From patchwork Tue Apr 3 12:40:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 894570 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 40Fpb45DnYz9s1t; Tue, 3 Apr 2018 22:40:16 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1f3LEQ-0005jn-E2; Tue, 03 Apr 2018 12:40:10 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1f3LEM-0005jL-Ay for kernel-team@lists.ubuntu.com; Tue, 03 Apr 2018 12:40:06 +0000 Received: from mail-wr0-f198.google.com ([209.85.128.198]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1f3LEM-00071N-1z for kernel-team@lists.ubuntu.com; Tue, 03 Apr 2018 12:40:06 +0000 Received: by mail-wr0-f198.google.com with SMTP id n7so9505572wrb.0 for ; Tue, 03 Apr 2018 05:40:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:openpgp:autocrypt:to:subject:message-id :date:user-agent:mime-version; bh=cg0wKHCi5XHbevrb57XNOyO7F7lXzyF8T+K7nvD/4L0=; b=EmQtdHtEoVoDokIB5Tplm1S+xUDrox6AyhRn3y6LIEy1c6r1dSqxP/AHBu9eBjkEpH xy9vrZ5amc0TpSEXLfJ6XeX2PklUtWneKikIqr3hj/kdd09kCnUU1SSJK82N6IGJ1Q6n hkQBMiItu0Jzviw/jxx76pZojtYW4JAOrPdxQYQDgWaYyQMwpPvY9IB0u2mbTmeSh6R1 9rkwzVCky7TTNn0ZaOa2HIYJ3tmrNE5Qce9ctKL2JRpvG0roAlulSQRDZhMjqordBYgN D4P3NkuRolK8rLPBhmPYTHb1gPEepbiq+dHk7NYbaQK0V+Tdb3Ver/nVM+ukEnoBYsM9 PbuA== X-Gm-Message-State: AElRT7F6UrPH7os8bdxZT57JP1vj/bipPo7LeRPGIm4ZGS2swvGjesZ5 hJOQGlYEagrnugZEh/VMieRn2lmUsFw3XeFPFhrhzNWowsgZYDi5aAQ+aDukqXRSCBWo4Bh0dfy FIWp2P+6n/xM0fe61GsGS7mGDBczvAwcEcY1OGsoHUQ== X-Received: by 10.80.240.5 with SMTP id r5mr16766416edl.91.1522759205145; Tue, 03 Apr 2018 05:40:05 -0700 (PDT) X-Google-Smtp-Source: AIpwx48/SkjpI4PbjCaRMcKOLZxmY1aiCBcFG03PFC3gG7MZAmpIV6rjYHrcUdM8GF3m5ICbjEHBew== X-Received: by 10.80.240.5 with SMTP id r5mr16766374edl.91.1522759204340; Tue, 03 Apr 2018 05:40:04 -0700 (PDT) Received: from [192.168.1.99] ([81.221.205.149]) by smtp.gmail.com with ESMTPSA id m8sm1670464edi.16.2018.04.03.05.40.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Apr 2018 05:40:03 -0700 (PDT) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger Openpgp: preference=signencrypt Autocrypt: addr=juergh@canonical.com; keydata= xsFNBFT+ewMBEACXhrW4154mEnXIF3J1FtyrdLuBiVGCn6FOL+ndPFZWbUpbWCcqXWKvSVhS zFpVXlN2tzAUMteZATMvjaW8rE5etZDxQIFTMTplVwTxUIjRpnj4XYFK0TZ5NG1vXZc9n7t2 NablLGmBTSGC7i0FcuHTFxEKnxoake0jkp5ReLmAZYRkw7Pa25eiy5tpUtiyaGodoF9MdVf/ rDScobkWAmWc6IZ/oe/XpPJCSzgOx3qs+p25g4z931QtTmmc9Ma3QyjudNEo/fQOeV1FCGHK f3d5K9IrxB24u85cwvVCBt+b+MHqSfSrraNjCbI5G15ALA/7EKxaCdBD+stBiaQSm9ZX/EUz jfhpNlMLw3C1AZ67KJl8+LaaSFekkG1TRBEad6+Cl9Q9e3SAgwlJyCGEJ7FOXz9fR4NAiVVI 0MrBwPwkeoxjih43sepMOdNYus0DsiRjY17Et42B325Y8SrsJVS4QoY+pef38LFpfnymbsfk 3BXsEQ73d+V9jOfzEVzIHaXILgA3v9VrjbuFYY2n6Z3CHHVN5FR1sYMs+yLlZNJJ2+20R9qd zTjLymjRFnAZ/dpB/cejnBgtvB3utx9Snenhvz1CTu2WntvKazt6hZYnpZruGdSJlTDXCfOy MDh6nmAg/TtJfyO/DDmbP32jYRYAL8igEQFHSo2WPRLalUC/KQARAQABzSxKdWVyZyBIYWVm bGlnZXIgPGp1ZXJnLmhhZWZsaWdlckB1YnVudHUuY29tPsLBdwQTAQgAIQUCWVH0BwIbAwUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB1TDqW+fi0jHr/D/9vd2CvJAT6FsGU88867V54 QB+89lMDhKoSp5bZt2Yoz6BkpUPI04+XX0r1vGVJ4M/j81byVbpRuCTxNWGommVbjhg6dByp SZbW772UKfiGy62ZMP/zUBY6WGsNPLj5qWnrFrOmjXfDaRYUd5sNDn4PcCR85SZqOMCLBaMO Pu8GU1vxcnwRDrJoFxqohPHbNS9oDStoCNBDKnE7Y9tqwkPtwCEEZtZLX4F+eTuwLxp55sTb 00DAIO+nYf4IeW8HtqRVSFlwb70NeZCAES7OKsdx1L2rkmnpm4dD61q4lMPMywRQHq5EQiJ+ 1xlZ6TACgEtHmZqlXMJHSosot6+Y8S9dvf018yMqW8y/dyID8NZ3jd5NPxlVc8kYJK6KRLx4 xWVLnH2odgP0P9Ngg5C6qDjOvscJcGamQ0ITd5jiFj9BZ4pRqNca/gjjBB8FLbMsgqQKzs1L +ZdYLNZnDkO1c/ugIX3YV94uS7cUTs4XKCUn5ZP48xCdB9DldPWUs/VSHt8ea+qicRLZ+jt1 I4K6f/tR2ISlIvlimWrymDd9EsSNUn5c3g8d5bxp+f9OEns5MLbL7LHVO0gSL+l3aZnafbXW zpZIG9AC47Cf/4yYUqgM2e+6TUv2y2yTAHbtTRAlQ+pnJlbn2Vd3ItjKsLuw3F5k7y43or/2 