--- /dev/null
+From 5ce0bad4ccd04c8a989e94d3c89e4e796ac22e48 Mon Sep 17 00:00:00 2001
+From: Daniel Schultz <d.schultz@phytec.de>
+Date: Tue, 13 Feb 2018 10:44:32 +0100
+Subject: ARM: dts: rockchip: Remove 1.8 GHz operation point from phycore som
+
+From: Daniel Schultz <d.schultz@phytec.de>
+
+commit 5ce0bad4ccd04c8a989e94d3c89e4e796ac22e48 upstream.
+
+Rockchip recommends to run the CPU cores only with operations points of
+1.6 GHz or lower.
+
+Removed the cpu0 node with too high operation points and use the default
+values instead.
+
+Fixes: 903d31e34628 ("ARM: dts: rockchip: Add support for phyCORE-RK3288 SoM")
+Cc: stable@vger.kernel.org
+Signed-off-by: Daniel Schultz <d.schultz@phytec.de>
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/boot/dts/rk3288-phycore-som.dtsi | 20 --------------------
+ 1 file changed, 20 deletions(-)
+
+--- a/arch/arm/boot/dts/rk3288-phycore-som.dtsi
++++ b/arch/arm/boot/dts/rk3288-phycore-som.dtsi
+@@ -110,26 +110,6 @@
+ };
+ };
+
+-&cpu0 {
+- cpu0-supply = <&vdd_cpu>;
+- operating-points = <
+- /* KHz uV */
+- 1800000 1400000
+- 1608000 1350000
+- 1512000 1300000
+- 1416000 1200000
+- 1200000 1100000
+- 1008000 1050000
+- 816000 1000000
+- 696000 950000
+- 600000 900000
+- 408000 900000
+- 312000 900000
+- 216000 900000
+- 126000 900000
+- >;
+-};
+-
+ &emmc {
+ status = "okay";
+ bus-width = <8>;
--- /dev/null
+From 67870eb1204223598ea6d8a4467b482e9f5875b5 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 2 Feb 2018 16:07:34 +0100
+Subject: ARM: kvm: fix building with gcc-8
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 67870eb1204223598ea6d8a4467b482e9f5875b5 upstream.
+
+In banked-sr.c, we use a top-level '__asm__(".arch_extension virt")'
+statement to allow compilation of a multi-CPU kernel for ARMv6
+and older ARMv7-A that don't normally support access to the banked
+registers.
+
+This is considered to be a programming error by the gcc developers
+and will no longer work in gcc-8, where we now get a build error:
+
+/tmp/cc4Qy7GR.s:34: Error: Banked registers are not available with this architecture. -- `mrs r3,SP_usr'
+/tmp/cc4Qy7GR.s:41: Error: Banked registers are not available with this architecture. -- `mrs r3,ELR_hyp'
+/tmp/cc4Qy7GR.s:55: Error: Banked registers are not available with this architecture. -- `mrs r3,SP_svc'
+/tmp/cc4Qy7GR.s:62: Error: Banked registers are not available with this architecture. -- `mrs r3,LR_svc'
+/tmp/cc4Qy7GR.s:69: Error: Banked registers are not available with this architecture. -- `mrs r3,SPSR_svc'
+/tmp/cc4Qy7GR.s:76: Error: Banked registers are not available with this architecture. -- `mrs r3,SP_abt'
+
+Passign the '-march-armv7ve' flag to gcc works, and is ok here, because
+we know the functions won't ever be called on pre-ARMv7VE machines.
+Unfortunately, older compiler versions (4.8 and earlier) do not understand
+that flag, so we still need to keep the asm around.
+
+Backporting to stable kernels (4.6+) is needed to allow those to be built
+with future compilers as well.
+
+Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84129
+Fixes: 33280b4cd1dc ("ARM: KVM: Add banked registers save/restore")
+Cc: stable@vger.kernel.org
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/hyp/Makefile | 5 +++++
+ arch/arm/kvm/hyp/banked-sr.c | 4 ++++
+ 2 files changed, 9 insertions(+)
+
+--- a/arch/arm/kvm/hyp/Makefile
++++ b/arch/arm/kvm/hyp/Makefile
+@@ -7,6 +7,8 @@ ccflags-y += -fno-stack-protector -DDISA
+
+ KVM=../../../../virt/kvm
+
++CFLAGS_ARMV7VE :=$(call cc-option, -march=armv7ve)
++
+ obj-$(CONFIG_KVM_ARM_HOST) += $(KVM)/arm/hyp/vgic-v2-sr.o
+ obj-$(CONFIG_KVM_ARM_HOST) += $(KVM)/arm/hyp/vgic-v3-sr.o
+ obj-$(CONFIG_KVM_ARM_HOST) += $(KVM)/arm/hyp/timer-sr.o
+@@ -15,7 +17,10 @@ obj-$(CONFIG_KVM_ARM_HOST) += tlb.o
+ obj-$(CONFIG_KVM_ARM_HOST) += cp15-sr.o
+ obj-$(CONFIG_KVM_ARM_HOST) += vfp.o
+ obj-$(CONFIG_KVM_ARM_HOST) += banked-sr.o
++CFLAGS_banked-sr.o += $(CFLAGS_ARMV7VE)
++
+ obj-$(CONFIG_KVM_ARM_HOST) += entry.o
+ obj-$(CONFIG_KVM_ARM_HOST) += hyp-entry.o
+ obj-$(CONFIG_KVM_ARM_HOST) += switch.o
++CFLAGS_switch.o += $(CFLAGS_ARMV7VE)
+ obj-$(CONFIG_KVM_ARM_HOST) += s2-setup.o
+--- a/arch/arm/kvm/hyp/banked-sr.c
++++ b/arch/arm/kvm/hyp/banked-sr.c
+@@ -20,6 +20,10 @@
+
+ #include <asm/kvm_hyp.h>
+
++/*
++ * gcc before 4.9 doesn't understand -march=armv7ve, so we have to
++ * trick the assembler.
