[PATCH 4.18 79/79] x86/microcode: Allow late microcode loading with SMT disabled

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf The kernel unnecessarily prevents late microcode loading when SMT is disabled. It should be safe to allow it if all the primary threads are online. Signed-off-by: Josh Poimboeu

[PATCH 4.17 01/97] parisc: Enable CONFIG_MLONGCALLS by default

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit 66509a276c8c1d19ee3f661a41b418d101c57d29 upstream. Enable the -mlong-calls compiler option by default, because otherwise in most cases linking the vmlinux binary fails due

[PATCH 4.18 73/79] cpu/hotplug: Fix SMT supported evaluation

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner Josh reported that the late SMT evaluation in cpu_smt_state_init() sets cpu_smt_control to CPU_SMT_NOT_SUPPORTED in case that 'nosmt' was supplied on the kernel command line as

[PATCH 4.17 14/97] make sure that __dentry_kill() always invalidates d_seq, unhashed or not

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 4c0d7cd5c8416b1ef41534d19163cb07ffaa03ab upstream. RCU pathwalk relies upon the assumption that anything that changes ->d_inode of a dentry will invalidate its ->d_seq. That's

[PATCH 4.17 13/97] root dentries need RCU-delayed freeing

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 90bad5e05bcdb0308cfa3d3a60f5c0b9c8e2efb3 upstream. Since mountpoint crossing can happen without leaving lazy mode, root dentries do need the same protection against having their

[PATCH 4.17 04/97] stop_machine: Disable preemption after queueing stopper threads

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Isaac J. Manjarres commit 2610e88946632afb78aa58e61f11368ac4c0af7b upstream. This commit: 9fb8d5dc4b64 ("stop_machine, Disable preemption when waking two stopper threads") does not fully

[PATCH 4.17 00/97] 4.17.15-stable review

This is the start of the stable review cycle for the 4.17.15 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:15 UTC 2018. Anything receiv

Re: [f2fs-dev] [PATCH v3] f2fs: fix performance issue observed with multi-thread sequential read

On 08/14, Chao Yu wrote: > On 2018/8/14 12:04, Jaegeuk Kim wrote: > > On 08/14, Chao Yu wrote: > >> On 2018/8/14 4:11, Jaegeuk Kim wrote: > >>> On 08/13, Chao Yu wrote: > Hi Jaegeuk, > > On 2018/8/11 2:56, Jaegeuk Kim wrote: > > This reverts the commit - "b93f771 - f2fs: remove w

[PATCH 4.17 17/97] ARM: dts: imx6sx: fix irq for pcie bridge

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Oleksij Rempel commit 1bcfe0564044be578841744faea1c2f46adc8178 upstream. Use the correct IRQ line for the MSI controller in the PCIe host controller. Apparently a different IRQ line is used co

[PATCH 4.17 19/97] x86/speculation: Protect against userspace-userspace spectreRSB

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit fdf82a7856b32d905c39afc85e34364491e46346 upstream. The article "Spectre Returns! Speculation Attacks using the Return Stack Buffer" [1] describes two new (sub-)variants of s

[PATCH 4.17 20/97] kprobes/x86: Fix %p uses in error messages

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 0ea063306eecf300fcf06d2f5917474b580f666f upstream. Remove all %p uses in error messages in kprobes/x86. Signed-off-by: Masami Hiramatsu Cc: Ananth N Mavinakayanahalli

[PATCH 4.17 15/97] fix mntput/mntput race

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 9ea0a46ca2c318fcc449c1e6b62a7230a17888f1 upstream. mntput_no_expire() does the calculation of total refcount under mount_lock; unfortunately, the decrement (as well as all incre

[PATCH 4.17 23/97] x86/speculation/l1tf: Change order of offset/type in swap entry

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit bcd11afa7adad8d720e7ba5ef58bdcd9775cf45f upstream If pages are swapped out, the swap entry is stored in the corresponding PTE, which has the Present bit cleared. CPUs vul

