--- /dev/null
+From 3b0c0c922ff4be275a8beb87ce5657d16f355b54 Mon Sep 17 00:00:00 2001
+From: Philip Derrin <philip@cog.systems>
+Date: Tue, 14 Nov 2017 00:55:26 +0100
+Subject: ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
+
+From: Philip Derrin <philip@cog.systems>
+
+commit 3b0c0c922ff4be275a8beb87ce5657d16f355b54 upstream.
+
+When CONFIG_ARM_LPAE is set, the PMD dump relies on the software
+read-only bit to determine whether a page is writable. This
+concealed a bug which left the kernel text section writable
+(AP2=0) while marked read-only in the software bit.
+
+In a kernel with the AP2 bug, the dump looks like this:
+
+ ---[ Kernel Mapping ]---
+ 0xc0000000-0xc0200000 2M RW NX SHD
+ 0xc0200000-0xc0600000 4M ro x SHD
+ 0xc0600000-0xc0800000 2M ro NX SHD
+ 0xc0800000-0xc4800000 64M RW NX SHD
+
+The fix is to check that the software and hardware bits are both
+set before displaying "ro". The dump then shows the true perms:
+
+ ---[ Kernel Mapping ]---
+ 0xc0000000-0xc0200000 2M RW NX SHD
+ 0xc0200000-0xc0600000 4M RW x SHD
+ 0xc0600000-0xc0800000 2M RW NX SHD
+ 0xc0800000-0xc4800000 64M RW NX SHD
+
+Fixes: ded947798469 ("ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE")
+Signed-off-by: Philip Derrin <philip@cog.systems>
+Tested-by: Neil Dick <neil@cog.systems>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mm/dump.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/mm/dump.c
++++ b/arch/arm/mm/dump.c
+@@ -129,8 +129,8 @@ static const struct prot_bits section_bi
+ .val = PMD_SECT_USER,
+ .set = "USR",
+ }, {
+- .mask = L_PMD_SECT_RDONLY,
+- .val = L_PMD_SECT_RDONLY,
++ .mask = L_PMD_SECT_RDONLY | PMD_SECT_AP2,
++ .val = L_PMD_SECT_RDONLY | PMD_SECT_AP2,
+ .set = "ro",
+ .clear = "RW",
+ #elif __LINUX_ARM_ARCH__ >= 6
--- /dev/null
+From 400eeffaffc7232c0ae1134fe04e14ae4fb48d8c Mon Sep 17 00:00:00 2001
+From: Philip Derrin <philip@cog.systems>
+Date: Tue, 14 Nov 2017 00:55:25 +0100
+Subject: ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
+
+From: Philip Derrin <philip@cog.systems>
+
+commit 400eeffaffc7232c0ae1134fe04e14ae4fb48d8c upstream.
+
+Currently, for ARM kernels with CONFIG_ARM_LPAE and
+CONFIG_STRICT_KERNEL_RWX enabled, the 2MiB pages mapping the
+kernel code and rodata are writable. They are marked read-only in
+a software bit (L_PMD_SECT_RDONLY) but the hardware read-only bit
+is not set (PMD_SECT_AP2).
+
+For user mappings, the logic that propagates the software bit
+to the hardware bit is in set_pmd_at(); but for the kernel,
+section_update() writes the PMDs directly, skipping this logic.
+
+The fix is to set PMD_SECT_AP2 for read-only sections in
+section_update(), at the same time as L_PMD_SECT_RDONLY.
