<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/arch/x86/entry, branch master</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>Merge tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip</title>
<updated>2026-06-16T00:27:30+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-16T00:27:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c61f479852493fd2cf5ca754e42ac272b1e2d2c5'/>
<id>c61f479852493fd2cf5ca754e42ac272b1e2d2c5</id>
<content type='text'>
Pull x86 SEV updates from Borislav Petkov:

 - Remove redundant GHCB initialization guards in the SEV page state and
   SVSM call paths now that the GHCB helpers handle early-boot fallback
   internally

 - Skip SNP initialization in the CCP driver immediately when the
   preparation step fails rather than proceeding to an operation that
   will certainly fail

 - Abort SNP preparation and return an error when not all CPUs are
   online, since the firmware enforces that every CPU enables SNP and
   will fail init if not

 - Simplify the VMM communication exception entry path by replacing
   separate kernel and user mode macros with a single handler that
   dispatches based on the current privilege level

* tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
  x86/sev: Remove redundant ghcbs_initialized checks around __sev_{get,put}_ghcb()
  crypto/ccp: Skip SNP_INIT if preparation fails
  x86/sev: Do not initialize SNP if missing CPUs
  x86/entry: Zap the #VC entry user and kernel macros
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull x86 SEV updates from Borislav Petkov:

 - Remove redundant GHCB initialization guards in the SEV page state and
   SVSM call paths now that the GHCB helpers handle early-boot fallback
   internally

 - Skip SNP initialization in the CCP driver immediately when the
   preparation step fails rather than proceeding to an operation that
   will certainly fail

 - Abort SNP preparation and return an error when not all CPUs are
   online, since the firmware enforces that every CPU enables SNP and
   will fail init if not

 - Simplify the VMM communication exception entry path by replacing
   separate kernel and user mode macros with a single handler that
   dispatches based on the current privilege level

* tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
  x86/sev: Remove redundant ghcbs_initialized checks around __sev_{get,put}_ghcb()
  crypto/ccp: Skip SNP_INIT if preparation fails
  x86/sev: Do not initialize SNP if missing CPUs
  x86/entry: Zap the #VC entry user and kernel macros
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'locking-core-2026-06-14' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip</title>
<updated>2026-06-15T08:51:14+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-15T08:51:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=764e77d868a5b932c709e20ddb5993f9111a841c'/>
<id>764e77d868a5b932c709e20ddb5993f9111a841c</id>
<content type='text'>
Pull locking updates from Ingo Molnar:
 "Futex updates:

   - Optimize futex hash bucket access patterns (Peter Zijlstra)

   - Large series to address the robust futex unlock race for real, by
     Thomas Gleixner:

      "The robust futex unlock mechanism is racy in respect to the
       clearing of the robust_list_head::list_op_pending pointer because
       unlock and clearing the pointer are not atomic.

       The race window is between the unlock and clearing the pending op
       pointer. If the task is forced to exit in this window, exit will
       access a potentially invalid pending op pointer when cleaning up
       the robust list.

       That happens if another task manages to unmap the object
       containing the lock before the cleanup, which results in an UAF.

       In the worst case this UAF can lead to memory corruption when
       unrelated content has been mapped to the same address by the time
       the access happens.

       User space can't solve this problem without help from the kernel.
       This series provides the kernel side infrastructure to help it
       along:

        1) Combined unlock, pointer clearing, wake-up for the
           contended case

        2) VDSO based unlock and pointer clearing helpers with a
           fix-up function in the kernel when user space was interrupted
           within the critical section.

      ... with help by André Almeida:

        - Add a note about robust list race condition (André Almeida)
        - Add self-tests for robust release operations (André Almeida)

  Context analysis updates:

   - Implement context analysis for 'struct rt_mutex'. (Bart Van Assche)
   - Bump required Clang version to 23 (Marco Elver)

  Guard infrastructure updates:

   - Series to remove NULL check from unconditional guards (Dmitry
     Ilvokhin)

  Lockdep updates:

   - Restore self-test migrate_disable() and sched_rt_mutex state on
     PREEMPT_RT (Karl Mehltretter)

  Membarriers updates:

   - Use per-CPU mutexes for targeted commands (Aniket Gattani)
   - Modernize membarrier_global_expedited with cleanup guards (Aniket
     Gattani)
   - Add rseq stress test for CFS throttle interactions (Aniket Gattani)

  percpu-rwsems updates:

   - Extract __percpu_up_read() to optimize inlining overhead (Dmitry
     Ilvokhin)

  Seqlocks updates:

   - Allow UBSAN_ALIGNMENT to fail optimizing (Heiko Carstens)

  Lock tracing:

   - Add contended_release tracepoint to sleepable locks such as
     mutexes, percpu-rwsems, rtmutexes, rwsems and semaphores (Dmitry
     Ilvokhin)

  MAINTAINERS updates:

   - MAINTAINERS: Add RUST [SYNC] entry (Boqun Feng)

  Misc updates and fixes by Randy Dunlap, YE WEI-HONG, Fabricio Parra,
  Dmitry Ilvokhin and Peter Zijlstra"

* tag 'locking-core-2026-06-14' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: (36 commits)
  locking: Add contended_release tracepoint to sleepable locks
  locking/percpu-rwsem: Extract __percpu_up_read()
  tracing/lock: Remove unnecessary linux/sched.h include
  futex: Optimize futex hash bucket access patterns
  rust: sync: completion: Mark inline complete_all and wait_for_completion
  MAINTAINERS: Add RUST [SYNC] entry
  cleanup: Specify nonnull argument index
  selftests: futex: Add tests for robust release operations
  Documentation: futex: Add a note about robust list race condition
  x86/vdso: Implement __vdso_futex_robust_try_unlock()
  x86/vdso: Prepare for robust futex unlock support
  futex: Provide infrastructure to plug the non contended robust futex unlock race
  futex: Add robust futex unlock IP range
  futex: Add support for unlocking robust futexes
  futex: Cleanup UAPI defines
  x86: Select ARCH_MEMORY_ORDER_TSO
  uaccess: Provide unsafe_atomic_store_release_user()
  futex: Provide UABI defines for robust list entry modifiers
  futex: Move futex related mm_struct data into a struct
  futex: Make futex_mm_init() void
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull locking updates from Ingo Molnar:
 "Futex updates:

   - Optimize futex hash bucket access patterns (Peter Zijlstra)

   - Large series to address the robust futex unlock race for real, by
     Thomas Gleixner:

      "The robust futex unlock mechanism is racy in respect to the
       clearing of the robust_list_head::list_op_pending pointer because
       unlock and clearing the pointer are not atomic.

       The race window is between the unlock and clearing the pending op
       pointer. If the task is forced to exit in this window, exit will
       access a potentially invalid pending op pointer when cleaning up
       the robust list.

       That happens if another task manages to unmap the object
       containing the lock before the cleanup, which results in an UAF.

       In the worst case this UAF can lead to memory corruption when
       unrelated content has been mapped to the same address by the time
       the access happens.

       User space can't solve this problem without help from the kernel.
       This series provides the kernel side infrastructure to help it
       along:

        1) Combined unlock, pointer clearing, wake-up for the
           contended case

        2) VDSO based unlock and pointer clearing helpers with a
           fix-up function in the kernel when user space was interrupted
           within the critical section.

      ... with help by André Almeida:

        - Add a note about robust list race condition (André Almeida)
        - Add self-tests for robust release operations (André Almeida)

  Context analysis updates:

   - Implement context analysis for 'struct rt_mutex'. (Bart Van Assche)
   - Bump required Clang version to 23 (Marco Elver)

  Guard infrastructure updates:

   - Series to remove NULL check from unconditional guards (Dmitry
     Ilvokhin)

  Lockdep updates:

   - Restore self-test migrate_disable() and sched_rt_mutex state on
     PREEMPT_RT (Karl Mehltretter)

  Membarriers updates:

   - Use per-CPU mutexes for targeted commands (Aniket Gattani)
   - Modernize membarrier_global_expedited with cleanup guards (Aniket
     Gattani)
   - Add rseq stress test for CFS throttle interactions (Aniket Gattani)

  percpu-rwsems updates:

   - Extract __percpu_up_read() to optimize inlining overhead (Dmitry
     Ilvokhin)

  Seqlocks updates:

   - Allow UBSAN_ALIGNMENT to fail optimizing (Heiko Carstens)

  Lock tracing:

   - Add contended_release tracepoint to sleepable locks such as
     mutexes, percpu-rwsems, rtmutexes, rwsems and semaphores (Dmitry
     Ilvokhin)

  MAINTAINERS updates:

   - MAINTAINERS: Add RUST [SYNC] entry (Boqun Feng)