[PATCH 4.17 05/97] sched/deadline: Update rq_clock of later_rq when pushing a task

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Bristot de Oliveira commit 840d719604b0925ca23dde95f1767e4528668369 upstream. Daniel Casini got this warn while running a DL task here at RetisLab: [ 461.137582] [ cut h

[PATCH 4.17 16/97] fix __legitimize_mnt()/mntput() race

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 119e1ef80ecfe0d1deb6378d4ab41f5b71519de1 upstream. __legitimize_mnt() has two problems - one is that in case of success the check of mount_lock is not ordered wrt preceding incr

[PATCH 4.17 22/97] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 50896e180c6aa3a9c61a26ced99e15d602666a4c upstream L1 Terminal Fault (L1TF) is a speculation related vulnerability. The CPU speculates on PTE entries which do not have the PRE

[PATCH 4.17 18/97] x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 5800dc5c19f34e6e03b5adab1282535cb102fafd upstream. Nadav reported that on guests we're failing to rewrite the indirect calls to CALLEE_SAVE paravirt functions. In particu

[PATCH 4.17 26/97] x86/speculation/l1tf: Make sure the first page is always reserved

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 10a70416e1f067f6c4efda6ffd8ea96002ac4223 upstream The L1TF workaround doesn't make any attempt to mitigate speculate accesses to the first physical page for zeroed PTEs. Norm

[PATCH 4.17 21/97] x86/irqflags: Provide a declaration for native_save_fl

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Nick Desaulniers commit 208cbb32558907f68b3b2a081ca2337ac3744794 upstream. It was reported that the commit d0a8d9378d16 is causing users of gcc < 4.9 to observe -Werror=missing-prototypes erro

[PATCH 4.17 24/97] x86/speculation/l1tf: Protect swap entries against L1TF

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 2f22b4cd45b67b3496f4aa4c7180a1271c6452f6 upstream With L1 terminal fault the CPU speculates into unmapped PTEs, and resulting side effects allow to read the memory the PT

[PATCH 4.17 25/97] x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 6b28baca9b1f0d4a42b865da7a05b1c81424bd5c upstream When PTEs are set to PROT_NONE the kernel just clears the Present bit and preserves the PFN, which creates attack surface fo

[PATCH 4.17 27/97] x86/speculation/l1tf: Add sysfs reporting for l1tf

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 17dbca119312b4e8173d4e25ff64262119fcef38 upstream L1TF core kernel workarounds are cheap and normally always enabled, However they still should be reported in sysfs if the sy

[PATCH 4.17 32/97] x86/smp: Provide topology_is_primary_thread()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 6a4d2657e048f096c7ffcad254010bd94891c8c0 upstream If the CPU is supporting SMT then the primary thread can be found by checking the lower APIC ID bits for zero. smp_num_

[PATCH 4.17 34/97] cpu/hotplug: Make bringup/teardown of smp threads symmetric

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit c4de65696d865c225fda3b9913b31284ea65ea96 upstream The asymmetry caused a warning to trigger if the bootup was stopped in state CPUHP_AP_ONLINE_IDLE. The warning no longe

[PATCH 4.17 33/97] x86/topology: Provide topology_smt_supported()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit f048c399e0f7490ab7296bc2c255d37eb14a9675 upstream Provide information whether SMT is supoorted by the CPUs. Preparatory patch for SMT control mechanism. Suggested-by: D

[PATCH 4.17 30/97] x86/bugs: Move the l1tf function and define pr_fmt properly

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 56563f53d3066afa9e63d6c997bf67e76a8b05c0 upstream The pr_warn in l1tf_select_mitigation would have used the prior pr_fmt which was defined as "Spectre V2 : ". Mov

[PATCH 4.17 29/97] x86/speculation/l1tf: Limit swap file size to MAX_PA/2

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb upstream For the L1TF workaround its necessary to limit the swap file size to below MAX_PA/2, so that the higher bits of the swap off

[PATCH 4.17 06/97] zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Minchan Kim commit 4f7a7beaee77275671654f7b9f3f9e73ca16ec65 upstream. If zram supports writeback feature, it's no longer a BD_CAP_SYNCHRONOUS_IO device beause zram does asynchronous IO operati

[PATCH 4.17 35/97] cpu/hotplug: Split do_cpu_down()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit cc1fe215e1efa406b03aa4389e6269b61342dec5 upstream Split out the inner workings of do_cpu_down() to allow reuse of that function for the upcoming SMT disabling mechanism.

