[PATCH 4.9 37/87] x86/bugs: Concentrate bug detection into a separate function

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 4a28bfe3267b68e22c663ac26185aa16c9b879ef upstream Combine the various logic which goes through all those x86_cpu_id matching structures in one function. Suggested-

[PATCH 4.9 36/87] x86/nospec: Simplify alternative_msr_write()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 1aa7a5735a41418d8e01fa7c9565eb2657e2ea3f upstream The macro is not type safe and I did look for why that "g" constraint for the asm doesn't work: it's because the asm is m

[PATCH 4.9 39/87] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 1b86883ccb8d5d9506529d42dbe1a5257cb30b18 upstream The 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to all the other bits as reserved. The Intel

[PATCH 4.9 38/87] x86/bugs: Concentrate bug reporting into a separate function

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit d1059518b4789cabe34bb4b714d07e6089c82ca1 upstream Those SysFS functions have a similar preamble, as such make common code to handle them. Suggested-by: Borislav Pe

[PATCH 4.9 42/87] x86/cpufeatures: Add X86_FEATURE_RDS

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 0cc5fa00b0a88dad140b4e5c2cead9951ad36822 upstream Add the CPU feature bit CPUID.7.0.EDX[31] which indicates whether the CPU supports Reduced Data Speculation. [ tg

[PATCH 4.9 44/87] x86/bugs/intel: Set proper CPU features and setup RDS

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 772439717dbf703b39990be58d8d4e3e4ad0598a upstream Intel CPUs expose methods to: - Detect whether RDS capability is available via CPUID.7.0.EDX[31], - The SPEC_C

[PATCH 4.9 43/87] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 24f7fc83b9204d20f878c57cb77d261ae825e033 upstream Contemporary high performance processors use a common industry-wide optimization known as "Speculative Store Bypas

[PATCH 4.9 45/87] x86/bugs: Whitelist allowed SPEC_CTRL MSR values

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 1115a859f33276fe8afb31c60cf9d8e657872558 upstream Intel and AMD SPEC_CTRL (0x48) MSR semantics may differ in the future (or in fact use different MSRs for the same

Re: [PATCH 00/33] use match_string() helper

On Mon, May 21, 2018 at 2:57 PM, Yisheng Xie wrote: > Andy introduce helper function match_string() which can be used to return > the index of array for a matching string. so we can use it in many places > intead of open coded variant. You forgot to Cc that Andy. For the patches I didn't comment

[PATCH 4.9 18/87] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Nicholas Piggin commit c1d2a31397ec51f0370f6bd17b19b39152c263cb upstream. Similarly to opal_event_shutdown, opal_nvram_write can be called in the crash path with irqs disabled. Special case the

Re: [alsa-devel] [PATCH 29/33] ALSA: oxfw: use match_string() helper

Hi, On May 21 2018 20:58, Yisheng Xie wrote: match_string() returns the index of an array for a matching string, which can be used intead of open coded variant. Cc: Clemens Ladisch Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: alsa-de...@alsa-project.org Signed-off-by: Yisheng Xie --- sound/fi

[PATCH 4.9 19/87] mm: dont allow deferred pages with NEED_PER_CPU_KM

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Pavel Tatashin commit ab1e8d8960b68f54af42b6484b5950bd13a4054b upstream. It is unsafe to do virtual to physical translations before mm_init() is called if struct page is needed in order to dete

[PATCH 4.9 48/87] x86/speculation: Create spec-ctrl.h to avoid include hell

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 28a2775217b17208811fa43a9e96bd1fdf417b86 upstream Having everything in nospec-branch.h creates a hell of dependencies when adding the prctl based switching mechanism. Mov

[PATCH 4.9 49/87] prctl: Add speculation control prctls

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit b617cfc858161140d69cc0b5cc211996b557a1c7 upstream Add two new prctls to control aspects of speculation related vulnerabilites and their mitigations to provide finer grain

[PATCH 4.9 20/87] s390/qdio: fix access to uninitialized qdio_q fields

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit e521813468f786271a87e78e8644243bead48fad upstream. Ever since CQ/QAOB support was added, calling qdio_free() straight after qdio_alloc() results in qdio_release_memory()

