--- /dev/null
+From 8fa80c503b484ddc1abbd10c7cb2ab81f3824a50 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Mon, 5 Feb 2018 14:16:06 +0000
+Subject: nospec: Move array_index_nospec() parameter checking into separate macro
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit 8fa80c503b484ddc1abbd10c7cb2ab81f3824a50 upstream.
+
+For architectures providing their own implementation of
+array_index_mask_nospec() in asm/barrier.h, attempting to use WARN_ONCE() to
+complain about out-of-range parameters using WARN_ON() results in a mess
+of mutually-dependent include files.
+
+Rather than unpick the dependencies, simply have the core code in nospec.h
+perform the checking for us.
+
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Dan Williams <dan.j.williams@intel.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lkml.kernel.org/r/1517840166-15399-1-git-send-email-will.deacon@arm.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/nospec.h | 36 +++++++++++++++++++++---------------
+ 1 file changed, 21 insertions(+), 15 deletions(-)
+
+--- a/include/linux/nospec.h
++++ b/include/linux/nospec.h
+@@ -20,20 +20,6 @@ static inline unsigned long array_index_
+ unsigned long size)
+ {
+ /*
+- * Warn developers about inappropriate array_index_nospec() usage.
+- *
+- * Even if the CPU speculates past the WARN_ONCE branch, the
+- * sign bit of @index is taken into account when generating the
+- * mask.
+- *
+- * This warning is compiled out when the compiler can infer that
+- * @index and @size are less than LONG_MAX.
+- */
+- if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX,
+- "array_index_nospec() limited to range of [0, LONG_MAX]\n"))
+- return 0;
+-
+- /*
+ * Always calculate and emit the mask even if the compiler
+ * thinks the mask is not needed. The compiler does not take
+ * into account the value of @index under speculation.
+@@ -44,6 +30,26 @@ static inline unsigned long array_index_
+ #endif
+
+ /*
++ * Warn developers about inappropriate array_index_nospec() usage.
++ *
++ * Even if the CPU speculates past the WARN_ONCE branch, the
++ * sign bit of @index is taken into account when generating the
++ * mask.
++ *
++ * This warning is compiled out when the compiler can infer that
++ * @index and @size are less than LONG_MAX.
++ */
++#define array_index_mask_nospec_check(index, size) \
++({ \
++ if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, \
++ "array_index_nospec() limited to range of [0, LONG_MAX]\n")) \
++ _mask = 0; \
++ else \
++ _mask = array_index_mask_nospec(index, size); \
++ _mask; \
++})
++
++/*
+ * array_index_nospec - sanitize an array index after a bounds check
+ *
+ * For a code sequence like:
+@@ -61,7 +67,7 @@ static inline unsigned long array_index_
+ ({ \
+ typeof(index) _i = (index); \
+ typeof(size) _s = (size); \
+- unsigned long _mask = array_index_mask_nospec(_i, _s); \
++ unsigned long _mask = array_index_mask_nospec_check(_i, _s); \
+ \
+ BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \
+ BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \
--- /dev/null
+From fe24e27128252c230a34a6c628da2bf1676781ea Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Thu, 8 Feb 2018 17:09:25 -0600
+Subject: objtool: Fix segfault in ignore_unreachable_insn()
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+commit fe24e27128252c230a34a6c628da2bf1676781ea upstream.
+
+Peter Zijlstra's patch for converting WARN() to use UD2 triggered a
+bunch of false "unreachable instruction" warnings, which then triggered
+a seg fault in ignore_unreachable_insn().
+
+The seg fault happened when it tried to dereference a NULL 'insn->func'
+pointer. Thanks to static_cpu_has(), some functions can jump to a
+non-function area in the .altinstr_aux section. That breaks
+ignore_unreachable_insn()'s assumption that it's always inside the
+original function.
+
+Make sure ignore_unreachable_insn() only follows jumps within the
+current function.
+
+Reported-by: Borislav Petkov <bp@alien8.de>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: kbuild test robot <fengguang.wu@intel.com>
+Link: http://lkml.kernel.org/r/bace77a60d5af9b45eddb8f8fb9c776c8de657ef.1518130694.git.jpoimboe@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/objtool/check.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/tools/objtool/check.c
++++ b/tools/objtool/check.c
+@@ -1935,13 +1935,19 @@ static bool ignore_unreachable_insn(stru
+ if (is_kasan_insn(insn) || is_ubsan_insn(insn))
+ return true;
+
+- if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest) {
+- insn = insn->jump_dest;
+- continue;
++ if (insn->type == INSN_JUMP_UNCONDITIONAL) {
++ if (insn->jump_dest &&
++ insn->jump_dest->func == insn->func) {
++ insn = insn->jump_dest;
++ continue;
++ }
++
++ break;
+ }
+
+ if (insn->offset + insn->len >= insn->func->offset + insn->func->len)
+ break;
++
+ insn = list_next_entry(insn, list);
+ }
+
--- /dev/null
+From d8e92de8ef952bed88c56c7a44c02d8dcae0984e Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 21:59:24 +0100
+Subject: selftests/x86: Clean up and document sscanf() usage
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit d8e92de8ef952bed88c56c7a44c02d8dcae0984e upstream.
+
+Replace a couple of magically connected buffer length literal constants with
+a common definition that makes their relationship obvious. Also document
+why our sscanf() usage is safe.
+
+No intended functional changes.
+
+Suggested-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andrew Lutomirski <luto@kernel.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kselftest@vger.kernel.org
+Cc: shuah@kernel.org
+Link: http://lkml.kernel.org/r/20180211205924.GA23210@light.dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/test_vdso.c | 11 ++++++++---
+ tools/testing/selftests/x86/test_vsyscall.c | 11 ++++++++---
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+--- a/tools/testing/selftests/x86/test_vdso.c
++++ b/tools/testing/selftests/x86/test_vdso.c
+@@ -26,6 +26,9 @@
+ # endif
+ #endif
+
++/* max length of lines in /proc/self/maps - anything longer is skipped here */
++#define MAPS_LINE_LEN 128
++
+ int nerrs = 0;
+
+ typedef long (*getcpu_t)(unsigned *, unsigned *, void *);
+@@ -37,17 +40,19 @@ static void *vsyscall_getcpu(void)
+ {
+ #ifdef __x86_64__
+ FILE *maps;
+- char line[128];
++ char line[MAPS_LINE_LEN];
+ bool found = false;
+
+ maps = fopen("/proc/self/maps", "r");
+ if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */
+ return NULL;
+
+- while (fgets(line, sizeof(line), maps)) {
++ while (fgets(line, MAPS_LINE_LEN, maps)) {
+ char r, x;
+ void *start, *end;
+- char name[128];
++ char name[MAPS_LINE_LEN];
++
++ /* sscanf() is safe here as strlen(name) >= strlen(line) */
+ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
+ &start, &end, &r, &x, name) != 5)
+ continue;
+--- a/tools/testing/selftests/x86/test_vsyscall.c
++++ b/tools/testing/selftests/x86/test_vsyscall.c
+@@ -33,6 +33,9 @@
+ # endif
+ #endif
+
++/* max length of lines in /proc/self/maps - anything longer is skipped here */
++#define MAPS_LINE_LEN 128
++
+ static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
+ int flags)
+ {
+@@ -98,7 +101,7 @@ static int init_vsys(void)
+ #ifdef __x86_64__
+ int nerrs = 0;
+ FILE *maps;
+- char line[128];
++ char line[MAPS_LINE_LEN];
+ bool found = false;
+
+ maps = fopen("/proc/self/maps", "r");
+@@ -108,10 +111,12 @@ static int init_vsys(void)
+ return 0;
+ }
+
+- while (fgets(line, sizeof(line), maps)) {
++ while (fgets(line, MAPS_LINE_LEN, maps)) {
+ char r, x;
+ void *start, *end;
+- char name[128];
++ char name[MAPS_LINE_LEN];
++
++ /* sscanf() is safe here as strlen(name) >= strlen(line) */
+ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
+ &start, &end, &r, &x, name) != 5)
+ continue;
--- /dev/null
+From 9279ddf23ce78ff2676e8e8e19fec0f022c26d04 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Tue, 13 Feb 2018 09:15:19 +0100
+Subject: selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 9279ddf23ce78ff2676e8e8e19fec0f022c26d04 upstream.
+
+The ldt_gdt and ptrace_syscall selftests, even in their 64-bit variant, use
+hard-coded 32-bit syscall numbers and call "int $0x80".
+
+This will fail on 64-bit systems with CONFIG_IA32_EMULATION=y disabled.
+
+Therefore, do not build these tests if we cannot build 32-bit binaries
+(which should be a good approximation for CONFIG_IA32_EMULATION=y being enabled).
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Dmitry Safonov <dsafonov@virtuozzo.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kselftest@vger.kernel.org
+Cc: shuah@kernel.org
+Link: http://lkml.kernel.org/r/20180211111013.16888-6-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/Makefile | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+--- a/tools/testing/selftests/x86/Makefile
++++ b/tools/testing/selftests/x86/Makefile
+@@ -5,16 +5,26 @@ include ../lib.mk
+
+ .PHONY: all all_32 all_64 warn_32bit_failure clean
+
+-TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt ptrace_syscall test_mremap_vdso \
+- check_initial_reg_state sigreturn ldt_gdt iopl mpx-mini-test ioperm \
++UNAME_M := $(shell uname -m)
++CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32)
++CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c)
++
++TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \
++ check_initial_reg_state sigreturn iopl mpx-mini-test ioperm \
+ protection_keys test_vdso test_vsyscall
+ TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault test_syscall_vdso unwind_vdso \
+ test_FCMOV test_FCOMI test_FISTTP \
+ vdso_restorer
+ TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip
++# Some selftests require 32bit support enabled also on 64bit systems
++TARGETS_C_32BIT_NEEDED := ldt_gdt ptrace_syscall
+
+-TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY)
++TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY) $(TARGETS_C_32BIT_NEEDED)
+ TARGETS_C_64BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_64BIT_ONLY)
++ifeq ($(CAN_BUILD_I386)$(CAN_BUILD_X86_64),11)
++TARGETS_C_64BIT_ALL += $(TARGETS_C_32BIT_NEEDED)
++endif
++
+ BINARIES_32 := $(TARGETS_C_32BIT_ALL:%=%_32)
+ BINARIES_64 := $(TARGETS_C_64BIT_ALL:%=%_64)
+
+@@ -23,10 +33,6 @@ BINARIES_64 := $(patsubst %,$(OUTPUT)/%,
+
+ CFLAGS := -O2 -g -std=gnu99 -pthread -Wall -no-pie
+
+-UNAME_M := $(shell uname -m)
+-CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32)
+-CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c)
+-
+ ifeq ($(CAN_BUILD_I386),1)
+ all: all_32
+ TEST_PROGS += $(BINARIES_32)
--- /dev/null
+From 4105c69703cdeba76f384b901712c9397b04e9c2 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Tue, 13 Feb 2018 09:13:21 +0100
+Subject: selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 4105c69703cdeba76f384b901712c9397b04e9c2 upstream.
+
+On 64-bit builds, we should not rely on "int $0x80" working (it only does if
+CONFIG_IA32_EMULATION=y is enabled). To keep the "Set TF and check int80"
+test running on 64-bit installs with CONFIG_IA32_EMULATION=y enabled, build
+this test only if we can also build 32-bit binaries (which should be a
+good approximation for that).
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Dmitry Safonov <dsafonov@virtuozzo.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kselftest@vger.kernel.org
+Cc: shuah@kernel.org
+Link: http://lkml.kernel.org/r/20180211111013.16888-5-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/Makefile | 2 ++
+ tools/testing/selftests/x86/single_step_syscall.c | 5 ++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+--- a/tools/testing/selftests/x86/Makefile
++++ b/tools/testing/selftests/x86/Makefile
+@@ -30,11 +30,13 @@ CAN_BUILD_X86_64 := $(shell ./check_cc.s
+ ifeq ($(CAN_BUILD_I386),1)
+ all: all_32
+ TEST_PROGS += $(BINARIES_32)
++EXTRA_CFLAGS += -DCAN_BUILD_32
+ endif
+
+ ifeq ($(CAN_BUILD_X86_64),1)
+ all: all_64
+ TEST_PROGS += $(BINARIES_64)
++EXTRA_CFLAGS += -DCAN_BUILD_64
+ endif
+
+ all_32: $(BINARIES_32)
+--- a/tools/testing/selftests/x86/single_step_syscall.c
++++ b/tools/testing/selftests/x86/single_step_syscall.c
+@@ -119,7 +119,9 @@ static void check_result(void)
+
+ int main()
+ {
++#ifdef CAN_BUILD_32
+ int tmp;
++#endif
+
+ sethandler(SIGTRAP, sigtrap, 0);
+
+@@ -139,12 +141,13 @@ int main()
+ : : "c" (post_nop) : "r11");
+ check_result();
+ #endif
+-
++#ifdef CAN_BUILD_32
+ printf("[RUN]\tSet TF and check int80\n");
+ set_eflags(get_eflags() | X86_EFLAGS_TF);
+ asm volatile ("int $0x80" : "=a" (tmp) : "a" (SYS_getpid)
+ : INT80_CLOBBERS);
+ check_result();
++#endif
+
+ /*
+ * This test is particularly interesting if fast syscalls use
--- /dev/null
+From 2cbc0d66de0480449c75636f55697c7ff3af61fc Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 12:10:11 +0100
+Subject: selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 2cbc0d66de0480449c75636f55697c7ff3af61fc upstream.
+
+On 64-bit builds, we should not rely on "int $0x80" working (it only does if
+CONFIG_IA32_EMULATION=y is enabled).
+
+Without this patch, the move test may succeed, but the "int $0x80" causes
+a segfault, resulting in a false negative output of this self-test.
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Dmitry Safonov <dsafonov@virtuozzo.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kselftest@vger.kernel.org
+Cc: shuah@kernel.org
+Link: http://lkml.kernel.org/r/20180211111013.16888-4-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/test_mremap_vdso.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/tools/testing/selftests/x86/test_mremap_vdso.c
++++ b/tools/testing/selftests/x86/test_mremap_vdso.c
+@@ -90,8 +90,12 @@ int main(int argc, char **argv, char **e
+ vdso_size += PAGE_SIZE;
+ }
+
++#ifdef __i386__
+ /* Glibc is likely to explode now - exit with raw syscall */
+ asm volatile ("int $0x80" : : "a" (__NR_exit), "b" (!!ret));
++#else /* __x86_64__ */
++ syscall(SYS_exit, ret);
++#endif
+ } else {
+ int status;
+
--- /dev/null
+From 198ee8e17502da2634f7366395db1d77630e0219 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 12:10:10 +0100
+Subject: selftests/x86: Fix vDSO selftest segfault for vsyscall=none
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 198ee8e17502da2634f7366395db1d77630e0219 upstream.