[PATCH 4.17 31/97] sched/smt: Update sched_smt_present at runtime

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit ba2591a5993eabcc8e874e30f361d8ffbb10d6d4 upstream The static key sched_smt_present is only updated at boot time when SMT siblings have been detected. Booting with maxcpus

[PATCH 4.17 28/97] x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 42e4089c7890725fcd32252dc489b72f2921 upstream For L1TF PROT_NONE mappings are protected by inverting the PFN in the page table entry. This sets the high bits in the CPU's

[PATCH 4.17 37/97] x86/cpu: Remove the pointless CPU printout

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 55e6d279abd92cfd7576bba031e7589be8475edb upstream The value of this printout is dubious at best and there is no point in having it in two different places along with con

[PATCH 4.17 36/97] cpu/hotplug: Provide knobs to control SMT

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 05736e4ac13c08a4a9b1ef2de26dd31a32cbee57 upstream Provide a command line and a sysfs knob to control SMT. The command line options are: 'nosmt': Enumerate secon

[PATCH 4.17 38/97] x86/cpu/AMD: Remove the pointless detect_ht() call

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 44ca36de56d1bf196dca2eb67cd753a46961ffe6 upstream Real 32bit AMD CPUs do not have SMT and the only value of the call was to reach the magic printout which got removed.

[PATCH 4.17 39/97] x86/cpu/common: Provide detect_ht_early()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 545401f4448a807b963ff17b575e0a393e68b523 upstream To support force disabling of SMT it's required to know the number of thread siblings early. detect_ht() cannot be call

[PATCH 4.17 41/97] x86/cpu/intel: Evaluate smp_num_siblings early

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 1910ad5624968f93be48e8e265513c54d66b897c upstream Make use of the new early detection function to initialize smp_num_siblings on the boot cpu before the MP-Table or ACPI

[PATCH 4.17 40/97] x86/cpu/topology: Provide detect_extended_topology_early()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 95f3d39ccf7aaea79d1ffdac1c887c2e100ec1b6 upstream To support force disabling of SMT it's required to know the number of thread siblings early. detect_extended_topology()

[PATCH 4.17 12/97] init: rename and re-order boot_cpu_state_init()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit b5b1404d0815894de0690de8a1ab58269e56eae6 upstream. This is purely a preparatory patch for upcoming changes during the 4.19 merge window. We have a function called "boot_

[PATCH 4.17 10/97] scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 1214fd7b497400d200e3f4e64e2338b303a20949 upstream. Surround scsi_execute() calls with scsi_autopm_get_device() and scsi_autopm_put_device(). Note: removing sr_mutex prot

[PATCH 4.17 11/97] scsi: qla2xxx: Fix memory leak for allocating abort IOCB

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit 5e53be8e476a3397ed5383c23376f299555a2b43 upstream. In the case of IOCB QFull, Initiator code can leave behind a stale pointer to an SRB structure on the outstanding command a

[PATCH 4.17 55/97] x86/KVM/VMX: Add L1D MSR based flush

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 3fa045be4c720146b18a19cea7a767dc6ad5df94 upstream 336996-Speculative-Execution-Side-Channel-Mitigations.pdf defines a new MSR (IA32_FLUSH_CMD aka 0x10B) which has similar

[PATCH 4.17 56/97] x86/KVM/VMX: Add L1D flush logic

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit c595ceee45707f00f64f61c54fb64ef0cc0b4e85 upstream Add the logic for flushing L1D on VMENTER. The flush depends on the static key being enabled and the new l1tf_flush_l1d f

