Patch "Revert "x86/efi: Hoist page table switching code into efi_call_virt()"" has been added to the 4.4-stable tree

Patch "Revert "x86/efi: Hoist page table switching code into efi_call_virt()"" has been added to the 4.4-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    Revert "x86/efi: Hoist page table switching code into efi_call_virt()"

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     revert-x86-efi-hoist-page-table-switching-code-into-efi_call_virt.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From foo@baz Thu Dec 14 21:26:14 CET 2017
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 14 Dec 2017 21:23:48 +0100
Subject: Revert "x86/efi: Hoist page table switching code into efi_call_virt()"

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This reverts commit b73adb60852034d84092d123b323196ca42529cd which is
commit c9f2a9a65e4855b74d92cdad688f6ee4a1a323ff upstream.

Turns there was too many other issues with this patch to make it viable
for the stable tree.

Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Borislav Petkov <bp@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: linux-efi@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: "Ghannam, Yazen" <Yazen.Ghannam@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/include/asm/efi.h          |   25 --------------------
 arch/x86/platform/efi/efi_64.c      |   24 ++++++++++----------
 arch/x86/platform/efi/efi_stub_64.S |   43 ++++++++++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 36 deletions(-)

--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -3,7 +3,6 @@
 
 #include <asm/fpu/api.h>
 #include <asm/pgtable.h>
-#include <asm/tlb.h>
 
 /*
  * We map the EFI regions needed for runtime services non-contiguously,
@@ -65,17 +64,6 @@ extern u64 asmlinkage efi_call(void *fp,
 
 #define efi_call_phys(f, args...)		efi_call((f), args)
 
-/*
- * Scratch space used for switching the pagetable in the EFI stub
- */
-struct efi_scratch {
-	u64	r15;
-	u64	prev_cr3;
-	pgd_t	*efi_pgt;
-	bool	use_pgd;
-	u64	phys_stack;
-} __packed;
-
 #define efi_call_virt(f, ...)						\
 ({									\
 	efi_status_t __s;						\
@@ -83,20 +71,7 @@ struct efi_scratch {
 	efi_sync_low_kernel_mappings();					\
 	preempt_disable();						\
 	__kernel_fpu_begin();						\
-									\
-	if (efi_scratch.use_pgd) {					\
-		efi_scratch.prev_cr3 = read_cr3();			\
-		write_cr3((unsigned long)efi_scratch.efi_pgt);		\
-		__flush_tlb_all();					\
-	}								\
-									\
 	__s = efi_call((void *)efi.systab->runtime->f, __VA_ARGS__);	\
-									\
-	if (efi_scratch.use_pgd) {					\
-		write_cr3(efi_scratch.prev_cr3);			\
-		__flush_tlb_all();					\
-	}								\
-									\
 	__kernel_fpu_end();						\
 	preempt_enable();						\
 	__s;								\
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -47,7 +47,16 @@
  */
 static u64 efi_va = EFI_VA_START;
 
-struct efi_scratch efi_scratch;
+/*
+ * Scratch space used for switching the pagetable in the EFI stub
+ */
+struct efi_scratch {
+	u64 r15;
+	u64 prev_cr3;
+	pgd_t *efi_pgt;
+	bool use_pgd;
+	u64 phys_stack;
+} __packed;
 
 static void __init early_code_mapping_set_exec(int executable)
 {
@@ -74,11 +83,8 @@ pgd_t * __init efi_call_phys_prolog(void
 	int pgd;
 	int n_pgds;
 
-	if (!efi_enabled(EFI_OLD_MEMMAP)) {
-		save_pgd = (pgd_t *)read_cr3();
-		write_cr3((unsigned long)efi_scratch.efi_pgt);
-		goto out;
-	}
+	if (!efi_enabled(EFI_OLD_MEMMAP))
+		return NULL;
 
 	early_code_mapping_set_exec(1);
 
