[PATCH 4.17 87/97] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit ea156d192f5257a5bf393d33910d3b481bf8a401 upstream Three changes to the content of the sysfs file: - If EPT is disabled, L1TF cannot be exploited even across threads on

[PATCH 4.17 50/97] Revert "x86/apic: Ignore secondary threads if nosmt=force"

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 506a66f374891ff08e064a058c446b336c5ac760 upstream Dave Hansen reported, that it's outright dangerous to keep SMT siblings disabled completely so they are stuck in the

Re: [PATCH 06/13] coresight: etb10: Handle errors enabling the device

Hi Suzuki, On Mon, Aug 06, 2018 at 02:41:48PM +0100, Suzuki K Poulose wrote: > Prepare the etb10 driver to return errors in enabling > the device. > > Cc: Mathieu Poirier > Signed-off-by: Suzuki K Poulose > --- > drivers/hwtracing/coresight/coresight-etb10.c | 18 +- > 1 file

[PATCH 4.14 016/104] fix __legitimize_mnt()/mntput() race

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 119e1ef80ecfe0d1deb6378d4ab41f5b71519de1 upstream. __legitimize_mnt() has two problems - one is that in case of success the check of mount_lock is not ordered wrt preceding

Re: [PATCH 1/2] perf tools: Make check-headers.sh check based on kernel dir

Em Tue, Aug 14, 2018 at 09:27:26AM +0200, Jiri Olsa escreveu: > On Tue, Aug 14, 2018 at 11:47:39AM +1000, Michael Ellerman wrote: > > Jiri Olsa writes: > > > diff --git a/tools/perf/check-headers.sh b/tools/perf/check-headers.sh > > > index ea48aa6f8d19..9d466e853aec 100755 > > > ---

Re: [PATCH] PCI: Equalize hotplug memory for non/occupied slots

It's been a few weeks. Thoughts on this one? On Wed, 2018-07-25 at 17:02 -0600, Jon Derrick wrote: > Currently, a hotplug bridge will be given hpmemsize additional memory > if > available, in order to satisfy any future hotplug allocation > requirements. > > These calculations don't consider the

[PATCH 4.18 02/79] x86/speculation: Protect against userspace-userspace spectreRSB

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit fdf82a7856b32d905c39afc85e34364491e46346 upstream. The article "Spectre Returns! Speculation Attacks using the Return Stack Buffer" [1] describes two new (sub-)variants of

[PATCH 4.18 19/79] cpu/hotplug: Provide knobs to control SMT

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner Provide a command line and a sysfs knob to control SMT. The command line options are: 'nosmt': Enumerate secondary threads, but do not online them 'nosmt=force':

[PATCH 4.18 18/79] cpu/hotplug: Split do_cpu_down()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner Split out the inner workings of do_cpu_down() to allow reuse of that function for the upcoming SMT disabling mechanism. No functional change. Signed-off-by: Thomas Gleixner

[PATCH 4.18 14/79] sched/smt: Update sched_smt_present at runtime

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra The static key sched_smt_present is only updated at boot time when SMT siblings have been detected. Booting with maxcpus=1 and bringing the siblings online after boot rebuilds

[PATCH 4.18 12/79] x86/speculation/l1tf: Limit swap file size to MAX_PA/2

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen For the L1TF workaround its necessary to limit the swap file size to below MAX_PA/2, so that the higher bits of the swap offset inverted never point to valid memory. Add a

[PATCH 4.18 17/79] cpu/hotplug: Make bringup/teardown of smp threads symmetric

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner The asymmetry caused a warning to trigger if the bootup was stopped in state CPUHP_AP_ONLINE_IDLE. The warning no longer triggers as kthread_park() can now be invoked on

[PATCH 4.18 13/79] x86/bugs: Move the l1tf function and define pr_fmt properly

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk The pr_warn in l1tf_select_mitigation would have used the prior pr_fmt which was defined as "Spectre V2 : ". Move the function to be past SSBD and also define the

[PATCH 4.18 15/79] x86/smp: Provide topology_is_primary_thread()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner If the CPU is supporting SMT then the primary thread can be found by checking the lower APIC ID bits for zero. smp_num_siblings is used to build the mask for the APIC ID bits

[PATCH 4.18 16/79] x86/topology: Provide topology_smt_supported()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner Provide information whether SMT is supoorted by the CPUs. Preparatory patch for SMT control mechanism. Suggested-by: Dave Hansen Signed-off-by: Thomas Gleixner Acked-by:

[PATCH 4.18 20/79] x86/cpu: Remove the pointless CPU printout

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner The value of this printout is dubious at best and there is no point in having it in two different places along with convoluted ways to reach it. Remove it completely.

