Merge v4.14.14 into chromeos-4.14 |
|||
Issue description
Merge v4.14.14 into chromeos-4.14.
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Linux 4.14.14-rc1
Thomas Gleixner <tglx@xxxxxxxxxxxxx>
x86/retpoline: Remove compile time warning
Peter Zijlstra <peterz@xxxxxxxxxxxxx>
x86,perf: Disable intel_bts when PTI
W. Trevor King <wking@xxxxxxxxxx>
security/Kconfig: Correct the Documentation reference for PTI
Thomas Gleixner <tglx@xxxxxxxxxxxxx>
x86/pti: Fix !PCID and sanitize defines
Andy Lutomirski <luto@xxxxxxxxxx>
selftests/x86: Add test_vsyscall
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline: Fill return stack buffer on vmexit
Andi Kleen <ak@xxxxxxxxxxxxxxx>
x86/retpoline/irq32: Convert assembler indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline/checksum32: Convert assembler indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline/xen: Convert Xen hypercall indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline/hyperv: Convert assembler indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline/entry: Convert entry assembler indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline/crypto: Convert crypto assembler indirect jumps
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/spectre: Add boot time option to select Spectre v2 mitigation
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/retpoline: Add initial retpoline support
Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
objtool: Allow alternatives to be ignored
Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
objtool: Detect jumps to retpoline thunks
Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
x86/pti: Make unpoison of pgd for trusted boot work for real
Borislav Petkov <bp@xxxxxxx>
x86/alternatives: Fix optimize_nops() checking
David Woodhouse <dwmw@xxxxxxxxxxxx>
sysfs/cpu: Fix typos in vulnerability documentation
Tom Lendacky <thomas.lendacky@xxxxxxx>
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
Tom Lendacky <thomas.lendacky@xxxxxxx>
x86/cpu/AMD: Make LFENCE a serializing instruction
Jike Song <albcamus@xxxxxxxxx>
x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*()
Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
x86/tboot: Unbreak tboot with PTI enabled
Thomas Gleixner <tglx@xxxxxxxxxxxxx>
x86/cpu: Implement CPU vulnerabilites sysfs functions
Thomas Gleixner <tglx@xxxxxxxxxxxxx>
sysfs/cpu: Add vulnerability folder
David Woodhouse <dwmw@xxxxxxxxxxxx>
x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
x86/Documentation: Add PTI description
Jiri Kosina <jkosina@xxxxxxx>
x86/pti: Unbreak EFI old_memmap
Benjamin Poirier <bpoirier@xxxxxxxx>
e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
John Johansen <john.johansen@xxxxxxxxxxxxx>
apparmor: fix ptrace label match when matching stacked labels
Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
kdump: write correct address of mem_section into vmcoreinfo
Hans de Goede <hdegoede@xxxxxxxxxx>
mux: core: fix double get_device()
Icenowy Zheng <icenowy@xxxxxxx>
uas: ignore UAS for Norelsys NS1068(X) chips
Ben Seri <ben@xxxxxxxxx>
Bluetooth: Prevent stack info leak from the EFS element.
Viktor Slavkovic <viktors@xxxxxxxxxx>
staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
Shuah Khan <shuah@xxxxxxxxxx>
usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer
Shuah Khan <shuah@xxxxxxxxxx>
usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input
Shuah Khan <shuah@xxxxxxxxxx>
usbip: remove kernel addresses from usb device and urb debug msgs
Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
USB: UDC core: fix double-free in usb_add_gadget_udc_release
Pete Zaitcev <zaitcev@xxxxxxxxxx>
USB: fix usbmon BUG trigger
Stefan Agner <stefan@xxxxxxxx>
usb: misc: usb3503: make sure reset is low for at least 100us
Christian Holl <cyborgx1@xxxxxxxxx>
USB: serial: cp210x: add new device ID ELV ALC 8xxx
Diego Elio Pettenò <flameeyes@xxxxxxxxxxxx>
USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
Daniel Borkmann <daniel@xxxxxxxxxxxxx>
bpf: arsh is not supported in 32 bit alu thus reject it
Daniel Borkmann <daniel@xxxxxxxxxxxxx>
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
Alexei Starovoitov <ast@xxxxxxxxxx>
bpf: prevent out-of-bounds speculation
Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>
drm/i915: Fix init_clock_gating for resume
Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>
drm/i915: Move init_clock_gating() back to where it was
Kenneth Graunke <kenneth@xxxxxxxxxxxxx>
drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake.