+
+The vDSO selftest tries to execute a vsyscall unconditionally, even if it
+is not present on the test system (e.g. if booted with vsyscall=none or
+with CONFIG_LEGACY_VSYSCALL_NONE=y set. Fix this by copying (and tweaking)
+the vsyscall check from test_vsyscall.c
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andrew Lutomirski <luto@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kselftest@vger.kernel.org
+Cc: shuah@kernel.org
+Link: http://lkml.kernel.org/r/20180211111013.16888-3-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/test_vdso.c | 50 +++++++++++++++++++++++++++-----
+ 1 file changed, 43 insertions(+), 7 deletions(-)
+
+--- a/tools/testing/selftests/x86/test_vdso.c
++++ b/tools/testing/selftests/x86/test_vdso.c
+@@ -28,18 +28,52 @@
+
+ int nerrs = 0;
+
++typedef long (*getcpu_t)(unsigned *, unsigned *, void *);
++
++getcpu_t vgetcpu;
++getcpu_t vdso_getcpu;
++
++static void *vsyscall_getcpu(void)
++{
+ #ifdef __x86_64__
+-# define VSYS(x) (x)
++ FILE *maps;
++ char line[128];
++ bool found = false;
++
++ maps = fopen("/proc/self/maps", "r");
++ if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */
++ return NULL;
++
++ while (fgets(line, sizeof(line), maps)) {
++ char r, x;
++ void *start, *end;
++ char name[128];
++ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
++ &start, &end, &r, &x, name) != 5)
++ continue;
++
++ if (strcmp(name, "[vsyscall]"))
++ continue;
++
++ /* assume entries are OK, as we test vDSO here not vsyscall */
++ found = true;
++ break;
++ }
++
++ fclose(maps);
++
++ if (!found) {
++ printf("Warning: failed to find vsyscall getcpu\n");
++ return NULL;
++ }
++ return (void *) (0xffffffffff600800);
+ #else
+-# define VSYS(x) 0
++ return NULL;
+ #endif
++}
+
+-typedef long (*getcpu_t)(unsigned *, unsigned *, void *);
+-
+-const getcpu_t vgetcpu = (getcpu_t)VSYS(0xffffffffff600800);
+-getcpu_t vdso_getcpu;
+
+-void fill_function_pointers()
++static void fill_function_pointers()
+ {
+ void *vdso = dlopen("linux-vdso.so.1",
+ RTLD_LAZY | RTLD_LOCAL | RTLD_NOLOAD);
+@@ -54,6 +88,8 @@ void fill_function_pointers()
+ vdso_getcpu = (getcpu_t)dlsym(vdso, "__vdso_getcpu");
+ if (!vdso_getcpu)
+ printf("Warning: failed to find getcpu in vDSO\n");
++
++ vgetcpu = (getcpu_t) vsyscall_getcpu();
+ }
+
+ static long sys_getcpu(unsigned * cpu, unsigned * node,
--- /dev/null
+From 961888b1d76d84efc66a8f5604b06ac12ac2f978 Mon Sep 17 00:00:00 2001
+From: Rui Wang <rui.y.wang@intel.com>
+Date: Mon, 18 Dec 2017 16:34:10 +0800
+Subject: selftests/x86/mpx: Fix incorrect bounds with old _sigfault
+
+From: Rui Wang <rui.y.wang@intel.com>
+
+commit 961888b1d76d84efc66a8f5604b06ac12ac2f978 upstream.
+
+For distributions with old userspace header files, the _sigfault
+structure is different. mpx-mini-test fails with the following
+error:
+
+ [root@Purley]# mpx-mini-test_64 tabletest
+ XSAVE is supported by HW & OS
+ XSAVE processor supported state mask: 0x2ff
+ XSAVE OS supported state mask: 0x2ff
+ BNDREGS: size: 64 user: 1 supervisor: 0 aligned: 0
+ BNDCSR: size: 64 user: 1 supervisor: 0 aligned: 0
+ starting mpx bounds table test
+ ERROR: siginfo bounds do not match shadow bounds for register 0
+
+Fix it by using the correct offset of _lower/_upper in _sigfault.
+RHEL needs this patch to work.
+
+Signed-off-by: Rui Wang <rui.y.wang@intel.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dave.hansen@linux.intel.com
+Fixes: e754aedc26ef ("x86/mpx, selftests: Add MPX self test")
+Link: http://lkml.kernel.org/r/1513586050-1641-1-git-send-email-rui.y.wang@intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/mpx-mini-test.c | 32 ++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+--- a/tools/testing/selftests/x86/mpx-mini-test.c
++++ b/tools/testing/selftests/x86/mpx-mini-test.c
+@@ -315,11 +315,39 @@ static inline void *__si_bounds_upper(si
+ return si->si_upper;
+ }
+ #else
++
++/*
++ * This deals with old version of _sigfault in some distros:
++ *
++
++old _sigfault:
++ struct {
++ void *si_addr;
++ } _sigfault;
++
++new _sigfault:
++ struct {
++ void __user *_addr;
++ int _trapno;
++ short _addr_lsb;
++ union {
++ struct {
++ void __user *_lower;
++ void __user *_upper;
++ } _addr_bnd;
++ __u32 _pkey;
++ };
++ } _sigfault;
++ *
++ */
++
+ static inline void **__si_bounds_hack(siginfo_t *si)
+ {
+ void *sigfault = &si->_sifields._sigfault;
+ void *end_sigfault = sigfault + sizeof(si->_sifields._sigfault);
+- void **__si_lower = end_sigfault;
++ int *trapno = (int*)end_sigfault;
++ /* skip _trapno and _addr_lsb */
++ void **__si_lower = (void**)(trapno + 2);
+
+ return __si_lower;
+ }
+@@ -331,7 +359,7 @@ static inline void *__si_bounds_lower(si
+
+ static inline void *__si_bounds_upper(siginfo_t *si)
+ {
+- return (*__si_bounds_hack(si)) + sizeof(void *);
++ return *(__si_bounds_hack(si) + 1);
+ }
+ #endif
+
--- /dev/null
+From ce676638fe7b284132a7d7d5e7e7ad81bab9947e Mon Sep 17 00:00:00 2001
+From: Ingo Molnar <mingo@kernel.org>
+Date: Tue, 13 Feb 2018 08:26:17 +0100
+Subject: selftests/x86/pkeys: Remove unused functions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Ingo Molnar <mingo@kernel.org>
+
+commit ce676638fe7b284132a7d7d5e7e7ad81bab9947e upstream.
+
+This also gets rid of two build warnings:
+
+ protection_keys.c: In function ‘dumpit’:
+ protection_keys.c:419:3: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
+ write(1, buf, nr_read);
+ ^~~~~~~~~~~~~~~~~~~~~~
+
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Shuah Khan <shuahkh@osg.samsung.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/protection_keys.c | 28 --------------------------
+ 1 file changed, 28 deletions(-)
+
+--- a/tools/testing/selftests/x86/protection_keys.c
++++ b/tools/testing/selftests/x86/protection_keys.c
+@@ -393,34 +393,6 @@ pid_t fork_lazy_child(void)
+ return forkret;
+ }
+
+-void davecmp(void *_a, void *_b, int len)
+-{
+- int i;
+- unsigned long *a = _a;
+- unsigned long *b = _b;
+-
+- for (i = 0; i < len / sizeof(*a); i++) {
+- if (a[i] == b[i])
+- continue;
+-
+- dprintf3("[%3d]: a: %016lx b: %016lx\n", i, a[i], b[i]);
+- }
+-}
+-
+-void dumpit(char *f)
+-{
+- int fd = open(f, O_RDONLY);
+- char buf[100];
+- int nr_read;
+-
+- dprintf2("maps fd: %d\n", fd);
+- do {
+- nr_read = read(fd, &buf[0], sizeof(buf));
+- write(1, buf, nr_read);
+- } while (nr_read > 0);
+- close(fd);
+-}
+-
+ #define PKEY_DISABLE_ACCESS 0x1
+ #define PKEY_DISABLE_WRITE 0x2
+
x86-speculation-clean-up-various-spectre-related-details.patch
pm-runtime-update-links_count-also-if-config_srcu.patch
pm-cpuidle-fix-cpuidle_poll_state_init-prototype.patch
+x86-entry-64-clear-registers-for-exceptions-interrupts-to-reduce-speculation-attack-surface.patch
+x86-entry-64-merge-save_c_regs-and-save_extra_regs-remove-unused-extensions.patch
+x86-entry-64-merge-the-pop_c_regs-and-pop_extra_regs-macros-into-a-single-pop_regs-macro.patch
+x86-entry-64-interleave-xor-register-clearing-with-push-instructions.patch
+x86-entry-64-introduce-the-push_and_clean_regs-macro.patch
+x86-entry-64-use-push_and_clean_regs-in-more-cases.patch
+x86-entry-64-get-rid-of-the-alloc_pt_gpregs_on_stack-and-save_and_clear_regs-macros.patch
+x86-entry-64-indent-push_and_clear_regs-and-pop_regs-properly.patch
+x86-entry-64-fix-paranoid_entry-frame-pointer-warning.patch
+x86-entry-64-remove-the-unused-icebp-macro.patch
+selftests-x86-fix-vdso-selftest-segfault-for-vsyscall-none.patch
+selftests-x86-clean-up-and-document-sscanf-usage.patch
+selftests-x86-pkeys-remove-unused-functions.patch
+selftests-x86-do-not-rely-on-int-0x80-in-test_mremap_vdso.c.patch
+selftests-x86-do-not-rely-on-int-0x80-in-single_step_syscall.c.patch
+selftests-x86-disable-tests-requiring-32-bit-support-on-pure-64-bit-systems.patch
+objtool-fix-segfault-in-ignore_unreachable_insn.patch
+x86-debug-objtool-annotate-warn-related-ud2-as-reachable.patch
+x86-debug-use-ud2-for-warn.patch
+x86-speculation-fix-up-array_index_nospec_mask-asm-constraint.patch
+nospec-move-array_index_nospec-parameter-checking-into-separate-macro.patch
+x86-speculation-add-asm-msr-index.h-dependency.patch
+x86-mm-rename-flush_tlb_single-and-flush_tlb_one-to-__flush_tlb_one_.patch
+selftests-x86-mpx-fix-incorrect-bounds-with-old-_sigfault.patch
+x86-cpu-rename-cpu_data.x86_mask-to-cpu_data.x86_stepping.patch
+x86-spectre-fix-an-error-message.patch
+x86-cpu-change-type-of-x86_cache_size-variable-to-unsigned-int.patch
+x86-entry-64-fix-cr3-restore-in-paranoid_exit.patch
--- /dev/null
+From 24dbc6000f4b9b0ef5a9daecb161f1907733765a Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
+Date: Tue, 13 Feb 2018 13:22:08 -0600
+Subject: x86/cpu: Change type of x86_cache_size variable to unsigned int
+
+From: Gustavo A. R. Silva <garsilva@embeddedor.com>
+
+commit 24dbc6000f4b9b0ef5a9daecb161f1907733765a upstream.
+
+Currently, x86_cache_size is of type int, which makes no sense as we
+will never have a valid cache size equal or less than 0. So instead of
+initializing this variable to -1, it can perfectly be initialized to 0
+and use it as an unsigned variable instead.
+
+Suggested-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Addresses-Coverity-ID: 1464429
+Link: http://lkml.kernel.org/r/20180213192208.GA26414@embeddedor.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/processor.h | 2 +-
+ arch/x86/kernel/cpu/common.c | 2 +-
+ arch/x86/kernel/cpu/microcode/intel.c | 2 +-
+ arch/x86/kernel/cpu/proc.c | 4 ++--
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/include/asm/processor.h
++++ b/arch/x86/include/asm/processor.h
+@@ -109,7 +109,7 @@ struct cpuinfo_x86 {
+ char x86_vendor_id[16];
+ char x86_model_id[64];
+ /* in KB - valid for CPUS which support this call: */
+- int x86_cache_size;
++ unsigned int x86_cache_size;
+ int x86_cache_alignment; /* In bytes */
+ /* Cache QoS architectural values: */
+ int x86_cache_max_rmid; /* max index */
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -1160,7 +1160,7 @@ static void identify_cpu(struct cpuinfo_
+ int i;
+
+ c->loops_per_jiffy = loops_per_jiffy;
+- c->x86_cache_size = -1;
++ c->x86_cache_size = 0;
+ c->x86_vendor = X86_VENDOR_UNKNOWN;
+ c->x86_model = c->x86_stepping = 0; /* So far unknown... */
+ c->x86_vendor_id[0] = '\0'; /* Unset */
+--- a/arch/x86/kernel/cpu/microcode/intel.c
++++ b/arch/x86/kernel/cpu/microcode/intel.c
+@@ -982,7 +982,7 @@ static struct microcode_ops microcode_in
+
+ static int __init calc_llc_size_per_core(struct cpuinfo_x86 *c)
+ {
+- u64 llc_size = c->x86_cache_size * 1024;
++ u64 llc_size = c->x86_cache_size * 1024ULL;
+
+ do_div(llc_size, c->x86_max_cores);
+
+--- a/arch/x86/kernel/cpu/proc.c
++++ b/arch/x86/kernel/cpu/proc.c
+@@ -91,8 +91,8 @@ static int show_cpuinfo(struct seq_file
+ }
+
+ /* Cache size */
+- if (c->x86_cache_size >= 0)
+- seq_printf(m, "cache size\t: %d KB\n", c->x86_cache_size);
++ if (c->x86_cache_size)
++ seq_printf(m, "cache size\t: %u KB\n", c->x86_cache_size);
+
+ show_cpuinfo_core(m, c, cpu);
+ show_cpuinfo_misc(m, c);
--- /dev/null
+From b399151cb48db30ad1e0e93dd40d68c6d007b637 Mon Sep 17 00:00:00 2001
+From: Jia Zhang <qianyue.zj@alibaba-inc.com>
+Date: Mon, 1 Jan 2018 09:52:10 +0800
+Subject: x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
+
+From: Jia Zhang <qianyue.zj@alibaba-inc.com>
+
+commit b399151cb48db30ad1e0e93dd40d68c6d007b637 upstream.
+
+x86_mask is a confusing name which is hard to associate with the
+processor's stepping.
+
+Additionally, correct an indent issue in lib/cpu.c.
+
+Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
+[ Updated it to more recent kernels. ]
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: bp@alien8.de
+Cc: tony.luck@intel.com
+Link: http://lkml.kernel.org/r/1514771530-70829-1-git-send-email-qianyue.zj@alibaba-inc.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/events/intel/core.c | 2 +-
+ arch/x86/events/intel/lbr.c | 2 +-
+ arch/x86/events/intel/p6.c | 2 +-
+ arch/x86/include/asm/acpi.h | 2 +-
+ arch/x86/include/asm/processor.h | 2 +-
+ arch/x86/kernel/amd_nb.c | 2 +-
+ arch/x86/kernel/apic/apic.c | 6 +++---
+ arch/x86/kernel/asm-offsets_32.c | 2 +-
+ arch/x86/kernel/cpu/amd.c | 28 ++++++++++++++--------------
+ arch/x86/kernel/cpu/centaur.c | 4 ++--
+ arch/x86/kernel/cpu/common.c | 8 ++++----
+ arch/x86/kernel/cpu/cyrix.c | 2 +-
+ arch/x86/kernel/cpu/intel.c | 18 +++++++++---------
+ arch/x86/kernel/cpu/intel_rdt.c | 2 +-
+ arch/x86/kernel/cpu/microcode/intel.c | 4 ++--
+ arch/x86/kernel/cpu/mtrr/generic.c | 2 +-
+ arch/x86/kernel/cpu/mtrr/main.c | 4 ++--
+ arch/x86/kernel/cpu/proc.c | 4 ++--
+ arch/x86/kernel/head_32.S | 4 ++--
+ arch/x86/kernel/mpparse.c | 2 +-
+ arch/x86/lib/cpu.c | 2 +-
+ drivers/char/hw_random/via-rng.c | 2 +-
+ drivers/cpufreq/acpi-cpufreq.c | 2 +-
+ drivers/cpufreq/longhaul.c | 6 +++---
+ drivers/cpufreq/p4-clockmod.c | 2 +-
+ drivers/cpufreq/powernow-k7.c | 2 +-
+ drivers/cpufreq/speedstep-centrino.c | 4 ++--
+ drivers/cpufreq/speedstep-lib.c | 6 +++---
+ drivers/crypto/padlock-aes.c | 2 +-
+ drivers/edac/amd64_edac.c | 2 +-
+ drivers/hwmon/coretemp.c | 6 +++---
+ drivers/hwmon/hwmon-vid.c | 2 +-
+ drivers/hwmon/k10temp.c | 2 +-
+ drivers/hwmon/k8temp.c | 2 +-
+ drivers/video/fbdev/geode/video_gx.c | 2 +-
+ 35 files changed, 73 insertions(+), 73 deletions(-)
+
+--- a/arch/x86/events/intel/core.c
++++ b/arch/x86/events/intel/core.c
+@@ -3559,7 +3559,7 @@ static int intel_snb_pebs_broken(int cpu
+ break;
+
+ case INTEL_FAM6_SANDYBRIDGE_X:
+- switch (cpu_data(cpu).x86_mask) {
++ switch (cpu_data(cpu).x86_stepping) {
+ case 6: rev = 0x618; break;
+ case 7: rev = 0x70c; break;
+ }
+--- a/arch/x86/events/intel/lbr.c
++++ b/arch/x86/events/intel/lbr.c
+@@ -1186,7 +1186,7 @@ void __init intel_pmu_lbr_init_atom(void
+ * on PMU interrupt
+ */
+ if (boot_cpu_data.x86_model == 28
+- && boot_cpu_data.x86_mask < 10) {
++ && boot_cpu_data.x86_stepping < 10) {
+ pr_cont("LBR disabled due to erratum");
+ return;
+ }
+--- a/arch/x86/events/intel/p6.c
++++ b/arch/x86/events/intel/p6.c
+@@ -234,7 +234,7 @@ static __initconst const struct x86_pmu
+
+ static __init void p6_pmu_rdpmc_quirk(void)
+ {
+- if (boot_cpu_data.x86_mask < 9) {
++ if (boot_cpu_data.x86_stepping < 9) {
+ /*
+ * PPro erratum 26; fixed in stepping 9 and above.