[PATCH 4.18 21/79] x86/cpu/AMD: Remove the pointless detect_ht() call

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner Real 32bit AMD CPUs do not have SMT and the only value of the call was to reach the magic printout which got removed. Signed-off-by: Thomas Gleixner Reviewed-by: Konrad

[PATCH 4.18 22/79] x86/cpu/common: Provide detect_ht_early()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner To support force disabling of SMT it's required to know the number of thread siblings early. detect_ht() cannot be called before the APIC driver is selected, so split out the

[PATCH 4.18 24/79] x86/cpu/intel: Evaluate smp_num_siblings early

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner Make use of the new early detection function to initialize smp_num_siblings on the boot cpu before the MP-Table or ACPI/MADT scan happens. That's required for force disabling

[PATCH 4.18 23/79] x86/cpu/topology: Provide detect_extended_topology_early()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner To support force disabling of SMT it's required to know the number of thread siblings early. detect_extended_topology() cannot be called before the APIC driver is selected, so

[PATCH 4.18 25/79] x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Borislav Petkov Old code used to check whether CPUID ext max level is >= 0x8008 because that last leaf contains the number of cores of the physical CPU. The three functions called there

[PATCH 4.18 28/79] x86/speculation/l1tf: Extend 64bit swap file size limit

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka The previous patch has limited swap file size so that large offsets cannot clear bits above MAX_PA/2 in the pte and interfere with L1TF mitigation. It assumed that offsets are

[PATCH 4.18 26/79] x86/cpu/AMD: Evaluate smp_num_siblings early

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner To support force disabling of SMT it's required to know the number of thread siblings early. amd_get_topology() cannot be called before the APIC driver is selected, so split

Re: [PATCH RFC] Make call_srcu() available during very early boot

On Tue, 14 Aug 2018 10:06:18 -0700 "Paul E. McKenney" wrote: > > > #define __SRCU_STRUCT_INIT(name, pcpu_name) > > > \ > > > - { \ > > > - .sda = _name, \ >

[PATCH 4.17 14/97] make sure that __dentry_kill() always invalidates d_seq, unhashed or not

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 4c0d7cd5c8416b1ef41534d19163cb07ffaa03ab upstream. RCU pathwalk relies upon the assumption that anything that changes ->d_inode of a dentry will invalidate its ->d_seq. That's

[PATCH 4.17 13/97] root dentries need RCU-delayed freeing

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 90bad5e05bcdb0308cfa3d3a60f5c0b9c8e2efb3 upstream. Since mountpoint crossing can happen without leaving lazy mode, root dentries do need the same protection against having

[PATCH 4.17 04/97] stop_machine: Disable preemption after queueing stopper threads

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Isaac J. Manjarres commit 2610e88946632afb78aa58e61f11368ac4c0af7b upstream. This commit: 9fb8d5dc4b64 ("stop_machine, Disable preemption when waking two stopper threads") does not fully

[PATCH 4.17 00/97] 4.17.15-stable review

This is the start of the stable review cycle for the 4.17.15 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:15 UTC 2018. Anything

Re: [f2fs-dev] [PATCH v3] f2fs: fix performance issue observed with multi-thread sequential read

On 08/14, Chao Yu wrote: > On 2018/8/14 12:04, Jaegeuk Kim wrote: > > On 08/14, Chao Yu wrote: > >> On 2018/8/14 4:11, Jaegeuk Kim wrote: > >>> On 08/13, Chao Yu wrote: > Hi Jaegeuk, > > On 2018/8/11 2:56, Jaegeuk Kim wrote: > > This reverts the commit - "b93f771 - f2fs: remove