++ */
+ __asm__(".arch_extension virt");
+
+ void __hyp_text __banked_save_state(struct kvm_cpu_context *ctxt)
--- /dev/null
+From 8aa36a8dcde3183d84db7b0d622ffddcebb61077 Mon Sep 17 00:00:00 2001
+From: Ulf Magnusson <ulfalizer@gmail.com>
+Date: Mon, 5 Feb 2018 02:21:13 +0100
+Subject: ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
+
+From: Ulf Magnusson <ulfalizer@gmail.com>
+
+commit 8aa36a8dcde3183d84db7b0d622ffddcebb61077 upstream.
+
+The MACH_ARMADA_375 and MACH_ARMADA_38X boards select ARM_ERRATA_753970,
+but it was renamed to PL310_ERRATA_753970 by commit fa0ce4035d48 ("ARM:
+7162/1: errata: tidy up Kconfig options for PL310 errata workarounds").
+
+Fix the selects to use the new name.
+
+Discovered with the
+https://github.com/ulfalizer/Kconfiglib/blob/master/examples/list_undefined.py
+script.
+Fixes: fa0ce4035d48 ("ARM: 7162/1: errata: tidy up Kconfig options for
+PL310 errata workarounds"
+cc: stable@vger.kernel.org
+Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
+Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-mvebu/Kconfig | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/mach-mvebu/Kconfig
++++ b/arch/arm/mach-mvebu/Kconfig
+@@ -42,7 +42,7 @@ config MACH_ARMADA_375
+ depends on ARCH_MULTI_V7
+ select ARMADA_370_XP_IRQ
+ select ARM_ERRATA_720789
+- select ARM_ERRATA_753970
++ select PL310_ERRATA_753970
+ select ARM_GIC
+ select ARMADA_375_CLK
+ select HAVE_ARM_SCU
+@@ -58,7 +58,7 @@ config MACH_ARMADA_38X
+ bool "Marvell Armada 380/385 boards"
+ depends on ARCH_MULTI_V7
+ select ARM_ERRATA_720789
+- select ARM_ERRATA_753970
++ select PL310_ERRATA_753970
+ select ARM_GIC
+ select ARM_GLOBAL_TIMER
+ select CLKSRC_ARM_GLOBAL_TIMER_SCHED_CLOCK
--- /dev/null
+From 8337d083507b9827dfb36d545538b7789df834fd Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 21 Feb 2018 13:18:49 +0100
+Subject: ARM: orion: fix orion_ge00_switch_board_info initialization
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 8337d083507b9827dfb36d545538b7789df834fd upstream.
+
+A section type mismatch warning shows up when building with LTO,
+since orion_ge00_mvmdio_bus_name was put in __initconst but not marked
+const itself:
+
+include/linux/of.h: In function 'spear_setup_of_timer':
+arch/arm/mach-spear/time.c:207:34: error: 'timer_of_match' causes a section type conflict with 'orion_ge00_mvmdio_bus_name'
+ static const struct of_device_id timer_of_match[] __initconst = {
+ ^
+arch/arm/plat-orion/common.c:475:32: note: 'orion_ge00_mvmdio_bus_name' was declared here
+ static __initconst const char *orion_ge00_mvmdio_bus_name = "orion-mii";
+ ^
+
+As pointed out by Andrew Lunn, it should in fact be 'const' but not
+'__initconst' because the string is never copied but may be accessed
+after the init sections are freed. To fix that, I get rid of the
+extra symbol and rewrite the initialization in a simpler way that
+assigns both the bus_id and modalias statically.
+
+I spotted another theoretical bug in the same place, where d->netdev[i]
+may be an out of bounds access, this can be fixed by moving the device
+assignment into the loop.
