Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1ee0801d authored by qctecmdr's avatar qctecmdr Committed by Gerrit - the friendly Code Review server
Browse files

Merge "Merge android-5.4.5 (9cdc723) into msm-5.4"

parents 187d2284 e79e0298
Loading
Loading
Loading
Loading
+5 −2
Original line number Diff line number Diff line
@@ -265,8 +265,11 @@ time with the option "mds=". The valid arguments for this option are:

  ============  =============================================================

Not specifying this option is equivalent to "mds=full".

Not specifying this option is equivalent to "mds=full". For processors
that are affected by both TAA (TSX Asynchronous Abort) and MDS,
specifying just "mds=off" without an accompanying "tsx_async_abort=off"
will have no effect as the same mitigation is used for both
vulnerabilities.

Mitigation selection guide
--------------------------
+4 −1
Original line number Diff line number Diff line
@@ -174,7 +174,10 @@ the option "tsx_async_abort=". The valid arguments for this option are:
                CPU is not vulnerable to cross-thread TAA attacks.
  ============  =============================================================

Not specifying this option is equivalent to "tsx_async_abort=full".
Not specifying this option is equivalent to "tsx_async_abort=full". For
processors that are affected by both TAA and MDS, specifying just
"tsx_async_abort=off" without an accompanying "mds=off" will have no
effect as the same mitigation is used for both vulnerabilities.

The kernel command line also allows to control the TSX feature using the
parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used
+23 −10
Original line number Diff line number Diff line
@@ -2477,6 +2477,12 @@
				     SMT on vulnerable CPUs
			off        - Unconditionally disable MDS mitigation

			On TAA-affected machines, mds=off can be prevented by
			an active TAA mitigation as both vulnerabilities are
			mitigated with the same mechanism so in order to disable
			this mitigation, you need to specify tsx_async_abort=off
			too.

			Not specifying this option is equivalent to
			mds=full.

@@ -4941,6 +4947,11 @@
				     vulnerable to cross-thread TAA attacks.
			off        - Unconditionally disable TAA mitigation

			On MDS-affected machines, tsx_async_abort=off can be
			prevented by an active MDS mitigation as both vulnerabilities
			are mitigated with the same mechanism so in order to disable
			this mitigation, you need to specify mds=off too.

			Not specifying this option is equivalent to
			tsx_async_abort=full.  On CPUs which are MDS affected
			and deploy MDS mitigation, TAA mitigation is not
@@ -5100,13 +5111,13 @@
			Flags is a set of characters, each corresponding
			to a common usb-storage quirk flag as follows:
				a = SANE_SENSE (collect more than 18 bytes
					of sense data);
					of sense data, not on uas);
				b = BAD_SENSE (don't collect more than 18
					bytes of sense data);
					bytes of sense data, not on uas);
				c = FIX_CAPACITY (decrease the reported
					device capacity by one sector);
				d = NO_READ_DISC_INFO (don't use
					READ_DISC_INFO command);
					READ_DISC_INFO command, not on uas);
				e = NO_READ_CAPACITY_16 (don't use
					READ_CAPACITY_16 command);
				f = NO_REPORT_OPCODES (don't use report opcodes
@@ -5121,17 +5132,18 @@
				j = NO_REPORT_LUNS (don't use report luns
					command, uas only);
				l = NOT_LOCKABLE (don't try to lock and
					unlock ejectable media);
					unlock ejectable media, not on uas);
				m = MAX_SECTORS_64 (don't transfer more
					than 64 sectors = 32 KB at a time);
					than 64 sectors = 32 KB at a time,
					not on uas);
				n = INITIAL_READ10 (force a retry of the
					initial READ(10) command);
					initial READ(10) command, not on uas);
				o = CAPACITY_OK (accept the capacity
					reported by the device);
					reported by the device, not on uas);
				p = WRITE_CACHE (the device cache is ON
					by default);
					by default, not on uas);
				r = IGNORE_RESIDUE (the device reports
					bogus residue values);
					bogus residue values, not on uas);
				s = SINGLE_LUN (the device has only one
					Logical Unit);
				t = NO_ATA_1X (don't allow ATA(12) and ATA(16)
@@ -5140,7 +5152,8 @@
				w = NO_WP_DETECT (don't test whether the
					medium is write-protected).
				y = ALWAYS_SYNC (issue a SYNCHRONIZE_CACHE
					even if the device claims no cache)
					even if the device claims no cache,
					not on uas)
			Example: quirks=0419:aaf5:rl,0421:0433:rc

	user_debug=	[KNL,ARM]
+13 −0
Original line number Diff line number Diff line
@@ -939,6 +939,19 @@ ip_local_reserved_ports - list of comma separated ranges

	Default: Empty

ip_local_unbindable_ports - list of comma separated ranges
	Specify the ports which are not directly bind()able.