Zhi Wang <zhi.a.wang@xxxxxxxxx>
drm/i915/gvt: Clear the shadow page table entry after post-sync
Dan Carpenter <dan.carpenter@xxxxxxxxxx>
drm/vmwgfx: Potential off by one in vmw_view_add()
Thomas Hellstrom <thellstrom@xxxxxxxxxx>
drm/vmwgfx: Don't cache framebuffer maps
David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
KVM: PPC: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt()
Serhii Popovych <spopovyc@xxxxxxxxxx>
KVM: PPC: Book3S HV: Fix use after free in case of multiple resize requests
Serhii Popovych <spopovyc@xxxxxxxxxx>
KVM: PPC: Book3S HV: Drop prepare_done from struct kvm_resize_hpt
Alexey Kardashevskiy <aik@xxxxxxxxx>
KVM: PPC: Book3S PR: Fix WIMG handling under pHyp
Andrew Honig <ahonig@xxxxxxxxxx>
KVM: x86: Add memory barrier on vmcs field lookup
Jia Zhang <qianyue.zj@xxxxxxxxxxxxxxx>
x86/microcode/intel: Extend BDW late-loading with a revision check
Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
iwlwifi: pcie: fix DMA memory mapping / unmapping
Ilya Dryomov <idryomov@xxxxxxxxx>
rbd: set max_segments to USHRT_MAX
Florian Margaine <florian@xxxxxxxxxxx>
rbd: reacquire lock should update lock owner client id
Masaharu Hayakawa <masaharu.hayakawa.ry@xxxxxxxxxxx>
mmc: renesas_sdhi: Add MODULE_LICENSE
Eric Biggers <ebiggers@xxxxxxxxxx>
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
membarrier: Disable preemption when calling smp_call_function_many()
David S. Miller <davem@xxxxxxxxxxxxx>
Revert "Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find.""
Russell King <rmk+kernel@xxxxxxxxxxxxxxx>
sfp: fix sfp-bus oops when removing socket/upstream
Ido Schimmel <idosch@xxxxxxxxxxxx>
mlxsw: spectrum: Relax sanity checks during enslavement
Mathieu Xhonneux <m.xhonneux@xxxxxxxxx>
ipv6: sr: fix TLVs not being copied using setsockopt
Roi Dayan <roid@xxxxxxxxxxxx>
net/sched: Fix update of lastuse in act modules implementing stats_update
Ido Schimmel <idosch@xxxxxxxxxxxx>
mlxsw: spectrum_router: Fix NULL pointer deref
Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx>
ethtool: do not print warning for applications using legacy API
Eric Dumazet <edumazet@xxxxxxxxxx>
ipv6: fix possible mem leaks in ipv6_make_skb()
Sergei Shtylyov <sergei.shtylyov@xxxxxxxxxxxxxxxxxx>
sh_eth: fix SH7757 GEther initialization
Jerome Brunet <jbrunet@xxxxxxxxxxxx>
net: stmmac: enable EEE in MII, GMII or RGMII only
Sergei Shtylyov <sergei.shtylyov@xxxxxxxxxxxxxxxxxx>
sh_eth: fix TSU resource handling
Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
sctp: fix the handling of ICMP Frag Needed for too small MTUs
Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled
Fugang Duan <fugang.duan@xxxxxxx>
net: fec: free/restore resource in related probe error pathes
Fugang Duan <fugang.duan@xxxxxxx>
net: fec: defer probe if regulator is not ready
Fugang Duan <fugang.duan@xxxxxxx>
net: fec: restore dev_id in the cases of probe error
Mohamed Ghannam <simo.ghannam@xxxxxxxxx>
RDS: null pointer dereference in rds_atomic_free_op
Mohamed Ghannam <simo.ghannam@xxxxxxxxx>
RDS: Heap OOB write in rds_message_alloc_sgs()
Russell King <rmk+kernel@xxxxxxxxxxxxxxx>
phylink: ensure we report link down when LOS asserted
Andrii Vladyka <tulup@xxxxxxx>
net: core: fix module type in sock_diag_bind
Eli Cooper <elicooper@xxxxxxx>
ip6_tunnel: disable dst caching if tunnel is dual-stack
Cong Wang <xiyou.wangcong@xxxxxxxxx>
8021q: fix a memory leak for VLAN 0 device
Vikas C Sajjan <vikas.cha.sajjan@xxxxxxx>
x86/acpi: Reduce code duplication in mp_override_legacy_irq()
Takashi Iwai <tiwai@xxxxxxx>
ALSA: aloop: Fix racy hw constraints adjustment
Takashi Iwai <tiwai@xxxxxxx>
