Import Debian changes 4.16.12-1

linux (4.16.12-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 - Revert "pinctrl: intel: Initialize GPIO properly when used through irqchip" - [armhf] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs - i40e: Fix attach VF to VM issue - tpm: cmd_ready command can be issued only after granting locality - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc - tpm: add retry logic - Revert "ath10k: send (re)assoc peer command when NSS changed" - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave - docs: ip-sysctl.txt: fix name of some ipv6 variables - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts - KEYS: DNS: limit the length of option strings - l2tp: check sockaddr length in pppol2tp_connect() - llc: delete timers synchronously in llc_sk_free() - net: af_packet: fix race in PACKET_{R|T}X_RING - net: fix deadlock while clearing neighbor proxy table - [arm64,armhf] net: mvpp2: Fix DMA address mask size - net: qmi_wwan: add Wistron Neweb D19Q1 - net/smc: fix shutdown in state SMC_LISTEN - net: stmmac: Disable ACS Feature for GMAC >= 4 - packet: fix bitfield update race - pppoe: check sockaddr length in pppoe_connect() - Revert "macsec: missing dev_put() on error in macsec_newlink()" - sctp: do not check port in sctp_inet6_cmp_addr - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX - strparser: Fix incorrect strp->need_bytes value. - tcp: clear tp->packets_out when purging write queue - tcp: don't read out-of-bounds opsize - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets - team: avoid adding twice the same option to the event list - team: fix netconsole setup over team - tipc: add policy for TIPC_NLA_NET_ADDR - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi - vmxnet3: fix incorrect dereference when rxvlan is disabled - [amd64,arm64] amd-xgbe: Add pre/post auto-negotiation phy hooks - [amd64,arm64] amd-xgbe: Improve KR auto-negotiation and training - [amd64,arm64] amd-xgbe: Only use the SFP supported transceiver signals - net: sched: ife: signal not finding metaid - net: sched: ife: handle malformed tlv length - net: sched: ife: check on metadata length - l2tp: hold reference on tunnels in netlink dumps - l2tp: hold reference on tunnels printed in pppol2tp proc file - l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file - l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow - llc: hold llc_sap before release_sock() - llc: fix NULL pointer deref for SOCK_ZAPPED - [s390x] qeth: fix error handling in adapter command callbacks - [s390x] qeth: avoid control IO completion stalls - [s390x] qeth: handle failure on workqueue creation - [armhf] net: ethernet: ti: cpsw: fix tx vlan priority mapping - net: validate attribute sizes in neigh_dump_table() - bnxt_en: Fix memory fault in bnxt_ethtool_init() - virtio-net: add missing virtqueue kick when flushing packets - VSOCK: make af_vsock.ko removable again - net: aquantia: Regression on reset with 1.x firmware - tun: fix vlan packet truncation - net: aquantia: oops when shutdown on already stopped device - virtio_net: split out ctrl buffer - virtio_net: fix adding vids on big-endian - Revert "mm/hmm: fix header file if/else/endif maze" - commoncap: Handle memory allocation failure. - scsi: mptsas: Disable WRITE SAME - cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940) - fsnotify: Fix fsnotify_mark_connector race - [m68k] mac: Don't remap SWIM MMIO region - [m68k] block/swim: Check drive type - [m68k] block/swim: Don't log an error message for an invalid ioctl - [m68k] block/swim: Remove extra put_disk() call from error path - [m68k] block/swim: Rename macros to avoid inconsistent inverted logic - [m68k] block/swim: Select appropriate drive on device open - [m68k] block/swim: Fix array bounds check - [m68k] block/swim: Fix IO error at end of medium - tracing: Fix missing tab for hwlat_detector print format - hwmon: (k10temp) Add temperature offset for Ryzen 2700X - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics - [s390x] cio: update chpid descriptor after resource accessibility event - [s390x] dasd: fix IO error for newly defined devices - [s390x] uprobes: implement arch_uretprobe_is_alive() - [s390x] cpum_cf: rename IBM z13/z14 counter names - kprobes: Fix random address output of blacklist file - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7 - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS - ext4: set h_journal if there is a failure starting a reserved handle - ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs - random: set up the NUMA crng instances after the CRNG is fully initialized - random: fix possible sleeping allocation from irq context - random: rate limit unseeded randomness warnings - usbip: usbip_event: fix to not print kernel pointer address - usbip: usbip_host: fix to hold parent lock for device_attach() calls - usbip: vhci_hcd: Fix usb device and sockfd leaks - usbip: vhci_hcd: check rhport before using in vhci_hub_control() - Revert "xhci: plat: Register shutdown for xhci_plat" - xhci: Fix USB ports for Dell Inspiron 5775 - USB: serial: simple: add libtransistor console - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster - USB: serial: cp210x: add ID for NI USB serial console - [arm64] serial: mvebu-uart: Fix local flags handling on termios update - usb: typec: ucsi: Increase command completion timeout value - usb: core: Add quirk for HP v222w 16GB Mini - USB: Increment wakeup count on remote wakeup. - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio - virtio: add ability to iterate over vqs - virtio_console: don't tie bufs to a vq - virtio_console: free buffers after reset - virtio_console: drop custom control queue cleanup - virtio_console: move removal code - virtio_console: reset on out of memory - drm/virtio: fix vq wait_event condition - tty: Don't call panic() at tty_ldisc_init() - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set - tty: Avoid possible error pointer dereference at tty_ldisc_restore(). - tty: Use __GFP_NOFAIL for tty_ldisc_get() - ALSA: dice: fix OUI for TC group - ALSA: dice: fix error path to destroy initialized stream data - ALSA: hda - Skip jack and others for non-existing PCM streams - ALSA: opl3: Hardening for potential Spectre v1 - ALSA: asihpi: Hardening for potential Spectre v1 - ALSA: hdspm: Hardening for potential Spectre v1 - ALSA: rme9652: Hardening for potential Spectre v1 - ALSA: control: Hardening for potential Spectre v1 - ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY. - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device - ALSA: seq: oss: Hardening for potential Spectre v1 - ALSA: hda: Hardening for potential Spectre v1 - ALSA: hda/realtek - Add some fixes for ALC233 - ALSA: hda/realtek - Update ALC255 depop optimize - ALSA: hda/realtek - change the location for one of two front mics - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. - mtd: rawnand: tango: Fix struct clk memory leak - mtd: rawnand: marvell: fix the chip-select DT parsing logic - kobject: don't use WARN for registration failures - scsi: sd_zbc: Avoid that resetting a zone fails sporadically - scsi: sd: Defer spinning up drive while SANITIZE is in progress - blk-mq: start request gstate with gen 1 - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request - block: do not use interruptible wait anywhere - [s390x] vfio: ccw: process ssch with interrupts disabled - [arm64] PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() - [arm64] PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() - [arm64] PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode - [arm64] PCI: aardvark: Fix PCIe Max Read Request Size setting - [armhf,arm64] KVM: Close VMID generation race - [powerpc*] mm: Flush cache on memory hot(un)plug - [powerpc*] mce: Fix a bug where mce loops on memory UE. - [powerpc*] powernv/npu: Do a PID GPU TLB flush when invalidating a large address range - crypto: drbg - set freed buffers to NULL - libceph: un-backoff on tick when we have a authenticated session - libceph: reschedule a tick in finish_hunting() - libceph: validate con->state at the top of try_write() - PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is set - module: Fix display of wrong module .text address - earlycon: Use a pointer table to fix __earlycon_table stride - [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt - [powerpc*] rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops - drm/edid: Reset more of the display info - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders - [x86] drm/i915/fbdev: Enable late fbdev initial configuration - [x86] drm/i915/audio: set minimum CD clock to twice the BCLK - [x86] drm/i915: Enable display WA#1183 from its correct spot - drm/amd/display: Fix deadlock when flushing irq - drm/amd/display: Don't read EDID in atomic_check - drm/amd/display: Disallow enabling CRTC without primary plane with FB - objtool, perf: Fix GCC 8 -Wrestrict error - [x86] ipc: Fix x32 version of shmid64_ds and msqid64_ds - [x86] smpboot: Don't use mwait_play_dead() on AMD systems - [x86] microcode/intel: Save microcode patch unconditionally - [x86] microcode: Do not exit early from __reload_late() - tick/sched: Do not mess with an enqueued hrtimer - [x86] crypto: ccp - add check to get PSP master only when PSP is detected - [armhf,arm64] KVM: Add PSCI version selection API https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.8 - ACPI / button: make module loadable when booted in non-ACPI mode - [arm64] Add work around for Arm Cortex-A55 Erratum 1024718 - ALSA: hda - Fix incorrect usage of IS_REACHABLE() - ALSA: pcm: Check PCM state at xfern compat ioctl - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index - ALSA: aloop: Mark paused device as inactive - ALSA: aloop: Add missing cable lock to ctl API callbacks - errseq: Always report a writeback error once - tracepoint: Do not warn on ENOMEM - scsi: target: Fix fortify_panic kernel exception - Input: leds - fix out of bound access - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro - swiotlb: fix inversed DMA_ATTR_NO_WARN test - rtlwifi: cleanup 8723be ant_sel definition - xfs: prevent creating negative-sized file via INSERT_RANGE - RDMA/cxgb4: release hw resources on device removal - RDMA/ucma: Allow resolving address w/o specifying source address - RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow - RDMA/mlx4: Add missed RSS hash inner header flag - RDMA/mlx5: Protect from shift operand overflow - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 - IB/mlx5: Use unlimited rate when static rate is not supported - infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m - IB/hfi1: Fix handling of FECN marked multicast packet - IB/hfi1: Fix loss of BECN with AHG - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used - iw_cxgb4: Atomically flush per QP HW CQEs - btrfs: Take trans lock before access running trans in check_delayed_ref - [arm64,armhf] drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced - [x86] drm/vmwgfx: Fix a buffer object leak - drm/bridge: vga-dac: Fix edid memory leak - xhci: Fix use-after-free in xhci_free_virt_device - USB: serial: visor: handle potential invalid device configuration - [arm64,armhf] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue - USB: Accept bulk endpoints with 1024-byte maxpacket - USB: serial: option: reimplement interface masking - USB: serial: option: adding support for ublox R410M - [arm64,armhf] usb: musb: host: fix potential NULL pointer dereference - [arm64, armhf] usb: musb: trace: fix NULL pointer dereference in musb_g_tx() - [x86] platform/x86: asus-wireless: Fix NULL pointer dereference - [x86] platform/x86: Kconfig: Fix dell-laptop dependency chain. - [x86] KVM: remove APIC Timer periodic/oneshot spikes - [x86] tsc: Always unregister clocksource_tsc_early - [x86] tsc: Fix mark_tsc_unstable() - [arm64] irqchip/qcom: Fix check for spurious interrupts - clocksource: Allow clocksource_mark_unstable() on unregistered clocksources - clocksource: Initialize cs->wd_list - clocksource: Consistent de-rate when marking unstable - tracing: Fix bad use of igrab in trace_uprobe.c https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9 - ipvs: fix rtnl_lock lockups caused by start_sync_thread - netfilter: ebtables: don't attempt to allocate 0-sized compat array - clk: ti: fix flag space conflict with clkctrl clocks - rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock - crypto: af_alg - fix possible uninit-value in alg_bind() - netlink: fix uninit-value in netlink_sendmsg - net: fix rtnh_ok() - net: initialize skb->peeked when cloning - net: fix uninit-value in __hw_addr_add_ex() - dccp: initialize ireq->ir_mark - ipv4: fix uninit-value in ip_route_output_key_hash_rcu() - soreuseport: initialise timewait reuseport field - inetpeer: fix uninit-value in inet_getpeer - bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog - memcg: fix per_node_info cleanup - perf: Remove superfluous allocation error check - i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr() - tcp: fix TCP_REPAIR_QUEUE bound checking - bdi: wake up concurrent wb_shutdown() callers. - bdi: Fix use after free bug in debugfs_remove() - bdi: Fix oops in wb_workfn() - compat: fix 4-byte infoleak via uninitialized struct field - gpioib: do not free unrequested descriptors - gpio: fix error path in lineevent_create - rfkill: gpio: fix memory leak in probe error path - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs - dm integrity: use kvfree for kvmalloc'd memory - tracing: Fix regex_match_front() to not over compare the test string - mm: sections are not offlined during memory hotremove - mm, oom: fix concurrent munlock and oom reaper unmap (CVE-2018-1000200) - ceph: fix rsize/wsize capping in ceph_direct_read_write() - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() - [armhf,arm64] drm/vc4: Fix scaling of uni-planar formats - drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages - [x86] drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log - [x86] drm/i915: Adjust eDP's logical vco in a reliable place. - drm/nouveau: Fix deadlock in nv50_mstm_register_connector() (Closes: #898825) - drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() - drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() - net: atm: Fix potential Spectre v1 - atm: zatm: Fix potential Spectre v1 - PCI / PM: Always check PME wakeup capability for runtime wakeup support - PCI / PM: Check device_may_wakeup() in pci_enable_wake() - cpufreq: schedutil: Avoid using invalid next_freq - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" - [x86] Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets - [armhf] thermal: exynos: Reading temperature makes sense only when TMU is turned on - [armhf] thermal: exynos: Propagate error value from tmu_read() - nvme: add quirk to force medium priority for SQ creation - nvme: Fix sync controller reset return - smb3: directory sync should not return an error - swiotlb: silent unwanted warning "buffer is full" - sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] - tracing/uprobe_event: Fix strncpy corner case - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* - [x86] perf/cstate: Fix possible Spectre-v1 indexing for pkg_msr - [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.10 - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() - bridge: check iface upper dev when setting master via ioctl - dccp: fix tasklet usage - ipv4: fix fnhe usage by non-cached routes - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg - llc: better deal with too small mtu - net: ethernet: sun: niu set correct packet size in skb - [armhf] net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' - net/mlx4_en: Verify coalescing parameters are in range - net/mlx5e: Err if asked to offload TC match on frag being first - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics - net sched actions: fix refcnt leak in skbmod - net_sched: fq: take care of throttled flows before reuse - net: support compat 64-bit time in {s,g}etsockopt - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found - qmi_wwan: do not steal interfaces from class drivers - r8169: fix powering up RTL8168h - rds: do not leak kernel memory to user land - sctp: delay the authentication for the duplicated cookie-echo chunk - sctp: fix the issue that the cookie-ack with auth can't get processed - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr - sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d - tcp_bbr: fix to zero idle_restart only upon S/ACKed data - tcp: ignore Fast Open on repair mode - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). - bonding: do not allow rlb updates to invalid mac - bonding: send learning packets for vlans on slave - net: sched: fix error path in tcf_proto_create() when modules are not configured - net/mlx5e: TX, Use correct counter in dma_map error flow - net/mlx5: Avoid cleaning flow steering table twice during error flow - [x86] hv_netvsc: set master device - ipv6: fix uninit-value in ip6_multipath_l3_keys() - net/mlx5e: Allow offloading ipv4 header re-write for icmp - udp: fix SO_BINDTODEVICE - net/mlx5e: DCBNL fix min inline header size for dscp - sctp: clear the new asoc's stream outcnt in sctp_stream_update - tcp: restore autocorking - tipc: fix one byte leak in tipc_sk_set_orig_addr() - [x86] hv_netvsc: Fix net device attach on older Windows hosts - ipv4: reset fnhe_mtu_locked after cache route flushed - net/mlx5: Fix mlx5_get_vector_affinity function - net: phy: sfp: fix the BR,min computation - net/smc: keep clcsock reference in smc_tcp_listen_work() - scsi: aacraid: Correct hba_send to include iu_type - proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11 - xhci: Fix USB3 NULL pointer dereference at logical disconnect. - usbip: usbip_host: refine probe and disconnect debug msgs to be useful - usbip: usbip_host: delete device from busid_table after rebind - usbip: usbip_host: run rebind from exit when module is removed - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors - usbip: usbip_host: fix bad unlock balance during stub_probe() - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist - ALSA: control: fix a redundant-copy issue - [amd64] spi: pxa2xx: Allow 64-bit DMA - KVM: vmx: update sec exec controls for UMIP iff emulating UMIP - [armhf,arm64] KVM: Properly protect VGIC locks from IRQs - [armhf,arm64] KVM: VGIC/ITS: Promote irq_lock() in update_affinity - [armhf,arm64] KVM: VGIC/ITS save/restore: protect kvm_read_guest() calls - [armhf,arm64] KVM: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock - hwmon: (k10temp) Fix reading critical temperature register - hwmon: (k10temp) Use API function to access System Management Network - [s390x] vfio: ccw: fix cleanup if cp_prefetch fails - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} - vsprintf: Replace memory barrier with static_key for random_ptr_key update - [x86] amd_nb: Add support for Raven Ridge CPUs - [arm64] tee: shm: fix use-after-free via temporarily dropped reference - netfilter: nf_tables: free set name in error path - netfilter: nf_tables: can't fail after linking rule into active rule list - netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static - [arm64] dts: marvell: armada-cp110: Add clocks for the xmdio node - [arm64] dts: marvell: armada-cp110: Add mg_core_clk for ethernet node - i2c: designware: fix poll-after-enable regression - mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 - [powerpc*] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing - drm: Match sysfs name in link removal to link creation - radix tree: fix multi-order iteration race - mm: don't allow deferred pages with NEED_PER_CPU_KM - [x86] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk - [s390x] qdio: fix access to uninitialized qdio_q fields - [s390x] cpum_sf: ensure sample frequency of perf event attributes is non-zero - [s390x] qdio: don't release memory in qdio_setup_irq() - [s390x] remove indirect branch from do_softirq_own_stack - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n - [x86] pkeys: Override pkey when moving away from PROT_EXEC - [x86] pkeys: Do not special case protection key 0 - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode - [arm*] 8771/1: kprobes: Prohibit kprobes on do_undefinstr - [x86] apic/x2apic: Initialize cluster ID properly - [x86] mm: Drop TS_COMPAT on 64-bit exec() syscall - tick/broadcast: Use for_each_cpu() specially on UP kernels - [arm*] 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed - [arm*] 8770/1: kprobes: Prohibit probing on optimized_callback - [arm*] 8772/1: kprobes: Prohibit kprobes on get_user functions - Btrfs: fix xattr loss after power failure - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting - btrfs: property: Set incompat flag if lzo/zstd compression is set - btrfs: fix crash when trying to resume balance without the resume flag - btrfs: Split btrfs_del_delalloc_inode into 2 functions - btrfs: Fix delalloc inodes invalidation during transaction abort - btrfs: fix reading stale metadata blocks after degraded raid1 mounts - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static - x86/bugs: Fix the parameters alignment and missing void - x86/cpu: Make alternative_msr_write work for 32-bit code - KVM: SVM: Move spec control call after restore of GS - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS - x86/cpufeatures: Disentangle SSBD enumeration - x86/cpufeatures: Add FEATURE_ZEN - x86/speculation: Handle HT correctly on AMD - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL - x86/speculation: Add virtualized speculative store bypass disable support - x86/speculation: Rework speculative_store_bypass_update() - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} - x86/bugs: Expose x86_spec_ctrl_base directly - x86/bugs: Remove x86_spec_ctrl_set() - x86/bugs: Rework spec_ctrl base and mask logic - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - x86/bugs: Rename SSBD_NO to SSB_NO - bpf: Prevent memory disambiguation attack https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.12 - net/mlx5: Fix build break when CONFIG_SMP=n - net: Fix a bug in removing queues from XPS map - net/mlx4_core: Fix error handling in mlx4_init_port_info. - net/sched: fix refcnt leak in the error path of tcf_vlan_init() - net: sched: red: avoid hashing NULL child - net/smc: check for missing nlattrs in SMC_PNETID messages - net: test tailroom before appending to linear skb - packet: in packet_snd start writing at link layer allocation - sock_diag: fix use-after-free read in __sk_free - tcp: purge write queue in tcp_connect_init() - tun: fix use after free for ptr_ring - tuntap: fix use after free during release - cxgb4: Correct ntuple mask validation for hash filters - [armhf] net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule - net: dsa: Do not register devlink for unused ports - [armhf] net: dsa: bcm_sf2: Fix IPv6 rules and chain ID - [armhf] net: dsa: bcm_sf2: Fix IPv6 rule half deletion - 3c59x: convert to generic DMA API - cxgb4: fix offset in collecting TX rate limit info - vmxnet3: set the DMA mask before the first DMA map operation - vmxnet3: use DMA memory barriers where required - net: ip6_gre: Request headroom in __gre6_xmit() - net: ip6_gre: Fix headroom request in ip6erspan_tunnel_xmit() - net: ip6_gre: Split up ip6gre_tnl_link_config() - net: ip6_gre: Split up ip6gre_tnl_change() - net: ip6_gre: Split up ip6gre_newlink() - net: ip6_gre: Split up ip6gre_changelink() - net: ip6_gre: Fix ip6erspan hlen calculation - net: ip6_gre: fix tunnel metadata device sharing. - [sparc*]: vio: use put_device() instead of kfree() - ext2: fix a block leak - [powerpc*] rfi-flush: Always enable fallback flush on pseries - [powerpc*] Add security feature flags for Spectre/Meltdown - [powerpc*] pseries: Add new H_GET_CPU_CHARACTERISTICS flags - [powerpc*] pseries: Set or clear security feature flags - [powerpc*] powerpc/powernv: Set or clear security feature flags - [powerpc*] powerpc/64s: Move cpu_show_meltdown() - [powerpc*] powerpc/64s: Enhance the information in cpu_show_meltdown() - [powerpc*] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - [powerpc*] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v1() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v2() - [powerpc*] powerpc/pseries: Fix clearing of security feature flags - [powerpc*] powerpc: Move default security feature flags - [powerpc*] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - [s390x] move nobp parameter functions to nospec-branch.c - [s390x] add automatic detection of the spectre defense - [s390x] report spectre mitigation via syslog - [s390x] add sysfs attributes for spectre - [s390x] add assembler macros for CPU alternatives - [s390x] correct nospec auto detection init order - [s390x] correct module section names for expoline code revert - [s390x] move expoline assembler macros to a header - [s390x] crc32-vx: use expoline for indirect branches - [s390x] lib: use expoline for indirect branches - [s390x] ftrace: use expoline for indirect branches - [s390x] kernel: use expoline for indirect branches - [s390x] move spectre sysfs attribute code - [s390x] extend expoline to BC instructions - [s390x] use expoline thunks in the BPF JIT - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() - [s390x] scsi: zfcp: fix infinite iteration on ERP ready list - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB - ALSA: usb-audio: Add native DSD support for Luxman DA-06 - [arm64,armhf] usb: dwc3: Add SoftReset PHY synchonization delay - [arm64,armhf] usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields - [arm64,armhf] usb: dwc3: Makefile: fix link error on randconfig - xhci: zero usb device slot_id member when disabling and freeing a xhci slot - [arm64,armhf] usb: dwc2: Fix interval type issue - [arm64,armhf] usb: dwc2: hcd: Fix host channel halt flow - [arm64,armhf] usb: dwc2: host: Fix transaction errors in host mode - usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS - media: em28xx: USB bulk packet size fix - Bluetooth: btusb: Add device ID for RTL8822BE - Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026] - xhci: Show what USB release number the xHC supports from protocol capablity - loop: don't call into filesystem while holding lo_ctl_mutex - loop: fix LOOP_GET_STATUS lock imbalance - cfg80211: limit wiphy names to 128 bytes - hfsplus: stop workqueue when fill_super() failed - [x86] kexec: Avoid double free_page() upon do_kexec_load() failure - staging: bcm2835-audio: Release resources on module_exit() - staging: lustre: fix bug in osc_enter_cache_try - [x86] staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr - staging: lustre: lmv: correctly iput lmo_root - [arm64] crypto: inside-secure - move the digest to the request context - [arm64] crypto: inside-secure - wait for the request to complete if in the backlog - [x86] crypto: ccp - don't disable interrupts while setting up debugfs - [arm64] crypto: inside-secure - do not process request if no command was issued - [arm64] crypto: inside-secure - fix the cache_len computation - [arm64] crypto: inside-secure - fix the extra cache computation - [arm64] crypto: inside-secure - do not overwrite the threshold value - [armhf] crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss - [arm64] crypto: inside-secure - fix the invalidation step during cra_exit - scsi: aacraid: Insure command thread is not recursively stopped - scsi: devinfo: add HP DISK-SUBSYSTEM device, for HP XP arrays - scsi: lpfc: Fix NVME Initiator FirstBurst - scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD - scsi: mvsas: fix wrong endianness of sgpio api - scsi: lpfc: Fix issue_lip if link is disabled - scsi: lpfc: Fix nonrecovery of NVME controller after cable swap. - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing - scsi: lpfc: Fix IO failure during hba reset testing with nvme io. - scsi: lpfc: Fix frequency of Release WQE CQEs - [armhf] clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 - clk: Don't show the incorrect clock phase - clk: hisilicon: mark wdt_mux_p[] as const - [arm64,armhf] clk: tegra: Fix pll_u rate configuration - [armhf] clk: rockchip: Prevent calculating mmc phase if clock rate is zero - [armhf] clk: samsung: s3c2410: Fix PLL rates - [armhf] clk: samsung: exynos7: Fix PLL rates - [armhf] clk: samsung: exynos5260: Fix PLL rates - [armhf] clk: samsung: exynos5433: Fix PLL rates - [armhf] clk: samsung: exynos5250: Fix PLL rates - [armhf] clk: samsung: exynos3250: Fix PLL rates - clk: meson: axg: fix the od shift of the sys_pll - clk: meson: axg: add the fractional part of the fixed_pll - media: cx23885: Override 888 ImpactVCBe crystal frequency - media: cx23885: Set subdev host data to clk_freq pointer - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models - media: v4l: vsp1: Fix display stalls when requesting too many inputs - media: i2c: adv748x: fix HDMI field heights - media: vb2: Fix videobuf2 to map correct area - media: vivid: fix incorrect capabilities for radio - media: cx25821: prevent out-of-bounds read on array card - [arm64] serial: mvebu-uart: fix tx lost characters - [sh4] serial: sh-sci: Fix out-of-bounds access through DT alias - [armhf] serial: samsung: Fix out-of-bounds access through serial port index - [armhf] serial: imx: Fix out-of-bounds access through serial port index - [armhf] serial: arc_uart: Fix out-of-bounds access through DT alias - [arm*] serial: 8250: Don't service RX FIFO if interrupts are disabled - [armhf] rtc: snvs: Fix usage of snvs_rtc_enable - rtc: hctosys: Ensure system time doesn't overflow time_t - [arm64,armhf] rtc: rk808: fix possible race condition - [armel/marvell] rtc: m41t80: fix race conditions - [m68k] rtc: rp5c01: fix possible race condition [ Romain Perier ] * [armhf] DRM: Enable DW_HDMI_AHB_AUDIO and DW_HDMI_CEC (Closes: #897204) * [armhf] MFD: Enable MFD_TPS65217 (Closes: #897590) [ Ben Hutchings ] * kbuild: use -fmacro-prefix-map to make __FILE__ a relative path * Bump ABI to 2 * [rt] Update to 4.16.8-rt3 * [x86] KVM: VMX: Expose SSBD properly to guests. [ Salvatore Bonaccorso ] * [rt] Update to 4.16.7-rt1 and reenable * [rt] certs: Reference certificate for test key used in Debian signing service

