Skip to content

Commit

Permalink
Merge stable kernel version v6.1.78
Browse files Browse the repository at this point in the history
  • Loading branch information
@pcolberg
pcolberg committed Feb 21, 2024
2 parents ba2f178 + 8b4118f commit 6b0d820
Show file tree
Hide file tree
Showing 4,343 changed files with 65,299 additions and 35,613 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
6 changes: 3 additions & 3 deletions Documentation/ABI/testing/sysfs-bus-fsi-devices-sbefifo
View file
Expand Up @@ -5,6 +5,6 @@ Description:
Indicates whether or not this SBE device has experienced a
timeout; i.e. the SBE did not respond within the time allotted
by the driver. A value of 1 indicates that a timeout has
ocurred and no transfers have completed since the timeout. A
value of 0 indicates that no timeout has ocurred, or if one
has, more recent transfers have completed successful.
occurred and no transfers have completed since the timeout. A
value of 0 indicates that no timeout has occurred, or if one
has, more recent transfers have completed successfully.
9 changes: 9 additions & 0 deletions Documentation/ABI/testing/sysfs-bus-optee-devices
View file
Expand Up @@ -6,3 +6,12 @@ Description:
OP-TEE bus provides reference to registered drivers under this directory. The <uuid>
matches Trusted Application (TA) driver and corresponding TA in secure OS. Drivers
are free to create needed API under optee-ta-<uuid> directory.

What: /sys/bus/tee/devices/optee-ta-<uuid>/need_supplicant
Date: November 2023
KernelVersion: 6.7
Contact: op-tee@lists.trustedfirmware.org
Description:
Allows to distinguish whether an OP-TEE based TA/device requires user-space
tee-supplicant to function properly or not. This attribute will be present for
devices which depend on tee-supplicant to be running.
3 changes: 3 additions & 0 deletions Documentation/ABI/testing/sysfs-class-devfreq
View file
Expand Up @@ -52,6 +52,9 @@ Description:

echo 0 > /sys/class/devfreq/.../trans_stat

If the transition table is bigger than PAGE_SIZE, reading
this will return an -EFBIG error.

What: /sys/class/devfreq/.../available_frequencies
Date: October 2012
Contact: Nishanth Menon <nm@ti.com>
Expand Down
22 changes: 11 additions & 11 deletions Documentation/ABI/testing/sysfs-class-net-queues
View file
@@ -1,4 +1,4 @@
What: /sys/class/<iface>/queues/rx-<queue>/rps_cpus
What: /sys/class/net/<iface>/queues/rx-<queue>/rps_cpus
Date: March 2010
KernelVersion: 2.6.35
Contact: netdev@vger.kernel.org
Expand All @@ -8,31 +8,31 @@ Description:
network device queue. Possible values depend on the number
of available CPU(s) in the system.

What: /sys/class/<iface>/queues/rx-<queue>/rps_flow_cnt
What: /sys/class/net/<iface>/queues/rx-<queue>/rps_flow_cnt
Date: April 2010
KernelVersion: 2.6.35
Contact: netdev@vger.kernel.org
Description:
Number of Receive Packet Steering flows being currently
processed by this particular network device receive queue.

What: /sys/class/<iface>/queues/tx-<queue>/tx_timeout
What: /sys/class/net/<iface>/queues/tx-<queue>/tx_timeout
Date: November 2011
KernelVersion: 3.3
Contact: netdev@vger.kernel.org
Description:
Indicates the number of transmit timeout events seen by this
network interface transmit queue.

What: /sys/class/<iface>/queues/tx-<queue>/tx_maxrate
What: /sys/class/net/<iface>/queues/tx-<queue>/tx_maxrate
Date: March 2015
KernelVersion: 4.1
Contact: netdev@vger.kernel.org
Description:
A Mbps max-rate set for the queue, a value of zero means disabled,
default is disabled.

What: /sys/class/<iface>/queues/tx-<queue>/xps_cpus
What: /sys/class/net/<iface>/queues/tx-<queue>/xps_cpus
Date: November 2010
KernelVersion: 2.6.38
Contact: netdev@vger.kernel.org
Expand All @@ -42,7 +42,7 @@ Description:
network device transmit queue. Possible vaules depend on the
number of available CPU(s) in the system.

What: /sys/class/<iface>/queues/tx-<queue>/xps_rxqs
What: /sys/class/net/<iface>/queues/tx-<queue>/xps_rxqs
Date: June 2018
KernelVersion: 4.18.0
Contact: netdev@vger.kernel.org
Expand All @@ -53,7 +53,7 @@ Description:
number of available receive queue(s) in the network device.
Default is disabled.

What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/hold_time
What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/hold_time
Date: November 2011
KernelVersion: 3.3
Contact: netdev@vger.kernel.org
Expand All @@ -62,15 +62,15 @@ Description:
of this particular network device transmit queue.
Default value is 1000.