+
+Fixes: 1e3479225acb ("ARM: 8275/1: mm: fix PMD_SECT_RDONLY undeclared compile error")
+Signed-off-by: Philip Derrin <philip@cog.systems>
+Reported-by: Neil Dick <neil@cog.systems>
+Tested-by: Neil Dick <neil@cog.systems>
+Tested-by: Laura Abbott <labbott@redhat.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mm/init.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/mm/init.c
++++ b/arch/arm/mm/init.c
+@@ -639,8 +639,8 @@ static struct section_perm ro_perms[] =
+ .start = (unsigned long)_stext,
+ .end = (unsigned long)__init_begin,
+ #ifdef CONFIG_ARM_LPAE
+- .mask = ~L_PMD_SECT_RDONLY,
+- .prot = L_PMD_SECT_RDONLY,
++ .mask = ~(L_PMD_SECT_RDONLY | PMD_SECT_AP2),
++ .prot = L_PMD_SECT_RDONLY | PMD_SECT_AP2,
+ #else
+ .mask = ~(PMD_SECT_APX | PMD_SECT_AP_WRITE),
+ .prot = PMD_SECT_APX | PMD_SECT_AP_WRITE,
--- /dev/null
+From 6218f96c58dbf44a06aeaf767aab1f54fc397838 Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Thu, 26 Oct 2017 18:36:47 +0100
+Subject: arm64: Implement arch-specific pte_access_permitted()
+
+From: Catalin Marinas <catalin.marinas@arm.com>
+
+commit 6218f96c58dbf44a06aeaf767aab1f54fc397838 upstream.
+
+The generic pte_access_permitted() implementation only checks for
+pte_present() (together with the write permission where applicable).
+However, for both kernel ptes and PROT_NONE mappings pte_present() also
+returns true on arm64 even though such mappings are not user accessible.
+Additionally, arm64 now supports execute-only user permission
+(PROT_EXEC) which is implemented by clearing the PTE_USER bit.
+
+With this patch the arm64 implementation of pte_access_permitted()
+checks for the PTE_VALID and PTE_USER bits together with writable access
+if applicable.
+
+Reported-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/include/asm/pgtable.h | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/arch/arm64/include/asm/pgtable.h
++++ b/arch/arm64/include/asm/pgtable.h
+@@ -98,6 +98,8 @@ extern unsigned long empty_zero_page[PAG
+ ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == (PTE_VALID | PTE_UXN))
+ #define pte_valid_young(pte) \
+ ((pte_val(pte) & (PTE_VALID | PTE_AF)) == (PTE_VALID | PTE_AF))
++#define pte_valid_user(pte) \
++ ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
+
+ /*
+ * Could the pte be present in the TLB? We must check mm_tlb_flush_pending
+@@ -107,6 +109,18 @@ extern unsigned long empty_zero_page[PAG
+ #define pte_accessible(mm, pte) \
+ (mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid_young(pte))
+
++/*
++ * p??_access_permitted() is true for valid user mappings (subject to the
++ * write permission check) other than user execute-only which do not have the
++ * PTE_USER bit set. PROT_NONE mappings do not have the PTE_VALID bit set.
++ */
++#define pte_access_permitted(pte, write) \
++ (pte_valid_user(pte) && (!(write) || pte_write(pte)))
++#define pmd_access_permitted(pmd, write) \
++ (pte_access_permitted(pmd_pte(pmd), (write)))
++#define pud_access_permitted(pud, write) \
++ (pte_access_permitted(pud_pte(pud), (write)))
++
+ static inline pte_t clear_pte_bit(pte_t pte, pgprot_t prot)
+ {
+ pte_val(pte) &= ~pgprot_val(prot);
--- /dev/null
+From a3f143106596d739e7fbc4b84c96b1475247d876 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Wed, 4 Oct 2017 03:46:14 +0100
+Subject: MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+commit a3f143106596d739e7fbc4b84c96b1475247d876 upstream.
+
+__cmpxchg64_local_generic() is atomic only w.r.t tasks and interrupts
+on the same CPU (that's what the 'local' means). We can't use it to
+implement cmpxchg64() in SMP configurations.
+
+So, for 32-bit SMP configurations:
+
+- Don't define cmpxchg64()
+- Don't enable HAVE_VIRT_CPU_ACCOUNTING_GEN, which requires it
+
+Fixes: e2093c7b03c1 ("MIPS: Fall back to generic implementation of ...")
