Push to branch refs/heads/wrapfs:
3fb41a159fe51d04665b08c7f1e1fb467316cc36 -->
34957dfc9e13f13d5ebc063f7dcae91c659ed578
Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +
Documentation/DMA-API.txt | 2 +-
Documentation/DocBook/media/v4l/dev-subdev.xml | 2 +-
Documentation/cgroups/cpusets.txt | 6 +-
.../devicetree/bindings/clock/imx31-clock.txt | 2 +-
.../devicetree/bindings/sound/cs42l56.txt | 2 +-
Documentation/i2c/muxes/i2c-mux-gpio | 20 +-
Documentation/kernel-parameters.txt | 60 +-
Documentation/networking/netlink_mmap.txt | 339 -------
Documentation/speculation.txt | 90 ++
Documentation/sysctl/fs.txt | 7 +
Documentation/video4linux/v4l2-pci-skeleton.c | 2 +-
Documentation/virtual/kvm/api.txt | 1 +
Documentation/x86/pti.txt | 186 ++++
Documentation/x86/tlb.txt | 75 ++
MAINTAINERS | 11 +-
Makefile | 11 +-
arch/alpha/include/asm/types.h | 1 -
arch/alpha/include/uapi/asm/types.h | 12 +-
arch/alpha/kernel/osf_sys.c | 6 +-
arch/alpha/kernel/ptrace.c | 2 +-
arch/arc/kernel/entry.S | 6 +
arch/arc/kernel/signal.c | 7 +-
arch/arc/kernel/unaligned.c | 3 +-
arch/arc/mm/mmap.c | 2 +-
arch/arc/mm/tlb.c | 3 -
arch/arm/boot/dts/at91-sama5d3_xplained.dts | 5 +-
arch/arm/boot/dts/bcm5301x.dtsi | 4 +-
arch/arm/boot/dts/da850-evm.dts | 8 +
arch/arm/boot/dts/dra7-evm.dts | 14 +-
arch/arm/boot/dts/exynos4210-pinctrl.dtsi | 2 +-
arch/arm/boot/dts/imx31.dtsi | 18 +-
arch/arm/boot/dts/imx6q-cm-fx6.dts | 1 -
arch/arm/boot/dts/kirkwood-openblocks_a7.dts | 10 +-
arch/arm/include/asm/Kbuild | 1 -
arch/arm/include/asm/cputype.h | 3 +
arch/arm/include/asm/kexec.h | 5 +
arch/arm/include/asm/kvm_arm.h | 3 +-
arch/arm/include/asm/kvm_mmu.h | 3 +-
arch/arm/include/asm/mmu_context.h | 2 +
arch/arm/include/asm/unaligned.h | 27 +
arch/arm/include/asm/xen/events.h | 2 +-
arch/arm/kernel/hw_breakpoint.c | 16 +
arch/arm/kernel/iwmmxt.S | 13 +
arch/arm/kernel/machine_kexec.c | 11 +-
arch/arm/kernel/pj4-cp0.c | 4 +
arch/arm/kernel/ptrace.c | 2 +-
arch/arm/kernel/return_address.c | 4 -
arch/arm/kernel/traps.c | 28 +-
arch/arm/kvm/emulate.c | 5 +-
arch/arm/kvm/init.S | 5 +-
arch/arm/kvm/mmio.c | 4 +-
arch/arm/kvm/mmu.c | 43 +-
arch/arm/kvm/psci.c | 8 +-
arch/arm/mach-cns3xxx/Makefile | 1 +
arch/arm/mach-davinci/da850.c | 12 +-
arch/arm/mach-omap2/Kconfig | 3 -
arch/arm/mach-omap2/omap_device.c | 10 -
arch/arm/mach-omap2/sleep34xx.S | 22 +-
arch/arm/mach-pxa/Kconfig | 1 +
arch/arm/mach-pxa/corgi_pm.c | 13 +-
arch/arm/mach-pxa/include/mach/sharpsl_pm.h | 2 +-
arch/arm/mach-pxa/sharpsl_pm.c | 2 +-
arch/arm/mach-pxa/spitz_pm.c | 9 +-
arch/arm/mach-ux500/pm.c | 4 +-
arch/arm/mach-zynq/common.c | 2 +-
arch/arm/mm/cache-l2x0.c | 111 +--
arch/arm/mm/dump.c | 4 +-
arch/arm/mm/fault.c | 5 +-
arch/arm/mm/mmap.c | 4 +-
arch/arm/mm/mmu.c | 8 +-
arch/arm/plat-omap/Kconfig | 3 +
arch/arm/xen/enlighten.c | 3 +-
arch/arm64/crypto/aes-ce-ccm-core.S | 53 +-
arch/arm64/crypto/aes-ce.S | 1 +
arch/arm64/crypto/aes-modes.S | 91 +-
arch/arm64/crypto/aes-neon.S | 25 +-
arch/arm64/crypto/ghash-ce-core.S | 6 +-
arch/arm64/crypto/sha1-ce-core.S | 4 +-
arch/arm64/crypto/sha2-ce-core.S | 4 +-
arch/arm64/include/asm/barrier.h | 12 +-
arch/arm64/include/asm/elf.h | 11 +-
arch/arm64/include/asm/kvm_arm.h | 8 +-
arch/arm64/include/asm/kvm_emulate.h | 17 +-
arch/arm64/include/asm/kvm_mmu.h | 3 +-
arch/arm64/include/asm/ptrace.h | 34 +-
arch/arm64/include/asm/uaccess.h | 3 +-
arch/arm64/include/uapi/asm/ptrace.h | 1 +
arch/arm64/kernel/debug-monitors.c | 6 +-
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/kernel/fpsimd.c | 2 +
arch/arm64/kernel/head.S | 4 +-
arch/arm64/kernel/process.c | 9 +
arch/arm64/kernel/ptrace.c | 100 +-
arch/arm64/kernel/signal.c | 4 +-
arch/arm64/kernel/signal32.c | 2 +-
arch/arm64/kernel/traps.c | 56 +-
arch/arm64/kernel/vdso/gettimeofday.S | 3 +-
arch/arm64/kvm/handle_exit.c | 4 +-
arch/arm64/kvm/hyp-init.S | 11 +-
arch/arm64/kvm/inject_fault.c | 16 +-
arch/arm64/kvm/sys_regs.c | 8 +-
arch/arm64/mm/fault.c | 7 +-
arch/blackfin/kernel/ptrace.c | 4 +-
arch/cris/arch-v32/kernel/ptrace.c | 2 +-
arch/cris/boot/rescue/Makefile | 8 +
arch/frv/mm/elf-fdpic.c | 2 +-
arch/ia64/kernel/ptrace.c | 2 +-
arch/m32r/include/asm/io.h | 11 +-
arch/m68k/include/asm/delay.h | 2 +-
arch/m68k/platform/coldfire/clk.c | 3 +
arch/metag/include/asm/atomic.h | 3 +-
arch/metag/include/asm/uaccess.h | 64 +-
arch/metag/lib/usercopy.c | 312 +++---
arch/mips/Makefile | 13 +-
arch/mips/ar7/clock.c | 3 +
arch/mips/ar7/platform.c | 1 +
arch/mips/bcm47xx/buttons.c | 10 +-
arch/mips/bcm63xx/clk.c | 3 +
arch/mips/boot/elf2ecoff.c | 10 +-
arch/mips/cavium-octeon/octeon-memcpy.S | 20 +-
arch/mips/cavium-octeon/setup.c | 14 +
arch/mips/configs/ip27_defconfig | 1 -
arch/mips/dec/int-handler.S | 18 +-
arch/mips/include/asm/asmmacro-32.h | 6 +
arch/mips/include/asm/asmmacro.h | 129 ++-
arch/mips/include/asm/branch.h | 5 +-
arch/mips/include/asm/checksum.h | 2 +
arch/mips/include/asm/cpu-info.h | 2 +
arch/mips/include/asm/elf.h | 7 +
arch/mips/include/asm/fpregdef.h | 14 +
arch/mips/include/asm/fpu.h | 21 +-
arch/mips/include/asm/fpu_emulator.h | 18 +-
arch/mips/include/asm/kdebug.h | 3 +-
arch/mips/include/asm/kexec.h | 1 +
arch/mips/include/asm/kprobes.h | 3 +-
arch/mips/include/asm/kvm_host.h | 8 +-
arch/mips/include/asm/mips-cm.h | 4 +-
arch/mips/include/asm/mipsregs.h | 40 +-
arch/mips/include/asm/msa.h | 23 +-
arch/mips/include/asm/page.h | 3 +-
arch/mips/include/asm/processor.h | 2 +-
arch/mips/include/asm/ptrace.h | 2 +-
arch/mips/include/asm/spinlock.h | 8 +-
arch/mips/include/asm/switch_to.h | 21 +-
arch/mips/include/asm/uaccess.h | 5 +-
arch/mips/include/uapi/asm/inst.h | 2 +-
arch/mips/jz4740/board-qi_lb60.c | 1 +
arch/mips/jz4740/gpio.c | 1 +
arch/mips/jz4740/irq.h | 2 +
arch/mips/kernel/asm-offsets.c | 1 +
arch/mips/kernel/bmips_vec.S | 3 -
arch/mips/kernel/branch.c | 16 +-
arch/mips/kernel/cps-vec.S | 15 +-
arch/mips/kernel/cpu-probe.c | 55 +-
arch/mips/kernel/crash.c | 18 +-
arch/mips/kernel/entry.S | 3 +
arch/mips/kernel/genex.S | 16 +-
arch/mips/kernel/kgdb.c | 48 +-
arch/mips/kernel/machine_kexec.c | 1 +
arch/mips/kernel/module-rela.c | 19 +-
arch/mips/kernel/module.c | 43 +-
arch/mips/kernel/pm-cps.c | 9 +-
arch/mips/kernel/process.c | 172 ++--
arch/mips/kernel/ptrace.c | 216 ++++-
arch/mips/kernel/ptrace32.c | 4 +-
arch/mips/kernel/r2300_fpu.S | 6 +
arch/mips/kernel/r2300_switch.S | 10 +-
arch/mips/kernel/r4k_fpu.S | 29 +-
arch/mips/kernel/r4k_switch.S | 29 +-
arch/mips/kernel/r6000_fpu.S | 5 +
arch/mips/kernel/scall32-o32.S | 2 +-
arch/mips/kernel/scall64-64.S | 2 +-
arch/mips/kernel/scall64-n32.S | 2 +-
arch/mips/kernel/scall64-o32.S | 2 +-
arch/mips/kernel/syscall.c | 15 +-
arch/mips/kernel/traps.c | 194 ++--
arch/mips/kernel/unaligned.c | 4 +-
arch/mips/kvm/kvm_locore.S | 1 +
arch/mips/kvm/kvm_mips.c | 15 +-
arch/mips/kvm/kvm_mips_emul.c | 39 +-
arch/mips/kvm/kvm_mips_int.h | 2 +
arch/mips/loongson/lemote-2f/clock.c | 3 +
arch/mips/math-emu/cp1emu.c | 52 +-
arch/mips/math-emu/ieee754.h | 12 +-
arch/mips/mm/mmap.c | 2 +-
arch/mips/mm/uasm-micromips.c | 2 +-
arch/mips/netlogic/common/smpboot.S | 4 +-
arch/mips/pci/ops-pmcmsp.c | 12 -
arch/mips/pci/ops-tx4927.c | 2 -
arch/mips/ralink/clk.c | 3 +
arch/mips/ralink/prom.c | 9 +-
arch/mips/sgi-ip22/Platform | 2 +-
arch/parisc/include/asm/bitops.h | 8 +-
arch/parisc/include/asm/dma-mapping.h | 11 +-
arch/parisc/include/asm/pgtable.h | 8 +-
arch/parisc/include/uapi/asm/bitsperlong.h | 2 -
arch/parisc/include/uapi/asm/swab.h | 5 +-
arch/parisc/kernel/pacache.S | 49 +-
arch/parisc/kernel/pci-dma.c | 2 +-
arch/parisc/kernel/sys_parisc.c | 15 +-
arch/parisc/kernel/syscall.S | 23 +-
arch/parisc/kernel/syscall_table.S | 2 +-
arch/parisc/mm/fault.c | 2 +-
arch/powerpc/boot/4xx.c | 2 +-
arch/powerpc/boot/Makefile | 16 +-
arch/powerpc/boot/ps3-head.S | 5 -
arch/powerpc/boot/ps3.c | 8 +-
arch/powerpc/boot/wrapper | 24 +-
arch/powerpc/boot/zImage.lds.S | 1 +
arch/powerpc/include/asm/atomic.h | 4 +-
arch/powerpc/include/asm/kvm_book3s.h | 1 +
arch/powerpc/include/asm/kvm_host.h | 3 +-
arch/powerpc/include/asm/page.h | 12 +
arch/powerpc/include/asm/ppc-opcode.h | 12 +-
arch/powerpc/include/asm/ppc_asm.h | 40 +-
arch/powerpc/include/asm/qe.h | 1 +
arch/powerpc/include/asm/reg.h | 3 +-
arch/powerpc/include/asm/topology.h | 14 +
arch/powerpc/include/uapi/asm/kvm.h | 1 +
arch/powerpc/kernel/align.c | 146 ++-
arch/powerpc/kernel/asm-offsets.c | 3 +-
arch/powerpc/kernel/eeh_driver.c | 31 +-
arch/powerpc/kernel/hw_breakpoint.c | 4 +-
arch/powerpc/kernel/ibmebus.c | 16 +-
arch/powerpc/kernel/idle_power7.S | 2 +-
arch/powerpc/kernel/kprobes.c | 11 +
arch/powerpc/kernel/misc_32.S | 6 +-
arch/powerpc/kernel/misc_64.S | 7 +-
arch/powerpc/kernel/nvram_64.c | 6 +-
arch/powerpc/kernel/prom_init.c | 3 +
arch/powerpc/kernel/ptrace.c | 7 +
arch/powerpc/kernel/ptrace32.c | 4 +-
arch/powerpc/kernel/setup-common.c | 11 -
arch/powerpc/kernel/setup_64.c | 41 +-
arch/powerpc/kernel/sysfs.c | 6 +
arch/powerpc/kernel/vdso64/datapage.S | 2 +-
arch/powerpc/kernel/vdso64/gettimeofday.S | 2 +-
arch/powerpc/kernel/vio.c | 2 +
arch/powerpc/kvm/book3s_emulate.c | 2 +
arch/powerpc/kvm/book3s_hv.c | 49 +-
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 18 +-
arch/powerpc/kvm/book3s_pr.c | 6 +
arch/powerpc/kvm/booke.c | 2 +-
arch/powerpc/lib/copyuser_64.S | 2 +-
arch/powerpc/lib/sstep.c | 13 +
arch/powerpc/mm/hash_utils_64.c | 2 +-
arch/powerpc/mm/init_64.c | 4 +-
arch/powerpc/mm/slice.c | 2 +-
arch/powerpc/mm/subpage-prot.c | 2 +-
arch/powerpc/perf/core-book3s.c | 13 +-
arch/powerpc/platforms/cell/spufs/coredump.c | 2 +
arch/powerpc/platforms/powernv/eeh-ioda.c | 5 +
arch/powerpc/platforms/powernv/opal-async.c | 6 +-
arch/powerpc/platforms/powernv/pci.c | 4 +-
arch/powerpc/platforms/powernv/setup.c | 2 +-
arch/powerpc/platforms/pseries/dlpar.c | 1 -
arch/powerpc/platforms/pseries/lpar.c | 4 +-
arch/powerpc/platforms/pseries/mobility.c | 4 +-
arch/powerpc/platforms/pseries/reconfig.c | 1 -
arch/s390/boot/compressed/misc.c | 35 +-
arch/s390/hypfs/hypfs_diag.c | 6 +-
arch/s390/include/asm/mmu.h | 2 +
arch/s390/include/asm/mmu_context.h | 4 +-
arch/s390/include/asm/pgtable.h | 2 +
arch/s390/include/asm/switch_to.h | 26 +-
arch/s390/include/asm/syscall.h | 8 +-
arch/s390/include/asm/tlbflush.h | 4 +-
arch/s390/include/asm/uaccess.h | 2 +-
arch/s390/kernel/compat_linux.c | 1 +
arch/s390/kernel/dis.c | 4 +-
arch/s390/kernel/early.c | 4 +-
arch/s390/kernel/process.c | 1 +
arch/s390/kernel/runtime_instr.c | 4 +-
arch/s390/kvm/kvm-s390.c | 3 +
arch/s390/mm/gup.c | 7 +-
arch/s390/mm/pgtable.c | 19 +-
arch/sh/boards/mach-se/770x/setup.c | 24 +-
arch/sh/include/cpu-sh2a/cpu/sh7264.h | 4 +-
arch/sh/include/cpu-sh2a/cpu/sh7269.h | 4 +-
arch/sh/include/cpu-sh4/cpu/sh7722.h | 2 +-
arch/sh/include/cpu-sh4/cpu/sh7757.h | 8 +-
arch/sh/include/mach-se/mach/se.h | 1 +
arch/sh/mm/mmap.c | 4 +-
arch/sparc/include/asm/head_64.h | 4 +
arch/sparc/include/asm/ttable.h | 8 +-
arch/sparc/kernel/Makefile | 1 +
arch/sparc/kernel/cherrs.S | 14 +-
arch/sparc/kernel/entry.S | 17 +
arch/sparc/kernel/fpu_traps.S | 11 +-
arch/sparc/kernel/head_64.S | 24 +-
arch/sparc/kernel/leon_kernel.c | 56 +-
arch/sparc/kernel/misctrap.S | 12 +-
arch/sparc/kernel/pci.c | 17 +
arch/sparc/kernel/rtrap_64.S | 57 +-
arch/sparc/kernel/signal32.c | 46 +-
arch/sparc/kernel/signal_32.c | 41 +-
arch/sparc/kernel/signal_64.c | 33 +-
arch/sparc/kernel/sigutil_32.c | 9 +-
arch/sparc/kernel/sigutil_64.c | 10 +-
arch/sparc/kernel/spiterrs.S | 18 +-
arch/sparc/kernel/sys_sparc_64.c | 4 +-
arch/sparc/kernel/syscalls.S | 36 +