[PATCH 4.9 22/87] s390/qdio: dont release memory in qdio_setup_irq()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit 2e68adcd2fb21b7188ba449f0fab3bee2910e500 upstream. Calling qdio_release_memory() on error is just plain wrong. It frees the main qdio_irq struct, when following code stil

[PATCH 4.9 51/87] x86/process: Correct and optimize TIF_BLOCKSTEP switch

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kyle Huey commit b9894a2f5bd18b1691cb6872c9afe32b148d0132 upstream The debug control MSR is "highly magical" as the blockstep bit can be cleared by hardware under not well documented circumstan

[PATCH 4.9 24/87] x86/pkeys: Override pkey when moving away from PROT_EXEC

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Dave Hansen commit 0a0b152083cfc44ec1bb599b57b7aab41327f998 upstream. I got a bug report that the following code (roughly) was causing a SIGSEGV: mprotect(ptr, size, PROT_EXEC);

[PATCH 4.9 23/87] s390: remove indirect branch from do_softirq_own_stack

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Martin Schwidefsky commit 9f18fff63cfd6f559daa1eaae60640372c65f84b upstream. The inline assembly to call __do_softirq on the irq stack uses an indirect branch. This can be replaced with a norma

[PATCH 4.9 53/87] x86/process: Allow runtime control of Speculative Store Bypass

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 885f82bfbc6fefb6664ea27965c3ab9ac4194b8c upstream The Speculative Store Bypass vulnerability can be mitigated with the Reduced Data Speculation (RDS) feature. To allow fi

Re: [PATCH 32/33] ASoC: max98095: use match_string() helper

On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > + int ret = match_string(bq_mode_name, ARRAY_SIZE(bq_mode_name), name); Rather split and move an assignment to the

[PATCH 4.9 63/87] x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit f21b53b20c754021935ea43364dbf53778eeba32 upstream Unless explicitly opted out of, anything running under seccomp will have SSB mitigations enabled. Choosing the "prctl" mode wi

Re: [PATCH 31/33] ASoC: max98088: use match_string() helper

On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > static int max98088_get_channel(struct snd_soc_component *component, const > char *name) > { > + int ret = match_

[PATCH 4.9 62/87] seccomp: Move speculation migitation control to arch code

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc upstream The migitation control is simpler to implement in architecture code as it avoids the extra function call to check the mo

[PATCH 4.9 65/87] proc: Use underscores for SSBD in status

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit e96f46ee8587607a828f783daa6eb5b44d25004d upstream The style for the 'status' file is CamelCase or this. _. Fixes: fae1fa0fc ("proc: Provide details on speculation

[PATCH 4.9 67/87] x86/bugs: Fix __ssb_select_mitigation() return type

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit d66d8ff3d21667b41eddbe86b35ab411e40d8c5f upstream __ssb_select_mitigation() returns one of the members of enum ssb_mitigation, not ssb_mitigation_cmd; fix the prototype to re

[PATCH 4.9 68/87] x86/bugs: Make cpu_show_common() static

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit 7bb4d366cba992904bffa4820d24e70a3de93e76 upstream cpu_show_common() is not used outside of arch/x86/kernel/cpu/bugs.c, so make it static. Signed-off-by: Jiri Kosina Signed-

[PATCH 4.9 71/87] KVM: SVM: Move spec control call after restore of GS

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 15e6c22fd8e5a42c5ed6d487b7c9fe44c2517765 upstream svm_vcpu_run() invokes x86_spec_ctrl_restore_host() after VMEXIT, but before the host GS is restored. x86_spec_ctrl_rest

[PATCH 4.9 66/87] Documentation/spec_ctrl: Do some minor cleanups

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov commit dd0792699c4058e63c0715d9a7c2d40226fcdddc upstream Fix some typos, improve formulations, end sentences with a fullstop. Signed-off-by: Borislav Petkov Signed-off-by: Tho

Re: [PATCH 30/33] ALSA: oxygen: use match_string() helper

On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > > Cc: Clemens Ladisch > Cc: Jaroslav Kysela > Cc: Takashi Iwai > Cc: alsa-de...@alsa-project.org > Signed-off-by: Yisheng

[PATCH 4.9 73/87] x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 7eb8956a7fec3c1f0abc2a5517dada99ccc8a961 upstream The availability of the SPEC_CTRL MSR is enumerated by a CPUID bit on Intel and implied by IBRS or STIBP support on AMD.