[PATCH 4.17 58/97] x86/KVM/VMX: Add find_msr() helper function

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit ca83b4a7f2d068da79a029d323024aa45decb250 upstream .. to help find the MSR on either the guest or host MSR list. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-b

[PATCH 4.17 57/97] x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 33966dd6b2d2c352fae55412db2ea8cfff5df13a upstream There is no semantic change but this change allows an unbalanced amount of MSRs to be loaded on VMEXIT and VMENTE

[PATCH 4.17 42/97] x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov commit 119bff8a9c9bb00116a844ec68be7bc4b1c768f5 upstream Old code used to check whether CPUID ext max level is >= 0x8008 because that last leaf contains the number of cores

[PATCH 4.17 59/97] x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 3190709335dd31fe1aeeebfe4ffb6c7624ef971f upstream This allows to load a different number of MSRs depending on the context: VMEXIT or VMENTER. Signed-off-by: Konra

[PATCH 4.17 09/97] bpf, sockmap: fix bpf_tcp_sendmsg sock error handling

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Borkmann commit 5121700b346b6160ccc9411194e3f1f417c340d1 upstream. While working on bpf_tcp_sendmsg() code, I noticed that when a sk->sk_err is set we error out with err = sk->sk_err. H

[PATCH 4.17 08/97] bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Borkmann commit 7c81c71730456845e6212dccbf00098faa66740f upstream. In bpf_tcp_sendmsg() the sk_alloc_sg() may fail. In the case of ENOMEM, it may also mean that we've partially filled t

[PATCH 4.17 60/97] x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 989e3992d2eca32c3f1404f2bc91acda3aa122d8 upstream The IA32_FLUSH_CMD MSR needs only to be written on VMENTER. Extend add_atomic_switch_msr() with an entry_only par

[PATCH 4.17 07/97] xen/netfront: dont cache skb_shinfo()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Juergen Gross commit d472b3a6cf63cd31cae1ed61930f07e6cd6671b5 upstream. skb_shinfo() can change when calling __pskb_pull_tail(): Don't cache its return value. Cc: sta...@vger.kernel.org Signe

[PATCH 4.17 43/97] x86/cpu/AMD: Evaluate smp_num_siblings early

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 1e1d7e25fd759eddf96d8ab39d0a90a1979b2d8c upstream To support force disabling of SMT it's required to know the number of thread siblings early. amd_get_topology() cannot

[PATCH 4.17 46/97] x86/cpufeatures: Add detection of L1D cache flush support.

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 11e34e64e4103955fc4568750914c75d65ea87ee upstream 336996-Speculative-Execution-Side-Channel-Mitigations.pdf defines a new MSR (IA32_FLUSH_CMD) which is detected by

[PATCH 4.17 03/97] Mark HI and TASKLET softirq synchronous

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 3c53776e29f81719efcf8f7a6e30cdf753bee94d upstream. Way back in 4.9, we committed 4cd13c21b207 ("softirq: Let ksoftirqd do its job"), and ever since we've had small naggin

[PATCH 4.17 64/97] x86/kvm: Drop L1TF MSR list approach

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 2f055947ae5e2741fb2dc5bba1033c417ccf4faa upstream The VMX module parameter to control the L1D flush should become writeable. The MSR list is set up at VM init per guest

[PATCH 4.17 63/97] x86/litf: Introduce vmx status variable

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 72c6d2db64fa18c996ece8f06e499509e6c9a37e upstream Store the effective mitigation of VMX in a status variable and use it to report the VMX state in the l1tf sysfs file.