arch/sparc/kernel/urtt_fill.S | 98 ++
arch/sparc/kernel/utrap.S | 3 +-
arch/sparc/kernel/vmlinux.lds.S | 4 +
arch/sparc/kernel/winfixup.S | 3 +-
arch/sparc/mm/hugetlbpage.c | 2 +-
arch/sparc/mm/init_64.c | 10 +-
arch/tile/kernel/ptrace.c | 2 +-
arch/tile/kernel/setup.c | 2 +-
arch/tile/kernel/time.c | 4 +-
arch/tile/mm/hugetlbpage.c | 2 +-
arch/x86/Kconfig | 16 +-
arch/x86/Makefile | 8 +
arch/x86/boot/boot.h | 2 +-
arch/x86/boot/compressed/Makefile | 3 +
arch/x86/boot/compressed/efi_stub_64.S | 25 -
arch/x86/boot/compressed/efi_thunk_64.S | 196 ++++
arch/x86/boot/compressed/misc.h | 12 +-
arch/x86/boot/string.c | 1 +
arch/x86/boot/string.h | 9 +
arch/x86/crypto/aesni-intel_asm.S | 5 +-
arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +-
arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +-
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +-
arch/x86/crypto/salsa20_glue.c | 7 -
arch/x86/crypto/sha1_avx2_x86_64_asm.S | 67 +-
arch/x86/crypto/sha1_ssse3_glue.c | 3 +-
arch/x86/ia32/ia32entry.S | 61 +-
arch/x86/include/asm/alternative-asm.h | 53 +-
arch/x86/include/asm/alternative.h | 81 +-
arch/x86/include/asm/asm.h | 11 +
arch/x86/include/asm/barrier.h | 31 +-
arch/x86/include/asm/cmdline.h | 2 +
arch/x86/include/asm/cpufeature.h | 42 +-
arch/x86/include/asm/desc.h | 2 +-
arch/x86/include/asm/elf.h | 7 +-
arch/x86/include/asm/fixmap.h | 11 +-
arch/x86/include/asm/hardirq.h | 6 +-
arch/x86/include/asm/hw_irq.h | 2 +-
arch/x86/include/asm/intel-family.h | 68 ++
arch/x86/include/asm/kaiser.h | 141 +++
arch/x86/include/asm/kexec.h | 1 +
arch/x86/include/asm/kvm_emulate.h | 1 +
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/include/asm/kvm_para.h | 4 +-
arch/x86/include/asm/mmu.h | 6 -
arch/x86/include/asm/mmu_context.h | 83 +-
arch/x86/include/asm/nospec-branch.h | 198 ++++
arch/x86/include/asm/pgtable.h | 28 +-
arch/x86/include/asm/pgtable_64.h | 25 +-
arch/x86/include/asm/pgtable_types.h | 29 +-
arch/x86/include/asm/processor.h | 44 +-
arch/x86/include/asm/pvclock.h | 15 +-
arch/x86/include/asm/smap.h | 4 +-
arch/x86/include/asm/smp.h | 1 +
arch/x86/include/asm/switch_to.h | 38 +
arch/x86/include/asm/tlbflush.h | 261 +++--
arch/x86/include/asm/traps.h | 1 +
arch/x86/include/asm/uaccess.h | 88 +-
arch/x86/include/asm/uaccess_32.h | 24 +
arch/x86/include/asm/uaccess_64.h | 94 +-
arch/x86/include/asm/vdso.h | 19 +-
arch/x86/include/asm/virtext.h | 3 +-
arch/x86/include/asm/vsyscall.h | 2 +
arch/x86/include/asm/xen/hypercall.h | 8 +-
arch/x86/include/uapi/asm/hyperv.h | 2 +
arch/x86/include/uapi/asm/msr-index.h | 5 +
arch/x86/include/uapi/asm/processor-flags.h | 3 +-
arch/x86/kernel/acpi/boot.c | 8 +
arch/x86/kernel/alternative.c | 207 +++-
arch/x86/kernel/amd_nb.c | 48 +
arch/x86/kernel/apic/x2apic_uv_x.c | 4 +-
arch/x86/kernel/cpu/Makefile | 4 +-
arch/x86/kernel/cpu/amd.c | 35 +-
arch/x86/kernel/cpu/bugs.c | 307 +++++-
arch/x86/kernel/cpu/bugs_64.c | 33 -
arch/x86/kernel/cpu/common.c | 147 ++-
arch/x86/kernel/cpu/intel.c | 26 -
arch/x86/kernel/cpu/mcheck/mce.c | 9 +-
arch/x86/kernel/cpu/mcheck/p5.c | 3 +-
arch/x86/kernel/cpu/mcheck/winchip.c | 3 +-
arch/x86/kernel/cpu/microcode/intel.c | 43 +
arch/x86/kernel/cpu/perf_event.c | 16 +-
arch/x86/kernel/cpu/perf_event.h | 1 +
arch/x86/kernel/cpu/perf_event_intel.c | 45 +-
arch/x86/kernel/cpu/perf_event_intel_ds.c | 56 +-
arch/x86/kernel/cpu/perf_event_intel_lbr.c | 2 +
arch/x86/kernel/cpu/proc.c | 4 +-
arch/x86/kernel/crash.c | 22 +-
arch/x86/kernel/entry_32.S | 31 +-
arch/x86/kernel/entry_64.S | 223 ++++-
arch/x86/kernel/espfix_64.c | 10 +
arch/x86/kernel/ftrace.c | 12 +
arch/x86/kernel/head_32.S | 2 +-
arch/x86/kernel/head_64.S | 35 +-
arch/x86/kernel/i387.c | 4 +-
arch/x86/kernel/irq.c | 3 +-
arch/x86/kernel/irq_32.c | 16 +-
arch/x86/kernel/irqinit.c | 2 +-
arch/x86/kernel/kprobes/common.h | 2 +-
arch/x86/kernel/kprobes/core.c | 16 +-
arch/x86/kernel/kprobes/opt.c | 25 +-
arch/x86/kernel/kvm.c | 19 +-
arch/x86/kernel/kvmclock.c | 11 +-
arch/x86/kernel/ldt.c | 27 +-
arch/x86/kernel/mcount_64.S | 8 +-
arch/x86/kernel/nmi_selftest.c | 2 +-
arch/x86/kernel/paravirt_patch_64.c | 2 -
arch/x86/kernel/pci-calgary_64.c | 2 +-
arch/x86/kernel/process.c | 7 +-
arch/x86/kernel/process_64.c | 2 +-
arch/x86/kernel/ptrace.c | 4 +-
arch/x86/kernel/pvclock.c | 68 --
arch/x86/kernel/reboot.c | 4 +
arch/x86/kernel/setup.c | 7 +
arch/x86/kernel/smp.c | 5 +
arch/x86/kernel/sys_x86_64.c | 4 +-
arch/x86/kernel/tracepoint.c | 2 +
arch/x86/kernel/vm86_32.c | 2 +-
arch/x86/kernel/vmlinux.lds.S | 6 +
arch/x86/kernel/vsyscall_64.c | 12 +-
arch/x86/kernel/xsave.c | 3 +-
arch/x86/kvm/cpuid.c | 20 +-
arch/x86/kvm/cpuid.h | 9 +
arch/x86/kvm/emulate.c | 112 ++-
arch/x86/kvm/lapic.c | 6 +
arch/x86/kvm/lapic.h | 1 +
arch/x86/kvm/mmu.c | 7 +-
arch/x86/kvm/mmu.h | 1 +
arch/x86/kvm/svm.c | 35 +-
arch/x86/kvm/vmx.c | 100 +-
arch/x86/kvm/x86.c | 203 ++--
arch/x86/kvm/x86.h | 2 +
arch/x86/lib/Makefile | 2 +
arch/x86/lib/checksum_32.S | 7 +-
arch/x86/lib/clear_page_64.S | 4 +-
arch/x86/lib/cmdline.c | 165 +++-
arch/x86/lib/copy_page_64.S | 2 +-
arch/x86/lib/copy_user_64.S | 15 +-
arch/x86/lib/getuser.S | 10 +
arch/x86/lib/memcpy_64.S | 8 +-
arch/x86/lib/memmove_64.S | 2 +-
arch/x86/lib/memset_64.S | 8 +-
arch/x86/lib/retpoline-export.c | 24 +
arch/x86/lib/retpoline.S | 47 +
arch/x86/lib/usercopy_32.c | 20 +-
arch/x86/lib/x86-opcode-map.txt | 2 +-
arch/x86/mm/Makefile | 4 +-
arch/x86/mm/hugetlbpage.c | 2 +-
arch/x86/mm/init.c | 47 +-
arch/x86/mm/init_64.c | 10 +
arch/x86/mm/kaiser.c | 472 +++++++++
arch/x86/mm/numa_32.c | 1 +
arch/x86/mm/pageattr.c | 63 +-
arch/x86/mm/pgtable.c | 27 +-
arch/x86/mm/tlb.c | 257 +++--
arch/x86/oprofile/op_model_ppro.c | 4 +-
arch/x86/pci/acpi.c | 10 +
arch/x86/pci/broadcom_bus.c | 2 +-
arch/x86/pci/fixup.c | 52 +-
arch/x86/pci/xen.c | 23 +-
arch/x86/platform/efi/efi_stub_64.S | 161 ---
arch/x86/platform/efi/efi_thunk_64.S | 121 ++-
arch/x86/platform/goldfish/goldfish.c | 14 +-
.../platform/intel-mid/device_libs/platform_wdt.c | 2 +-
arch/x86/platform/uv/uv_nmi.c | 1 +
arch/x86/um/ptrace_64.c | 2 +-
arch/x86/vdso/vclock_gettime.c | 103 +-
arch/x86/vdso/vdso-layout.lds.S | 45 +-
arch/x86/vdso/vdso2c.c | 15 +-
arch/x86/vdso/vdso2c.h | 25 +-
arch/x86/vdso/vdso32-setup.c | 11 +-
arch/x86/vdso/vma.c | 34 +-
arch/x86/xen/enlighten.c | 10 +-
arch/x86/xen/mmu.c | 2 +-
arch/xtensa/kernel/setup.c | 4 +-
arch/xtensa/kernel/syscall.c | 2 +-
arch/xtensa/kernel/xtensa_ksyms.c | 2 -
arch/xtensa/mm/cache.c | 12 +-
block/bio.c | 22 +-
block/blk-cgroup.h | 2 +-
block/blk-core.c | 5 +-
block/blk-flush.c | 6 +
block/blk-mq-tag.c | 44 +-
block/blk-mq-tag.h | 12 +
block/blk-mq.c | 16 +-
block/bsg.c | 3 +
block/partition-generic.c | 4 +-
crypto/Makefile | 2 +
crypto/ahash.c | 79 +-
crypto/algapi.c | 13 +
crypto/asymmetric_keys/x509_cert_parser.c | 2 +
crypto/async_tx/async_pq.c | 8 +-
crypto/gcm.c | 8 +-
crypto/hmac.c | 6 +-
crypto/salsa20_generic.c | 7 -
crypto/shash.c | 13 +-
drivers/Makefile | 1 +
drivers/acpi/Makefile | 1 -
drivers/acpi/acpi_platform.c | 8 +-
drivers/acpi/apei/einj.c | 2 +-
drivers/acpi/apei/erst.c | 2 +-
drivers/acpi/apei/ghes.c | 88 +-
drivers/acpi/ec.c | 4 +-
drivers/acpi/power.c | 1 +
drivers/acpi/sbshc.c | 4 +-
drivers/ata/ahci.c | 38 +
drivers/ata/libata-scsi.c | 14 +-
drivers/ata/pata_amd.c | 1 +
drivers/ata/pata_cs5536.c | 1 +
drivers/ata/pata_hpt366.c | 4 +-
drivers/ata/sata_mv.c | 3 +
drivers/atm/iphase.c | 2 +-
drivers/base/Kconfig | 3 +
drivers/base/bus.c | 2 +-
drivers/base/cpu.c | 48 +
drivers/base/dma-mapping.c | 4 +-
drivers/base/isa.c | 10 +-
drivers/base/platform.c | 4 +-
drivers/base/power/domain.c | 4 +-
drivers/base/power/main.c | 8 +-
drivers/base/power/qos.c | 2 +-
drivers/base/power/sysfs.c | 2 +
drivers/base/regmap/regcache-lzo.c | 8 +-
drivers/bcma/main.c | 4 +
drivers/block/drbd/drbd_bitmap.c | 6 +
drivers/block/nbd.c | 34 +-
drivers/block/nvme-core.c | 6 +-
drivers/block/paride/pg.c | 4 +-
drivers/block/rbd.c | 4 +-
drivers/block/skd_main.c | 21 +-
drivers/block/xen-blkback/blkback.c | 23 +-
drivers/block/xen-blkback/common.h | 25 +-
drivers/block/zram/zram_drv.c | 6 +-
drivers/bluetooth/ath3k.c | 2 +
drivers/bluetooth/btusb.c | 1 +
drivers/bus/mvebu-mbus.c | 2 +-
drivers/bus/vexpress-config.c | 7 +-
drivers/char/hw_random/core.c | 6 +-
drivers/char/ipmi/ipmi_msghandler.c | 10 +-
drivers/char/lp.c | 6 +-
drivers/char/mem.c | 87 +-
drivers/char/tpm/tpm-dev.c | 6 +
drivers/char/tpm/tpm-sysfs.c | 3 +-
drivers/char/virtio_console.c | 40 +-
drivers/clk/clk-divider.c | 2 +-
drivers/clk/clk-efm32gg.c | 6 +-
drivers/clk/clk-wm831x.c | 5 +-
drivers/clk/hisilicon/clkgate-separated.c | 1 +
drivers/clk/samsung/clk-s3c2410.c | 4 +-
drivers/clk/samsung/clk-s3c2412.c | 4 +-
drivers/clk/samsung/clk-s3c2443.c | 4 +-
drivers/clk/samsung/clk-s3c64xx.c | 4 +-
drivers/clk/shmobile/clk-mstp.c | 33 +-
drivers/clk/tegra/clk-tegra30.c | 2 +-
drivers/clk/ti/clk-dra7-atl.c | 3 +-
drivers/clocksource/exynos_mct.c | 5 +
drivers/cpufreq/cpufreq_conservative.c | 4 +-
drivers/cpufreq/s3c2416-cpufreq.c | 1 -
drivers/crypto/atmel-sha.c | 4 +-
drivers/crypto/caam/caamalg.c | 4 +-
drivers/crypto/caam/caamhash.c | 2 +-
drivers/crypto/caam/ctrl.c | 3 +-
drivers/crypto/caam/desc.h | 2 +-
drivers/crypto/caam/key_gen.c | 2 +-
drivers/crypto/n2_core.c | 3 +
drivers/crypto/talitos.c | 14 +-
drivers/devfreq/devfreq.c | 19 +-
drivers/dma/amba-pl08x.c | 4 +-
drivers/dma/dma-jz4740.c | 4 +-
drivers/dma/dmatest.c | 54 +-
drivers/dma/ep93xx_dma.c | 2 +
drivers/firewire/net.c | 8 +-
drivers/firmware/efi/efi.c | 3 +-
drivers/firmware/efi/runtime-map.c | 10 +-
drivers/gpio/gpio-mcp23s08.c | 60 +-
drivers/gpio/gpio-mvebu.c | 94 +-
drivers/gpio/gpio-tegra.c | 6 +-
drivers/gpio/gpiolib-acpi.c | 2 +-
drivers/gpu/drm/ast/ast_main.c | 7 +-
drivers/gpu/drm/ast/ast_post.c | 38 +-
drivers/gpu/drm/drm_edid.c | 8 +
drivers/gpu/drm/drm_gem.c | 6 +-
drivers/gpu/drm/drm_irq.c | 3 +-
drivers/gpu/drm/gma500/mdfld_intel_display.c | 2 +-
drivers/gpu/drm/gma500/psb_drv.c | 3 +
drivers/gpu/drm/gma500/psb_intel_lvds.c | 18 +-
drivers/gpu/drm/i915/i915_debugfs.c | 5 +-
drivers/gpu/drm/i915/i915_dma.c | 8 +-
drivers/gpu/drm/i915/intel_bios.c | 9 +-
drivers/gpu/drm/i915/intel_crt.c | 19 +-
drivers/gpu/drm/i915/intel_display.c | 29 +-
drivers/gpu/drm/i915/intel_dp.c | 2 +-
drivers/gpu/drm/i915/intel_drv.h | 3 +-
drivers/gpu/drm/i915/intel_dsi_pll.c | 6 +-
drivers/gpu/drm/i915/intel_i2c.c | 4 +-
drivers/gpu/drm/i915/intel_pm.c | 20 +-
drivers/gpu/drm/i915/intel_sprite.c | 20 +
drivers/gpu/drm/msm/hdmi/hdmi_audio.c | 6 +-
drivers/gpu/drm/msm/msm_gem_submit.c | 7 +-
drivers/gpu/drm/nouveau/dispnv04/hw.c | 3 +-
drivers/gpu/drm/radeon/atombios_dp.c | 38 +-
drivers/gpu/drm/radeon/atombios_encoders.c | 13 +-
drivers/gpu/drm/radeon/ci_dpm.c | 6 +
drivers/gpu/drm/radeon/cik.c | 2 +-
drivers/gpu/drm/radeon/evergreen.c | 2 +-
drivers/gpu/drm/radeon/ni.c | 4 +-
drivers/gpu/drm/radeon/r600.c | 2 +-
drivers/gpu/drm/radeon/r600_dpm.c | 15 +-
drivers/gpu/drm/radeon/radeon_bios.c | 64 +-
drivers/gpu/drm/radeon/radeon_combios.c | 7 +
drivers/gpu/drm/radeon/radeon_cursor.c | 56 +-
drivers/gpu/drm/radeon/radeon_device.c | 9 +-
drivers/gpu/drm/radeon/radeon_mode.h | 1 +
drivers/gpu/drm/radeon/si.c | 2 +-
drivers/gpu/drm/radeon/si_dpm.c | 43 +-
drivers/gpu/drm/radeon/sislands_smc.h | 1 +
drivers/gpu/drm/ttm/ttm_bo.c | 4 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 1 +
drivers/gpu/drm/ttm/ttm_bo_vm.c | 12 +
drivers/gpu/drm/ttm/ttm_object.c | 10 +-
drivers/gpu/drm/ttm/ttm_page_alloc.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 79 +-
drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 2 +
drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +-
drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 4 +-
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 38 +-
drivers/hid/hid-core.c | 23 +-
drivers/hid/hid-cypress.c | 3 +
drivers/hid/hid-ids.h | 73 +-
drivers/hid/hid-input.c | 2 +-
drivers/hid/hid-kye.c | 140 +++
drivers/hid/hid-microsoft.c | 14 +-
drivers/hid/hid-sjoy.c | 3 +
drivers/hid/hid-uclogic.c | 27 +
drivers/hid/i2c-hid/i2c-hid.c | 3 +-
drivers/hid/usbhid/hid-core.c | 12 +-
drivers/hid/usbhid/hid-quirks.c | 65 +-
drivers/hsi/clients/ssi_protocol.c | 5 +-
drivers/hv/channel.c | 15 +-
drivers/hv/channel_mgmt.c | 7 +-
drivers/hv/connection.c | 27 +-
drivers/hv/hv.c | 35 +-
drivers/hv/hv_util.c | 10 +-
drivers/hv/hyperv_vmbus.h | 2 +-
drivers/hwmon/asus_atk0110.c | 3 +
drivers/hwmon/ds620.c | 2 +-
drivers/hwmon/g762.c | 11 +-
drivers/hwmon/pmbus/pmbus_core.c | 21 +-
drivers/i2c/busses/i2c-cadence.c | 6 +-
drivers/i2c/busses/i2c-imx.c | 4 +-
drivers/i2c/busses/i2c-ismt.c | 7 +-
drivers/i2c/busses/i2c-riic.c | 30 +-
drivers/i2c/busses/i2c-tiny-usb.c | 25 +-
drivers/i2c/i2c-core.c | 19 +-
drivers/i2c/i2c-dev.c | 2 +-
drivers/i2c/muxes/Kconfig | 2 +-
drivers/i2c/muxes/i2c-mux-pca954x.c | 5 +-
drivers/iio/accel/st_accel_core.c | 2 +-
drivers/iio/accel/st_accel_spi.c | 4 -
drivers/iio/adc/ad7793.c | 4 +-
drivers/iio/adc/ad_sigma_delta.c | 28 +
drivers/iio/adc/exynos_adc.c | 2 +-
drivers/iio/adc/mcp320x.c | 1 +
drivers/iio/adc/ti_am335x_adc.c | 13 +-
drivers/iio/adc/vf610_adc.c | 2 +-
.../iio/common/hid-sensors/hid-sensor-attributes.c | 70 +-
drivers/iio/dac/ad7303.c | 6 +-
drivers/iio/humidity/dht11.c | 6 +-
drivers/iio/imu/adis16480.c | 2 +-
drivers/iio/industrialio-core.c | 20 +-
drivers/iio/light/tsl2563.c | 2 +-
drivers/iio/magnetometer/st_magn_core.c | 2 +-
drivers/iio/magnetometer/st_magn_spi.c | 2 -
drivers/iio/pressure/mpl115.c | 1 +
drivers/iio/pressure/mpl3115.c | 4 +-
drivers/iio/pressure/st_pressure_core.c | 10 +-
drivers/iio/proximity/as3935.c | 17 +-
drivers/infiniband/core/cache.c | 61 +-
drivers/infiniband/core/cm.c | 125 ++-
drivers/infiniband/core/cma.c | 5 +
drivers/infiniband/core/device.c | 26 +-
drivers/infiniband/core/mad.c | 2 +-
drivers/infiniband/core/multicast.c | 7 +-
drivers/infiniband/core/umem.c | 2 +-
drivers/infiniband/core/uverbs_cmd.c | 26 +-
drivers/infiniband/core/uverbs_main.c | 10 +-
drivers/infiniband/core/verbs.c | 48 +-
drivers/infiniband/hw/cxgb3/iwch_provider.c | 5 +-
drivers/infiniband/hw/cxgb4/cq.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 1 +
drivers/infiniband/hw/mlx4/ah.c | 6 +-
drivers/infiniband/hw/mlx4/cq.c | 5 +-
drivers/infiniband/hw/mlx4/main.c | 31 +-
drivers/infiniband/hw/mlx4/qp.c | 5 +-
drivers/infiniband/hw/mlx4/sysfs.c | 2 +-
drivers/infiniband/hw/mlx5/cq.c | 3 +-
drivers/infiniband/hw/mlx5/main.c | 5 +-
drivers/infiniband/hw/mlx5/mem.c | 49 +-
drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +
drivers/infiniband/hw/mlx5/mr.c | 43 +-
drivers/infiniband/hw/mlx5/qp.c | 34 +-
drivers/infiniband/hw/mlx5/srq.c | 11 +-
drivers/infiniband/hw/ocrdma/ocrdma_hw.c | 3 +
drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 4 +-
drivers/infiniband/hw/qib/qib_iba7322.c | 2 +-
drivers/infiniband/hw/qib/qib_rc.c | 3 +-
drivers/infiniband/hw/usnic/usnic_fwd.c | 12 +-
drivers/infiniband/hw/usnic/usnic_fwd.h | 2 +-
drivers/infiniband/hw/usnic/usnic_ib_main.c | 10 +-
drivers/infiniband/hw/usnic/usnic_ib_verbs.c | 2 +
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 17 +-
drivers/infiniband/ulp/ipoib/ipoib_fs.c | 9 +-
drivers/infiniband/ulp/ipoib/ipoib_main.c | 93 +-
drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 12 +-
drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 20 +-
drivers/infiniband/ulp/srp/ib_srp.c | 31 +-
drivers/infiniband/ulp/srpt/ib_srpt.c | 12 +-
drivers/input/ff-core.c | 13 +-
drivers/input/joystick/analog.c | 2 +-
drivers/input/joystick/iforce/iforce-usb.c | 3 +
drivers/input/joystick/xpad.c | 191 +++-
drivers/input/misc/adxl34x.c | 2 +-
drivers/input/misc/cm109.c | 4 +
drivers/input/misc/ims-pcu.c | 20 +-
drivers/input/misc/twl4030-pwrbutton.c | 2 +-
drivers/input/misc/twl4030-vibra.c | 7 +-
drivers/input/misc/twl6040-vibra.c | 2 +-
drivers/input/misc/uinput.c | 57 +-
drivers/input/misc/yealink.c | 4 +
drivers/input/mouse/elantech.c | 37 +-
drivers/input/mouse/trackpoint.c | 10 +-
drivers/input/mouse/trackpoint.h | 3 +-
drivers/input/serio/gscps2.c | 2 +-
drivers/input/serio/i8042-x86ia64io.h | 41 +
drivers/input/serio/i8042.c | 12 +-
drivers/input/tablet/gtco.c | 17 +-
drivers/input/tablet/hanwang.c | 3 +
drivers/input/tablet/kbtab.c | 3 +
drivers/input/touchscreen/88pm860x-ts.c | 16 +-
drivers/input/touchscreen/ads7846.c | 8 +-
drivers/input/touchscreen/sur40.c | 3 +
drivers/input/touchscreen/ti_am335x_tsc.c | 2 +-
drivers/input/touchscreen/ucb1400_ts.c | 4 +-
drivers/iommu/amd_iommu.c | 6 +-
drivers/iommu/amd_iommu_init.c | 2 +-
drivers/iommu/dmar.c | 11 +-
drivers/iommu/exynos-iommu.c | 2 +-
drivers/iommu/intel-iommu.c | 33 +-
drivers/irqchip/irq-brcmstb-l2.c | 1 +
drivers/isdn/gigaset/bas-gigaset.c | 3 +
drivers/isdn/gigaset/ser-gigaset.c | 4 +-
drivers/isdn/hardware/eicon/message.c | 3 +-
drivers/isdn/hardware/mISDN/mISDNipac.c | 12 +-
drivers/isdn/hardware/mISDN/w6692.c | 6 +-
drivers/lguest/x86/core.c | 5 +-
drivers/macintosh/therm_windtunnel.c | 1 +
drivers/md/bcache/alloc.c | 3 +-
drivers/md/bcache/bcache.h | 1 +
drivers/md/bcache/request.c | 21 +-
drivers/md/bcache/super.c | 10 +-
drivers/md/bcache/sysfs.c | 4 +-
drivers/md/bcache/util.c | 50 +-
drivers/md/bcache/writeback.c | 20 +-
drivers/md/bcache/writeback.h | 21 +-
drivers/md/bitmap.c | 5 +
drivers/md/dm-bufio.c | 25 +-
drivers/md/dm-cache-target.c | 18 +-
drivers/md/dm-crypt.c | 7 +-
drivers/md/dm-era-target.c | 8 +-
drivers/md/dm-ioctl.c | 2 +-
drivers/md/dm-mpath.c | 40 +-
drivers/md/dm-snap.c | 48 +-
drivers/md/dm-table.c | 56 +-
drivers/md/dm-thin-metadata.c | 10 +-
drivers/md/dm-thin.c | 22 +-
drivers/md/dm.c | 92 +-
drivers/md/linear.c | 29 +-
drivers/md/linear.h | 1 +
drivers/md/md.c | 11 +-
drivers/md/persistent-data/dm-btree.c | 27 +-
drivers/md/persistent-data/dm-space-map-disk.c | 15 +-
drivers/md/persistent-data/dm-space-map-metadata.c | 14 +-
drivers/md/raid1.c | 5 +-
drivers/md/raid10.c | 18 +
drivers/md/raid5.c | 20 +-
drivers/media/dvb-frontends/mb86a20s.c | 104 +-
drivers/media/i2c/Kconfig | 1 +
drivers/media/i2c/adv7604.c | 3 +
drivers/media/i2c/soc_camera/ov2640.c | 6 +-
drivers/media/pci/dm1105/Kconfig | 2 +-
drivers/media/pci/saa7164/saa7164-buffer.c | 4 +-
drivers/media/pci/saa7164/saa7164-bus.c | 96 +-
drivers/media/pci/saa7164/saa7164-core.c | 13 +-
drivers/media/pci/saa7164/saa7164-fw.c | 6 +-
drivers/media/pci/saa7164/saa7164-types.h | 4 +-
drivers/media/pci/saa7164/saa7164.h | 4 +-
drivers/media/platform/davinci/vpfe_capture.c | 23 +-
drivers/media/platform/omap/omap_vout.c | 3 +-
drivers/media/platform/s5p-mfc/s5p_mfc.c | 1 +
drivers/media/rc/imon.c | 5 +
drivers/media/rc/ir-lirc-codec.c | 11 +-
drivers/media/rc/ir-raw.c | 13 +-
drivers/media/rc/ite-cir.c | 2 +
drivers/media/rc/mceusb.c | 9 +-
drivers/media/tuners/tuner-xc2028.c | 37 +-
drivers/media/usb/cx231xx/cx231xx-audio.c | 41 +-
drivers/media/usb/cx231xx/cx231xx-avcore.c | 5 +-
drivers/media/usb/cx231xx/cx231xx-cards.c | 53 +-
drivers/media/usb/cx231xx/cx231xx-core.c | 3 +-
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c | 9 +-
drivers/media/usb/dvb-usb/dib0700_core.c | 8 +-
drivers/media/usb/dvb-usb/dibusb-common.c | 16 +-
drivers/media/usb/dvb-usb/digitv.c | 4 +
drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 33 +-
drivers/media/usb/dvb-usb/dw2102.c | 54 ++
drivers/media/usb/dvb-usb/ttusb2.c | 19 +
drivers/media/usb/em28xx/em28xx-audio.c | 2 +-
drivers/media/usb/gspca/konica.c | 3 +
drivers/media/usb/pvrusb2/pvrusb2-eeprom.c | 13 +-
drivers/media/usb/siano/smsusb.c | 18 +-
drivers/media/usb/usbvision/usbvision-video.c | 9 +-
drivers/media/usb/uvc/uvc_ctrl.c | 7 +
drivers/media/usb/uvc/uvc_queue.c | 2 +-
drivers/media/usb/uvc/uvc_video.c | 2 +-
drivers/media/usb/zr364xx/zr364xx.c | 8 +
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1022 ++++++++++++--------
drivers/media/v4l2-core/v4l2-ioctl.c | 5 +-
drivers/media/v4l2-core/videobuf2-core.c | 7 +-
drivers/memstick/host/rtsx_usb_ms.c | 6 +
drivers/message/i2o/i2o_config.c | 4 +-
drivers/mfd/Kconfig | 1 +
drivers/mfd/arizona-core.c | 4 +-
drivers/mfd/arizona-i2c.c | 5 +-
drivers/mfd/arizona-spi.c | 3 +-
drivers/mfd/arizona.h | 4 +-
drivers/mfd/cros_ec_spi.c | 4 +
drivers/mfd/max8998.c | 6 +-
drivers/mfd/mfd-core.c | 2 +
drivers/mfd/omap-usb-tll.c | 6 +-
drivers/mfd/rtsx_usb.c | 10 +-
drivers/mfd/twl4030-audio.c | 9 +-
drivers/mfd/twl6040.c | 12 +-
drivers/misc/ad525x_dpot.c | 2 +-
drivers/misc/eeprom/at24.c | 6 +
drivers/misc/enclosure.c | 14 +-
drivers/misc/genwqe/card_utils.c | 12 +-
drivers/misc/mei/client.c | 20 +-
drivers/misc/mei/hw-txe.c | 6 +-
drivers/misc/mei/nfc.c | 2 +-
drivers/mmc/card/block.c | 5 +-
drivers/mmc/card/queue.h | 2 +-
drivers/mmc/core/mmc.c | 4 +-
drivers/mmc/host/moxart-mmc.c | 5 +-
drivers/mmc/host/mxs-mmc.c | 10 +-
drivers/mmc/host/omap_hsmmc.c | 7 +-
drivers/mmc/host/rtsx_usb_sdmmc.c | 7 +-
drivers/mmc/host/s3cmci.c | 6 +-
drivers/mmc/host/sdhci-of-arasan.c | 16 +-
drivers/mmc/host/sdhci.c | 35 +-
drivers/mmc/host/sunxi-mmc.c | 5 +-
drivers/mmc/host/ushc.c | 3 +
drivers/mtd/maps/pmcmsp-flash.c | 4 +-
drivers/mtd/maps/rbtx4939-flash.c | 2 -
drivers/mtd/nand/Kconfig | 2 +-
drivers/mtd/nand/fsmc_nand.c | 9 +-
drivers/mtd/nand/nand_base.c | 9 +-
drivers/mtd/nand/nandsim.c | 1 +
drivers/mtd/nand/omap2.c | 340 ++++---
drivers/mtd/ubi/eba.c | 4 +-
drivers/mtd/ubi/fastmap.c | 22 +-
drivers/mtd/ubi/upd.c | 8 +-
drivers/mtd/ubi/wl.c | 45 +-
drivers/net/Kconfig | 3 +
drivers/net/bonding/bond_netlink.c | 6 +-
drivers/net/can/c_can/c_can_pci.c | 2 +-
drivers/net/can/c_can/c_can_platform.c | 1 -
drivers/net/can/ti_hecc.c | 19 +-
drivers/net/can/usb/ems_usb.c | 2 +
drivers/net/can/usb/esd_usb2.c | 4 +-
drivers/net/can/usb/gs_usb.c | 14 +-
drivers/net/can/usb/kvaser_usb.c | 16 +-
drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 +-
drivers/net/can/usb/usb_8dev.c | 11 +-
drivers/net/ethernet/8390/ax88796.c | 7 +-
drivers/net/ethernet/amd/amd8111e.c | 19 +-
drivers/net/ethernet/amd/nmclan_cs.c | 4 +-
drivers/net/ethernet/atheros/alx/main.c | 7 +-
drivers/net/ethernet/broadcom/b44.c | 1 +
drivers/net/ethernet/broadcom/bcmsysport.c | 49 +-
drivers/net/ethernet/broadcom/bgmac.c | 11 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 2 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 680 +++++++------
drivers/net/ethernet/broadcom/genet/bcmgenet.h | 23 +-
drivers/net/ethernet/broadcom/tg3.c | 4 -
drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 2 +-
drivers/net/ethernet/cirrus/ep93xx_eth.c | 4 +
drivers/net/ethernet/cisco/enic/enic_main.c | 18 +-
drivers/net/ethernet/dec/tulip/tulip_core.c | 9 +-
drivers/net/ethernet/dec/tulip/uli526x.c | 2 +-
drivers/net/ethernet/dec/tulip/winbond-840.c | 2 +-
drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
drivers/net/ethernet/emulex/benet/be_main.c | 1 -
drivers/net/ethernet/ethoc.c | 3 +-
.../net/ethernet/freescale/fs_enet/fs_enet-main.c | 16 +-
drivers/net/ethernet/freescale/fs_enet/fs_enet.h | 1 +
drivers/net/ethernet/freescale/ucc_geth.c | 8 +-
drivers/net/ethernet/ibm/emac/core.c | 26 +-
drivers/net/ethernet/intel/e1000e/ich8lan.c | 24 +-