+Fixes: bb877e96bea1 ("MIPS: Add support for full dynticks CPU time accounting")
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: Deng-Cheng Zhu <dengcheng.zhu@mips.com>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/17413/
+Signed-off-by: James Hogan <jhogan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/Kconfig | 2 +-
+ arch/mips/include/asm/cmpxchg.h | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/Kconfig
++++ b/arch/mips/Kconfig
+@@ -65,7 +65,7 @@ config MIPS
+ select HAVE_PERF_EVENTS
+ select HAVE_REGS_AND_STACK_ACCESS_API
+ select HAVE_SYSCALL_TRACEPOINTS
+- select HAVE_VIRT_CPU_ACCOUNTING_GEN
++ select HAVE_VIRT_CPU_ACCOUNTING_GEN if 64BIT || !SMP
+ select IRQ_FORCED_THREADING
+ select MODULES_USE_ELF_RELA if MODULES && 64BIT
+ select MODULES_USE_ELF_REL if MODULES
+--- a/arch/mips/include/asm/cmpxchg.h
++++ b/arch/mips/include/asm/cmpxchg.h
+@@ -204,8 +204,10 @@ static inline unsigned long __cmpxchg(vo
+ #else
+ #include <asm-generic/cmpxchg-local.h>
+ #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n))
++#ifndef CONFIG_SMP
+ #define cmpxchg64(ptr, o, n) cmpxchg64_local((ptr), (o), (n))
+ #endif
++#endif
+
+ #undef __scbeqz
+
--- /dev/null
+From 8ef4b43cd3794d63052d85898e42424fd3b14d24 Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Thu, 11 May 2017 08:11:14 +0200
+Subject: MIPS: ralink: Fix MT7628 pinmux
+
+From: Mathias Kresin <dev@kresin.me>
+
+commit 8ef4b43cd3794d63052d85898e42424fd3b14d24 upstream.
+
+According to the datasheet the REFCLK pin is shared with GPIO#37 and
+the PERST pin is shared with GPIO#36.
+
+Fixes: 53263a1c6852 ("MIPS: ralink: add mt7628an support")
+Signed-off-by: Mathias Kresin <dev@kresin.me>
+Acked-by: John Crispin <john@phrozen.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/16046/
+Signed-off-by: James Hogan <jhogan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/ralink/mt7620.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/mips/ralink/mt7620.c
++++ b/arch/mips/ralink/mt7620.c
+@@ -145,8 +145,8 @@ static struct rt2880_pmx_func i2c_grp_mt
+ FUNC("i2c", 0, 4, 2),
+ };
+
+-static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("reclk", 0, 36, 1) };
+-static struct rt2880_pmx_func perst_grp_mt7628[] = { FUNC("perst", 0, 37, 1) };
++static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("reclk", 0, 37, 1) };
++static struct rt2880_pmx_func perst_grp_mt7628[] = { FUNC("perst", 0, 36, 1) };
+ static struct rt2880_pmx_func wdt_grp_mt7628[] = { FUNC("wdt", 0, 38, 1) };
+ static struct rt2880_pmx_func spi_grp_mt7628[] = { FUNC("spi", 0, 7, 4) };
+
--- /dev/null
+From 05a67cc258e75ac9758e6f13d26337b8be51162a Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Thu, 11 May 2017 08:11:15 +0200
+Subject: MIPS: ralink: Fix typo in mt7628 pinmux function
+
+From: Mathias Kresin <dev@kresin.me>
+
+commit 05a67cc258e75ac9758e6f13d26337b8be51162a upstream.
+
+There is a typo inside the pinmux setup code. The function is called
+refclk and not reclk.