[PATCH 4.17 17/97] ARM: dts: imx6sx: fix irq for pcie bridge

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Oleksij Rempel commit 1bcfe0564044be578841744faea1c2f46adc8178 upstream. Use the correct IRQ line for the MSI controller in the PCIe host controller. Apparently a different IRQ line is used

[PATCH 4.17 19/97] x86/speculation: Protect against userspace-userspace spectreRSB

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit fdf82a7856b32d905c39afc85e34364491e46346 upstream. The article "Spectre Returns! Speculation Attacks using the Return Stack Buffer" [1] describes two new (sub-)variants of

[PATCH 4.17 20/97] kprobes/x86: Fix %p uses in error messages

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 0ea063306eecf300fcf06d2f5917474b580f666f upstream. Remove all %p uses in error messages in kprobes/x86. Signed-off-by: Masami Hiramatsu Cc: Ananth N

[PATCH 4.17 15/97] fix mntput/mntput race

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 9ea0a46ca2c318fcc449c1e6b62a7230a17888f1 upstream. mntput_no_expire() does the calculation of total refcount under mount_lock; unfortunately, the decrement (as well as all

[PATCH 4.17 23/97] x86/speculation/l1tf: Change order of offset/type in swap entry

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit bcd11afa7adad8d720e7ba5ef58bdcd9775cf45f upstream If pages are swapped out, the swap entry is stored in the corresponding PTE, which has the Present bit cleared. CPUs

[PATCH 4.17 05/97] sched/deadline: Update rq_clock of later_rq when pushing a task

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Bristot de Oliveira commit 840d719604b0925ca23dde95f1767e4528668369 upstream. Daniel Casini got this warn while running a DL task here at RetisLab: [ 461.137582] [ cut

[PATCH 4.17 18/97] x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 5800dc5c19f34e6e03b5adab1282535cb102fafd upstream. Nadav reported that on guests we're failing to rewrite the indirect calls to CALLEE_SAVE paravirt functions. In

[PATCH 4.17 26/97] x86/speculation/l1tf: Make sure the first page is always reserved

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 10a70416e1f067f6c4efda6ffd8ea96002ac4223 upstream The L1TF workaround doesn't make any attempt to mitigate speculate accesses to the first physical page for zeroed PTEs.

[PATCH 4.17 21/97] x86/irqflags: Provide a declaration for native_save_fl

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Nick Desaulniers commit 208cbb32558907f68b3b2a081ca2337ac3744794 upstream. It was reported that the commit d0a8d9378d16 is causing users of gcc < 4.9 to observe -Werror=missing-prototypes

[PATCH 4.17 24/97] x86/speculation/l1tf: Protect swap entries against L1TF

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 2f22b4cd45b67b3496f4aa4c7180a1271c6452f6 upstream With L1 terminal fault the CPU speculates into unmapped PTEs, and resulting side effects allow to read the memory the

[PATCH 4.17 25/97] x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 6b28baca9b1f0d4a42b865da7a05b1c81424bd5c upstream When PTEs are set to PROT_NONE the kernel just clears the Present bit and preserves the PFN, which creates attack surface

[PATCH 4.17 16/97] fix __legitimize_mnt()/mntput() race

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 119e1ef80ecfe0d1deb6378d4ab41f5b71519de1 upstream. __legitimize_mnt() has two problems - one is that in case of success the check of mount_lock is not ordered wrt preceding

[PATCH 4.17 22/97] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 50896e180c6aa3a9c61a26ced99e15d602666a4c upstream L1 Terminal Fault (L1TF) is a speculation related vulnerability. The CPU speculates on PTE entries which do not have the

[PATCH 4.17 27/97] x86/speculation/l1tf: Add sysfs reporting for l1tf

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 17dbca119312b4e8173d4e25ff64262119fcef38 upstream L1TF core kernel workarounds are cheap and normally always enabled, However they still should be reported in sysfs if the

[PATCH 4.14 080/104] cpu/hotplug: detect SMT disabled by BIOS

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit 73d5e2b472640b1fcdb61ae8be389912ef211bda upstream If SMT is disabled in BIOS, the CPU code doesn't properly detect it. The /sys/devices/system/cpu/smt/control file shows

