--- /dev/null
+From f11fc4bc669b8622510c1039499f5a9d24248fec Mon Sep 17 00:00:00 2001
+From: Zhang Rui <rui.zhang@intel.com>
+Date: Mon, 3 Sep 2018 10:00:07 +0800
+Subject: ACPI / LPSS: Force LPSS quirks on boot
+
+From: Zhang Rui <rui.zhang@intel.com>
+
+commit f11fc4bc669b8622510c1039499f5a9d24248fec upstream.
+
+Commit 12864ff8545f (ACPI / LPSS: Avoid PM quirks on suspend and resume
+from hibernation) bypasses lpss quirks for S3 and S4, by setting a flag
+for S3/S4 in acpi_lpss_suspend(), and check that flag in
+acpi_lpss_resume().
+
+But this overlooks the boot case where acpi_lpss_resume() may get called
+without a corresponding acpi_lpss_suspend() having been called.
+
+Thus force setting the flag during boot.
+
+Fixes: 12864ff8545f (ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation)
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=200989
+Reported-and-tested-by: William Lieurance <william.lieurance@namikoda.com>
+Signed-off-by: Zhang Rui <rui.zhang@intel.com>
+Cc: 4.15+ <stable@vger.kernel.org> # 4.15+: 12864ff8545f (ACPI / LPSS: Avoid ...)
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/acpi_lpss.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/acpi/acpi_lpss.c
++++ b/drivers/acpi/acpi_lpss.c
+@@ -879,7 +879,7 @@ static void acpi_lpss_dismiss(struct dev
+ #define LPSS_GPIODEF0_DMA_LLP BIT(13)
+
+ static DEFINE_MUTEX(lpss_iosf_mutex);
+-static bool lpss_iosf_d3_entered;
++static bool lpss_iosf_d3_entered = true;
+
+ static void lpss_iosf_enter_d3_state(void)
+ {
--- /dev/null
+From 16037643969e095509cd8446a3f8e406a6dc3a2c Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 30 Aug 2018 15:13:16 +0200
+Subject: ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 16037643969e095509cd8446a3f8e406a6dc3a2c upstream.
+
+On AMD/ATI controllers, the HD-audio controller driver allows a bus
+reset upon the error recovery, and its procedure includes the
+cancellation of pending jack polling work as found in
+snd_hda_bus_codec_reset(). This works usually fine, but it becomes a
+problem when the reset happens from the jack poll work itself; then
+calling cancel_work_sync() from the work being processed tries to wait
+the finish endlessly.
+
+As a workaround, this patch adds the check of current_work() and
+applies the cancel_work_sync() only when it's not from the
+jackpoll_work.
+
+This doesn't fix the root cause of the reported error below, but at
+least, it eases the unexpected stall of the whole system.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200937
+Cc: <stable@vger.kernel.org>
+Cc: Lukas Wunner <lukas@wunner.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/hda_codec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/hda/hda_codec.c
++++ b/sound/pci/hda/hda_codec.c
+@@ -3910,7 +3910,8 @@ void snd_hda_bus_reset_codecs(struct hda
+
+ list_for_each_codec(codec, bus) {
+ /* FIXME: maybe a better way needed for forced reset */
+- cancel_delayed_work_sync(&codec->jackpoll_work);
++ if (current_work() != &codec->jackpoll_work.work)
++ cancel_delayed_work_sync(&codec->jackpoll_work);
+ #ifdef CONFIG_PM
+ if (hda_codec_is_power_on(codec)) {
+ hda_call_codec_suspend(codec);
--- /dev/null
+From 5c0920897af59779546e9ea0e89c5db45c8aff33 Mon Sep 17 00:00:00 2001
+From: Alexey Brodkin <abrodkin@synopsys.com>
+Date: Thu, 2 Aug 2018 13:19:37 +0300
+Subject: ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel
+
+From: Alexey Brodkin <abrodkin@synopsys.com>
+
+commit 5c0920897af59779546e9ea0e89c5db45c8aff33 upstream.