drivers/net/ethernet/intel/e1000e/mac.c | 11 +-
drivers/net/ethernet/intel/e1000e/netdev.c | 35 +-
drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 30 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 8 +-
drivers/net/ethernet/intel/i40e/i40e_txrx.c | 4 +-
drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +-
drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
drivers/net/ethernet/intel/igbvf/netdev.c | 2 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +-
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 6 +-
drivers/net/ethernet/korina.c | 8 +-
drivers/net/ethernet/marvell/mvmdio.c | 3 +-
drivers/net/ethernet/marvell/mvneta.c | 6 +-
drivers/net/ethernet/marvell/sky2.c | 13 +
drivers/net/ethernet/mellanox/mlx4/cmd.c | 45 +-
drivers/net/ethernet/mellanox/mlx4/cq.c | 38 +-
drivers/net/ethernet/mellanox/mlx4/en_clock.c | 5 +-
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 15 +-
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 23 +-
drivers/net/ethernet/mellanox/mlx4/en_port.c | 2 +-
drivers/net/ethernet/mellanox/mlx4/en_rx.c | 26 +-
drivers/net/ethernet/mellanox/mlx4/en_tx.c | 6 +-
drivers/net/ethernet/mellanox/mlx4/eq.c | 23 +-
drivers/net/ethernet/mellanox/mlx4/fw.c | 6 +-
drivers/net/ethernet/mellanox/mlx4/fw.h | 1 +
drivers/net/ethernet/mellanox/mlx4/icm.c | 7 +-
drivers/net/ethernet/mellanox/mlx4/main.c | 4 +-
drivers/net/ethernet/mellanox/mlx4/mcg.c | 22 +-
drivers/net/ethernet/mellanox/mlx4/mlx4.h | 7 +-
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 3 +-
drivers/net/ethernet/mellanox/mlx4/port.c | 13 +-
drivers/net/ethernet/mellanox/mlx4/qp.c | 13 +
.../net/ethernet/mellanox/mlx4/resource_tracker.c | 11 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 19 +-
drivers/net/ethernet/mellanox/mlx5/core/debugfs.c | 6 +-
drivers/net/ethernet/mellanox/mlx5/core/eq.c | 17 +-
.../net/ethernet/mellanox/mlx5/core/pagealloc.c | 26 +-
drivers/net/ethernet/neterion/vxge/vxge-main.c | 31 +-
.../net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 +-
drivers/net/ethernet/qlogic/netxen/netxen_nic_hw.c | 2 +-
drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 2 +-
drivers/net/ethernet/realtek/r8169.c | 5 +-
drivers/net/ethernet/renesas/sh_eth.c | 43 +-
drivers/net/ethernet/sfc/efx.c | 10 +-
drivers/net/ethernet/sfc/efx.h | 6 +
drivers/net/ethernet/sfc/selftest.c | 2 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 26 +-
drivers/net/ethernet/ti/cpmac.c | 7 +-
drivers/net/ethernet/ti/cpsw-phy-sel.c | 3 +
drivers/net/ethernet/ti/cpsw.c | 16 +-
drivers/net/ethernet/toshiba/tc35815.c | 2 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 2 +-
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 128 +--
drivers/net/hyperv/netvsc_drv.c | 32 +-
drivers/net/irda/irda-usb.c | 2 +-
drivers/net/macvlan.c | 11 +-
drivers/net/macvtap.c | 10 +-
drivers/net/phy/dp83640.c | 2 +-
drivers/net/phy/marvell.c | 70 +-
drivers/net/phy/mdio-sun4i.c | 6 +-
drivers/net/phy/phy.c | 2 +-
drivers/net/phy/phy_device.c | 2 +-
drivers/net/ppp/pppoe.c | 11 +-
drivers/net/team/team.c | 8 +-
drivers/net/tun.c | 27 +-
drivers/net/usb/catc.c | 56 +-
drivers/net/usb/cdc_ether.c | 13 +-
drivers/net/usb/cdc_ncm.c | 7 +
drivers/net/usb/cx82310_eth.c | 7 +-
drivers/net/usb/pegasus.c | 29 +-
drivers/net/usb/qmi_wwan.c | 9 +-
drivers/net/usb/r8152.c | 7 +-
drivers/net/usb/rtl8150.c | 34 +-
drivers/net/usb/smsc75xx.c | 8 +-
drivers/net/usb/smsc95xx.c | 11 +-
drivers/net/usb/sr9700.c | 9 +-
drivers/net/virtio_net.c | 30 +-
drivers/net/vxlan.c | 12 +-
drivers/net/wimax/i2400m/usb.c | 3 +
drivers/net/wireless/adm8211.c | 3 +-
drivers/net/wireless/ath/ath5k/mac80211-ops.c | 3 +-
drivers/net/wireless/ath/ath9k/ar9003_eeprom.h | 4 +-
drivers/net/wireless/ath/ath9k/ar9003_phy.c | 2 -
drivers/net/wireless/ath/ath9k/ath9k.h | 1 +
drivers/net/wireless/ath/ath9k/eeprom.c | 2 +-
drivers/net/wireless/ath/ath9k/hif_usb.c | 7 +
drivers/net/wireless/ath/ath9k/init.c | 1 +
commit 34957dfc9e13f13d5ebc063f7dcae91c659ed578
Merge: 3fb41a1 a413cc7
Author: Rohit Kumar <rokku...@cs.stonybrook.edu>
Date: Fri May 11 17:01:53 2018 -0400
Merge branch 'master' into wrapfs
commit a413cc78bc64edec0a05f5c812f25c152988d6da
Author: Ben Hutchings <b...@decadent.org.uk>
Date: Mon Mar 19 18:59:18 2018 +0000
Linux 3.16.56
commit c3de339f17f9097667dd1ecf908a1014848487bb
Author: Arnd Bergmann <a...@arndb.de>
Date: Thu Feb 15 16:16:57 2018 +0100
x86: fix build warnign with 32-bit PAE
I ran into a 4.9 build warning in randconfig testing, starting with the
KAISER patches:
arch/x86/kernel/ldt.c: In function 'alloc_ldt_struct':
arch/x86/include/asm/pgtable_types.h:208:24: error: large integer
implicitly truncated to unsigned type [-Werror=overflow]
#define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
^
arch/x86/kernel/ldt.c:81:6: note: in expansion of macro '__PAGE_KERNEL'
__PAGE_KERNEL);
^~~~~~~~~~~~~
I originally ran into this last year when the patches were part of
linux-next,
and tried to work around it by using the proper 'pteval_t' types
consistently,
but that caused additional problems.
This takes a much simpler approach, and makes the argument type of the dummy
helper always 64-bit, which is wide enough for any page table layout and
won't hurt since this call is just an empty stub anyway.
Fixes: 8f0baadf2bea ("kaiser: merged update")
Signed-off-by: Arnd Bergmann <a...@arndb.de>
Acked-by: Kees Cook <keesc...@chromium.org>
Acked-by: Hugh Dickins <hu...@google.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 98ce99aa23b43c3dc736cd0354537fca029d69cb
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:49 2018 -0800
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
commit 304ec1b050310548db33063e567123fae8fd0301 upstream.
Quoting Linus:
I do think that it would be a good idea to very expressly document
the fact that it's not that the user access itself is unsafe. I do
agree that things like "get_user()" want to be protected, but not
because of any direct bugs or problems with get_user() and friends,
but simply because get_user() is an excellent source of a pointer
that is obviously controlled from a potentially attacking user
space. So it's a prime candidate for then finding _subsequent_
accesses that can then be used to perturb the cache.
__uaccess_begin_nospec() covers __get_user() and copy_from_iter() where the
limit check is far away from the user pointer de-reference. In those cases
a barrier_nospec() prevents speculation with a potential pointer to
privileged memory. uaccess_try_nospec covers get_user_try.
Suggested-by: Linus Torvalds <torva...@linux-foundation.org>
Suggested-by: Andi Kleen <a...@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: Kees Cook <keesc...@chromium.org>
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727416953.33451.10508284228526170604.st...@dwillia2-desk3.amr.corp.intel.com
[bwh: Backported to 3.16:
- Convert several more functions to use __uaccess_begin_nospec(), that
are just wrappers in mainline
- There's no 'case 8' in __copy_to_user_inatomic()
- Adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 8f483696e8edb46461472afa27a764ac6a11929e
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:44 2018 -0800
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
commit b5c4ae4f35325d520b230bab6eb3310613b72ac1 upstream.
In preparation for converting some __uaccess_begin() instances to
__uacess_begin_nospec(), make sure all 'from user' uaccess paths are
using the _begin(), _end() helpers rather than open-coded stac() and
clac().
No functional changes.
Suggested-by: Ingo Molnar <mi...@redhat.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: torva...@linux-foundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727416438.33451.17309465232057176966.st...@dwillia2-desk3.amr.corp.intel.com
[bwh: Backported to 3.16:
- Convert several more functions to use __uaccess_begin_nospec(), that
are just wrappers in mainline
- Adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit c81e7a89b4844ebcc88c81f40e4b2b2516e2793d
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:39 2018 -0800
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
commit b3bbfb3fb5d25776b8e3f361d2eedaabb0b496cd upstream.
For __get_user() paths, do not allow the kernel to speculate on the value
of a user controlled pointer. In addition to the 'stac' instruction for
Supervisor Mode Access Protection (SMAP), a barrier_nospec() causes the
access_ok() result to resolve in the pipeline before the CPU might take any
speculative action on the pointer value. Given the cost of 'stac' the
speculation barrier is placed after 'stac' to hopefully overlap the cost of
disabling SMAP with the cost of flushing the instruction pipeline.
Since __get_user is a major kernel interface that deals with user
controlled pointers, the __uaccess_begin_nospec() mechanism will prevent
speculative execution past an access_ok() permission check. While
speculative execution past access_ok() is not enough to lead to a kernel
memory leak, it is a necessary precondition.
To be clear, __uaccess_begin_nospec() is addressing a class of potential
problems near __get_user() usages.
Note, that while the barrier_nospec() in __uaccess_begin_nospec() is used
to protect __get_user(), pointer masking similar to array_index_nospec()
will be used for get_user() since it incorporates a bounds check near the
usage.
uaccess_try_nospec provides the same mechanism for get_user_try.
No functional changes.
Suggested-by: Linus Torvalds <torva...@linux-foundation.org>
Suggested-by: Andi Kleen <a...@linux.intel.com>
Suggested-by: Ingo Molnar <mi...@redhat.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727415922.33451.5796614273104346583.st...@dwillia2-desk3.amr.corp.intel.com
[bwh: Backported to 3.16: use current_thread_info()]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 0a2d7d9b1e63dd28baf6c8e1416b64a33f89c900
Author: Linus Torvalds <torva...@linux-foundation.org>
Date: Tue Feb 23 14:58:52 2016 -0800
x86: fix SMAP in 32-bit environments
commit de9e478b9d49f3a0214310d921450cf5bb4a21e6 upstream.
In commit 11f1a4b9755f ("x86: reorganize SMAP handling in user space
accesses") I changed how the stac/clac instructions were generated
around the user space accesses, which then made it possible to do
batched accesses efficiently for user string copies etc.
However, in doing so, I completely spaced out, and didn't even think
about the 32-bit case. And nobody really even seemed to notice, because
SMAP doesn't even exist until modern Skylake processors, and you'd have
to be crazy to run 32-bit kernels on a modern CPU.
Which brings us to Andy Lutomirski.
He actually tested the 32-bit kernel on new hardware, and noticed that
it doesn't work. My bad. The trivial fix is to add the required
uaccess begin/end markers around the raw accesses in <asm/uaccess_32.h>.
I feel a bit bad about this patch, just because that header file really
should be cleaned up to avoid all the duplicated code in it, and this
commit just expands on the problem. But this just fixes the bug without
any bigger cleanup surgery.
Reported-and-tested-by: Andy Lutomirski <l...@kernel.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
[bwh: Backported to 3.16: There's no 'case 8' in __copy_to_user_inatomic()]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit df18e8620dbde4fd95cfd73cc6f634e649ca1536
Author: Linus Torvalds <torva...@linux-foundation.org>
Date: Thu Dec 17 09:45:09 2015 -0800
x86: reorganize SMAP handling in user space accesses
commit 11f1a4b9755f5dbc3e822a96502ebe9b044b14d8 upstream.