+
+Cc: stable@vger.kernel.org
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/plat-orion/common.c | 23 +++++++++++------------
+ 1 file changed, 11 insertions(+), 12 deletions(-)
+
+--- a/arch/arm/plat-orion/common.c
++++ b/arch/arm/plat-orion/common.c
+@@ -472,28 +472,27 @@ void __init orion_ge11_init(struct mv643
+ /*****************************************************************************
+ * Ethernet switch
+ ****************************************************************************/
+-static __initconst const char *orion_ge00_mvmdio_bus_name = "orion-mii";
+-static __initdata struct mdio_board_info
+- orion_ge00_switch_board_info;
++static __initdata struct mdio_board_info orion_ge00_switch_board_info = {
++ .bus_id = "orion-mii",
++ .modalias = "mv88e6085",
++};
+
+ void __init orion_ge00_switch_init(struct dsa_chip_data *d)
+ {
+- struct mdio_board_info *bd;
+ unsigned int i;
+
+ if (!IS_BUILTIN(CONFIG_PHYLIB))
+ return;
+
+- for (i = 0; i < ARRAY_SIZE(d->port_names); i++)
+- if (!strcmp(d->port_names[i], "cpu"))
++ for (i = 0; i < ARRAY_SIZE(d->port_names); i++) {
++ if (!strcmp(d->port_names[i], "cpu")) {
++ d->netdev[i] = &orion_ge00.dev;
+ break;
++ }
++ }
+
+- bd = &orion_ge00_switch_board_info;
+- bd->bus_id = orion_ge00_mvmdio_bus_name;
+- bd->mdio_addr = d->sw_addr;
+- d->netdev[i] = &orion_ge00.dev;
+- strcpy(bd->modalias, "mv88e6085");
+- bd->platform_data = d;
++ orion_ge00_switch_board_info.mdio_addr = d->sw_addr;
++ orion_ge00_switch_board_info.platform_data = d;
+
+ mdiobus_register_board_info(&orion_ge00_switch_board_info, 1);
+ }
--- /dev/null
+From 105976f517791aed3b11f8f53b308a2069d42055 Mon Sep 17 00:00:00 2001
+From: Ming Lei <ming.lei@redhat.com>
+Date: Fri, 23 Feb 2018 23:36:56 +0800
+Subject: blk-mq: don't call io sched's .requeue_request when requeueing rq to ->dispatch
+
+From: Ming Lei <ming.lei@redhat.com>
+
+commit 105976f517791aed3b11f8f53b308a2069d42055 upstream.
+
+__blk_mq_requeue_request() covers two cases:
+
+- one is that the requeued request is added to hctx->dispatch, such as
+blk_mq_dispatch_rq_list()
+
+- another case is that the request is requeued to io scheduler, such as
+blk_mq_requeue_request().
+
+We should call io sched's .requeue_request callback only for the 2nd
+case.
+
+Cc: Paolo Valente <paolo.valente@linaro.org>
+Cc: Omar Sandoval <osandov@fb.com>
+Fixes: bd166ef183c2 ("blk-mq-sched: add framework for MQ capable IO schedulers")
+Cc: stable@vger.kernel.org
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Acked-by: Paolo Valente <paolo.valente@linaro.org>
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/blk-mq.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/block/blk-mq.c
++++ b/block/blk-mq.c
+@@ -655,7 +655,6 @@ static void __blk_mq_requeue_request(str
+
+ trace_block_rq_requeue(q, rq);
+ wbt_requeue(q->rq_wb, &rq->issue_stat);
+- blk_mq_sched_requeue_request(rq);
+
+ if (test_and_clear_bit(REQ_ATOM_STARTED, &rq->atomic_flags)) {
+ if (q->dma_drain_size && blk_rq_bytes(rq))
+@@ -667,6 +666,9 @@ void blk_mq_requeue_request(struct reque
+ {
+ __blk_mq_requeue_request(rq);
+
++ /* this request will be re-inserted to io scheduler queue */
++ blk_mq_sched_requeue_request(rq);
++
+ BUG_ON(blk_queued_rq(rq));
+ blk_mq_add_to_requeue_list(rq, true, kick_requeue_list);
+ }
--- /dev/null
+From bf8486709ac7fad99e4040dea73fe466c57a4ae1 Mon Sep 17 00:00:00 2001
+From: Anna Karbownik <anna.karbownik@intel.com>
+Date: Thu, 22 Feb 2018 16:18:13 +0100
+Subject: EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL
+
+From: Anna Karbownik <anna.karbownik@intel.com>
+
+commit bf8486709ac7fad99e4040dea73fe466c57a4ae1 upstream.
+
+Commit
+
+ 3286d3eb906c ("EDAC, sb_edac: Drop NUM_CHANNELS from 8 back to 4")
+
+decreased NUM_CHANNELS from 8 to 4, but this is not enough for Knights
+Landing which supports up to 6 channels.
+
+This caused out-of-bounds writes to pvt->mirror_mode and pvt->tolm
+variables which don't pay critical role on KNL code path, so the memory
+corruption wasn't causing any visible driver failures.
+
+The easiest way of fixing it is to change NUM_CHANNELS to 6. Do that.
+
+An alternative solution would be to restructure the KNL part of the
+driver to 2MC/3channel representation.