+
+Otherwise kernel uses random MAC which is not very conveniet.
+With that change in place use might set desired MAC in U-Boot
+with "setenv ethaddr 11:22:33:44:55:66", save environment and
+then from boot to boot the same MAC will be used by the kernel.
+
+One other note for this to happen it's required to pass
+board's .dtb in U-Boot's "bootm" command like that:
+------------------->8-----------------
+bootm 0x82000000 - 0x84000000
+------------------->8-----------------
+
+Here 0x82000000 is location of uImage while
+0x80000000 is location of either axs10x.dtb or hsdk.dtb
+previously loaded from SD-card, USB storage or TFTP server.
+
+Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
+Cc: Rob Herring <robh+dt@kernel.org>
+Cc: stable@vger.kernel.org # 4.14
+Cc: devicetree@vger.kernel.org
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/boot/dts/axs10x_mb.dtsi | 7 ++++++-
+ arch/arc/boot/dts/hsdk.dts | 7 ++++++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+--- a/arch/arc/boot/dts/axs10x_mb.dtsi
++++ b/arch/arc/boot/dts/axs10x_mb.dtsi
+@@ -9,6 +9,10 @@
+ */
+
+ / {
++ aliases {
++ ethernet = &gmac;
++ };
++
+ axs10x_mb {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+@@ -68,7 +72,7 @@
+ };
+ };
+
+- ethernet@0x18000 {
++ gmac: ethernet@0x18000 {
+ #interrupt-cells = <1>;
+ compatible = "snps,dwmac";
+ reg = < 0x18000 0x2000 >;
+@@ -81,6 +85,7 @@
+ max-speed = <100>;
+ resets = <&creg_rst 5>;
+ reset-names = "stmmaceth";
++ mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */
+ };
+
+ ehci@0x40000 {
+--- a/arch/arc/boot/dts/hsdk.dts
++++ b/arch/arc/boot/dts/hsdk.dts
+@@ -25,6 +25,10 @@
+ bootargs = "earlycon=uart8250,mmio32,0xf0005000,115200n8 console=ttyS0,115200n8 debug print-fatal-signals=1";
+ };
+
++ aliases {
++ ethernet = &gmac;
++ };
++
+ cpus {
+ #address-cells = <1>;
+ #size-cells = <0>;
+@@ -163,7 +167,7 @@
+ #clock-cells = <0>;
+ };
+
+- ethernet@8000 {
++ gmac: ethernet@8000 {
+ #interrupt-cells = <1>;
+ compatible = "snps,dwmac";
+ reg = <0x8000 0x2000>;
+@@ -176,6 +180,7 @@
+ phy-handle = <&phy0>;
+ resets = <&cgu_rst HSDK_ETH_RESET>;
+ reset-names = "stmmaceth";
++ mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */
+
+ mdio {
+ #address-cells = <1>;
--- /dev/null
+From f8b7530aa0a1def79c93101216b5b17cf408a70a Mon Sep 17 00:00:00 2001
+From: Neeraj Upadhyay <neeraju@codeaurora.org>
+Date: Wed, 5 Sep 2018 11:22:07 +0530
+Subject: cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
+
+From: Neeraj Upadhyay <neeraju@codeaurora.org>
+
+commit f8b7530aa0a1def79c93101216b5b17cf408a70a upstream.
+
+The smp_mb() in cpuhp_thread_fun() is misplaced. It needs to be after the
+load of st->should_run to prevent reordering of the later load/stores
+w.r.t. the load of st->should_run.