[PATCH 4.9 76/87] x86/cpufeatures: Add FEATURE_ZEN

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit d1035d971829dcf80e8686ccde26f94b0a069472 upstream Add a ZEN feature bit so family-dependent static_cpu_has() optimizations can be built for ZEN. Signed-off-by: Thomas Gl

[PATCH 4.9 74/87] x86/cpufeatures: Disentangle SSBD enumeration

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 52817587e706686fcdb27f14c1b000c92f266c96 upstream The SSBD enumeration is similarly to the other bits magically shared between Intel and AMD though the mechanisms are dif

[PATCH 4.9 78/87] x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit ccbcd2674472a978b48c91c1fbfb66c0ff959f24 upstream AMD is proposing a VIRT_SPEC_CTRL MSR to handle the Speculative Store Bypass Disable via MSR_AMD64_LS_CFG so that guests

[PATCH 4.9 79/87] x86/speculation: Add virtualized speculative store bypass disable support

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tom Lendacky commit 11fb0683493b2da112cd64c9dada221b52463bf7 upstream Some AMD processors only support a non-architectural means of enabling speculative store bypass disable (SSBD). To allow a

Re: [RFC PATCH net-next 10/12] vhost_net: build xdp buff

On Mon, May 21, 2018 at 09:56:11AM -0700, Jesse Brandeburg wrote: > On Mon, 21 May 2018 17:04:31 +0800 Jason wrote: > > This patch implement build XDP buffers in vhost_net. The idea is do > > userspace copy in vhost_net and build XDP buff based on the > > page. Vhost_net can then submit one or an a

[PATCH 4.9 55/87] nospec: Allow getting/setting on non-current task

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 7bbf1373e228840bb0295a2ca26d548ef37f448e upstream Adjust arch_prctl_get/set_spec_ctrl() to operate on tasks other than current. This is needed both for /proc/$pid/status queri

[PATCH 4.9 80/87] x86/speculation: Rework speculative_store_bypass_update()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 0270be3e34efb05a88bc4c422572ece038ef3608 upstream The upcoming support for the virtual SPEC_CTRL MSR on AMD needs to reuse speculative_store_bypass_update() to avoid code

[PATCH 4.9 81/87] x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov commit cc69b34989210f067b2c51d5539b5f96ebcc3a01 upstream Function bodies are very similar and are going to grow more almost identical code. Add a bool arg to determine whether S

Re: [PATCH 01/33] usb: phy: use match_string() helper

On Mon, May 21, 2018 at 2:57 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > - int err, i; > + int ret; int err; would still work. -- With Best Regards, Andy Shevchenko

[PATCH 4.9 83/87] x86/bugs: Remove x86_spec_ctrl_set()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 4b59bdb569453a60b752b274ca61f009e37f4dae upstream x86_spec_ctrl_set() is only used in bugs.c and the extra mask checks there provide no real value as both call sites can

[PATCH 4.9 86/87] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tom Lendacky commit bc226f07dcd3c9ef0b7f6236fe356ea4a9cb4769 upstream Expose the new virtualized architectural mechanism, VIRT_SSBD, for using speculative store bypass disable (SSBD) under SVM.

[PATCH 4.9 84/87] x86/bugs: Rework spec_ctrl base and mask logic

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit be6fcb5478e95bb1c91f489121238deb3abca46a upstream x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value which are not to be modified. However the imp

[PATCH 4.9 58/87] x86/bugs: Make boot modes __ro_after_init

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit f9544b2b076ca90d887c5ae5d74fab4c21bb7c13 upstream There's no reason for these to be changed after boot. Signed-off-by: Kees Cook Signed-off-by: Thomas Gleixner Signed-off-by

[PATCH 4.9 56/87] proc: Provide details on speculation flaw mitigations

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit fae1fa0fc6cca8beee3ab8ed71d54f9a78fa3f64 upstream As done with seccomp and no_new_privs, also show speculation flaw mitigation state in /proc/$pid/status. Signed-off-by: Kees

[PATCH 4.9 87/87] x86/bugs: Rename SSBD_NO to SSB_NO

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 240da953fcc6a9008c92fae5b1f727ee5ed167ab upstream The "336996 Speculative Execution Side Channel Mitigations" from May defines this as SSB_NO, hence lets sync-up.