  Misc updates and fixes by Randy Dunlap, YE WEI-HONG, Fabricio Parra,
  Dmitry Ilvokhin and Peter Zijlstra"

* tag 'locking-core-2026-06-14' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: (36 commits)
  locking: Add contended_release tracepoint to sleepable locks
  locking/percpu-rwsem: Extract __percpu_up_read()
  tracing/lock: Remove unnecessary linux/sched.h include
  futex: Optimize futex hash bucket access patterns
  rust: sync: completion: Mark inline complete_all and wait_for_completion
  MAINTAINERS: Add RUST [SYNC] entry
  cleanup: Specify nonnull argument index
  selftests: futex: Add tests for robust release operations
  Documentation: futex: Add a note about robust list race condition
  x86/vdso: Implement __vdso_futex_robust_try_unlock()
  x86/vdso: Prepare for robust futex unlock support
  futex: Provide infrastructure to plug the non contended robust futex unlock race
  futex: Add robust futex unlock IP range
  futex: Add support for unlocking robust futexes
  futex: Cleanup UAPI defines
  x86: Select ARCH_MEMORY_ORDER_TSO
  uaccess: Provide unsafe_atomic_store_release_user()
  futex: Provide UABI defines for robust list entry modifiers
  futex: Move futex related mm_struct data into a struct
  futex: Make futex_mm_init() void
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'kbuild-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux</title>
<updated>2026-06-14T23:31:15+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-14T23:31:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=73f399414a84d715bb1794182aaea852b11d0962'/>
<id>73f399414a84d715bb1794182aaea852b11d0962</id>
<content type='text'>
Pull Kbuild / Kconfig updates from Nathan Chancellor:
 "Kbuild:

   - Remove broken module linking exclusion for BTF

   - Add documentation around how offset header files work

   - Include unstripped vDSO libraries in pacman packages

   - Bump minimum version of LLVM for building the kernel to 17.0.1 and
     clean up unnecessary workarounds

   - Use a context manager in run-clang-tools

   - Add dist macro value if present to release tag for RPM packages

   - Detect and report truncated buf_printf() output in modpost

   - Add __llvm_covfun and __llvm_covmap to section whitelist in modpost

   - Support Clang's distributed ThinLTO mode

   - Remove architecture specific configurations for AutoFDO and
     Propeller to ease individual architecture maintenance

  Kconfig:

   - Add kconfig-sym-check target to look for dangling Kconfig symbol
     references and invalid tristate literal values

   - Harden against potential NULL pointer dereference

   - Fix typo in Kconfig test comment"

* tag 'kbuild-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux: (31 commits)
  kconfig: tests: fix typo in comment
  kconfig: Remove the architecture specific config for Propeller
  kconfig: Remove the architecture specific config for AutoFDO
  modpost: Add __llvm_covfun and __llvm_covmap to section_white_list
  kconfig: add kconfig-sym-check static checker
  kbuild: Remove unnecessary 'T' modifier in cmd_ar_builtin_fixup
  kbuild: distributed build support for Clang ThinLTO
  kbuild: move vmlinux.a build rule to scripts/Makefile.vmlinux_a
  scripts: modpost: detect and report truncated buf_printf() output
  kbuild: rpm-pkg: append %{?dist} macro to Release tag
  run-clang-tools: run multiprocessing.Pool as context manager
  compiler-clang.h: Drop explicit version number from "all" diagnostic macro
  compiler-clang.h: Remove __cleanup -Wunused-variable workaround
  kbuild: Remove check for broken scoping with clang &lt; 17 in CC_HAS_ASM_GOTO_OUTPUT
  x86/entry/vdso32: Remove conditional omission of '.cfi_offset eflags'
  x86/module: Revert "Deal with GOT based stack cookie load on Clang &lt; 17"
  x86/build: Drop unnecessary '-ffreestanding' addition to KBUILD_CFLAGS
  scripts/Makefile.warn: Drop -Wformat handling for clang &lt; 16
  riscv: Drop tautological condition from TOOLCHAIN_NEEDS_OLD_ISA_SPEC
  riscv: Remove tautological condition from selection of ARCH_SUPPORTS_CFI
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull Kbuild / Kconfig updates from Nathan Chancellor:
 "Kbuild:

   - Remove broken module linking exclusion for BTF

   - Add documentation around how offset header files work

   - Include unstripped vDSO libraries in pacman packages

   - Bump minimum version of LLVM for building the kernel to 17.0.1 and
     clean up unnecessary workarounds