ALSA: aloop: Fix inconsistent format due to incomplete rule
Takashi Iwai <tiwai@xxxxxxx>
ALSA: aloop: Release cable upon open error path
Takashi Iwai <tiwai@xxxxxxx>
ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
Takashi Iwai <tiwai@xxxxxxx>
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
Takashi Iwai <tiwai@xxxxxxx>
ALSA: pcm: Add missing error checks in OSS emulation plugin builder
Takashi Iwai <tiwai@xxxxxxx>
ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error
Takashi Iwai <tiwai@xxxxxxx>
ALSA: pcm: Remove incorrect snd_BUG_ON() usages
Vikas C Sajjan <vikas.cha.sajjan@xxxxxxx>
x86/acpi: Handle SCI interrupts above legacy space gracefully
Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
iw_cxgb4: when flushing, complete all wrs in a chain
Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
iw_cxgb4: reflect the original WR opcode in drain cqes
Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
iw_cxgb4: only clear the ARMED bit if a notification is needed
Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
iw_cxgb4: atomically flush the qp
Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
iw_cxgb4: only call the cq comp_handler when the cq is armed
Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
platform/x86: wmi: Call acpi_wmi_init() later
Jim Mattson <jmattson@xxxxxxxxxx>
kvm: vmx: Scrub hardware GPRs at VM-exit
Tejun Heo <tj@xxxxxxxxxx>
cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Factor out NT_PRFPREG regset access helpers
Maciej W. Rozycki <macro@xxxxxxxx>
MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
Bart Van Assche <bart.vanassche@xxxxxxx>
IB/srpt: Fix ACL lookup during login
Bart Van Assche <bart.vanassche@xxxxxxx>
IB/srpt: Disable RDMA access by the initiator
Wolfgang Grandegger <wg@xxxxxxxxxxxxxx>
can: gs_usb: fix return value of the "set_bittiming" callback
Oliver Hartkopp <socketcan@xxxxxxxxxxxx>
can: vxcan: improve handling of missing peer name attribute
Wanpeng Li <wanpeng.li@xxxxxxxxxxx>
KVM: Fix stack-out-of-bounds read in write_mmio
Suren Baghdasaryan <surenb@xxxxxxxxxx>
dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +
Documentation/admin-guide/kernel-parameters.txt | 49 +-
Documentation/x86/pti.txt | 186 ++++++++
Makefile | 4 +-
arch/mips/kernel/process.c | 12 +
arch/mips/kernel/ptrace.c | 147 ++++--
arch/powerpc/kvm/book3s_64_mmu.c | 1 +
arch/powerpc/kvm/book3s_64_mmu_hv.c | 90 ++--
arch/powerpc/kvm/book3s_pr.c | 2 +
arch/x86/Kconfig | 14 +
arch/x86/Makefile | 8 +
arch/x86/crypto/aesni-intel_asm.S | 5 +-
arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +-
arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +-
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +-
arch/x86/entry/calling.h | 36 +-
arch/x86/entry/entry_32.S | 5 +-
arch/x86/entry/entry_64.S | 12 +-
arch/x86/events/intel/bts.c | 18 +
arch/x86/include/asm/asm-prototypes.h | 25 ++
arch/x86/include/asm/cpufeatures.h | 4 +
arch/x86/include/asm/mshyperv.h | 18 +-
arch/x86/include/asm/msr-index.h | 3 +
arch/x86/include/asm/nospec-branch.h | 214 +++++++++
arch/x86/include/asm/processor-flags.h | 2 +-
arch/x86/include/asm/tlbflush.h | 6 +-
arch/x86/include/asm/xen/hypercall.h | 5 +-
arch/x86/kernel/acpi/boot.c | 61 ++-
arch/x86/kernel/alternative.c | 7 +-
arch/x86/kernel/cpu/amd.c | 28 +-
arch/x86/kernel/cpu/bugs.c | 185 ++++++++
arch/x86/kernel/cpu/common.c | 3 +
arch/x86/kernel/cpu/microcode/intel.c | 13 +-
arch/x86/kernel/ftrace_32.S | 6 +-
arch/x86/kernel/ftrace_64.S | 8 +-
arch/x86/kernel/irq_32.c | 9 +-
arch/x86/kernel/tboot.c | 11 +
arch/x86/kvm/svm.c | 23 +
arch/x86/kvm/vmx.c | 30 +-