+
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Anna Karbownik <anna.karbownik@intel.com>
+Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
+Cc: Tony Luck <tony.luck@intel.com>
+Cc: jim.m.snow@intel.com
+Cc: krzysztof.paliswiat@intel.com
+Cc: lukasz.odzioba@intel.com
+Cc: qiuxu.zhuo@intel.com
+Cc: linux-edac <linux-edac@vger.kernel.org>
+Cc: <stable@vger.kernel.org>
+Fixes: 3286d3eb906c ("EDAC, sb_edac: Drop NUM_CHANNELS from 8 back to 4")
+Link: http://lkml.kernel.org/r/1519312693-4789-1-git-send-email-anna.karbownik@intel.com
+[ Massage commit message. ]
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/edac/sb_edac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/edac/sb_edac.c
++++ b/drivers/edac/sb_edac.c
+@@ -279,7 +279,7 @@ static const u32 correrrthrsld[] = {
+ * sbridge structs
+ */
+
+-#define NUM_CHANNELS 4 /* Max channels per MC */
++#define NUM_CHANNELS 6 /* Max channels per MC */
+ #define MAX_DIMMS 3 /* Max DIMMS per channel */
+ #define KNL_MAX_CHAS 38 /* KNL max num. of Cache Home Agents */
+ #define KNL_MAX_CHANNELS 6 /* KNL max num. of PCI channels */
--- /dev/null
+From b28676bb8ae4569cced423dc2a88f7cb319d5379 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpeng.li@hotmail.com>
+Date: Tue, 13 Feb 2018 15:36:00 +0100
+Subject: KVM: mmu: Fix overlap between public and private memslots
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Wanpeng Li <wanpeng.li@hotmail.com>
+
+commit b28676bb8ae4569cced423dc2a88f7cb319d5379 upstream.
+
+Reported by syzkaller:
+
+ pte_list_remove: ffff9714eb1f8078 0->BUG
+ ------------[ cut here ]------------
+ kernel BUG at arch/x86/kvm/mmu.c:1157!
+ invalid opcode: 0000 [#1] SMP
+ RIP: 0010:pte_list_remove+0x11b/0x120 [kvm]
+ Call Trace:
+ drop_spte+0x83/0xb0 [kvm]
+ mmu_page_zap_pte+0xcc/0xe0 [kvm]
+ kvm_mmu_prepare_zap_page+0x81/0x4a0 [kvm]
+ kvm_mmu_invalidate_zap_all_pages+0x159/0x220 [kvm]
+ kvm_arch_flush_shadow_all+0xe/0x10 [kvm]
+ kvm_mmu_notifier_release+0x6c/0xa0 [kvm]
+ ? kvm_mmu_notifier_release+0x5/0xa0 [kvm]
+ __mmu_notifier_release+0x79/0x110
+ ? __mmu_notifier_release+0x5/0x110
+ exit_mmap+0x15a/0x170
+ ? do_exit+0x281/0xcb0
+ mmput+0x66/0x160
+ do_exit+0x2c9/0xcb0
+ ? __context_tracking_exit.part.5+0x4a/0x150
+ do_group_exit+0x50/0xd0
+ SyS_exit_group+0x14/0x20
+ do_syscall_64+0x73/0x1f0
+ entry_SYSCALL64_slow_path+0x25/0x25
+
+The reason is that when creates new memslot, there is no guarantee for new
+memslot not overlap with private memslots. This can be triggered by the
+following program:
+
+ #include <fcntl.h>
+ #include <pthread.h>
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <linux/kvm.h>
+
+ long r[16];
+
+ int main()
+ {
+ void *p = valloc(0x4000);
+
+ r[2] = open("/dev/kvm", 0);
+ r[3] = ioctl(r[2], KVM_CREATE_VM, 0x0ul);
+
+ uint64_t addr = 0xf000;
+ ioctl(r[3], KVM_SET_IDENTITY_MAP_ADDR, &addr);
+ r[6] = ioctl(r[3], KVM_CREATE_VCPU, 0x0ul);
+ ioctl(r[3], KVM_SET_TSS_ADDR, 0x0ul);
+ ioctl(r[6], KVM_RUN, 0);
+ ioctl(r[6], KVM_RUN, 0);
+
+ struct kvm_userspace_memory_region mr = {
+ .slot = 0,
+ .flags = KVM_MEM_LOG_DIRTY_PAGES,
+ .guest_phys_addr = 0xf000,
+ .memory_size = 0x4000,
+ .userspace_addr = (uintptr_t) p
+ };
+ ioctl(r[3], KVM_SET_USER_MEMORY_REGION, &mr);
+ return 0;
+ }
+
+This patch fixes the bug by not adding a new memslot even if it
+overlaps with private memslots.
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Cc: Eric Biggers <ebiggers3@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
+---
+ virt/kvm/kvm_main.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -974,8 +974,7 @@ int __kvm_set_memory_region(struct kvm *
+ /* Check for overlaps */
+ r = -EEXIST;
+ kvm_for_each_memslot(slot, __kvm_memslots(kvm, as_id)) {
+- if ((slot->id >= KVM_USER_MEM_SLOTS) ||
+- (slot->id == id))
++ if (slot->id == id)
+ continue;
+ if (!((base_gfn + npages <= slot->base_gfn) ||
+ (base_gfn >= slot->base_gfn + slot->npages)))
--- /dev/null
+From d16b52cb9cdb6f06dea8ab2f0a428e7d7f0b0a81 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Wed, 7 Feb 2018 12:46:44 +0100
+Subject: KVM: s390: consider epoch index on hotplugged CPUs
+
+From: David Hildenbrand <david@redhat.com>
+
+commit d16b52cb9cdb6f06dea8ab2f0a428e7d7f0b0a81 upstream.
+
+We must copy both, the epoch and the epoch_idx.