+
+Fixes: 4dddfb5faa61 ("smp/hotplug: Rewrite AP state machine core")
+Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infraded.org>
+Cc: josh@joshtriplett.org
+Cc: peterz@infradead.org
+Cc: jiangshanlai@gmail.com
+Cc: dzickus@redhat.com
+Cc: brendan.jackman@arm.com
+Cc: malat@debian.org
+Cc: mojha@codeaurora.org
+Cc: sramana@codeaurora.org
+Cc: linux-arm-msm@vger.kernel.org
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/1536126727-11629-1-git-send-email-neeraju@codeaurora.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cpu.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -608,15 +608,15 @@ static void cpuhp_thread_fun(unsigned in
+ bool bringup = st->bringup;
+ enum cpuhp_state state;
+
++ if (WARN_ON_ONCE(!st->should_run))
++ return;
++
+ /*
+ * ACQUIRE for the cpuhp_should_run() load of ->should_run. Ensures
+ * that if we see ->should_run we also see the rest of the state.
+ */
+ smp_mb();
+
+- if (WARN_ON_ONCE(!st->should_run))
+- return;
+-
+ cpuhp_lock_acquire(bringup);
+
+ if (st->single) {
--- /dev/null
+From 69fa6eb7d6a64801ea261025cce9723d9442d773 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 6 Sep 2018 15:21:38 +0200
+Subject: cpu/hotplug: Prevent state corruption on error rollback
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 69fa6eb7d6a64801ea261025cce9723d9442d773 upstream.
+
+When a teardown callback fails, the CPU hotplug code brings the CPU back to
+the previous state. The previous state becomes the new target state. The
+rollback happens in undo_cpu_down() which increments the state
+unconditionally even if the state is already the same as the target.
+
+As a consequence the next CPU hotplug operation will start at the wrong
+state. This is easily to observe when __cpu_disable() fails.
+
+Prevent the unconditional undo by checking the state vs. target before
+incrementing state and fix up the consequently wrong conditional in the
+unplug code which handles the failure of the final CPU take down on the
+control CPU side.
+
+Fixes: 4dddfb5faa61 ("smp/hotplug: Rewrite AP state machine core")
+Reported-by: Neeraj Upadhyay <neeraju@codeaurora.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Tested-by: Sudeep Holla <sudeep.holla@arm.com>
+Tested-by: Neeraj Upadhyay <neeraju@codeaurora.org>
+Cc: josh@joshtriplett.org
+Cc: peterz@infradead.org
+Cc: jiangshanlai@gmail.com
+Cc: dzickus@redhat.com
+Cc: brendan.jackman@arm.com
+Cc: malat@debian.org
+Cc: sramana@codeaurora.org
+Cc: linux-arm-msm@vger.kernel.org
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1809051419580.1416@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+----
+
+---
+ kernel/cpu.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -928,7 +928,8 @@ static int cpuhp_down_callbacks(unsigned
+ ret = cpuhp_invoke_callback(cpu, st->state, false, NULL, NULL);
+ if (ret) {
+ st->target = prev_state;
+- undo_cpu_down(cpu, st);
++ if (st->state < prev_state)
++ undo_cpu_down(cpu, st);
+ break;
+ }
+ }
+@@ -981,7 +982,7 @@ static int __ref _cpu_down(unsigned int
+ * to do the further cleanups.
+ */
+ ret = cpuhp_down_callbacks(cpu, st, target);
+- if (ret && st->state > CPUHP_TEARDOWN_CPU && st->state < prev_state) {
++ if (ret && st->state == CPUHP_TEARDOWN_CPU && st->state < prev_state) {
+ cpuhp_reset_state(st, prev_state);
+ __cpuhp_kick_ap(st);
+ }
--- /dev/null
+From 6b45a2b1c0bc2aec84d1c56a1976ca9c8a621ecb Mon Sep 17 00:00:00 2001
+From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Date: Thu, 6 Sep 2018 14:12:19 +0200
+Subject: memory: ti-aemif: fix a potential NULL-pointer dereference
+
+From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+
+commit 6b45a2b1c0bc2aec84d1c56a1976ca9c8a621ecb upstream.
+
+Platform data pointer may be NULL. We check it everywhere but in one
+place. Fix it.