[PATCH 4.17 62/97] cpu/hotplug: Online siblings when SMT control is turned on

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 215af5499d9e2b55f111d2431ea20218115f29b3 upstream Writing 'off' to /sys/devices/system/cpu/smt/control offlines all SMT siblings. Writing 'on' merily enables the abilify

[PATCH 4.17 61/97] x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 390d975e0c4e60ce70d4157e0dd91ede37824603 upstream If the L1D flush module parameter is set to 'always' and the IA32_FLUSH_CMD MSR is available, optimize the VMENTE

[PATCH] arm64: dts: msm: add PDC device bindings for sdm845

Add PDC interrupt controller device bindings for SDM845. Signed-off-by: Lina Iyer --- arch/arm64/boot/dts/qcom/sdm845.dtsi | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 24e254efb9d1..399bfbd52c5b 10

[PATCH 4.17 65/97] x86/l1tf: Handle EPT disabled state proper

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 upstream If Extended Page Tables (EPT) are disabled or not supported, no L1D flushing is required. The setup function can just a

[PATCH 4.17 47/97] x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov commit 7ce2f0393ea2396142b7faf6ee9b1f3676d08a5f upstream The TOPOEXT reenablement is a workaround for broken BIOSen which didn't enable the CPUID bit. amd_get_topology_early(),

[PATCH 4.17 66/97] x86/kvm: Move l1tf setup function

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 7db92e165ac814487264632ab2624e832f20ae38 upstream In preparation of allowing run time control for L1D flushing, move the setup code to the module parameter handler. In

[PATCH 4.17 67/97] x86/kvm: Add static key for flush always

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 4c6523ec59fe895ea352a650218a6be0653910b1 upstream Avoid the conditional in the L1D flush control path. Signed-off-by: Thomas Gleixner Tested-by: Jiri Kosina Reviewed-

[PATCH 4.17 70/97] cpu/hotplug: Expose SMT control init function

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit 8e1b706b6e819bed215c0db16345568864660393 upstream The L1TF mitigation will gain a commend line parameter which allows to set a combination of hypervisor mitigation and SMT c

[PATCH 4.17 69/97] x86/kvm: Allow runtime control of L1D flush

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 895ae47f9918833c3a880fbccd41e0692b37e7d9 upstream All mitigation modes can be switched at run time with a static key now: - Use sysfs_streq() instead of strcmp() to ha

[PATCH 4.17 68/97] x86/kvm: Serialize L1D flush parameter setter

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit dd4bfa739a72508b75760b393d129ed7b431daab upstream Writes to the parameter files are not serialized at the sysfs core level, so local serialization is required. Signed-o

[PATCH 4.14 015/104] fix mntput/mntput race

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 9ea0a46ca2c318fcc449c1e6b62a7230a17888f1 upstream. mntput_no_expire() does the calculation of total refcount under mount_lock; unfortunately, the decrement (as well as all incre

[PATCH 4.14 018/104] phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chunfeng Yun commit 00c0092c5f62147b7d85f0c6f1cf245a0a1ff3b6 upstream. When system is running, if usb2 phy is forced to bypass utmi signals, all PLL will be turned off, and it can't detect dev

[PATCH 4.14 021/104] ARM: dts: imx6sx: fix irq for pcie bridge

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Oleksij Rempel commit 1bcfe0564044be578841744faea1c2f46adc8178 upstream. Use the correct IRQ line for the MSI controller in the PCIe host controller. Apparently a different IRQ line is used co

[PATCH 4.14 022/104] x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 5800dc5c19f34e6e03b5adab1282535cb102fafd upstream. Nadav reported that on guests we're failing to rewrite the indirect calls to CALLEE_SAVE paravirt functions. In particu

[PATCH 4.14 023/104] x86/speculation: Protect against userspace-userspace spectreRSB

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit fdf82a7856b32d905c39afc85e34364491e46346 upstream. The article "Spectre Returns! Speculation Attacks using the Return Stack Buffer" [1] describes two new (sub-)variants of s

[PATCH 4.14 024/104] kprobes/x86: Fix %p uses in error messages

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 0ea063306eecf300fcf06d2f5917474b580f666f upstream. Remove all %p uses in error messages in kprobes/x86. Signed-off-by: Masami Hiramatsu Cc: Ananth N Mavinakayanahalli