arch/x86/kvm/x86.c | 8 +-
arch/x86/lib/Makefile | 1 +
arch/x86/lib/checksum_32.S | 7 +-
arch/x86/lib/retpoline.S | 48 ++
arch/x86/mm/pti.c | 32 +-
arch/x86/platform/efi/efi_64.c | 2 +
crypto/algapi.c | 12 +
drivers/base/Kconfig | 3 +
drivers/base/cpu.c | 48 ++
drivers/block/rbd.c | 18 +-
drivers/gpu/drm/i915/gvt/gtt.c | 5 +-
drivers/gpu/drm/i915/i915_drv.c | 1 +
drivers/gpu/drm/i915/i915_reg.h | 2 +
drivers/gpu/drm/i915/intel_display.c | 14 +-
drivers/gpu/drm/i915/intel_engine_cs.c | 5 +
drivers/gpu/drm/i915/intel_pm.c | 44 +-
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 6 -
drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 41 +-
drivers/infiniband/hw/cxgb4/cq.c | 7 +-
drivers/infiniband/hw/cxgb4/ev.c | 8 +-
drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 2 -
drivers/infiniband/hw/cxgb4/qp.c | 119 +++--
drivers/infiniband/hw/cxgb4/t4.h | 6 +
drivers/infiniband/ulp/srpt/ib_srpt.c | 5 +-
drivers/md/dm-bufio.c | 8 +-
drivers/mmc/host/renesas_sdhi_core.c | 3 +
drivers/mux/core.c | 4 +-
drivers/net/can/usb/gs_usb.c | 2 +-
drivers/net/can/vxcan.c | 2 +-
drivers/net/ethernet/freescale/fec_main.c | 7 +-
drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 11 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 +
.../net/ethernet/mellanox/mlxsw/spectrum_router.c | 2 +-
.../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 6 +
drivers/net/ethernet/renesas/sh_eth.c | 29 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +
drivers/net/phy/phylink.c | 3 +-
drivers/net/phy/sfp-bus.c | 6 +-
drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 10 +-
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 11 +-
drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 8 +-
drivers/platform/x86/wmi.c | 2 +-
drivers/staging/android/ashmem.c | 2 +
drivers/usb/gadget/udc/core.c | 28 +-
drivers/usb/misc/usb3503.c | 2 +
drivers/usb/mon/mon_bin.c | 8 +-
drivers/usb/serial/cp210x.c | 2 +
drivers/usb/storage/unusual_uas.h | 7 +
drivers/usb/usbip/usbip_common.c | 17 +-
drivers/usb/usbip/vudc_rx.c | 19 +
drivers/usb/usbip/vudc_tx.c | 11 +-
include/linux/bpf.h | 2 +
include/linux/cpu.h | 7 +
include/linux/crash_core.h | 2 +
include/linux/sh_eth.h | 1 -
include/net/sctp/structs.h | 2 +-
include/trace/events/kvm.h | 7 +-
kernel/bpf/arraymap.c | 61 ++-
kernel/bpf/verifier.c | 41 ++
kernel/cgroup/cgroup.c | 14 +-
kernel/crash_core.c | 2 +-
kernel/sched/membarrier.c | 2 +
net/8021q/vlan.c | 7 +-
net/bluetooth/l2cap_core.c | 20 +-
net/core/ethtool.c | 15 +-
net/core/sock_diag.c | 2 +-
net/ipv6/exthdrs.c | 9 +
net/ipv6/ip6_output.c | 5 +-
net/ipv6/ip6_tunnel.c | 9 +-
net/rds/rdma.c | 4 +
net/sched/act_gact.c | 2 +-
net/sched/act_mirred.c | 2 +-
net/sctp/input.c | 28 +-
net/sctp/transport.c | 29 +-
net/xfrm/xfrm_policy.c | 29 +-
security/Kconfig | 2 +-
security/apparmor/include/perms.h | 3 +
security/apparmor/ipc.c | 53 ++-
sound/core/oss/pcm_oss.c | 41 +-
sound/core/oss/pcm_plugin.c | 14 +-
sound/core/pcm_lib.c | 4 +-
sound/core/pcm_native.c | 9 +-
sound/drivers/aloop.c | 98 ++--
tools/objtool/check.c | 69 ++-
tools/objtool/check.h | 2 +-
tools/testing/selftests/bpf/test_verifier.c | 40 ++
tools/testing/selftests/x86/Makefile | 2 +-
tools/testing/selftests/x86/test_vsyscall.c | 500 +++++++++++++++++++++
virt/kvm/arm/mmio.c | 6 +-
131 files changed, 2536 insertions(+), 561 deletions(-)
,