+
+Fixes: 53263a1c6852 ("MIPS: ralink: add mt7628an support")
+Signed-off-by: Mathias Kresin <dev@kresin.me>
+Acked-by: John Crispin <john@phrozen.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/16047/
+Signed-off-by: James Hogan <jhogan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/ralink/mt7620.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/ralink/mt7620.c
++++ b/arch/mips/ralink/mt7620.c
+@@ -145,7 +145,7 @@ static struct rt2880_pmx_func i2c_grp_mt
+ FUNC("i2c", 0, 4, 2),
+ };
+
+-static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("reclk", 0, 37, 1) };
++static struct rt2880_pmx_func refclk_grp_mt7628[] = { FUNC("refclk", 0, 37, 1) };
+ static struct rt2880_pmx_func perst_grp_mt7628[] = { FUNC("perst", 0, 36, 1) };
+ static struct rt2880_pmx_func wdt_grp_mt7628[] = { FUNC("wdt", 0, 38, 1) };
+ static struct rt2880_pmx_func spi_grp_mt7628[] = { FUNC("spi", 0, 7, 4) };
--- /dev/null
+From 58ba4d5a25579e5c7e312bd359c95f3a9a0a242c Mon Sep 17 00:00:00 2001
+From: Andi Kleen <ak@linux.intel.com>
+Date: Wed, 8 Nov 2017 16:07:18 -0800
+Subject: perf/x86/intel: Hide TSX events when RTM is not supported
+
+From: Andi Kleen <ak@linux.intel.com>
+
+commit 58ba4d5a25579e5c7e312bd359c95f3a9a0a242c upstream.
+
+0day testing reported a perf test regression on Haswell systems without
+RTM. Commit a5df70c35 hides the in_tx/in_tx_cp attributes when RTM is not
+available, but the TSX events are still available in sysfs. Due to the
+missing attributes the event parser fails on those files.
+
+Don't show the TSX events in sysfs when RTM is not available on
+Haswell/Broadwell/Skylake.
+
+Fixes: a5df70c354c2 (perf/x86: Only show format attributes when supported)
+Reported-by: kernel test robot <xiaolong.ye@intel.com>
+Tested-by: Jin Yao <yao.jin@linux.intel.com>
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/20171109000718.14137-1-andi@firstfloor.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/events/intel/core.c | 35 +++++++++++++++++++++++------------
+ 1 file changed, 23 insertions(+), 12 deletions(-)
+
+--- a/arch/x86/events/intel/core.c
++++ b/arch/x86/events/intel/core.c
+@@ -3730,6 +3730,19 @@ EVENT_ATTR_STR(cycles-t, cycles_t, "even
+ EVENT_ATTR_STR(cycles-ct, cycles_ct, "event=0x3c,in_tx=1,in_tx_cp=1");
+
+ static struct attribute *hsw_events_attrs[] = {
++ EVENT_PTR(mem_ld_hsw),
++ EVENT_PTR(mem_st_hsw),
++ EVENT_PTR(td_slots_issued),
++ EVENT_PTR(td_slots_retired),
++ EVENT_PTR(td_fetch_bubbles),
++ EVENT_PTR(td_total_slots),
++ EVENT_PTR(td_total_slots_scale),
++ EVENT_PTR(td_recovery_bubbles),
++ EVENT_PTR(td_recovery_bubbles_scale),
++ NULL
++};
++
++static struct attribute *hsw_tsx_events_attrs[] = {
+ EVENT_PTR(tx_start),
+ EVENT_PTR(tx_commit),
+ EVENT_PTR(tx_abort),
+@@ -3742,18 +3755,16 @@ static struct attribute *hsw_events_attr
+ EVENT_PTR(el_conflict),
+ EVENT_PTR(cycles_t),
+ EVENT_PTR(cycles_ct),
+- EVENT_PTR(mem_ld_hsw),
+- EVENT_PTR(mem_st_hsw),
+- EVENT_PTR(td_slots_issued),
+- EVENT_PTR(td_slots_retired),
+- EVENT_PTR(td_fetch_bubbles),
+- EVENT_PTR(td_total_slots),
+- EVENT_PTR(td_total_slots_scale),
+- EVENT_PTR(td_recovery_bubbles),
+- EVENT_PTR(td_recovery_bubbles_scale),
+ NULL
+ };
+
++static __init struct attribute **get_hsw_events_attrs(void)
++{
++ return boot_cpu_has(X86_FEATURE_RTM) ?