BdG3VdvwVwdTVs7BTQRU/nsDARAAvgS/yVd7zM506Vj8/O/DeKq+XXmEiraNMQDdU6E4i46E Cv8n0AnkhwE+80e7ZCBEo2RZ7q9AZeM0FPb6gNkuWxGedOXZgw7qFZwGYPYWyTOHcx01ITG9 pQN948d1ZAHtcxU91ARDKvVvVujNmOpN9hCt0HlHvONB4zaeasahO3sQV1ObgFLddWhzO2wT Sud0cvmBiG83Ia6ROUHhqxCI9YgH0CSg9+X9EQ5M3o119pqiHX+oh5d+mSbOPSnAZE/tjfKb 7stc5B1111QGXUTQDwqwsD+BykS+67E9capVJy/qlGHEFnEMQLBAv+miC5VcfGb+mIBtofBg 3sBzE7jJdArwJ4AUe7dMjTnaCB1vuwkobg8Pb7ehK87lK+Tuk96/04gPOHbAycYrXdFfKpvU FKuqVqh7Ada+LSAuZ4chlqt61A05xmutHqBaS/RilpaHr8mZhjTxfU8McO8Vte7tajynVNEc JfSuB01sJPV0bZ/17cVlNhcMJXuX7gPYeHJ+ekDn+WmovWZrLft8M81nMuBQzsXSfHQN5jBV r558pcEl49ft4C63v8+t3Nv2ND0dvWbcmvowzut+wkDcbN6fUrUC++ZzECyB6Xhh2rBXBtyT q5JYgwrqRymnJdIHuzXTZiy7OUPbzS+2SGMG+PxLSV7s9FWmnBc+oAVhbBEV9Q0AEQEAAcLB XwQYAQIACQUCVP57AwIbDAAKCRB1TDqW+fi0jI+iD/9Vs8fUQHzEmEE82Ubmy2ikfQCLxeM1 YASBq5wHPfmreUJwB7JWr2U6jwVVD93dH7ydPJX5x/5byegalKc9SMe4L1vtNZcmcm0ytT2Y qkpcA6F+NKnAPc0zzlVTrKh2idZdfXjfd0Wx7dWeIaAGNSeZI29NOoktSYRm7HYAVMv0MMBj sn6khbH0IRH5Ps9ZsQVKw4XF9pcauYgE0MlGKVurNyaS7OklkSxTW1E+jGwK68r15Ol1kHEx 3S6kajfS52otsN1n8qCiVVUU+S1b/Oio6C01GnMENc4E33l8SyZH/dVDLEjts53t/GITlKo+ pOTuNBvPGYAf25Y5K3KTOEDUSzv62xNGE+As7yQ57Fv+uCT090fymp0ErYiO2sufAmV1U+xg V3EID80su+RJssJ7Fbz4ZpnL4EOsp6OKSemCTC4WMX6tg1eVr6wEKrqLXkY4aPmmwumUW/ad M/L6IqaiJVxooOZsGA4u7otFAmKUzK6JIAsBIO/VTtosJbnA34e5vPfESxj+RpI0vsHPiUqY xRRFmmwmlYP/0lwHGynlBtnNcQeBQnPuqMu9Wvv9nzKWOAKQ0AFHdohd/TATk1wD/nD51U4j MIIfvGiRou3EO00G1QtXJW1lonpyFpIik1Bo3irjPN2nvRlSg/aV/4Rjw0knPChmeF3ztjoq 4GR0Sw== To: "kernel-team@lists.ubuntu.com" Subject: [SRU][Xenial] Xenial update to 4.4.118 stable release Message-ID: <553bb09b-ca2c-6a92-4a5a-99bdf06331ad@canonical.com> Date: Tue, 3 Apr 2018 14:40:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: http://bugs.launchpad.net/bugs/1756866 This is a pull request for the Xenial stable update from 4.4.117 to 4.4.118. The most notable change is the replacement of our spectre v1 implementation with upstream's version. Specifically, the following patches are reverted: UBUNTU: SAUCE: arm: no osb() implementation yet" UBUNTU: SAUCE: arm64: no osb() implementation yet" UBUNTU: SAUCE: s390/spinlock: add osb memory barrier" UBUNTU: SAUCE: powerpc: add osb barrier" UBUNTU: SAUCE: claim mitigation via observable speculation barrier" userns: prevent speculative execution" udf: prevent speculative execution" net: mpls: prevent speculative execution" fs: prevent speculative execution" ipv6: prevent speculative execution" ipv4: prevent speculative execution" Thermal/int340x: prevent speculative execution" qla2xxx: prevent speculative execution" carl9170: prevent speculative execution" UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled" x86, bpf, jit: prevent speculative execution when JIT is enabled" bpf: prevent speculative execution in eBPF interpreter" locking/barriers: introduce new observable speculation barrier" UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition" x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature" And their functionality is (partially?) replaced by upstream's patchset: x86/kvm: Update spectre-v1 mitigation x86/spectre: Report get_user mitigation for spectre_v1 nl80211: Sanitize array index in parse_txq_params vfs, fdtable: Prevent bounds-check bypass via speculative execution x86/syscall: Sanitize syscall table de-references under speculation x86/get_user: Use pointer masking to limit speculation x86: Introduce barrier_nospec x86: Implement array_index_mask_nospec array_index_nospec: Sanitize speculative array de-references Documentation: Document array_index_nospec Note that v1 of the patchset submitted upstream [1] was more or less what we have pulled into