Import Debian changes 4.16.12-1
linux (4.16.12-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 - Revert "pinctrl: intel: Initialize GPIO properly when used through irqchip" - [armhf] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs - i40e: Fix attach VF to VM issue - tpm: cmd_ready command can be issued only after granting locality - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc - tpm: add retry logic - Revert "ath10k: send (re)assoc peer command when NSS changed" - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave - docs: ip-sysctl.txt: fix name of some ipv6 variables - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts - KEYS: DNS: limit the length of option strings - l2tp: check sockaddr length in pppol2tp_connect() - llc: delete timers synchronously in llc_sk_free() - net: af_packet: fix race in PACKET_{R|T}X_RING - net: fix deadlock while clearing neighbor proxy table - [arm64,armhf] net: mvpp2: Fix DMA address mask size - net: qmi_wwan: add Wistron Neweb D19Q1 - net/smc: fix shutdown in state SMC_LISTEN - net: stmmac: Disable ACS Feature for GMAC >= 4 - packet: fix bitfield update race - pppoe: check sockaddr length in pppoe_connect() - Revert "macsec: missing dev_put() on error in macsec_newlink()" - sctp: do not check port in sctp_inet6_cmp_addr - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX - strparser: Fix incorrect strp->need_bytes value. - tcp: clear tp->packets_out when purging write queue - tcp: don't read out-of-bounds opsize - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets - team: avoid adding twice the same option to the event list - team: fix netconsole setup over team - tipc: add policy for TIPC_NLA_NET_ADDR - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi - vmxnet3: fix incorrect dereference when rxvlan is disabled - [amd64,arm64] amd-xgbe: Add pre/post auto-negotiation phy hooks - [amd64,arm64] amd-xgbe: Improve KR auto-negotiation and training - [amd64,arm64] amd-xgbe: Only use the SFP supported transceiver signals - net: sched: ife: signal not finding metaid - net: sched: ife: handle malformed tlv length - net: sched: ife: check on metadata length - l2tp: hold reference on tunnels in netlink dumps - l2tp: hold reference on tunnels printed in pppol2tp proc file - l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file - l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow - llc: hold llc_sap before release_sock() - llc: fix NULL pointer deref for SOCK_ZAPPED - [s390x] qeth: fix error handling in adapter command callbacks - [s390x] qeth: avoid control IO completion stalls - [s390x] qeth: handle failure on workqueue creation - [armhf] net: ethernet: ti: cpsw: fix tx vlan priority mapping - net: validate attribute sizes in neigh_dump_table() - bnxt_en: Fix memory fault in bnxt_ethtool_init() - virtio-net: add missing virtqueue kick when flushing packets - VSOCK: make af_vsock.ko removable again - net: aquantia: Regression on reset with 1.x firmware - tun: fix vlan packet truncation - net: aquantia: oops when shutdown on already stopped device - virtio_net: split out ctrl buffer - virtio_net: fix adding vids on big-endian - Revert "mm/hmm: fix header file if/else/endif maze" - commoncap: Handle memory allocation failure. - scsi: mptsas: Disable WRITE SAME - cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940) - fsnotify: Fix fsnotify_mark_connector race - [m68k] mac: Don't remap SWIM MMIO region - [m68k] block/swim: Check drive type - [m68k] block/swim: Don't log an error message for an invalid ioctl - [m68k] block/swim: Remove extra put_disk() call from error path - [m68k] block/swim: Rename macros to avoid inconsistent inverted logic - [m68k] block/swim: Select appropriate drive on device open - [m68k] block/swim: Fix array bounds check - [m68k] block/swim: Fix IO error at end of medium - tracing: Fix missing tab for hwlat_detector print format - hwmon: (k10temp) Add temperature offset for Ryzen 2700X - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics - [s390x] cio: update chpid descriptor after resource accessibility event - [s390x] dasd: fix IO error for newly defined devices - [s390x] uprobes: implement arch_uretprobe_is_alive() - [s390x] cpum_cf: rename IBM z13/z14 counter names - kprobes: Fix random address output of blacklist file - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7 - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS - ext4: set h_journal if there is a failure starting a reserved handle - ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs - random: set up the NUMA crng instances after the CRNG is fully initialized - random: fix possible sleeping allocation from irq context - random: rate limit unseeded randomness warnings - usbip: usbip_event: fix to not print kernel pointer address - usbip: usbip_host: fix to hold parent lock for device_attach() calls - usbip: vhci_hcd: Fix usb device and sockfd leaks - usbip: vhci_hcd: check rhport before using in vhci_hub_control() - Revert "xhci: plat: Register shutdown for xhci_plat" - xhci: Fix USB ports for Dell Inspiron 5775 - USB: serial: simple: add libtransistor console - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster - USB: serial: cp210x: add ID for NI USB serial console - [arm64] serial: mvebu-uart: Fix local flags handling on termios update - usb: typec: ucsi: Increase command completion timeout value - usb: core: Add quirk for HP v222w 16GB Mini - USB: Increment wakeup count on remote wakeup. - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio - virtio: add ability to iterate over vqs - virtio_console: don't tie bufs to a vq - virtio_console: free buffers after reset - virtio_console: drop custom control queue cleanup - virtio_console: move removal code - virtio_console: reset on out of memory - drm/virtio: fix vq wait_event condition - tty: Don't call panic() at tty_ldisc_init() - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set - tty: Avoid possible error pointer dereference at tty_ldisc_restore(). - tty: Use __GFP_NOFAIL for tty_ldisc_get() - ALSA: dice: fix OUI for TC group - ALSA: dice: fix error path to destroy initialized stream data - ALSA: hda - Skip jack and others for non-existing PCM streams - ALSA: opl3: Hardening for potential Spectre v1 - ALSA: asihpi: Hardening for potential Spectre v1 - ALSA: hdspm: Hardening for potential Spectre v1 - ALSA: rme9652: Hardening for potential Spectre v1 - ALSA: control: Hardening for potential Spectre v1 - ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY. - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device - ALSA: seq: oss: Hardening for potential Spectre v1 - ALSA: hda: Hardening for potential Spectre v1 - ALSA: hda/realtek - Add some fixes for ALC233 - ALSA: hda/realtek - Update ALC255 depop optimize - ALSA: hda/realtek - change the location for one of two front mics - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. - mtd: rawnand: tango: Fix struct clk memory leak - mtd: rawnand: marvell: fix the chip-select DT parsing logic - kobject: don't use WARN for registration failures - scsi: sd_zbc: Avoid that resetting a zone fails sporadically - scsi: sd: Defer spinning up drive while SANITIZE is in progress - blk-mq: start request gstate with gen 1 - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request - block: do not use interruptible wait anywhere - [s390x] vfio: ccw: process ssch with interrupts disabled - [arm64] PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() - [arm64] PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() - [arm64] PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode - [arm64] PCI: aardvark: Fix PCIe Max Read Request Size setting - [armhf,arm64] KVM: Close VMID generation race - [powerpc*] mm: Flush cache on memory hot(un)plug - [powerpc*] mce: Fix a bug where mce loops on memory UE. - [powerpc*] powernv/npu: Do a PID GPU TLB flush when invalidating a large address range - crypto: drbg - set freed buffers to NULL - libceph: un-backoff on tick when we have a authenticated session - libceph: reschedule a tick in finish_hunting() - libceph: validate con->state at the top of try_write() - PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is set - module: Fix display of wrong module .text address - earlycon: Use a pointer table to fix __earlycon_table stride - [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt - [powerpc*] rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops - drm/edid: Reset more of the display info - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders - [x86] drm/i915/fbdev: Enable late fbdev initial configuration - [x86] drm/i915/audio: set minimum CD clock to twice the BCLK - [x86] drm/i915: Enable display WA#1183 from its correct spot - drm/amd/display: Fix deadlock when flushing irq - drm/amd/display: Don't read EDID in atomic_check - drm/amd/display: Disallow enabling CRTC without primary plane with FB - objtool, perf: Fix GCC 8 -Wrestrict error - [x86] ipc: Fix x32 version of shmid64_ds and msqid64_ds - [x86] smpboot: Don't use mwait_play_dead() on AMD systems - [x86] microcode/intel: Save microcode patch unconditionally - [x86] microcode: Do not exit early from __reload_late() - tick/sched: Do not mess with an enqueued hrtimer - [x86] crypto: ccp - add check to get PSP master only when PSP is detected - [armhf,arm64] KVM: Add PSCI version selection API https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.8 - ACPI / button: make module loadable when booted in non-ACPI mode - [arm64] Add work around for Arm Cortex-A55 Erratum 1024718 - ALSA: hda - Fix incorrect usage of IS_REACHABLE() - ALSA: pcm: Check PCM state at xfern compat ioctl - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index - ALSA: aloop: Mark paused device as inactive - ALSA: aloop: Add missing cable lock to ctl API callbacks - errseq: Always report a writeback error once - tracepoint: Do not warn on ENOMEM - scsi: target: Fix fortify_panic kernel exception - Input: leds - fix out of bound access - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro - swiotlb: fix inversed DMA_ATTR_NO_WARN test - rtlwifi: cleanup 8723be ant_sel definition - xfs: prevent creating negative-sized file via INSERT_RANGE - RDMA/cxgb4: release hw