	Usually you would use this to block the use of ports which
	are invalid due to something outside of the control of the
	kernel.  For example a port stolen by the nic for serial
	console, remote power management or debugging.

	There's a relatively high chance you will also want to list
	these ports in 'ip_local_reserved_ports' to prevent autobinding.

	Default: Empty

ip_unprivileged_port_start - INTEGER
	This is a per-namespace sysctl.  It defines the first
	unprivileged port in the network namespace.  Privileged ports
+62 −2
Original line number Diff line number Diff line
# SPDX-License-Identifier: GPL-2.0
VERSION = 5
PATCHLEVEL = 4
SUBLEVEL = 0
SUBLEVEL = 5
EXTRAVERSION =
NAME = Kleptomaniac Octopus

@@ -662,6 +662,16 @@ RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc
export RETPOLINE_CFLAGS
export RETPOLINE_VDSO_CFLAGS

# Make toolchain changes before including arch/$(SRCARCH)/Makefile to ensure
# ar/cc/ld-* macros return correct values.
ifdef CONFIG_LTO_CLANG
# LTO produces LLVM IR instead of object files. Use llvm-ar and llvm-nm, so we
# can process these.
AR		:= llvm-ar
LLVM_NM		:= llvm-nm
export LLVM_NM
endif

include arch/$(SRCARCH)/Makefile

ifdef need-config
@@ -860,6 +870,55 @@ ifdef CONFIG_LIVEPATCH
KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone)
endif

ifdef CONFIG_SHADOW_CALL_STACK
CC_FLAGS_SCS	:= -fsanitize=shadow-call-stack
KBUILD_CFLAGS	+= $(CC_FLAGS_SCS)
export CC_FLAGS_SCS
endif

ifdef CONFIG_LTO_CLANG
ifdef CONFIG_THINLTO
CC_FLAGS_LTO_CLANG := -flto=thin $(call cc-option, -fsplit-lto-unit)
KBUILD_LDFLAGS	+= --thinlto-cache-dir=.thinlto-cache
else
CC_FLAGS_LTO_CLANG := -flto
endif
CC_FLAGS_LTO_CLANG += -fvisibility=default

# Limit inlining across translation units to reduce binary size
LD_FLAGS_LTO_CLANG := -mllvm -import-instr-limit=5

KBUILD_LDFLAGS += $(LD_FLAGS_LTO_CLANG)
KBUILD_LDFLAGS_MODULE += $(LD_FLAGS_LTO_CLANG)

KBUILD_LDS_MODULE += $(srctree)/scripts/module-lto.lds
endif

ifdef CONFIG_LTO
CC_FLAGS_LTO	:= $(CC_FLAGS_LTO_CLANG)
KBUILD_CFLAGS	+= $(CC_FLAGS_LTO)
export CC_FLAGS_LTO
endif

ifdef CONFIG_CFI_CLANG
CC_FLAGS_CFI	:= -fsanitize=cfi \
		   -fno-sanitize-cfi-canonical-jump-tables

ifdef CONFIG_MODULES
CC_FLAGS_CFI	+= -fsanitize-cfi-cross-dso
endif

ifdef CONFIG_CFI_PERMISSIVE
CC_FLAGS_CFI	+= -fsanitize-recover=cfi \
		   -fno-sanitize-trap=cfi
endif

# If LTO flags are filtered out, we must also filter out CFI.
CC_FLAGS_LTO	+= $(CC_FLAGS_CFI)
KBUILD_CFLAGS	+= $(CC_FLAGS_CFI)
export CC_FLAGS_CFI
endif

# arch Makefile may override CC so keep this after arch Makefile is included
NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)

@@ -1695,7 +1754,8 @@ clean: $(clean-dirs)
		-o -name modules.builtin -o -name '.tmp_*.o.*' \
		-o -name '*.c.[012]*.*' \
		-o -name '*.ll' \
		-o -name '*.gcno' \) -type f -print | xargs rm -f
		-o -name '*.gcno' \
		-o -name '*.*.symversions' \) -type f -print | xargs rm -f

# Generate tags for editors
# ---------------------------------------------------------------------------
Loading