Xenial. What's missing from that submittal compared to what we have are the bpf/jit patches and some of the osb() sprinkling throughout various subsystems and drivers. There was back and forth arguing in upstream about whether some of the places that the v1 patchset modified were even user-space controllable and they eventually got dropped form the final v6 version [2]. Plus they added syscall and get_user sanitization. Also, the current upstream implementation is x86 only. PowerPC is in the works [3] but no s390x as of yet. [1] https://lkml.org/lkml/2018/1/5/769 [2] https://lkml.org/lkml/2018/1/29/960 [3] https://lkml.org/lkml/2018/3/15/929 Let me know if you think we should bring back some or all of the stuff that got dropped (powerpc, s390x, bpf). Compile tested all supported architectures. ...Juerg The following changes since commit 638103b5a72ff90bead7fb350adb014be934cf35: Linux 4.4.117 (2018-03-27 08:40:12 +0200) are available in the git repository at: https://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.118 for you to fetch changes up to 26c747a51753fb263a1107da3e8a07a249aa636a: ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (2018-03-28 11:19:22 +0200) ---------------------------------------------------------------- Alexandru Ardelean (1): staging: iio: adc: ad7192: fix external frequency setting Andi Kleen (1): module/retpoline: Warn about missing retpoline in module Andre Przywara (1): pinctrl: sunxi: Fix A80 interrupt pin bank Andy Lutomirski (1): dell-wmi, dell-laptop: depends DMI Arnd Bergmann (77): ASoC: ux500: add MODULE_LICENSE tag video: fbdev/mmp: add MODULE_LICENSE arm64: dts: add #cooling-cells to CPU nodes virtio_balloon: prevent uninitialized variable use isdn: icn: remove a #warning vmxnet3: prevent building with 64K pages video: fbdev: via: remove possibly unused variables scsi: advansys: fix build warning for PCI=n arm64: define BUG() instruction without CONFIG_BUG x86/fpu/math-emu: Fix possible uninitialized variable use x86/build: Silence the build with "make -s" thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies x86: add MULTIUSER dependency for KVM x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG scsi: advansys: fix uninitialized data access ALSA: hda/ca0132 - fix possible NULL pointer use reiserfs: avoid a -Wmaybe-uninitialized warning ssb: mark ssb_bus_register as __maybe_unused thermal: spear: use __maybe_unused for PM functions x86/boot: Avoid warning for zero-filling .bss profile: hide unused functions when !CONFIG_PROC_FS md: avoid warning for 32-bit sector_t mtd: ichxrom: maybe-uninitialized with gcc-4.9 mptfusion: hide unused seq_mpt_print_ioc_summary function scsi: fdomain: drop fdomain_pci_tbl when built-in staging: ste_rmi4: avoid unused function warnings fbdev: sis: enforce selection of at least one backend scsi: mvumi: use __maybe_unused to hide pm functions SCSI: initio: remove duplicate module device table pwc: hide unused label usb: musb/ux500: remove duplicate check for dma_is_compatible tty: hvc_xen: hide xen_console_remove when unused target/user: Fix cast from pointer to phys_addr_t driver-core: use 'dev' argument in dev_dbg_ratelimited stub fbdev: auo_k190x: avoid unused function warnings mtd: sh_flctl: pass FIFO as physical address mtd: cfi: enforce valid geometry configuration fbdev: s6e8ax0: avoid unused function warnings modsign: hide openssl output in silent builds fbdev: sm712fb: avoid unused function warnings hwrng: exynos - use __maybe_unused to hide pm functions USB: cdc_subset: only build when one driver is enabled rtlwifi: fix gcc-6 indentation warning netfilter: ipvs: avoid unused variable warnings