Commit 0e1a219e authored May 22, 2018 by Blagovest Kolenichev Committed by Isaac J. Manjarres May 22, 2018

Merge android-4.14.43 (4c9e0a9b) into msm-4.14



* refs/heads/tmp-4c9e0a9b
  Linux 4.14.43
  x86/bugs: Rename SSBD_NO to SSB_NO
  KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
  x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
  x86/bugs: Rework spec_ctrl base and mask logic
  x86/bugs: Remove x86_spec_ctrl_set()
  x86/bugs: Expose x86_spec_ctrl_base directly
  x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
  x86/speculation: Rework speculative_store_bypass_update()
  x86/speculation: Add virtualized speculative store bypass disable support
  x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
  x86/speculation: Handle HT correctly on AMD
  x86/cpufeatures: Add FEATURE_ZEN
  x86/cpufeatures: Disentangle SSBD enumeration
  x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
  x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
  KVM: SVM: Move spec control call after restore of GS
  x86/cpu: Make alternative_msr_write work for 32-bit code
  x86/bugs: Fix the parameters alignment and missing void
  x86/bugs: Make cpu_show_common() static
  x86/bugs: Fix __ssb_select_mitigation() return type
  Documentation/spec_ctrl: Do some minor cleanups
  proc: Use underscores for SSBD in 'status'
  x86/bugs: Rename _RDS to _SSBD
  x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
  seccomp: Move speculation migitation control to arch code
  seccomp: Add filter flag to opt-out of SSB mitigation
  seccomp: Use PR_SPEC_FORCE_DISABLE
  prctl: Add force disable speculation
  x86/bugs: Make boot modes __ro_after_init
  seccomp: Enable speculation flaw mitigations
  proc: Provide details on speculation flaw mitigations
  nospec: Allow getting/setting on non-current task
  x86/speculation: Add prctl for Speculative Store Bypass mitigation
  x86/process: Allow runtime control of Speculative Store Bypass
  prctl: Add speculation control prctls
  x86/speculation: Create spec-ctrl.h to avoid include hell
  x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
  x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
  x86/bugs: Whitelist allowed SPEC_CTRL MSR values
  x86/bugs/intel: Set proper CPU features and setup RDS
  x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
  x86/cpufeatures: Add X86_FEATURE_RDS
  x86/bugs: Expose /sys/../spec_store_bypass
  x86/bugs, KVM: Support the combination of guest and host IBRS
  x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
  x86/bugs: Concentrate bug reporting into a separate function
  x86/bugs: Concentrate bug detection into a separate function
  x86/nospec: Simplify alternative_msr_write()
  btrfs: fix reading stale metadata blocks after degraded raid1 mounts
  btrfs: Fix delalloc inodes invalidation during transaction abort
  btrfs: Split btrfs_del_delalloc_inode into 2 functions
  btrfs: fix crash when trying to resume balance without the resume flag
  btrfs: property: Set incompat flag if lzo/zstd compression is set
  Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
  Btrfs: fix xattr loss after power failure
  ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
  ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
  ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
  tick/broadcast: Use for_each_cpu() specially on UP kernels
  x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
  ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
  efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
  x86/pkeys: Do not special case protection key 0
  x86/pkeys: Override pkey when moving away from PROT_EXEC
  s390: remove indirect branch from do_softirq_own_stack
  s390/qdio: don't release memory in qdio_setup_irq()
  s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
  s390/qdio: fix access to uninitialized qdio_q fields
  drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
  mm: don't allow deferred pages with NEED_PER_CPU_KM
  radix tree: fix multi-order iteration race
  lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
  drm: Match sysfs name in link removal to link creation
  powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
  i2c: designware: fix poll-after-enable regression
  netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
  netfilter: nf_tables: can't fail after linking rule into active rule list
  netfilter: nf_tables: free set name in error path
  tee: shm: fix use-after-free via temporarily dropped reference
  tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
  vfio: ccw: fix cleanup if cp_prefetch fails
  powerpc: Don't preempt_disable() in show_cpuinfo()
  KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
  KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
  spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
  spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
  spi: pxa2xx: Allow 64-bit DMA
  ALSA: control: fix a redundant-copy issue
  ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
  ALSA: usb: mixer: volume quirk for CM102-A+/102S+
  usbip: usbip_host: fix bad unlock balance during stub_probe()
  usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
  usbip: usbip_host: run rebind from exit when module is removed
  usbip: usbip_host: delete device from busid_table after rebind
  usbip: usbip_host: refine probe and disconnect debug msgs to be useful
  Linux 4.14.42
  proc: do not access cmdline nor environ from file-backed areas
  l2tp: revert "l2tp: fix missing print session offset info"
  xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
  btrfs: Take trans lock before access running trans in check_delayed_ref
  xfrm: Use __skb_queue_tail in xfrm_trans_queue
  scsi: aacraid: Correct hba_send to include iu_type
  udp: fix SO_BINDTODEVICE
  nsh: fix infinite loop
  net/mlx5e: Allow offloading ipv4 header re-write for icmp
  ipv6: fix uninit-value in ip6_multipath_l3_keys()
  hv_netvsc: set master device
  net/mlx5: Avoid cleaning flow steering table twice during error flow
  net/mlx5e: TX, Use correct counter in dma_map error flow
  net: sched: fix error path in tcf_proto_create() when modules are not configured
  bonding: send learning packets for vlans on slave
  bonding: do not allow rlb updates to invalid mac
  tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
  tcp: ignore Fast Open on repair mode
  tcp_bbr: fix to zero idle_restart only upon S/ACKed data
  sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
  sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
  sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
  sctp: fix the issue that the cookie-ack with auth can't get processed
  sctp: delay the authentication for the duplicated cookie-echo chunk
  rds: do not leak kernel memory to user land
  r8169: fix powering up RTL8168h
  qmi_wwan: do not steal interfaces from class drivers
  openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
  net/tls: Fix connection stall on partial tls record
  net/tls: Don't recursively call push_record during tls_write_space callbacks
  net: support compat 64-bit time in {s,g}etsockopt
  net_sched: fq: take care of throttled flows before reuse
  net sched actions: fix refcnt leak in skbmod
  net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
  net/mlx5e: Err if asked to offload TC match on frag being first
  net/mlx4_en: Verify coalescing parameters are in range
  net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
  net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
  net: ethernet: sun: niu set correct packet size in skb
  llc: better deal with too small mtu
  ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
  ipv4: fix fnhe usage by non-cached routes
  dccp: fix tasklet usage
  bridge: check iface upper dev when setting master via ioctl
  8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
  ANDROID: sdcardfs: Don't d_drop in d_revalidate
  FROMLIST: brcmfmac: fix initialization of struct cfg80211_inform_bss variable
  FROMLIST: brcmfmac: reports boottime_ns while informing bss