+
+Fixes: 8af70cd2ca50 ("memory: aemif: add support for board files")
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Olof Johansson <olof@lixom.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/memory/ti-aemif.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/memory/ti-aemif.c
++++ b/drivers/memory/ti-aemif.c
+@@ -411,7 +411,7 @@ static int aemif_probe(struct platform_d
+ if (ret < 0)
+ goto error;
+ }
+- } else {
++ } else if (pdata) {
+ for (i = 0; i < pdata->num_sub_devices; i++) {
+ pdata->sub_devices[i].dev.parent = dev;
+ ret = platform_device_register(&pdata->sub_devices[i]);
kvm-x86-merge-emultype_retry-and-emultype_allow_reexecute.patch
kvm-x86-default-to-not-allowing-emulation-retry-in-kvm_mmu_page_fault.patch
kvm-x86-do-not-re-try-execute-after-failed-emulation-in-l2.patch
+arc-allow-u-boot-to-pass-mac-address-to-the-kernel.patch
+acpi-lpss-force-lpss-quirks-on-boot.patch
+memory-ti-aemif-fix-a-potential-null-pointer-dereference.patch
+alsa-hda-fix-cancel_work_sync-stall-from-jackpoll-work.patch
+cpu-hotplug-adjust-misplaced-smb-in-cpuhp_thread_fun.patch
+cpu-hotplug-prevent-state-corruption-on-error-rollback.patch
+x86-microcode-make-sure-boot_cpu_data.microcode-is-up-to-date.patch
+x86-microcode-update-the-new-microcode-revision-unconditionally.patch
+x86-process-don-t-mix-user-kernel-regs-in-64bit-__show_regs.patch
+x86-apic-vector-make-error-return-value-negative.patch
--- /dev/null
+From 47b7360ce563e18c524ce92b55fb4da72b3b3578 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sat, 8 Sep 2018 12:07:26 +0200
+Subject: x86/apic/vector: Make error return value negative
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 47b7360ce563e18c524ce92b55fb4da72b3b3578 upstream.
+
+activate_managed() returns EINVAL instead of -EINVAL in case of
+error. While this is unlikely to happen, the positive return value would
+cause further malfunction at the call site.
+
+Fixes: 2db1f959d9dc ("x86/vector: Handle managed interrupts proper")
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/apic/vector.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/apic/vector.c
++++ b/arch/x86/kernel/apic/vector.c
+@@ -422,7 +422,7 @@ static int activate_managed(struct irq_d
+ if (WARN_ON_ONCE(cpumask_empty(vector_searchmask))) {
+ /* Something in the core code broke! Survive gracefully */
+ pr_err("Managed startup for irq %u, but no CPU\n", irqd->irq);
+- return EINVAL;
++ return -EINVAL;
+ }
+
+ ret = assign_managed_vector(irqd, vector_searchmask);
--- /dev/null
+From 370a132bb2227ff76278f98370e0e701d86ff752 Mon Sep 17 00:00:00 2001
+From: Prarit Bhargava <prarit@redhat.com>
+Date: Tue, 31 Jul 2018 07:27:39 -0400
+Subject: x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
+
+From: Prarit Bhargava <prarit@redhat.com>
+
+commit 370a132bb2227ff76278f98370e0e701d86ff752 upstream.
+
+When preparing an MCE record for logging, boot_cpu_data.microcode is used
+to read out the microcode revision on the box.
+
+However, on systems where late microcode update has happened, the microcode
+revision output in a MCE log record is wrong because
+boot_cpu_data.microcode is not updated when the microcode gets updated.
+
+But, the microcode revision saved in boot_cpu_data's microcode member
+should be kept up-to-date, regardless, for consistency.
+
+Make it so.