[PATCH 4.9 59/87] prctl: Add force disable speculation

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee upstream For certain use cases it is desired to enforce mitigations so they cannot be undone afterwards. That's important for loa

[PATCH 4.9 57/87] seccomp: Enable speculation flaw mitigations

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 5c3070890d06ff82eecb808d02d2ca39169533ef upstream When speculation flaw mitigations are opt-in (via prctl), using seccomp will automatically opt-in to these protections, since

[PATCH 4.9 52/87] x86/process: Optimize TIF_NOTSC switch

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 5a920155e388ec22a22e0532fb695b9215c9b34d upstream Provide and use a toggle helper instead of doing it with a branch. x86_64: arch/x86/kernel/process.o text data

[PATCH 4.9 61/87] seccomp: Add filter flag to opt-out of SSB mitigation

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 00a02d0c502a06d15e07b857f8ff921e3e402675 upstream If a seccomp user is not interested in Speculative Store Bypass mitigation by default, it can set the new SECCOMP_FILTER_FLAG_

[PATCH 4.14 10/95] spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kamal Dasu commit 5eb9a07a4ae1008b67d8bcd47bddb3dae97456b7 upstream. Added fix for probing of spi-nor device non-zero chip selects. Set MSPI_CDRAM_PCS (peripheral chip select) with spi master

[PATCH 4.9 60/87] seccomp: Use PR_SPEC_FORCE_DISABLE

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit b849a812f7eb92e96d1c8239b06581b2cfd8b275 upstream Use PR_SPEC_FORCE_DISABLE in seccomp() because seccomp does not allow to widen restrictions. Signed-off-by: Thomas Glei

[PATCH 4.14 13/95] KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andre Przywara commit bf308242ab98b5d1648c3663e753556bef9bec01 upstream. kvm_read_guest() will eventually look up in kvm_memslots(), which requires either to hold the kvm->slots_lock or to be

[PATCH 4.14 12/95] KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andre Przywara commit 711702b57cc3c50b84bd648de0f1ca0a378805be upstream. kvm_read_guest() will eventually look up in kvm_memslots(), which requires either to hold the kvm->slots_lock or to be

[PATCH 4.14 01/95] usbip: usbip_host: refine probe and disconnect debug msgs to be useful

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit 28b68acc4a88dcf91fd1dcf2577371dc9bf574cc upstream. Refine probe and disconnect debug msgs to be useful and say what is in progress. Signed-off-by: Shuah Khan Cc: stable Si

[PATCH 4.14 11/95] spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kamal Dasu commit 602805fb618b018b7a41fbb3f93c1992b078b1ae upstream. Always confirm the BSPI_MAST_N_BOOT_CTRL bit when enabling or disabling BSPI transfers. Fixes: 4e3b2d236fe00 ("spi: bcm-qs

[PATCH 4.14 15/95] vfio: ccw: fix cleanup if cp_prefetch fails

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Halil Pasic commit d66a7355717ec903d455277a550d930ba13df4a8 upstream. If the translation of a channel program fails, we may end up attempting to clean up (free, unpin) stuff that never got tra

[PATCH 4.14 19/95] netfilter: nf_tables: cant fail after linking rule into active rule list

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 569ccae68b38654f04b6842b034aa33857f605fe upstream. rules in nftables a free'd using kfree, but protected by rcu, i.e. we must wait for a grace period to elapse. Normal

[PATCH 4.14 17/95] tee: shm: fix use-after-free via temporarily dropped reference