resources on device removal - RDMA/ucma: Allow resolving address w/o specifying source address - RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow - RDMA/mlx4: Add missed RSS hash inner header flag - RDMA/mlx5: Protect from shift operand overflow - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 - IB/mlx5: Use unlimited rate when static rate is not supported - infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m - IB/hfi1: Fix handling of FECN marked multicast packet - IB/hfi1: Fix loss of BECN with AHG - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used - iw_cxgb4: Atomically flush per QP HW CQEs - btrfs: Take trans lock before access running trans in check_delayed_ref - [arm64,armhf] drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced - [x86] drm/vmwgfx: Fix a buffer object leak - drm/bridge: vga-dac: Fix edid memory leak - xhci: Fix use-after-free in xhci_free_virt_device - USB: serial: visor: handle potential invalid device configuration - [arm64,armhf] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue - USB: Accept bulk endpoints with 1024-byte maxpacket - USB: serial: option: reimplement interface masking - USB: serial: option: adding support for ublox R410M - [arm64,armhf] usb: musb: host: fix potential NULL pointer dereference - [arm64, armhf] usb: musb: trace: fix NULL pointer dereference in musb_g_tx() - [x86] platform/x86: asus-wireless: Fix NULL pointer dereference - [x86] platform/x86: Kconfig: Fix dell-laptop dependency chain. - [x86] KVM: remove APIC Timer periodic/oneshot spikes - [x86] tsc: Always unregister clocksource_tsc_early - [x86] tsc: Fix mark_tsc_unstable() - [arm64] irqchip/qcom: Fix check for spurious interrupts - clocksource: Allow clocksource_mark_unstable() on unregistered clocksources - clocksource: Initialize cs->wd_list - clocksource: Consistent de-rate when marking unstable - tracing: Fix bad use of igrab in trace_uprobe.c https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9 - ipvs: fix rtnl_lock lockups caused by start_sync_thread - netfilter: ebtables: don't attempt to allocate 0-sized compat array - clk: ti: fix flag space conflict with clkctrl clocks - rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock - crypto: af_alg - fix possible uninit-value in alg_bind() - netlink: fix uninit-value in netlink_sendmsg - net: fix rtnh_ok() - net: initialize skb->peeked when cloning - net: fix uninit-value in __hw_addr_add_ex() - dccp: initialize ireq->ir_mark - ipv4: fix uninit-value in ip_route_output_key_hash_rcu() - soreuseport: initialise timewait reuseport field - inetpeer: fix uninit-value in inet_getpeer - bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog - memcg: fix per_node_info cleanup - perf: Remove superfluous allocation error check - i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr() - tcp: fix TCP_REPAIR_QUEUE bound checking - bdi: wake up concurrent wb_shutdown() callers. - bdi: Fix use after free bug in debugfs_remove() - bdi: Fix oops in wb_workfn() - compat: fix 4-byte infoleak via uninitialized struct field - gpioib: do not free unrequested descriptors - gpio: fix error path in lineevent_create - rfkill: gpio: fix memory leak in probe error path - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs - dm integrity: use kvfree for kvmalloc'd memory - tracing: Fix regex_match_front() to not over compare the test string - mm: sections are not offlined during memory hotremove - mm, oom: fix concurrent munlock and oom reaper unmap (CVE-2018-1000200) - ceph: fix rsize/wsize capping in ceph_direct_read_write() - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() - [armhf,arm64] drm/vc4: Fix scaling of uni-planar formats - drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages - [x86] drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log - [x86] drm/i915: Adjust eDP's logical vco in a reliable place. - drm/nouveau: Fix deadlock in nv50_mstm_register_connector() (Closes: #898825) - drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() - drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() - net: atm: Fix potential Spectre v1 - atm: zatm: Fix potential Spectre v1 - PCI / PM: Always check PME wakeup capability for runtime wakeup support - PCI / PM: Check device_may_wakeup() in pci_enable_wake() - cpufreq: schedutil: Avoid using invalid next_freq - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" - [x86] Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets - [armhf] thermal: exynos: Reading temperature makes sense only when TMU is turned on - [armhf] thermal: exynos: Propagate error value from tmu_read() - nvme: add quirk to force medium priority for SQ creation - nvme: Fix sync controller reset return - smb3: directory sync should not return an error - swiotlb: silent unwanted warning "buffer is full" - sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] - tracing/uprobe_event: Fix strncpy corner case - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* - [x86] perf/cstate: Fix possible Spectre-v1 indexing for pkg_msr - [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.10 - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() - bridge: check iface upper dev when setting master via ioctl - dccp: fix tasklet usage - ipv4: fix fnhe usage by non-cached routes - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg - llc: better deal with too small mtu - net: ethernet: sun: niu set correct packet size in skb - [armhf] net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' - net/mlx4_en: Verify coalescing parameters are in range - net/mlx5e: Err if asked to offload TC match on frag being first - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics - net sched actions: fix refcnt leak in skbmod - net_sched: fq: take care of throttled flows before reuse - net: support compat 64-bit time in {s,g}etsockopt - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found - qmi_wwan: do not steal interfaces from class drivers - r8169: fix powering up RTL8168h - rds: do not leak kernel memory to user land - sctp: delay the authentication for the duplicated cookie-echo chunk - sctp: fix the issue that the cookie-ack with auth can't get processed - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr - sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d - tcp_bbr: fix to zero idle_restart only upon S/ACKed data - tcp: ignore Fast Open on repair mode - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). - bonding: do not allow rlb updates to invalid mac - bonding: send learning packets for vlans on slave - net: sched: fix error path in tcf_proto_create() when modules are not configured - net/mlx5e: TX, Use correct counter in dma_map error flow - net/mlx5: Avoid cleaning flow steering table twice during error flow - [x86] hv_netvsc: set master device - ipv6: fix uninit-value in ip6_multipath_l3_keys() - net/mlx5e: Allow offloading ipv4 header re-write for icmp - udp: fix SO_BINDTODEVICE - net/mlx5e: DCBNL fix min inline header size for dscp - sctp: clear the new asoc's stream outcnt in sctp_stream_update - tcp: restore autocorking - tipc: fix one byte leak in tipc_sk_set_orig_addr() - [x86] hv_netvsc: Fix net device attach on older Windows hosts - ipv4: reset fnhe_mtu_locked after cache route flushed - net/mlx5: Fix mlx5_get_vector_affinity function - net: phy: sfp: fix the BR,min computation - net/smc: keep clcsock reference in smc_tcp_listen_work() - scsi: aacraid: Correct hba_send to include iu_type - proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11 - xhci: Fix USB3 NULL pointer dereference at logical disconnect. - usbip: usbip_host: refine probe and disconnect debug msgs to be useful - usbip: usbip_host: delete device from busid_table after rebind - usbip: usbip_host: run rebind from exit when module is removed - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors - usbip: usbip_host: fix bad unlock balance during stub_probe() - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist - ALSA: control: fix a redundant-copy issue - [amd64] spi: pxa2xx: Allow 64-bit DMA - KVM: vmx: update sec exec controls for UMIP iff emulating UMIP - [armhf,arm64] KVM: Properly protect VGIC locks from IRQs - [armhf,arm64] KVM: VGIC/ITS: Promote irq_lock() in update_affinity - [armhf,arm64] KVM: VGIC/ITS save/restore: protect kvm_read_guest() calls - [armhf,arm64] KVM: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock - hwmon: (k10temp) Fix reading critical temperature register - hwmon: (k10temp) Use API function to access System Management Network - [s390x] vfio: ccw: fix cleanup if cp_prefetch fails - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} - vsprintf: Replace memory barrier with static_key for random_ptr_key update - [x86] amd_nb: Add support for Raven Ridge CPUs - [arm64] tee: shm: fix use-after-free via temporarily dropped reference - netfilter: nf_tables: free set name in error path - netfilter: nf_tables: can't fail after linking rule into active rule list - netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static - [arm64] dts: marvell: armada-cp110: Add clocks for the xmdio node - [arm64] dts: marvell: armada-cp110: Add mg_core_clk for ethernet node - i2c: designware: fix poll-after-enable regression - mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 - [powerpc*] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing - drm: Match sysfs name in link removal to link creation - radix tree: fix multi-order iteration race - mm: don't allow deferred pages with NEED_PER_CPU_KM - [x86] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk - [s390x] qdio: fix access to uninitialized qdio_q fields - [s390x] cpum_sf: ensure sample frequency of perf event attributes is non-zero - [s390x] qdio: don't release memory in qdio_setup_irq() - [s390x] remove indirect branch from do_softirq_own_stack - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n - [x86] pkeys: Override pkey when moving away from PROT_EXEC - [x86] pkeys: Do not special case protection key 0 - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode - [arm*] 8771/1: kprobes: Prohibit kprobes on do_undefinstr - [x86] apic/x2apic: Initialize cluster ID properly - [x86] mm: Drop TS_COMPAT on 64-bit exec() syscall - tick/broadcast: Use