+
+Fixes: fa94d0c6e0f3 ("x86/MCE: Save microcode revision in machine check records")
+Signed-off-by: Prarit Bhargava <prarit@redhat.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Tony Luck <tony.luck@intel.com>
+Cc: sironi@amazon.de
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20180731112739.32338-1-prarit@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/amd.c | 4 ++++
+ arch/x86/kernel/cpu/microcode/intel.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+--- a/arch/x86/kernel/cpu/microcode/amd.c
++++ b/arch/x86/kernel/cpu/microcode/amd.c
+@@ -537,6 +537,10 @@ static enum ucode_state apply_microcode_
+ uci->cpu_sig.rev = mc_amd->hdr.patch_id;
+ c->microcode = mc_amd->hdr.patch_id;
+
++ /* Update boot_cpu_data's revision too, if we're on the BSP: */
++ if (c->cpu_index == boot_cpu_data.cpu_index)
++ boot_cpu_data.microcode = mc_amd->hdr.patch_id;
++
+ return UCODE_UPDATED;
+ }
+
+--- a/arch/x86/kernel/cpu/microcode/intel.c
++++ b/arch/x86/kernel/cpu/microcode/intel.c
+@@ -851,6 +851,10 @@ static enum ucode_state apply_microcode_
+ uci->cpu_sig.rev = rev;
+ c->microcode = rev;
+
++ /* Update boot_cpu_data's revision too, if we're on the BSP: */
++ if (c->cpu_index == boot_cpu_data.cpu_index)
++ boot_cpu_data.microcode = rev;
++
+ return UCODE_UPDATED;
+ }
+
--- /dev/null
+From 8da38ebaad23fe1b0c4a205438676f6356607cfc Mon Sep 17 00:00:00 2001
+From: Filippo Sironi <sironi@amazon.de>
+Date: Tue, 31 Jul 2018 17:29:30 +0200
+Subject: x86/microcode: Update the new microcode revision unconditionally
+
+From: Filippo Sironi <sironi@amazon.de>
+
+commit 8da38ebaad23fe1b0c4a205438676f6356607cfc upstream.
+
+Handle the case where microcode gets loaded on the BSP's hyperthread
+sibling first and the boot_cpu_data's microcode revision doesn't get
+updated because of early exit due to the siblings sharing a microcode
+engine.
+
+For that, simply write the updated revision on all CPUs unconditionally.
+
+Signed-off-by: Filippo Sironi <sironi@amazon.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: prarit@redhat.com
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/1533050970-14385-1-git-send-email-sironi@amazon.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/amd.c | 22 +++++++++++++---------
+ arch/x86/kernel/cpu/microcode/intel.c | 13 ++++++++-----
+ 2 files changed, 21 insertions(+), 14 deletions(-)
+
+--- a/arch/x86/kernel/cpu/microcode/amd.c
++++ b/arch/x86/kernel/cpu/microcode/amd.c
+@@ -504,6 +504,7 @@ static enum ucode_state apply_microcode_
+ struct microcode_amd *mc_amd;
+ struct ucode_cpu_info *uci;
+ struct ucode_patch *p;
++ enum ucode_state ret;
+ u32 rev, dummy;
+
+ BUG_ON(raw_smp_processor_id() != cpu);
+@@ -521,9 +522,8 @@ static enum ucode_state apply_microcode_
+
+ /* need to apply patch? */
+ if (rev >= mc_amd->hdr.patch_id) {
+- c->microcode = rev;
+- uci->cpu_sig.rev = rev;
+- return UCODE_OK;
++ ret = UCODE_OK;
++ goto out;
+ }
+
+ if (__apply_microcode_amd(mc_amd)) {
+@@ -531,17 +531,21 @@ static enum ucode_state apply_microcode_
+ cpu, mc_amd->hdr.patch_id);
+ return UCODE_ERROR;
+ }
+- pr_info("CPU%d: new patch_level=0x%08x\n", cpu,
+- mc_amd->hdr.patch_id);
+
+- uci->cpu_sig.rev = mc_amd->hdr.patch_id;
+- c->microcode = mc_amd->hdr.patch_id;
++ rev = mc_amd->hdr.patch_id;
++ ret = UCODE_UPDATED;
++
++ pr_info("CPU%d: new patch_level=0x%08x\n", cpu, rev);
++
++out:
++ uci->cpu_sig.rev = rev;
++ c->microcode = rev;