+
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Message-Id: <20180207114647.6220-4-david@redhat.com>
+Fixes: 8fa1696ea781 ("KVM: s390: Multiple Epoch Facility support")
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Fixes: 8fa1696ea781 ("KVM: s390: Multiple Epoch Facility support")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/kvm-s390.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -2359,6 +2359,7 @@ void kvm_arch_vcpu_postcreate(struct kvm
+ mutex_lock(&vcpu->kvm->lock);
+ preempt_disable();
+ vcpu->arch.sie_block->epoch = vcpu->kvm->arch.epoch;
++ vcpu->arch.sie_block->epdx = vcpu->kvm->arch.epdx;
+ preempt_enable();
+ mutex_unlock(&vcpu->kvm->lock);
+ if (!kvm_is_ucontrol(vcpu->kvm)) {
--- /dev/null
+From 1575767ef3cf5326701d2ae3075b7732cbc855e4 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Wed, 7 Feb 2018 12:46:45 +0100
+Subject: KVM: s390: consider epoch index on TOD clock syncs
+
+From: David Hildenbrand <david@redhat.com>
+
+commit 1575767ef3cf5326701d2ae3075b7732cbc855e4 upstream.
+
+For now, we don't take care of over/underflows. Especially underflows
+are critical:
+
+Assume the epoch is currently 0 and we get a sync request for delta=1,
+meaning the TOD is moved forward by 1 and we have to fix it up by
+subtracting 1 from the epoch. Right now, this will leave the epoch
+index untouched, resulting in epoch=-1, epoch_idx=0, which is wrong.
+
+We have to take care of over and underflows, also for the VSIE case. So
+let's factor out calculation into a separate function.
+
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Message-Id: <20180207114647.6220-5-david@redhat.com>
+Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Fixes: 8fa1696ea781 ("KVM: s390: Multiple Epoch Facility support")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+[use u8 for idx]
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/kvm-s390.c | 32 +++++++++++++++++++++++++++++---
+ 1 file changed, 29 insertions(+), 3 deletions(-)
+
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -166,6 +166,28 @@ int kvm_arch_hardware_enable(void)
+ static void kvm_gmap_notifier(struct gmap *gmap, unsigned long start,
+ unsigned long end);
+
++static void kvm_clock_sync_scb(struct kvm_s390_sie_block *scb, u64 delta)
++{
++ u8 delta_idx = 0;
++
++ /*
++ * The TOD jumps by delta, we have to compensate this by adding
++ * -delta to the epoch.
++ */
++ delta = -delta;
++
++ /* sign-extension - we're adding to signed values below */
++ if ((s64)delta < 0)
++ delta_idx = -1;
++
++ scb->epoch += delta;
++ if (scb->ecd & ECD_MEF) {
++ scb->epdx += delta_idx;
++ if (scb->epoch < delta)
++ scb->epdx += 1;
++ }
++}
++
+ /*
+ * This callback is executed during stop_machine(). All CPUs are therefore
+ * temporarily stopped. In order not to change guest behavior, we have to
+@@ -181,13 +203,17 @@ static int kvm_clock_sync(struct notifie
+ unsigned long long *delta = v;
+
+ list_for_each_entry(kvm, &vm_list, vm_list) {
+- kvm->arch.epoch -= *delta;
+ kvm_for_each_vcpu(i, vcpu, kvm) {
+- vcpu->arch.sie_block->epoch -= *delta;
++ kvm_clock_sync_scb(vcpu->arch.sie_block, *delta);
++ if (i == 0) {
++ kvm->arch.epoch = vcpu->arch.sie_block->epoch;
++ kvm->arch.epdx = vcpu->arch.sie_block->epdx;
++ }
+ if (vcpu->arch.cputm_enabled)
+ vcpu->arch.cputm_start += *delta;
+ if (vcpu->arch.vsie_block)
+- vcpu->arch.vsie_block->epoch -= *delta;
++ kvm_clock_sync_scb(vcpu->arch.vsie_block,
++ *delta);
+ }
+ }
+ return NOTIFY_OK;
--- /dev/null
+From 0e7def5fb0dc53ddbb9f62a497d15f1e11ccdc36 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Wed, 7 Feb 2018 12:46:43 +0100
+Subject: KVM: s390: provide only a single function for setting the tod (fix SCK)
+
+From: David Hildenbrand <david@redhat.com>
+
+commit 0e7def5fb0dc53ddbb9f62a497d15f1e11ccdc36 upstream.
+
+Right now, SET CLOCK called in the guest does not properly take care of
+the epoch index, as the call goes via the old kvm_s390_set_tod_clock()
+interface. So the epoch index is neither reset to 0, if required, nor
+properly set to e.g. 0xff on negative values.
+
+Fix this by providing a single kvm_s390_set_tod_clock() function. Move
+Multiple-epoch facility handling into it.