for_each_cpu() specially on UP kernels - [arm*] 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed - [arm*] 8770/1: kprobes: Prohibit probing on optimized_callback - [arm*] 8772/1: kprobes: Prohibit kprobes on get_user functions - Btrfs: fix xattr loss after power failure - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting - btrfs: property: Set incompat flag if lzo/zstd compression is set - btrfs: fix crash when trying to resume balance without the resume flag - btrfs: Split btrfs_del_delalloc_inode into 2 functions - btrfs: Fix delalloc inodes invalidation during transaction abort - btrfs: fix reading stale metadata blocks after degraded raid1 mounts - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static - x86/bugs: Fix the parameters alignment and missing void - x86/cpu: Make alternative_msr_write work for 32-bit code - KVM: SVM: Move spec control call after restore of GS - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS - x86/cpufeatures: Disentangle SSBD enumeration - x86/cpufeatures: Add FEATURE_ZEN - x86/speculation: Handle HT correctly on AMD - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL - x86/speculation: Add virtualized speculative store bypass disable support - x86/speculation: Rework speculative_store_bypass_update() - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} - x86/bugs: Expose x86_spec_ctrl_base directly - x86/bugs: Remove x86_spec_ctrl_set() - x86/bugs: Rework spec_ctrl base and mask logic - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - x86/bugs: Rename SSBD_NO to SSB_NO - bpf: Prevent memory disambiguation attack https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.12 - net/mlx5: Fix build break when CONFIG_SMP=n - net: Fix a bug in removing queues from XPS map - net/mlx4_core: Fix error handling in mlx4_init_port_info. - net/sched: fix refcnt leak in the error path of tcf_vlan_init() - net: sched: red: avoid hashing NULL child - net/smc: check for missing nlattrs in SMC_PNETID messages - net: test tailroom before appending to linear skb - packet: in packet_snd start writing at link layer allocation - sock_diag: fix use-after-free read in __sk_free - tcp: purge write queue in tcp_connect_init() - tun: fix use after free for ptr_ring - tuntap: fix use after free during release - cxgb4: Correct ntuple mask validation for hash filters - [armhf] net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule - net: dsa: Do not register devlink for unused ports - [armhf] net: dsa: bcm_sf2: Fix IPv6 rules and chain ID - [armhf] net: dsa: bcm_sf2: Fix IPv6 rule half deletion - 3c59x: convert to generic DMA API - cxgb4: fix offset in collecting TX rate limit info - vmxnet3: set the DMA mask before the first DMA map operation - vmxnet3: use DMA memory barriers where required - net: ip6_gre: Request headroom in __gre6_xmit() - net: ip6_gre: Fix headroom request in ip6erspan_tunnel_xmit() - net: ip6_gre: Split up ip6gre_tnl_link_config() - net: ip6_gre: Split up ip6gre_tnl_change() - net: ip6_gre: Split up ip6gre_newlink() - net: ip6_gre: Split up ip6gre_changelink() - net: ip6_gre: Fix ip6erspan hlen calculation - net: ip6_gre: fix tunnel metadata device sharing. - [sparc*]: vio: use put_device() instead of kfree() - ext2: fix a block leak - [powerpc*] rfi-flush: Always enable fallback flush on pseries - [powerpc*] Add security feature flags for Spectre/Meltdown - [powerpc*] pseries: Add new H_GET_CPU_CHARACTERISTICS flags - [powerpc*] pseries: Set or clear security feature flags - [powerpc*] powerpc/powernv: Set or clear security feature flags - [powerpc*] powerpc/64s: Move cpu_show_meltdown() - [powerpc*] powerpc/64s: Enhance the information in cpu_show_meltdown() - [powerpc*] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - [powerpc*] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v1() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v2() - [powerpc*] powerpc/pseries: Fix clearing of security feature flags - [powerpc*] powerpc: Move default security feature flags - [powerpc*] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - [s390x] move nobp parameter functions to nospec-branch.c - [s390x] add automatic detection of the spectre defense - [s390x] report spectre mitigation via syslog - [s390x] add sysfs attributes for spectre - [s390x] add assembler macros for CPU alternatives - [s390x] correct nospec auto detection init order - [s390x] correct module section names for expoline code revert - [s390x] move expoline assembler macros to a header - [s390x] crc32-vx: use expoline for indirect branches - [s390x] lib: use expoline for indirect branches - [s390x] ftrace: use expoline for indirect branches - [s390x] kernel: use expoline for indirect branches - [s390x] move spectre sysfs attribute code - [s390x] extend expoline to BC instructions - [s390x] use expoline thunks in the BPF JIT - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() - [s390x] scsi: zfcp: fix infinite iteration on ERP ready list - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB - ALSA: usb-audio: Add native DSD support for Luxman DA-06 - [arm64,armhf] usb: dwc3: Add SoftReset PHY synchonization delay - [arm64,armhf] usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields - [arm64,armhf] usb: dwc3: Makefile: fix link error on randconfig - xhci: zero usb device slot_id member when disabling and freeing a xhci slot - [arm64,armhf] usb: dwc2: Fix interval type issue - [arm64,armhf] usb: dwc2: hcd: Fix host channel halt flow - [arm64,armhf] usb: dwc2: host: Fix transaction errors in host mode - usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS - media: em28xx: USB bulk packet size fix - Bluetooth: btusb: Add device ID for RTL8822BE - Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026] - xhci: Show what USB release number the xHC supports from protocol capablity - loop: don't call into filesystem while holding lo_ctl_mutex - loop: fix LOOP_GET_STATUS lock imbalance - cfg80211: limit wiphy names to 128 bytes - hfsplus: stop workqueue when fill_super() failed - [x86] kexec: Avoid double free_page() upon do_kexec_load() failure - staging: bcm2835-audio: Release resources on module_exit() - staging: lustre: fix bug in osc_enter_cache_try - [x86] staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr - staging: lustre: lmv: correctly iput lmo_root - [arm64] crypto: inside-secure - move the digest to the request context - [arm64] crypto: inside-secure - wait for the request to complete if in the backlog - [x86] crypto: ccp - don't disable interrupts while setting up debugfs - [arm64] crypto: inside-secure - do not process request if no command was issued - [arm64] crypto: inside-secure - fix the cache_len computation - [arm64] crypto: inside-secure - fix the extra cache computation - [arm64] crypto: inside-secure - do not overwrite the threshold value - [armhf] crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss - [arm64] crypto: inside-secure - fix the invalidation step during cra_exit - scsi: aacraid: Insure command thread is not recursively stopped - scsi: devinfo: add HP DISK-SUBSYSTEM device, for HP XP arrays - scsi: lpfc: Fix NVME Initiator FirstBurst - scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD - scsi: mvsas: fix wrong endianness of sgpio api - scsi: lpfc: Fix issue_lip if link is disabled - scsi: lpfc: Fix nonrecovery of NVME controller after cable swap. - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing - scsi: lpfc: Fix IO failure during hba reset testing with nvme io. - scsi: lpfc: Fix frequency of Release WQE CQEs - [armhf] clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 - clk: Don't show the incorrect clock phase - clk: hisilicon: mark wdt_mux_p[] as const - [arm64,armhf] clk: tegra: Fix pll_u rate configuration - [armhf] clk: rockchip: Prevent calculating mmc phase if clock rate is zero - [armhf] clk: samsung: s3c2410: Fix PLL rates - [armhf] clk: samsung: exynos7: Fix PLL rates - [armhf] clk: samsung: exynos5260: Fix PLL rates - [armhf] clk: samsung: exynos5433: Fix PLL rates - [armhf] clk: samsung: exynos5250: Fix PLL rates - [armhf] clk: samsung: exynos3250: Fix PLL rates - clk: meson: axg: fix the od shift of the sys_pll - clk: meson: axg: add the fractional part of the fixed_pll - media: cx23885: Override 888 ImpactVCBe crystal frequency - media: cx23885: Set subdev host data to clk_freq pointer - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models - media: v4l: vsp1: Fix display stalls when requesting too many inputs - media: i2c: adv748x: fix HDMI field heights - media: vb2: Fix videobuf2 to map correct area - media: vivid: fix incorrect capabilities for radio - media: cx25821: prevent out-of-bounds read on array card - [arm64] serial: mvebu-uart: fix tx lost characters - [sh4] serial: sh-sci: Fix out-of-bounds access through DT alias - [armhf] serial: samsung: Fix out-of-bounds access through serial port index - [armhf] serial: imx: Fix out-of-bounds access through serial port index - [armhf] serial: arc_uart: Fix out-of-bounds access through DT alias - [arm*] serial: 8250: Don't service RX FIFO if interrupts are disabled - [armhf] rtc: snvs: Fix usage of snvs_rtc_enable - rtc: hctosys: Ensure system time doesn't overflow time_t - [arm64,armhf] rtc: rk808: fix possible race condition - [armel/marvell] rtc: m41t80: fix race conditions - [m68k] rtc: rp5c01: fix possible race condition [ Romain Perier ] * [armhf] DRM: Enable DW_HDMI_AHB_AUDIO and DW_HDMI_CEC (Closes: #897204) * [armhf] MFD: Enable MFD_TPS65217 (Closes: #897590) [ Ben Hutchings ] * kbuild: use -fmacro-prefix-map to make __FILE__ a relative path * Bump ABI to 2 * [rt] Update to 4.16.8-rt3 * [x86] KVM: VMX: Expose SSBD properly to guests. [ Salvatore Bonaccorso ] * [rt] Update to 4.16.7-rt1 and reenable * [rt] certs: Reference certificate for test key used in Debian signing service
3c5af882 · Salvatore Bonaccorso · Lorenzo "Palinuro" Faletra · 44a45543 · f34edc87 · 3c5af882
Commit 3c5af882 authored May 27, 2018 by Salvatore Bonaccorso Committed by Lorenzo "Palinuro" Faletra May 28, 2018
--- a/arch/arm/lib/getuser.S
+++ b/arch/arm/lib/getuser.S
@@ -38,6 +38,7 @@ ENTRY(__get_user_1)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_1)
+_ASM_NOKPROBE(__get_user_1)