@@ -90,7 +96,6 @@ pgd_t * __init efi_call_phys_prolog(void
 		vaddress = (unsigned long)__va(pgd * PGDIR_SIZE);
 		set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress));
 	}
-out:
 	__flush_tlb_all();
 
 	return save_pgd;
@@ -104,11 +109,8 @@ void __init efi_call_phys_epilog(pgd_t *
 	int pgd_idx;
 	int nr_pgds;
 
-	if (!efi_enabled(EFI_OLD_MEMMAP)) {
-		write_cr3((unsigned long)save_pgd);
-		__flush_tlb_all();
+	if (!save_pgd)
 		return;
-	}
 
 	nr_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT) , PGDIR_SIZE);
 
--- a/arch/x86/platform/efi/efi_stub_64.S
+++ b/arch/x86/platform/efi/efi_stub_64.S
@@ -38,6 +38,41 @@
 	mov %rsi, %cr0;			\
 	mov (%rsp), %rsp
 
+	/* stolen from gcc */
+	.macro FLUSH_TLB_ALL
+	movq %r15, efi_scratch(%rip)
+	movq %r14, efi_scratch+8(%rip)
+	movq %cr4, %r15
+	movq %r15, %r14
+	andb $0x7f, %r14b
+	movq %r14, %cr4
+	movq %r15, %cr4
+	movq efi_scratch+8(%rip), %r14
+	movq efi_scratch(%rip), %r15
+	.endm
+
+	.macro SWITCH_PGT
+	cmpb $0, efi_scratch+24(%rip)
+	je 1f
+	movq %r15, efi_scratch(%rip)		# r15
+	# save previous CR3
+	movq %cr3, %r15
+	movq %r15, efi_scratch+8(%rip)		# prev_cr3
+	movq efi_scratch+16(%rip), %r15		# EFI pgt
+	movq %r15, %cr3
+	1:
+	.endm
+
+	.macro RESTORE_PGT
+	cmpb $0, efi_scratch+24(%rip)
+	je 2f
+	movq efi_scratch+8(%rip), %r15
+	movq %r15, %cr3
+	movq efi_scratch(%rip), %r15
+	FLUSH_TLB_ALL
+	2:
+	.endm
+
 ENTRY(efi_call)
 	SAVE_XMM
 	mov (%rsp), %rax
@@ -48,8 +83,16 @@ ENTRY(efi_call)
 	mov %r8, %r9
 	mov %rcx, %r8
 	mov %rsi, %rcx
+	SWITCH_PGT
 	call *%rdi
+	RESTORE_PGT
 	addq $48, %rsp
 	RESTORE_XMM
 	ret
 ENDPROC(efi_call)
+
+	.data
+ENTRY(efi_scratch)
+	.fill 3,8,0
+	.byte 0
+	.quad 0


Patches currently in stable-queue which might be from gregkh@linuxfoundation.org are