Jan 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/256107bcc2bc3bb4520fd1e9c6eef59645662b00 commit 256107bcc2bc3bb4520fd1e9c6eef59645662b00 Author: Guenter Roeck <groeck@chromium.org> Date: Fri Jan 19 16:23:56 2018 CHROMIUM: Merge 'v4.14.14' into chromeos-4.14 Merge of v4.14.14 into chromeos-4.14 Conflicts: arch/x86/entry/entry_64.S Changes applied on top of 'v4.14.14' prior to merge: e9eb28165cd7 CHROMIUM: Revert "objtool: Allow alternatives to be ignored" f3f525d2d0ae CHROMIUM: Revert "drm/i915/gvt: Clear the shadow page table entry after post-sync" 8d90ba3469d3 CHROMIUM: Revert "drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake." e7509bd57746 CHROMIUM: Revert "drm/i915: Move init_clock_gating() back to where it was" 76bbe2308799 CHROMIUM: Revert "drm/i915: Fix init_clock_gating for resume" Changelog: ---------------------------------------------------------------- Alan Stern (1): USB: UDC core: fix double-free in usb_add_gadget_udc_release Alexei Starovoitov (1): bpf: prevent out-of-bounds speculation Alexey Kardashevskiy (1): KVM: PPC: Book3S PR: Fix WIMG handling under pHyp Andi Kleen (1): x86/retpoline/irq32: Convert assembler indirect jumps Andrew Honig (1): KVM: x86: Add memory barrier on vmcs field lookup Andrii Vladyka (1): net: core: fix module type in sock_diag_bind Andy Lutomirski (1): selftests/x86: Add test_vsyscall Bart Van Assche (2): IB/srpt: Disable RDMA access by the initiator IB/srpt: Fix ACL lookup during login Ben Seri (1): Bluetooth: Prevent stack info leak from the EFS element. Benjamin Poirier (1): e1000e: Fix e1000_check_for_copper_link_ich8lan return value. Borislav Petkov (1): x86/alternatives: Fix optimize_nops() checking Christian Holl (1): USB: serial: cp210x: add new device ID ELV ALC 8xxx Cong Wang (1): 8021q: fix a memory leak for VLAN 0 device Dan Carpenter (1): drm/vmwgfx: Potential off by one in vmw_view_add() Daniel Borkmann (2): bpf, array: fix overflow in max_entries and undefined behavior in index_mask bpf: arsh is not supported in 32 bit alu thus reject it Dave Hansen (3): x86/Documentation: Add PTI description x86/tboot: Unbreak tboot with PTI enabled x86/pti: Make unpoison of pgd for trusted boot work for real David Gibson (1): KVM: PPC: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt() David Woodhouse (11): x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] sysfs/cpu: Fix typos in vulnerability documentation x86/retpoline: Add initial retpoline support x86/spectre: Add boot time option to select Spectre v2 mitigation x86/retpoline/crypto: Convert crypto assembler indirect jumps x86/retpoline/entry: Convert entry assembler indirect jumps x86/retpoline/ftrace: Convert ftrace assembler indirect jumps x86/retpoline/hyperv: Convert assembler indirect jumps x86/retpoline/xen: Convert Xen hypercall indirect jumps x86/retpoline/checksum32: Convert assembler indirect jumps x86/retpoline: Fill return stack buffer on vmexit Diego Elio Pettenò (1): USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ Eli Cooper (1): ip6_tunnel: disable dst caching if tunnel is dual-stack Emmanuel Grumbach (1): iwlwifi: pcie: fix DMA memory mapping / unmapping Eric Biggers (1): crypto: algapi - fix NULL dereference in crypto_remove_spawns() Eric Dumazet (1): ipv6: fix possible mem leaks in ipv6_make_skb() Florian Margaine (1): rbd: reacquire lock should update lock owner client id Fugang Duan (3): net: fec: restore dev_id in the cases of probe error net: fec: defer probe if regulator is not ready net: fec: free/restore resource in related probe error pathes Greg Kroah-Hartman (1): Linux 4.14.14 Guenter Roeck (6): CHROMIUM: Revert "drm/i915: Fix init_clock_gating for resume" CHROMIUM: Revert "drm/i915: Move init_clock_gating() back to where it was" CHROMIUM: Revert "drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake." CHROMIUM: Revert "drm/i915/gvt: Clear the shadow page table entry after post-sync" CHROMIUM: Revert "objtool: Allow alternatives to be ignored" Merge remote-tracking branch 'origin/linux/v4.14.14' into merge/chromeos-4.14-v4.14.14 Hans de Goede (1): mux: core: fix double get_device() Icenowy Zheng (1): uas: ignore UAS for Norelsys NS1068(X) chips Ido Schimmel (2): mlxsw: spectrum_router: Fix NULL pointer deref mlxsw: spectrum: Relax sanity checks during enslavement Ilya Dryomov (1): rbd: set max_segments to USHRT_MAX Jerome Brunet (1): net: stmmac: enable EEE in MII, GMII or RGMII only Jia Zhang (1): x86/microcode/intel: Extend BDW late-loading with a revision check Jike Song (1): x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*() Jim Mattson (1): kvm: vmx: Scrub hardware GPRs at VM-exit Jiri Kosina (1): x86/pti: Unbreak EFI old_memmap John Johansen (1): apparmor: fix ptrace label match when matching stacked labels Josh Poimboeuf (2): objtool: Detect jumps to retpoline thunks objtool: Allow alternatives to be ignored Kenneth Graunke (1): drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake. Kirill A. Shutemov (1): kdump: write correct address of mem_section into vmcoreinfo Maciej W. Rozycki (7): MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task MIPS: Factor out NT_PRFPREG regset access helpers MIPS: Guard against any partial write attempt with PTRACE_SETREGSET MIPS: Consistently handle buffer counter with PTRACE_SETREGSET MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses Marcelo Ricardo Leitner (2): sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled sctp: fix the handling of ICMP Frag Needed for too small MTUs Masaharu Hayakawa (1): mmc: renesas_sdhi: Add MODULE_LICENSE Mathieu Desnoyers (1): membarrier: Disable preemption when calling smp_call_function_many() Mathieu Xhonneux (1): ipv6: sr: fix TLVs not being copied using setsockopt Mohamed Ghannam (2): RDS: Heap OOB write in rds_message_alloc_sgs() RDS: null pointer dereference in rds_atomic_free_op Oliver Hartkopp (1): can: vxcan: improve handling of missing peer name attribute Pete Zaitcev (1): USB: fix usbmon BUG trigger Peter Zijlstra (1): x86,perf: Disable intel_bts when PTI Rafael J. Wysocki (1): platform/x86: wmi: Call acpi_wmi_init() later Roi Dayan (1): net/sched: Fix update of lastuse in act modules implementing stats_update Russell King (2): phylink: ensure we report link down when LOS asserted sfp: fix sfp-bus oops when removing socket/upstream Sergei Shtylyov (2): sh_eth: fix TSU resource handling sh_eth: fix SH7757 GEther initialization Serhii Popovych (2): KVM: PPC: Book3S HV: Drop prepare_done from struct kvm_resize_hpt KVM: PPC: Book3S HV: Fix use after free in case of multiple resize requests Shuah Khan (3): usbip: remove kernel addresses from usb device and urb debug msgs usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer Stefan Agner (1): usb: misc: usb3503: make sure reset is low for at least 100us Stephen Hemminger (1): ethtool: do not print warning for applications using legacy API Steve Wise (5): iw_cxgb4: only call the cq comp_handler when the cq is armed iw_cxgb4: atomically flush the qp iw_cxgb4: only clear the ARMED bit if a notification is needed iw_cxgb4: reflect the original WR opcode in drain cqes iw_cxgb4: when flushing, complete all wrs in a chain Suren Baghdasaryan (1): dm bufio: fix shrinker scans when (nr_to_scan < retain_target) Takashi Iwai (8): ALSA: pcm: Remove incorrect snd_BUG_ON() usages ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error ALSA: pcm: Add missing error checks in OSS emulation plugin builder ALSA: pcm: Abort properly