[PATCH 4.14 025/104] x86/irqflags: Provide a declaration for native_save_fl

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nick Desaulniers commit 208cbb32558907f68b3b2a081ca2337ac3744794 upstream. It was reported that the commit d0a8d9378d16 is causing users of gcc < 4.9 to observe -Werror=missing-prototypes erro

[PATCH 4.14 028/104] x86/speculation/l1tf: Protect swap entries against L1TF

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 2f22b4cd45b67b3496f4aa4c7180a1271c6452f6 upstream With L1 terminal fault the CPU speculates into unmapped PTEs, and resulting side effects allow to read the memory the PT

[PATCH 4.14 003/104] scsi: hpsa: fix selection of reply queue

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 8b834bff1b73dce46f4e9f5e84af6f73fed8b0ef upstream. Since commit 84676c1f21e8 ("genirq/affinity: assign vectors to all possible CPUs") we could end up with an MSI-X vector that

[PATCH 4.14 026/104] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 50896e180c6aa3a9c61a26ced99e15d602666a4c upstream L1 Terminal Fault (L1TF) is a speculation related vulnerability. The CPU speculates on PTE entries which do not have the PRE

[PATCH 4.14 027/104] x86/speculation/l1tf: Change order of offset/type in swap entry

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit bcd11afa7adad8d720e7ba5ef58bdcd9775cf45f upstream If pages are swapped out, the swap entry is stored in the corresponding PTE, which has the Present bit cleared. CPUs vul

[PATCH 4.14 005/104] scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit b5b6e8c8d3b4cbeb447a0f10c7d5de3caa573299 upstream. Since commit 84676c1f21e8ff5 ("genirq/affinity: assign vectors to all possible CPUs") it is possible to end up in a scenario

[PATCH 4.14 004/104] scsi: core: introduce force_blk_mq

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 2f31115e940c4afd49b99c33123534e2ac924ffb upstream. This patch introduces 'force_blk_mq' to the scsi_host_template so that drivers that have no desire to support the legacy I/O

[PATCH 4.14 006/104] kasan: add no_sanitize attribute for clang builds

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit 12c8f25a016dff69ee284aa3338bebfd2cfcba33 upstream. KASAN uses the __no_sanitize_address macro to disable instrumentation of particular functions. Right now it's define

[PATCH 4.14 030/104] x86/speculation/l1tf: Make sure the first page is always reserved

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 10a70416e1f067f6c4efda6ffd8ea96002ac4223 upstream The L1TF workaround doesn't make any attempt to mitigate speculate accesses to the first physical page for zeroed PTEs. Norm

[PATCH 4.14 029/104] x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 6b28baca9b1f0d4a42b865da7a05b1c81424bd5c upstream When PTEs are set to PROT_NONE the kernel just clears the Present bit and preserves the PFN, which creates attack surface fo

[PATCH 4.14 009/104] xen/netfront: dont cache skb_shinfo()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Juergen Gross commit d472b3a6cf63cd31cae1ed61930f07e6cd6671b5 upstream. skb_shinfo() can change when calling __pskb_pull_tail(): Don't cache its return value. Cc: sta...@vger.kernel.org Signe

[PATCH 4.14 000/104] 4.14.63-stable review

This is the start of the stable review cycle for the 4.14.63 release. There are 104 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:49 UTC 2018. Anything recei

[PATCH 4.14 007/104] Mark HI and TASKLET softirq synchronous

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 3c53776e29f81719efcf8f7a6e30cdf753bee94d upstream. Way back in 4.9, we committed 4cd13c21b207 ("softirq: Let ksoftirqd do its job"), and ever since we've had small naggin

[PATCH 4.14 043/104] x86/cpu/common: Provide detect_ht_early()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 545401f4448a807b963ff17b575e0a393e68b523 upstream To support force disabling of SMT it's required to know the number of thread siblings early. detect_ht() cannot be call

[PATCH 4.14 046/104] x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov commit 119bff8a9c9bb00116a844ec68be7bc4b1c768f5 upstream Old code used to check whether CPUID ext max level is >= 0x8008 because that last leaf contains the number of cores

[PATCH 4.14 042/104] x86/cpu/AMD: Remove the pointless detect_ht() call

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 44ca36de56d1bf196dca2eb67cd753a46961ffe6 upstream Real 32bit AMD CPUs do not have SMT and the only value of the call was to reach the magic printout which got removed.