What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/inflight
What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/inflight
Date: November 2011
KernelVersion: 3.3
Contact: netdev@vger.kernel.org
Description:
Indicates the number of bytes (objects) in flight on this
network device transmit queue.

What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/limit
What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/limit
Date: November 2011
KernelVersion: 3.3
Contact: netdev@vger.kernel.org
Expand All @@ -79,7 +79,7 @@ Description:
on this network device transmit queue. This value is clamped
to be within the bounds defined by limit_max and limit_min.

What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/limit_max
What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/limit_max
Date: November 2011
KernelVersion: 3.3
Contact: netdev@vger.kernel.org
Expand All @@ -88,7 +88,7 @@ Description:
queued on this network device transmit queue. See
include/linux/dynamic_queue_limits.h for the default value.

What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/limit_min
What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/limit_min
Date: November 2011
KernelVersion: 3.3
Contact: netdev@vger.kernel.org
Expand Down
13 changes: 7 additions & 6 deletions Documentation/ABI/testing/sysfs-devices-system-cpu
View file
Expand Up @@ -513,17 +513,18 @@ Description: information about CPUs heterogeneity.
cpu_capacity: capacity of cpuX.

What: /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/gather_data_sampling
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
/sys/devices/system/cpu/vulnerabilities/l1tf
/sys/devices/system/cpu/vulnerabilities/mds
/sys/devices/system/cpu/vulnerabilities/meltdown
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
/sys/devices/system/cpu/vulnerabilities/retbleed
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
/sys/devices/system/cpu/vulnerabilities/spectre_v1
/sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
/sys/devices/system/cpu/vulnerabilities/l1tf
/sys/devices/system/cpu/vulnerabilities/mds
/sys/devices/system/cpu/vulnerabilities/srbds
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
/sys/devices/system/cpu/vulnerabilities/retbleed
Date: January 2018
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
Description: Information about CPU vulnerabilities
Expand Down
2 changes: 1 addition & 1 deletion Documentation/ABI/testing/sysfs-driver-chromeos-acpi
View file
Expand Up @@ -134,4 +134,4 @@ KernelVersion: 5.19
Description:
Returns the verified boot data block shared between the
firmware verification step and the kernel verification step
(binary).
(hex dump).
11 changes: 11 additions & 0 deletions Documentation/ABI/testing/sysfs-module
View file
Expand Up @@ -60,3 +60,14 @@ Description: Module taint flags:
C staging driver module
E unsigned module
== =====================

What: /sys/module/grant_table/parameters/free_per_iteration
Date: July 2023
KernelVersion: 6.5 but backported to all supported stable branches
Contact: Xen developer discussion <xen-devel@lists.xenproject.org>
Description: Read and write number of grant entries to attempt to free per iteration.

Note: Future versions of Xen and Linux may provide a better
interface for controlling the rate of deferred grant reclaim
or may not need it at all.
Users: Qubes OS (https://www.qubes-os.org)
4 changes: 4 additions & 0 deletions Documentation/accounting/psi.rst
View file
Expand Up @@ -105,6 +105,10 @@ prevent overly frequent polling. Max limit is chosen as a high enough number
after which monitors are most likely not needed and psi averages can be used
instead.

Unprivileged users can also create monitors, with the only limitation that the
window size must be a multiple of 2s, in order to prevent excessive resource
usage.

When activated, psi monitor stays active for at least the duration of one
tracking window to avoid repeated activations/deactivations when system is
bouncing in and out of the stall state.
Expand Down
2 changes: 1 addition & 1 deletion Documentation/admin-guide/abi-obsolete.rst
View file
Expand Up @@ -7,5 +7,5 @@ marked to be removed at some later point in time.
The description of the interface will document the reason why it is
obsolete and when it can be expected to be removed.

.. kernel-abi:: $srctree/Documentation/ABI/obsolete
.. kernel-abi:: ABI/obsolete
:rst:
2 changes: 1 addition & 1 deletion Documentation/admin-guide/abi-removed.rst
View file
@@ -1,5 +1,5 @@
ABI removed symbols
===================

.. kernel-abi:: $srctree/Documentation/ABI/removed
.. kernel-abi:: ABI/removed
:rst:
2 changes: 1 addition & 1 deletion Documentation/admin-guide/abi-stable.rst
View file
Expand Up @@ -10,5 +10,5 @@ for at least 2 years.
Most interfaces (like syscalls) are expected to never change and always
be available.

.. kernel-abi:: $srctree/Documentation/ABI/stable
.. kernel-abi:: ABI/stable
:rst:
2 changes: 1 addition & 1 deletion Documentation/admin-guide/abi-testing.rst
View file
Expand Up @@ -16,5 +16,5 @@ Programs that use these interfaces are strongly encouraged to add their
name to the description of these interfaces, so that the kernel
developers can easily notify them if any changes occur.