at pending signal in OSS read/write loops ALSA: pcm: Allow aborting mutex lock at OSS read/write loops ALSA: aloop: Release cable upon open error path ALSA: aloop: Fix inconsistent format due to incomplete rule ALSA: aloop: Fix racy hw constraints adjustment Tejun Heo (1): cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC Thomas Gleixner (4): sysfs/cpu: Add vulnerability folder x86/cpu: Implement CPU vulnerabilites sysfs functions x86/pti: Fix !PCID and sanitize defines x86/retpoline: Remove compile time warning Thomas Hellstrom (1): drm/vmwgfx: Don't cache framebuffer maps Tom Lendacky (2): x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC Vikas C Sajjan (2): x86/acpi: Handle SCI interrupts above legacy space gracefully x86/acpi: Reduce code duplication in mp_override_legacy_irq() Viktor Slavkovic (1): staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl Ville Syrjälä (2): drm/i915: Move init_clock_gating() back to where it was drm/i915: Fix init_clock_gating for resume W. Trevor King (1): security/Kconfig: Correct the Documentation reference for PTI Wanpeng Li (1): KVM: Fix stack-out-of-bounds read in write_mmio Wolfgang Grandegger (1): can: gs_usb: fix return value of the "set_bittiming" callback Zhi Wang (1): drm/i915/gvt: Clear the shadow page table entry after post-sync Documentation/ABI/testing/sysfs-devices-system-cpu | 16 + Documentation/admin-guide/kernel-parameters.txt | 49 +- Documentation/x86/pti.txt | 186 ++++++++ Makefile | 2 +- arch/mips/kernel/process.c | 12 + arch/mips/kernel/ptrace.c | 147 ++++-- arch/powerpc/kvm/book3s_64_mmu.c | 1 + arch/powerpc/kvm/book3s_64_mmu_hv.c | 90 ++-- arch/powerpc/kvm/book3s_pr.c | 2 + arch/x86/Kconfig | 14 + arch/x86/Makefile | 8 + arch/x86/crypto/aesni-intel_asm.S | 5 +- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +- arch/x86/entry/calling.h | 36 +- arch/x86/entry/entry_32.S | 5 +- arch/x86/entry/entry_64.S | 18 +- arch/x86/events/intel/bts.c | 18 + arch/x86/include/asm/asm-prototypes.h | 25 ++ arch/x86/include/asm/cpufeatures.h | 4 + arch/x86/include/asm/mshyperv.h | 18 +- arch/x86/include/asm/msr-index.h | 3 + arch/x86/include/asm/nospec-branch.h | 214 +++++++++ arch/x86/include/asm/processor-flags.h | 2 +- arch/x86/include/asm/tlbflush.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/acpi/boot.c | 61 ++- arch/x86/kernel/alternative.c | 7 +- arch/x86/kernel/cpu/amd.c | 28 +- arch/x86/kernel/cpu/bugs.c | 185 ++++++++ arch/x86/kernel/cpu/common.c | 3 + arch/x86/kernel/cpu/microcode/intel.c | 13 +- arch/x86/kernel/ftrace_32.S | 6 +- arch/x86/kernel/ftrace_64.S | 8 +- arch/x86/kernel/irq_32.c | 9 +- arch/x86/kernel/tboot.c | 11 + arch/x86/kvm/svm.c | 23 + arch/x86/kvm/vmx.c | 30 +- arch/x86/kvm/x86.c | 8 +- arch/x86/lib/Makefile | 1 + arch/x86/lib/checksum_32.S | 7 +- arch/x86/lib/retpoline.S | 48 ++ arch/x86/mm/pti.c | 32 +- arch/x86/platform/efi/efi_64.c | 2 + crypto/algapi.c | 12 + drivers/base/Kconfig | 3 + drivers/base/cpu.c | 48 ++ drivers/block/rbd.c | 18 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 6 - drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 41 +- drivers/infiniband/hw/cxgb4/cq.c | 7 +- drivers/infiniband/hw/cxgb4/ev.c | 8 +- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 2 - drivers/infiniband/hw/cxgb4/qp.c | 119 +++-- drivers/infiniband/hw/cxgb4/t4.h | 6 + drivers/infiniband/ulp/srpt/ib_srpt.c | 5 +- drivers/md/dm-bufio.c | 8 +- drivers/mmc/host/renesas_sdhi_core.c | 3 + drivers/mux/core.c | 4 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/can/vxcan.