++ merge_attr(hsw_events_attrs, hsw_tsx_events_attrs) :
++ hsw_events_attrs;
++}
++
+ static ssize_t freeze_on_smi_show(struct device *cdev,
+ struct device_attribute *attr,
+ char *buf)
+@@ -4182,7 +4193,7 @@ __init int intel_pmu_init(void)
+
+ x86_pmu.hw_config = hsw_hw_config;
+ x86_pmu.get_event_constraints = hsw_get_event_constraints;
+- x86_pmu.cpu_events = hsw_events_attrs;
++ x86_pmu.cpu_events = get_hsw_events_attrs();
+ x86_pmu.lbr_double_abort = true;
+ extra_attr = boot_cpu_has(X86_FEATURE_RTM) ?
+ hsw_format_attr : nhm_format_attr;
+@@ -4221,7 +4232,7 @@ __init int intel_pmu_init(void)
+
+ x86_pmu.hw_config = hsw_hw_config;
+ x86_pmu.get_event_constraints = hsw_get_event_constraints;
+- x86_pmu.cpu_events = hsw_events_attrs;
++ x86_pmu.cpu_events = get_hsw_events_attrs();
+ x86_pmu.limit_period = bdw_limit_period;
+ extra_attr = boot_cpu_has(X86_FEATURE_RTM) ?
+ hsw_format_attr : nhm_format_attr;
+@@ -4279,7 +4290,7 @@ __init int intel_pmu_init(void)
+ extra_attr = boot_cpu_has(X86_FEATURE_RTM) ?
+ hsw_format_attr : nhm_format_attr;
+ extra_attr = merge_attr(extra_attr, skl_format_attr);
+- x86_pmu.cpu_events = hsw_events_attrs;
++ x86_pmu.cpu_events = get_hsw_events_attrs();
+ intel_pmu_pebs_data_source_skl(
+ boot_cpu_data.x86_model == INTEL_FAM6_SKYLAKE_X);
+ pr_cont("Skylake events, ");
serdev-fix-registration-of-second-slave.patch
sched-make-resched_cpu-unconditional.patch
lib-mpi-call-cond_resched-from-mpi_powm-loop.patch
+x86-boot-fix-boot-failure-when-smp-mp-table-is-based-at-0.patch
+x86-decoder-add-new-test-instruction-pattern.patch
+x86-entry-64-fix-entry_syscall_64_after_hwframe-irq-tracing.patch
+x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch
+perf-x86-intel-hide-tsx-events-when-rtm-is-not-supported.patch
+arm64-implement-arch-specific-pte_access_permitted.patch
+arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch
+arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch
+uapi-fix-linux-tls.h-userspace-compilation-error.patch
+uapi-fix-linux-rxrpc.h-userspace-compilation-errors.patch
+mips-cmpxchg64-and-have_virt_cpu_accounting_gen-don-t-work-for-32-bit-smp.patch
+mips-ralink-fix-mt7628-pinmux.patch
+mips-ralink-fix-typo-in-mt7628-pinmux-function.patch
--- /dev/null
+From 0eef304bc9f7d079a1165e8cd2f24b078e9e1f2a Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Mon, 13 Nov 2017 03:37:06 +0300
+Subject: uapi: fix linux/rxrpc.h userspace compilation errors
+
+From: Dmitry V. Levin <ldv@altlinux.org>
+
+commit 0eef304bc9f7d079a1165e8cd2f24b078e9e1f2a upstream.