+
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Message-Id: <20180207114647.6220-3-david@redhat.com>
+Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Fixes: 8fa1696ea781 ("KVM: s390: Multiple Epoch Facility support")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/kvm-s390.c | 46 +++++++++++++++-------------------------------
+ arch/s390/kvm/kvm-s390.h | 5 ++---
+ arch/s390/kvm/priv.c | 9 +++++----
+ 3 files changed, 22 insertions(+), 38 deletions(-)
+
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -889,12 +889,9 @@ static int kvm_s390_set_tod_ext(struct k
+ if (copy_from_user(>od, (void __user *)attr->addr, sizeof(gtod)))
+ return -EFAULT;
+
+- if (test_kvm_facility(kvm, 139))
+- kvm_s390_set_tod_clock_ext(kvm, >od);
+- else if (gtod.epoch_idx == 0)
+- kvm_s390_set_tod_clock(kvm, gtod.tod);
+- else
++ if (!test_kvm_facility(kvm, 139) && gtod.epoch_idx)
+ return -EINVAL;
++ kvm_s390_set_tod_clock(kvm, >od);
+
+ VM_EVENT(kvm, 3, "SET: TOD extension: 0x%x, TOD base: 0x%llx",
+ gtod.epoch_idx, gtod.tod);
+@@ -919,13 +916,14 @@ static int kvm_s390_set_tod_high(struct
+
+ static int kvm_s390_set_tod_low(struct kvm *kvm, struct kvm_device_attr *attr)
+ {
+- u64 gtod;
++ struct kvm_s390_vm_tod_clock gtod = { 0 };
+
+- if (copy_from_user(>od, (void __user *)attr->addr, sizeof(gtod)))
++ if (copy_from_user(>od.tod, (void __user *)attr->addr,
++ sizeof(gtod.tod)))
+ return -EFAULT;
+
+- kvm_s390_set_tod_clock(kvm, gtod);
+- VM_EVENT(kvm, 3, "SET: TOD base: 0x%llx", gtod);
++ kvm_s390_set_tod_clock(kvm, >od);
++ VM_EVENT(kvm, 3, "SET: TOD base: 0x%llx", gtod.tod);
+ return 0;
+ }
+
+@@ -2947,8 +2945,8 @@ retry:
+ return 0;
+ }
+
+-void kvm_s390_set_tod_clock_ext(struct kvm *kvm,
+- const struct kvm_s390_vm_tod_clock *gtod)
++void kvm_s390_set_tod_clock(struct kvm *kvm,
++ const struct kvm_s390_vm_tod_clock *gtod)
+ {
+ struct kvm_vcpu *vcpu;
+ struct kvm_s390_tod_clock_ext htod;
+@@ -2960,10 +2958,12 @@ void kvm_s390_set_tod_clock_ext(struct k
+ get_tod_clock_ext((char *)&htod);
+
+ kvm->arch.epoch = gtod->tod - htod.tod;
+- kvm->arch.epdx = gtod->epoch_idx - htod.epoch_idx;
+-
+- if (kvm->arch.epoch > gtod->tod)
+- kvm->arch.epdx -= 1;
++ kvm->arch.epdx = 0;
++ if (test_kvm_facility(kvm, 139)) {
++ kvm->arch.epdx = gtod->epoch_idx - htod.epoch_idx;
++ if (kvm->arch.epoch > gtod->tod)
++ kvm->arch.epdx -= 1;
++ }
+
+ kvm_s390_vcpu_block_all(kvm);
+ kvm_for_each_vcpu(i, vcpu, kvm) {
+@@ -2974,22 +2974,6 @@ void kvm_s390_set_tod_clock_ext(struct k
+ kvm_s390_vcpu_unblock_all(kvm);
+ preempt_enable();
+ mutex_unlock(&kvm->lock);
+-}
+-
+-void kvm_s390_set_tod_clock(struct kvm *kvm, u64 tod)
+-{
+- struct kvm_vcpu *vcpu;
+- int i;
+-
+- mutex_lock(&kvm->lock);
+- preempt_disable();
+- kvm->arch.epoch = tod - get_tod_clock();
+- kvm_s390_vcpu_block_all(kvm);
+- kvm_for_each_vcpu(i, vcpu, kvm)
+- vcpu->arch.sie_block->epoch = kvm->arch.epoch;
+- kvm_s390_vcpu_unblock_all(kvm);
+- preempt_enable();
+- mutex_unlock(&kvm->lock);
+ }
+
+ /**
+--- a/arch/s390/kvm/kvm-s390.h
++++ b/arch/s390/kvm/kvm-s390.h
+@@ -268,9 +268,8 @@ int kvm_s390_handle_sigp(struct kvm_vcpu
+ int kvm_s390_handle_sigp_pei(struct kvm_vcpu *vcpu);
+
+ /* implemented in kvm-s390.c */
+-void kvm_s390_set_tod_clock_ext(struct kvm *kvm,
+- const struct kvm_s390_vm_tod_clock *gtod);
+-void kvm_s390_set_tod_clock(struct kvm *kvm, u64 tod);
++void kvm_s390_set_tod_clock(struct kvm *kvm,
++ const struct kvm_s390_vm_tod_clock *gtod);
+ long kvm_arch_fault_in_page(struct kvm_vcpu *vcpu, gpa_t gpa, int writable);
+ int kvm_s390_store_status_unloaded(struct kvm_vcpu *vcpu, unsigned long addr);
+ int kvm_s390_vcpu_store_status(struct kvm_vcpu *vcpu, unsigned long addr);
+--- a/arch/s390/kvm/priv.c
++++ b/arch/s390/kvm/priv.c
+@@ -81,9 +81,10 @@ int kvm_s390_handle_e3(struct kvm_vcpu *
+ /* Handle SCK (SET CLOCK) interception */
+ static int handle_set_clock(struct kvm_vcpu *vcpu)
+ {
++ struct kvm_s390_vm_tod_clock gtod = { 0 };
+ int rc;
+ u8 ar;
+- u64 op2, val;
++ u64 op2;
+
+ if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+ return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+@@ -91,12 +92,12 @@ static int handle_set_clock(struct kvm_v