 ENTRY(__get_user_2)
 	check_uaccess r0, 2, r1, r2, __get_user_bad
@@ -58,6 +59,7 @@ rb	.req	r0
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_2)
+_ASM_NOKPROBE(__get_user_2)

 ENTRY(__get_user_4)
 	check_uaccess r0, 4, r1, r2, __get_user_bad
@@ -65,6 +67,7 @@ ENTRY(__get_user_4)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_4)
+_ASM_NOKPROBE(__get_user_4)

 ENTRY(__get_user_8)
 	check_uaccess r0, 8, r1, r2, __get_user_bad8
@@ -78,6 +81,7 @@ ENTRY(__get_user_8)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_8)
+_ASM_NOKPROBE(__get_user_8)

 #ifdef __ARMEB__
 ENTRY(__get_user_32t_8)
@@ -91,6 +95,7 @@ ENTRY(__get_user_32t_8)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_32t_8)
+_ASM_NOKPROBE(__get_user_32t_8)

 ENTRY(__get_user_64t_1)
 	check_uaccess r0, 1, r1, r2, __get_user_bad8
@@ -98,6 +103,7 @@ ENTRY(__get_user_64t_1)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_64t_1)
+_ASM_NOKPROBE(__get_user_64t_1)

 ENTRY(__get_user_64t_2)
 	check_uaccess r0, 2, r1, r2, __get_user_bad8
@@ -114,6 +120,7 @@ rb	.req	r0
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_64t_2)
+_ASM_NOKPROBE(__get_user_64t_2)

 ENTRY(__get_user_64t_4)
 	check_uaccess r0, 4, r1, r2, __get_user_bad8
@@ -121,6 +128,7 @@ ENTRY(__get_user_64t_4)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_64t_4)
+_ASM_NOKPROBE(__get_user_64t_4)
 #endif

 __get_user_bad8:
@@ -131,6 +139,8 @@ __get_user_bad:
 	ret	lr
 ENDPROC(__get_user_bad)
 ENDPROC(__get_user_bad8)
+_ASM_NOKPROBE(__get_user_bad)
+_ASM_NOKPROBE(__get_user_bad8)

 .pushsection __ex_table, "a"
 	.long	1b, __get_user_bad

--- a/arch/arm/probes/kprobes/opt-arm.c
+++ b/arch/arm/probes/kprobes/opt-arm.c
@@ -165,13 +165,14 @@ optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs)
 {
 	unsigned long flags;
 	struct kprobe *p = &op->kp;
-	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+	struct kprobe_ctlblk *kcb;

 	/* Save skipped registers */
 	regs->ARM_pc = (unsigned long)op->kp.addr;
 	regs->ARM_ORIG_r0 = ~0UL;

 	local_irq_save(flags);
+	kcb = get_kprobe_ctlblk();

 	if (kprobe_running()) {
 		kprobes_inc_nmissed_count(&op->kp);
@@ -191,6 +192,7 @@ optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs)

 	local_irq_restore(flags);
 }
+NOKPROBE_SYMBOL(optimized_callback)

 int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *orig)
 {

--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -464,6 +464,20 @@ config ARM64_ERRATUM_843419

 	  If unsure, say Y.

