Merge 4.19.266 into android-4.19-stable

	retain_initrd	[RAM] Keep initrd memory after extraction

	retbleed=	[X86] Control mitigation of RETBleed (Arbitrary

			Speculative Code Execution with Return Instructions)

			vulnerability.

			off         - unconditionally disable

			auto        - automatically select a migitation

			Selecting 'auto' will choose a mitigation method at run

			time according to the CPU.

			Not specifying this option is equivalent to retbleed=auto.

	rfkill.default_state=

		0	"airplane mode".  All wifi, bluetooth, wimax, gps, fm,

			etc. communication is blocked by default.

			eibrs		  - enhanced IBRS

			eibrs,retpoline   - enhanced IBRS + Retpolines

			eibrs,lfence      - enhanced IBRS + LFENCE

			ibrs		  - use IBRS to protect kernel

			Not specifying this option is equivalent to

			spectre_v2=auto.

# SPDX-License-Identifier: GPL-2.0

VERSION = 4

PATCHLEVEL = 19

SUBLEVEL = 265

SUBLEVEL = 266

EXTRAVERSION =

NAME = "People's Front"

#include <asm/percpu.h>

#include <asm/asm-offsets.h>

#include <asm/processor-flags.h>

#include <asm/msr.h>

#include <asm/nospec-branch.h>

/*

.endm

.macro POP_REGS pop_rdi=1 skip_r11rcx=0

.macro POP_REGS pop_rdi=1

	popq %r15

	popq %r14

	popq %r13

	popq %r12

	popq %rbp

	popq %rbx

	.if \skip_r11rcx

	popq %rsi

	.else

	popq %r11

	.endif

	popq %r10

	popq %r9

	popq %r8

	popq %rax

	.if \skip_r11rcx

	popq %rsi

	.else

	popq %rcx

	.endif

	popq %rdx

	popq %rsi

	.if \pop_rdi

#endif

/*

 * IBRS kernel mitigation for Spectre_v2.

 *

 * Assumes full context is established (PUSH_REGS, CR3 and GS) and it clobbers

 * the regs it uses (AX, CX, DX). Must be called before the first RET

 * instruction (NOTE! UNTRAIN_RET includes a RET instruction)

 *

 * The optional argument is used to save/restore the current value,

 * which is used on the paranoid paths.

 *

 * Assumes x86_spec_ctrl_{base,current} to have SPEC_CTRL_IBRS set.

 */

.macro IBRS_ENTER save_reg

	ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_KERNEL_IBRS

	movl	$MSR_IA32_SPEC_CTRL, %ecx

.ifnb \save_reg

	rdmsr

	shl	$32, %rdx

	or	%rdx, %rax

	mov	%rax, \save_reg

	test	$SPEC_CTRL_IBRS, %eax

	jz	.Ldo_wrmsr_\@

	lfence

	jmp	.Lend_\@

.Ldo_wrmsr_\@:

.endif

	movq	PER_CPU_VAR(x86_spec_ctrl_current), %rdx

	movl	%edx, %eax

	shr	$32, %rdx

	wrmsr

.Lend_\@:

.endm

/*

 * Similar to IBRS_ENTER, requires KERNEL GS,CR3 and clobbers (AX, CX, DX)

 * regs. Must be called after the last RET.

 */

.macro IBRS_EXIT save_reg

	ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_KERNEL_IBRS

	movl	$MSR_IA32_SPEC_CTRL, %ecx

.ifnb \save_reg

	mov	\save_reg, %rdx

.else

	movq	PER_CPU_VAR(x86_spec_ctrl_current), %rdx

	andl	$(~SPEC_CTRL_IBRS), %edx

.endif

	movl	%edx, %eax

	shr	$32, %rdx

	wrmsr

.Lend_\@:

.endm

/*

 * Mitigate Spectre v1 for conditional swapgs code paths.

