Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f85543ba authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge 4.9.120 into android-4.9 



Changes in 4.9.120
	ext4: fix check to prevent initializing reserved inodes
	tpm: fix race condition in tpm_common_write()
	parisc: Enable CONFIG_MLONGCALLS by default
	parisc: Define mb() and add memory barriers to assembler unlock sequences
	kasan: add no_sanitize attribute for clang builds
	Mark HI and TASKLET softirq synchronous
	xen/netfront: don't cache skb_shinfo()
	ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
	scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
	init: rename and re-order boot_cpu_state_init()
	root dentries need RCU-delayed freeing
	make sure that __dentry_kill() always invalidates d_seq, unhashed or not
	fix mntput/mntput race
	fix __legitimize_mnt()/mntput() race
	proc/sysctl: prune stale dentries during unregistering
	proc/sysctl: Don't grab i_lock under sysctl_lock.
	proc: Fix proc_sys_prune_dcache to hold a sb reference
	IB/core: Make testing MR flags for writability a static inline function
	IB/mlx4: Mark user MR as writable if actual virtual memory is writable
	mtd: nand: qcom: Add a NULL check for devm_kasprintf()
	IB/ocrdma: fix out of bounds access to local buffer
	ARM: dts: imx6sx: fix irq for pcie bridge
	x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
	x86/speculation: Protect against userspace-userspace spectreRSB
	kprobes/x86: Fix %p uses in error messages
	x86/irqflags: Provide a declaration for native_save_fl
	x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
	mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
	x86/speculation/l1tf: Change order of offset/type in swap entry
	x86/speculation/l1tf: Protect swap entries against L1TF
	x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
	x86/speculation/l1tf: Make sure the first page is always reserved
	x86/speculation/l1tf: Add sysfs reporting for l1tf
	x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
	x86/speculation/l1tf: Limit swap file size to MAX_PA/2
	x86/bugs: Move the l1tf function and define pr_fmt properly
	x86/smp: Provide topology_is_primary_thread()
	x86/topology: Provide topology_smt_supported()
	cpu/hotplug: Make bringup/teardown of smp threads symmetric
	cpu/hotplug: Split do_cpu_down()
	cpu/hotplug: Provide knobs to control SMT
	x86/cpu: Remove the pointless CPU printout
	x86/cpu/AMD: Remove the pointless detect_ht() call
	x86/cpu/common: Provide detect_ht_early()
	x86/cpu/topology: Provide detect_extended_topology_early()
	x86/cpu/intel: Evaluate smp_num_siblings early
	x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
	x86/cpu/AMD: Evaluate smp_num_siblings early
	x86/apic: Ignore secondary threads if nosmt=force
	x86/speculation/l1tf: Extend 64bit swap file size limit
	x86/cpufeatures: Add detection of L1D cache flush support.
	x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
	x86/speculation/l1tf: Protect PAE swap entries against L1TF
	x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
	Revert "x86/apic: Ignore secondary threads if nosmt=force"
	cpu/hotplug: Boot HT siblings at least once
	x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
	x86/KVM/VMX: Add module argument for L1TF mitigation
	x86/KVM/VMX: Add L1D flush algorithm
	x86/KVM/VMX: Add L1D MSR based flush
	x86/KVM/VMX: Add L1D flush logic
	kvm: nVMX: Update MSR load counts on a VMCS switch
	x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
	x86/KVM/VMX: Add find_msr() helper function
	x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
	x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
	x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
	cpu/hotplug: Online siblings when SMT control is turned on
	x86/litf: Introduce vmx status variable
	x86/kvm: Drop L1TF MSR list approach
	x86/l1tf: Handle EPT disabled state proper
	x86/kvm: Move l1tf setup function
	x86/kvm: Add static key for flush always
	x86/kvm: Serialize L1D flush parameter setter
	x86/kvm: Allow runtime control of L1D flush
	cpu/hotplug: Expose SMT control init function
	cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
	x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
	Documentation: Add section about CPU vulnerabilities
	x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
	Documentation/l1tf: Fix typos
	cpu/hotplug: detect SMT disabled by BIOS
	x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
	x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
	x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
	x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
	x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
	x86: Don't include linux/irq.h from asm/hardirq.h
	x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
	x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
	Documentation/l1tf: Remove Yonah processors from not vulnerable list
	KVM: x86: Add a framework for supporting MSR-based features
	KVM: SVM: Add MSR-based feature support for serializing LFENCE
	KVM: X86: Introduce kvm_get_msr_feature()
	KVM: X86: Allow userspace to define the microcode version
	KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
	x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
	x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
	KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
	cpu/hotplug: Fix SMT supported evaluation
	x86/speculation/l1tf: Invert all not present mappings
	x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
	x86/mm/pat: Make set_memory_np() L1TF safe
	x86/mm/kmmio: Make the tracer robust against L1TF
	tools headers: Synchronise x86 cpufeatures.h for L1TF additions
	x86/microcode: Do not upload microcode if CPUs are offline
	x86/microcode: Allow late microcode loading with SMT disabled
	x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread
	cpu/hotplug: Non-SMP machines do not make use of booted_once
	x86/init: fix build with CONFIG_SWAP=n
	x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
	x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h
	x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
	Linux 4.9.120

Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
parents 9dc978d4 93e02ae4

Documentation/ABI/testing/sysfs-devices-system-cpu

+24 −0
Original line number Diff line number Diff line
@@ -356,6 +356,7 @@ What: /sys/devices/system/cpu/vulnerabilities 
		/sys/devices/system/cpu/vulnerabilities/spectre_v1

		/sys/devices/system/cpu/vulnerabilities/spectre_v2

		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass

		/sys/devices/system/cpu/vulnerabilities/l1tf

Date:		January 2018

Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>

Description:	Information about CPU vulnerabilities
@@ -367,3 +368,26 @@ Description: Information about CPU vulnerabilities 
		"Not affected"	  CPU is not affected by the vulnerability

		"Vulnerable"	  CPU is affected and no mitigation in effect

		"Mitigation: $M"  CPU is affected and mitigation $M is in effect



		Details about the l1tf file can be found in

		Documentation/admin-guide/l1tf.rst



What:		/sys/devices/system/cpu/smt

		/sys/devices/system/cpu/smt/active

		/sys/devices/system/cpu/smt/control

Date:		June 2018

Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>

Description:	Control Symetric Multi Threading (SMT)



		active:  Tells whether SMT is active (enabled and siblings online)



		control: Read/write interface to control SMT. Possible

			 values:



			 "on"		SMT is enabled

			 "off"		SMT is disabled

			 "forceoff"	SMT is force disabled. Cannot be changed.

			 "notsupported" SMT is not supported by the CPU



			 If control status is "forceoff" or "notsupported" writes

			 are rejected.

Documentation/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ Contents: 
   :maxdepth: 2



   kernel-documentation

   l1tf

   development-process/index

   dev-tools/tools

   driver-api/index

Documentation/kernel-parameters.txt

+78 −0
Original line number Diff line number Diff line
@@ -2022,10 +2022,84 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 
			(virtualized real and unpaged mode) on capable

			Intel chips. Default is 1 (enabled)



	kvm-intel.vmentry_l1d_flush=[KVM,Intel] Mitigation for L1 Terminal Fault

			CVE-2018-3620.



			Valid arguments: never, cond, always



			always: L1D cache flush on every VMENTER.

			cond:	Flush L1D on VMENTER only when the code between

				VMEXIT and VMENTER can leak host memory.

			never:	Disables the mitigation



			Default is cond (do L1 cache flush in specific instances)



	kvm-intel.vpid=	[KVM,Intel] Disable Virtual Processor Identification

			feature (tagged TLBs) on capable Intel chips.

			Default is 1 (enabled)



	l1tf=           [X86] Control mitigation of the L1TF vulnerability on

			      affected CPUs



			The kernel PTE inversion protection is unconditionally

			enabled and cannot be disabled.



			full

				Provides all available mitigations for the

				L1TF vulnerability. Disables SMT and

				enables all mitigations in the

				hypervisors, i.e. unconditional L1D flush.



				SMT control and L1D flush control via the

				sysfs interface is still possible after

				boot.  Hypervisors will issue a warning

				when the first VM is started in a

				potentially insecure configuration,

				i.e. SMT enabled or L1D flush disabled.



			full,force

				Same as 'full', but disables SMT and L1D

				flush runtime control. Implies the

				'nosmt=force' command line option.

				(i.e. sysfs control of SMT is disabled.)



			flush

				Leaves SMT enabled and enables the default

				hypervisor mitigation, i.e. conditional

				L1D flush.



				SMT control and L1D flush control via the

				sysfs interface is still possible after

				boot.  Hypervisors will issue a warning

				when the first VM is started in a

				potentially insecure configuration,

				i.e. SMT enabled or L1D flush disabled.



			flush,nosmt



				Disables SMT and enables the default

				hypervisor mitigation.