   - Use a context manager in run-clang-tools

   - Add dist macro value if present to release tag for RPM packages

   - Detect and report truncated buf_printf() output in modpost

   - Add __llvm_covfun and __llvm_covmap to section whitelist in modpost

   - Support Clang's distributed ThinLTO mode

   - Remove architecture specific configurations for AutoFDO and
     Propeller to ease individual architecture maintenance

  Kconfig:

   - Add kconfig-sym-check target to look for dangling Kconfig symbol
     references and invalid tristate literal values

   - Harden against potential NULL pointer dereference

   - Fix typo in Kconfig test comment"

* tag 'kbuild-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux: (31 commits)
  kconfig: tests: fix typo in comment
  kconfig: Remove the architecture specific config for Propeller
  kconfig: Remove the architecture specific config for AutoFDO
  modpost: Add __llvm_covfun and __llvm_covmap to section_white_list
  kconfig: add kconfig-sym-check static checker
  kbuild: Remove unnecessary 'T' modifier in cmd_ar_builtin_fixup
  kbuild: distributed build support for Clang ThinLTO
  kbuild: move vmlinux.a build rule to scripts/Makefile.vmlinux_a
  scripts: modpost: detect and report truncated buf_printf() output
  kbuild: rpm-pkg: append %{?dist} macro to Release tag
  run-clang-tools: run multiprocessing.Pool as context manager
  compiler-clang.h: Drop explicit version number from "all" diagnostic macro
  compiler-clang.h: Remove __cleanup -Wunused-variable workaround
  kbuild: Remove check for broken scoping with clang &lt; 17 in CC_HAS_ASM_GOTO_OUTPUT
  x86/entry/vdso32: Remove conditional omission of '.cfi_offset eflags'
  x86/module: Revert "Deal with GOT based stack cookie load on Clang &lt; 17"
  x86/build: Drop unnecessary '-ffreestanding' addition to KBUILD_CFLAGS
  scripts/Makefile.warn: Drop -Wformat handling for clang &lt; 16
  riscv: Drop tautological condition from TOOLCHAIN_NEEDS_OLD_ISA_SPEC
  riscv: Remove tautological condition from selection of ARCH_SUPPORTS_CFI
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/vdso: Implement __vdso_futex_robust_try_unlock()</title>
<updated>2026-06-03T09:38:52+00:00</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@kernel.org</email>
</author>
<published>2026-06-02T09:10:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a2274cc0091ed4fdce10fad68d08c529b8d3e7dd'/>
<id>a2274cc0091ed4fdce10fad68d08c529b8d3e7dd</id>
<content type='text'>
When the FUTEX_ROBUST_UNLOCK mechanism is used for unlocking (PI-)futexes,
then the unlock sequence in userspace looks like this:

  1)	robust_list_set_op_pending(mutex);
  2)	robust_list_remove(mutex);

  	lval = gettid();
  3)	if (atomic_try_cmpxchg(&amp;mutex-&gt;lock, lval, 0))
  4)		robust_list_clear_op_pending();
  	else
  5)		sys_futex(OP,...FUTEX_ROBUST_UNLOCK);

That still leaves a minimal race window between #3 and #4 where the mutex
could be acquired by some other task which observes that it is the last
user and:

  1) unmaps the mutex memory
  2) maps a different file, which ends up covering the same address

When then the original task exits before reaching #5 then the kernel robust
list handling observes the pending op entry and tries to fix up user space.

In case that the newly mapped data contains the TID of the exiting thread
at the address of the mutex/futex the kernel will set the owner died bit in
that memory and therefore corrupt unrelated data.

Provide a VDSO function which exposes the critical section window in the
VDSO symbol table. The resulting addresses are updated in the task's mm
when the VDSO is (re)map()'ed.