queue-4.4/xfrm-copy-policy-family-in-clone_policy.patch
queue-4.4/hv-kvp-avoid-reading-past-allocated-blocks-from-kvp-file.patch
queue-4.4/scsi-lpfc-fix-crash-during-hardware-error-recovery-on-sli3-adapters.patch
queue-4.4/atm-horizon-fix-irq-release-error.patch
queue-4.4/x.509-reject-invalid-bit-string-for-subjectpublickey.patch
queue-4.4/ipv6-reorder-icmpv6_init-and-ip6_mr_init.patch
queue-4.4/ipvlan-fix-ipv6-outbound-device.patch
queue-4.4/arm-omap2-release-device-node-after-it-is-no-longer-needed.patch
queue-4.4/kvm-nvmx-reset-nested_run_pending-if-the-vcpu-is-going-to-be-reset.patch
queue-4.4/asn.1-check-for-error-from-asn1_op_end__act-actions.patch
queue-4.4/can-ems_usb-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/s390-always-save-and-restore-all-registers-on-context-switch.patch
queue-4.4/alsa-seq-remove-spurious-warn_on-at-timer-check.patch
queue-4.4/revert-x86-efi-build-our-own-page-table-structures.patch
queue-4.4/more-bio_map_user_iov-leak-fixes.patch
queue-4.4/hid-chicony-add-support-for-another-asus-zen-aio-keyboard.patch
queue-4.4/s390-fix-compat-system-call-table.patch
queue-4.4/netfilter-don-t-track-fragmented-packets.patch
queue-4.4/block-wake-up-all-tasks-blocked-in-get_request.patch
queue-4.4/kvm-nvmx-vmclear-should-not-cause-the-vcpu-to-shut-down.patch
queue-4.4/can-esd_usb2-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/scsi-use-dma_get_cache_alignment-as-minimum-dma-alignment.patch
queue-4.4/arm-omap2-fix-device-node-reference-counts.patch
queue-4.4/can-ti_hecc-fix-napi-poll-return-value-for-repoll.patch
queue-4.4/iommu-vt-d-fix-scatterlist-offset-handling.patch
queue-4.4/mac80211_hwsim-fix-memory-leak-in-hwsim_new_radio_nl.patch
queue-4.4/can-usb_8dev-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/drm-extra-printk-wrapper-macros.patch
queue-4.4/mm-drop-unused-pmdp_huge_get_and_clear_notify.patch
queue-4.4/alsa-pcm-prevent-uaf-in-snd_pcm_info.patch
queue-4.4/net-packet-fix-a-race-in-packet_bind-and-packet_notifier.patch
queue-4.4/can-kvaser_usb-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/isa-prevent-null-dereference-in-isa_bus-driver-callbacks.patch
queue-4.4/axonram-fix-gendisk-handling.patch
queue-4.4/alsa-usb-audio-add-check-return-value-for-usb_string.patch
queue-4.4/revert-spi-spi_fsl_dspi-should-depend-on-has_dma.patch
queue-4.4/scsi-dma-mapping-always-provide-dma_get_cache_alignment.patch
queue-4.4/powerpc-powernv-ioda2-gracefully-fail-if-too-many-tce-levels-requested.patch
queue-4.4/usb-gadgetfs-fix-a-potential-memory-leak-in-dev_config.patch
queue-4.4/spi_ks8995-fix-bug-key-accdaa28-not-in-.data.patch
queue-4.4/bnx2x-fix-possible-overrun-of-vfpf-multicast-addresses-array.patch
queue-4.4/thp-fix-madv_dontneed-vs.-numa-balancing-race.patch
queue-4.4/bnx2x-do-not-rollback-vf-mac-vlan-filters-we-did-not-configure.patch
queue-4.4/kdb-fix-handling-of-kallsyms_symbol_next-return-value.patch
queue-4.4/sunrpc-fix-rpc_task_begin-trace-point.patch
queue-4.4/arm-kvm-survive-unknown-traps-from-guests.patch
queue-4.4/crypto-s5p-sss-fix-completing-crypto-request-in-irq-handler.patch
queue-4.4/ib-mlx5-assign-send-cq-and-recv-cq-of-umr-qp.patch
queue-4.4/gpio-altera-use-handle_level_irq-when-configured-as-a-level_high.patch
queue-4.4/lib-genalloc.c-make-the-avail-variable-an-atomic_long_t.patch
queue-4.4/arm-omap2-gpmc-onenand-propagate-error-on-initialization-failure.patch
queue-4.4/thp-reduce-indentation-level-in-change_huge_pmd.patch
queue-4.4/revert-x86-mm-pat-ensure-cpa-pfn-only-contains-page-frame-numbers.patch