ipv4: ipconfig: avoid unused ic_proto_used symbol tlan: avoid unused label with PCI=n tty: cyclades: cyz_interrupt is only used for PCI genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg ASoC: mediatek: add i2c dependency infiniband: cxgb4: use %pR format string for printing resources b2c2: flexcop: avoid unused function warnings tc358743: fix register i2c_rd/wr functions drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning KVM: add X86_LOCAL_APIC dependency go7007: add MEDIA_CAMERA_SUPPORT dependency em28xx: only use mt9v011 if camera support is enabled ISDN: eicon: reduce stack size of sig_ind function ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume hdpvr: hide unused variable v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER cw1200: fix bogus maybe-uninitialized warning wireless: cw1200: use __maybe_unused to hide pm functions_ perf/x86: Shut up false-positive -Wmaybe-uninitialized warning net: hp100: remove unnecessary #ifdefs gpio: xgene: mark PM functions as __maybe_unused Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig" power: bq27xxx_battery: mark some symbols __maybe_unused isdn: sc: work around type mismatch warning binfmt_elf: compat: avoid unused function warning idle: i7300: add PCI dependency usb: phy: msm add regulator dependency ncr5380: shut up gcc indentation warning ARM: tegra: select USB_ULPI from EHCI rather than platform netlink: fix nla_put_{u8,u16,u32} for KASAN kasan: rework Kconfig settings ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds Augusto Mecking Caringi (1): gpio: intel-mid: Fix build warning when !CONFIG_PM Ben Hutchings (1): staging: android: ashmem: Fix a race condition in pin ioctls Borislav Petkov (7): platform/x86: intel_mid_thermal: Fix suspend handlers unused warning x86/ras/inject: Make it depend on X86_LOCAL_APIC=y amd-xgbe: Fix unused suspend handlers build warning x86/platform/olpc: Fix resume handler build warning x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug x86/nospec: Fix header guards names x86/bugs: Drop one "mitigation" from dmesg Cai Li (1): clk: fix a panic error caused by accessing NULL pointer Chris Wilson (1): drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all Christophe JAILLET (1): dmaengine: ioat: Fix error handling path Colin Ian King (3): tc1100-wmi: fix build warning when CONFIG_PM not enabled iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" Cong Wang (2): xfrm: check id proto in validate_tmpl() netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert Dan Williams (9): array_index_nospec: Sanitize speculative array de-references x86: Implement array_index_mask_nospec x86: Introduce barrier_nospec x86/get_user: Use pointer masking to limit speculation x86/syscall: Sanitize syscall table de-references under speculation vfs, fdtable: Prevent bounds-check bypass via speculative execution nl80211: Sanitize array index in parse_txq_params x86/spectre: Report get_user mitigation for spectre_v1 x86/kvm: Update spectre-v1 mitigation Daniel Wagner (1): video: Use bool instead int pointer for get_opt_bool() argument Darren Kenny (1): x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL Dave Jones (1): Make DST_CACHE a silent config option Dave Young (1): mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep David Hildenbrand (2): KVM: nVMX: kmap() can't fail KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail David Howells (1): Provide a function to create a NUL-terminated string from unterminated data David Woodhouse (1): x86/retpoline: Avoid retpolines for built-in __init functions Dmitry Vyukov (2): netfilter: x_tables: fix int overflow in