+ */
+--- a/arch/x86/include/asm/acpi.h
++++ b/arch/x86/include/asm/acpi.h
+@@ -94,7 +94,7 @@ static inline unsigned int acpi_processo
+ if (boot_cpu_data.x86 == 0x0F &&
+ boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
+ boot_cpu_data.x86_model <= 0x05 &&
+- boot_cpu_data.x86_mask < 0x0A)
++ boot_cpu_data.x86_stepping < 0x0A)
+ return 1;
+ else if (boot_cpu_has(X86_BUG_AMD_APIC_C1E))
+ return 1;
+--- a/arch/x86/include/asm/processor.h
++++ b/arch/x86/include/asm/processor.h
+@@ -91,7 +91,7 @@ struct cpuinfo_x86 {
+ __u8 x86; /* CPU family */
+ __u8 x86_vendor; /* CPU vendor */
+ __u8 x86_model;
+- __u8 x86_mask;
++ __u8 x86_stepping;
+ #ifdef CONFIG_X86_64
+ /* Number of 4K pages in DTLB/ITLB combined(in pages): */
+ int x86_tlbsize;
+--- a/arch/x86/kernel/amd_nb.c
++++ b/arch/x86/kernel/amd_nb.c
+@@ -235,7 +235,7 @@ int amd_cache_northbridges(void)
+ if (boot_cpu_data.x86 == 0x10 &&
+ boot_cpu_data.x86_model >= 0x8 &&
+ (boot_cpu_data.x86_model > 0x9 ||
+- boot_cpu_data.x86_mask >= 0x1))
++ boot_cpu_data.x86_stepping >= 0x1))
+ amd_northbridges.flags |= AMD_NB_L3_INDEX_DISABLE;
+
+ if (boot_cpu_data.x86 == 0x15)
+--- a/arch/x86/kernel/apic/apic.c
++++ b/arch/x86/kernel/apic/apic.c
+@@ -553,7 +553,7 @@ static DEFINE_PER_CPU(struct clock_event
+
+ static u32 hsx_deadline_rev(void)
+ {
+- switch (boot_cpu_data.x86_mask) {
++ switch (boot_cpu_data.x86_stepping) {
+ case 0x02: return 0x3a; /* EP */
+ case 0x04: return 0x0f; /* EX */
+ }
+@@ -563,7 +563,7 @@ static u32 hsx_deadline_rev(void)
+
+ static u32 bdx_deadline_rev(void)
+ {
+- switch (boot_cpu_data.x86_mask) {
++ switch (boot_cpu_data.x86_stepping) {
+ case 0x02: return 0x00000011;
+ case 0x03: return 0x0700000e;
+ case 0x04: return 0x0f00000c;
+@@ -575,7 +575,7 @@ static u32 bdx_deadline_rev(void)
+
+ static u32 skx_deadline_rev(void)
+ {
+- switch (boot_cpu_data.x86_mask) {
++ switch (boot_cpu_data.x86_stepping) {
+ case 0x03: return 0x01000136;
+ case 0x04: return 0x02000014;
+ }
+--- a/arch/x86/kernel/asm-offsets_32.c
++++ b/arch/x86/kernel/asm-offsets_32.c
+@@ -18,7 +18,7 @@ void foo(void)
+ OFFSET(CPUINFO_x86, cpuinfo_x86, x86);
+ OFFSET(CPUINFO_x86_vendor, cpuinfo_x86, x86_vendor);
+ OFFSET(CPUINFO_x86_model, cpuinfo_x86, x86_model);
+- OFFSET(CPUINFO_x86_mask, cpuinfo_x86, x86_mask);
++ OFFSET(CPUINFO_x86_stepping, cpuinfo_x86, x86_stepping);
+ OFFSET(CPUINFO_cpuid_level, cpuinfo_x86, cpuid_level);
+ OFFSET(CPUINFO_x86_capability, cpuinfo_x86, x86_capability);
+ OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id);
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -119,7 +119,7 @@ static void init_amd_k6(struct cpuinfo_x
+ return;
+ }
+
+- if (c->x86_model == 6 && c->x86_mask == 1) {
++ if (c->x86_model == 6 && c->x86_stepping == 1) {
+ const int K6_BUG_LOOP = 1000000;
+ int n;
+ void (*f_vide)(void);
+@@ -149,7 +149,7 @@ static void init_amd_k6(struct cpuinfo_x
+
+ /* K6 with old style WHCR */
+ if (c->x86_model < 8 ||
+- (c->x86_model == 8 && c->x86_mask < 8)) {
++ (c->x86_model == 8 && c->x86_stepping < 8)) {
+ /* We can only write allocate on the low 508Mb */
+ if (mbytes > 508)
+ mbytes = 508;
+@@ -168,7 +168,7 @@ static void init_amd_k6(struct cpuinfo_x
+ return;
+ }
+
+- if ((c->x86_model == 8 && c->x86_mask > 7) ||
++ if ((c->x86_model == 8 && c->x86_stepping > 7) ||
+ c->x86_model == 9 || c->x86_model == 13) {
+ /* The more serious chips .. */
+
+@@ -221,7 +221,7 @@ static void init_amd_k7(struct cpuinfo_x
+ * are more robust with CLK_CTL set to 200xxxxx instead of 600xxxxx
+ * As per AMD technical note 27212 0.2
+ */
+- if ((c->x86_model == 8 && c->x86_mask >= 1) || (c->x86_model > 8)) {
++ if ((c->x86_model == 8 && c->x86_stepping >= 1) || (c->x86_model > 8)) {
+ rdmsr(MSR_K7_CLK_CTL, l, h);
+ if ((l & 0xfff00000) != 0x20000000) {
+ pr_info("CPU: CLK_CTL MSR was %x. Reprogramming to %x\n",
+@@ -241,12 +241,12 @@ static void init_amd_k7(struct cpuinfo_x
+ * but they are not certified as MP capable.
+ */
+ /* Athlon 660/661 is valid. */
+- if ((c->x86_model == 6) && ((c->x86_mask == 0) ||
+- (c->x86_mask == 1)))
++ if ((c->x86_model == 6) && ((c->x86_stepping == 0) ||
++ (c->x86_stepping == 1)))
+ return;
+
+ /* Duron 670 is valid */
+- if ((c->x86_model == 7) && (c->x86_mask == 0))
++ if ((c->x86_model == 7) && (c->x86_stepping == 0))
+ return;
+
+ /*
+@@ -256,8 +256,8 @@ static void init_amd_k7(struct cpuinfo_x
+ * See http://www.heise.de/newsticker/data/jow-18.10.01-000 for
+ * more.
+ */
+- if (((c->x86_model == 6) && (c->x86_mask >= 2)) ||
+- ((c->x86_model == 7) && (c->x86_mask >= 1)) ||
++ if (((c->x86_model == 6) && (c->x86_stepping >= 2)) ||
++ ((c->x86_model == 7) && (c->x86_stepping >= 1)) ||
+ (c->x86_model > 7))
+ if (cpu_has(c, X86_FEATURE_MP))
+ return;
+@@ -583,7 +583,7 @@ static void early_init_amd(struct cpuinf
+ /* Set MTRR capability flag if appropriate */
+ if (c->x86 == 5)
+ if (c->x86_model == 13 || c->x86_model == 9 ||
+- (c->x86_model == 8 && c->x86_mask >= 8))
++ (c->x86_model == 8 && c->x86_stepping >= 8))
+ set_cpu_cap(c, X86_FEATURE_K6_MTRR);
+ #endif
+ #if defined(CONFIG_X86_LOCAL_APIC) && defined(CONFIG_PCI)
+@@ -769,7 +769,7 @@ static void init_amd_zn(struct cpuinfo_x
+ * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects
+ * all up to and including B1.
+ */
+- if (c->x86_model <= 1 && c->x86_mask <= 1)
++ if (c->x86_model <= 1 && c->x86_stepping <= 1)
+ set_cpu_cap(c, X86_FEATURE_CPB);
+ }
+
+@@ -880,11 +880,11 @@ static unsigned int amd_size_cache(struc
+ /* AMD errata T13 (order #21922) */
+ if ((c->x86 == 6)) {
+ /* Duron Rev A0 */
+- if (c->x86_model == 3 && c->x86_mask == 0)
++ if (c->x86_model == 3 && c->x86_stepping == 0)
+ size = 64;
+ /* Tbird rev A1/A2 */
+ if (c->x86_model == 4 &&
+- (c->x86_mask == 0 || c->x86_mask == 1))
++ (c->x86_stepping == 0 || c->x86_stepping == 1))
+ size = 256;
+ }
+ return size;
+@@ -1021,7 +1021,7 @@ static bool cpu_has_amd_erratum(struct c
+ }
+
+ /* OSVW unavailable or ID unknown, match family-model-stepping range */
+- ms = (cpu->x86_model << 4) | cpu->x86_mask;
++ ms = (cpu->x86_model << 4) | cpu->x86_stepping;
+ while ((range = *erratum++))
+ if ((cpu->x86 == AMD_MODEL_RANGE_FAMILY(range)) &&
+ (ms >= AMD_MODEL_RANGE_START(range)) &&
+--- a/arch/x86/kernel/cpu/centaur.c
++++ b/arch/x86/kernel/cpu/centaur.c
+@@ -136,7 +136,7 @@ static void init_centaur(struct cpuinfo_
+ clear_cpu_cap(c, X86_FEATURE_TSC);
+ break;
+ case 8:
+- switch (c->x86_mask) {
++ switch (c->x86_stepping) {
+ default:
+ name = "2";
+ break;
+@@ -211,7 +211,7 @@ centaur_size_cache(struct cpuinfo_x86 *c
+ * - Note, it seems this may only be in engineering samples.
+ */
+ if ((c->x86 == 6) && (c->x86_model == 9) &&
+- (c->x86_mask == 1) && (size == 65))
++ (c->x86_stepping == 1) && (size == 65))
+ size -= 1;
+ return size;
+ }
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -707,7 +707,7 @@ void cpu_detect(struct cpuinfo_x86 *c)
+ cpuid(0x00000001, &tfms, &misc, &junk, &cap0);
+ c->x86 = x86_family(tfms);
+ c->x86_model = x86_model(tfms);
+- c->x86_mask = x86_stepping(tfms);
++ c->x86_stepping = x86_stepping(tfms);
+
+ if (cap0 & (1<<19)) {
+ c->x86_clflush_size = ((misc >> 8) & 0xff) * 8;
+@@ -1162,7 +1162,7 @@ static void identify_cpu(struct cpuinfo_
+ c->loops_per_jiffy = loops_per_jiffy;
+ c->x86_cache_size = -1;
+ c->x86_vendor = X86_VENDOR_UNKNOWN;
+- c->x86_model = c->x86_mask = 0; /* So far unknown... */
++ c->x86_model = c->x86_stepping = 0; /* So far unknown... */
+ c->x86_vendor_id[0] = '\0'; /* Unset */
+ c->x86_model_id[0] = '\0'; /* Unset */
+ c->x86_max_cores = 1;
+@@ -1353,8 +1353,8 @@ void print_cpu_info(struct cpuinfo_x86 *
+
+ pr_cont(" (family: 0x%x, model: 0x%x", c->x86, c->x86_model);
+
+- if (c->x86_mask || c->cpuid_level >= 0)
+- pr_cont(", stepping: 0x%x)\n", c->x86_mask);
++ if (c->x86_stepping || c->cpuid_level >= 0)
++ pr_cont(", stepping: 0x%x)\n", c->x86_stepping);
+ else
+ pr_cont(")\n");
+ }
+--- a/arch/x86/kernel/cpu/cyrix.c
++++ b/arch/x86/kernel/cpu/cyrix.c
+@@ -215,7 +215,7 @@ static void init_cyrix(struct cpuinfo_x8
+
+ /* common case step number/rev -- exceptions handled below */
+ c->x86_model = (dir1 >> 4) + 1;
+- c->x86_mask = dir1 & 0xf;
++ c->x86_stepping = dir1 & 0xf;
+
+ /* Now cook; the original recipe is by Channing Corn, from Cyrix.
+ * We do the same thing for each generation: we work out
+--- a/arch/x86/kernel/cpu/intel.c
++++ b/arch/x86/kernel/cpu/intel.c
+@@ -146,7 +146,7 @@ static bool bad_spectre_microcode(struct
+
+ for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) {
+ if (c->x86_model == spectre_bad_microcodes[i].model &&
+- c->x86_mask == spectre_bad_microcodes[i].stepping)
++ c->x86_stepping == spectre_bad_microcodes[i].stepping)
+ return (c->microcode <= spectre_bad_microcodes[i].microcode);
+ }
+ return false;
+@@ -193,7 +193,7 @@ static void early_init_intel(struct cpui
+ * need the microcode to have already been loaded... so if it is
+ * not, recommend a BIOS update and disable large pages.
+ */
+- if (c->x86 == 6 && c->x86_model == 0x1c && c->x86_mask <= 2 &&
++ if (c->x86 == 6 && c->x86_model == 0x1c && c->x86_stepping <= 2 &&
+ c->microcode < 0x20e) {
+ pr_warn("Atom PSE erratum detected, BIOS microcode update recommended\n");
+ clear_cpu_cap(c, X86_FEATURE_PSE);
+@@ -209,7 +209,7 @@ static void early_init_intel(struct cpui
+
+ /* CPUID workaround for 0F33/0F34 CPU */
+ if (c->x86 == 0xF && c->x86_model == 0x3
+- && (c->x86_mask == 0x3 || c->x86_mask == 0x4))
++ && (c->x86_stepping == 0x3 || c->x86_stepping == 0x4))
+ c->x86_phys_bits = 36;
+
+ /*
+@@ -322,7 +322,7 @@ int ppro_with_ram_bug(void)
+ if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+ boot_cpu_data.x86 == 6 &&
+ boot_cpu_data.x86_model == 1 &&
+- boot_cpu_data.x86_mask < 8) {
++ boot_cpu_data.x86_stepping < 8) {
+ pr_info("Pentium Pro with Errata#50 detected. Taking evasive action.\n");
+ return 1;
+ }
+@@ -339,7 +339,7 @@ static void intel_smp_check(struct cpuin
+ * Mask B, Pentium, but not Pentium MMX
+ */
+ if (c->x86 == 5 &&
+- c->x86_mask >= 1 && c->x86_mask <= 4 &&
++ c->x86_stepping >= 1 && c->x86_stepping <= 4 &&
+ c->x86_model <= 3) {
+ /*
+ * Remember we have B step Pentia with bugs
+@@ -382,7 +382,7 @@ static void intel_workarounds(struct cpu
+ * SEP CPUID bug: Pentium Pro reports SEP but doesn't have it until
+ * model 3 mask 3
+ */
+- if ((c->x86<<8 | c->x86_model<<4 | c->x86_mask) < 0x633)
++ if ((c->x86<<8 | c->x86_model<<4 | c->x86_stepping) < 0x633)
+ clear_cpu_cap(c, X86_FEATURE_SEP);
+
+ /*
+@@ -400,7 +400,7 @@ static void intel_workarounds(struct cpu
+ * P4 Xeon erratum 037 workaround.