+
+Consistently use types provided by <linux/types.h> to fix the following
+linux/rxrpc.h userspace compilation errors:
+
+/usr/include/linux/rxrpc.h:24:2: error: unknown type name 'u16'
+ u16 srx_service; /* service desired */
+/usr/include/linux/rxrpc.h:25:2: error: unknown type name 'u16'
+ u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
+/usr/include/linux/rxrpc.h:26:2: error: unknown type name 'u16'
+ u16 transport_len; /* length of transport address */
+
+Use __kernel_sa_family_t instead of sa_family_t the same way
+as uapi/linux/in.h does, to fix the following
+linux/rxrpc.h userspace compilation errors:
+
+/usr/include/linux/rxrpc.h:23:2: error: unknown type name 'sa_family_t'
+ sa_family_t srx_family; /* address family */
+/usr/include/linux/rxrpc.h:28:3: error: unknown type name 'sa_family_t'
+ sa_family_t family; /* transport address family */
+
+Fixes: 727f8914477e ("rxrpc: Expose UAPI definitions to userspace")
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/uapi/linux/rxrpc.h | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/include/uapi/linux/rxrpc.h
++++ b/include/uapi/linux/rxrpc.h
+@@ -20,12 +20,12 @@
+ * RxRPC socket address
+ */
+ struct sockaddr_rxrpc {
+- sa_family_t srx_family; /* address family */
+- u16 srx_service; /* service desired */
+- u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
+- u16 transport_len; /* length of transport address */
++ __kernel_sa_family_t srx_family; /* address family */
++ __u16 srx_service; /* service desired */
++ __u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
++ __u16 transport_len; /* length of transport address */
+ union {
+- sa_family_t family; /* transport address family */
++ __kernel_sa_family_t family; /* transport address family */
+ struct sockaddr_in sin; /* IPv4 transport address */
+ struct sockaddr_in6 sin6; /* IPv6 transport address */
+ } transport;
--- /dev/null
+From b9f3eb499d84f8d4adcb2f9212ec655700b28228 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Tue, 14 Nov 2017 06:30:11 +0300
+Subject: uapi: fix linux/tls.h userspace compilation error
+
+From: Dmitry V. Levin <ldv@altlinux.org>
+
+commit b9f3eb499d84f8d4adcb2f9212ec655700b28228 upstream.
+
+Move inclusion of a private kernel header <net/tcp.h>
+from uapi/linux/tls.h to its only user - net/tls.h,
+to fix the following linux/tls.h userspace compilation error:
+
+/usr/include/linux/tls.h:41:21: fatal error: net/tcp.h: No such file or directory
+
+As to this point uapi/linux/tls.h was totaly unusuable for userspace,
+cleanup this header file further by moving other redundant includes
+to net/tls.h.
+
+Fixes: 3c4d7559159b ("tls: kernel TLS support")
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/tls.h | 4 ++++
+ include/uapi/linux/tls.h | 4 ----
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/include/net/tls.h
++++ b/include/net/tls.h
+@@ -35,6 +35,10 @@
+ #define _TLS_OFFLOAD_H
+
+ #include <linux/types.h>
++#include <asm/byteorder.h>
++#include <linux/socket.h>
++#include <linux/tcp.h>
++#include <net/tcp.h>
+
+ #include <uapi/linux/tls.h>
+
+--- a/include/uapi/linux/tls.h
++++ b/include/uapi/linux/tls.h
+@@ -35,10 +35,6 @@
+ #define _UAPI_LINUX_TLS_H
+
+ #include <linux/types.h>
+-#include <asm/byteorder.h>
+-#include <linux/socket.h>
+-#include <linux/tcp.h>
+-#include <net/tcp.h>
+
+ /* TLS socket options */
+ #define TLS_TX 1 /* Set transmit parameters */
--- /dev/null
+From ac5292e9a294618cecb31109d1ba265e3d027ba2 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Mon, 6 Nov 2017 14:17:53 -0600
+Subject: x86/boot: Fix boot failure when SMP MP-table is based at 0
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit ac5292e9a294618cecb31109d1ba265e3d027ba2 upstream.
+
+When crosvm is used to boot a kernel as a VM, the SMP MP-table is found
+at physical address 0x0. This causes mpf_base to be set to 0 and a
+subsequent "if (!mpf_base)" check in default_get_smp_config() results in
+the MP-table not being parsed. Further into the boot this results in an
+oops when attempting a read_apic_id().
+
+Add a boolean variable that is set to true when the MP-table is found.
+Use this variable for testing if the MP-table was found so that even a
+value of 0 for mpf_base will result in continued parsing of the MP-table.