xt_alloc_table_info() netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() Dou Liyang (1): x86/spectre: Check CONFIG_RETPOLINE in command line parser Eric Biggers (3): crypto: x86/twofish-3way - Fix %rbp usage binder: check for binder_thread allocation failure in binder_poll() 509: fix printing uninitialized stack memory when OID is empty Eric Dumazet (1): netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} Fabian Frederick (1): drivers/net: fix eisa_driver probe section mismatch Gao Feng (1): ipvlan: Add the skb->mark as flow4's member to lookup route Glen Lee (1): staging: wilc1000: fix kbuild test robot error Greg Kroah-Hartman (1): Linux 4.4.118 Gustavo A. R. Silva (1): dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved Heikki Krogerus (1): serial: 8250_mid: fix broken DMA dependency Jan Beulich (1): xen: XEN_ACPI_PROCESSOR is Dom0-only Jan Dakinevich (2): KVM: VMX: clean up declaration of VPID/EPT invalidation types KVM: nVMX: invvpid handling improvements Jens Axboe (1): blktrace: fix unlocked registration of tracepoints Jia-Ju Bai (1): hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close Jim Mattson (1): kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types Jiri Olsa (1): perf top: Fix window dimensions change handling Johannes Berg (1): cfg80211: check dev_set_name() return value Josh Poimboeuf (2): tools build: Add tools tree support for 'make -s' x86/paravirt: Remove 'noreplace-paravirt' cmdline option Juerg Haefliger (22): Revert "UBUNTU: SAUCE: arm: no osb() implementation yet" Revert "UBUNTU: SAUCE: arm64: no osb() implementation yet" Revert "UBUNTU: SAUCE: s390/spinlock: add osb memory barrier" Revert "UBUNTU: SAUCE: powerpc: add osb barrier" Revert "UBUNTU: SAUCE: claim mitigation via observable speculation barrier" Revert "userns: prevent speculative execution" Revert "udf: prevent speculative execution" Revert "net: mpls: prevent speculative execution" Revert "fs: prevent speculative execution" Revert "ipv6: prevent speculative execution" Revert "ipv4: prevent speculative execution" Revert "Thermal/int340x: prevent speculative execution" Revert "qla2xxx: prevent speculative execution" Revert "carl9170: prevent speculative execution" Revert "UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled" Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled" Revert "bpf: prevent speculative execution in eBPF interpreter" Revert "locking/barriers: introduce new observable speculation barrier" Revert "UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition" Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature" UBUNTU: [Config] updateconfigs after 4.4.118 stable update UBUNTU: ppc64el -- Remove vmxnet3 module Julia Lawall (1): mtd: maps: add __init attribute Jun Nie (1): dmaengine: zx: fix build warning Kamil Konieczny (1): crypto: s5p-sss - Fix kernel Oops in AES-ECB mode KarimAllah Ahmed (1): x86/spectre: Simplify spectre_v2 command line parsing Karol Herbst (1): x86/mm/kmmio: Fix mmiotrace for page unaligned addresses Keerthy (1): ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function Kefeng Wang (1): arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set Luis R. Rodriguez (1): i2c: remove __init from i2c_register_board_info() Mark Rutland (1): Documentation: Document array_index_nospec Mauro Carvalho Chehab (1): media: s5k6aa: describe some function parameters Michal Marek (1): genksyms: Fix segfault with invalid declarations Miklos Szeredi (1): ncpfs: fix unused variable warning Moni Shoua (1): RDMA/cma: Make sure that PSN is not over max allowed Nikolay Borisov (1): btrfs: Fix possible off-by-one in btrfs_search_path_in_tree