[PATCH 4.14 078/104] x86/KVM/VMX: Initialize the vmx_l1d_flush_pages content

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 288d152c23dcf3c09da46c5c481903ca10ebfef7 upstream The slow path in vmx_l1d_flush() reads from vmx_l1d_flush_pages in order to evict the L1d cache. However, these pages

[PATCH 4.14 081/104] x86/KVM/VMX: Dont set l1tf_flush_l1d to true from vmx_l1d_flush()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 379fd0c7e6a391e5565336a646f19f218fb98c6c upstream vmx_l1d_flush() gets invoked only if l1tf_flush_l1d is true. There's no point in setting l1tf_flush_l1d to true from

[PATCH 4.14 103/104] tools headers: Synchronise x86 cpufeatures.h for L1TF additions

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit e24f14b0ff985f3e09e573ba1134bfdf42987e05 upstream Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman --- tools/arch/x86/include/asm/cpufeatures.h |

[PATCH 4.14 104/104] x86/microcode: Allow late microcode loading with SMT disabled

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit 07d981ad4cf1e78361c6db1c28ee5ba105f96cc1 upstream The kernel unnecessarily prevents late microcode loading when SMT is disabled. It should be safe to allow it if all

[PATCH 4.14 100/104] x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 0768f91530ff46683e0b372df14fd79fe8d156e5 upstream Some cases in THP like: - MADV_FREE - mprotect - split mark the PMD non present for temporarily to prevent races.

[PATCH 4.14 077/104] Documentation: Add section about CPU vulnerabilities

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 3ec8ce5d866ec6a08a9cfab82b62acf4a830b35f upstream Add documentation for the L1TF vulnerability and the mitigation mechanisms: - Explain the problem and risks -

[PATCH 4.14 098/104] cpu/hotplug: Fix SMT supported evaluation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit bc2d8d262cba5736332cbc866acb11b1c5748aa9 upstream Josh reported that the late SMT evaluation in cpu_smt_state_init() sets cpu_smt_control to CPU_SMT_NOT_SUPPORTED in

[PATCH 4.14 084/104] x86/irq: Demote irq_cpustat_t::__softirq_pending to u16

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 9aee5f8a7e30330d0a8f4c626dc924ca5590aba5 upstream An upcoming patch will extend KVM's L1TF mitigation in conditional mode to also cover interrupts after VMEXITs. For

[PATCH 4.14 101/104] x86/mm/pat: Make set_memory_np() L1TF safe

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have

[PATCH 4.14 097/104] KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 5b76a3cff011df2dcb6186c965a2e4d809a05ad4 upstream When nested virtualization is in use, VMENTER operations from the nested hypervisor into the nested guest will always be

[PATCH 4.14 102/104] x86/mm/kmmio: Make the tracer robust against L1TF

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 1063711b57393c1999248cccb57bebfaf16739e7 upstream The mmio tracer sets io mapping PTEs and PMDs to non present when enabled without inverting the address bits, which makes

[PATCH 4.14 075/104] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit fee0aede6f4739c87179eca76136f83210953b86 upstream The CPU_SMT_NOT_SUPPORTED state is set (if the processor does not support SMT) when the sysfs SMT control file is

[PATCH 4.14 094/104] KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit cd28325249a1ca0d771557ce823e0308ad629f98 upstream This lets userspace read the MSR_IA32_ARCH_CAPABILITIES and check that all requested features are available on the host.

[PATCH 4.14 076/104] x86/bugs, kvm: Introduce boot-time control of L1TF mitigations

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit d90a7a0ec83fb86622cd7dae23255d3c50a99ec8 upstream Introduce the 'l1tf=' kernel command line option to allow for boot-time switching of mitigation that is used on processors

[PATCH 4.14 082/104] x86/KVM/VMX: Replace vmx_l1d_flush_always with vmx_l1d_flush_cond

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 427362a142441f08051369db6fbe7f61c73b3dca upstream The vmx_l1d_flush_always static key is only ever evaluated if vmx_l1d_should_flush is enabled. In that case however,