+config ARM64_ERRATUM_1024718
+	bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update"
+	default y
+	help
+	  This option adds work around for Arm Cortex-A55 Erratum 1024718.
+
+	  Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect
+	  update of the hardware dirty bit when the DBM/AP bits are updated
+	  without a break-before-make. The work around is to disable the usage
+	  of hardware DBM locally on the affected cores. CPUs not affected by
+	  erratum will continue to use the feature.
+
+	  If unsure, say Y.
+
 config CAVIUM_ERRATUM_22375
 	bool "Cavium erratum 22375, 24313"
 	default y

--- a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi
+++ b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi
@@ -40,9 +40,10 @@ CP110_LABEL(ethernet): ethernet@0 {
 			compatible = "marvell,armada-7k-pp22";
 			reg = <0x0 0x100000>, <0x129000 0xb000>;
 			clocks = <&CP110_LABEL(clk) 1 3>, <&CP110_LABEL(clk) 1 9>,
-				 <&CP110_LABEL(clk) 1 5>, <&CP110_LABEL(clk) 1 18>;
+				 <&CP110_LABEL(clk) 1 5>, <&CP110_LABEL(clk) 1 6>,
+				 <&CP110_LABEL(clk) 1 18>;
 			clock-names = "pp_clk", "gop_clk",
-				      "mg_clk", "axi_clk";
+				      "mg_clk", "mg_core_clk", "axi_clk";
 			marvell,system-controller = <&CP110_LABEL(syscon0)>;
 			status = "disabled";
 			dma-coherent;
@@ -143,6 +144,8 @@ CP110_LABEL(xmdio): mdio@12a600 {
 			#size-cells = <0>;
 			compatible = "marvell,xmdio";
 			reg = <0x12a600 0x10>;
+			clocks = <&CP110_LABEL(clk) 1 5>,
+				 <&CP110_LABEL(clk) 1 6>, <&CP110_LABEL(clk) 1 18>;
 			status = "disabled";
 		};


--- a/arch/arm64/include/asm/assembler.h
+++ b/arch/arm64/include/asm/assembler.h
@@ -25,6 +25,7 @@

 #include <asm/asm-offsets.h>
 #include <asm/cpufeature.h>
+#include <asm/cputype.h>
 #include <asm/debug-monitors.h>
 #include <asm/page.h>
 #include <asm/pgtable-hwdef.h>
@@ -595,4 +596,43 @@ USER(\label, ic	ivau, \tmp2)			// invalidate I line PoU
 #endif
 	.endm

+/*
+ * Check the MIDR_EL1 of the current CPU for a given model and a range of
+ * variant/revision. See asm/cputype.h for the macros used below.
+ *
+ *	model:		MIDR_CPU_MODEL of CPU
+ *	rv_min:		Minimum of MIDR_CPU_VAR_REV()
+ *	rv_max:		Maximum of MIDR_CPU_VAR_REV()
+ *	res:		Result register.
+ *	tmp1, tmp2, tmp3: Temporary registers
+ *
+ * Corrupts: res, tmp1, tmp2, tmp3
+ * Returns:  0, if the CPU id doesn't match. Non-zero otherwise
+ */
+	.macro	cpu_midr_match model, rv_min, rv_max, res, tmp1, tmp2, tmp3
+	mrs		\res, midr_el1
+	mov_q		\tmp1, (MIDR_REVISION_MASK | MIDR_VARIANT_MASK)
+	mov_q		\tmp2, MIDR_CPU_MODEL_MASK
+	and		\tmp3, \res, \tmp2	// Extract model
+	and		\tmp1, \res, \tmp1	// rev & variant
+	mov_q		\tmp2, \model
+	cmp		\tmp3, \tmp2
+	cset		\res, eq
+	cbz		\res, .Ldone\@		// Model matches ?
+
+	.if (\rv_min != 0)			// Skip min check if rv_min == 0
+	mov_q		\tmp3, \rv_min
+	cmp		\tmp1, \tmp3
+	cset		\res, ge
+	.endif					// \rv_min != 0
+	/* Skip rv_max check if rv_min == rv_max && rv_min != 0 */
+	.if ((\rv_min != \rv_max) || \rv_min == 0)
+	mov_q		\tmp2, \rv_max
+	cmp		\tmp1, \tmp2
+	cset		\tmp2, le
+	and		\res, \res, \tmp2
+	.endif
+.Ldone\@:
+	.endm
+
 #endif	/* __ASM_ASSEMBLER_H */
--- a/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -83,6 +83,7 @@
 #define ARM_CPU_PART_CORTEX_A53		0xD03
 #define ARM_CPU_PART_CORTEX_A73		0xD09
 #define ARM_CPU_PART_CORTEX_A75		0xD0A
+#define ARM_CPU_PART_CORTEX_A55		0xD05

 #define APM_CPU_PART_POTENZA		0x000

@@ -102,6 +103,7 @@
 #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72)
 #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73)
 #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75)
+#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
 #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)

--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -75,6 +75,9 @@ struct kvm_arch {

 	/* Interrupt controller */
 	struct vgic_dist	vgic;
+
+	/* Mandated version of PSCI */
+	u32 psci_version;
 };

 #define KVM_NR_MEM_OBJS     40

--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -348,6 +348,22 @@ static inline unsigned int kvm_get_vmid_bits(void)
 	return (cpuid_feature_extract_unsigned_field(reg, ID_AA64MMFR1_VMIDBITS_SHIFT) == 2) ? 16 : 8;
 }

+/*
+ * We are not in the kvm->srcu critical section most of the time, so we take
+ * the SRCU read lock here. Since we copy the data from the user page, we
+ * can immediately drop the lock again.
+ */
+static inline int kvm_read_guest_lock(struct kvm *kvm,
+				      gpa_t gpa, void *data, unsigned long len)
+{
+	int srcu_idx = srcu_read_lock(&kvm->srcu);
+	int ret = kvm_read_guest(kvm, gpa, data, len);
+
+	srcu_read_unlock(&kvm->srcu, srcu_idx);
+
+	return ret;
+}
+
 #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
 #include <asm/mmu.h>


--- a/arch/arm64/include/uapi/asm/kvm.h
+++ b/arch/arm64/include/uapi/asm/kvm.h
@@ -206,6 +206,12 @@ struct kvm_arch_memory_slot {
 #define KVM_REG_ARM_TIMER_CNT		ARM64_SYS_REG(3, 3, 14, 3, 2)
 #define KVM_REG_ARM_TIMER_CVAL		ARM64_SYS_REG(3, 3, 14, 0, 2)

+/* KVM-as-firmware specific pseudo-registers */
+#define KVM_REG_ARM_FW			(0x0014 << KVM_REG_ARM_COPROC_SHIFT)
+#define KVM_REG_ARM_FW_REG(r)		(KVM_REG_ARM64 | KVM_REG_SIZE_U64 | \
+					 KVM_REG_ARM_FW | ((r) & 0xffff))
+#define KVM_REG_ARM_PSCI_VERSION	KVM_REG_ARM_FW_REG(0)
+
 /* Device Control API: ARM VGIC */
 #define KVM_DEV_ARM_VGIC_GRP_ADDR	0
 #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS	1

--- a/arch/arm64/kvm/guest.c
+++ b/arch/arm64/kvm/guest.c
@@ -25,6 +25,7 @@
 #include <linux/module.h>
 #include <linux/vmalloc.h>
 #include <linux/fs.h>
+#include <kvm/arm_psci.h>
 #include <asm/cputype.h>
 #include <linux/uaccess.h>
 #include <asm/kvm.h>
@@ -205,7 +206,7 @@ static int get_timer_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
 unsigned long kvm_arm_num_regs(struct kvm_vcpu *vcpu)
 {
 	return num_core_regs() + kvm_arm_num_sys_reg_descs(vcpu)
-                + NUM_TIMER_REGS;
+		+ kvm_arm_get_fw_num_regs(vcpu)	+ NUM_TIMER_REGS;
 }

 /**
@@ -225,6 +226,11 @@ int kvm_arm_copy_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices)
 		uindices++;
 	}

+	ret = kvm_arm_copy_fw_reg_indices(vcpu, uindices);
+	if (ret)
+		return ret;
+	uindices += kvm_arm_get_fw_num_regs(vcpu);
+
 	ret = copy_timer_indices(vcpu, uindices);
 	if (ret)
 		return ret;
@@ -243,6 +249,9 @@ int kvm_arm_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
 	if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE)
 		return get_core_reg(vcpu, reg);

+	if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW)
+		return kvm_arm_get_fw_reg(vcpu, reg);
+
 	if (is_timer_reg(reg->id))
 		return get_timer_reg(vcpu, reg);

@@ -259,6 +268,9 @@ int kvm_arm_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
 	if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE)
 		return set_core_reg(vcpu, reg);

+	if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW)
+		return kvm_arm_set_fw_reg(vcpu, reg);
+
 	if (is_timer_reg(reg->id))
 		return set_timer_reg(vcpu, reg);


--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -448,6 +448,11 @@ ENTRY(__cpu_setup)
 	cbz	x9, 2f
 	cmp	x9, #2
 	b.lt	1f
+#ifdef CONFIG_ARM64_ERRATUM_1024718
+	/* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */
+	cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4
+	cbnz	x1, 1f
+#endif
 	orr	x10, x10, #TCR_HD		// hardware Dirty flag update
 1:	orr	x10, x10, #TCR_HA		// hardware Access flag update
 2:

--- a/arch/powerpc/include/asm/exception-64s.h
+++ b/arch/powerpc/include/asm/exception-64s.h
@@ -74,6 +74,27 @@
 */
 #define EX_R3		EX_DAR

+#define STF_ENTRY_BARRIER_SLOT						\
+	STF_ENTRY_BARRIER_FIXUP_SECTION;				\
+	nop;								\
+	nop;								\
+	nop
+
+#define STF_EXIT_BARRIER_SLOT						\
+	STF_EXIT_BARRIER_FIXUP_SECTION;					\
+	nop;								\
+	nop;								\
+	nop;								\
+	nop;								\
+	nop;								\
+	nop
+
+/*
+ * r10 must be free to use, r13 must be paca
+ */
+#define INTERRUPT_TO_KERNEL						\
+	STF_ENTRY_BARRIER_SLOT
+
 /*
 * Macros for annotating the expected destination of (h)rfid
 *
@@ -90,16 +111,19 @@
 	rfid

 #define RFI_TO_USER							\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	rfid;								\
 	b	rfi_flush_fallback

 #define RFI_TO_USER_OR_KERNEL						\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	rfid;								\
 	b	rfi_flush_fallback

 #define RFI_TO_GUEST							\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	rfid;								\
 	b	rfi_flush_fallback
@@ -108,21 +132,25 @@
 	hrfid

 #define HRFI_TO_USER							\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	hrfid;								\
 	b	hrfi_flush_fallback

 #define HRFI_TO_USER_OR_KERNEL						\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	hrfid;								\
 	b	hrfi_flush_fallback

 #define HRFI_TO_GUEST							\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	hrfid;								\
 	b	hrfi_flush_fallback