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 11 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 6 + drivers/net/ethernet/renesas/sh_eth.c | 29 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 + drivers/net/phy/phylink.c | 3 +- drivers/net/phy/sfp-bus.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 10 +- drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 11 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 8 +- drivers/platform/x86/wmi.c | 2 +- drivers/usb/gadget/udc/core.c | 28 +- drivers/usb/misc/usb3503.c | 2 + drivers/usb/mon/mon_bin.c | 8 +- drivers/usb/serial/cp210x.c | 2 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/usbip/usbip_common.c | 17 +- drivers/usb/usbip/vudc_rx.c | 19 + drivers/usb/usbip/vudc_tx.c | 11 +- include/linux/bpf.h | 2 + include/linux/cpu.h | 7 + include/linux/crash_core.h | 2 + include/linux/sh_eth.h | 1 - include/net/sctp/structs.h | 2 +- include/trace/events/kvm.h | 7 +- kernel/bpf/arraymap.c | 61 ++- kernel/bpf/verifier.c | 41 ++ kernel/cgroup/cgroup.c | 14 +- kernel/crash_core.c | 2 +- kernel/sched/membarrier.c | 2 + net/8021q/vlan.c | 7 +- net/core/ethtool.c | 15 +- net/core/sock_diag.c | 2 +- net/ipv6/exthdrs.c | 9 + net/ipv6/ip6_output.c | 5 +- net/ipv6/ip6_tunnel.c | 9 +- net/rds/rdma.c | 4 + net/sched/act_gact.c | 2 +- net/sched/act_mirred.c | 2 +- net/sctp/input.c | 28 +- net/sctp/transport.c | 29 +- security/Kconfig | 2 +- security/apparmor/include/perms.h | 3 + security/apparmor/ipc.c | 53 ++- sound/core/oss/pcm_oss.c | 41 +- sound/core/oss/pcm_plugin.c | 14 +- sound/core/pcm_lib.c | 4 +- sound/core/pcm_native.c | 9 +- sound/drivers/aloop.c | 98 ++-- tools/objtool/check.c | 7 + tools/testing/selftests/bpf/test_verifier.c | 40 ++ tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/test_vsyscall.c | 500 +++++++++++++++++++++ virt/kvm/arm/mmio.c | 6 +- 121 files changed, 2418 insertions(+), 497 deletions(-) create mode 100644 Documentation/x86/pti.txt create mode 100644 arch/x86/include/asm/nospec-branch.h create mode 100644 arch/x86/lib/retpoline.S create mode 100644 tools/testing/selftests/x86/test_vsyscall.c BUG= chromium:802348 TEST=Build and test on various affected systems Change-Id: I29e9ad7732e76e6cd4deb3ccf13aab1d46c64d0d Signed-off-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/256107bcc2bc3bb4520fd1e9c6eef59645662b00/arch/x86/entry/entry_64.S
,
Jan 20 2018
,
Feb 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/b5383e7311bc6c1fde0aa3584fa85fca62998d50 commit b5383e7311bc6c1fde0aa3584fa85fca62998d50 Author: Guenter Roeck <groeck@chromium.org> Date: Fri Feb 09 03:43:50 2018 Revert "CHROMIUM: Revert "objtool: Allow alternatives to be ignored"" This reverts commit e9eb28165cd73ba2355d77cd14d9d63869123073. Upstream stable release v4.14.18 fixes the problem we avoided by reverting the original patch. The problem was only seen in chromeos-4.14 if retpoline support was enabled through KCFLAGS. This is no longer the case (retpoline support is now enabled with CONFIG_RETPOLINE), thus it is safe to restore the original patch. This is a prerequisite for the merge of v4.14.18. BUG= chromium:800667 , chromium:802348 , chromium:810185 TEST=Build and run on affected system running chromeos-4.14 Change-Id: I010644f9f84d50d24c733147a754919a1ed8515f Signed-off-by: Guenter Roeck <groeck@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/908532 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/b5383e7311bc6c1fde0aa3584fa85fca62998d50/tools/objtool/check.c [modify] https://crrev.com/b5383e7311bc6c1fde0aa3584fa85fca62998d50/tools/objtool/check.h |
|||
►
Sign in to add a comment |
|||
Comment 1 by groeck@chromium.org
, Jan 16 2018