The core code detects when a task was interrupted within the critical
section and is about to deliver a signal. It then invokes an architecture
specific function which determines whether the pending op pointer has to be
cleared or not. The unlock assembly sequence on 64-bit is:

	mov		%esi,%eax	// Load TID into EAX
       	xor		%ecx,%ecx	// Set ECX to 0
	lock cmpxchg	%ecx,(%rdi)	// Try the TID -&gt; 0 transition
  .Lstart:
	jnz    		.Lend
	movq		%rcx,(%rdx)	// Clear list_op_pending
  .Lend:
	ret

So the decision can be simply based on the ZF state in regs-&gt;flags. The
pending op pointer is always in DX independent of the build mode
(32/64-bit) to make the pending op pointer retrieval uniform. The size of
the pointer is stored in the matching criticial section range struct and
the core code retrieves it from there. So the pointer retrieval function
does not have to care. It is bit-size independent:

     return regs-&gt;flags &amp; X86_EFLAGS_ZF ? regs-&gt;dx : NULL;

There are two entry points to handle the different robust list pending op
pointer size:

	__vdso_futex_robust_list64_try_unlock()
	__vdso_futex_robust_list32_try_unlock()

The 32-bit VDSO provides only __vdso_futex_robust_list32_try_unlock().

The 64-bit VDSO provides always __vdso_futex_robust_list64_try_unlock() and
when COMPAT is enabled also the list32 variant, which is required to
support multi-size robust list pointers used by gaming emulators.

The unlock function is inspired by an idea from Mathieu Desnoyers.

Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Reviewed-by: André Almeida &lt;andrealmeid@igalia.com&gt;
Acked-by: Uros Bizjak &lt;ubizjak@gmail.com&gt;
Link: https://lore.kernel.org/20260311185409.1988269-1-mathieu.desnoyers@efficios.com
Link: https://patch.msgid.link/20260602090535.883796247@kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the FUTEX_ROBUST_UNLOCK mechanism is used for unlocking (PI-)futexes,
then the unlock sequence in userspace looks like this:

  1)	robust_list_set_op_pending(mutex);
  2)	robust_list_remove(mutex);

  	lval = gettid();
  3)	if (atomic_try_cmpxchg(&amp;mutex-&gt;lock, lval, 0))
  4)		robust_list_clear_op_pending();
  	else
  5)		sys_futex(OP,...FUTEX_ROBUST_UNLOCK);

That still leaves a minimal race window between #3 and #4 where the mutex
could be acquired by some other task which observes that it is the last
user and:

  1) unmaps the mutex memory
  2) maps a different file, which ends up covering the same address

When then the original task exits before reaching #5 then the kernel robust
list handling observes the pending op entry and tries to fix up user space.

In case that the newly mapped data contains the TID of the exiting thread
at the address of the mutex/futex the kernel will set the owner died bit in
that memory and therefore corrupt unrelated data.

Provide a VDSO function which exposes the critical section window in the
VDSO symbol table. The resulting addresses are updated in the task's mm
when the VDSO is (re)map()'ed.

The core code detects when a task was interrupted within the critical
section and is about to deliver a signal. It then invokes an architecture
specific function which determines whether the pending op pointer has to be
cleared or not. The unlock assembly sequence on 64-bit is:

	mov		%esi,%eax	// Load TID into EAX
       	xor		%ecx,%ecx	// Set ECX to 0
	lock cmpxchg	%ecx,(%rdi)	// Try the TID -&gt; 0 transition
  .Lstart:
	jnz    		.Lend
	movq		%rcx,(%rdx)	// Clear list_op_pending
  .Lend:
	ret

So the decision can be simply based on the ZF state in regs-&gt;flags. The
pending op pointer is always in DX independent of the build mode
(32/64-bit) to make the pending op pointer retrieval uniform. The size of
the pointer is stored in the matching criticial section range struct and
the core code retrieves it from there. So the pointer retrieval function
does not have to care. It is bit-size independent:

     return regs-&gt;flags &amp; X86_EFLAGS_ZF ? regs-&gt;dx : NULL;

There are two entry points to handle the different robust list pending op
pointer size:

	__vdso_futex_robust_list64_try_unlock()
	__vdso_futex_robust_list32_try_unlock()

The 32-bit VDSO provides only __vdso_futex_robust_list32_try_unlock().

The 64-bit VDSO provides always __vdso_futex_robust_list64_try_unlock() and
when COMPAT is enabled also the list32 variant, which is required to
support multi-size robust list pointers used by gaming emulators.

The unlock function is inspired by an idea from Mathieu Desnoyers.

Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Reviewed-by: André Almeida &lt;andrealmeid@igalia.com&gt;
Acked-by: Uros Bizjak &lt;ubizjak@gmail.com&gt;
Link: https://lore.kernel.org/20260311185409.1988269-1-mathieu.desnoyers@efficios.com
Link: https://patch.msgid.link/20260602090535.883796247@kernel.org
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/vdso: Prepare for robust futex unlock support</title>
<updated>2026-06-03T09:38:52+00:00</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@kernel.org</email>
</author>
<published>2026-06-02T09:10:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=61cfc8e372d1971e0a96d3f1f8b5ee29916b3385'/>
<id>61cfc8e372d1971e0a96d3f1f8b5ee29916b3385</id>
<content type='text'>
There will be a VDSO function to unlock non-contended robust futexes in
user space. The unlock sequence is racy vs. clearing the list_pending_op
pointer in the task's robust list head. To plug this race the kernel needs
to know the critical section window so it can clear the pointer when the
task is interrupted within that race window. The window is determined by
labels in the inline assembly.

Add these symbols to the vdso2c generator and use them in the VDSO VMA code
to update the critical section addresses in mm_struct::futex on (re)map().

The symbols are not exported to user space, but available in the debug
version of the vDSO.

Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Reviewed-by: André Almeida &lt;andrealmeid@igalia.com&gt;
Link: https://patch.msgid.link/20260602090535.828312645@kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
There will be a VDSO function to unlock non-contended robust futexes in
user space. The unlock sequence is racy vs. clearing the list_pending_op
pointer in the task's robust list head. To plug this race the kernel needs
to know the critical section window so it can clear the pointer when the
task is interrupted within that race window. The window is determined by
labels in the inline assembly.

Add these symbols to the vdso2c generator and use them in the VDSO VMA code
to update the critical section addresses in mm_struct::futex on (re)map().

The symbols are not exported to user space, but available in the debug
version of the vDSO.

Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Reviewed-by: André Almeida &lt;andrealmeid@igalia.com&gt;
Link: https://patch.msgid.link/20260602090535.828312645@kernel.org
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/kvm/vmx: Fix x86_64 CFI build</title>
<updated>2026-05-28T09:31:50+00:00</updated>
<author>
<name>Peter Zijlstra</name>
<email>peterz@infradead.org</email>
</author>
<published>2026-05-26T09:06:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8aeb879baf12fe64889f019da9a4f8347c604e91'/>
<id>8aeb879baf12fe64889f019da9a4f8347c604e91</id>
<content type='text'>
It was missed that idt_do_interrupt_irqoff() gets compiled on x84_64;
this is a problem for CFI builds because it includes an unadorned
indirect call. It is however completely dead code.

Rework things to not emit this function at all.

Fixes: 0701c9e17bd9 ("x86/kvm/vmx: Move IRQ/NMI dispatch from KVM into x86 core")
Reported-by: Nathan Chancellor &lt;nathan@kernel.org&gt;
Reported-by: Calvin Owens &lt;calvin@wbinvd.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Tested-by: Nathan Chancellor &lt;nathan@kernel.org&gt;
Link: https://patch.msgid.link/20260526090631.GA4149641@noisy.programming.kicks-ass.net
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It was missed that idt_do_interrupt_irqoff() gets compiled on x84_64;
this is a problem for CFI builds because it includes an unadorned
indirect call. It is however completely dead code.

Rework things to not emit this function at all.

Fixes: 0701c9e17bd9 ("x86/kvm/vmx: Move IRQ/NMI dispatch from KVM into x86 core")
Reported-by: Nathan Chancellor &lt;nathan@kernel.org&gt;
Reported-by: Calvin Owens &lt;calvin@wbinvd.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Tested-by: Nathan Chancellor &lt;nathan@kernel.org&gt;
Link: https://patch.msgid.link/20260526090631.GA4149641@noisy.programming.kicks-ass.net
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/entry/vdso32: Remove conditional omission of '.cfi_offset eflags'</title>
<updated>2026-05-27T22:20:06+00:00</updated>
<author>
<name>Nathan Chancellor</name>
<email>nathan@kernel.org</email>
</author>
<published>2026-05-17T23:05:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4e7af20d0d1043d9eb10a422c64d91de973384c1'/>
<id>4e7af20d0d1043d9eb10a422c64d91de973384c1</id>
<content type='text'>
Now that the minimum supported version of LLVM for building the kernel
has been raised to 17.0.1, the inclusion condition added by

  3e30278e0c71 ("x86/entry/vdso32: Omit '.cfi_offset eflags' for LLVM &lt; 16")

will always be true. Revert the change to clean up the source code.