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit bb765d1c331f62b59049d35607ed2e365802bef9 upstream. Bump the file's refcount before moving the reference into the fd table, not afterwards. The old code could drop the file's r

Re: [PATCH] intel_th: pti: Convert to use sysfs_match_string() helper

On Wed, May 16, 2018 at 12:15 PM, Yisheng Xie wrote: > The helper returns index of the matching string in an array, > use it to simpler the code. IIRC I sent the patch with the same semantics week or so ago against this file. > > Signed-off-by: Yisheng Xie > --- > drivers/hwtracing/intel_th/pt

[PATCH 4.14 23/95] drm: Match sysfs name in link removal to link creation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Haneen Mohammed commit 7f6df440b8623c441c42d070bf592e2d2c1fa9bb upstream. This patch matches the sysfs name used in the unlinking with the linking function. Otherwise, remove_compat_control_li

[PATCH 4.14 18/95] netfilter: nf_tables: free set name in error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 2f6adf481527c8ab8033c601f55bfb5b3712b2ac upstream. set->name must be free'd here in case ops->init fails. Fixes: 387454901bd6 ("netfilter: nf_tables: Allow set names o

Re: [PATCH 27/33] sched/debug: use match_string() helper

On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > > Cc: Ingo Molnar > Cc: Peter Zijlstra > Signed-off-by: Yisheng Xie > --- > kernel/sched/debug.c | 20 +-

[PATCH 4.14 22/95] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nicholas Piggin commit c1d2a31397ec51f0370f6bd17b19b39152c263cb upstream. Similarly to opal_event_shutdown, opal_nvram_write can be called in the crash path with irqs disabled. Special case th

[PATCH 4.14 25/95] radix tree: fix multi-order iteration race

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ross Zwisler commit 9f418224e8114156d995b98fa4e0f4fd21f685fe upstream. Fix a race in the multi-order iteration code which causes the kernel to hit a GP fault. This was first seen with a produ

[PATCH 4.14 26/95] mm: dont allow deferred pages with NEED_PER_CPU_KM

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Pavel Tatashin commit ab1e8d8960b68f54af42b6484b5950bd13a4054b upstream. It is unsafe to do virtual to physical translations before mm_init() is called if struct page is needed in order to det

[PATCH 4.14 28/95] s390/qdio: fix access to uninitialized qdio_q fields

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit e521813468f786271a87e78e8644243bead48fad upstream. Ever since CQ/QAOB support was added, calling qdio_free() straight after qdio_alloc() results in qdio_release_memory()

[PATCH 4.14 03/95] usbip: usbip_host: run rebind from exit when module is removed

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan (Samsung OSG) commit 7510df3f29d44685bab7b1918b61a8ccd57126a9 upstream. After removing usbip_host module, devices it releases are left without a driver. For example, when a keyboard

[PATCH 4.14 05/95] usbip: usbip_host: fix bad unlock balance during stub_probe()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan (Samsung OSG) commit c171654caa875919be3c533d3518da8be5be966e upstream. stub_probe() calls put_busid_priv() in an error path when device isn't found in the busid_table. Fix it by ma

[PATCH 4.14 27/95] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michel Thierry commit b579f924a90f42fa561afd8201514fc216b71949 upstream. Factor in clear values wherever required while updating destination min/max. References: HSDES#160184 Signed-off-b

[PATCH 4.14 30/95] s390/qdio: dont release memory in qdio_setup_irq()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit 2e68adcd2fb21b7188ba449f0fab3bee2910e500 upstream. Calling qdio_release_memory() on error is just plain wrong. It frees the main qdio_irq struct, when following code sti

[PATCH 4.14 07/95] ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit c8beccc19b92f5172994c0732db689c08f4f98e5 upstream. Power-saving is causing loud plops on the Lenovo C50 All in one, add it to the blacklist. BugLink: https://bugzilla.red

[PATCH 4.14 32/95] x86/pkeys: Override pkey when moving away from PROT_EXEC

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dave Hansen commit 0a0b152083cfc44ec1bb599b57b7aab41327f998 upstream. I got a bug report that the following code (roughly) was causing a SIGSEGV: mprotect(ptr, size, PROT_EXEC);