+ * Hardware prefetcher may cause stale data to be loaded into the cache.
+ */
+- if ((c->x86 == 15) && (c->x86_model == 1) && (c->x86_mask == 1)) {
++ if ((c->x86 == 15) && (c->x86_model == 1) && (c->x86_stepping == 1)) {
+ if (msr_set_bit(MSR_IA32_MISC_ENABLE,
+ MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE_BIT) > 0) {
+ pr_info("CPU: C0 stepping P4 Xeon detected.\n");
+@@ -415,7 +415,7 @@ static void intel_workarounds(struct cpu
+ * Specification Update").
+ */
+ if (boot_cpu_has(X86_FEATURE_APIC) && (c->x86<<8 | c->x86_model<<4) == 0x520 &&
+- (c->x86_mask < 0x6 || c->x86_mask == 0xb))
++ (c->x86_stepping < 0x6 || c->x86_stepping == 0xb))
+ set_cpu_bug(c, X86_BUG_11AP);
+
+
+@@ -662,7 +662,7 @@ static void init_intel(struct cpuinfo_x8
+ case 6:
+ if (l2 == 128)
+ p = "Celeron (Mendocino)";
+- else if (c->x86_mask == 0 || c->x86_mask == 5)
++ else if (c->x86_stepping == 0 || c->x86_stepping == 5)
+ p = "Celeron-A";
+ break;
+
+--- a/arch/x86/kernel/cpu/intel_rdt.c
++++ b/arch/x86/kernel/cpu/intel_rdt.c
+@@ -771,7 +771,7 @@ static __init void rdt_quirks(void)
+ cache_alloc_hsw_probe();
+ break;
+ case INTEL_FAM6_SKYLAKE_X:
+- if (boot_cpu_data.x86_mask <= 4)
++ if (boot_cpu_data.x86_stepping <= 4)
+ set_rdt_options("!cmt,!mbmtotal,!mbmlocal,!l3cat");
+ }
+ }
+--- a/arch/x86/kernel/cpu/microcode/intel.c
++++ b/arch/x86/kernel/cpu/microcode/intel.c
+@@ -921,7 +921,7 @@ static bool is_blacklisted(unsigned int
+ */
+ if (c->x86 == 6 &&
+ c->x86_model == INTEL_FAM6_BROADWELL_X &&
+- c->x86_mask == 0x01 &&
++ c->x86_stepping == 0x01 &&
+ llc_size_per_core > 2621440 &&
+ c->microcode < 0x0b000021) {
+ pr_err_once("Erratum BDF90: late loading with revision < 0x0b000021 (0x%x) disabled.\n", c->microcode);
+@@ -944,7 +944,7 @@ static enum ucode_state request_microcod
+ return UCODE_NFOUND;
+
+ sprintf(name, "intel-ucode/%02x-%02x-%02x",
+- c->x86, c->x86_model, c->x86_mask);
++ c->x86, c->x86_model, c->x86_stepping);
+
+ if (request_firmware_direct(&firmware, name, device)) {
+ pr_debug("data file %s load failed\n", name);
+--- a/arch/x86/kernel/cpu/mtrr/generic.c
++++ b/arch/x86/kernel/cpu/mtrr/generic.c
+@@ -859,7 +859,7 @@ int generic_validate_add_page(unsigned l
+ */
+ if (is_cpu(INTEL) && boot_cpu_data.x86 == 6 &&
+ boot_cpu_data.x86_model == 1 &&
+- boot_cpu_data.x86_mask <= 7) {
++ boot_cpu_data.x86_stepping <= 7) {
+ if (base & ((1 << (22 - PAGE_SHIFT)) - 1)) {
+ pr_warn("mtrr: base(0x%lx000) is not 4 MiB aligned\n", base);
+ return -EINVAL;
+--- a/arch/x86/kernel/cpu/mtrr/main.c
++++ b/arch/x86/kernel/cpu/mtrr/main.c
+@@ -711,8 +711,8 @@ void __init mtrr_bp_init(void)
+ if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+ boot_cpu_data.x86 == 0xF &&
+ boot_cpu_data.x86_model == 0x3 &&
+- (boot_cpu_data.x86_mask == 0x3 ||
+- boot_cpu_data.x86_mask == 0x4))
++ (boot_cpu_data.x86_stepping == 0x3 ||
++ boot_cpu_data.x86_stepping == 0x4))
+ phys_addr = 36;
+
+ size_or_mask = SIZE_OR_MASK_BITS(phys_addr);
+--- a/arch/x86/kernel/cpu/proc.c
++++ b/arch/x86/kernel/cpu/proc.c
+@@ -72,8 +72,8 @@ static int show_cpuinfo(struct seq_file
+ c->x86_model,
+ c->x86_model_id[0] ? c->x86_model_id : "unknown");
+
+- if (c->x86_mask || c->cpuid_level >= 0)
+- seq_printf(m, "stepping\t: %d\n", c->x86_mask);
++ if (c->x86_stepping || c->cpuid_level >= 0)
++ seq_printf(m, "stepping\t: %d\n", c->x86_stepping);
+ else
+ seq_puts(m, "stepping\t: unknown\n");
+ if (c->microcode)
+--- a/arch/x86/kernel/head_32.S
++++ b/arch/x86/kernel/head_32.S
+@@ -37,7 +37,7 @@
+ #define X86 new_cpu_data+CPUINFO_x86
+ #define X86_VENDOR new_cpu_data+CPUINFO_x86_vendor
+ #define X86_MODEL new_cpu_data+CPUINFO_x86_model
+-#define X86_MASK new_cpu_data+CPUINFO_x86_mask
++#define X86_STEPPING new_cpu_data+CPUINFO_x86_stepping
+ #define X86_HARD_MATH new_cpu_data+CPUINFO_hard_math
+ #define X86_CPUID new_cpu_data+CPUINFO_cpuid_level
+ #define X86_CAPABILITY new_cpu_data+CPUINFO_x86_capability
+@@ -332,7 +332,7 @@ ENTRY(startup_32_smp)
+ shrb $4,%al
+ movb %al,X86_MODEL
+ andb $0x0f,%cl # mask mask revision
+- movb %cl,X86_MASK
++ movb %cl,X86_STEPPING
+ movl %edx,X86_CAPABILITY
+
+ .Lis486:
+--- a/arch/x86/kernel/mpparse.c
++++ b/arch/x86/kernel/mpparse.c
+@@ -407,7 +407,7 @@ static inline void __init construct_defa
+ processor.apicver = mpc_default_type > 4 ? 0x10 : 0x01;
+ processor.cpuflag = CPU_ENABLED;
+ processor.cpufeature = (boot_cpu_data.x86 << 8) |
+- (boot_cpu_data.x86_model << 4) | boot_cpu_data.x86_mask;
++ (boot_cpu_data.x86_model << 4) | boot_cpu_data.x86_stepping;
+ processor.featureflag = boot_cpu_data.x86_capability[CPUID_1_EDX];
+ processor.reserved[0] = 0;
+ processor.reserved[1] = 0;
+--- a/arch/x86/lib/cpu.c
++++ b/arch/x86/lib/cpu.c
+@@ -18,7 +18,7 @@ unsigned int x86_model(unsigned int sig)
+ {
+ unsigned int fam, model;
+
+- fam = x86_family(sig);
++ fam = x86_family(sig);
+
+ model = (sig >> 4) & 0xf;
+
+--- a/drivers/char/hw_random/via-rng.c
++++ b/drivers/char/hw_random/via-rng.c
+@@ -162,7 +162,7 @@ static int via_rng_init(struct hwrng *rn
+ /* Enable secondary noise source on CPUs where it is present. */
+
+ /* Nehemiah stepping 8 and higher */
+- if ((c->x86_model == 9) && (c->x86_mask > 7))
++ if ((c->x86_model == 9) && (c->x86_stepping > 7))
+ lo |= VIA_NOISESRC2;
+
+ /* Esther */
+--- a/drivers/cpufreq/acpi-cpufreq.c
++++ b/drivers/cpufreq/acpi-cpufreq.c
+@@ -629,7 +629,7 @@ static int acpi_cpufreq_blacklist(struct
+ if (c->x86_vendor == X86_VENDOR_INTEL) {
+ if ((c->x86 == 15) &&
+ (c->x86_model == 6) &&
+- (c->x86_mask == 8)) {
++ (c->x86_stepping == 8)) {
+ pr_info("Intel(R) Xeon(R) 7100 Errata AL30, processors may lock up on frequency changes: disabling acpi-cpufreq\n");
+ return -ENODEV;
+ }
+--- a/drivers/cpufreq/longhaul.c
++++ b/drivers/cpufreq/longhaul.c
+@@ -775,7 +775,7 @@ static int longhaul_cpu_init(struct cpuf
+ break;
+
+ case 7:
+- switch (c->x86_mask) {
++ switch (c->x86_stepping) {
+ case 0:
+ longhaul_version = TYPE_LONGHAUL_V1;
+ cpu_model = CPU_SAMUEL2;
+@@ -787,7 +787,7 @@ static int longhaul_cpu_init(struct cpuf
+ break;
+ case 1 ... 15:
+ longhaul_version = TYPE_LONGHAUL_V2;
+- if (c->x86_mask < 8) {
++ if (c->x86_stepping < 8) {
+ cpu_model = CPU_SAMUEL2;
+ cpuname = "C3 'Samuel 2' [C5B]";
+ } else {
+@@ -814,7 +814,7 @@ static int longhaul_cpu_init(struct cpuf
+ numscales = 32;
+ memcpy(mults, nehemiah_mults, sizeof(nehemiah_mults));
+ memcpy(eblcr, nehemiah_eblcr, sizeof(nehemiah_eblcr));
+- switch (c->x86_mask) {
++ switch (c->x86_stepping) {
+ case 0 ... 1:
+ cpu_model = CPU_NEHEMIAH;
+ cpuname = "C3 'Nehemiah A' [C5XLOE]";
+--- a/drivers/cpufreq/p4-clockmod.c
++++ b/drivers/cpufreq/p4-clockmod.c
+@@ -168,7 +168,7 @@ static int cpufreq_p4_cpu_init(struct cp
+ #endif
+
+ /* Errata workaround */
+- cpuid = (c->x86 << 8) | (c->x86_model << 4) | c->x86_mask;
++ cpuid = (c->x86 << 8) | (c->x86_model << 4) | c->x86_stepping;
+ switch (cpuid) {
+ case 0x0f07:
+ case 0x0f0a:
+--- a/drivers/cpufreq/powernow-k7.c
++++ b/drivers/cpufreq/powernow-k7.c
+@@ -131,7 +131,7 @@ static int check_powernow(void)
+ return 0;
+ }
+
+- if ((c->x86_model == 6) && (c->x86_mask == 0)) {
++ if ((c->x86_model == 6) && (c->x86_stepping == 0)) {
+ pr_info("K7 660[A0] core detected, enabling errata workarounds\n");
+ have_a0 = 1;
+ }
+--- a/drivers/cpufreq/speedstep-centrino.c
++++ b/drivers/cpufreq/speedstep-centrino.c
+@@ -37,7 +37,7 @@ struct cpu_id
+ {
+ __u8 x86; /* CPU family */
+ __u8 x86_model; /* model */
+- __u8 x86_mask; /* stepping */
++ __u8 x86_stepping; /* stepping */
+ };
+
+ enum {
+@@ -277,7 +277,7 @@ static int centrino_verify_cpu_id(const
+ {
+ if ((c->x86 == x->x86) &&
+ (c->x86_model == x->x86_model) &&
+- (c->x86_mask == x->x86_mask))
++ (c->x86_stepping == x->x86_stepping))
+ return 1;
+ return 0;
+ }
+--- a/drivers/cpufreq/speedstep-lib.c
++++ b/drivers/cpufreq/speedstep-lib.c
+@@ -272,9 +272,9 @@ unsigned int speedstep_detect_processor(
+ ebx = cpuid_ebx(0x00000001);
+ ebx &= 0x000000FF;
+
+- pr_debug("ebx value is %x, x86_mask is %x\n", ebx, c->x86_mask);
++ pr_debug("ebx value is %x, x86_stepping is %x\n", ebx, c->x86_stepping);
+
+- switch (c->x86_mask) {
++ switch (c->x86_stepping) {
+ case 4:
+ /*
+ * B-stepping [M-P4-M]
+@@ -361,7 +361,7 @@ unsigned int speedstep_detect_processor(
+ msr_lo, msr_hi);
+ if ((msr_hi & (1<<18)) &&
+ (relaxed_check ? 1 : (msr_hi & (3<<24)))) {
+- if (c->x86_mask == 0x01) {
++ if (c->x86_stepping == 0x01) {
+ pr_debug("early PIII version\n");
+ return SPEEDSTEP_CPU_PIII_C_EARLY;
+ } else
+--- a/drivers/crypto/padlock-aes.c
++++ b/drivers/crypto/padlock-aes.c
+@@ -512,7 +512,7 @@ static int __init padlock_init(void)
+
+ printk(KERN_NOTICE PFX "Using VIA PadLock ACE for AES algorithm.\n");
+
+- if (c->x86 == 6 && c->x86_model == 15 && c->x86_mask == 2) {
++ if (c->x86 == 6 && c->x86_model == 15 && c->x86_stepping == 2) {
+ ecb_fetch_blocks = MAX_ECB_FETCH_BLOCKS;
+ cbc_fetch_blocks = MAX_CBC_FETCH_BLOCKS;
+ printk(KERN_NOTICE PFX "VIA Nano stepping 2 detected: enabling workaround.\n");
+--- a/drivers/edac/amd64_edac.c
++++ b/drivers/edac/amd64_edac.c
+@@ -3147,7 +3147,7 @@ static struct amd64_family_type *per_fam
+ struct amd64_family_type *fam_type = NULL;
+
+ pvt->ext_model = boot_cpu_data.x86_model >> 4;
+- pvt->stepping = boot_cpu_data.x86_mask;
++ pvt->stepping = boot_cpu_data.x86_stepping;
+ pvt->model = boot_cpu_data.x86_model;
+ pvt->fam = boot_cpu_data.x86;
+
+--- a/drivers/hwmon/coretemp.c
++++ b/drivers/hwmon/coretemp.c
+@@ -268,13 +268,13 @@ static int adjust_tjmax(struct cpuinfo_x
+ for (i = 0; i < ARRAY_SIZE(tjmax_model_table); i++) {
+ const struct tjmax_model *tm = &tjmax_model_table[i];
+ if (c->x86_model == tm->model &&
+- (tm->mask == ANY || c->x86_mask == tm->mask))
++ (tm->mask == ANY || c->x86_stepping == tm->mask))
+ return tm->tjmax;
+ }
+
+ /* Early chips have no MSR for TjMax */
+
+- if (c->x86_model == 0xf && c->x86_mask < 4)
++ if (c->x86_model == 0xf && c->x86_stepping < 4)
+ usemsr_ee = 0;
+
+ if (c->x86_model > 0xe && usemsr_ee) {
+@@ -425,7 +425,7 @@ static int chk_ucode_version(unsigned in
+ * Readings might stop update when processor visited too deep sleep,
+ * fixed for stepping D0 (6EC).
+ */
+- if (c->x86_model == 0xe && c->x86_mask < 0xc && c->microcode < 0x39) {
++ if (c->x86_model == 0xe && c->x86_stepping < 0xc && c->microcode < 0x39) {
+ pr_err("Errata AE18 not fixed, update BIOS or microcode of the CPU!\n");
+ return -ENODEV;
+ }
+--- a/drivers/hwmon/hwmon-vid.c
++++ b/drivers/hwmon/hwmon-vid.c
+@@ -293,7 +293,7 @@ u8 vid_which_vrm(void)
+ if (c->x86 < 6) /* Any CPU with family lower than 6 */
+ return 0; /* doesn't have VID */
+
+- vrm_ret = find_vrm(c->x86, c->x86_model, c->x86_mask, c->x86_vendor);
++ vrm_ret = find_vrm(c->x86, c->x86_model, c->x86_stepping, c->x86_vendor);
+ if (vrm_ret == 134)
+ vrm_ret = get_via_model_d_vrm();
+ if (vrm_ret == 0)
+--- a/drivers/hwmon/k10temp.c
++++ b/drivers/hwmon/k10temp.c
+@@ -179,7 +179,7 @@ static bool has_erratum_319(struct pci_d
+ * and AM3 formats, but that's the best we can do.