This reorganizes how we do the stac/clac instructions in the user access
code. Instead of adding the instructions directly to the same inline
asm that does the actual user level access and exception handling, add
them at a higher level.
This is mainly preparation for the next step, where we will expose an
interface to allow users to mark several accesses together as being user
space accesses, but it does already clean up some code:
- the inlined trivial cases of copy_in_user() now do stac/clac just
once over the accesses: they used to do one pair around the user
space read, and another pair around the write-back.
- the {get,put}_user_ex() macros that are used with the catch/try
handling don't do any stac/clac at all, because that happens in the
try/catch surrounding them.
Other than those two cleanups that happened naturally from the
re-organization, this should not make any difference. Yet.
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 9ffb15cb898ad23326266aac346ac0c0813362ea
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Fri Feb 16 13:20:54 2018 -0800
nospec: Include <asm/barrier.h> dependency
commit eb6174f6d1be16b19cfa43dac296bfed003ce1a6 upstream.
The nospec.h header expects the per-architecture header file
<asm/barrier.h> to optionally define array_index_mask_nospec(). Include
that dependency to prevent inadvertent fallback to the default
array_index_mask_nospec() implementation.
The default implementation may not provide a full mitigation
on architectures that perform data value speculation.
Reported-by: Christian Borntraeger <borntrae...@de.ibm.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Arjan van de Ven <ar...@linux.intel.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Dave Hansen <dave.han...@linux.intel.com>
Cc: David Woodhouse <dw...@infradead.org>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Josh Poimboeuf <jpoim...@redhat.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Will Deacon <will.dea...@arm.com>
Cc: linux-a...@vger.kernel.org
Link:
http://lkml.kernel.org/r/151881605404.17395.1341935530792574707.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 58bfafe0fd61f23334a00159867661c3e3d35bc9
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Fri Feb 16 13:20:42 2018 -0800
nospec: Kill array_index_nospec_mask_check()
commit 1d91c1d2c80cb70e2e553845e278b87a960c04da upstream.
There are multiple problems with the dynamic sanity checking in
array_index_nospec_mask_check():
* It causes unnecessary overhead in the 32-bit case since integer sized
@index values will no longer cause the check to be compiled away like
in the 64-bit case.
* In the 32-bit case it may trigger with user controllable input when
the expectation is that should only trigger during development of new
kernel enabling.
* The macro reuses the input parameter in multiple locations which is
broken if someone passes an expression like 'index++' to
array_index_nospec().
Reported-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Arjan van de Ven <ar...@linux.intel.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Dave Hansen <dave.han...@linux.intel.com>
Cc: David Woodhouse <dw...@infradead.org>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Josh Poimboeuf <jpoim...@redhat.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Will Deacon <will.dea...@arm.com>
Cc: linux-a...@vger.kernel.org
Link:
http://lkml.kernel.org/r/151881604278.17395.6605847763178076520.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit bac58dda1aef970651788b3eb6fcc67561314a1f
Author: Will Deacon <will.dea...@arm.com>
Date: Mon Feb 5 14:16:06 2018 +0000
nospec: Move array_index_nospec() parameter checking into separate macro
commit 8fa80c503b484ddc1abbd10c7cb2ab81f3824a50 upstream.
For architectures providing their own implementation of
array_index_mask_nospec() in asm/barrier.h, attempting to use WARN_ONCE() to
complain about out-of-range parameters using WARN_ON() results in a mess
of mutually-dependent include files.
Rather than unpick the dependencies, simply have the core code in nospec.h
perform the checking for us.
Signed-off-by: Will Deacon <will.dea...@arm.com>
Acked-by: Thomas Gleixner <t...@linutronix.de>
Cc: Dan Williams <dan.j.willi...@intel.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Link:
http://lkml.kernel.org/r/1517840166-15399-1-git-send-email-will.dea...@arm.com
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit bea12e2cac58e4cf5b72d5e435db3a96ba044001
Author: Dan Carpenter <dan.carpen...@oracle.com>
Date: Wed Feb 14 10:14:17 2018 +0300
x86/spectre: Fix an error message
commit 9de29eac8d2189424d81c0d840cd0469aa3d41c8 upstream.
If i == ARRAY_SIZE(mitigation_options) then we accidentally print
garbage from one space beyond the end of the mitigation_options[] array.
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Borislav Petkov <b...@suse.de>
Cc: David Woodhouse <d...@amazon.co.uk>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: KarimAllah Ahmed <karah...@amazon.de>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: kernel-janit...@vger.kernel.org
Fixes: 9005c6834c0f ("x86/spectre: Simplify spectre_v2 command line
parsing")
Link: http://lkml.kernel.org/r/20180214071416.GA26677@mwanda
Signed-off-by: Ingo Molnar <mi...@kernel.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 95e1ed3de28edff972f87098d3dfc31779bb8d7c
Author: David Woodhouse <d...@amazon.co.uk>
Date: Sat Jan 27 16:24:32 2018 +0000
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
commit 2961298efe1ea1b6fc0d7ee8b76018fa6c0bcef2 upstream.
We want to expose the hardware features simply in /proc/cpuinfo as "ibrs",
"ibpb" and "stibp". Since AMD has separate CPUID bits for those, use them
as the user-visible bits.
When the Intel SPEC_CTRL bit is set which indicates both IBRS and IBPB
capability, set those (AMD) bits accordingly. Likewise if the Intel STIBP
bit is set, set the AMD STIBP that's used for the generic hardware
capability.
Hide the rest from /proc/cpuinfo by putting "" in the comments. Including
RETPOLINE and RETPOLINE_AMD which shouldn't be visible there. There are
patches to make the sysfs vulnerabilities information non-readable by
non-root, and the same should apply to all information about which
mitigations are actually in use. Those *shouldn't* appear in /proc/cpuinfo.
The feature bit for whether IBPB is actually used, which is needed for
ALTERNATIVEs, is renamed to X86_FEATURE_USE_IBPB.
Originally-by: Borislav Petkov <b...@suse.de>
Signed-off-by: David Woodhouse <d...@amazon.co.uk>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: a...@linux.intel.com
Cc: dave.han...@intel.com
Cc: karah...@amazon.de
Cc: ar...@linux.intel.com
Cc: torva...@linux-foundation.org
Cc: pet...@infradead.org
Cc: b...@alien8.de
Cc: pbonz...@redhat.com
Cc: tim.c.c...@linux.intel.com
Cc: gre...@linux-foundation.org
Link:
https://lkml.kernel.org/r/1517070274-12128-2-git-send-email-d...@amazon.co.uk
[bwh: For 3.16, just apply the part that hides fake CPU feature bits]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit bb4875a7f2f2c9339d4041b5662bc029d7c42f28
Author: Darren Kenny <darren.ke...@oracle.com>
Date: Fri Feb 2 19:12:20 2018 +0000
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
commit af189c95a371b59f493dbe0f50c0a09724868881 upstream.
Fixes: 117cc7a908c83 ("x86/retpoline: Fill return stack buffer on vmexit")
Signed-off-by: Darren Kenny <darren.ke...@oracle.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Andi Kleen <a...@linux.intel.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Masami Hiramatsu <mhira...@kernel.org>
Cc: Arjan van de Ven <ar...@linux.intel.com>
Cc: David Woodhouse <d...@amazon.co.uk>
Link:
https://lkml.kernel.org/r/20180202191220.blvgkgutojecx...@starbug-vm.ie.oracle.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 876b732e36a6d19faceeab476937d22615e3d677
Author: KarimAllah Ahmed <karah...@amazon.de>
Date: Thu Feb 1 11:27:21 2018 +0000
x86/spectre: Simplify spectre_v2 command line parsing
commit 9005c6834c0ffdfe46afa76656bd9276cca864f6 upstream.
[dwmw2: Use ARRAY_SIZE]
Signed-off-by: KarimAllah Ahmed <karah...@amazon.de>
Signed-off-by: David Woodhouse <d...@amazon.co.uk>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: pet...@infradead.org
Cc: b...@alien8.de
Link:
https://lkml.kernel.org/r/1517484441-1420-3-git-send-email-d...@amazon.co.uk
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit f63a8c783f0de68418551ab850f65c1eb54b9b03
Author: David Woodhouse <d...@amazon.co.uk>
Date: Thu Feb 1 11:27:20 2018 +0000
x86/retpoline: Avoid retpolines for built-in __init functions
commit 66f793099a636862a71c59d4a6ba91387b155e0c upstream.
There's no point in building init code with retpolines, since it runs before
any potentially hostile userspace does. And before the retpoline is actually
ALTERNATIVEd into place, for much of it.
Signed-off-by: David Woodhouse <d...@amazon.co.uk>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: karah...@amazon.de
Cc: pet...@infradead.org
Cc: b...@alien8.de
Link:
https://lkml.kernel.org/r/1517484441-1420-2-git-send-email-d...@amazon.co.uk
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit c2453bdbedac62eaf0a94dc007b778e79c6878e7
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Wed Jan 31 17:47:03 2018 -0800
x86/kvm: Update spectre-v1 mitigation
commit 085331dfc6bbe3501fb936e657331ca943827600 upstream.
Commit 75f139aaf896 "KVM: x86: Add memory barrier on vmcs field lookup"
added a raw 'asm("lfence");' to prevent a bounds check bypass of
'vmcs_field_to_offset_table'.
The lfence can be avoided in this path by using the array_index_nospec()
helper designed for these types of fixes.
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Cc: Andrew Honig <aho...@google.com>
Cc: k...@vger.kernel.org
Cc: Jim Mattson <jmatt...@google.com>
Link:
https://lkml.kernel.org/r/151744959670.6342.3001723920950249067.st...@dwillia2-desk3.amr.corp.intel.com
[bwh: Backported to 3.16:
- Replace max_vmcs_field with the local size variable
- Adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit cb4ea8a760444750f9db5e87159d44da9dc786a3
Author: Josh Poimboeuf <jpoim...@redhat.com>
Date: Tue Jan 30 22:13:33 2018 -0600
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
commit 12c69f1e94c89d40696e83804dd2f0965b5250cd upstream.
The 'noreplace-paravirt' option disables paravirt patching, leaving the
original pv indirect calls in place.
That's highly incompatible with retpolines, unless we want to uglify
paravirt even further and convert the paravirt calls to retpolines.
As far as I can tell, the option doesn't seem to be useful for much
other than introducing surprising corner cases and making the kernel
vulnerable to Spectre v2. It was probably a debug option from the early
paravirt days. So just remove it.
Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Reviewed-by: Juergen Gross <jgr...@suse.com>
Cc: Andrea Arcangeli <aarca...@redhat.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Andi Kleen <a...@linux.intel.com>
Cc: Ashok Raj <ashok....@intel.com>
Cc: Greg KH <gre...@linuxfoundation.org>
Cc: Jun Nakajima <jun.nakaj...@intel.com>
Cc: Tim Chen <tim.c.c...@linux.intel.com>
Cc: Rusty Russell <ru...@rustcorp.com.au>
Cc: Dave Hansen <dave.han...@intel.com>
Cc: Asit Mallick <asit.k.mall...@intel.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Jason Baron <jba...@akamai.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Alok Kataria <akata...@vmware.com>
Cc: Arjan Van De Ven <arjan.van.de....@intel.com>
Cc: David Woodhouse <dw...@infradead.org>
Cc: Dan Williams <dan.j.willi...@intel.com>
Link: https://lkml.kernel.org/r/20180131041333.2x6blhxirc2kclrq@treble
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit ead76f4b6ca1e46ae7c8bed05a5b114d05b84de7
Author: Colin Ian King <colin.k...@canonical.com>
Date: Tue Jan 30 19:32:18 2018 +0000
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
commit e698dcdfcda41efd0984de539767b4cddd235f1e upstream.
Trivial fix to spelling mistake in pr_err error message text.
Signed-off-by: Colin Ian King <colin.k...@canonical.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: Andi Kleen <a...@linux.intel.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: kernel-janit...@vger.kernel.org
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Borislav Petkov <b...@suse.de>
Cc: David Woodhouse <d...@amazon.co.uk>
Link:
https://lkml.kernel.org/r/20180130193218.9271-1-colin.k...@canonical.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit f5e5a9d5013ba3902045cad1e0809b535fa49ffd
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:03:21 2018 -0800
x86/spectre: Report get_user mitigation for spectre_v1
commit edfbae53dab8348fca778531be9f4855d2ca0360 upstream.
Reflect the presence of get_user(), __get_user(), and 'syscall' protections
in sysfs. The expectation is that new and better tooling will allow the
kernel to grow more usages of array_index_nospec(), for now, only claim
mitigation for __user pointer de-references.
Reported-by: Jiri Slaby <jsl...@suse.cz>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: torva...@linux-foundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727420158.33451.11658324346540434635.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit c270bd1cc653058717b1234d65f9d262315ea2ed
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:03:15 2018 -0800
nl80211: Sanitize array index in parse_txq_params
commit 259d8c1e984318497c84eef547bbb6b1d9f4eb05 upstream.
Wireless drivers rely on parse_txq_params to validate that txq_params->ac
is less than NL80211_NUM_ACS by the time the low-level driver's ->conf_tx()
handler is called. Use a new helper, array_index_nospec(), to sanitize
txq_params->ac with respect to speculation. I.e. ensure that any
speculation into ->conf_tx() handlers is done with a value of
txq_params->ac that is within the bounds of [0, NL80211_NUM_ACS).
Reported-by: Christian Lamparter <chunk...@gmail.com>
Reported-by: Elena Reshetova <elena.reshet...@intel.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Acked-by: Johannes Berg <johan...@sipsolutions.net>
Cc: linux-a...@vger.kernel.org
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: linux-wirel...@vger.kernel.org
Cc: torva...@linux-foundation.org
Cc: "David S. Miller" <da...@davemloft.net>
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727419584.33451.7700736761686184303.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 3feddbaccb94069b3b7bbeb3476e76e7907f2c9e
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:03:05 2018 -0800
vfs, fdtable: Prevent bounds-check bypass via speculative execution
commit 56c30ba7b348b90484969054d561f711ba196507 upstream.
'fd' is a user controlled value that is used as a data dependency to
read from the 'fdt->fd' array. In order to avoid potential leaks of
kernel memory values, block speculative execution of the instruction
stream that could issue reads based on an invalid 'file *' returned from
__fcheck_files.
Co-developed-by: Elena Reshetova <elena.reshet...@intel.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: torva...@linux-foundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727418500.33451.17392199002892248656.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 8c34712ac217fff16d0d225bd48d68af40c33038
Author: Ben Hutchings <b...@decadent.org.uk>
Date: Fri Mar 9 00:11:14 2018 +0000
x86/syscall: Sanitize syscall table de-references under speculation
commit 2fbd7af5af8665d18bcefae3e9700be07e22b681 upstream.
The upstream version of this, touching C code, was written by Dan Williams,
with the following description:
> The syscall table base is a user controlled function pointer in kernel
> space. Use array_index_nospec() to prevent any out of bounds speculation.
>
> While retpoline prevents speculating into a userspace directed target it
> does not stop the pointer de-reference, the concern is leaking memory
> relative to the syscall table base, by observing instruction cache
> behavior.
The x86_64 assembly version for 4.4 was written by Jiri Slaby, with
the following description:
> In 4.4.118, we have commit c8961332d6da (x86/syscall: Sanitize syscall
> table de-references under speculation), which is a backport of upstream
> commit 2fbd7af5af86. But it fixed only the C part of the upstream patch
> -- the IA32 sysentry. So it ommitted completely the assembly part -- the
> 64bit sysentry.
>
> Fix that in this patch by explicit array_index_mask_nospec written in
> assembly. The same was used in lib/getuser.S.
>
> However, to have "sbb" working properly, we have to switch from "cmp"
> against (NR_syscalls-1) to (NR_syscalls), otherwise the last syscall
> number would be "and"ed by 0. It is because the original "ja" relies on
> "CF" or "ZF", but we rely only on "CF" in "sbb". That means: switch to
> "jae" conditional jump too.
>
> Final note: use rcx for mask as this is exactly what is overwritten by
> the 4th syscall argument (r10) right after.
In 3.16 the x86_32 syscall table lookup is also written in assembly.
So I've taken Jiri's version and added similar masking in entry_32.S,
using edx as the temporary. edx is clobbered by SAVE_REGS and seems
to be free at this point.
The ia32 compat syscall table lookup on x86_64 is also written in
assembly, so I've added the same masking in ia32entry.S, using r8 as
the temporary since it is always clobbered by the following
instructions.