[PATCH 4.14 43/95] btrfs: property: Set incompat flag if lzo/zstd compression is set

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Misono Tomohiro commit 1a63c198ddb810c790101d693c7071cca703b3c7 upstream. Incompat flag of LZO/ZSTD compression should be set at: 1. mount time (-o compress/compress-force) 2. when defrag i

[PATCH 4.14 41/95] Btrfs: fix xattr loss after power failure

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit 9a8fca62aacc1599fea8e813d01e1955513e4fad upstream. If a file has xattrs, we fsync it, to ensure we clear the flags BTRFS_INODE_NEEDS_FULL_SYNC and BTRFS_INODE_COPY_EVERYTH

[PATCH 4.14 09/95] spi: pxa2xx: Allow 64-bit DMA

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andy Shevchenko commit efc4a13724b852ddaa3358402a8dec024ffbcb17 upstream. Currently the 32-bit device address only is supported for DMA. However, starting from Intel Sunrisepoint PCH the DMA a

Re: [PATCH] mm/THP: use hugepage_vma_check() in khugepaged_enter_vma_merge()

On Mon, 21 May 2018, Song Liu wrote: > khugepaged_enter_vma_merge() is using a different approach to check > whether a vma is valid for khugepaged_enter(): > > if (!vma->anon_vma) > /* > * Not yet faulted in so we will register later in the > * page fault

[PATCH 4.14 45/95] btrfs: Split btrfs_del_delalloc_inode into 2 functions

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nikolay Borisov commit 2b8773313494ede83a26fb372466e634564002ed upstream. This is in preparation of fixing delalloc inodes leakage on transaction abort. Also export the new function. Signed-o

[PATCH 4.14 00/95] 4.14.43-stable review

This is the start of the stable review cycle for the 4.14.43 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue May 22 21:04:09 UTC 2018. Anything receiv

[PATCH 4.14 46/95] btrfs: Fix delalloc inodes invalidation during transaction abort

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nikolay Borisov commit fe816d0f1d4c31c4c31d42ca78a87660565fc800 upstream. When a transaction is aborted btrfs_cleanup_transaction is called to cleanup all the various in-flight bits and pieces

[PATCH 4.14 49/95] x86/bugs: Concentrate bug detection into a separate function

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 4a28bfe3267b68e22c663ac26185aa16c9b879ef upstream Combine the various logic which goes through all those x86_cpu_id matching structures in one function. Suggested

Re: [PATCH 26/33] apparmor: use match_string() helper

On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. http://kernsec.org/pipermail/linux-security-module-archi > Cc: John Johansen > Cc: James Morris > Cc: "Serge E. Hallyn" >

[PATCH 4.14 33/95] x86/pkeys: Do not special case protection key 0

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dave Hansen commit 2fa9d1cfaf0e02f8abef0757002bff12dfcfa4e6 upstream. mm_pkey_is_allocated() treats pkey 0 as unallocated. That is inconsistent with the manpages, and also inconsistent with m

[PATCH 4.14 51/95] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 1b86883ccb8d5d9506529d42dbe1a5257cb30b18 upstream The 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to all the other bits as reserved. The Intel

Re: [PATCH net] tuntap: raise EPOLLOUT on device up

On Mon, May 21, 2018 at 11:47:42AM -0400, David Miller wrote: > From: Jason Wang > Date: Fri, 18 May 2018 21:00:43 +0800 > > > We return -EIO on device down but can not raise EPOLLOUT after it was > > up. This may confuse user like vhost which expects tuntap to raise > > EPOLLOUT to re-enable its

[PATCH 4.14 54/95] x86/cpufeatures: Add X86_FEATURE_RDS

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 0cc5fa00b0a88dad140b4e5c2cead9951ad36822 upstream Add the CPU feature bit CPUID.7.0.EDX[31] which indicates whether the CPU supports Reduced Data Speculation. [ t

[PATCH 4.14 52/95] x86/bugs, KVM: Support the combination of guest and host IBRS

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 5cf687548705412da47c9cec342fd952d71ed3d5 upstream A guest may modify the SPEC_CTRL MSR from the value used by the kernel. Since the kernel doesn't use IBRS, this m