Acked-by: H. Peter Anvin (Intel) &lt;hpa@zytor.com&gt;
Link: https://patch.msgid.link/20260517-bump-minimum-supported-llvm-version-to-17-v2-13-b3b8cda46bdd@kernel.org
Signed-off-by: Nathan Chancellor &lt;nathan@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Now that the minimum supported version of LLVM for building the kernel
has been raised to 17.0.1, the inclusion condition added by

  3e30278e0c71 ("x86/entry/vdso32: Omit '.cfi_offset eflags' for LLVM &lt; 16")

will always be true. Revert the change to clean up the source code.

Acked-by: H. Peter Anvin (Intel) &lt;hpa@zytor.com&gt;
Link: https://patch.msgid.link/20260517-bump-minimum-supported-llvm-version-to-17-v2-13-b3b8cda46bdd@kernel.org
Signed-off-by: Nathan Chancellor &lt;nathan@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/kvm/vmx: Fix VMX vs hrtimer_rearm_deferred()</title>
<updated>2026-05-19T18:25:51+00:00</updated>
<author>
<name>Peter Zijlstra</name>
<email>peterz@infradead.org</email>
</author>
<published>2026-04-23T15:56:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5fcc48d521877c5d83828d715c81f4d169ef97f3'/>
<id>5fcc48d521877c5d83828d715c81f4d169ef97f3</id>
<content type='text'>
Vishal reported that KVM unit test 'x2apic' started failing after commit
0e98eb14814e ("entry: Prepare for deferred hrtimer rearming").

The reason is that KVM/VMX is injecting interrupts while it has interrupts
disabled, for a context that will enable interrupts, this means that
regs-&gt;flags.X86_EFLAGS_IF == 0 and irqentry_exit() will not do the right
thing.

Notably, irqentry_exit() must not call hrtimer_rearm_deferred() when the return
context does not have IF set, because this will cause problems vs NMIs.

Therefore, fix up the state after the injection.

Fixes: 0e98eb14814e ("entry: Prepare for deferred hrtimer rearming")
Reported-by: "Verma, Vishal L" &lt;vishal.l.verma@intel.com&gt;
Suggested-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Tested-by: "Verma, Vishal L" &lt;vishal.l.verma@intel.com&gt;
Tested-by: David Woodhouse &lt;dwmw@amazon.co.uk&gt;
Tested-by: Zhao Liu &lt;zhao1.liu@intel.com&gt;
Tested-by: Sean Christopherson &lt;seanjc@google.com&gt;
Reviewed-by: Binbin Wu &lt;binbin.wu@linux.intel.com&gt;
Link: https://patch.msgid.link/20260423155936.957351833@infradead.org
Closes: https://lore.kernel.org/r/70cd3e97fbb796e2eb2ff8cd4b7614ada05a5f24.camel%40intel.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Vishal reported that KVM unit test 'x2apic' started failing after commit
0e98eb14814e ("entry: Prepare for deferred hrtimer rearming").

The reason is that KVM/VMX is injecting interrupts while it has interrupts
disabled, for a context that will enable interrupts, this means that
regs-&gt;flags.X86_EFLAGS_IF == 0 and irqentry_exit() will not do the right
thing.

Notably, irqentry_exit() must not call hrtimer_rearm_deferred() when the return
context does not have IF set, because this will cause problems vs NMIs.

Therefore, fix up the state after the injection.

Fixes: 0e98eb14814e ("entry: Prepare for deferred hrtimer rearming")
Reported-by: "Verma, Vishal L" &lt;vishal.l.verma@intel.com&gt;
Suggested-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Tested-by: "Verma, Vishal L" &lt;vishal.l.verma@intel.com&gt;
Tested-by: David Woodhouse &lt;dwmw@amazon.co.uk&gt;
Tested-by: Zhao Liu &lt;zhao1.liu@intel.com&gt;
Tested-by: Sean Christopherson &lt;seanjc@google.com&gt;
Reviewed-by: Binbin Wu &lt;binbin.wu@linux.intel.com&gt;
Link: https://patch.msgid.link/20260423155936.957351833@infradead.org
Closes: https://lore.kernel.org/r/70cd3e97fbb796e2eb2ff8cd4b7614ada05a5f24.camel%40intel.com
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/kvm/vmx: Move IRQ/NMI dispatch from KVM into x86 core</title>
<updated>2026-05-19T18:25:51+00:00</updated>
<author>
<name>Peter Zijlstra</name>
<email>peterz@infradead.org</email>
</author>
<published>2026-05-08T09:18:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0701c9e17bd903d95b2ddf7dd2e1d8be5027f331'/>
<id>0701c9e17bd903d95b2ddf7dd2e1d8be5027f331</id>
<content type='text'>
Move the VMX interrupt dispatch magic into the x86 core code. This
isolates KVM from the FRED/IDT decisions and reduces the amount of
EXPORT_SYMBOL_FOR_KVM().