Cc: Dan Williams <dan.j.willi...@intel.com>
Cc: Jiri Slaby <jsl...@suse.cz>
Cc: Jan Beulich <jbeul...@suse.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Andy Lutomirski <l...@kernel.org>
Cc: a...@linux.intel.com
Cc: Jinpu Wang <jinpu.w...@profitbricks.com>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 49731da00f0f2160cdcaeaf2daa711f6b7061663
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:54 2018 -0800
x86/get_user: Use pointer masking to limit speculation
commit c7f631cb07e7da06ac1d231ca178452339e32a94 upstream.
Quoting Linus:
I do think that it would be a good idea to very expressly document
the fact that it's not that the user access itself is unsafe. I do
agree that things like "get_user()" want to be protected, but not
because of any direct bugs or problems with get_user() and friends,
but simply because get_user() is an excellent source of a pointer
that is obviously controlled from a potentially attacking user
space. So it's a prime candidate for then finding _subsequent_
accesses that can then be used to perturb the cache.
Unlike the __get_user() case get_user() includes the address limit check
near the pointer de-reference. With that locality the speculation can be
mitigated with pointer narrowing rather than a barrier, i.e.
array_index_nospec(). Where the narrowing is performed by:
cmp %limit, %ptr
sbb %mask, %mask
and %mask, %ptr
With respect to speculation the value of %ptr is either less than %limit
or NULL.
Co-developed-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: Kees Cook <keesc...@chromium.org>
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: torva...@linux-foundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727417469.33451.11804043010080838495.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit aaafddb9c55db1b3f015062f73bbe2c76c528cc2
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:33 2018 -0800
x86: Introduce barrier_nospec
commit b3d7ad85b80bbc404635dca80f5b129f6242bc7a upstream.
Rename the open coded form of this instruction sequence from
rdtsc_ordered() into a generic barrier primitive, barrier_nospec().
One of the mitigations for Spectre variant1 vulnerabilities is to fence
speculative execution after successfully validating a bounds check. I.e.
force the result of a bounds check to resolve in the instruction pipeline
to ensure speculative execution honors that result before potentially
operating on out-of-bounds data.
No functional changes.
Suggested-by: Linus Torvalds <torva...@linux-foundation.org>
Suggested-by: Andi Kleen <a...@linux.intel.com>
Suggested-by: Ingo Molnar <mi...@redhat.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727415361.33451.9049453007262764675.st...@dwillia2-desk3.amr.corp.intel.com
[bwh: Backported to 3.16: update rdtsc_barrier() instead of rdtsc_ordered()]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 6e8bca7c8e4ed97ce71aa50113ab90525c21fbac
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:28 2018 -0800
x86: Implement array_index_mask_nospec
commit babdde2698d482b6c0de1eab4f697cf5856c5859 upstream.
array_index_nospec() uses a mask to sanitize user controllable array
indexes, i.e. generate a 0 mask if 'index' >= 'size', and a ~0 mask
otherwise. While the default array_index_mask_nospec() handles the
carry-bit from the (index - size) result in software.
The x86 array_index_mask_nospec() does the same, but the carry-bit is
handled in the processor CF flag without conditional instructions in the
control flow.
Suggested-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: kernel-harden...@lists.openwall.com
Cc: gre...@linuxfoundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727414808.33451.1873237130672785331.st...@dwillia2-desk3.amr.corp.intel.com
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 0510dfd3cc0f01fbea0857736afc2e06c8c59014
Author: Dan Williams <dan.j.willi...@intel.com>
Date: Mon Jan 29 17:02:22 2018 -0800
array_index_nospec: Sanitize speculative array de-references
commit f3804203306e098dae9ca51540fcd5eb700d7f40 upstream.
array_index_nospec() is proposed as a generic mechanism to mitigate
against Spectre-variant-1 attacks, i.e. an attack that bypasses boundary
checks via speculative execution. The array_index_nospec()
implementation is expected to be safe for current generation CPUs across
multiple architectures (ARM, x86).
Based on an original implementation by Linus Torvalds, tweaked to remove
speculative flows by Alexei Starovoitov, and tweaked again by Linus to
introduce an x86 assembly implementation for the mask generation.
Co-developed-by: Linus Torvalds <torva...@linux-foundation.org>
Co-developed-by: Alexei Starovoitov <a...@kernel.org>
Suggested-by: Cyril Novikov <cnovi...@lynx.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: linux-a...@vger.kernel.org
Cc: kernel-harden...@lists.openwall.com
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Catalin Marinas <catalin.mari...@arm.com>
Cc: Will Deacon <will.dea...@arm.com>
Cc: Russell King <li...@armlinux.org.uk>
Cc: gre...@linuxfoundation.org
Cc: torva...@linux-foundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727414229.33451.18411580953862676575.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit daa41d548d5b088304957529529307105017f8f2
Author: Mark Rutland <mark.rutl...@arm.com>
Date: Mon Jan 29 17:02:16 2018 -0800
Documentation: Document array_index_nospec
commit f84a56f73dddaeac1dba8045b007f742f61cd2da upstream.
Document the rationale and usage of the new array_index_nospec() helper.
Signed-off-by: Mark Rutland <mark.rutl...@arm.com>
Signed-off-by: Will Deacon <will.dea...@arm.com>
Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Reviewed-by: Kees Cook <keesc...@chromium.org>
Cc: linux-a...@vger.kernel.org
Cc: Jonathan Corbet <cor...@lwn.net>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: gre...@linuxfoundation.org
Cc: kernel-harden...@lists.openwall.com
Cc: torva...@linux-foundation.org
Cc: a...@linux.intel.com
Link:
https://lkml.kernel.org/r/151727413645.33451.15878817161436755393.st...@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 7163500dfe60dbe67275021f276a4b584737387c
Author: Dou Liyang <douly.f...@cn.fujitsu.com>
Date: Tue Jan 30 14:13:50 2018 +0800
x86/spectre: Check CONFIG_RETPOLINE in command line parser
commit 9471eee9186a46893726e22ebb54cade3f9bc043 upstream.
The spectre_v2 option 'auto' does not check whether CONFIG_RETPOLINE is
enabled. As a consequence it fails to emit the appropriate warning and sets
feature flags which have no effect at all.
Add the missing IS_ENABLED() check.
Fixes: da285121560e ("x86/spectre: Add boot time option to select Spectre
v2 mitigation")
Signed-off-by: Dou Liyang <douly.f...@cn.fujitsu.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: a...@linux.intel.com
Cc: pet...@infradead.org
Cc: Tomohiro" <misono.tomoh...@jp.fujitsu.com>
Cc: dave.han...@intel.com
Cc: b...@alien8.de
Cc: ar...@linux.intel.com
Cc: d...@amazon.co.uk
Link:
https://lkml.kernel.org/r/f5892721-7528-3647-08fb-f8d10e65a...@cn.fujitsu.com
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit b6912947161a3766d1542a4cc4d1e1ac105e09cc
Author: Thomas Gleixner <t...@linutronix.de>
Date: Sat Jan 27 15:45:14 2018 +0100
x86/cpu/bugs: Make retpoline module warning conditional
commit e383095c7fe8d218e00ec0f83e4b95ed4e627b02 upstream.
If sysfs is disabled and RETPOLINE not defined:
arch/x86/kernel/cpu/bugs.c:97:13: warning: âspectre_v2_bad_moduleâ
defined but not used
[-Wunused-variable]
static bool spectre_v2_bad_module;
Hide it.
Fixes: caf7501a1b4e ("module/retpoline: Warn about missing retpoline in
module")
Reported-by: Borislav Petkov <b...@alien8.de>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: Andi Kleen <a...@linux.intel.com>
Cc: David Woodhouse <dw...@infradead.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 676520e3ec3a190e5b78c643e740922ab65c4fd7
Author: Borislav Petkov <b...@suse.de>
Date: Fri Jan 26 13:11:39 2018 +0100
x86/bugs: Drop one "mitigation" from dmesg
commit 55fa19d3e51f33d9cd4056d25836d93abf9438db upstream.
Make
[ 0.031118] Spectre V2 mitigation: Mitigation: Full generic retpoline
into
[ 0.031118] Spectre V2: Mitigation: Full generic retpoline
to reduce the mitigation mitigations strings.
Signed-off-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Reviewed-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: r...@redhat.com
Cc: a...@linux.intel.com
Cc: pet...@infradead.org
Cc: David Woodhouse <dw...@infradead.org>
Cc: ji...@kernel.org
Cc: l...@amacapital.net
Cc: dave.han...@intel.com
Cc: torva...@linux-foundation.org
Cc: keesc...@google.com
Cc: Josh Poimboeuf <jpoim...@redhat.com>
Cc: tim.c.c...@linux.intel.com
Cc: p...@google.com
Link: https://lkml.kernel.org/r/20180126121139.31959-5...@alien8.de
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 416020e03245a1a60d5de2277149571e8c3d25c4
Author: Borislav Petkov <b...@suse.de>
Date: Fri Jan 26 13:11:37 2018 +0100
x86/nospec: Fix header guards names
commit 7a32fc51ca938e67974cbb9db31e1a43f98345a9 upstream.
... to adhere to the _ASM_X86_ naming scheme.
No functional change.
Signed-off-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc: r...@redhat.com
Cc: a...@linux.intel.com
Cc: pet...@infradead.org
Cc: David Woodhouse <dw...@infradead.org>
Cc: ji...@kernel.org
Cc: l...@amacapital.net
Cc: dave.han...@intel.com
Cc: torva...@linux-foundation.org
Cc: keesc...@google.com
Cc: Josh Poimboeuf <jpoim...@redhat.com>
Cc: tim.c.c...@linux.intel.com
Cc: gre...@linux-foundation.org
Cc: p...@google.com
Link: https://lkml.kernel.org/r/20180126121139.31959-3...@alien8.de
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
commit 5ebf8d581c41a7ffc13225b6dbfdd89245f565b4
Author: Andi Kleen <a...@linux.intel.com>
Date: Thu Jan 25 15:50:28 2018 -0800
module/retpoline: Warn about missing retpoline in module
commit caf7501a1b4ec964190f31f9c3f163de252273b8 upstream.
There's a risk that a kernel which has full retpoline mitigations becomes
vulnerable when a module gets loaded that hasn't been compiled with the
right compiler or the right option.
To enable detection of that mismatch at module load time, add a module info
string "retpoline" at build time when the module was compiled with
retpoline support. This only covers compiled C source, but assembler source
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu
b/Documentation/ABI/testing/sysfs-devices-system-cpu
index acb9bfc..49216c9 100644
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
@@ -224,3 +224,19 @@ Description: Parameters for the Intel P-state driver
frequency range.
More details can be found in
Documentation/cpu-freq/intel-pstate.txt
+
+What: /sys/devices/system/cpu/vulnerabilities
+ /sys/devices/system/cpu/vulnerabilities/meltdown
+ /sys/devices/system/cpu/vulnerabilities/spectre_v1
+ /sys/devices/system/cpu/vulnerabilities/spectre_v2
+Date: January 2018
+Contact: Linux kernel mailing list <linux-ker...@vger.kernel.org>
+Description: Information about CPU vulnerabilities
+
+ The files are named after the code names of CPU
+ vulnerabilities. The output of those files reflects the
+ state of the CPUs in the system. Possible output values:
+
+ "Not affected" CPU is not affected by the vulnerability
+ "Vulnerable" CPU is affected and no mitigation in effect
+ "Mitigation: $M" CPU is affected and mitigation $M is in effect
diff --git a/Documentation/DMA-API.txt b/Documentation/DMA-API.txt
index 5208840..8a320ab 100644
--- a/Documentation/DMA-API.txt
+++ b/Documentation/DMA-API.txt
@@ -691,7 +691,7 @@ of preallocated entries is defined per architecture. If it
is too low for you
boot with 'dma_debug_entries=<your_desired_number>' to overwrite the
architectural default.
-void debug_dmap_mapping_error(struct device *dev, dma_addr_t dma_addr);
+void debug_dma_mapping_error(struct device *dev, dma_addr_t dma_addr);
dma-debug interface debug_dma_mapping_error() to debug drivers that fail
to check DMA mapping errors on addresses returned by dma_map_single() and
diff --git a/Documentation/DocBook/media/v4l/dev-subdev.xml
b/Documentation/DocBook/media/v4l/dev-subdev.xml
index d15aaf8..cc4129d 100644
--- a/Documentation/DocBook/media/v4l/dev-subdev.xml
+++ b/Documentation/DocBook/media/v4l/dev-subdev.xml
@@ -369,7 +369,7 @@
underlying hardware.</para>
<para>The coordinates to a step always refer to the actual size
- of the previous step. The exception to this rule is the source
+ of the previous step. The exception to this rule is the sink
compose rectangle, which refers to the sink compose bounds
rectangle --- if it is supported by the hardware.</para>
diff --git a/Documentation/cgroups/cpusets.txt
b/Documentation/cgroups/cpusets.txt
index 7740038..3c94ff3 100644
--- a/Documentation/cgroups/cpusets.txt
+++ b/Documentation/cgroups/cpusets.txt
@@ -345,14 +345,14 @@ the named feature on.
The implementation is simple.
Setting the flag 'cpuset.memory_spread_page' turns on a per-process flag
-PF_SPREAD_PAGE for each task that is in that cpuset or subsequently
+PFA_SPREAD_PAGE for each task that is in that cpuset or subsequently
joins that cpuset. The page allocation calls for the page cache
-is modified to perform an inline check for this PF_SPREAD_PAGE task
+is modified to perform an inline check for this PFA_SPREAD_PAGE task
flag, and if set, a call to a new routine cpuset_mem_spread_node()
returns the node to prefer for the allocation.
Similarly, setting 'cpuset.memory_spread_slab' turns on the flag
-PF_SPREAD_SLAB, and appropriately marked slab caches will allocate
+PFA_SPREAD_SLAB, and appropriately marked slab caches will allocate
pages from the node returned by cpuset_mem_spread_node().
The cpuset_mem_spread_node() routine is also simple. It uses the
diff --git a/Documentation/devicetree/bindings/clock/imx31-clock.txt
b/Documentation/devicetree/bindings/clock/imx31-clock.txt
index 19df842..8163d56 100644
--- a/Documentation/devicetree/bindings/clock/imx31-clock.txt
+++ b/Documentation/devicetree/bindings/clock/imx31-clock.txt
@@ -77,7 +77,7 @@ Examples:
clks: ccm@53f80000{
compatible = "fsl,imx31-ccm";
reg = <0x53f80000 0x4000>;
- interrupts = <0 31 0x04 0 53 0x04>;
+ interrupts = <31>, <53>;
#clock-cells = <1>;
};
diff --git a/Documentation/devicetree/bindings/sound/cs42l56.txt
b/Documentation/devicetree/bindings/sound/cs42l56.txt
index 4feb0eb..4ba520a 100644
--- a/Documentation/devicetree/bindings/sound/cs42l56.txt
+++ b/Documentation/devicetree/bindings/sound/cs42l56.txt
@@ -55,7 +55,7 @@ Example:
codec: codec@4b {
compatible = "cirrus,cs42l56";
reg = <0x4b>;
- gpio-reset = <&gpio 10 0>;
+ cirrus,gpio-nreset = <&gpio 10 0>;
cirrus,chgfreq-divisor = <0x05>;
cirrus.ain1_ref_cfg;
cirrus,micbias-lvl = <5>;
diff --git a/Documentation/i2c/muxes/i2c-mux-gpio
b/Documentation/i2c/muxes/i2c-mux-gpio
index d4d91a5..7a8d7d2 100644
--- a/Documentation/i2c/muxes/i2c-mux-gpio
+++ b/Documentation/i2c/muxes/i2c-mux-gpio
@@ -1,11 +1,11 @@
-Kernel driver i2c-gpio-mux
+Kernel driver i2c-mux-gpio
Author: Peter Korsgaard <peter.korsga...@barco.com>
Description
-----------
-i2c-gpio-mux is an i2c mux driver providing access to I2C bus segments
+i2c-mux-gpio is an i2c mux driver providing access to I2C bus segments
from a master I2C bus and a hardware MUX controlled through GPIO pins.
E.G.:
@@ -26,16 +26,16 @@ according to the settings of the GPIO pins 1..N.