 *

	movl	%ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset

#endif

#ifdef CONFIG_RETPOLINE

	/*

	 * When switching from a shallower to a deeper call stack

	 * the RSB may either underflow or use entries populated

	 * speculative execution to prevent attack.

	 */

	FILL_RETURN_BUFFER %ebx, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW

#endif

	/* restore callee-saved registers */

	popfl

	/* IRQs are off. */

	movq	%rax, %rdi

	movq	%rsp, %rsi

	/* clobbers %rax, make sure it is after saving the syscall nr */

	IBRS_ENTER

	call	do_syscall_64		/* returns with IRQs disabled */

	TRACE_IRQS_IRETQ		/* we're about to change IF */

	 * perf profiles. Nothing jumps here.

	 */

syscall_return_via_sysret:

	/* rcx and r11 are already restored (see code above) */

	POP_REGS pop_rdi=0 skip_r11rcx=1

	IBRS_EXIT

	POP_REGS pop_rdi=0

	/*

	 * Now all regs are restored except RSP and RDI.

	movq	%rbx, PER_CPU_VAR(irq_stack_union)+stack_canary_offset

#endif

#ifdef CONFIG_RETPOLINE

	/*

	 * When switching from a shallower to a deeper call stack

	 * the RSB may either underflow or use entries populated

	 * speculative execution to prevent attack.

	 */

	FILL_RETURN_BUFFER %r12, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW

#endif

	/* restore callee-saved registers */

	popfq

	TRACE_IRQS_IRETQ

GLOBAL(swapgs_restore_regs_and_return_to_usermode)

	IBRS_EXIT

#ifdef CONFIG_DEBUG_ENTRY

	/* Assert that pt_regs indicates user mode. */

	testb	$3, CS(%rsp)

	 */

	FENCE_SWAPGS_KERNEL_ENTRY

	ret

	/*

	 * Once we have CR3 and %GS setup save and set SPEC_CTRL. Just like

	 * CR3 above, keep the old value in a callee saved register.

	 */

	IBRS_ENTER save_reg=%r15

	RET

END(paranoid_entry)

/*

	jmp	.Lparanoid_exit_restore

.Lparanoid_exit_no_swapgs:

	TRACE_IRQS_IRETQ_DEBUG

	/*

	 * Must restore IBRS state before both CR3 and %GS since we need access

	 * to the per-CPU x86_spec_ctrl_shadow variable.

	 */

	IBRS_EXIT save_reg=%r15

	/* Always restore stashed CR3 value (see paranoid_entry) */

	RESTORE_CR3	scratch_reg=%rbx save_reg=%r14

.Lparanoid_exit_restore:

	jmp restore_regs_and_return_to_kernel

END(paranoid_exit)

/*

 * Save all registers in pt_regs, and switch GS if needed.

 */

	FENCE_SWAPGS_USER_ENTRY

	/* We have user CR3.  Change to kernel CR3. */

	SWITCH_TO_KERNEL_CR3 scratch_reg=%rax

	IBRS_ENTER

.Lerror_entry_from_usermode_after_swapgs:

	/* Put us onto the real thread stack. */

	SWAPGS

	FENCE_SWAPGS_USER_ENTRY

	SWITCH_TO_KERNEL_CR3 scratch_reg=%rax

	IBRS_ENTER

	/*

	 * Pretend that the exception came from user mode: set up pt_regs

	PUSH_AND_CLEAR_REGS rdx=(%rdx)

	ENCODE_FRAME_POINTER

	IBRS_ENTER

	/*

	 * At this point we no longer need to worry about stack damage

	 * due to nesting -- we're on the normal thread stack and we're

	movq	$-1, %rsi

	call	do_nmi

	/* Always restore stashed SPEC_CTRL value (see paranoid_entry) */

	IBRS_EXIT save_reg=%r15

	/* Always restore stashed CR3 value (see paranoid_entry) */

	RESTORE_CR3 scratch_reg=%r15 save_reg=%r14