Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4c9e0a9b authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge 4.14.43 into android-4.14 



Changes in 4.14.43
	usbip: usbip_host: refine probe and disconnect debug msgs to be useful
	usbip: usbip_host: delete device from busid_table after rebind
	usbip: usbip_host: run rebind from exit when module is removed
	usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
	usbip: usbip_host: fix bad unlock balance during stub_probe()
	ALSA: usb: mixer: volume quirk for CM102-A+/102S+
	ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
	ALSA: control: fix a redundant-copy issue
	spi: pxa2xx: Allow 64-bit DMA
	spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
	spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
	KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
	KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
	powerpc: Don't preempt_disable() in show_cpuinfo()
	vfio: ccw: fix cleanup if cp_prefetch fails
	tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
	tee: shm: fix use-after-free via temporarily dropped reference
	netfilter: nf_tables: free set name in error path
	netfilter: nf_tables: can't fail after linking rule into active rule list
	netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
	i2c: designware: fix poll-after-enable regression
	powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
	drm: Match sysfs name in link removal to link creation
	lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
	radix tree: fix multi-order iteration race
	mm: don't allow deferred pages with NEED_PER_CPU_KM
	drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
	s390/qdio: fix access to uninitialized qdio_q fields
	s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
	s390/qdio: don't release memory in qdio_setup_irq()
	s390: remove indirect branch from do_softirq_own_stack
	x86/pkeys: Override pkey when moving away from PROT_EXEC
	x86/pkeys: Do not special case protection key 0
	efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
	ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
	x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
	tick/broadcast: Use for_each_cpu() specially on UP kernels
	ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
	ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
	ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
	Btrfs: fix xattr loss after power failure
	Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
	btrfs: property: Set incompat flag if lzo/zstd compression is set
	btrfs: fix crash when trying to resume balance without the resume flag
	btrfs: Split btrfs_del_delalloc_inode into 2 functions
	btrfs: Fix delalloc inodes invalidation during transaction abort
	btrfs: fix reading stale metadata blocks after degraded raid1 mounts
	x86/nospec: Simplify alternative_msr_write()
	x86/bugs: Concentrate bug detection into a separate function
	x86/bugs: Concentrate bug reporting into a separate function
	x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
	x86/bugs, KVM: Support the combination of guest and host IBRS
	x86/bugs: Expose /sys/../spec_store_bypass
	x86/cpufeatures: Add X86_FEATURE_RDS
	x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
	x86/bugs/intel: Set proper CPU features and setup RDS
	x86/bugs: Whitelist allowed SPEC_CTRL MSR values
	x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
	x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
	x86/speculation: Create spec-ctrl.h to avoid include hell
	prctl: Add speculation control prctls
	x86/process: Allow runtime control of Speculative Store Bypass
	x86/speculation: Add prctl for Speculative Store Bypass mitigation
	nospec: Allow getting/setting on non-current task
	proc: Provide details on speculation flaw mitigations
	seccomp: Enable speculation flaw mitigations
	x86/bugs: Make boot modes __ro_after_init
	prctl: Add force disable speculation
	seccomp: Use PR_SPEC_FORCE_DISABLE
	seccomp: Add filter flag to opt-out of SSB mitigation
	seccomp: Move speculation migitation control to arch code
	x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
	x86/bugs: Rename _RDS to _SSBD
	proc: Use underscores for SSBD in 'status'
	Documentation/spec_ctrl: Do some minor cleanups
	x86/bugs: Fix __ssb_select_mitigation() return type
	x86/bugs: Make cpu_show_common() static
	x86/bugs: Fix the parameters alignment and missing void
	x86/cpu: Make alternative_msr_write work for 32-bit code
	KVM: SVM: Move spec control call after restore of GS
	x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
	x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
	x86/cpufeatures: Disentangle SSBD enumeration
	x86/cpufeatures: Add FEATURE_ZEN
	x86/speculation: Handle HT correctly on AMD
	x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
	x86/speculation: Add virtualized speculative store bypass disable support
	x86/speculation: Rework speculative_store_bypass_update()
	x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
	x86/bugs: Expose x86_spec_ctrl_base directly
	x86/bugs: Remove x86_spec_ctrl_set()
	x86/bugs: Rework spec_ctrl base and mask logic
	x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
	KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
	x86/bugs: Rename SSBD_NO to SSB_NO
	Linux 4.14.43

Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
parents 2b59cb77 1dff0848

Documentation/ABI/testing/sysfs-devices-system-cpu

+1 −0
Original line number Diff line number Diff line
@@ -378,6 +378,7 @@ What: /sys/devices/system/cpu/vulnerabilities 
		/sys/devices/system/cpu/vulnerabilities/meltdown

		/sys/devices/system/cpu/vulnerabilities/spectre_v1

		/sys/devices/system/cpu/vulnerabilities/spectre_v2

		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass

Date:		January 2018

Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>

Description:	Information about CPU vulnerabilities

Documentation/admin-guide/kernel-parameters.txt

+45 −0
Original line number Diff line number Diff line
@@ -2603,6 +2603,9 @@ 
			allow data leaks with this option, which is equivalent

			to spectre_v2=off.