queue-4.4/afs-connect-up-the-cb.probeuuid.patch
queue-4.4/drm-amd-amdgpu-fix-console-deadlock-if-late-init-failed.patch
queue-4.4/can-kvaser_usb-ratelimit-errors-if-incomplete-messages-are-received.patch
queue-4.4/sit-update-frag_off-info.patch
queue-4.4/packet-fix-crash-in-fanout_demux_rollover.patch
queue-4.4/module-set-__jump_table-alignment-to-8.patch
queue-4.4/kvm-vmx-remove-i-o-port-0x80-bypass-on-intel-hosts.patch
queue-4.4/x86-hpet-prevent-might-sleep-splat-on-resume.patch
queue-4.4/route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch
queue-4.4/edac-i5000-i5400-fix-definition-of-nrecmemb-register.patch
queue-4.4/efi-move-some-sysfs-files-to-be-read-only-by-root.patch
queue-4.4/libata-drop-warn-from-protocol-error-in-ata_sff_qc_issue.patch
queue-4.4/virtio-release-virtio-index-when-fail-to-device_register.patch
queue-4.4/rds-fix-null-pointer-dereference-in-__rds_rdma_map.patch
queue-4.4/nfs-fix-a-typo-in-nfs_rename.patch
queue-4.4/can-kvaser_usb-free-buf-in-error-paths.patch
queue-4.4/media-dvb-i2c-transfers-over-usb-cannot-be-done-from-stack.patch
queue-4.4/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch
queue-4.4/sparc64-mm-set-fields-in-deferred-pages.patch
queue-4.4/zram-set-physical-queue-limits-to-avoid-array-out-of-bounds-accesses.patch
queue-4.4/route-also-update-fnhe_genid-when-updating-a-route-cache.patch
queue-4.4/selftest-powerpc-fix-false-failures-for-skipped-tests.patch
queue-4.4/revert-x86-efi-hoist-page-table-switching-code-into-efi_call_virt.patch
queue-4.4/asn.1-fix-out-of-bounds-read-when-parsing-indefinite-length-item.patch
queue-4.4/scsi-libsas-align-sata_device-s-rps_resp-on-a-cacheline.patch
queue-4.4/arm-avoid-faulting-on-qemu.patch
queue-4.4/edac-i5000-i5400-fix-use-of-mtr_dram_width-macro.patch
queue-4.4/jump_label-invoke-jump_label_test-via-early_initcall.patch
queue-4.4/workqueue-trigger-warn-if-queue_delayed_work-is-called-with-null-wq.patch
queue-4.4/scsi-storvsc-workaround-for-virtual-dvd-scsi-version.patch
queue-4.4/arm64-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
queue-4.4/can-kvaser_usb-fix-comparison-bug-in-kvaser_usb_read_bulk_callback.patch
queue-4.4/irqchip-crossbar-fix-incorrect-type-of-register-size.patch
queue-4.4/ipmi-stop-timers-before-cleaning-up-the-module.patch
queue-4.4/bnx2x-prevent-crash-when-accessing-ptp-with-interface-down.patch
queue-4.4/vti6-don-t-report-path-mtu-below-ipv6_min_mtu.patch
queue-4.4/revert-s390-kbuild-enable-modversions-for-symbols-exported-from-asm.patch
queue-4.4/drm-exynos-gem-drop-noncontig-flag-for-buffers-allocated-without-iommu.patch
queue-4.4/sctp-use-the-right-sk-after-waking-up-from-wait_buf-sleep.patch
queue-4.4/arm64-fpsimd-prevent-registers-leaking-from-dead-tasks.patch
queue-4.4/alsa-usb-audio-fix-out-of-bound-error.patch
queue-4.4/arm64-kvm-survive-unknown-traps-from-guests.patch
queue-4.4/dynamic-debug-howto-fix-optional-omitted-ending-line-number-to-be-large-instead-of-0.patch
queue-4.4/arm-bug-if-jumping-to-usermode-address-in-kernel-mode.patch
queue-4.4/x86-pci-make-broadcom_postcore_init-check-acpi_disabled.patch
queue-4.4/i2c-riic-fix-restart-condition.patch
queue-4.4/ib-mlx4-increase-maximal-message-size-under-ud-qp.patch
queue-4.4/usb-gadget-configs-plug-memory-leak.patch
queue-4.4/tipc-fix-memory-leak-in-tipc_accept_from_sock.patch
queue-4.4/revert-drm-armada-fix-compile-fail.patch
queue-4.4/sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch
queue-4.4/kbuild-pkg-use-transform-option-to-prefix-paths-in-tar.patch