs --- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch index 6d4cb0f4b1..f47d4f5aeb 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch @@ -1,7 +1,7 @@ From 61ceb2881ae20ce661b4cc28cf7369bfccae9086 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" Date: Wed, 4 Jul 2018 18:08:57 +0300 -Subject: [PATCH 4/4] 4.17.x won't boot due to "x86/boot/compressed/64: Handle +Subject: [PATCH 4/5] 4.17.x won't boot due to "x86/boot/compressed/64: Handle 5-level paging boot if kernel is above 4G" On Tue, Jul 03, 2018 at 05:21:50PM +0300, Kirill A. Shutemov wrote: diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch new file mode 100644 index 0000000000..49b64677d1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch @@ -0,0 +1,133 @@ +From c9017bec96f9cdd3c9434b44e0d28da2c8573b47 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Sun, 22 Jul 2018 11:05:09 -0700 +Subject: [PATCH 5/5] x86/entry/64: Remove %ebx handling from error_entry/exit + +error_entry and error_exit communicate the user vs. kernel status of +the frame using %ebx. This is unnecessary -- the information is in +regs->cs. Just use regs->cs. + +This makes error_entry simpler and makes error_exit more robust. + +It also fixes a nasty bug. Before all the Spectre nonsense, the +xen_failsafe_callback entry point returned like this: + + ALLOC_PT_GPREGS_ON_STACK + SAVE_C_REGS + SAVE_EXTRA_REGS + ENCODE_FRAME_POINTER + jmp error_exit + +And it did not go through error_entry. This was bogus: RBX +contained garbage, and error_exit expected a flag in RBX. + +Fortunately, it generally contained *nonzero* garbage, so the +correct code path was used. As part of the Spectre fixes, code was +added to clear RBX to mitigate certain speculation attacks. Now, +depending on kernel configuration, RBX got zeroed and, when running +some Wine workloads, the kernel crashes. This was introduced by: + + commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") + +With this patch applied, RBX is no longer needed as a flag, and the +problem goes away. + +I suspect that malicious userspace could use this bug to crash the +kernel even without the offending patch applied, though. + +[ Historical note: I wrote this patch as a cleanup before I was aware + of the bug it fixed. ] + +[ Note to stable maintainers: this should probably get applied to all + kernels. If you're nervous about that, a more conservative fix to + add xorl %ebx,%ebx; incl %ebx before the jump to error_exit should + also fix the problem. ] + +Reported-and-tested-by: M. Vefa Bicakci +Signed-off-by: Andy Lutomirski +Cc: Boris Ostrovsky +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Dave Hansen +Cc: Denys Vlasenko +Cc: Dominik Brodowski +Cc: Greg KH +Cc: H. Peter Anvin +Cc: Josh Poimboeuf +Cc: Juergen Gross +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: stable@vger.kernel.org +Cc: xen-devel@lists.xenproject.org +Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") +Link: http://lkml.kernel.org/r/b5010a090d3586b2d6e06c7ad3ec5542d1241c45.1532282627.git.luto@kernel.org +Signed-off-by: Ingo Molnar +--- + arch/x86/entry/entry_64.S | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S +index 3166b9674429..b9699e63ceda 100644 +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -981,7 +981,7 @@ ENTRY(\sym) + + call \do_sym + +- jmp error_exit /* %ebx: no swapgs flag */ ++ jmp error_exit + .endif + END(\sym) + .endm +@@ -1222,7 +1222,6 @@ END(paranoid_exit) + + /* + * Save all registers in pt_regs, and switch GS if needed. +- * Return: EBX=0: came from user mode; EBX=1: otherwise + */ + ENTRY(error_entry) + UNWIND_HINT_FUNC +@@ -1269,7 +1268,6 @@ ENTRY(error_entry) + * for these here too. + */ + .Lerror_kernelspace: +- incl %ebx + leaq native_irq_return_iret(%rip), %rcx + cmpq %rcx, RIP+8(%rsp) + je .Lerror_bad_iret +@@ -1303,28 +1301,20 @@ ENTRY(error_entry) + + /* + * Pretend that the exception came from user mode: set up pt_regs +- * as if we faulted immediately after IRET and clear EBX so that +- * error_exit knows that we will be returning to user mode. ++ * as if we faulted immediately after IRET. + */ + mov %rsp, %rdi + call fixup_bad_iret + mov %rax, %rsp +- decl %ebx + jmp .Lerror_entry_from_usermode_after_swapgs + END(error_entry) + +- +-/* +- * On entry, EBX is a "return to kernel mode" flag: +- * 1: already in kernel mode, don't need SWAPGS +- * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode +- */ + ENTRY(error_exit) + UNWIND_HINT_REGS + DISABLE_INTERRUPTS(CLBR_ANY) + TRACE_IRQS_OFF +- testl %ebx, %ebx +- jnz retint_kernel ++ testb $3, CS(%rsp) ++ jz retint_kernel + jmp retint_user + END(error_exit) + +-- +2.17.1 +