Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8629d9bd authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge 4.14.86 into android-4.14-p 



Changes in 4.14.86
	mm/huge_memory: rename freeze_page() to unmap_page()
	mm/huge_memory.c: reorder operations in __split_huge_page_tail()
	mm/huge_memory: splitting set mapping+index before unfreeze
	mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
	mm/khugepaged: collapse_shmem() stop if punched or truncated
	mm/khugepaged: fix crashes due to misaccounted holes
	mm/khugepaged: collapse_shmem() remember to clear holes
	mm/khugepaged: minor reorderings in collapse_shmem()
	mm/khugepaged: collapse_shmem() without freezing new_page
	mm/khugepaged: collapse_shmem() do not crash on Compound
	media: em28xx: Fix use-after-free when disconnecting
	ubi: Initialize Fastmap checkmapping correctly
	libceph: store ceph_auth_handshake pointer in ceph_connection
	libceph: factor out __prepare_write_connect()
	libceph: factor out __ceph_x_decrypt()
	libceph: factor out encrypt_authorizer()
	libceph: add authorizer challenge
	libceph: implement CEPHX_V2 calculation mode
	bpf: Prevent memory disambiguation attack
	tls: Add function to update the TLS socket configuration
	tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used.
	tls: Avoid copying crypto_info again after cipher_type check.
	tls: don't override sk_write_space if tls_set_sw_offload fails.
	tls: Use correct sk->sk_prot for IPV6
	net/tls: Fixed return value when tls_complete_pending_work() fails
	wil6210: missing length check in wmi_set_ie
	btrfs: validate type when reading a chunk
	btrfs: Verify that every chunk has corresponding block group at mount time
	btrfs: Refactor check_leaf function for later expansion
	btrfs: Check if item pointer overlaps with the item itself
	btrfs: Add sanity check for EXTENT_DATA when reading out leaf
	btrfs: Add checker for EXTENT_CSUM
	btrfs: Move leaf and node validation checker to tree-checker.c
	btrfs: tree-checker: Enhance btrfs_check_node output
	btrfs: tree-checker: Fix false panic for sanity test
	btrfs: tree-checker: Add checker for dir item
	btrfs: tree-checker: use %zu format string for size_t
	btrfs: tree-check: reduce stack consumption in check_dir_item
	btrfs: tree-checker: Verify block_group_item
	btrfs: tree-checker: Detect invalid and empty essential trees
	btrfs: Check that each block group has corresponding chunk at mount time
	btrfs: tree-checker: Check level for leaves and nodes
	btrfs: tree-checker: Fix misleading group system information
	f2fs: check blkaddr more accuratly before issue a bio
	f2fs: sanity check on sit entry
	f2fs: enhance sanity_check_raw_super() to avoid potential overflow
	f2fs: clean up with is_valid_blkaddr()
	f2fs: introduce and spread verify_blkaddr
	f2fs: fix to do sanity check with secs_per_zone
	f2fs: Add sanity_check_inode() function
	f2fs: fix to do sanity check with extra_attr feature
	f2fs: fix to do sanity check with user_block_count
	f2fs: fix to do sanity check with node footer and iblocks
	f2fs: fix to do sanity check with block address in main area
	f2fs: fix to do sanity check with i_extra_isize
	f2fs: fix to do sanity check with cp_pack_start_sum
	xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
	Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()"
	net: skb_scrub_packet(): Scrub offload_fwd_mark
	net: thunderx: set xdp_prog to NULL if bpf_prog_add fails
	virtio-net: disable guest csum during XDP set
	virtio-net: fail XDP set if guest csum is negotiated
	net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
	packet: copy user buffers before orphan or clone
	rapidio/rionet: do not free skb before reading its length
	s390/qeth: fix length check in SNMP processing
	usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
	sched/core: Fix cpu.max vs. cpuhotplug deadlock
	x86/bugs: Add AMD's variant of SSB_NO
	x86/bugs: Add AMD's SPEC_CTRL MSR usage
	x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
	x86/bugs: Update when to check for the LS_CFG SSBD mitigation
	x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
	x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
	x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
	x86/speculation: Propagate information about RSB filling mitigation to sysfs
	x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
	x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
	x86/retpoline: Remove minimal retpoline support
	x86/speculation: Update the TIF_SSBD comment
	x86/speculation: Clean up spectre_v2_parse_cmdline()
	x86/speculation: Remove unnecessary ret variable in cpu_show_common()
	x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
	x86/speculation: Disable STIBP when enhanced IBRS is in use
	x86/speculation: Rename SSBD update functions
	x86/speculation: Reorganize speculation control MSRs update
	sched/smt: Make sched_smt_present track topology
	x86/Kconfig: Select SCHED_SMT if SMP enabled
	sched/smt: Expose sched_smt_present static key
	x86/speculation: Rework SMT state change
	x86/l1tf: Show actual SMT state
	x86/speculation: Reorder the spec_v2 code
	x86/speculation: Mark string arrays const correctly
	x86/speculataion: Mark command line parser data __initdata
	x86/speculation: Unify conditional spectre v2 print functions
	x86/speculation: Add command line control for indirect branch speculation
	x86/speculation: Prepare for per task indirect branch speculation control
	x86/process: Consolidate and simplify switch_to_xtra() code
	x86/speculation: Avoid __switch_to_xtra() calls
	x86/speculation: Prepare for conditional IBPB in switch_mm()
	ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
	x86/speculation: Split out TIF update
	x86/speculation: Prevent stale SPEC_CTRL msr content
	x86/speculation: Prepare arch_smt_update() for PRCTL mode
	x86/speculation: Add prctl() control for indirect branch speculation
	x86/speculation: Enable prctl mode for spectre_v2_user
	x86/speculation: Add seccomp Spectre v2 user space protection mode
	x86/speculation: Provide IBPB always command line options
	kvm: mmu: Fix race in emulated page table writes
	kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
	KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
	KVM: X86: Fix scan ioapic use-before-initialization
	xtensa: enable coprocessors that are being flushed
	xtensa: fix coprocessor context offset definitions
	xtensa: fix coprocessor part of ptrace_{get,set}xregs
	Btrfs: ensure path name is null terminated at btrfs_control_ioctl
	btrfs: relocation: set trans to be NULL after ending transaction
	PCI: layerscape: Fix wrong invocation of outbound window disable accessor
	arm64: dts: rockchip: Fix PCIe reset polarity for rk3399-puma-haikou.
	x86/MCE/AMD: Fix the thresholding machinery initialization order
	x86/fpu: Disable bottom halves while loading FPU registers
	perf/x86/intel: Move branch tracing setup to the Intel-specific source file
	perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
	fs: fix lost error code in dio_complete
	ALSA: wss: Fix invalid snd_free_pages() at error path
	ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
	ALSA: control: Fix race between adding and removing a user element
	ALSA: sparc: Fix invalid snd_free_pages() at error path
	ALSA: hda/realtek - Support ALC300
	ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
	ext2: fix potential use after free
	ARM: dts: rockchip: Remove @0 from the veyron memory node
	dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
	dmaengine: at_hdmac: fix module unloading
	btrfs: release metadata before running delayed refs
	staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION
	staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station
	USB: usb-storage: Add new IDs to ums-realtek
	usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
	Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
	iio:st_magn: Fix enable device after trigger
	lib/test_kmod.c: fix rmmod double free
	mm: use swp_offset as key in shmem_replace_page()
	Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
	misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
	binder: fix race that allows malicious free of live buffer
	libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
	libceph: check authorizer reply/challenge length before reading
	f2fs: fix missing up_read
	Linux 4.14.86

Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
parents e48b7f2d 7152401a

Documentation/admin-guide/kernel-parameters.txt

+54 −2
Original line number Diff line number Diff line
@@ -3997,9 +3997,13 @@ 


	spectre_v2=	[X86] Control mitigation of Spectre variant 2

			(indirect branch speculation) vulnerability.

			The default operation protects the kernel from

			user space attacks.



			on   - unconditionally enable

			off  - unconditionally disable

			on   - unconditionally enable, implies

			       spectre_v2_user=on

			off  - unconditionally disable, implies

			       spectre_v2_user=off

			auto - kernel detects whether your CPU model is

			       vulnerable
@@ -4009,6 +4013,12 @@ 
			CONFIG_RETPOLINE configuration option, and the

			compiler with which the kernel was built.



			Selecting 'on' will also enable the mitigation

			against user space to user space task attacks.



			Selecting 'off' will disable both the kernel and

			the user space protections.



			Specific mitigations can also be selected manually:



			retpoline	  - replace indirect branches
@@ -4018,6 +4028,48 @@ 
			Not specifying this option is equivalent to

			spectre_v2=auto.



	spectre_v2_user=

			[X86] Control mitigation of Spectre variant 2

		        (indirect branch speculation) vulnerability between

		        user space tasks



			on	- Unconditionally enable mitigations. Is

				  enforced by spectre_v2=on



			off     - Unconditionally disable mitigations. Is

				  enforced by spectre_v2=off



			prctl   - Indirect branch speculation is enabled,

				  but mitigation can be enabled via prctl

				  per thread.  The mitigation control state

				  is inherited on fork.



			prctl,ibpb

				- Like "prctl" above, but only STIBP is

				  controlled per thread. IBPB is issued

				  always when switching between different user

				  space processes.



			seccomp

				- Same as "prctl" above, but all seccomp

				  threads will enable the mitigation unless

				  they explicitly opt out.



			seccomp,ibpb

				- Like "seccomp" above, but only STIBP is

				  controlled per thread. IBPB is issued

				  always when switching between different

				  user space processes.



			auto    - Kernel selects the mitigation depending on

				  the available CPU features and vulnerability.



			Default mitigation:

			If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl"



			Not specifying this option is equivalent to

			spectre_v2_user=auto.



	spec_store_bypass_disable=

			[HW] Control Speculative Store Bypass (SSB) Disable mitigation

			(Speculative Store Bypass vulnerability)

Documentation/userspace-api/spec_ctrl.rst

+9 −0
Original line number Diff line number Diff line
@@ -92,3 +92,12 @@ Speculation misfeature controls 
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);



- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes

                        (Mitigate Spectre V2 style attacks against user processes)



  Invocations:

   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);

Makefile

+1 −1
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

VERSION = 4

PATCHLEVEL = 14

SUBLEVEL = 85

SUBLEVEL = 86

EXTRAVERSION =

NAME = Petit Gorille

arch/arm/boot/dts/rk3288-veyron.dtsi

+5 −1
Original line number Diff line number Diff line
@@ -47,7 +47,11 @@ 
#include "rk3288.dtsi"



/ {

	memory@0 {

	/*

	 * The default coreboot on veyron devices ignores memory@0 nodes

	 * and would instead create another memory node.

	 */

	memory {

		device_type = "memory";

		reg = <0x0 0x0 0x0 0x80000000>;

	};

arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts

+1 −1
Original line number Diff line number Diff line
@@ -130,7 +130,7 @@ 
};



&pcie0 {

	ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_LOW>;

	ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_HIGH>;

	num-lanes = <4>;

	pinctrl-names = "default";

	pinctrl-0 = <&pcie_clkreqn_cpm>;