Suggested-by: Sean Christopherson &lt;seanjc@google.com&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Tested-by: "Verma, Vishal L" &lt;vishal.l.verma@intel.com&gt;
Tested-by: Zhao Liu &lt;zhao1.liu@intel.com&gt;
Tested-by: Zhao Liu &lt;zhao1.liu@intel.com&gt;
Tested-by: Sean Christopherson &lt;seanjc@google.com&gt;
Reviewed-by: Binbin Wu &lt;binbin.wu@linxu.intel.com&gt;
Acked-by: Sean Christopherson &lt;seanjc@google.com&gt;
Link: https://patch.msgid.link/20260508091829.GO3126523@noisy.programming.kicks-ass.net
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move the VMX interrupt dispatch magic into the x86 core code. This
isolates KVM from the FRED/IDT decisions and reduces the amount of
EXPORT_SYMBOL_FOR_KVM().

Suggested-by: Sean Christopherson &lt;seanjc@google.com&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Tested-by: "Verma, Vishal L" &lt;vishal.l.verma@intel.com&gt;
Tested-by: Zhao Liu &lt;zhao1.liu@intel.com&gt;
Tested-by: Zhao Liu &lt;zhao1.liu@intel.com&gt;
Tested-by: Sean Christopherson &lt;seanjc@google.com&gt;
Reviewed-by: Binbin Wu &lt;binbin.wu@linxu.intel.com&gt;
Acked-by: Sean Christopherson &lt;seanjc@google.com&gt;
Link: https://patch.msgid.link/20260508091829.GO3126523@noisy.programming.kicks-ass.net
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/vdso: Fix incorrect size in munmap() on map_vdso() failure</title>
<updated>2026-05-19T14:36:34+00:00</updated>
<author>
<name>Guilherme Giacomo Simoes</name>
<email>trintaeoitogc@gmail.com</email>
</author>
<published>2026-05-03T19:16:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b088fe35019433541225d315263d8477899e0657'/>
<id>b088fe35019433541225d315263d8477899e0657</id>
<content type='text'>
In map_vdso(), if a failure occurs during the installation of the VVAR
mappings, the error path attempts to clean up previously allocated mappings
using do_munmap(). However, the cleanup for the VVAR mapping is incorrectly
using image-&gt;size (the size of the vDSO text) instead of the actual size
allocated for the VVAR area.

Replace the incorrect do_munmap() image-&gt;size parameter with the constant
VDSO_NR_PAGES * PAGE_SIZE. Ensure the unmap size exactly matches the size
used during the vdso_install_vvar_mapping() phase to provide a symmetrical
and complete teardown of the memory region.

Fixes: e93d2521b27f ("x86/vdso: Split virtual clock pages into dedicated mapping")
Signed-off-by: Guilherme Giacomo Simoes &lt;trintaeoitogc@gmail.com&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Reviewed-by: Thomas Weißschuh &lt;thomas.weissschuh@linutronix.de&gt;
Link: https://patch.msgid.link/20260503191609.551817-1-trintaeoitogc@gmail.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In map_vdso(), if a failure occurs during the installation of the VVAR
mappings, the error path attempts to clean up previously allocated mappings
using do_munmap(). However, the cleanup for the VVAR mapping is incorrectly
using image-&gt;size (the size of the vDSO text) instead of the actual size
allocated for the VVAR area.

Replace the incorrect do_munmap() image-&gt;size parameter with the constant
VDSO_NR_PAGES * PAGE_SIZE. Ensure the unmap size exactly matches the size
used during the vdso_install_vvar_mapping() phase to provide a symmetrical
and complete teardown of the memory region.

Fixes: e93d2521b27f ("x86/vdso: Split virtual clock pages into dedicated mapping")
Signed-off-by: Guilherme Giacomo Simoes &lt;trintaeoitogc@gmail.com&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@kernel.org&gt;
Reviewed-by: Thomas Weißschuh &lt;thomas.weissschuh@linutronix.de&gt;
Link: https://patch.msgid.link/20260503191609.551817-1-trintaeoitogc@gmail.com
</pre>
</div>
</content>
</entry>
</feed>