+ */
+ return boot_cpu_data.x86_model < 4 ||
+- (boot_cpu_data.x86_model == 4 && boot_cpu_data.x86_mask <= 2);
++ (boot_cpu_data.x86_model == 4 && boot_cpu_data.x86_stepping <= 2);
+ }
+
+ static int k10temp_probe(struct pci_dev *pdev,
+--- a/drivers/hwmon/k8temp.c
++++ b/drivers/hwmon/k8temp.c
+@@ -187,7 +187,7 @@ static int k8temp_probe(struct pci_dev *
+ return -ENOMEM;
+
+ model = boot_cpu_data.x86_model;
+- stepping = boot_cpu_data.x86_mask;
++ stepping = boot_cpu_data.x86_stepping;
+
+ /* feature available since SH-C0, exclude older revisions */
+ if ((model == 4 && stepping == 0) ||
+--- a/drivers/video/fbdev/geode/video_gx.c
++++ b/drivers/video/fbdev/geode/video_gx.c
+@@ -127,7 +127,7 @@ void gx_set_dclk_frequency(struct fb_inf
+ int timeout = 1000;
+
+ /* Rev. 1 Geode GXs use a 14 MHz reference clock instead of 48 MHz. */
+- if (cpu_data(0).x86_mask == 1) {
++ if (cpu_data(0).x86_stepping == 1) {
+ pll_table = gx_pll_table_14MHz;
+ pll_table_len = ARRAY_SIZE(gx_pll_table_14MHz);
+ } else {
--- /dev/null
+From 2b5db66862b95532cb6cca8165ae6eb73633cf85 Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Thu, 8 Feb 2018 17:09:26 -0600
+Subject: x86/debug, objtool: Annotate WARN()-related UD2 as reachable
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+commit 2b5db66862b95532cb6cca8165ae6eb73633cf85 upstream.
+
+By default, objtool assumes that a UD2 is a dead end. This is mainly
+because GCC 7+ sometimes inserts a UD2 when it detects a divide-by-zero
+condition.
+
+Now that WARN() is moving back to UD2, annotate the code after it as
+reachable so objtool can follow the code flow.
+
+Reported-by: Borislav Petkov <bp@alien8.de>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: kbuild test robot <fengguang.wu@intel.com>
+Link: http://lkml.kernel.org/r/0e483379275a42626ba8898117f918e1bf661e40.1518130694.git.jpoimboe@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/bug.h | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/bug.h
++++ b/arch/x86/include/asm/bug.h
+@@ -77,7 +77,11 @@ do { \
+ unreachable(); \
+ } while (0)
+
+-#define __WARN_FLAGS(flags) _BUG_FLAGS(ASM_UD0, BUGFLAG_WARNING|(flags))
++#define __WARN_FLAGS(flags) \
++do { \
++ _BUG_FLAGS(ASM_UD0, BUGFLAG_WARNING|(flags)); \
++ annotate_reachable(); \
++} while (0)
+
+ #include <asm-generic/bug.h>
+
--- /dev/null
+From 3b3a371cc9bc980429baabe0a8e5f307f3d1f463 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Fri, 9 Feb 2018 13:16:59 +0100
+Subject: x86/debug: Use UD2 for WARN()
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit 3b3a371cc9bc980429baabe0a8e5f307f3d1f463 upstream.
+
+Since the Intel SDM added an ModR/M byte to UD0 and binutils followed
+that specification, we now cannot disassemble our kernel anymore.
+
+This now means Intel and AMD disagree on the encoding of UD0. And instead
+of playing games with additional bytes that are valid ModR/M and single
+byte instructions (0xd6 for instance), simply use UD2 for both WARN() and
+BUG().
+
+Requested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/20180208194406.GD25181@hirez.programming.kicks-ass.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/bug.h | 15 ++++++---------
+ arch/x86/kernel/traps.c | 2 +-
+ 2 files changed, 7 insertions(+), 10 deletions(-)
+
+--- a/arch/x86/include/asm/bug.h
++++ b/arch/x86/include/asm/bug.h
+@@ -5,23 +5,20 @@
+ #include <linux/stringify.h>
+
+ /*
+- * Since some emulators terminate on UD2, we cannot use it for WARN.
+- * Since various instruction decoders disagree on the length of UD1,
+- * we cannot use it either. So use UD0 for WARN.
++ * Despite that some emulators terminate on UD2, we use it for WARN().
+ *
+- * (binutils knows about "ud1" but {en,de}codes it as 2 bytes, whereas
+- * our kernel decoder thinks it takes a ModRM byte, which seems consistent
+- * with various things like the Intel SDM instruction encoding rules)
++ * Since various instruction decoders/specs disagree on the encoding of
++ * UD0/UD1.
+ */
+
+-#define ASM_UD0 ".byte 0x0f, 0xff"
++#define ASM_UD0 ".byte 0x0f, 0xff" /* + ModRM (for Intel) */
+ #define ASM_UD1 ".byte 0x0f, 0xb9" /* + ModRM */
+ #define ASM_UD2 ".byte 0x0f, 0x0b"
+
+ #define INSN_UD0 0xff0f
+ #define INSN_UD2 0x0b0f
+
+-#define LEN_UD0 2
++#define LEN_UD2 2
+
+ #ifdef CONFIG_GENERIC_BUG
+
+@@ -79,7 +76,7 @@ do { \
+
+ #define __WARN_FLAGS(flags) \
+ do { \
+- _BUG_FLAGS(ASM_UD0, BUGFLAG_WARNING|(flags)); \
++ _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags)); \
+ annotate_reachable(); \
+ } while (0)
+
+--- a/arch/x86/kernel/traps.c
++++ b/arch/x86/kernel/traps.c
+@@ -181,7 +181,7 @@ int fixup_bug(struct pt_regs *regs, int
+ break;
+
+ case BUG_TRAP_TYPE_WARN:
+- regs->ip += LEN_UD0;
++ regs->ip += LEN_UD2;
+ return 1;
+ }
+
--- /dev/null
+From 3ac6d8c787b835b997eb23e43e09aa0895ef7d58 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Mon, 5 Feb 2018 17:18:11 -0800
+Subject: x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit 3ac6d8c787b835b997eb23e43e09aa0895ef7d58 upstream.
+
+Clear the 'extra' registers on entering the 64-bit kernel for exceptions
+and interrupts. The common registers are not cleared since they are
+likely clobbered well before they can be exploited in a speculative
+execution attack.
+
+Originally-From: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Cc: <stable@vger.kernel.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/151787989146.7847.15749181712358213254.stgit@dwillia2-desk3.amr.corp.intel.com
+[ Made small improvements to the changelog and the code comments. ]
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 19 +++++++++++++++++++
+ arch/x86/entry/entry_64.S | 6 +++++-
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -147,6 +147,25 @@ For 32-bit we have the following convent
+ UNWIND_HINT_REGS offset=\offset
+ .endm
+
++ /*
++ * Sanitize registers of values that a speculation attack
++ * might otherwise want to exploit. The lower registers are
++ * likely clobbered well before they could be put to use in
++ * a speculative execution gadget:
++ */
++ .macro CLEAR_REGS_NOSPEC
++ xorl %ebp, %ebp
++ xorl %ebx, %ebx
++ xorq %r8, %r8
++ xorq %r9, %r9
++ xorq %r10, %r10
++ xorq %r11, %r11
++ xorq %r12, %r12
++ xorq %r13, %r13
++ xorq %r14, %r14
++ xorq %r15, %r15
++ .endm
++
+ .macro POP_EXTRA_REGS
+ popq %r15
+ popq %r14
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -571,6 +571,7 @@ END(irq_entries_start)
+ ALLOC_PT_GPREGS_ON_STACK
+ SAVE_C_REGS
+ SAVE_EXTRA_REGS
++ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER
+
+ testb $3, CS(%rsp)
+@@ -1127,6 +1128,7 @@ ENTRY(xen_failsafe_callback)
+ ALLOC_PT_GPREGS_ON_STACK
+ SAVE_C_REGS
+ SAVE_EXTRA_REGS
++ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER
+ jmp error_exit
+ END(xen_failsafe_callback)
+@@ -1172,6 +1174,7 @@ ENTRY(paranoid_entry)
+ cld
+ SAVE_C_REGS 8
+ SAVE_EXTRA_REGS 8
++ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER 8
+ movl $1, %ebx
+ movl $MSR_GS_BASE, %ecx
+@@ -1224,8 +1227,8 @@ ENTRY(error_entry)
+ cld
+ SAVE_C_REGS 8
+ SAVE_EXTRA_REGS 8
++ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER 8
+- xorl %ebx, %ebx
+ testb $3, CS+8(%rsp)
+ jz .Lerror_kernelspace
+
+@@ -1422,6 +1425,7 @@ ENTRY(nmi)
+ pushq %r14 /* pt_regs->r14 */
+ pushq %r15 /* pt_regs->r15 */
+ UNWIND_HINT_REGS
++ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER
+
+ /*
--- /dev/null
+From e48657573481a5dff7cfdc3d57005c80aa816500 Mon Sep 17 00:00:00 2001
+From: Ingo Molnar <mingo@kernel.org>
+Date: Wed, 14 Feb 2018 08:39:11 +0100
+Subject: x86/entry/64: Fix CR3 restore in paranoid_exit()
+
+From: Ingo Molnar <mingo@kernel.org>
+
+commit e48657573481a5dff7cfdc3d57005c80aa816500 upstream.
+
+Josh Poimboeuf noticed the following bug:
+
+ "The paranoid exit code only restores the saved CR3 when it switches back
+ to the user GS. However, even in the kernel GS case, it's possible that
+ it needs to restore a user CR3, if for example, the paranoid exception
+ occurred in the syscall exit path between SWITCH_TO_USER_CR3_STACK and
+ SWAPGS."
+
+Josh also confirmed via targeted testing that it's possible to hit this bug.
+
+Fix the bug by also restoring CR3 in the paranoid_exit_no_swapgs branch.
+
+The reason we haven't seen this bug reported by users yet is probably because
+"paranoid" entry points are limited to the following cases:
+
+ idtentry double_fault do_double_fault has_error_code=1 paranoid=2
+ idtentry debug do_debug has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
+ idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
+ idtentry machine_check do_mce has_error_code=0 paranoid=1
+
+Amongst those entry points only machine_check is one that will interrupt an
+IRQS-off critical section asynchronously - and machine check events are rare.
+
+The other main asynchronous entries are NMI entries, which can be very high-freq
+with perf profiling, but they are special: they don't use the 'idtentry' macro but
+are open coded and restore user CR3 unconditionally so don't have this bug.
+
+Reported-and-tested-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Reviewed-by: Andy Lutomirski <luto@kernel.org>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Dan Williams <dan.j.williams@intel.com>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lkml.kernel.org/r/20180214073910.boevmg65upbk3vqb@gmail.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/entry_64.S | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -1162,6 +1162,7 @@ ENTRY(paranoid_exit)
+ jmp .Lparanoid_exit_restore
+ .Lparanoid_exit_no_swapgs:
+ TRACE_IRQS_IRETQ_DEBUG
++ RESTORE_CR3 scratch_reg=%rbx save_reg=%r14
+ .Lparanoid_exit_restore:
+ jmp restore_regs_and_return_to_kernel
+ END(paranoid_exit)
--- /dev/null
+From b3ccefaed922529e6a67de7b30af5aa38c76ace9 Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Mon, 12 Feb 2018 11:45:03 -0600
+Subject: x86/entry/64: Fix paranoid_entry() frame pointer warning
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+commit b3ccefaed922529e6a67de7b30af5aa38c76ace9 upstream.
+
+With the following commit:
+
+ f09d160992d1 ("x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros")
+
+... one of my suggested improvements triggered a frame pointer warning:
+
+ arch/x86/entry/entry_64.o: warning: objtool: paranoid_entry()+0x11: call without frame pointer save/setup
+
+The warning is correct for the build-time code, but it's actually not
+relevant at runtime because of paravirt patching. The paravirt swapgs
+call gets replaced with either a SWAPGS instruction or NOPs at runtime.
+
+Go back to the previous behavior by removing the ELF function annotation
+for paranoid_entry() and adding an unwind hint, which effectively
+silences the warning.
+
+Reported-by: kbuild test robot <fengguang.wu@intel.com>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: kbuild-all@01.org
+Cc: tipbuild@zytor.com
+Fixes: f09d160992d1 ("x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros")
+Link: http://lkml.kernel.org/r/20180212174503.5acbymg5z6p32snu@treble
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/entry_64.S | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -1122,6 +1122,7 @@ idtentry machine_check do_mce has_err
+ * Return: ebx=0: need swapgs on exit, ebx=1: otherwise
+ */
+ ENTRY(paranoid_entry)
++ UNWIND_HINT_FUNC
+ cld
+ movl $1, %ebx
+ movl $MSR_GS_BASE, %ecx
+@@ -1135,7 +1136,7 @@ ENTRY(paranoid_entry)
+ SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14
+
+ ret
+-ENDPROC(paranoid_entry)
++END(paranoid_entry)
+
+ /*
+ * "Paranoid" exit path from exception stack. This is invoked
--- /dev/null
+From dde3036d62ba3375840b10ab9ec0d568fd773b07 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:47 +0100
+Subject: x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit dde3036d62ba3375840b10ab9ec0d568fd773b07 upstream.
+
+Previously, error_entry() and paranoid_entry() saved the GP registers
+onto stack space previously allocated by its callers. Combine these two
+steps in the callers, and use the generic PUSH_AND_CLEAR_REGS macro
+for that.
+
+This adds a significant amount ot text size. However, Ingo Molnar points
+out that:
+
+ "these numbers also _very_ significantly over-represent the
+ extra footprint. The assumptions that resulted in
+ us compressing the IRQ entry code have changed very
+ significantly with the new x86 IRQ allocation code we
+ introduced in the last year:
+
+ - IRQ vectors are usually populated in tightly clustered
+ groups.
+
+ With our new vector allocator code the typical per CPU
+ allocation percentage on x86 systems is ~3 device vectors
+ and ~10 fixed vectors out of ~220 vectors - i.e. a very
+ low ~6% utilization (!). [...]
+
+ The days where we allocated a lot of vectors on every
+ CPU and the compression of the IRQ entry code text
+ mattered are over.
+
+ - Another issue is that only a small minority of vectors
+ is frequent enough to actually matter to cache utilization
+ in practice: 3-4 key IPIs and 1-2 device IRQs at most - and
+ those vectors tend to be tightly clustered as well into about
+ two groups, and are probably already on 2-3 cache lines in
+ practice.
+
+ For the common case of 'cache cold' IRQs it's the depth of
+ the call chain and the fragmentation of the resulting I$
+ that should be the main performance limit - not the overall
+ size of it.
+
+ - The CPU side cost of IRQ delivery is still very expensive
+ even in the best, most cached case, as in 'over a thousand
+ cycles'. So much stuff is done that maybe contemporary x86
+ IRQ entry microcode already prefetches the IDT entry and its
+ expected call target address."[*]
+
+[*] http://lkml.kernel.org/r/20180208094710.qnjixhm6hybebdv7@gmail.com
+
+The "testb $3, CS(%rsp)" instruction in the idtentry macro does not need
+modification. Previously, %rsp was manually decreased by 15*8; with
+this patch, %rsp is decreased by 15 pushq instructions.
+
+[jpoimboe@redhat.com: unwind hint improvements]
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-7-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 42 +-----------------------------------------
+ arch/x86/entry/entry_64.S | 20 +++++++++-----------
+ 2 files changed, 10 insertions(+), 52 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -97,46 +97,6 @@ For 32-bit we have the following convent
+
+ #define SIZEOF_PTREGS 21*8
+
+- .macro ALLOC_PT_GPREGS_ON_STACK
+- addq $-(15*8), %rsp
+- .endm
+-
+- .macro SAVE_AND_CLEAR_REGS offset=0
+- /*
+- * Save registers and sanitize registers of values that a
+- * speculation attack might otherwise want to exploit. The
+- * lower registers are likely clobbered well before they
+- * could be put to use in a speculative execution gadget.
