diff --git a/debian/changelog b/debian/changelog index d0c9ca862..3b5920482 100644 --- a/debian/changelog +++ b/debian/changelog @@ -480,7 +480,6 @@ linux (4.19.128-1) UNRELEASED; urgency=medium - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK - CDC-ACM: heed quirk also in error handling - nvmem: qfprom: remove incorrect write support - - x86/cpu: Add 'table' argument to cpu_matches() - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation - x86/speculation: Add SRBDS vulnerability and mitigation documentation - x86/speculation: Add Ivy Bridge to affected list diff --git a/debian/patches/bugfix/x86/srbds/0002-x86-cpu-Add-table-argument-to-cpu_matches.patch b/debian/patches/bugfix/x86/srbds/0002-x86-cpu-Add-table-argument-to-cpu_matches.patch deleted file mode 100644 index fe960c37d..000000000 --- a/debian/patches/bugfix/x86/srbds/0002-x86-cpu-Add-table-argument-to-cpu_matches.patch +++ /dev/null @@ -1,92 +0,0 @@ -From: Mark Gross -Date: Thu, 16 Apr 2020 17:32:42 +0200 -Subject: [2/5] x86/cpu: Add 'table' argument to cpu_matches() -Origin: https://git.kernel.org/linus/93920f61c2ad7edb01e63323832585796af75fc9 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-0543 - -To make cpu_matches() reusable for other matching tables, have it take a -pointer to a x86_cpu_id table as an argument. - - [ bp: Flip arguments order. ] - -Signed-off-by: Mark Gross -Signed-off-by: Borislav Petkov -Signed-off-by: Thomas Gleixner -Reviewed-by: Josh Poimboeuf ---- - arch/x86/kernel/cpu/common.c | 23 +++++++++++++---------- - 1 file changed, 13 insertions(+), 10 deletions(-) - -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 7f43eba8d0c1..375e1d459b68 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1013,9 +1013,9 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { - {} - }; - --static bool __init cpu_matches(unsigned long which) -+static bool __init cpu_matches(const struct x86_cpu_id *table, unsigned long which) - { -- const struct x86_cpu_id *m = x86_match_cpu(cpu_vuln_whitelist); -+ const struct x86_cpu_id *m = x86_match_cpu(table); - - return m && !!(m->driver_data & which); - } -@@ -1035,29 +1035,32 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - u64 ia32_cap = x86_read_arch_cap_msr(); - - /* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */ -- if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO)) -+ if (!cpu_matches(cpu_vuln_whitelist, NO_ITLB_MULTIHIT) && -+ !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO)) - setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT); - -- if (cpu_matches(NO_SPECULATION)) -+ if (cpu_matches(cpu_vuln_whitelist, NO_SPECULATION)) - return; - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); - -- if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) && -+ if (!cpu_matches(cpu_vuln_whitelist, NO_SSB) && -+ !(ia32_cap & ARCH_CAP_SSB_NO) && - !cpu_has(c, X86_FEATURE_AMD_SSB_NO)) - setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS); - - if (ia32_cap & ARCH_CAP_IBRS_ALL) - setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); - -- if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) { -+ if (!cpu_matches(cpu_vuln_whitelist, NO_MDS) && -+ !(ia32_cap & ARCH_CAP_MDS_NO)) { - setup_force_cpu_bug(X86_BUG_MDS); -- if (cpu_matches(MSBDS_ONLY)) -+ if (cpu_matches(cpu_vuln_whitelist, MSBDS_ONLY)) - setup_force_cpu_bug(X86_BUG_MSBDS_ONLY); - } - -- if (!cpu_matches(NO_SWAPGS)) -+ if (!cpu_matches(cpu_vuln_whitelist, NO_SWAPGS)) - setup_force_cpu_bug(X86_BUG_SWAPGS); - - /* -@@ -1075,7 +1078,7 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - (ia32_cap & ARCH_CAP_TSX_CTRL_MSR))) - setup_force_cpu_bug(X86_BUG_TAA); - -- if (cpu_matches(NO_MELTDOWN)) -+ if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) - return; - - /* Rogue Data Cache Load? No! */ -@@ -1084,7 +1087,7 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - -- if (cpu_matches(NO_L1TF)) -+ if (cpu_matches(cpu_vuln_whitelist, NO_L1TF)) - return; - - setup_force_cpu_bug(X86_BUG_L1TF); diff --git a/debian/patches/series b/debian/patches/series index df28748fb..ff0bb4c97 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/x86/srbds/0002-x86-cpu-Add-table-argument-to-cpu_matches.patch bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch bugfix/x86/srbds/0005-x86-speculation-Add-Ivy-Bridge-to-affected-list.patch