.. kernel-abi:: $srctree/Documentation/ABI/testing
.. kernel-abi:: ABI/testing
:rst:
9 changes: 7 additions & 2 deletions Documentation/admin-guide/cgroup-v1/memory.rst
View file
Expand Up @@ -91,8 +91,13 @@ Brief summary of control files.
memory.oom_control set/show oom controls.
memory.numa_stat show the number of memory usage per numa
node
memory.kmem.limit_in_bytes This knob is deprecated and writing to
it will return -ENOTSUPP.
memory.kmem.limit_in_bytes Deprecated knob to set and read the kernel
memory hard limit. Kernel hard limit is not
supported since 5.16. Writing any value to
do file will not have any effect same as if
nokmem kernel parameter was specified.
Kernel memory is still charged and reported
by memory.kmem.usage_in_bytes.
memory.kmem.usage_in_bytes show current kernel memory allocation
memory.kmem.failcnt show the number of kernel memory usage
hits limits
Expand Down
109 changes: 109 additions & 0 deletions Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
View file
@@ -0,0 +1,109 @@
.. SPDX-License-Identifier: GPL-2.0
GDS - Gather Data Sampling
==========================

Gather Data Sampling is a hardware vulnerability which allows unprivileged
speculative access to data which was previously stored in vector registers.

Problem
-------
When a gather instruction performs loads from memory, different data elements
are merged into the destination vector register. However, when a gather
instruction that is transiently executed encounters a fault, stale data from
architectural or internal vector registers may get transiently forwarded to the
destination vector register instead. This will allow a malicious attacker to
infer stale data using typical side channel techniques like cache timing
attacks. GDS is a purely sampling-based attack.

The attacker uses gather instructions to infer the stale vector register data.
The victim does not need to do anything special other than use the vector
registers. The victim does not need to use gather instructions to be
vulnerable.

Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
are possible.

Attack scenarios
----------------
Without mitigation, GDS can infer stale data across virtually all
permission boundaries:

Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users

Because of this, it is important to ensure that the mitigation stays enabled in
lower-privilege contexts like guests and when running outside SGX enclaves.

The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure
that guests are not allowed to disable the GDS mitigation. If a host erred and
allowed this, a guest could theoretically disable GDS mitigation, mount an
attack, and re-enable it.

Mitigation mechanism
--------------------
This issue is mitigated in microcode. The microcode defines the following new
bits:

================================ === ============================
IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability
and mitigation support.
IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable.
IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation
0 by default.
IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes
to GDS_MITG_DIS are ignored
Can't be cleared once set.
================================ === ============================

GDS can also be mitigated on systems that don't have updated microcode by
disabling AVX. This can be done by setting gather_data_sampling="force" or
"clearcpuid=avx" on the kernel command-line.

If used, these options will disable AVX use by turning off XSAVE YMM support.
However, the processor will still enumerate AVX support. Userspace that
does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
support will break.

Mitigation control on the kernel command line
---------------------------------------------
The mitigation can be disabled by setting "gather_data_sampling=off" or
"mitigations=off" on the kernel command line. Not specifying either will default
to the mitigation being enabled. Specifying "gather_data_sampling=force" will
use the microcode mitigation when available or disable AVX on affected systems
where the microcode hasn't been updated to include the mitigation.

GDS System Information
------------------------
The kernel provides vulnerability status information through sysfs. For
GDS this can be accessed by the following sysfs file:

/sys/devices/system/cpu/vulnerabilities/gather_data_sampling

The possible values contained in this file are:

============================== =============================================
Not affected Processor not vulnerable.
Vulnerable Processor vulnerable and mitigation disabled.
Vulnerable: No microcode Processor vulnerable and microcode is missing
mitigation.
Mitigation: AVX disabled,
no microcode Processor is vulnerable and microcode is missing
mitigation. AVX disabled as mitigation.
Mitigation: Microcode Processor is vulnerable and mitigation is in
effect.
Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
effect and cannot be disabled.
Unknown: Dependent on
hypervisor status Running on a virtual guest processor that is
affected but with no way to know if host
processor is mitigated or vulnerable.
============================== =============================================

GDS Default mitigation
----------------------
The updated microcode will enable the mitigation by default. The kernel's
default action is to leave the mitigation enabled.
2 changes: 2 additions & 0 deletions Documentation/admin-guide/hw-vuln/index.rst
View file
Expand Up @@ -19,3 +19,5 @@ are configurable at compile, boot or run time.
l1d_flush.rst
processor_mmio_stale_data.rst
cross-thread-rsb.rst
gather_data_sampling.rst
srso

0 comments on commit 6b0d820

Please sign in to comment.