+
+ /* Update boot_cpu_data's revision too, if we're on the BSP: */
+ if (c->cpu_index == boot_cpu_data.cpu_index)
+- boot_cpu_data.microcode = mc_amd->hdr.patch_id;
++ boot_cpu_data.microcode = rev;
+
+- return UCODE_UPDATED;
++ return ret;
+ }
+
+ static int install_equiv_cpu_table(const u8 *buf)
+--- a/arch/x86/kernel/cpu/microcode/intel.c
++++ b/arch/x86/kernel/cpu/microcode/intel.c
+@@ -795,6 +795,7 @@ static enum ucode_state apply_microcode_
+ struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+ struct cpuinfo_x86 *c = &cpu_data(cpu);
+ struct microcode_intel *mc;
++ enum ucode_state ret;
+ static int prev_rev;
+ u32 rev;
+
+@@ -817,9 +818,8 @@ static enum ucode_state apply_microcode_
+ */
+ rev = intel_get_microcode_revision();
+ if (rev >= mc->hdr.rev) {
+- uci->cpu_sig.rev = rev;
+- c->microcode = rev;
+- return UCODE_OK;
++ ret = UCODE_OK;
++ goto out;
+ }
+
+ /*
+@@ -848,14 +848,17 @@ static enum ucode_state apply_microcode_
+ prev_rev = rev;
+ }
+
++ ret = UCODE_UPDATED;
++
++out:
+ uci->cpu_sig.rev = rev;
+- c->microcode = rev;
++ c->microcode = rev;
+
+ /* Update boot_cpu_data's revision too, if we're on the BSP: */
+ if (c->cpu_index == boot_cpu_data.cpu_index)
+ boot_cpu_data.microcode = rev;
+
+- return UCODE_UPDATED;
++ return ret;
+ }
+
+ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
--- /dev/null
+From 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Fri, 31 Aug 2018 21:41:51 +0200
+Subject: x86/process: Don't mix user/kernel regs in 64bit __show_regs()
+
+From: Jann Horn <jannh@google.com>
+
+commit 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 upstream.
+
+When the kernel.print-fatal-signals sysctl has been enabled, a simple
+userspace crash will cause the kernel to write a crash dump that contains,
+among other things, the kernel gsbase into dmesg.
+
+As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE
+in this case.
+
+This also moves the bitness-specific logic from show_regs() into
+process_{32,64}.c.
+
+Fixes: 45807a1df9f5 ("vdso: print fatal signals")
+Signed-off-by: Jann Horn <jannh@google.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bpetkov@suse.de>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/kdebug.h | 12 +++++++++++-
+ arch/x86/kernel/dumpstack.c | 11 +++--------
+ arch/x86/kernel/process_32.c | 4 ++--
+ arch/x86/kernel/process_64.c | 12 ++++++++++--
+ 4 files changed, 26 insertions(+), 13 deletions(-)
+
+--- a/arch/x86/include/asm/kdebug.h
++++ b/arch/x86/include/asm/kdebug.h
+@@ -22,10 +22,20 @@ enum die_val {
+ DIE_NMIUNKNOWN,
+ };
+
++enum show_regs_mode {
++ SHOW_REGS_SHORT,
++ /*
++ * For when userspace crashed, but we don't think it's our fault, and
++ * therefore don't print kernel registers.
++ */
++ SHOW_REGS_USER,
++ SHOW_REGS_ALL
++};
++
+ extern void die(const char *, struct pt_regs *,long);
+ extern int __must_check __die(const char *, struct pt_regs *, long);
+ extern void show_stack_regs(struct pt_regs *regs);
+-extern void __show_regs(struct pt_regs *regs, int all);
++extern void __show_regs(struct pt_regs *regs, enum show_regs_mode);
+ extern void show_iret_regs(struct pt_regs *regs);
+ extern unsigned long oops_begin(void);
+ extern void oops_end(unsigned long, struct pt_regs *, int signr);
+--- a/arch/x86/kernel/dumpstack.c
++++ b/arch/x86/kernel/dumpstack.c
+@@ -155,7 +155,7 @@ static void show_regs_if_on_stack(struct
+ * they can be printed in the right context.