+
+Fixes: 5997efb96756 ("x86/boot: Use memremap() to map the MPF and MPC data")
+Reported-by: Tomeu Vizoso <tomeu@tomeuvizoso.net>
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: regression@leemhuis.info
+Link: https://lkml.kernel.org/r/20171106201753.23059.86674.stgit@tlendack-t1.amdoffice.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/mpparse.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/mpparse.c
++++ b/arch/x86/kernel/mpparse.c
+@@ -431,6 +431,7 @@ static inline void __init construct_defa
+ }
+
+ static unsigned long mpf_base;
++static bool mpf_found;
+
+ static unsigned long __init get_mpc_size(unsigned long physptr)
+ {
+@@ -504,7 +505,7 @@ void __init default_get_smp_config(unsig
+ if (!smp_found_config)
+ return;
+
+- if (!mpf_base)
++ if (!mpf_found)
+ return;
+
+ if (acpi_lapic && early)
+@@ -593,6 +594,7 @@ static int __init smp_scan_config(unsign
+ smp_found_config = 1;
+ #endif
+ mpf_base = base;
++ mpf_found = true;
+
+ pr_info("found SMP MP-table at [mem %#010lx-%#010lx] mapped at [%p]\n",
+ base, base + sizeof(*mpf) - 1, mpf);
+@@ -858,7 +860,7 @@ static int __init update_mp_table(void)
+ if (!enable_update_mptable)
+ return 0;
+
+- if (!mpf_base)
++ if (!mpf_found)
+ return 0;
+
+ mpf = early_memremap(mpf_base, sizeof(*mpf));
--- /dev/null
+From 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Fri, 24 Nov 2017 13:56:30 +0900
+Subject: x86/decoder: Add new TEST instruction pattern
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+commit 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df upstream.
+
+The kbuild test robot reported this build warning:
+
+ Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c
+
+ Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx)
+ Warning: objdump says 3 bytes, but insn_get_length() says 2
+ Warning: decoded and checked 1569014 instructions with 1 warnings
+
+This sequence seems to be a new instruction not in the opcode map in the Intel SDM.
+
+The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8.
+Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of
+the ModR/M Byte (bits 2,1,0 in parenthesis)"
+
+In that table, opcodes listed by the index REG bits as:
+
+ 000 001 010 011 100 101 110 111
+ TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX
+
+So, it seems TEST Ib is assigned to 001.
+
+Add the new pattern.
+
+Reported-by: kbuild test robot <fengguang.wu@intel.com>
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/lib/x86-opcode-map.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/lib/x86-opcode-map.txt
++++ b/arch/x86/lib/x86-opcode-map.txt
+@@ -896,7 +896,7 @@ EndTable
+
+ GrpTable: Grp3_1
+ 0: TEST Eb,Ib
+-1:
++1: TEST Eb,Ib
+ 2: NOT Eb
+ 3: NEG Eb
+ 4: MUL AL,Eb
--- /dev/null
+From ca37e57bbe0cf1455ea3e84eb89ed04a132d59e1 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Wed, 22 Nov 2017 20:39:16 -0800
+Subject: x86/entry/64: Add missing irqflags tracing to native_load_gs_index()
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit ca37e57bbe0cf1455ea3e84eb89ed04a132d59e1 upstream.
+
+Running this code with IRQs enabled (where dummy_lock is a spinlock):
+
+static void check_load_gs_index(void)
+{
+ /* This will fail. */
+ load_gs_index(0xffff);
+
+ spin_lock(&dummy_lock);
+ spin_unlock(&dummy_lock);
+}
+
+Will generate a lockdep warning. The issue is that the actual write
+to %gs would cause an exception with IRQs disabled, and the exception
+handler would, as an inadvertent side effect, update irqflag tracing
+to reflect the IRQs-off status. native_load_gs_index() would then
+turn IRQs back on and return with irqflag tracing still thinking that
+IRQs were off. The dummy lock-and-unlock causes lockdep to notice the
+error and warn.
+
+Fix it by adding the missing tracing.