 #define HRFI_TO_UNKNOWN							\
+	STF_EXIT_BARRIER_SLOT;						\
 	RFI_FLUSH_SLOT;							\
 	hrfid;								\
 	b	hrfi_flush_fallback
@@ -254,6 +282,7 @@ END_FTR_SECTION_NESTED(ftr,ftr,943)
 #define __EXCEPTION_PROLOG_1_PRE(area)					\
 	OPT_SAVE_REG_TO_PACA(area+EX_PPR, r9, CPU_FTR_HAS_PPR);		\
 	OPT_SAVE_REG_TO_PACA(area+EX_CFAR, r10, CPU_FTR_CFAR);		\
+	INTERRUPT_TO_KERNEL;						\
 	SAVE_CTR(r10, area);						\
 	mfcr	r9;


--- a/arch/powerpc/include/asm/feature-fixups.h
+++ b/arch/powerpc/include/asm/feature-fixups.h
@@ -187,6 +187,22 @@ label##3:					       	\
 	FTR_ENTRY_OFFSET label##1b-label##3b;		\
 	.popsection;

+#define STF_ENTRY_BARRIER_FIXUP_SECTION			\
+953:							\
+	.pushsection __stf_entry_barrier_fixup,"a";	\
+	.align 2;					\
+954:							\
+	FTR_ENTRY_OFFSET 953b-954b;			\
+	.popsection;
+
+#define STF_EXIT_BARRIER_FIXUP_SECTION			\
+955:							\
+	.pushsection __stf_exit_barrier_fixup,"a";	\
+	.align 2;					\
+956:							\
+	FTR_ENTRY_OFFSET 955b-956b;			\
+	.popsection;
+
 #define RFI_FLUSH_FIXUP_SECTION				\
 951:							\
 	.pushsection __rfi_flush_fixup,"a";		\
@@ -199,6 +215,9 @@ label##3:					       	\
 #ifndef __ASSEMBLY__
 #include <linux/types.h>

+extern long stf_barrier_fallback;
+extern long __start___stf_entry_barrier_fixup, __stop___stf_entry_barrier_fixup;
+extern long __start___stf_exit_barrier_fixup, __stop___stf_exit_barrier_fixup;
 extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup;

 void apply_feature_fixups(void);

--- a/arch/powerpc/include/asm/hvcall.h
+++ b/arch/powerpc/include/asm/hvcall.h
@@ -337,6 +337,9 @@
 #define H_CPU_CHAR_L1D_FLUSH_ORI30	(1ull << 61) // IBM bit 2
 #define H_CPU_CHAR_L1D_FLUSH_TRIG2	(1ull << 60) // IBM bit 3
 #define H_CPU_CHAR_L1D_THREAD_PRIV	(1ull << 59) // IBM bit 4
+#define H_CPU_CHAR_BRANCH_HINTS_HONORED	(1ull << 58) // IBM bit 5
+#define H_CPU_CHAR_THREAD_RECONFIG_CTRL	(1ull << 57) // IBM bit 6
+#define H_CPU_CHAR_COUNT_CACHE_DISABLED	(1ull << 56) // IBM bit 7

 #define H_CPU_BEHAV_FAVOUR_SECURITY	(1ull << 63) // IBM bit 0
 #define H_CPU_BEHAV_L1D_FLUSH_PR	(1ull << 62) // IBM bit 1

--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Security related feature bit definitions.
+ *
+ * Copyright 2018, Michael Ellerman, IBM Corporation.
+ */
+
+#ifndef _ASM_POWERPC_SECURITY_FEATURES_H
+#define _ASM_POWERPC_SECURITY_FEATURES_H
+
+
+extern unsigned long powerpc_security_features;
+extern bool rfi_flush;
+
+/* These are bit flags */
+enum stf_barrier_type {
+	STF_BARRIER_NONE	= 0x1,
+	STF_BARRIER_FALLBACK	= 0x2,
+	STF_BARRIER_EIEIO	= 0x4,
+	STF_BARRIER_SYNC_ORI	= 0x8,
+};
+
+void setup_stf_barrier(void);
+void do_stf_barrier_fixups(enum stf_barrier_type types);
+
+static inline void security_ftr_set(unsigned long feature)
+{
+	powerpc_security_features |= feature;
+}
+
+static inline void security_ftr_clear(unsigned long feature)
+{
+	powerpc_security_features &= ~feature;
+}
+
+static inline bool security_ftr_enabled(unsigned long feature)
+{
+	return !!(powerpc_security_features & feature);
+}
+
+
+// Features indicating support for Spectre/Meltdown mitigations
+
+// The L1-D cache can be flushed with ori r30,r30,0
+#define SEC_FTR_L1D_FLUSH_ORI30		0x0000000000000001ull
+
+// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2)
+#define SEC_FTR_L1D_FLUSH_TRIG2		0x0000000000000002ull
+
+// ori r31,r31,0 acts as a speculation barrier
+#define SEC_FTR_SPEC_BAR_ORI31		0x0000000000000004ull
+
+// Speculation past bctr is disabled
+#define SEC_FTR_BCCTRL_SERIALISED	0x0000000000000008ull
+
+// Entries in L1-D are private to a SMT thread
+#define SEC_FTR_L1D_THREAD_PRIV		0x0000000000000010ull
+
+// Indirect branch prediction cache disabled
+#define SEC_FTR_COUNT_CACHE_DISABLED	0x0000000000000020ull
+
+
+// Features indicating need for Spectre/Meltdown mitigations
+
+// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest)
+#define SEC_FTR_L1D_FLUSH_HV		0x0000000000000040ull
+
+// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace)
+#define SEC_FTR_L1D_FLUSH_PR		0x0000000000000080ull
+
+// A speculation barrier should be used for bounds checks (Spectre variant 1)
+#define SEC_FTR_BNDS_CHK_SPEC_BAR	0x0000000000000100ull
+
+// Firmware configuration indicates user favours security over performance
+#define SEC_FTR_FAVOUR_SECURITY		0x0000000000000200ull
+
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+	(SEC_FTR_L1D_FLUSH_HV | \
+	 SEC_FTR_L1D_FLUSH_PR | \
+	 SEC_FTR_BNDS_CHK_SPEC_BAR | \
+	 SEC_FTR_FAVOUR_SECURITY)
+
+#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32)		+= vdso32/
 obj-$(CONFIG_PPC_WATCHDOG)	+= watchdog.o
 obj-$(CONFIG_HAVE_HW_BREAKPOINT)	+= hw_breakpoint.o
 obj-$(CONFIG_PPC_BOOK3S_64)	+= cpu_setup_ppc970.o cpu_setup_pa6t.o
-obj-$(CONFIG_PPC_BOOK3S_64)	+= cpu_setup_power.o
+obj-$(CONFIG_PPC_BOOK3S_64)	+= cpu_setup_power.o security.o
 obj-$(CONFIG_PPC_BOOK3S_64)	+= mce.o mce_power.o
 obj-$(CONFIG_PPC_BOOK3E_64)	+= exceptions-64e.o idle_book3e.o
 obj-$(CONFIG_PPC64)		+= vdso64/

--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -833,7 +833,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM)
 #endif


-EXC_REAL_MASKABLE(decrementer, 0x900, 0x80, IRQS_DISABLED)
+EXC_REAL_OOL_MASKABLE(decrementer, 0x900, 0x80, IRQS_DISABLED)
 EXC_VIRT_MASKABLE(decrementer, 0x4900, 0x80, 0x900, IRQS_DISABLED)
 TRAMP_KVM(PACA_EXGEN, 0x900)
 EXC_COMMON_ASYNC(decrementer_common, 0x900, timer_interrupt)
@@ -909,6 +909,7 @@ EXC_COMMON(trap_0b_common, 0xb00, unknown_exception)
 	mtctr	r13;							\
 	GET_PACA(r13);							\
 	std	r10,PACA_EXGEN+EX_R10(r13);				\
+	INTERRUPT_TO_KERNEL;						\
 	KVMTEST_PR(0xc00); /* uses r10, branch to do_kvm_0xc00_system_call */ \
 	HMT_MEDIUM;							\
 	mfctr	r9;
@@ -917,7 +918,8 @@ EXC_COMMON(trap_0b_common, 0xb00, unknown_exception)
 #define SYSCALL_KVMTEST							\
 	HMT_MEDIUM;							\
 	mr	r9,r13;							\
-	GET_PACA(r13);
+	GET_PACA(r13);							\
+	INTERRUPT_TO_KERNEL;
 #endif
 	
 #define LOAD_SYSCALL_HANDLER(reg)					\
@@ -1455,6 +1457,19 @@ masked_##_H##interrupt:					\
 	b	.;					\
 	MASKED_DEC_HANDLER(_H)

+TRAMP_REAL_BEGIN(stf_barrier_fallback)
+	std	r9,PACA_EXRFI+EX_R9(r13)
+	std	r10,PACA_EXRFI+EX_R10(r13)
+	sync
+	ld	r9,PACA_EXRFI+EX_R9(r13)
+	ld	r10,PACA_EXRFI+EX_R10(r13)
+	ori	31,31,0
+	.rept 14
+	b	1f
+1:
+	.endr
+	blr
+
 TRAMP_REAL_BEGIN(rfi_flush_fallback)
 	SET_SCRATCH0(r13);
 	GET_PACA(r13);

--- a/arch/powerpc/kernel/mce_power.c
+++ b/arch/powerpc/kernel/mce_power.c
@@ -441,7 +441,6 @@ static int mce_handle_ierror(struct pt_regs *regs,
 					if (pfn != ULONG_MAX) {
 						*phys_addr =
 							(pfn << PAGE_SHIFT);
-						handled = 1;
 					}
 				}
 			}
@@ -532,9 +531,7 @@ static int mce_handle_derror(struct pt_regs *regs,
 			 * kernel/exception-64s.h
 			 */
 			if (get_paca()->in_mce < MAX_MCE_DEPTH)
-				if (!mce_find_instr_ea_and_pfn(regs, addr,
-								phys_addr))
-					handled = 1;