+- * Interleave XOR with PUSH for better uop scheduling:
+- */
+- movq %rdi, 14*8+\offset(%rsp)
+- movq %rsi, 13*8+\offset(%rsp)
+- movq %rdx, 12*8+\offset(%rsp)
+- movq %rcx, 11*8+\offset(%rsp)
+- movq %rax, 10*8+\offset(%rsp)
+- movq %r8, 9*8+\offset(%rsp)
+- xorq %r8, %r8 /* nospec r8 */
+- movq %r9, 8*8+\offset(%rsp)
+- xorq %r9, %r9 /* nospec r9 */
+- movq %r10, 7*8+\offset(%rsp)
+- xorq %r10, %r10 /* nospec r10 */
+- movq %r11, 6*8+\offset(%rsp)
+- xorq %r11, %r11 /* nospec r11 */
+- movq %rbx, 5*8+\offset(%rsp)
+- xorl %ebx, %ebx /* nospec rbx */
+- movq %rbp, 4*8+\offset(%rsp)
+- xorl %ebp, %ebp /* nospec rbp */
+- movq %r12, 3*8+\offset(%rsp)
+- xorq %r12, %r12 /* nospec r12 */
+- movq %r13, 2*8+\offset(%rsp)
+- xorq %r13, %r13 /* nospec r13 */
+- movq %r14, 1*8+\offset(%rsp)
+- xorq %r14, %r14 /* nospec r14 */
+- movq %r15, 0*8+\offset(%rsp)
+- xorq %r15, %r15 /* nospec r15 */
+- UNWIND_HINT_REGS offset=\offset
+- .endm
+-
+ .macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax
+ /*
+ * Push registers and sanitize registers of values that a
+@@ -211,7 +171,7 @@ For 32-bit we have the following convent
+ * is just setting the LSB, which makes it an invalid stack address and is also
+ * a signal to the unwinder that it's a pt_regs pointer in disguise.
+ *
+- * NOTE: This macro must be used *after* SAVE_AND_CLEAR_REGS because it corrupts
++ * NOTE: This macro must be used *after* PUSH_AND_CLEAR_REGS because it corrupts
+ * the original rbp.
+ */
+ .macro ENCODE_FRAME_POINTER ptregs_offset=0
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -867,7 +867,9 @@ ENTRY(\sym)
+ pushq $-1 /* ORIG_RAX: no syscall to restart */
+ .endif
+
+- ALLOC_PT_GPREGS_ON_STACK
++ /* Save all registers in pt_regs */
++ PUSH_AND_CLEAR_REGS
++ ENCODE_FRAME_POINTER
+
+ .if \paranoid < 2
+ testb $3, CS(%rsp) /* If coming from userspace, switch stacks */
+@@ -1115,15 +1117,12 @@ idtentry machine_check do_mce has_err
+ #endif
+
+ /*
+- * Save all registers in pt_regs, and switch gs if needed.
++ * Switch gs if needed.
+ * Use slow, but surefire "are we in kernel?" check.
+ * Return: ebx=0: need swapgs on exit, ebx=1: otherwise
+ */
+ ENTRY(paranoid_entry)
+- UNWIND_HINT_FUNC
+ cld
+- SAVE_AND_CLEAR_REGS 8
+- ENCODE_FRAME_POINTER 8
+ movl $1, %ebx
+ movl $MSR_GS_BASE, %ecx
+ rdmsr
+@@ -1136,7 +1135,7 @@ ENTRY(paranoid_entry)
+ SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14
+
+ ret
+-END(paranoid_entry)
++ENDPROC(paranoid_entry)
+
+ /*
+ * "Paranoid" exit path from exception stack. This is invoked
+@@ -1167,14 +1166,12 @@ ENTRY(paranoid_exit)
+ END(paranoid_exit)
+
+ /*
+- * Save all registers in pt_regs, and switch gs if needed.
++ * Switch gs if needed.
+ * Return: EBX=0: came from user mode; EBX=1: otherwise
+ */
+ ENTRY(error_entry)
+- UNWIND_HINT_FUNC
++ UNWIND_HINT_REGS offset=8
+ cld
+- SAVE_AND_CLEAR_REGS 8
+- ENCODE_FRAME_POINTER 8
+ testb $3, CS+8(%rsp)
+ jz .Lerror_kernelspace
+
+@@ -1565,7 +1562,8 @@ end_repeat_nmi:
+ * frame to point back to repeat_nmi.
+ */
+ pushq $-1 /* ORIG_RAX: no syscall to restart */
+- ALLOC_PT_GPREGS_ON_STACK
++ PUSH_AND_CLEAR_REGS
++ ENCODE_FRAME_POINTER
+
+ /*
+ * Use paranoid_entry to handle SWAPGS, but no need to use paranoid_exit
--- /dev/null
+From 92816f571af81e9a71cc6f3dc8ce1e2fcdf7b6b8 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:48 +0100
+Subject: x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 92816f571af81e9a71cc6f3dc8ce1e2fcdf7b6b8 upstream.
+
+... same as the other macros in arch/x86/entry/calling.h
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-8-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -97,7 +97,7 @@ For 32-bit we have the following convent
+
+ #define SIZEOF_PTREGS 21*8
+
+- .macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax
++.macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax
+ /*
+ * Push registers and sanitize registers of values that a
+ * speculation attack might otherwise want to exploit. The
+@@ -131,9 +131,9 @@ For 32-bit we have the following convent
+ pushq %r15 /* pt_regs->r15 */
+ xorq %r15, %r15 /* nospec r15*/
+ UNWIND_HINT_REGS
+- .endm
++.endm
+
+- .macro POP_REGS pop_rdi=1 skip_r11rcx=0
++.macro POP_REGS pop_rdi=1 skip_r11rcx=0
+ popq %r15
+ popq %r14
+ popq %r13
+@@ -163,7 +163,7 @@ For 32-bit we have the following convent
+
+ .macro icebp
+ .byte 0xf1
+- .endm
++.endm
+
+ /*
+ * This is a sneaky trick to help the unwinder find pt_regs on the stack. The
--- /dev/null
+From f7bafa2b05ef25eda1d9179fd930b0330cf2b7d1 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:44 +0100
+Subject: x86/entry/64: Interleave XOR register clearing with PUSH instructions
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit f7bafa2b05ef25eda1d9179fd930b0330cf2b7d1 upstream.
+
+Same as is done for syscalls, interleave XOR with PUSH instructions
+for exceptions/interrupts, in order to minimize the cost of the
+additional instructions required for register clearing.
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-4-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 40 +++++++++++++++++++---------------------
+ arch/x86/entry/entry_64.S | 30 +++++++++++++++++++++---------
+ 2 files changed, 40 insertions(+), 30 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -101,44 +101,42 @@ For 32-bit we have the following convent
+ addq $-(15*8), %rsp
+ .endm
+
+- .macro SAVE_REGS offset=0
++ .macro SAVE_AND_CLEAR_REGS offset=0
++ /*
++ * Save registers and sanitize registers of values that a
++ * speculation attack might otherwise want to exploit. The
++ * lower registers are likely clobbered well before they
++ * could be put to use in a speculative execution gadget.
++ * Interleave XOR with PUSH for better uop scheduling:
++ */
+ movq %rdi, 14*8+\offset(%rsp)
+ movq %rsi, 13*8+\offset(%rsp)
+ movq %rdx, 12*8+\offset(%rsp)
+ movq %rcx, 11*8+\offset(%rsp)
+ movq %rax, 10*8+\offset(%rsp)
+ movq %r8, 9*8+\offset(%rsp)
++ xorq %r8, %r8 /* nospec r8 */
+ movq %r9, 8*8+\offset(%rsp)
++ xorq %r9, %r9 /* nospec r9 */
+ movq %r10, 7*8+\offset(%rsp)
++ xorq %r10, %r10 /* nospec r10 */
+ movq %r11, 6*8+\offset(%rsp)
++ xorq %r11, %r11 /* nospec r11 */
+ movq %rbx, 5*8+\offset(%rsp)
++ xorl %ebx, %ebx /* nospec rbx */
+ movq %rbp, 4*8+\offset(%rsp)
++ xorl %ebp, %ebp /* nospec rbp */
+ movq %r12, 3*8+\offset(%rsp)
++ xorq %r12, %r12 /* nospec r12 */
+ movq %r13, 2*8+\offset(%rsp)
++ xorq %r13, %r13 /* nospec r13 */
+ movq %r14, 1*8+\offset(%rsp)
++ xorq %r14, %r14 /* nospec r14 */
+ movq %r15, 0*8+\offset(%rsp)
++ xorq %r15, %r15 /* nospec r15 */
+ UNWIND_HINT_REGS offset=\offset
+ .endm
+
+- /*
+- * Sanitize registers of values that a speculation attack
+- * might otherwise want to exploit. The lower registers are
+- * likely clobbered well before they could be put to use in
+- * a speculative execution gadget:
+- */
+- .macro CLEAR_REGS_NOSPEC
+- xorl %ebp, %ebp
+- xorl %ebx, %ebx
+- xorq %r8, %r8
+- xorq %r9, %r9
+- xorq %r10, %r10
+- xorq %r11, %r11
+- xorq %r12, %r12
+- xorq %r13, %r13
+- xorq %r14, %r14
+- xorq %r15, %r15
+- .endm
+-
+ .macro POP_REGS pop_rdi=1 skip_r11rcx=0
+ popq %r15
+ popq %r14
+@@ -177,7 +175,7 @@ For 32-bit we have the following convent
+ * is just setting the LSB, which makes it an invalid stack address and is also
+ * a signal to the unwinder that it's a pt_regs pointer in disguise.
+ *
+- * NOTE: This macro must be used *after* SAVE_REGS because it corrupts
++ * NOTE: This macro must be used *after* SAVE_AND_CLEAR_REGS because it corrupts
+ * the original rbp.
+ */
+ .macro ENCODE_FRAME_POINTER ptregs_offset=0
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -561,8 +561,7 @@ END(irq_entries_start)
+ 1:
+
+ ALLOC_PT_GPREGS_ON_STACK
+- SAVE_REGS
+- CLEAR_REGS_NOSPEC
++ SAVE_AND_CLEAR_REGS
+ ENCODE_FRAME_POINTER
+
+ testb $3, CS(%rsp)
+@@ -1108,8 +1107,7 @@ ENTRY(xen_failsafe_callback)
+ UNWIND_HINT_IRET_REGS
+ pushq $-1 /* orig_ax = -1 => not a system call */
+ ALLOC_PT_GPREGS_ON_STACK
+- SAVE_REGS
+- CLEAR_REGS_NOSPEC
++ SAVE_AND_CLEAR_REGS
+ ENCODE_FRAME_POINTER
+ jmp error_exit
+ END(xen_failsafe_callback)
+@@ -1153,8 +1151,7 @@ idtentry machine_check do_mce has_err
+ ENTRY(paranoid_entry)
+ UNWIND_HINT_FUNC
+ cld
+- SAVE_REGS 8
+- CLEAR_REGS_NOSPEC
++ SAVE_AND_CLEAR_REGS 8
+ ENCODE_FRAME_POINTER 8
+ movl $1, %ebx
+ movl $MSR_GS_BASE, %ecx
+@@ -1205,8 +1202,7 @@ END(paranoid_exit)
+ ENTRY(error_entry)
+ UNWIND_HINT_FUNC
+ cld
+- SAVE_REGS 8
+- CLEAR_REGS_NOSPEC
++ SAVE_AND_CLEAR_REGS 8
+ ENCODE_FRAME_POINTER 8
+ testb $3, CS+8(%rsp)
+ jz .Lerror_kernelspace
+@@ -1393,18 +1389,34 @@ ENTRY(nmi)
+ pushq (%rdx) /* pt_regs->dx */
+ pushq %rcx /* pt_regs->cx */
+ pushq %rax /* pt_regs->ax */
++ /*
++ * Sanitize registers of values that a speculation attack
++ * might otherwise want to exploit. The lower registers are
++ * likely clobbered well before they could be put to use in
++ * a speculative execution gadget. Interleave XOR with PUSH
++ * for better uop scheduling:
++ */
+ pushq %r8 /* pt_regs->r8 */
++ xorq %r8, %r8 /* nospec r8 */
+ pushq %r9 /* pt_regs->r9 */
++ xorq %r9, %r9 /* nospec r9 */
+ pushq %r10 /* pt_regs->r10 */
++ xorq %r10, %r10 /* nospec r10 */
+ pushq %r11 /* pt_regs->r11 */
++ xorq %r11, %r11 /* nospec r11*/
+ pushq %rbx /* pt_regs->rbx */
++ xorl %ebx, %ebx /* nospec rbx*/
+ pushq %rbp /* pt_regs->rbp */
++ xorl %ebp, %ebp /* nospec rbp*/
+ pushq %r12 /* pt_regs->r12 */
++ xorq %r12, %r12 /* nospec r12*/
+ pushq %r13 /* pt_regs->r13 */
++ xorq %r13, %r13 /* nospec r13*/
+ pushq %r14 /* pt_regs->r14 */
++ xorq %r14, %r14 /* nospec r14*/
+ pushq %r15 /* pt_regs->r15 */
++ xorq %r15, %r15 /* nospec r15*/
+ UNWIND_HINT_REGS
+- CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER
+
+ /*
--- /dev/null
+From 3f01daecd545e818098d84fd1ad43e19a508d705 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:45 +0100
+Subject: x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 3f01daecd545e818098d84fd1ad43e19a508d705 upstream.
+
+Those instances where ALLOC_PT_GPREGS_ON_STACK is called just before
+SAVE_AND_CLEAR_REGS can trivially be replaced by PUSH_AND_CLEAN_REGS.
+This macro uses PUSH instead of MOV and should therefore be faster, at
+least on newer CPUs.
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-5-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 36 ++++++++++++++++++++++++++++++++++++
+ arch/x86/entry/entry_64.S | 6 ++----
+ 2 files changed, 38 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -137,6 +137,42 @@ For 32-bit we have the following convent
+ UNWIND_HINT_REGS offset=\offset
+ .endm
+
++ .macro PUSH_AND_CLEAR_REGS
++ /*
++ * Push registers and sanitize registers of values that a
++ * speculation attack might otherwise want to exploit. The
++ * lower registers are likely clobbered well before they
++ * could be put to use in a speculative execution gadget.
++ * Interleave XOR with PUSH for better uop scheduling:
++ */
++ pushq %rdi /* pt_regs->di */
++ pushq %rsi /* pt_regs->si */
++ pushq %rdx /* pt_regs->dx */
++ pushq %rcx /* pt_regs->cx */
++ pushq %rax /* pt_regs->ax */
++ pushq %r8 /* pt_regs->r8 */
++ xorq %r8, %r8 /* nospec r8 */
++ pushq %r9 /* pt_regs->r9 */
++ xorq %r9, %r9 /* nospec r9 */
++ pushq %r10 /* pt_regs->r10 */
++ xorq %r10, %r10 /* nospec r10 */
++ pushq %r11 /* pt_regs->r11 */
++ xorq %r11, %r11 /* nospec r11*/
++ pushq %rbx /* pt_regs->rbx */
++ xorl %ebx, %ebx /* nospec rbx*/
++ pushq %rbp /* pt_regs->rbp */
++ xorl %ebp, %ebp /* nospec rbp*/
++ pushq %r12 /* pt_regs->r12 */
++ xorq %r12, %r12 /* nospec r12*/
++ pushq %r13 /* pt_regs->r13 */
++ xorq %r13, %r13 /* nospec r13*/
++ pushq %r14 /* pt_regs->r14 */
++ xorq %r14, %r14 /* nospec r14*/
++ pushq %r15 /* pt_regs->r15 */
++ xorq %r15, %r15 /* nospec r15*/
++ UNWIND_HINT_REGS
++ .endm
++
+ .macro POP_REGS pop_rdi=1 skip_r11rcx=0
+ popq %r15
+ popq %r14
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -560,8 +560,7 @@ END(irq_entries_start)
+ call switch_to_thread_stack
+ 1:
+
+- ALLOC_PT_GPREGS_ON_STACK
+- SAVE_AND_CLEAR_REGS
++ PUSH_AND_CLEAR_REGS
+ ENCODE_FRAME_POINTER
+
+ testb $3, CS(%rsp)
+@@ -1106,8 +1105,7 @@ ENTRY(xen_failsafe_callback)
+ addq $0x30, %rsp
+ UNWIND_HINT_IRET_REGS
+ pushq $-1 /* orig_ax = -1 => not a system call */
+- ALLOC_PT_GPREGS_ON_STACK
+- SAVE_AND_CLEAR_REGS
++ PUSH_AND_CLEAR_REGS
+ ENCODE_FRAME_POINTER
+ jmp error_exit
+ END(xen_failsafe_callback)
--- /dev/null
+From 2e3f0098bc45f710a2f4cbcc94b80a1fae7a99a1 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:42 +0100
+Subject: x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 2e3f0098bc45f710a2f4cbcc94b80a1fae7a99a1 upstream.