[PATCH 4.14 099/104] x86/speculation/l1tf: Invert all not present mappings

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit f22cc87f6c1f771b57c407555cfefd811cdd9507 upstream For kernel mappings PAGE_PROTNONE is not necessarily set for a non present mapping, but the inversion logic explicitely

[PATCH 4.14 085/104] x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 45b575c00d8e72d69d75dd8c112f044b7b01b069 upstream Part of the L1TF mitigation for vmx includes flushing the L1D cache upon VMENTRY. L1D flushes are costly and two modes

Re: [PATCH RFC] Make call_srcu() available during very early boot

On Tue, Aug 14, 2018 at 01:24:53PM -0400, Steven Rostedt wrote: > On Tue, 14 Aug 2018 10:06:18 -0700 > "Paul E. McKenney" wrote: > > > > > > #define __SRCU_STRUCT_INIT(name, pcpu_name) > > > > \ > > > > - {

[PATCH 4.17 53/97] x86/KVM/VMX: Add module argument for L1TF mitigation

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit a399477e52c17e148746d3ce9a483f681c2aa9a0 upstream Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka L1 terminal fault. The valid

[PATCH 4.17 73/97] Documentation: Add section about CPU vulnerabilities

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 3ec8ce5d866ec6a08a9cfab82b62acf4a830b35f upstream Add documentation for the L1TF vulnerability and the mitigation mechanisms: - Explain the problem and risks -

[PATCH 4.17 97/97] x86/microcode: Allow late microcode loading with SMT disabled

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit 07d981ad4cf1e78361c6db1c28ee5ba105f96cc1 upstream The kernel unnecessarily prevents late microcode loading when SMT is disabled. It should be safe to allow it if all

[PATCH 4.14 001/104] parisc: Enable CONFIG_MLONGCALLS by default

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit 66509a276c8c1d19ee3f661a41b418d101c57d29 upstream. Enable the -mlong-calls compiler option by default, because otherwise in most cases linking the vmlinux binary fails due

[PATCH 4.17 88/97] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 8e0b2b916662e09dd4d09e5271cdf214c6b80e62 upstream Bit 3 of ARCH_CAPABILITIES tells a hypervisor that L1D flush on vmentry is not needed. Add a new value to enum

[PATCH 4.17 79/97] x86/KVM/VMX: Replace vmx_l1d_flush_always with vmx_l1d_flush_cond

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 427362a142441f08051369db6fbe7f61c73b3dca upstream The vmx_l1d_flush_always static key is only ever evaluated if vmx_l1d_should_flush is enabled. In that case however,

[PATCH 4.17 96/97] tools headers: Synchronise x86 cpufeatures.h for L1TF additions

4.17-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit e24f14b0ff985f3e09e573ba1134bfdf42987e05 upstream [ ... and some older changes in the 4.17.y backport too ...] Signed-off-by: David Woodhouse Signed-off-by: Greg

[PATCH 4.9 015/107] proc/sysctl: prune stale dentries during unregistering

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Konstantin Khlebnikov commit d6cffbbe9a7e51eb705182965a189457c17ba8a3 upstream. Currently unregistering sysctl table does not prune its dentries. Stale dentries could slowdown sysctl

[PATCH 4.17 52/97] x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Konrad Rzeszutek Wilk commit 26acfb666a473d960f0fd971fe68f3e3ad16c70b upstream If the L1TF CPU bug is present we allow the KVM module to be loaded as the major of users that use Linux and KVM

[PATCH 4.14 010/104] scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 1214fd7b497400d200e3f4e64e2338b303a20949 upstream. Surround scsi_execute() calls with scsi_autopm_get_device() and scsi_autopm_put_device(). Note: removing sr_mutex

[PATCH 4.17 83/97] x86: Dont include linux/irq.h from asm/hardirq.h

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit 447ae316670230d7d29430e2cbf1f5db4f49d14c upstream The next patch in this series will have to make the definition of irq_cpustat_t available to entering_irq(). Inclusion

[PATCH 3/7] evmtest: test kernel module loading

The Linux kernel supports two methods of loading kernel modules - init_module and finit_module syscalls. This test verifies loading kernel modules with both syscalls, first without an IMA policy, and subsequently with an IMA policy (that restricts module loading to signed modules). This test