+
+Apparently nothing did this in a context where it mattered. I haven't
+tried to find a code path that would actually exhibit the warning if
+appropriately nasty user code were running.
+
+I suspect that the security impact of this bug is very, very low --
+production systems don't run with lockdep enabled, and the warning is
+mostly harmless anyway.
+
+Found during a quick audit of the entry code to try to track down an
+unrelated bug that Ingo found in some still-in-development code.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bpetkov@suse.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/e1aeb0e6ba8dd430ec36c8a35e63b429698b4132.1511411918.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/entry_64.S | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -51,15 +51,19 @@ ENTRY(native_usergs_sysret64)
+ END(native_usergs_sysret64)
+ #endif /* CONFIG_PARAVIRT */
+
+-.macro TRACE_IRQS_IRETQ
++.macro TRACE_IRQS_FLAGS flags:req
+ #ifdef CONFIG_TRACE_IRQFLAGS
+- bt $9, EFLAGS(%rsp) /* interrupts off? */
++ bt $9, \flags /* interrupts off? */
+ jnc 1f
+ TRACE_IRQS_ON
+ 1:
+ #endif
+ .endm
+
++.macro TRACE_IRQS_IRETQ
++ TRACE_IRQS_FLAGS EFLAGS(%rsp)
++.endm
++
+ /*
+ * When dynamic function tracer is enabled it will add a breakpoint
+ * to all locations that it is about to modify, sync CPUs, update
+@@ -923,11 +927,13 @@ ENTRY(native_load_gs_index)
+ FRAME_BEGIN
+ pushfq
+ DISABLE_INTERRUPTS(CLBR_ANY & ~CLBR_RDI)
++ TRACE_IRQS_OFF
+ SWAPGS
+ .Lgs_change:
+ movl %edi, %gs
+ 2: ALTERNATIVE "", "mfence", X86_BUG_SWAPGS_FENCE
+ SWAPGS
++ TRACE_IRQS_FLAGS (%rsp)
+ popfq
+ FRAME_END
+ ret
--- /dev/null
+From 548c3050ea8d16997ae27f9e080a8338a606fc93 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Tue, 21 Nov 2017 20:43:56 -0800
+Subject: x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 548c3050ea8d16997ae27f9e080a8338a606fc93 upstream.
+
+When I added entry_SYSCALL_64_after_hwframe(), I left TRACE_IRQS_OFF
+before it. This means that users of entry_SYSCALL_64_after_hwframe()
+were responsible for invoking TRACE_IRQS_OFF, and the one and only
+user (Xen, added in the same commit) got it wrong.
+
+I think this would manifest as a warning if a Xen PV guest with
+CONFIG_DEBUG_LOCKDEP=y were used with context tracking. (The
+context tracking bit is to cause lockdep to get invoked before we
+turn IRQs back on.) I haven't tested that for real yet because I
+can't get a kernel configured like that to boot at all on Xen PV.
+
+Move TRACE_IRQS_OFF below the label.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Cc: Borislav Petkov <bpetkov@suse.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Juergen Gross <jgross@suse.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: 8a9949bc71a7 ("x86/xen/64: Rearrange the SYSCALL entries")
+Link: http://lkml.kernel.org/r/9150aac013b7b95d62c2336751d5b6e91d2722aa.1511325444.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/entry_64.S | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -148,8 +148,6 @@ ENTRY(entry_SYSCALL_64)
+ movq %rsp, PER_CPU_VAR(rsp_scratch)
+ movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
+
+- TRACE_IRQS_OFF
+-
+ /* Construct struct pt_regs on stack */
+ pushq $__USER_DS /* pt_regs->ss */
+ pushq PER_CPU_VAR(rsp_scratch) /* pt_regs->sp */
+@@ -170,6 +168,8 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
+ sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not saved */
+ UNWIND_HINT_REGS extra=0
+
++ TRACE_IRQS_OFF
++
+ /*
+ * If we need to do entry work or if we guess we'll need to do
+ * exit work, go straight to the slow path.
projects / thirdparty / kernel / stable-queue.git / commitdiff