[PATCH 4.14 56/95] x86/bugs/intel: Set proper CPU features and setup RDS

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 772439717dbf703b39990be58d8d4e3e4ad0598a upstream Intel CPUs expose methods to: - Detect whether RDS capability is available via CPUID.7.0.EDX[31], - The SPEC_

[PATCH 4.14 57/95] x86/bugs: Whitelist allowed SPEC_CTRL MSR values

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 1115a859f33276fe8afb31c60cf9d8e657872558 upstream Intel and AMD SPEC_CTRL (0x48) MSR semantics may differ in the future (or in fact use different MSRs for the same

Re: [PATCH net] tuntap: raise EPOLLOUT on device up

On Sat, May 19, 2018 at 09:09:11AM +0800, Jason Wang wrote: > > > On 2018年05月18日 22:46, Michael S. Tsirkin wrote: > > On Fri, May 18, 2018 at 10:11:54PM +0800, Jason Wang wrote: > > > > > > On 2018年05月18日 22:06, Michael S. Tsirkin wrote: > > > > On Fri, May 18, 2018 at 10:00:31PM +0800, Jason Wa

[PATCH 4.14 53/95] x86/bugs: Expose /sys/../spec_store_bypass

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit c456442cd3a59eeb1d60293c26cbe2ff2c4e42cf upstream Add the sysfs file for the new vulerability. It does not do much except show the words 'Vulnerable' for recent x8

[PATCH 4.14 59/95] x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit da39556f66f5cfe8f9c989206974f1cb16ca5d7c upstream Expose the CPUID.7.EDX[31] bit to the guest, and also guard against various combinations of SPEC_CTRL MSR values.

[PATCH 4.14 60/95] x86/speculation: Create spec-ctrl.h to avoid include hell

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 28a2775217b17208811fa43a9e96bd1fdf417b86 upstream Having everything in nospec-branch.h creates a hell of dependencies when adding the prctl based switching mechanism. Mo

Re: [PATCH 24/33] drm: use match_string() helper

On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. https://patchwork.kernel.org/patch/10382377/ > Cc: Gustavo Padovan > Cc: Maarten Lankhorst > Cc: Sean Paul > Cc: David Ai

[PATCH 4.14 34/95] efi: Avoid potential crashes, fix the struct efi_pci_io_protocol_32 definition for mixed mode

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ard Biesheuvel commit 0b3225ab9407f557a8e20f23f37aa7236c10a9b1 upstream. Mixed mode allows a kernel built for x86_64 to interact with 32-bit EFI firmware, but requires us to define all struct

[PATCH 4.14 62/95] x86/process: Allow runtime control of Speculative Store Bypass

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 885f82bfbc6fefb6664ea27965c3ab9ac4194b8c upstream The Speculative Store Bypass vulnerability can be mitigated with the Reduced Data Speculation (RDS) feature. To allow f

[PATCH 4.14 64/95] nospec: Allow getting/setting on non-current task

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 7bbf1373e228840bb0295a2ca26d548ef37f448e upstream Adjust arch_prctl_get/set_spec_ctrl() to operate on tasks other than current. This is needed both for /proc/$pid/status quer

Re: [PATCH 22/33] drm/i915: use match_string() helper

On Mon, May 21, 2018 at 2:57 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. https://patchwork.kernel.org/patch/10382323/ > Cc: Jani Nikula > Cc: Joonas Lahtinen > Cc: Rodrigo Vivi > Cc: David Airli

[PATCH 4.14 63/95] x86/speculation: Add prctl for Speculative Store Bypass mitigation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit a73ec77ee17ec556fe7f165d00314cb7c047b1ac upstream Add prctl based control for Speculative Store Bypass mitigation and make it the default mitigation for Intel and AMD.

[PATCH 4.14 38/95] ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 69af7e23a6870df2ea6fa79ca16493d59b3eebeb upstream. Since get_kprobe_ctlblk() uses smp_processor_id() to access per-cpu variable, it hits smp_processor_id sanity check a

<    1   2   3   4   5   6   7   8   9   10   >