+
+All current code paths call SAVE_C_REGS and then immediately
+SAVE_EXTRA_REGS. Therefore, merge these two macros and order the MOV
+sequeneces properly.
+
+While at it, remove the macros to save all except specific registers,
+as these macros have been unused for a long time.
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-2-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 57 ++++++++++++----------------------------------
+ arch/x86/entry/entry_64.S | 12 +++------
+ 2 files changed, 19 insertions(+), 50 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -101,49 +101,22 @@ For 32-bit we have the following convent
+ addq $-(15*8), %rsp
+ .endm
+
+- .macro SAVE_C_REGS_HELPER offset=0 rax=1 rcx=1 r8910=1 r11=1
+- .if \r11
+- movq %r11, 6*8+\offset(%rsp)
+- .endif
+- .if \r8910
+- movq %r10, 7*8+\offset(%rsp)
+- movq %r9, 8*8+\offset(%rsp)
+- movq %r8, 9*8+\offset(%rsp)
+- .endif
+- .if \rax
+- movq %rax, 10*8+\offset(%rsp)
+- .endif
+- .if \rcx
+- movq %rcx, 11*8+\offset(%rsp)
+- .endif
+- movq %rdx, 12*8+\offset(%rsp)
+- movq %rsi, 13*8+\offset(%rsp)
++ .macro SAVE_REGS offset=0
+ movq %rdi, 14*8+\offset(%rsp)
+- UNWIND_HINT_REGS offset=\offset extra=0
+- .endm
+- .macro SAVE_C_REGS offset=0
+- SAVE_C_REGS_HELPER \offset, 1, 1, 1, 1
+- .endm
+- .macro SAVE_C_REGS_EXCEPT_RAX_RCX offset=0
+- SAVE_C_REGS_HELPER \offset, 0, 0, 1, 1
+- .endm
+- .macro SAVE_C_REGS_EXCEPT_R891011
+- SAVE_C_REGS_HELPER 0, 1, 1, 0, 0
+- .endm
+- .macro SAVE_C_REGS_EXCEPT_RCX_R891011
+- SAVE_C_REGS_HELPER 0, 1, 0, 0, 0
+- .endm
+- .macro SAVE_C_REGS_EXCEPT_RAX_RCX_R11
+- SAVE_C_REGS_HELPER 0, 0, 0, 1, 0
+- .endm
+-
+- .macro SAVE_EXTRA_REGS offset=0
+- movq %r15, 0*8+\offset(%rsp)
+- movq %r14, 1*8+\offset(%rsp)
+- movq %r13, 2*8+\offset(%rsp)
+- movq %r12, 3*8+\offset(%rsp)
+- movq %rbp, 4*8+\offset(%rsp)
++ movq %rsi, 13*8+\offset(%rsp)
++ movq %rdx, 12*8+\offset(%rsp)
++ movq %rcx, 11*8+\offset(%rsp)
++ movq %rax, 10*8+\offset(%rsp)
++ movq %r8, 9*8+\offset(%rsp)
++ movq %r9, 8*8+\offset(%rsp)
++ movq %r10, 7*8+\offset(%rsp)
++ movq %r11, 6*8+\offset(%rsp)
+ movq %rbx, 5*8+\offset(%rsp)
++ movq %rbp, 4*8+\offset(%rsp)
++ movq %r12, 3*8+\offset(%rsp)
++ movq %r13, 2*8+\offset(%rsp)
++ movq %r14, 1*8+\offset(%rsp)
++ movq %r15, 0*8+\offset(%rsp)
+ UNWIND_HINT_REGS offset=\offset
+ .endm
+
+@@ -197,7 +170,7 @@ For 32-bit we have the following convent
+ * is just setting the LSB, which makes it an invalid stack address and is also
+ * a signal to the unwinder that it's a pt_regs pointer in disguise.
+ *
+- * NOTE: This macro must be used *after* SAVE_EXTRA_REGS because it corrupts
++ * NOTE: This macro must be used *after* SAVE_REGS because it corrupts
+ * the original rbp.
+ */
+ .macro ENCODE_FRAME_POINTER ptregs_offset=0
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -569,8 +569,7 @@ END(irq_entries_start)
+ 1:
+
+ ALLOC_PT_GPREGS_ON_STACK
+- SAVE_C_REGS
+- SAVE_EXTRA_REGS
++ SAVE_REGS
+ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER
+
+@@ -1126,8 +1125,7 @@ ENTRY(xen_failsafe_callback)
+ UNWIND_HINT_IRET_REGS
+ pushq $-1 /* orig_ax = -1 => not a system call */
+ ALLOC_PT_GPREGS_ON_STACK
+- SAVE_C_REGS
+- SAVE_EXTRA_REGS
++ SAVE_REGS
+ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER
+ jmp error_exit
+@@ -1172,8 +1170,7 @@ idtentry machine_check do_mce has_err
+ ENTRY(paranoid_entry)
+ UNWIND_HINT_FUNC
+ cld
+- SAVE_C_REGS 8
+- SAVE_EXTRA_REGS 8
++ SAVE_REGS 8
+ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER 8
+ movl $1, %ebx
+@@ -1225,8 +1222,7 @@ END(paranoid_exit)
+ ENTRY(error_entry)
+ UNWIND_HINT_FUNC
+ cld
+- SAVE_C_REGS 8
+- SAVE_EXTRA_REGS 8
++ SAVE_REGS 8
+ CLEAR_REGS_NOSPEC
+ ENCODE_FRAME_POINTER 8
+ testb $3, CS+8(%rsp)
--- /dev/null
+From 502af0d70843c2a9405d7ba1f79b4b0305aaf5f5 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:43 +0100
+Subject: x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 502af0d70843c2a9405d7ba1f79b4b0305aaf5f5 upstream.
+
+The two special, opencoded cases for POP_C_REGS can be handled by ASM
+macros.
+
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-3-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 15 +++++++++++----
+ arch/x86/entry/entry_64.S | 26 ++++----------------------
+ 2 files changed, 15 insertions(+), 26 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -139,25 +139,32 @@ For 32-bit we have the following convent
+ xorq %r15, %r15
+ .endm
+
+- .macro POP_EXTRA_REGS
++ .macro POP_REGS pop_rdi=1 skip_r11rcx=0
+ popq %r15
+ popq %r14
+ popq %r13
+ popq %r12
+ popq %rbp
+ popq %rbx
+- .endm
+-
+- .macro POP_C_REGS
++ .if \skip_r11rcx
++ popq %rsi
++ .else
+ popq %r11
++ .endif
+ popq %r10
+ popq %r9
+ popq %r8
+ popq %rax
++ .if \skip_r11rcx
++ popq %rsi
++ .else
+ popq %rcx
++ .endif
+ popq %rdx
+ popq %rsi
++ .if \pop_rdi
+ popq %rdi
++ .endif
+ .endm
+
+ .macro icebp
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -330,15 +330,7 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
+ syscall_return_via_sysret:
+ /* rcx and r11 are already restored (see code above) */
+ UNWIND_HINT_EMPTY
+- POP_EXTRA_REGS
+- popq %rsi /* skip r11 */
+- popq %r10
+- popq %r9
+- popq %r8
+- popq %rax
+- popq %rsi /* skip rcx */
+- popq %rdx
+- popq %rsi
++ POP_REGS pop_rdi=0 skip_r11rcx=1
+
+ /*
+ * Now all regs are restored except RSP and RDI.
+@@ -631,15 +623,7 @@ GLOBAL(swapgs_restore_regs_and_return_to
+ ud2
+ 1:
+ #endif
+- POP_EXTRA_REGS
+- popq %r11
+- popq %r10
+- popq %r9
+- popq %r8
+- popq %rax
+- popq %rcx
+- popq %rdx
+- popq %rsi
++ POP_REGS pop_rdi=0
+
+ /*
+ * The stack is now user RDI, orig_ax, RIP, CS, EFLAGS, RSP, SS.
+@@ -697,8 +681,7 @@ GLOBAL(restore_regs_and_return_to_kernel
+ ud2
+ 1:
+ #endif
+- POP_EXTRA_REGS
+- POP_C_REGS
++ POP_REGS
+ addq $8, %rsp /* skip regs->orig_ax */
+ INTERRUPT_RETURN
+
+@@ -1655,8 +1638,7 @@ end_repeat_nmi:
+ nmi_swapgs:
+ SWAPGS_UNSAFE_STACK
+ nmi_restore:
+- POP_EXTRA_REGS
+- POP_C_REGS
++ POP_REGS
+
+ /*
+ * Skip orig_ax and the "outermost" frame to point RSP at the "iret"
--- /dev/null
+From b498c261107461d5c42140dfddd05df83d8ca078 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Mon, 12 Feb 2018 21:13:18 +0100
+Subject: x86/entry/64: Remove the unused 'icebp' macro
+
+From: Borislav Petkov <bp@suse.de>
+
+commit b498c261107461d5c42140dfddd05df83d8ca078 upstream.
+
+That macro was touched around 2.5.8 times, judging by the full history
+linux repo, but it was unused even then. Get rid of it already.
+
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux@dominikbrodowski.net
+Link: http://lkml.kernel.org/r/20180212201318.GD14640@pd.tnic
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -159,10 +159,6 @@ For 32-bit we have the following convent
+ .if \pop_rdi
+ popq %rdi
+ .endif
+- .endm
+-
+- .macro icebp
+- .byte 0xf1
+ .endm
+
+ /*
--- /dev/null
+From 30907fd13bb593202574bb20af58d67c70a1ee14 Mon Sep 17 00:00:00 2001
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+Date: Sun, 11 Feb 2018 11:49:46 +0100
+Subject: x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
+
+From: Dominik Brodowski <linux@dominikbrodowski.net>
+
+commit 30907fd13bb593202574bb20af58d67c70a1ee14 upstream.
+
+entry_SYSCALL_64_after_hwframe() and nmi() can be converted to use
+PUSH_AND_CLEAN_REGS instead of opencoded variants thereof. Due to
+the interleaving, the additional XOR-based clearing of R8 and R9
+in entry_SYSCALL_64_after_hwframe() should not have any noticeable
+negative implications.
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dan.j.williams@intel.com
+Link: http://lkml.kernel.org/r/20180211104949.12992-6-linux@dominikbrodowski.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/calling.h | 6 ++--
+ arch/x86/entry/entry_64.S | 65 ++--------------------------------------------
+ 2 files changed, 6 insertions(+), 65 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -137,7 +137,7 @@ For 32-bit we have the following convent
+ UNWIND_HINT_REGS offset=\offset
+ .endm
+
+- .macro PUSH_AND_CLEAR_REGS
++ .macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax
+ /*
+ * Push registers and sanitize registers of values that a
+ * speculation attack might otherwise want to exploit. The
+@@ -147,9 +147,9 @@ For 32-bit we have the following convent
+ */
+ pushq %rdi /* pt_regs->di */
+ pushq %rsi /* pt_regs->si */
+- pushq %rdx /* pt_regs->dx */
++ pushq \rdx /* pt_regs->dx */
+ pushq %rcx /* pt_regs->cx */
+- pushq %rax /* pt_regs->ax */
++ pushq \rax /* pt_regs->ax */
+ pushq %r8 /* pt_regs->r8 */
+ xorq %r8, %r8 /* nospec r8 */
+ pushq %r9 /* pt_regs->r9 */
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -223,35 +223,8 @@ ENTRY(entry_SYSCALL_64)
+ pushq %rcx /* pt_regs->ip */
+ GLOBAL(entry_SYSCALL_64_after_hwframe)
+ pushq %rax /* pt_regs->orig_ax */
+- pushq %rdi /* pt_regs->di */
+- pushq %rsi /* pt_regs->si */
+- pushq %rdx /* pt_regs->dx */
+- pushq %rcx /* pt_regs->cx */
+- pushq $-ENOSYS /* pt_regs->ax */
+- pushq %r8 /* pt_regs->r8 */
+- pushq %r9 /* pt_regs->r9 */
+- pushq %r10 /* pt_regs->r10 */
+- /*
+- * Clear extra registers that a speculation attack might
+- * otherwise want to exploit. Interleave XOR with PUSH
+- * for better uop scheduling:
+- */
+- xorq %r10, %r10 /* nospec r10 */
+- pushq %r11 /* pt_regs->r11 */
+- xorq %r11, %r11 /* nospec r11 */
+- pushq %rbx /* pt_regs->rbx */
+- xorl %ebx, %ebx /* nospec rbx */
+- pushq %rbp /* pt_regs->rbp */
+- xorl %ebp, %ebp /* nospec rbp */
+- pushq %r12 /* pt_regs->r12 */
+- xorq %r12, %r12 /* nospec r12 */
+- pushq %r13 /* pt_regs->r13 */
+- xorq %r13, %r13 /* nospec r13 */
+- pushq %r14 /* pt_regs->r14 */
+- xorq %r14, %r14 /* nospec r14 */
+- pushq %r15 /* pt_regs->r15 */
+- xorq %r15, %r15 /* nospec r15 */
+- UNWIND_HINT_REGS
++
++ PUSH_AND_CLEAR_REGS rax=$-ENOSYS
+
+ TRACE_IRQS_OFF
+
+@@ -1382,39 +1355,7 @@ ENTRY(nmi)
+ pushq 1*8(%rdx) /* pt_regs->rip */
+ UNWIND_HINT_IRET_REGS
+ pushq $-1 /* pt_regs->orig_ax */
+- pushq %rdi /* pt_regs->di */
+- pushq %rsi /* pt_regs->si */
+- pushq (%rdx) /* pt_regs->dx */
+- pushq %rcx /* pt_regs->cx */
+- pushq %rax /* pt_regs->ax */
+- /*
+- * Sanitize registers of values that a speculation attack
+- * might otherwise want to exploit. The lower registers are
+- * likely clobbered well before they could be put to use in
+- * a speculative execution gadget. Interleave XOR with PUSH
+- * for better uop scheduling:
+- */
+- pushq %r8 /* pt_regs->r8 */
+- xorq %r8, %r8 /* nospec r8 */
+- pushq %r9 /* pt_regs->r9 */
+- xorq %r9, %r9 /* nospec r9 */
+- pushq %r10 /* pt_regs->r10 */
+- xorq %r10, %r10 /* nospec r10 */
+- pushq %r11 /* pt_regs->r11 */
+- xorq %r11, %r11 /* nospec r11*/
+- pushq %rbx /* pt_regs->rbx */
+- xorl %ebx, %ebx /* nospec rbx*/
+- pushq %rbp /* pt_regs->rbp */
+- xorl %ebp, %ebp /* nospec rbp*/
+- pushq %r12 /* pt_regs->r12 */
+- xorq %r12, %r12 /* nospec r12*/
+- pushq %r13 /* pt_regs->r13 */
+- xorq %r13, %r13 /* nospec r13*/
+- pushq %r14 /* pt_regs->r14 */
+- xorq %r14, %r14 /* nospec r14*/
+- pushq %r15 /* pt_regs->r15 */
+- xorq %r15, %r15 /* nospec r15*/
+- UNWIND_HINT_REGS
++ PUSH_AND_CLEAR_REGS rdx=(%rdx)
+ ENCODE_FRAME_POINTER
+
+ /*
--- /dev/null
+From 1299ef1d8870d2d9f09a5aadf2f8b2c887c2d033 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Wed, 31 Jan 2018 08:03:10 -0800
+Subject: x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 1299ef1d8870d2d9f09a5aadf2f8b2c887c2d033 upstream.