Usage
-----
-i2c-gpio-mux uses the platform bus, so you need to provide a struct
+i2c-mux-gpio uses the platform bus, so you need to provide a struct
platform_device with the platform_data pointing to a struct
-gpio_i2cmux_platform_data with the I2C adapter number of the master
+i2c_mux_gpio_platform_data with the I2C adapter number of the master
bus, the number of bus segments to create and the GPIO pins used
-to control it. See include/linux/i2c-gpio-mux.h for details.
+to control it. See include/linux/i2c-mux-gpio.h for details.
E.G. something like this for a MUX providing 4 bus segments
controlled through 3 GPIO pins:
-#include <linux/i2c-gpio-mux.h>
+#include <linux/i2c-mux-gpio.h>
#include <linux/platform_device.h>
static const unsigned myboard_gpiomux_gpios[] = {
@@ -46,7 +46,7 @@ static const unsigned myboard_gpiomux_values[] = {
0, 1, 2, 3
};
-static struct gpio_i2cmux_platform_data myboard_i2cmux_data = {
+static struct i2c_mux_gpio_platform_data myboard_i2cmux_data = {
.parent = 1,
.base_nr = 2, /* optional */
.values = myboard_gpiomux_values,
@@ -57,7 +57,7 @@ static struct gpio_i2cmux_platform_data myboard_i2cmux_data =
{
};
static struct platform_device myboard_i2cmux = {
- .name = "i2c-gpio-mux",
+ .name = "i2c-mux-gpio",
.id = 0,
.dev = {
.platform_data = &myboard_i2cmux_data,
@@ -66,14 +66,14 @@ static struct platform_device myboard_i2cmux = {
If you don't know the absolute GPIO pin numbers at registration time,
you can instead provide a chip name (.chip_name) and relative GPIO pin
-numbers, and the i2c-gpio-mux driver will do the work for you,
+numbers, and the i2c-mux-gpio driver will do the work for you,
including deferred probing if the GPIO chip isn't immediately
available.
Device Registration
-------------------
-When registering your i2c-gpio-mux device, you should pass the number
+When registering your i2c-mux-gpio device, you should pass the number
of any GPIO pin it uses as the device ID. This guarantees that every
instance has a different ID.
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel-parameters.txt
index 590bf00..9d10847 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1115,6 +1115,10 @@ bytes respectively. Such letter suffixes can also be
entirely omitted.
When zero, profiling data is discarded and associated
debugfs files are removed at module unload time.
+ goldfish [X86] Enable the goldfish android emulator platform.
+ Don't use this when you are not running on the
+ android emulator
+
gpt [EFI] Forces disk with valid GPT signature but
invalid Protective MBR to be treated as GPT. If the
primary GPT is corrupted, it enables the
backup/alternate
@@ -2163,6 +2167,11 @@ bytes respectively. Such letter suffixes can also be
entirely omitted.
register save and restore. The kernel will only save
legacy floating-point registers on task switch.
+ nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2
+ (indirect branch prediction) vulnerability. System may
+ allow data leaks with this option, which is equivalent
+ to spectre_v2=off.
+
noxsave [BUGS=X86] Disables x86 extended register state save
and restore using xsave. The kernel will fallback to
enabling legacy floating-point and sse state.
@@ -2221,6 +2230,8 @@ bytes respectively. Such letter suffixes can also be
entirely omitted.
nointroute [IA-64]
+ noinvpcid [X86] Disable the INVPCID cpu feature.
+
nojitter [IA-64] Disables jitter checking for ITC timers.
no-kvmclock [X86,KVM] Disable paravirtualized KVM clock driver
@@ -2255,11 +2266,11 @@ bytes respectively. Such letter suffixes can also be
entirely omitted.
nopat [X86] Disable PAT (page attribute table extension of
pagetables) support.
+ nopcid [X86-64] Disable the PCID cpu feature.
+
norandmaps Don't use address space randomization. Equivalent to
echo 0 > /proc/sys/kernel/randomize_va_space
- noreplace-paravirt [X86,IA-64,PV_OPS] Don't patch paravirt_ops
-
noreplace-smp [X86-32,SMP] Don't replace SMP instructions
with UP alternatives
@@ -2742,6 +2753,21 @@ bytes respectively. Such letter suffixes can also be
entirely omitted.
pt. [PARIDE]
See Documentation/blockdev/paride.txt.
+ pti= [X86_64] Control Page Table Isolation of user and
+ kernel address spaces. Disabling this feature
+ removes hardening, but improves performance of
+ system calls and interrupts.
+
+ on - unconditionally enable
+ off - unconditionally disable
+ auto - kernel detects whether your CPU model is
+ vulnerable to issues that PTI mitigates
+
+ Not specifying this option is equivalent to pti=auto.
+
+ nopti [X86_64]
+ Equivalent to pti=off
+
pty.legacy_count=
[KNL] Number of legacy pty's. Overwrites compiled-in
default number.
@@ -3145,11 +3171,41 @@ bytes respectively. Such letter suffixes can also be
entirely omitted.
sonypi.*= [HW] Sony Programmable I/O Control Device driver
See Documentation/laptops/sonypi.txt
+ spectre_v2= [X86] Control mitigation of Spectre variant 2
+ (indirect branch speculation) vulnerability.
+
+ on - unconditionally enable
+ off - unconditionally disable
+ auto - kernel detects whether your CPU model is
+ vulnerable
+
+ Selecting 'on' will, and 'auto' may, choose a
+ mitigation method at run time according to the
+ CPU, the available microcode, the setting of the
+ CONFIG_RETPOLINE configuration option, and the
+ compiler with which the kernel was built.
+
+ Specific mitigations can also be selected manually:
+
+ retpoline - replace indirect branches
+ retpoline,generic - google's original retpoline
+ retpoline,amd - AMD-specific minimal thunk
+
+ Not specifying this option is equivalent to
+ spectre_v2=auto.
+
spia_io_base= [HW,MTD]
spia_fio_base=
spia_pedr=
spia_peddr=
+ stack_guard_gap= [MM]
+ override the default stack gap protection. The value
+ is in page units and it defines how many pages prior
+ to (for stacks growing down) resp. after (for stacks
+ growing up) the main stack are reserved for no other
+ mapping. Default value is 256 pages.
+
stacktrace [FTRACE]
Enabled the stack tracer on boot up.
diff --git a/Documentation/networking/netlink_mmap.txt
b/Documentation/networking/netlink_mmap.txt
deleted file mode 100644
index c6af4ba..0000000
--- a/Documentation/networking/netlink_mmap.txt
+++ /dev/null
@@ -1,339 +0,0 @@
-This file documents how to use memory mapped I/O with netlink.
-
-Author: Patrick McHardy <ka...@trash.net>
-
-Overview
---------
-
-Memory mapped netlink I/O can be used to increase throughput and decrease
-overhead of unicast receive and transmit operations. Some netlink subsystems
-require high throughput, these are mainly the netfilter subsystems
-nfnetlink_queue and nfnetlink_log, but it can also help speed up large
-dump operations of f.i. the routing database.
-
-Memory mapped netlink I/O used two circular ring buffers for RX and TX which
-are mapped into the processes address space.
-
-The RX ring is used by the kernel to directly construct netlink messages into
-user-space memory without copying them as done with regular socket I/O,
-additionally as long as the ring contains messages no recvmsg() or poll()
-syscalls have to be issued by user-space to get more message.
-
-The TX ring is used to process messages directly from user-space memory, the
-kernel processes all messages contained in the ring using a single sendmsg()
-call.
-
-Usage overview
---------------
-
-In order to use memory mapped netlink I/O, user-space needs three main changes:
-
-- ring setup
-- conversion of the RX path to get messages from the ring instead of recvmsg()
-- conversion of the TX path to construct messages into the ring
-
-Ring setup is done using setsockopt() to provide the ring parameters to the
-kernel, then a call to mmap() to map the ring into the processes address space:
-
-- setsockopt(fd, SOL_NETLINK, NETLINK_RX_RING, ¶ms, sizeof(params));
-- setsockopt(fd, SOL_NETLINK, NETLINK_TX_RING, ¶ms, sizeof(params));
-- ring = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)
-
-Usage of either ring is optional, but even if only the RX ring is used the
-mapping still needs to be writable in order to update the frame status after
-processing.
-
-Conversion of the reception path involves calling poll() on the file
-descriptor, once the socket is readable the frames from the ring are
-processed in order until no more messages are available, as indicated by
-a status word in the frame header.
-
-On kernel side, in order to make use of memory mapped I/O on receive, the
-originating netlink subsystem needs to support memory mapped I/O, otherwise
-it will use an allocated socket buffer as usual and the contents will be
- copied to the ring on transmission, nullifying most of the performance gains.
-Dumps of kernel databases automatically support memory mapped I/O.
-
-Conversion of the transmit path involves changing message construction to
-use memory from the TX ring instead of (usually) a buffer declared on the
-stack and setting up the frame header appropriately. Optionally poll() can
-be used to wait for free frames in the TX ring.
-
-Structured and definitions for using memory mapped I/O are contained in
-<linux/netlink.h>.
-
-RX and TX rings
-----------------
-
-Each ring contains a number of continuous memory blocks, containing frames of
-fixed size dependent on the parameters used for ring setup.
-
-Ring: [ block 0 ]
- [ frame 0 ]
- [ frame 1 ]
- [ block 1 ]
- [ frame 2 ]
- [ frame 3 ]
- ...
- [ block n ]
- [ frame 2 * n ]
- [ frame 2 * n + 1 ]
-
-The blocks are only visible to the kernel, from the point of view of user-space
-the ring just contains the frames in a continuous memory zone.
-
-The ring parameters used for setting up the ring are defined as follows:
-
-struct nl_mmap_req {
- unsigned int nm_block_size;
- unsigned int nm_block_nr;
- unsigned int nm_frame_size;
- unsigned int nm_frame_nr;
-};
-
-Frames are grouped into blocks, where each block is a continuous region of
memory
-and holds nm_block_size / nm_frame_size frames. The total number of frames in
-the ring is nm_frame_nr. The following invariants hold:
-
-- frames_per_block = nm_block_size / nm_frame_size
-
-- nm_frame_nr = frames_per_block * nm_block_nr
-
-Some parameters are constrained, specifically:
-
-- nm_block_size must be a multiple of the architectures memory page size.
- The getpagesize() function can be used to get the page size.
-
-- nm_frame_size must be equal or larger to NL_MMAP_HDRLEN, IOW a frame must be
- able to hold at least the frame header
-
-- nm_frame_size must be smaller or equal to nm_block_size
-
-- nm_frame_size must be a multiple of NL_MMAP_MSG_ALIGNMENT
-
-- nm_frame_nr must equal the actual number of frames as specified above.
-
-When the kernel can't allocate physically continuous memory for a ring block,
-it will fall back to use physically discontinuous memory. This might affect
-performance negatively, in order to avoid this the nm_frame_size parameter
-should be chosen to be as small as possible for the required frame size and
-the number of blocks should be increased instead.
-
-Ring frames
-------------
-
-Each frames contain a frame header, consisting of a synchronization word and
some
-meta-data, and the message itself.
-
-Frame: [ header message ]
-
-The frame header is defined as follows:
-
-struct nl_mmap_hdr {
- unsigned int nm_status;
- unsigned int nm_len;
- __u32 nm_group;
- /* credentials */
- __u32 nm_pid;
- __u32 nm_uid;
- __u32 nm_gid;
-};
-
-- nm_status is used for synchronizing processing between the kernel and user-
- space and specifies ownership of the frame as well as the operation to
perform
-
-- nm_len contains the length of the message contained in the data area
-
-- nm_group specified the destination multicast group of message
-
-- nm_pid, nm_uid and nm_gid contain the netlink pid, UID and GID of the sending
- process. These values correspond to the data available using SOCK_PASSCRED in
- the SCM_CREDENTIALS cmsg.
-
-The possible values in the status word are:
-
-- NL_MMAP_STATUS_UNUSED:
- RX ring: frame belongs to the kernel and contains no message
- for user-space. Approriate action is to invoke poll()
- to wait for new messages.
-
- TX ring: frame belongs to user-space and can be used for
- message construction.
-
-- NL_MMAP_STATUS_RESERVED:
- RX ring only: frame is currently used by the kernel for message
- construction and contains no valid message yet.
- Appropriate action is to invoke poll() to wait for
- new messages.
-
-- NL_MMAP_STATUS_VALID:
- RX ring: frame contains a valid message. Approriate action is
- to process the message and release the frame back to
- the kernel by setting the status to
- NL_MMAP_STATUS_UNUSED or queue the frame by setting the
- status to NL_MMAP_STATUS_SKIP.
-
- TX ring: the frame contains a valid message from user-space to
- be processed by the kernel. After completing processing
- the kernel will release the frame back to user-space by
- setting the status to NL_MMAP_STATUS_UNUSED.
-
-- NL_MMAP_STATUS_COPY:
- RX ring only: a message is ready to be processed but could not be
- stored in the ring, either because it exceeded the
- frame size or because the originating subsystem does
- not support memory mapped I/O. Appropriate action is
- to invoke recvmsg() to receive the message and release
- the frame back to the kernel by setting the status to
- NL_MMAP_STATUS_UNUSED.
-
-- NL_MMAP_STATUS_SKIP:
- RX ring only: user-space queued the message for later processing, but
- processed some messages following it in the ring. The
- kernel should skip this frame when looking for unused
- frames.
-
-The data area of a frame begins at a offset of NL_MMAP_HDRLEN relative to the
-frame header.
-
-TX limitations
---------------
-
-Kernel processing usually involves validation of the message received by
-user-space, then processing its contents. The kernel must assure that
-userspace is not able to modify the message contents after they have been
-validated. In order to do so, the message is copied from the ring frame
-to an allocated buffer if either of these conditions is false:
-
-- only a single mapping of the ring exists
-- the file descriptor is not shared between processes
-
-This means that for threaded programs, the kernel will fall back to copying.
-
-Example
--------
-
-Ring setup:
-
- unsigned int block_size = 16 * getpagesize();
- struct nl_mmap_req req = {
- .nm_block_size = block_size,
- .nm_block_nr = 64,
- .nm_frame_size = 16384,
- .nm_frame_nr = 64 * block_size / 16384,
- };
- unsigned int ring_size;
- void *rx_ring, *tx_ring;
-
- /* Configure ring parameters */
- if (setsockopt(fd, SOL_NETLINK, NETLINK_RX_RING, &req, sizeof(req)) < 0)
- exit(1);
- if (setsockopt(fd, SOL_NETLINK, NETLINK_TX_RING, &req, sizeof(req)) < 0)
- exit(1)
-
- /* Calculate size of each individual ring */
- ring_size = req.nm_block_nr * req.nm_block_size;
-
- /* Map RX/TX rings. The TX ring is located after the RX ring */
- rx_ring = mmap(NULL, 2 * ring_size, PROT_READ | PROT_WRITE,
- MAP_SHARED, fd, 0);
- if ((long)rx_ring == -1L)
- exit(1);
- tx_ring = rx_ring + ring_size:
-
-Message reception:
-
-This example assumes some ring parameters of the ring setup are available.
-
- unsigned int frame_offset = 0;
- struct nl_mmap_hdr *hdr;
- struct nlmsghdr *nlh;
- unsigned char buf[16384];
- ssize_t len;
-
- while (1) {
- struct pollfd pfds[1];
-
- pfds[0].fd = fd;
- pfds[0].events = POLLIN | POLLERR;
- pfds[0].revents = 0;
-
- if (poll(pfds, 1, -1) < 0 && errno != -EINTR)
- exit(1);
-
- /* Check for errors. Error handling omitted */
- if (pfds[0].revents & POLLERR)
- <handle error>
-
- /* If no new messages, poll again */
- if (!(pfds[0].revents & POLLIN))
- continue;
-
- /* Process all frames */
- while (1) {
- /* Get next frame header */
- hdr = rx_ring + frame_offset;
-
- if (hdr->nm_status == NL_MMAP_STATUS_VALID) {
- /* Regular memory mapped frame */
- nlh = (void *)hdr + NL_MMAP_HDRLEN;
- len = hdr->nm_len;
-
- /* Release empty message immediately. May happen
- * on error during message construction.
- */
- if (len == 0)
- goto release;
- } else if (hdr->nm_status == NL_MMAP_STATUS_COPY) {
- /* Frame queued to socket receive queue */
- len = recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
- if (len <= 0)
- break;
- nlh = buf;
- } else
- /* No more messages to process, continue
polling */
- break;
-
- process_msg(nlh);
-release:
- /* Release frame back to the kernel */
- hdr->nm_status = NL_MMAP_STATUS_UNUSED;
-
- /* Advance frame offset to next frame */
- frame_offset = (frame_offset + frame_size) % ring_size;
- }
- }
-
-Message transmission:
-
-This example assumes some ring parameters of the ring setup are available.