+ */
+ if (!partial && on_stack(info, regs, sizeof(*regs))) {
+- __show_regs(regs, 0);
++ __show_regs(regs, SHOW_REGS_SHORT);
+
+ } else if (partial && on_stack(info, (void *)regs + IRET_FRAME_OFFSET,
+ IRET_FRAME_SIZE)) {
+@@ -353,7 +353,7 @@ void oops_end(unsigned long flags, struc
+ oops_exit();
+
+ /* Executive summary in case the oops scrolled away */
+- __show_regs(&exec_summary_regs, true);
++ __show_regs(&exec_summary_regs, SHOW_REGS_ALL);
+
+ if (!signr)
+ return;
+@@ -416,14 +416,9 @@ void die(const char *str, struct pt_regs
+
+ void show_regs(struct pt_regs *regs)
+ {
+- bool all = true;
+-
+ show_regs_print_info(KERN_DEFAULT);
+
+- if (IS_ENABLED(CONFIG_X86_32))
+- all = !user_mode(regs);
+-
+- __show_regs(regs, all);
++ __show_regs(regs, user_mode(regs) ? SHOW_REGS_USER : SHOW_REGS_ALL);
+
+ /*
+ * When in-kernel, we also print out the stack at the time of the fault..
+--- a/arch/x86/kernel/process_32.c
++++ b/arch/x86/kernel/process_32.c
+@@ -59,7 +59,7 @@
+ #include <asm/intel_rdt_sched.h>
+ #include <asm/proto.h>
+
+-void __show_regs(struct pt_regs *regs, int all)
++void __show_regs(struct pt_regs *regs, enum show_regs_mode mode)
+ {
+ unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L;
+ unsigned long d0, d1, d2, d3, d6, d7;
+@@ -85,7 +85,7 @@ void __show_regs(struct pt_regs *regs, i
+ printk(KERN_DEFAULT "DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x EFLAGS: %08lx\n",
+ (u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss, regs->flags);
+
+- if (!all)
++ if (mode != SHOW_REGS_ALL)
+ return;
+
+ cr0 = read_cr0();
+--- a/arch/x86/kernel/process_64.c
++++ b/arch/x86/kernel/process_64.c
+@@ -62,7 +62,7 @@
+ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch);
+
+ /* Prints also some state that isn't saved in the pt_regs */
+-void __show_regs(struct pt_regs *regs, int all)
++void __show_regs(struct pt_regs *regs, enum show_regs_mode mode)
+ {
+ unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L, fs, gs, shadowgs;
+ unsigned long d0, d1, d2, d3, d6, d7;
+@@ -87,9 +87,17 @@ void __show_regs(struct pt_regs *regs, i
+ printk(KERN_DEFAULT "R13: %016lx R14: %016lx R15: %016lx\n",
+ regs->r13, regs->r14, regs->r15);
+
+- if (!all)
++ if (mode == SHOW_REGS_SHORT)
+ return;
+
++ if (mode == SHOW_REGS_USER) {
++ rdmsrl(MSR_FS_BASE, fs);
++ rdmsrl(MSR_KERNEL_GS_BASE, shadowgs);
++ printk(KERN_DEFAULT "FS: %016lx GS: %016lx\n",
++ fs, shadowgs);
++ return;
++ }
++
+ asm("movl %%ds,%0" : "=r" (ds));
+ asm("movl %%cs,%0" : "=r" (cs));
+ asm("movl %%es,%0" : "=r" (es));
projects / thirdparty / kernel / stable-queue.git / commitdiff