	nospec_store_bypass_disable

			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability



	noxsave		[BUGS=X86] Disables x86 extended register state save

			and restore using xsave. The kernel will fallback to

			enabling legacy floating-point and sse state.
@@ -3933,6 +3936,48 @@ 
			Not specifying this option is equivalent to

			spectre_v2=auto.



	spec_store_bypass_disable=

			[HW] Control Speculative Store Bypass (SSB) Disable mitigation

			(Speculative Store Bypass vulnerability)



			Certain CPUs are vulnerable to an exploit against a

			a common industry wide performance optimization known

			as "Speculative Store Bypass" in which recent stores

			to the same memory location may not be observed by

			later loads during speculative execution. The idea

			is that such stores are unlikely and that they can

			be detected prior to instruction retirement at the

			end of a particular speculation execution window.



			In vulnerable processors, the speculatively forwarded

			store can be used in a cache side channel attack, for

			example to read memory to which the attacker does not

			directly have access (e.g. inside sandboxed code).



			This parameter controls whether the Speculative Store

			Bypass optimization is used.



			on      - Unconditionally disable Speculative Store Bypass

			off     - Unconditionally enable Speculative Store Bypass

			auto    - Kernel detects whether the CPU model contains an

				  implementation of Speculative Store Bypass and

				  picks the most appropriate mitigation. If the

				  CPU is not vulnerable, "off" is selected. If the

				  CPU is vulnerable the default mitigation is

				  architecture and Kconfig dependent. See below.

			prctl   - Control Speculative Store Bypass per thread

				  via prctl. Speculative Store Bypass is enabled

				  for a process by default. The state of the control

				  is inherited on fork.

			seccomp - Same as "prctl" above, but all seccomp threads

				  will disable SSB unless they explicitly opt out.



			Not specifying this option is equivalent to

			spec_store_bypass_disable=auto.



			Default mitigations:

			X86:	If CONFIG_SECCOMP=y "seccomp", otherwise "prctl"



	spia_io_base=	[HW,MTD]

	spia_fio_base=

	spia_pedr=

Documentation/userspace-api/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ place where this information is gathered. 
   no_new_privs

   seccomp_filter

   unshare

   spec_ctrl



.. only::  subproject and html

Documentation/userspace-api/spec_ctrl.rst

0 → 100644
+94 −0
Original line number Diff line number Diff line 
===================

Speculation Control

===================



Quite some CPUs have speculation-related misfeatures which are in

fact vulnerabilities causing data leaks in various forms even across

privilege domains.



The kernel provides mitigation for such vulnerabilities in various

forms. Some of these mitigations are compile-time configurable and some

can be supplied on the kernel command line.



There is also a class of mitigations which are very expensive, but they can

be restricted to a certain set of processes or tasks in controlled

environments. The mechanism to control these mitigations is via

:manpage:`prctl(2)`.



There are two prctl options which are related to this:



 * PR_GET_SPECULATION_CTRL



 * PR_SET_SPECULATION_CTRL



PR_GET_SPECULATION_CTRL

-----------------------



PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature

which is selected with arg2 of prctl(2). The return value uses bits 0-3 with

the following meaning:



==== ===================== ===================================================

Bit  Define                Description

==== ===================== ===================================================

0    PR_SPEC_PRCTL         Mitigation can be controlled per task by

                           PR_SET_SPECULATION_CTRL.

1    PR_SPEC_ENABLE        The speculation feature is enabled, mitigation is

                           disabled.

2    PR_SPEC_DISABLE       The speculation feature is disabled, mitigation is

                           enabled.

3    PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A

                           subsequent prctl(..., PR_SPEC_ENABLE) will fail.

==== ===================== ===================================================



If all bits are 0 the CPU is not affected by the speculation misfeature.



If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is

available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation

misfeature will fail.



PR_SET_SPECULATION_CTRL

-----------------------



PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which

is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand

in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or

PR_SPEC_FORCE_DISABLE.



Common error codes

------------------

======= =================================================================

Value   Meaning

======= =================================================================

EINVAL  The prctl is not implemented by the architecture or unused

        prctl(2) arguments are not 0.



ENODEV  arg2 is selecting a not supported speculation misfeature.

======= =================================================================



PR_SET_SPECULATION_CTRL error codes

-----------------------------------

======= =================================================================

Value   Meaning

======= =================================================================

0       Success



ERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor

        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.



ENXIO   Control of the selected speculation misfeature is not possible.

        See PR_GET_SPECULATION_CTRL.



EPERM   Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller

        tried to enable it again.

======= =================================================================



Speculation misfeature controls

-------------------------------

- PR_SPEC_STORE_BYPASS: Speculative Store Bypass



  Invocations:

   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);

Makefile

+1 −1
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

VERSION = 4

PATCHLEVEL = 14

SUBLEVEL = 42

SUBLEVEL = 43

EXTRAVERSION =

NAME = Petit Gorille