-A single message is constructed and transmitted, to send multiple messages
-at once they would be constructed in consecutive frames before a final call
-to sendto().
-
- unsigned int frame_offset = 0;
- struct nl_mmap_hdr *hdr;
- struct nlmsghdr *nlh;
- struct sockaddr_nl addr = {
- .nl_family = AF_NETLINK,
- };
-
- hdr = tx_ring + frame_offset;
- if (hdr->nm_status != NL_MMAP_STATUS_UNUSED)
- /* No frame available. Use poll() to avoid. */
- exit(1);
-
- nlh = (void *)hdr + NL_MMAP_HDRLEN;
-
- /* Build message */
- build_message(nlh);
-
- /* Fill frame header: length and status need to be set */
- hdr->nm_len = nlh->nlmsg_len;
- hdr->nm_status = NL_MMAP_STATUS_VALID;
-
- if (sendto(fd, NULL, 0, 0, &addr, sizeof(addr)) < 0)
- exit(1);
-
- /* Advance frame offset to next frame */
- frame_offset = (frame_offset + frame_size) % ring_size;
diff --git a/Documentation/speculation.txt b/Documentation/speculation.txt
new file mode 100644
index 0000000..e9e6cba
--- /dev/null
+++ b/Documentation/speculation.txt
@@ -0,0 +1,90 @@
+This document explains potential effects of speculation, and how undesirable
+effects can be mitigated portably using common APIs.
+
+===========
+Speculation
+===========
+
+To improve performance and minimize average latencies, many contemporary CPUs
+employ speculative execution techniques such as branch prediction, performing
+work which may be discarded at a later stage.
+
+Typically speculative execution cannot be observed from architectural state,
+such as the contents of registers. However, in some cases it is possible to
+observe its impact on microarchitectural state, such as the presence or
+absence of data in caches. Such state may form side-channels which can be
+observed to extract secret information.
+
+For example, in the presence of branch prediction, it is possible for bounds
+checks to be ignored by code which is speculatively executed. Consider the
+following code:
+
+ int load_array(int *array, unsigned int index)
+ {
+ if (index >= MAX_ARRAY_ELEMS)
+ return 0;
+ else
+ return array[index];
+ }
+
+Which, on arm64, may be compiled to an assembly sequence such as:
+
+ CMP <index>, #MAX_ARRAY_ELEMS
+ B.LT less
+ MOV <returnval>, #0
+ RET
+ less:
+ LDR <returnval>, [<array>, <index>]
+ RET
+
+It is possible that a CPU mis-predicts the conditional branch, and
+speculatively loads array[index], even if index >= MAX_ARRAY_ELEMS. This
+value will subsequently be discarded, but the speculated load may affect
+microarchitectural state which can be subsequently measured.
+
+More complex sequences involving multiple dependent memory accesses may
+result in sensitive information being leaked. Consider the following
+code, building on the prior example:
+
+ int load_dependent_arrays(int *arr1, int *arr2, int index)
+ {
+ int val1, val2,
+
+ val1 = load_array(arr1, index);
+ val2 = load_array(arr2, val1);
+
+ return val2;
+ }
+
+Under speculation, the first call to load_array() may return the value
+of an out-of-bounds address, while the second call will influence
+microarchitectural state dependent on this value. This may provide an
+arbitrary read primitive.
+
+====================================
+Mitigating speculation side-channels
+====================================
+
+The kernel provides a generic API to ensure that bounds checks are
+respected even under speculation. Architectures which are affected by
+speculation-based side-channels are expected to implement these
+primitives.
+
+The array_index_nospec() helper in <linux/nospec.h> can be used to
+prevent information from being leaked via side-channels.
+
+A call to array_index_nospec(index, size) returns a sanitized index
+value that is bounded to [0, size) even under cpu speculation
+conditions.
+
+This can be used to protect the earlier load_array() example:
+
+ int load_array(int *array, unsigned int index)
+ {
+ if (index >= MAX_ARRAY_ELEMS)
+ return 0;
+ else {
+ index = array_index_nospec(index, MAX_ARRAY_ELEMS);
+ return array[index];
+ }
+ }
diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt
index 302b5ed..35e17f7 100644
--- a/Documentation/sysctl/fs.txt
+++ b/Documentation/sysctl/fs.txt
@@ -265,6 +265,13 @@ aio-nr can grow to.
==============================================================
+mount-max:
+
+This denotes the maximum number of mounts that may exist
+in a mount namespace.
+
+==============================================================
+
2. /proc/sys/fs/binfmt_misc
----------------------------------------------------------
diff --git a/Documentation/video4linux/v4l2-pci-skeleton.c
b/Documentation/video4linux/v4l2-pci-skeleton.c
index 46904fe..8c3d3d6 100644
--- a/Documentation/video4linux/v4l2-pci-skeleton.c
+++ b/Documentation/video4linux/v4l2-pci-skeleton.c
@@ -42,7 +42,6 @@
MODULE_DESCRIPTION("V4L2 PCI Skeleton Driver");
MODULE_AUTHOR("Hans Verkuil");
MODULE_LICENSE("GPL v2");
-MODULE_DEVICE_TABLE(pci, skeleton_pci_tbl);
/**
* struct skeleton - All internal data for one instance of device
@@ -95,6 +94,7 @@ static const struct pci_device_id skeleton_pci_tbl[] = {
/* { PCI_DEVICE(PCI_VENDOR_ID_, PCI_DEVICE_ID_) }, */
{ 0, }
};
+MODULE_DEVICE_TABLE(pci, skeleton_pci_tbl);
/*
* HDTV: this structure has the capabilities of the HDTV receiver.
diff --git a/Documentation/virtual/kvm/api.txt
b/Documentation/virtual/kvm/api.txt
index 769c2cb..e86da43 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -1891,6 +1891,7 @@ registers, find a list below:
PPC | KVM_REG_PPC_TM_VSCR | 32
PPC | KVM_REG_PPC_TM_DSCR | 64
PPC | KVM_REG_PPC_TM_TAR | 64
+ PPC | KVM_REG_PPC_TM_XER | 64
ARM registers are mapped using the lower 32 bits. The upper 16 of that
is the register group type, or coprocessor number:
diff --git a/Documentation/x86/pti.txt b/Documentation/x86/pti.txt
new file mode 100644
index 0000000..5cd5843
--- /dev/null
+++ b/Documentation/x86/pti.txt
@@ -0,0 +1,186 @@
+Overview
+========
+
+Page Table Isolation (pti, previously known as KAISER[1]) is a
+countermeasure against attacks on the shared user/kernel address
+space such as the "Meltdown" approach[2].
+
+To mitigate this class of attacks, we create an independent set of
+page tables for use only when running userspace applications. When
+the kernel is entered via syscalls, interrupts or exceptions, the
+page tables are switched to the full "kernel" copy. When the system
+switches back to user mode, the user copy is used again.
+
+The userspace page tables contain only a minimal amount of kernel
+data: only what is needed to enter/exit the kernel such as the
+entry/exit functions themselves and the interrupt descriptor table
+(IDT). There are a few strictly unnecessary things that get mapped
+such as the first C function when entering an interrupt (see
+comments in pti.c).
+
+This approach helps to ensure that side-channel attacks leveraging
+the paging structures do not function when PTI is enabled. It can be
+enabled by setting CONFIG_PAGE_TABLE_ISOLATION=y at compile time.
+Once enabled at compile-time, it can be disabled at boot with the
+'nopti' or 'pti=' kernel parameters (see kernel-parameters.txt).
+
+Page Table Management
+=====================
+
+When PTI is enabled, the kernel manages two sets of page tables.
+The first set is very similar to the single set which is present in
+kernels without PTI. This includes a complete mapping of userspace
+that the kernel can use for things like copy_to_user().
+
+Although _complete_, the user portion of the kernel page tables is
+crippled by setting the NX bit in the top level. This ensures
+that any missed kernel->user CR3 switch will immediately crash
+userspace upon executing its first instruction.
+
+The userspace page tables map only the kernel data needed to enter
+and exit the kernel. This data is entirely contained in the 'struct
+cpu_entry_area' structure which is placed in the fixmap which gives
+each CPU's copy of the area a compile-time-fixed virtual address.
+
+For new userspace mappings, the kernel makes the entries in its
+page tables like normal. The only difference is when the kernel
+makes entries in the top (PGD) level. In addition to setting the
+entry in the main kernel PGD, a copy of the entry is made in the
+userspace page tables' PGD.
+
+This sharing at the PGD level also inherently shares all the lower
+layers of the page tables. This leaves a single, shared set of
+userspace page tables to manage. One PTE to lock, one set of
+accessed bits, dirty bits, etc...
+
+Overhead
+========
+
+Protection against side-channel attacks is important. But,
+this protection comes at a cost:
+
+1. Increased Memory Use
+ a. Each process now needs an order-1 PGD instead of order-0.
+ (Consumes an additional 4k per process).
+ b. The 'cpu_entry_area' structure must be 2MB in size and 2MB
+ aligned so that it can be mapped by setting a single PMD
+ entry. This consumes nearly 2MB of RAM once the kernel
+ is decompressed, but no space in the kernel image itself.
+
+2. Runtime Cost
+ a. CR3 manipulation to switch between the page table copies
+ must be done at interrupt, syscall, and exception entry
+ and exit (it can be skipped when the kernel is interrupted,
+ though.) Moves to CR3 are on the order of a hundred
+ cycles, and are required at every entry and exit.
+ b. A "trampoline" must be used for SYSCALL entry. This
+ trampoline depends on a smaller set of resources than the
+ non-PTI SYSCALL entry code, so requires mapping fewer
+ things into the userspace page tables. The downside is
+ that stacks must be switched at entry time.
+ c. Global pages are disabled for all kernel structures not
+ mapped into both kernel and userspace page tables. This
+ feature of the MMU allows different processes to share TLB
+ entries mapping the kernel. Losing the feature means more
+ TLB misses after a context switch. The actual loss of
+ performance is very small, however, never exceeding 1%.
+ d. Process Context IDentifiers (PCID) is a CPU feature that
+ allows us to skip flushing the entire TLB when switching page
+ tables by setting a special bit in CR3 when the page tables
+ are changed. This makes switching the page tables (at context
+ switch, or kernel entry/exit) cheaper. But, on systems with
+ PCID support, the context switch code must flush both the user
+ and kernel entries out of the TLB. The user PCID TLB flush is
+ deferred until the exit to userspace, minimizing the cost.
+ See intel.com/sdm for the gory PCID/INVPCID details.
+ e. The userspace page tables must be populated for each new
+ process. Even without PTI, the shared kernel mappings
+ are created by copying top-level (PGD) entries into each
+ new process. But, with PTI, there are now *two* kernel
+ mappings: one in the kernel page tables that maps everything
+ and one for the entry/exit structures. At fork(), we need to
+ copy both.
+ f. In addition to the fork()-time copying, there must also
+ be an update to the userspace PGD any time a set_pgd() is done
+ on a PGD used to map userspace. This ensures that the kernel
+ and userspace copies always map the same userspace
+ memory.
+ g. On systems without PCID support, each CR3 write flushes
+ the entire TLB. That means that each syscall, interrupt
+ or exception flushes the TLB.
+ h. INVPCID is a TLB-flushing instruction which allows flushing
+ of TLB entries for non-current PCIDs. Some systems support
+ PCIDs, but do not support INVPCID. On these systems, addresses
+ can only be flushed from the TLB for the current PCID. When
+ flushing a kernel address, we need to flush all PCIDs, so a
+ single kernel address flush will require a TLB-flushing CR3
+ write upon the next use of every PCID.
+
+Possible Future Work
+====================
+1. We can be more careful about not actually writing to CR3
+ unless its value is actually changed.
+2. Allow PTI to be enabled/disabled at runtime in addition to the
+ boot-time switching.
+
+Testing
+========
+
+To test stability of PTI, the following test procedure is recommended,
+ideally doing all of these in parallel:
+
+1. Set CONFIG_DEBUG_ENTRY=y
+2. Run several copies of all of the tools/testing/selftests/x86/ tests
+ (excluding MPX and protection_keys) in a loop on multiple CPUs for
+ several minutes. These tests frequently uncover corner cases in the
+ kernel entry code. In general, old kernels might cause these tests
+ themselves to crash, but they should never crash the kernel.
+3. Run the 'perf' tool in a mode (top or record) that generates many
+ frequent performance monitoring non-maskable interrupts (see "NMI"
+ in /proc/interrupts). This exercises the NMI entry/exit code which
+ is known to trigger bugs in code paths that did not expect to be
+ interrupted, including nested NMIs. Using "-c" boosts the rate of
+ NMIs, and using two -c with separate counters encourages nested NMIs
+ and less deterministic behavior.
+
+ while true; do perf record -c 10000 -e instructions,cycles -a sleep 10;
done
+
+4. Launch a KVM virtual machine.
+5. Run 32-bit binaries on systems supporting the SYSCALL instruction.
+ This has been a lightly-tested code path and needs extra scrutiny.
+
+Debugging
+=========
+
+Bugs in PTI cause a few different signatures of crashes
+that are worth noting here.
+
+ * Failures of the selftests/x86 code. Usually a bug in one of the
+ more obscure corners of entry_64.S
+ * Crashes in early boot, especially around CPU bringup. Bugs
+ in the trampoline code or mappings cause these.
+ * Crashes at the first interrupt. Caused by bugs in entry_64.S,
+ like screwing up a page table switch. Also caused by
+ incorrectly mapping the IRQ handler entry code.
+ * Crashes at the first NMI. The NMI code is separate from main
+ interrupt handlers and can have bugs that do not affect
+ normal interrupts. Also caused by incorrectly mapping NMI
+ code. NMIs that interrupt the entry code must be very
+ careful and can be the cause of crashes that show up when
+ running perf.
+ * Kernel crashes at the first exit to userspace. entry_64.S
+ bugs, or failing to map some of the exit code.
+ * Crashes at first interrupt that interrupts userspace. The paths
+ in entry_64.S that return to userspace are sometimes separate
+ from the ones that return to the kernel.
+ * Double faults: overflowing the kernel stack because of page
+ faults upon page faults. Caused by touching non-pti-mapped
+ data in the entry code, or forgetting to switch to kernel
+ CR3 before calling into C functions which are not pti-mapped.
+ * Userspace segfaults early in boot, sometimes manifesting
+ as mount(8) failing to mount the rootfs. These have
+ tended to be TLB invalidation issues. Usually invalidating
+ the wrong PCID, or otherwise missing an invalidation.
+
+1. https://gruss.cc/files/kaiser.pdf
+2. https://meltdownattack.com/meltdown.pdf
diff --git a/Documentation/x86/tlb.txt b/Documentation/x86/tlb.txt
new file mode 100644
index 0000000..2b3a82e
--- /dev/null
+++ b/Documentation/x86/tlb.txt
@@ -0,0 +1,75 @@
+When the kernel unmaps or modified the attributes of a range of
+memory, it has two choices:
+ 1. Flush the entire TLB with a two-instruction sequence. This is
+ a quick operation, but it causes collateral damage: TLB entries
+ from areas other than the one we are trying to flush will be
+ destroyed and must be refilled later, at some cost.
+ 2. Use the invlpg instruction to invalidate a single page at a
+ time. This could potentialy cost many more instructions, but
+ it is a much more precise operation, causing no collateral
+ damage to other TLB entries.
+
+Which method to do depends on a few things:
+ 1. The size of the flush being performed. A flush of the entire
+ address space is obviously better performed by flushing the
+ entire TLB than doing 2^48/PAGE_SIZE individual flushes.
+ 2. The contents of the TLB. If the TLB is empty, then there will
+ be no collateral damage caused by doing the global flush, and
+ all of the individual flush will have ended up being wasted
+ work.
+ 3. The size of the TLB. The larger the TLB, the more collateral
+ damage we do with a full flush. So, the larger the TLB, the
+ more attrative an individual flush looks. Data and
+ instructions have separate TLBs, as do different page sizes.
+ 4. The microarchitecture. The TLB has become a multi-level
+ cache on modern CPUs, and the global flushes have become more
_______________________________________________
unionfs-cvs mailing list: http://unionfs.filesystems.org/
unionfs-cvs@fsl.cs.sunysb.edu
http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs-cvs