+
+flush_tlb_single() and flush_tlb_one() sound almost identical, but
+they really mean "flush one user translation" and "flush one kernel
+translation". Rename them to flush_tlb_one_user() and
+flush_tlb_one_kernel() to make the semantics more obvious.
+
+[ I was looking at some PTI-related code, and the flush-one-address code
+ is unnecessarily hard to understand because the names of the helpers are
+ uninformative. This came up during PTI review, but no one got around to
+ doing it. ]
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Eduardo Valentin <eduval@amazon.com>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Juergen Gross <jgross@suse.com>
+Cc: Kees Cook <keescook@google.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Linux-MM <linux-mm@kvack.org>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Will Deacon <will.deacon@arm.com>
+Link: http://lkml.kernel.org/r/3303b02e3c3d049dc5235d5651e0ae6d29a34354.1517414378.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/paravirt.h | 4 ++--
+ arch/x86/include/asm/paravirt_types.h | 2 +-
+ arch/x86/include/asm/pgtable_32.h | 2 +-
+ arch/x86/include/asm/tlbflush.h | 27 ++++++++++++++++++++-------
+ arch/x86/kernel/paravirt.c | 6 +++---
+ arch/x86/mm/init_64.c | 2 +-
+ arch/x86/mm/ioremap.c | 2 +-
+ arch/x86/mm/kmmio.c | 2 +-
+ arch/x86/mm/pgtable_32.c | 2 +-
+ arch/x86/mm/tlb.c | 6 +++---
+ arch/x86/platform/uv/tlb_uv.c | 2 +-
+ arch/x86/xen/mmu_pv.c | 6 +++---
+ include/trace/events/xen.h | 2 +-
+ 13 files changed, 39 insertions(+), 26 deletions(-)
+
+--- a/arch/x86/include/asm/paravirt.h
++++ b/arch/x86/include/asm/paravirt.h
+@@ -297,9 +297,9 @@ static inline void __flush_tlb_global(vo
+ {
+ PVOP_VCALL0(pv_mmu_ops.flush_tlb_kernel);
+ }
+-static inline void __flush_tlb_single(unsigned long addr)
++static inline void __flush_tlb_one_user(unsigned long addr)
+ {
+- PVOP_VCALL1(pv_mmu_ops.flush_tlb_single, addr);
++ PVOP_VCALL1(pv_mmu_ops.flush_tlb_one_user, addr);
+ }
+
+ static inline void flush_tlb_others(const struct cpumask *cpumask,
+--- a/arch/x86/include/asm/paravirt_types.h
++++ b/arch/x86/include/asm/paravirt_types.h
+@@ -217,7 +217,7 @@ struct pv_mmu_ops {
+ /* TLB operations */
+ void (*flush_tlb_user)(void);
+ void (*flush_tlb_kernel)(void);
+- void (*flush_tlb_single)(unsigned long addr);
++ void (*flush_tlb_one_user)(unsigned long addr);
+ void (*flush_tlb_others)(const struct cpumask *cpus,
+ const struct flush_tlb_info *info);
+
+--- a/arch/x86/include/asm/pgtable_32.h
++++ b/arch/x86/include/asm/pgtable_32.h
+@@ -61,7 +61,7 @@ void paging_init(void);
+ #define kpte_clear_flush(ptep, vaddr) \
+ do { \
+ pte_clear(&init_mm, (vaddr), (ptep)); \
+- __flush_tlb_one((vaddr)); \
++ __flush_tlb_one_kernel((vaddr)); \
+ } while (0)
+
+ #endif /* !__ASSEMBLY__ */
+--- a/arch/x86/include/asm/tlbflush.h
++++ b/arch/x86/include/asm/tlbflush.h
+@@ -140,7 +140,7 @@ static inline unsigned long build_cr3_no
+ #else
+ #define __flush_tlb() __native_flush_tlb()
+ #define __flush_tlb_global() __native_flush_tlb_global()
+-#define __flush_tlb_single(addr) __native_flush_tlb_single(addr)
++#define __flush_tlb_one_user(addr) __native_flush_tlb_one_user(addr)
+ #endif
+
+ static inline bool tlb_defer_switch_to_init_mm(void)
+@@ -397,7 +397,7 @@ static inline void __native_flush_tlb_gl
+ /*
+ * flush one page in the user mapping
+ */
+-static inline void __native_flush_tlb_single(unsigned long addr)
++static inline void __native_flush_tlb_one_user(unsigned long addr)
+ {
+ u32 loaded_mm_asid = this_cpu_read(cpu_tlbstate.loaded_mm_asid);
+
+@@ -434,18 +434,31 @@ static inline void __flush_tlb_all(void)
+ /*
+ * flush one page in the kernel mapping
+ */
+-static inline void __flush_tlb_one(unsigned long addr)
++static inline void __flush_tlb_one_kernel(unsigned long addr)
+ {
+ count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
+- __flush_tlb_single(addr);
++
++ /*
++ * If PTI is off, then __flush_tlb_one_user() is just INVLPG or its
++ * paravirt equivalent. Even with PCID, this is sufficient: we only
++ * use PCID if we also use global PTEs for the kernel mapping, and
++ * INVLPG flushes global translations across all address spaces.
++ *
++ * If PTI is on, then the kernel is mapped with non-global PTEs, and
++ * __flush_tlb_one_user() will flush the given address for the current
++ * kernel address space and for its usermode counterpart, but it does
++ * not flush it for other address spaces.
++ */
++ __flush_tlb_one_user(addr);
+
+ if (!static_cpu_has(X86_FEATURE_PTI))
+ return;
+
+ /*
+- * __flush_tlb_single() will have cleared the TLB entry for this ASID,
+- * but since kernel space is replicated across all, we must also
+- * invalidate all others.
++ * See above. We need to propagate the flush to all other address
++ * spaces. In principle, we only need to propagate it to kernelmode
++ * address spaces, but the extra bookkeeping we would need is not
++ * worth it.
+ */
+ invalidate_other_asid();
+ }
+--- a/arch/x86/kernel/paravirt.c
++++ b/arch/x86/kernel/paravirt.c
+@@ -190,9 +190,9 @@ static void native_flush_tlb_global(void
+ __native_flush_tlb_global();
+ }
+
+-static void native_flush_tlb_single(unsigned long addr)
++static void native_flush_tlb_one_user(unsigned long addr)
+ {
+- __native_flush_tlb_single(addr);
++ __native_flush_tlb_one_user(addr);
+ }
+
+ struct static_key paravirt_steal_enabled;
+@@ -391,7 +391,7 @@ struct pv_mmu_ops pv_mmu_ops __ro_after_
+
+ .flush_tlb_user = native_flush_tlb,
+ .flush_tlb_kernel = native_flush_tlb_global,
+- .flush_tlb_single = native_flush_tlb_single,
++ .flush_tlb_one_user = native_flush_tlb_one_user,
+ .flush_tlb_others = native_flush_tlb_others,
+
+ .pgd_alloc = __paravirt_pgd_alloc,
+--- a/arch/x86/mm/init_64.c
++++ b/arch/x86/mm/init_64.c
+@@ -256,7 +256,7 @@ static void __set_pte_vaddr(pud_t *pud,
+ * It's enough to flush this one mapping.
+ * (PGE mappings get flushed as well)
+ */
+- __flush_tlb_one(vaddr);
++ __flush_tlb_one_kernel(vaddr);
+ }
+
+ void set_pte_vaddr_p4d(p4d_t *p4d_page, unsigned long vaddr, pte_t new_pte)
+--- a/arch/x86/mm/ioremap.c
++++ b/arch/x86/mm/ioremap.c
+@@ -749,5 +749,5 @@ void __init __early_set_fixmap(enum fixe
+ set_pte(pte, pfn_pte(phys >> PAGE_SHIFT, flags));
+ else
+ pte_clear(&init_mm, addr, pte);
+- __flush_tlb_one(addr);
++ __flush_tlb_one_kernel(addr);
+ }
+--- a/arch/x86/mm/kmmio.c
++++ b/arch/x86/mm/kmmio.c
+@@ -168,7 +168,7 @@ static int clear_page_presence(struct km
+ return -1;
+ }
+
+- __flush_tlb_one(f->addr);
++ __flush_tlb_one_kernel(f->addr);
+ return 0;
+ }
+
+--- a/arch/x86/mm/pgtable_32.c
++++ b/arch/x86/mm/pgtable_32.c
+@@ -63,7 +63,7 @@ void set_pte_vaddr(unsigned long vaddr,
+ * It's enough to flush this one mapping.
+ * (PGE mappings get flushed as well)
+ */
+- __flush_tlb_one(vaddr);
++ __flush_tlb_one_kernel(vaddr);
+ }
+
+ unsigned long __FIXADDR_TOP = 0xfffff000;
+--- a/arch/x86/mm/tlb.c
++++ b/arch/x86/mm/tlb.c
+@@ -492,7 +492,7 @@ static void flush_tlb_func_common(const
+ * flush that changes context.tlb_gen from 2 to 3. If they get
+ * processed on this CPU in reverse order, we'll see
+ * local_tlb_gen == 1, mm_tlb_gen == 3, and end != TLB_FLUSH_ALL.
+- * If we were to use __flush_tlb_single() and set local_tlb_gen to
++ * If we were to use __flush_tlb_one_user() and set local_tlb_gen to
+ * 3, we'd be break the invariant: we'd update local_tlb_gen above
+ * 1 without the full flush that's needed for tlb_gen 2.
+ *
+@@ -513,7 +513,7 @@ static void flush_tlb_func_common(const
+
+ addr = f->start;
+ while (addr < f->end) {
+- __flush_tlb_single(addr);
++ __flush_tlb_one_user(addr);
+ addr += PAGE_SIZE;
+ }
+ if (local)
+@@ -660,7 +660,7 @@ static void do_kernel_range_flush(void *
+
+ /* flush range by one by one 'invlpg' */
+ for (addr = f->start; addr < f->end; addr += PAGE_SIZE)
+- __flush_tlb_one(addr);
++ __flush_tlb_one_kernel(addr);
+ }
+
+ void flush_tlb_kernel_range(unsigned long start, unsigned long end)
+--- a/arch/x86/platform/uv/tlb_uv.c
++++ b/arch/x86/platform/uv/tlb_uv.c
+@@ -299,7 +299,7 @@ static void bau_process_message(struct m
+ local_flush_tlb();
+ stat->d_alltlb++;
+ } else {
+- __flush_tlb_single(msg->address);
++ __flush_tlb_one_user(msg->address);
+ stat->d_onetlb++;
+ }
+ stat->d_requestee++;
+--- a/arch/x86/xen/mmu_pv.c
++++ b/arch/x86/xen/mmu_pv.c
+@@ -1300,12 +1300,12 @@ static void xen_flush_tlb(void)
+ preempt_enable();
+ }
+
+-static void xen_flush_tlb_single(unsigned long addr)
++static void xen_flush_tlb_one_user(unsigned long addr)
+ {
+ struct mmuext_op *op;
+ struct multicall_space mcs;
+
+- trace_xen_mmu_flush_tlb_single(addr);
++ trace_xen_mmu_flush_tlb_one_user(addr);
+
+ preempt_disable();
+
+@@ -2360,7 +2360,7 @@ static const struct pv_mmu_ops xen_mmu_o
+
+ .flush_tlb_user = xen_flush_tlb,
+ .flush_tlb_kernel = xen_flush_tlb,
+- .flush_tlb_single = xen_flush_tlb_single,
++ .flush_tlb_one_user = xen_flush_tlb_one_user,
+ .flush_tlb_others = xen_flush_tlb_others,
+
+ .pgd_alloc = xen_pgd_alloc,
+--- a/include/trace/events/xen.h
++++ b/include/trace/events/xen.h
+@@ -365,7 +365,7 @@ TRACE_EVENT(xen_mmu_flush_tlb,
+ TP_printk("%s", "")
+ );
+
+-TRACE_EVENT(xen_mmu_flush_tlb_single,
++TRACE_EVENT(xen_mmu_flush_tlb_one_user,
+ TP_PROTO(unsigned long addr),
+ TP_ARGS(addr),
+ TP_STRUCT__entry(
--- /dev/null
+From 9de29eac8d2189424d81c0d840cd0469aa3d41c8 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 14 Feb 2018 10:14:17 +0300
+Subject: x86/spectre: Fix an error message
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 9de29eac8d2189424d81c0d840cd0469aa3d41c8 upstream.
+
+If i == ARRAY_SIZE(mitigation_options) then we accidentally print
+garbage from one space beyond the end of the mitigation_options[] array.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: KarimAllah Ahmed <karahmed@amazon.de>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: kernel-janitors@vger.kernel.org
+Fixes: 9005c6834c0f ("x86/spectre: Simplify spectre_v2 command line parsing")
+Link: http://lkml.kernel.org/r/20180214071416.GA26677@mwanda
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/bugs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -174,7 +174,7 @@ static enum spectre_v2_mitigation_cmd __
+ }
+
+ if (i >= ARRAY_SIZE(mitigation_options)) {
+- pr_err("unknown option (%s). Switching to AUTO select\n", mitigation_options[i].option);
++ pr_err("unknown option (%s). Switching to AUTO select\n", arg);
+ return SPECTRE_V2_CMD_AUTO;
+ }
+ }
--- /dev/null
+From ea00f301285ea2f07393678cd2b6057878320c9d Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Tue, 13 Feb 2018 14:28:19 +0100
+Subject: x86/speculation: Add <asm/msr-index.h> dependency
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit ea00f301285ea2f07393678cd2b6057878320c9d upstream.
+
+Joe Konno reported a compile failure resulting from using an MSR
+without inclusion of <asm/msr-index.h>, and while the current code builds
+fine (by accident) this needs fixing for future patches.
+
+Reported-by: Joe Konno <joe.konno@linux.intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: arjan@linux.intel.com
+Cc: bp@alien8.de
+Cc: dan.j.williams@intel.com
+Cc: dave.hansen@linux.intel.com
+Cc: dwmw2@infradead.org
+Cc: dwmw@amazon.co.uk
+Cc: gregkh@linuxfoundation.org
+Cc: hpa@zytor.com
+Cc: jpoimboe@redhat.com
+Cc: linux-tip-commits@vger.kernel.org
+Cc: luto@kernel.org
+Fixes: 20ffa1caecca ("x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support")
+Link: http://lkml.kernel.org/r/20180213132819.GJ25201@hirez.programming.kicks-ass.net
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/nospec-branch.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -6,6 +6,7 @@
+ #include <asm/alternative.h>
+ #include <asm/alternative-asm.h>
+ #include <asm/cpufeatures.h>
++#include <asm/msr-index.h>
+
+ #ifdef __ASSEMBLY__
+
--- /dev/null
+From be3233fbfcb8f5acb6e3bcd0895c3ef9e100d470 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Tue, 6 Feb 2018 18:22:40 -0800
+Subject: x86/speculation: Fix up array_index_nospec_mask() asm constraint
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit be3233fbfcb8f5acb6e3bcd0895c3ef9e100d470 upstream.
+
+Allow the compiler to handle @size as an immediate value or memory
+directly rather than allocating a register.
+
+Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/151797010204.1289.1510000292250184993.stgit@dwillia2-desk3.amr.corp.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/barrier.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/barrier.h
++++ b/arch/x86/include/asm/barrier.h
+@@ -40,7 +40,7 @@ static inline unsigned long array_index_
+
+ asm ("cmp %1,%2; sbb %0,%0;"
+ :"=r" (mask)
+- :"r"(size),"r" (index)
++ :"g"(size),"r" (index)
+ :"cc");
+ return mask;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