Nogah Frankel (2): net_sched: red: Avoid devision by zero net_sched: red: Avoid illegal values Paolo Abeni (4): net: add dst_cache support net: replace dst_cache ip6_tunnel implementation with the generic one netfilter: on sockopt() acquire sock lock only in the required scope dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock Paul Bolle (1): drm/vmwgfx: use *_32_bits() macros Paul Moore (2): selinux: ensure the context is NUL terminated in security_context_to_sid_core() selinux: skip bounded transition processing if the policy isn't loaded Peter Ujfalusi (1): ARM: dts: am4372: Correct the interrupts_properties of McASP Peter Zijlstra (2): KVM: x86: Make indirect calls in emulator speculation safe KVM: VMX: Make indirect call speculation safe Randy Dunlap (2): usb: build drivers/usb/common/ when USB_SUPPORT is set staging: unisys: visorinput depends on INPUT Ravi Bangoria (1): powerpc/perf: Fix oops when grouping different pmu events Russell King (1): drm/armada: fix leak of crtc structure Satheesh Rajendran (1): perf bench numa: Fixup discontiguous/sparse numa nodes Shuah Khan (1): usbip: keep usbip_device sockfd state in sync with tcp_socket Stefan Haberland (1): s390/dasd: prevent prefix I/O error Stefan Potyra (1): ASoC: rockchip: disable clock on error Steffen Klassert (2): xfrm: Fix stack-out-of-bounds read on socket policy lookup. xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. Sudip Mukherjee (4): scsi: sim710: fix build warning dpt_i2o: fix build warning video: fbdev: sis: remove unused variable drm/gma500: remove helper function Takuo Koguchi (1): spi: sun4i: disable clocks in the remove function Tetsuo Handa (1): mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. Thierry Reding (1): drm/gma500: Sanity-check pipe index Thomas Gleixner (1): x86/cpu/bugs: Make retpoline module warning conditional Tobias Jordan (1): dmaengine: jz4740: disable/unprepare clk if probe fails Tony Lindgren (2): ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen Vinod Koul (1): ASoC: Intel: Kconfig: fix build when ACPI is not enabled Waiman Long (1): x86/retpoline: Remove the esp/rsp thunk Wanpeng Li (2): KVM: x86: fix escape of guest dr6 to the host KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously Will Deacon (1): scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none Willem de Bruijn (1): net: avoid skb_warn_bad_offload on IS_ERR Wu Fengguang (1): net: dst_cache_per_cpu_dst_set() can be static Zumeng Chen (1): gianfar: fix a flooded alignment reports because of padding issue. Documentation/kernel-parameters.txt | 2 - Documentation/speculation.txt | 90 ++ Makefile | 8 +- arch/arm/boot/dts/am4372.dtsi | 6 +- arch/arm/boot/dts/omap4.dtsi | 2 - arch/arm/include/asm/barrier.h | 2 - arch/arm/mach-omap2/omap-secure.c | 21 + arch/arm/mach-omap2/omap-secure.h | 4 + arch/arm/mach-omap2/pm.h | 4 - arch/arm/mach-omap2/pm34xx.c | 13 +- arch/arm/mach-omap2/prm33xx.c | 12 - arch/arm/mach-omap2/sleep34xx.S | 26 +- arch/arm/mach-tegra/Kconfig | 2 - arch/arm64/Kconfig | 2 +- arch/arm64/Kconfig.platforms | 2 - arch/arm64/boot/dts/mediatek/mt8173.dtsi | 2 + arch/arm64/include/asm/barrier.h | 2 - arch/arm64/include/asm/bug.h | 33 +- arch/powerpc/include/asm/barrier.h | 2 - arch/powerpc/perf/core-book3s.c | 4 +- arch/s390/include/asm/barrier.h | 10 - arch/x86/Kconfig | 2 +- arch/x86/Kconfig.debug | 1 + arch/x86/boot/Makefile | 5 +- arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 112 +- arch/x86/entry/common.c | 2 + arch/x86/events/core.c | 4 +- arch/x86/include/asm/asm-prototypes.h | 1 - arch/x86/include/asm/barrier.h | 30 +- arch/x86/include/asm/microcode_amd.h | 1 - arch/x86/include/asm/msr.h | 2 +- arch/x86/include/asm/nospec-branch.h | 8 +- arch/x86/include/asm/vmx.h | 5 +- arch/x86/kernel/alternative.c | 14 - arch/x86/kernel/cpu/bugs.c | 132 +- arch/x86/kernel/cpu/mcheck/mce-inject.c | 5 +- arch/x86/kernel/cpu/microcode/amd.c | 17 +- arch/x86/kernel/head_32.S | 9 +- arch/x86/kvm/Kconfig | 3 +- arch/x86/kvm/emulate.c | 9 +- arch/x86/kvm/vmx.c | 83 +- arch/x86/kvm/x86.c | 40 +- arch/x86/lib/getuser.S | 10 + arch/x86/lib/retpoline.S | 1 - arch/x86/math-emu/Makefile | 4 +- arch/x86/math-emu/reg_compare.c | 16 +- arch/x86/mm/ioremap.c | 4 +- arch/x86/mm/kmmio.c | 12 +- arch/x86/net/bpf_jit_comp.c | 28 +- arch/x86/platform/olpc/olpc-xo15-sci.c | 2 + certs/Makefile | 33 +- .../abi/4.4.0-117.141/ppc64el/generic.modules | 1 - debian.master/config/config.common.ubuntu | 2 + debian.master/config/ppc64el/config.common.ppc64el | 1 - drivers/Makefile | 1 + drivers/android/binder.c | 2 + drivers/char/hw_random/exynos-rng.c | 10 +- drivers/crypto/s5p-sss.c | 13 +- drivers/dma/at_hdmac.c | 4 +- drivers/dma/dma-jz4740.c | 4 +- drivers/dma/ioat/init.c | 2 +- drivers/dma/zx296702_dma.c | 2 +- drivers/gpio/gpio-intel-mid.c | 2 +- drivers/gpio/gpio-xgene.c | 13 +- drivers/gpu/drm/armada/armada_crtc.c | 25 +- drivers/gpu/drm/drm_modeset_lock.c | 2 +- drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 10 +- drivers/gpu/drm/gma500/mdfld_dsi_output.c | 12 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c | 7 +- drivers/i2c/i2c-boardinfo.c | 4 +- drivers/idle/Kconfig | 1 + drivers/iio/adc/axp288_adc.c | 2 +- drivers/infiniband/core/cma.c | 1 + drivers/infiniband/hw/cxgb4/device.c | 5 +- drivers/input/keyboard/tca8418_keypad.c | 21 +- drivers/isdn/hardware/eicon/message.c | 16 +- drivers/isdn/icn/icn.c | 2 +- drivers/isdn/sc/init.c | 7 +- drivers/md/md.c | 10 +- drivers/media/common/b2c2/flexcop-fe-tuner.c | 4 +- drivers/media/i2c/s5k6aa.c | 5 + drivers/media/i2c/tc358743.c | 46 +- drivers/media/usb/em28xx/Kconfig | 2 +- drivers/media/usb/go7007/Kconfig | 2 +- drivers/media/usb/hdpvr/hdpvr-core.c | 2 + drivers/media/usb/pwc/pwc-if.c | 2 + drivers/media/v4l2-core/Kconfig | 1 - drivers/message/fusion/mptbase.c | 2 + drivers/mtd/chips/Kconfig | 4 + drivers/mtd/maps/ck804xrom.c | 4 +- drivers/mtd/maps/esb2rom.c | 4 +- drivers/mtd/maps/ichxrom.c | 10 +- drivers/mtd/nand/sh_flctl.c | 5 +- drivers/net/Kconfig | 3 + drivers/net/ethernet/3com/3c509.c | 2 +- drivers/net/ethernet/3com/3c59x.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-main.c | 4 +- drivers/net/ethernet/dec/tulip/de4x5.c | 2 +- drivers/net/ethernet/freescale/gianfar.c | 6 +- drivers/net/ethernet/hp/hp100.c | 20 +- drivers/net/ethernet/ti/tlan.c | 2 +- drivers/net/hippi/rrunner.c | 2 +- drivers/net/ipvlan/ipvlan_core.c | 1 + drivers/net/usb/Kconfig | 10 + drivers/net/usb/Makefile | 2 +- drivers/net/wireless/ath/carl9170/main.c | 1 - drivers/net/wireless/cw1200/cw1200_spi.c | 9 +- drivers/net/wireless/cw1200/pm.h | 9 +- drivers/net/wireless/cw1200/wsm.c | 8 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/dm.c | 6 +- drivers/pinctrl/sunxi/pinctrl-sun9i-a80.c | 6 +- drivers/platform/x86/Kconfig | 2 + drivers/platform/x86/intel_mid_thermal.c | 2 + drivers/platform/x86/tc1100-wmi.c | 2 + drivers/power/Kconfig | 1 + drivers/power/bq27xxx_battery.c | 6 +- drivers/s390/block/dasd_eckd.c | 16 +- drivers/scsi/advansys.c | 24 +- drivers/scsi/dpt_i2o.c | 3 + drivers/scsi/fdomain.c | 2 +- drivers/scsi/g_NCR5380.c | 5 +- drivers/scsi/initio.c | 16 - drivers/scsi/mvumi.c | 4 +- drivers/scsi/qla2xxx/qla_mr.c | 12 +- drivers/scsi/sim710.c | 3 +- drivers/spi/spi-sun4i.c | 2 +- drivers/ssb/main.c | 7 +- drivers/staging/android/ashmem.c | 19 +- drivers/staging/iio/adc/ad7192.c | 27 +- drivers/staging/ste_rmi4/synaptics_i2c_rmi4.c | 7 +- drivers/staging/unisys/visorinput/Kconfig | 2 +- drivers/staging/wilc1000/wilc_wlan_if.h | 1 + drivers/target/target_core_user.c | 2 +- drivers/thermal/Kconfig | 4 +- .../thermal/int340x_thermal/int340x_thermal_zone.c | 11 +- drivers/thermal/spear_thermal.c | 6 +- drivers/tty/Kconfig | 2 +- drivers/tty/hvc/hvc_xen.c | 2 +- drivers/tty/serial/8250/Kconfig | 2 +- drivers/usb/host/Kconfig | 2 + drivers/usb/musb/ux500_dma.c | 3 - drivers/usb/phy/Kconfig | 1 + drivers/usb/usbip/stub_dev.c | 3 + drivers/usb/usbip/vhci_hcd.c | 2 + drivers/video/fbdev/Kconfig | 1 + drivers/video/fbdev/auo_k190x.c | 11 +- drivers/video/fbdev/exynos/s6e8ax0.c | 13 +- drivers/video/fbdev/intelfb/intelfbdrv.c | 2 +- drivers/video/fbdev/mmp/core.c | 5 + drivers/video/fbdev/sis/init301.c | 10 +- drivers/video/fbdev/sm712fb.c | 16 +- drivers/video/fbdev/via/viafbdev.c | 8 +- drivers/virtio/virtio_balloon.c | 2 + drivers/xen/Kconfig | 2 +- fs/btrfs/ioctl.c | 2 +- fs/compat_binfmt_elf.c | 2 + fs/ncpfs/dir.c | 3 +- fs/reiserfs/lbalance.c | 2 +- fs/reiserfs/reiserfs.h | 1 - fs/udf/misc.c | 6 - include/asm-generic/barrier.h | 11 - include/linux/device.h | 7 +- include/linux/fdtable.h | 3 +- include/linux/filter.h | 10 - include/linux/init.h | 9 +- include/linux/module.h | 9 + include/linux/msi.h | 11 +- include/linux/mtd/sh_flctl.h | 1 + include/linux/nospec.h | 72 + include/linux/string.h | 1 + include/net/dst_cache.h | 97 ++ include/net/ip6_tunnel.h | 15 +- include/net/netlink.h | 73 +- include/net/red.h | 13 +- include/trace/events/clk.h | 4 +- kernel/bpf/core.c | 3 - kernel/module.c | 11 + kernel/profile.c | 4 +- kernel/trace/blktrace.c | 32 +- kernel/user_namespace.c | 4 +- lib/Kconfig.debug | 2 +- lib/oid_registry.c | 8 +- mm/early_ioremap.c | 2 +- mm/util.c | 24 + mm/vmscan.c | 3 + net/Kconfig | 4 + net/core/Makefile | 1 + net/core/dev.c | 2 +- net/core/dst_cache.c | 168 ++ net/decnet/af_decnet.c | 62 +- net/ipv4/ip_sockglue.c | 14 +- net/ipv4/ipconfig.c | 4 + net/ipv4/netfilter/ipt_CLUSTERIP.c | 16 +- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 +- net/ipv4/raw.c | 1 - net/ipv6/Kconfig | 1 + net/ipv6/ip6_gre.c | 12 +- net/ipv6/ip6_tunnel.c | 149 +- net/ipv6/ip6_vti.c | 2 +- net/ipv6/ipv6_sockglue.c | 17 +- net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 18 +- net/ipv6/raw.c | 1 - net/mpls/af_mpls.c | 2 - net/netfilter/ipvs/ip_vs_app.c | 8 +- net/netfilter/ipvs/ip_vs_ctl.c | 15 +- net/netfilter/x_tables.c | 9 +- net/netfilter/xt_RATEEST.c | 22 +- net/sched/sch_choke.c | 3 + net/sched/sch_gred.c | 3 + net/sched/sch_red.c | 2 + net/sched/sch_sfq.c | 3 + net/wireless/core.c | 8 +- net/wireless/nl80211.c | 9 +- net/xfrm/xfrm_policy.c | 8 +- net/xfrm/xfrm_user.c | 24 + scripts/genksyms/parse.tab.c_shipped | 1682 +++++++++----------- scripts/genksyms/parse.tab.h_shipped | 133 +- scripts/genksyms/parse.y | 2 - scripts/kernel-doc | 2 +- scripts/mod/modpost.c | 9 + security/selinux/ss/services.c | 21 +- sound/pci/hda/patch_ca0132.c | 3 + sound/soc/intel/Kconfig | 7 +- sound/soc/mediatek/Kconfig | 4 +- sound/soc/rockchip/rockchip_spdif.c | 22 +- sound/soc/ux500/mop500.c | 4 + sound/soc/ux500/ux500_pcm.c | 5 + tools/build/Makefile.build | 10 + tools/perf/bench/numa.c | 56 +- tools/perf/builtin-top.c | 15 +- tools/scripts/Makefile.include | 12 +- 232 files changed, 2538 insertions(+), 1977 deletions(-) create mode 100644 Documentation/speculation.txt create mode 100644 include/linux/nospec.h create mode 100644 include/net/dst_cache.h create mode 100644 net/core/dst_cache.c