+ op2 = kvm_s390_get_base_disp_s(vcpu, &ar);
+ if (op2 & 7) /* Operand must be on a doubleword boundary */
+ return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
+- rc = read_guest(vcpu, op2, ar, &val, sizeof(val));
++ rc = read_guest(vcpu, op2, ar, >od.tod, sizeof(gtod.tod));
+ if (rc)
+ return kvm_s390_inject_prog_cond(vcpu, rc);
+
+- VCPU_EVENT(vcpu, 3, "SCK: setting guest TOD to 0x%llx", val);
+- kvm_s390_set_tod_clock(vcpu->kvm, val);
++ VCPU_EVENT(vcpu, 3, "SCK: setting guest TOD to 0x%llx", gtod.tod);
++ kvm_s390_set_tod_clock(vcpu->kvm, >od);
+
+ kvm_s390_set_psw_cc(vcpu, 0);
+ return 0;
--- /dev/null
+From 5fe01793dd953ab947fababe8abaf5ed5258c8df Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Wed, 7 Feb 2018 12:46:42 +0100
+Subject: KVM: s390: take care of clock-comparator sign control
+
+From: David Hildenbrand <david@redhat.com>
+
+commit 5fe01793dd953ab947fababe8abaf5ed5258c8df upstream.
+
+Missed when enabling the Multiple-epoch facility. If the facility is
+installed and the control is set, a sign based comaprison has to be
+performed.
+
+Right now we would inject wrong interrupts and ignore interrupt
+conditions. Also the sleep time is calculated in a wrong way.
+
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Message-Id: <20180207114647.6220-2-david@redhat.com>
+Fixes: 8fa1696ea781 ("KVM: s390: Multiple Epoch Facility support")
+Cc: stable@vger.kernel.org
+Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/interrupt.c | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
+
+--- a/arch/s390/kvm/interrupt.c
++++ b/arch/s390/kvm/interrupt.c
+@@ -170,8 +170,15 @@ static int ckc_interrupts_enabled(struct
+
+ static int ckc_irq_pending(struct kvm_vcpu *vcpu)
+ {
+- if (vcpu->arch.sie_block->ckc >= kvm_s390_get_tod_clock_fast(vcpu->kvm))
++ const u64 now = kvm_s390_get_tod_clock_fast(vcpu->kvm);
++ const u64 ckc = vcpu->arch.sie_block->ckc;
++
++ if (vcpu->arch.sie_block->gcr[0] & 0x0020000000000000ul) {
++ if ((s64)ckc >= (s64)now)
++ return 0;
++ } else if (ckc >= now) {
+ return 0;
++ }
+ return ckc_interrupts_enabled(vcpu);
+ }
+
+@@ -1011,13 +1018,19 @@ int kvm_cpu_has_pending_timer(struct kvm
+
+ static u64 __calculate_sltime(struct kvm_vcpu *vcpu)
+ {
+- u64 now, cputm, sltime = 0;
++ const u64 now = kvm_s390_get_tod_clock_fast(vcpu->kvm);
++ const u64 ckc = vcpu->arch.sie_block->ckc;
++ u64 cputm, sltime = 0;
+
+ if (ckc_interrupts_enabled(vcpu)) {
+- now = kvm_s390_get_tod_clock_fast(vcpu->kvm);
+- sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now);
+- /* already expired or overflow? */
+- if (!sltime || vcpu->arch.sie_block->ckc <= now)
++ if (vcpu->arch.sie_block->gcr[0] & 0x0020000000000000ul) {
++ if ((s64)now < (s64)ckc)
++ sltime = tod_to_ns((s64)ckc - (s64)now);
++ } else if (now < ckc) {
++ sltime = tod_to_ns(ckc - now);
++ }
++ /* already expired */
++ if (!sltime)
+ return 0;
+ if (cpu_timer_interrupts_enabled(vcpu)) {
+ cputm = kvm_s390_get_cpu_timer(vcpu);
--- /dev/null
+From 946fbbc13dce68902f64515b610eeb2a6c3d7a64 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 22 Feb 2018 16:43:18 +0100
+Subject: KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 946fbbc13dce68902f64515b610eeb2a6c3d7a64 upstream.
+
+vmx_vcpu_run() and svm_vcpu_run() are large functions, and giving
+branch hints to the compiler can actually make a substantial cycle
+difference by keeping the fast path contiguous in memory.
+
+With this optimization, the retpoline-guest/retpoline-host case is
+about 50 cycles faster.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: KarimAllah Ahmed <karahmed@amazon.de>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: kvm@vger.kernel.org
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20180222154318.20361-3-pbonzini@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/svm.c | 2 +-
+ arch/x86/kvm/vmx.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -5139,7 +5139,7 @@ static void svm_vcpu_run(struct kvm_vcpu
+ * If the L02 MSR bitmap does not intercept the MSR, then we need to
+ * save it.