Change-Id: I43c27b71b153a2a87070de3ea393002769856960
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>

parents 390df4f5 4c9e0a9b

Documentation/ABI/testing/sysfs-devices-system-cpu

+1 −0

Original line number	Diff line number	Diff line
		@@ -378,6 +378,7 @@ What: /sys/devices/system/cpu/vulnerabilities
		/sys/devices/system/cpu/vulnerabilities/meltdown
		/sys/devices/system/cpu/vulnerabilities/spectre_v1
		/sys/devices/system/cpu/vulnerabilities/spectre_v2
		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
		Date: January 2018
		Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
		Description: Information about CPU vulnerabilities

Documentation/admin-guide/kernel-parameters.txt

+45 −0

Original line number	Diff line number	Diff line
		@@ -2609,6 +2609,9 @@
		allow data leaks with this option, which is equivalent
		to spectre_v2=off.

		nospec_store_bypass_disable
		[HW] Disable all mitigations for the Speculative Store Bypass vulnerability

		noxsave [BUGS=X86] Disables x86 extended register state save
		and restore using xsave. The kernel will fallback to
		enabling legacy floating-point and sse state.
		@@ -3939,6 +3942,48 @@
		Not specifying this option is equivalent to
		spectre_v2=auto.

		spec_store_bypass_disable=
		[HW] Control Speculative Store Bypass (SSB) Disable mitigation
		(Speculative Store Bypass vulnerability)

		Certain CPUs are vulnerable to an exploit against a
		a common industry wide performance optimization known
		as "Speculative Store Bypass" in which recent stores
		to the same memory location may not be observed by
		later loads during speculative execution. The idea
		is that such stores are unlikely and that they can
		be detected prior to instruction retirement at the
		end of a particular speculation execution window.