				SMT control and L1D flush control via the

				sysfs interface is still possible after

				boot.  Hypervisors will issue a warning

				when the first VM is started in a

				potentially insecure configuration,

				i.e. SMT enabled or L1D flush disabled.



			flush,nowarn

				Same as 'flush', but hypervisors will not

				warn when a VM is started in a potentially

				insecure configuration.



			off

				Disables hypervisor mitigations and doesn't

				emit any warnings.



			Default is 'flush'.



			For details see: Documentation/admin-guide/l1tf.rst



	l2cr=		[PPC]



	l3cr=		[PPC]
@@ -2706,6 +2780,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 
	nosmt		[KNL,S390] Disable symmetric multithreading (SMT).

			Equivalent to smt=1.



			[KNL,x86] Disable symmetric multithreading (SMT).

			nosmt=force: Force disable SMT, cannot be undone

				     via the sysfs control file.



	nospectre_v2	[X86] Disable all mitigations for the Spectre variant 2

			(indirect branch prediction) vulnerability. System may

			allow data leaks with this option, which is equivalent

Documentation/l1tf.rst

0 → 100644
+610 −0

File added.

Preview size limit exceeded, changes collapsed.

Documentation/virtual/kvm/api.txt

+28 −12
Original line number Diff line number Diff line
@@ -122,14 +122,15 @@ KVM_CAP_S390_UCONTROL and use the flag KVM_VM_S390_UCONTROL as 
privileged user (CAP_SYS_ADMIN).





4.3 KVM_GET_MSR_INDEX_LIST

4.3 KVM_GET_MSR_INDEX_LIST, KVM_GET_MSR_FEATURE_INDEX_LIST



Capability: basic

Capability: basic, KVM_CAP_GET_MSR_FEATURES for KVM_GET_MSR_FEATURE_INDEX_LIST

Architectures: x86

Type: system

Type: system ioctl

Parameters: struct kvm_msr_list (in/out)

Returns: 0 on success; -1 on error

Errors:

  EFAULT:    the msr index list cannot be read from or written to

  E2BIG:     the msr index list is to be to fit in the array specified by

             the user.
@@ -138,16 +139,23 @@ struct kvm_msr_list { 
	__u32 indices[0];

};



This ioctl returns the guest msrs that are supported.  The list varies

by kvm version and host processor, but does not change otherwise.  The

user fills in the size of the indices array in nmsrs, and in return

kvm adjusts nmsrs to reflect the actual number of msrs and fills in

the indices array with their numbers.

The user fills in the size of the indices array in nmsrs, and in return

kvm adjusts nmsrs to reflect the actual number of msrs and fills in the

indices array with their numbers.



KVM_GET_MSR_INDEX_LIST returns the guest msrs that are supported.  The list

varies by kvm version and host processor, but does not change otherwise.



Note: if kvm indicates supports MCE (KVM_CAP_MCE), then the MCE bank MSRs are

not returned in the MSR list, as different vcpus can have a different number

of banks, as set via the KVM_X86_SETUP_MCE ioctl.



KVM_GET_MSR_FEATURE_INDEX_LIST returns the list of MSRs that can be passed

to the KVM_GET_MSRS system ioctl.  This lets userspace probe host capabilities

and processor features that are exposed via MSRs (e.g., VMX capabilities).

This list also varies by kvm version and host processor, but does not change

otherwise.





4.4 KVM_CHECK_EXTENSION
@@ -474,14 +482,22 @@ Support for this has been removed. Use KVM_SET_GUEST_DEBUG instead. 


4.18 KVM_GET_MSRS



Capability: basic

Capability: basic (vcpu), KVM_CAP_GET_MSR_FEATURES (system)

Architectures: x86

Type: vcpu ioctl

Type: system ioctl, vcpu ioctl

Parameters: struct kvm_msrs (in/out)

Returns: 0 on success, -1 on error

Returns: number of msrs successfully returned;

        -1 on error



When used as a system ioctl:

Reads the values of MSR-based features that are available for the VM.  This

is similar to KVM_GET_SUPPORTED_CPUID, but it returns MSR indices and values.

The list of msr-based features can be obtained using KVM_GET_MSR_FEATURE_INDEX_LIST

in a system ioctl.



When used as a vcpu ioctl:

Reads model-specific registers from the vcpu.  Supported msr indices can

be obtained using KVM_GET_MSR_INDEX_LIST.

be obtained using KVM_GET_MSR_INDEX_LIST in a system ioctl.



struct kvm_msrs {

	__u32 nmsrs; /* number of msrs in entries */