[PATCH 4.14 044/104] x86/cpu/topology: Provide detect_extended_topology_early()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 95f3d39ccf7aaea79d1ffdac1c887c2e100ec1b6 upstream To support force disabling of SMT it's required to know the number of thread siblings early. detect_extended_topology()

[PATCH 4.14 041/104] x86/cpu: Remove the pointless CPU printout

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 55e6d279abd92cfd7576bba031e7589be8475edb upstream The value of this printout is dubious at best and there is no point in having it in two different places along with con

[PATCH 4.14 047/104] x86/cpu/AMD: Evaluate smp_num_siblings early

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 1e1d7e25fd759eddf96d8ab39d0a90a1979b2d8c upstream To support force disabling of SMT it's required to know the number of thread siblings early. amd_get_topology() cannot

[PATCH 4.14 049/104] x86/speculation/l1tf: Extend 64bit swap file size limit

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit 1a7ed1ba4bba6c075d5ad61bb75e3fbc870840d6 upstream The previous patch has limited swap file size so that large offsets cannot clear bits above MAX_PA/2 in the pte and int

[PATCH 4.14 050/104] x86/cpufeatures: Add detection of L1D cache flush support.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 11e34e64e4103955fc4568750914c75d65ea87ee upstream 336996-Speculative-Execution-Side-Channel-Mitigations.pdf defines a new MSR (IA32_FLUSH_CMD) which is detected by

[PATCH 4.14 033/104] x86/speculation/l1tf: Limit swap file size to MAX_PA/2

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb upstream For the L1TF workaround its necessary to limit the swap file size to below MAX_PA/2, so that the higher bits of the swap off

[PATCH 4.14 052/104] x86/speculation/l1tf: Protect PAE swap entries against L1TF

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit 0d0f6249058834ffe1ceaad0bb31464af66f6e7a upstream The PAE 3-level paging code currently doesn't mitigate L1TF by flipping the offset bits, and uses the high PTE word, th

[PATCH 4.14 051/104] x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov commit 7ce2f0393ea2396142b7faf6ee9b1f3676d08a5f upstream The TOPOEXT reenablement is a workaround for broken BIOSen which didn't enable the CPUID bit. amd_get_topology_early(),

[PATCH 4.14 054/104] Revert "x86/apic: Ignore secondary threads if nosmt=force"

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 506a66f374891ff08e064a058c446b336c5ac760 upstream Dave Hansen reported, that it's outright dangerous to keep SMT siblings disabled completely so they are stuck in the BI

[PATCH 4.14 053/104] x86/speculation/l1tf: Fix up pte->pfn conversion for PAE

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michal Hocko commit e14d7dfb41f5807a0c1c26a13f2b8ef16af24935 upstream Jan has noticed that pte_pfn and co. resp. pfn_pte are incorrect for CONFIG_PAE because phys_addr_t is wider than unsigned

[PATCH 4.14 059/104] x86/KVM/VMX: Add L1D MSR based flush

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 3fa045be4c720146b18a19cea7a767dc6ad5df94 upstream 336996-Speculative-Execution-Side-Channel-Mitigations.pdf defines a new MSR (IA32_FLUSH_CMD aka 0x10B) which has similar

[PATCH 4.14 056/104] x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 26acfb666a473d960f0fd971fe68f3e3ad16c70b upstream If the L1TF CPU bug is present we allow the KVM module to be loaded as the major of users that use Linux and KVM

[PATCH 4.14 057/104] x86/KVM/VMX: Add module argument for L1TF mitigation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit a399477e52c17e148746d3ce9a483f681c2aa9a0 upstream Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka L1 terminal fault. The valid arguments

<    1   2   3   4   5   6   7   8   9   >