[PATCH 7/7] emvtest: Add ability to run all tests

evmtest tests functionality of different IMA-Appraisal policies. To simplify testing, this patch defines an evmtest config file. This allows for running all tests at once, rather than invoking each test individually. Variables can be set once rather than specifying parameters at runtime on the

[PATCH 6/7] evmtest: test the preservation of extended attributes

IMA supports file signatures by storing information in a security.ima extended file attribute. This test ensures that the attribute is preserved when a file is copied. This test requires root because only root can write "security." xattrs to files. Signed-off-by: David Jacobson ---

[PATCH 2/7] evmtest: test appraisal on policy loading with signature

IMA can be configured to require signatures on policies before loading them. This test verifies that IMA correctly validates signatures, and rejects policies that lack signatures or have been signed by an unauthorized party (i.e. certificate is not on the appropriate keyring). This test requires

[PATCH 1/7] evmtest: Regression testing Integrity Subsystem

As the existing IMA/EVM features of the kernel mature, and new features are being added, the number of kernel configuration options (Kconfig) and methods for loading policies have been increasing. Rigorous testing of the various IMA/EVM features is needed to ensure correct behavior and to help

[PATCH 4/7] evmtest: test kexec signature policy

With secure boot enabled, the bootloader verifies the kernel image's signature before transferring control to it. With Linux as the bootloader running with secure boot enabled, kexec needs to verify the kernel image's signature. This patch defined a new test named "kexec_sig", which first

[PATCH 5/7] evmtest: validate boot record

The first record in the IMA runtime measurement list is the boot aggregate - a hash of PCRs 0-7. This test calculates the boot aggregate based off the PCRs and compares it to IMA's boot aggregate. Dependencies: a TPM, IBMTSS2. Signed-off-by: David Jacobson ---

[PATCH 4.14 012/104] init: rename and re-order boot_cpu_state_init()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit b5b1404d0815894de0690de8a1ab58269e56eae6 upstream. This is purely a preparatory patch for upcoming changes during the 4.19 merge window. We have a function called

[PATCH 4.14 014/104] make sure that __dentry_kill() always invalidates d_seq, unhashed or not

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 4c0d7cd5c8416b1ef41534d19163cb07ffaa03ab upstream. RCU pathwalk relies upon the assumption that anything that changes ->d_inode of a dentry will invalidate its ->d_seq. That's

[PATCH 4.17 72/97] x86/bugs, kvm: Introduce boot-time control of L1TF mitigations

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Kosina commit d90a7a0ec83fb86622cd7dae23255d3c50a99ec8 upstream Introduce the 'l1tf=' kernel command line option to allow for boot-time switching of mitigation that is used on processors

[PATCH 4.17 71/97] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit fee0aede6f4739c87179eca76136f83210953b86 upstream The CPU_SMT_NOT_SUPPORTED state is set (if the processor does not support SMT) when the sysfs SMT control file is

[PATCH 4.14 013/104] root dentries need RCU-delayed freeing

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 90bad5e05bcdb0308cfa3d3a60f5c0b9c8e2efb3 upstream. Since mountpoint crossing can happen without leaving lazy mode, root dentries do need the same protection against having

[PATCH 4.14 017/104] mtd: nand: qcom: Add a NULL check for devm_kasprintf()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Fabio Estevam commit 069f05346d01e7298939f16533953cdf52370be3 upstream. devm_kasprintf() may fail, so we should better add a NULL check and propagate an error on failure. Signed-off-by:

Re: [PATCH] PCI: Equalize hotplug memory for non/occupied slots

On Wed, Jul 25, 2018 at 05:02:59PM -0600, Jon Derrick wrote: > Currently, a hotplug bridge will be given hpmemsize additional memory if > available, in order to satisfy any future hotplug allocation > requirements. > > These calculations don't consider the current memory size of the hotplug >

Re: [PATCH 2/2] bcache: add undef for macro in function

On 2018/8/14 10:59 PM, cdb...@163.com wrote: > Hi Coly， > The three macros is only locally used in func "__cached_dev"，I think > they should be undefined before leaving the func. > Hi Dongbo, It is worthy to do this if there is a potential conflict. But they are defined in sysfs.c and not