		In vulnerable processors, the speculatively forwarded
		store can be used in a cache side channel attack, for
		example to read memory to which the attacker does not
		directly have access (e.g. inside sandboxed code).

		This parameter controls whether the Speculative Store
		Bypass optimization is used.

		on - Unconditionally disable Speculative Store Bypass
		off - Unconditionally enable Speculative Store Bypass
		auto - Kernel detects whether the CPU model contains an
		implementation of Speculative Store Bypass and
		picks the most appropriate mitigation. If the
		CPU is not vulnerable, "off" is selected. If the
		CPU is vulnerable the default mitigation is
		architecture and Kconfig dependent. See below.
		prctl - Control Speculative Store Bypass per thread
		via prctl. Speculative Store Bypass is enabled
		for a process by default. The state of the control
		is inherited on fork.
		seccomp - Same as "prctl" above, but all seccomp threads
		will disable SSB unless they explicitly opt out.

		Not specifying this option is equivalent to
		spec_store_bypass_disable=auto.

		Default mitigations:
		X86: If CONFIG_SECCOMP=y "seccomp", otherwise "prctl"

		spia_io_base= [HW,MTD]
		spia_fio_base=
		spia_pedr=

Documentation/userspace-api/index.rst

+1 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ place where this information is gathered.
		no_new_privs
		seccomp_filter
		unshare
		spec_ctrl

		.. only:: subproject and html

Documentation/userspace-api/spec_ctrl.rst

0 → 100644

+94 −0

Original line number	Diff line number	Diff line
		===================
		Speculation Control
		===================

		Quite some CPUs have speculation-related misfeatures which are in
		fact vulnerabilities causing data leaks in various forms even across
		privilege domains.

		The kernel provides mitigation for such vulnerabilities in various
		forms. Some of these mitigations are compile-time configurable and some
		can be supplied on the kernel command line.

		There is also a class of mitigations which are very expensive, but they can
		be restricted to a certain set of processes or tasks in controlled
		environments. The mechanism to control these mitigations is via
		:manpage:`prctl(2)`.

		There are two prctl options which are related to this:

		* PR_GET_SPECULATION_CTRL

		* PR_SET_SPECULATION_CTRL

		PR_GET_SPECULATION_CTRL
		-----------------------

		PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
		which is selected with arg2 of prctl(2). The return value uses bits 0-3 with
		the following meaning:

		==== ===================== ===================================================
		Bit Define Description
		==== ===================== ===================================================
		0 PR_SPEC_PRCTL Mitigation can be controlled per task by
		PR_SET_SPECULATION_CTRL.
		1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
		disabled.
		2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
		enabled.
		3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
		subsequent prctl(..., PR_SPEC_ENABLE) will fail.
		==== ===================== ===================================================

		If all bits are 0 the CPU is not affected by the speculation misfeature.

		If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
		available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
		misfeature will fail.

		PR_SET_SPECULATION_CTRL
		-----------------------

		PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
		is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
		in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or
		PR_SPEC_FORCE_DISABLE.

		Common error codes
		------------------
		======= =================================================================
		Value Meaning
		======= =================================================================
		EINVAL The prctl is not implemented by the architecture or unused
		prctl(2) arguments are not 0.

		ENODEV arg2 is selecting a not supported speculation misfeature.
		======= =================================================================

		PR_SET_SPECULATION_CTRL error codes
		-----------------------------------
		======= =================================================================
		Value Meaning
		======= =================================================================
		0 Success

		ERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
		PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.

		ENXIO Control of the selected speculation misfeature is not possible.
		See PR_GET_SPECULATION_CTRL.

		EPERM Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller
		tried to enable it again.
		======= =================================================================

		Speculation misfeature controls
		-------------------------------
		- PR_SPEC_STORE_BYPASS: Speculative Store Bypass

		Invocations:
		* prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
		* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
		* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
		* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);

Makefile

+1 −1

Original line number	Diff line number	Diff line
		# SPDX-License-Identifier: GPL-2.0
		VERSION = 4
		PATCHLEVEL = 14
		SUBLEVEL = 41
		SUBLEVEL = 43
		EXTRAVERSION =
		NAME = Petit Gorille