Re: [PATCH] Handle clock_gettime(CLOCK_TAI) in VDSO

On Tue, 2018-08-14 at 07:20 -0700, Andy Lutomirski wrote: > > +   /* Doubled switch statement to work around kernel Makefile error */ > > +   /* See: > > https://www.mail-archive.com/gcc-bugs@gcc.gnu.org/msg567499.html */ > > NAK. > > The issue here (after reading that thread) is that,

Re: [PATCH v8 3/6] Uprobes: Support SDT markers having reference count (semaphore)

On Mon, Aug 13, 2018 at 9:37 PM, Ravi Bangoria wrote: > Hi Song, > > On 08/13/2018 10:42 PM, Song Liu wrote: >> On Mon, Aug 13, 2018 at 6:17 AM, Oleg Nesterov wrote: >>> On 08/13, Ravi Bangoria wrote: > But damn, process creation (exec) is trivial. We could add a new >

RE: [PATCH net-next 5/9] net: hns3: Fix for vf vlan delete failed problem

Hi Dave, > -Original Message- > From: David Miller [mailto:da...@davemloft.net] > Sent: Monday, August 13, 2018 4:57 PM > To: Salil Mehta > Cc: Zhuangyuzeng (Yisen) ; lipeng (Y) > ; mehta.salil@gmail.com; > net...@vger.kernel.org; linux-kernel@vger.kernel.org; Linuxarm > ;

[PATCH] x86, asm: Use CC_SET()/CC_OUT() in arch/x86/include/asm/signal.h

Remove open-coded uses of set instructions to use CC_SET()/CC_OUT() in arch/x86/include/asm/signal.h. Signed-off-by: Uros Bizjak --- arch/x86/include/asm/signal.h | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/signal.h

Re: [PATCH v2 1/3] mfd: cros: add charger port count command definition

Hi, Missatge de Fabien Parent del dia dv., 10 d’ag. 2018 a les 15:17: > > A new more command has been added to the ChromeOS embedded controller > that allows to get the number of charger port count. Unlike > EC_CMD_USB_PD_PORTS, this new command also includes the dedicated > port if present. > >

[PATCH 4.18 01/79] x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 5800dc5c19f34e6e03b5adab1282535cb102fafd upstream. Nadav reported that on guests we're failing to rewrite the indirect calls to CALLEE_SAVE paravirt functions. In

[PATCH 4.18 10/79] x86/speculation/l1tf: Add sysfs reporting for l1tf

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen L1TF core kernel workarounds are cheap and normally always enabled, However they still should be reported in sysfs if the system is vulnerable or mitigated. Add the necessary CPU

[PATCH 4.18 11/79] x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen For L1TF PROT_NONE mappings are protected by inverting the PFN in the page table entry. This sets the high bits in the CPU's address space, thus making sure to point to not point an

[PATCH 4.14 025/104] x86/irqflags: Provide a declaration for native_save_fl

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nick Desaulniers commit 208cbb32558907f68b3b2a081ca2337ac3744794 upstream. It was reported that the commit d0a8d9378d16 is causing users of gcc < 4.9 to observe -Werror=missing-prototypes

[PATCH 4.14 028/104] x86/speculation/l1tf: Protect swap entries against L1TF

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 2f22b4cd45b67b3496f4aa4c7180a1271c6452f6 upstream With L1 terminal fault the CPU speculates into unmapped PTEs, and resulting side effects allow to read the memory the

[PATCH 4.14 003/104] scsi: hpsa: fix selection of reply queue

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 8b834bff1b73dce46f4e9f5e84af6f73fed8b0ef upstream. Since commit 84676c1f21e8 ("genirq/affinity: assign vectors to all possible CPUs") we could end up with an MSI-X vector that

[PATCH 4.14 026/104] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 50896e180c6aa3a9c61a26ced99e15d602666a4c upstream L1 Terminal Fault (L1TF) is a speculation related vulnerability. The CPU speculates on PTE entries which do not have the

<    1   2   3   4   5   6   7   8   9   10   >