+ */
+- if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
++ if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
+ svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+
+ if (svm->spec_ctrl)
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -9579,7 +9579,7 @@ static void __noclone vmx_vcpu_run(struc
+ * If the L02 MSR bitmap does not intercept the MSR, then we need to
+ * save it.
+ */
+- if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
++ if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
+ vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+
+ if (vmx->spec_ctrl)
--- /dev/null
+From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpengli@tencent.com>
+Date: Thu, 8 Feb 2018 15:32:45 +0800
+Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Wanpeng Li <wanpengli@tencent.com>
+
+commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream.
+
+Reported by syzkaller:
+
+ WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
+ CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4
+ RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
+ Call Trace:
+ vmx_handle_exit+0xbd/0xe20 [kvm_intel]
+ kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm]
+ kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
+ do_vfs_ioctl+0xa4/0x6a0
+ SyS_ioctl+0x79/0x90
+ entry_SYSCALL_64_fastpath+0x25/0x9c
+
+The testcase creates a first thread to issue KVM_SMI ioctl, and then creates
+a second thread to mmap and operate on the same vCPU. This triggers a race
+condition when running the testcase with multiple threads. Sometimes one thread
+exits with a triple fault while another thread mmaps and operates on the same
+vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler
+results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE
+in kvm_handle_bad_page(), which will go on to cause an emulation failure and an
+exit with KVM_EXIT_INTERNAL_ERROR.
+
+Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/mmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -3017,7 +3017,7 @@ static int kvm_handle_bad_page(struct kv
+ return RET_PF_RETRY;
+ }
+
+- return -EFAULT;
++ return RET_PF_EMULATE;
+ }
+
+ static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
--- /dev/null
+From 0b2e9904c15963e715d33e5f3f1387f17d19333a Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 23 Feb 2018 23:29:32 +0100
+Subject: KVM: x86: move LAPIC initialization after VMCS creation
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 0b2e9904c15963e715d33e5f3f1387f17d19333a upstream.
+
+The initial reset of the local APIC is performed before the VMCS has been
+created, but it tries to do a vmwrite:
+
+ vmwrite error: reg 810 value 4a00 (err 18944)
+ CPU: 54 PID: 38652 Comm: qemu-kvm Tainted: G W I 4.16.0-0.rc2.git0.1.fc28.x86_64 #1
+ Hardware name: Intel Corporation S2600CW/S2600CW, BIOS SE5C610.86B.01.01.0003.090520141303 09/05/2014
+ Call Trace:
+ vmx_set_rvi [kvm_intel]
+ vmx_hwapic_irr_update [kvm_intel]
+ kvm_lapic_reset [kvm]
+ kvm_create_lapic [kvm]
+ kvm_arch_vcpu_init [kvm]
+ kvm_vcpu_init [kvm]
+ vmx_create_vcpu [kvm_intel]
+ kvm_vm_ioctl [kvm]
+
+Move it later, after the VMCS has been created.
+
+Fixes: 4191db26b714 ("KVM: x86: Update APICv on APIC reset")
+Cc: stable@vger.kernel.org
+Cc: Liran Alon <liran.alon@oracle.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/lapic.c | 1 -
+ arch/x86/kvm/x86.c | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -2156,7 +2156,6 @@ int kvm_create_lapic(struct kvm_vcpu *vc
+ */
+ vcpu->arch.apic_base = MSR_IA32_APICBASE_ENABLE;
+ static_key_slow_inc(&apic_sw_disabled.key); /* sw disabled at reset */
+- kvm_lapic_reset(vcpu, false);
+ kvm_iodevice_init(&apic->dev, &apic_mmio_ops);
+
+ return 0;
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -7793,6 +7793,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu
+ if (r)
+ return r;
+ kvm_vcpu_reset(vcpu, false);
++ kvm_lapic_reset(vcpu, false);
+ kvm_mmu_setup(vcpu);
+ vcpu_put(vcpu);
+ return r;
--- /dev/null
+From ecb586bd29c99fb4de599dec388658e74388daad Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 22 Feb 2018 16:43:17 +0100
+Subject: KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit ecb586bd29c99fb4de599dec388658e74388daad upstream.
+
+Having a paravirt indirect call in the IBRS restore path is not a
+good idea, since we are trying to protect from speculative execution
+of bogus indirect branch targets. It is also slower, so use
+native_wrmsrl() on the vmentry path too.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: KarimAllah Ahmed <karahmed@amazon.de>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: kvm@vger.kernel.org
+Cc: stable@vger.kernel.org
+Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d
+Link: http://lkml.kernel.org/r/20180222154318.20361-2-pbonzini@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/svm.c | 7 ++++---
+ arch/x86/kvm/vmx.c | 7 ++++---
+ 2 files changed, 8 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -45,6 +45,7 @@
+ #include <asm/debugreg.h>
+ #include <asm/kvm_para.h>
+ #include <asm/irq_remapping.h>
++#include <asm/microcode.h>
+ #include <asm/nospec-branch.h>
+
+ #include <asm/virtext.h>
+@@ -5029,7 +5030,7 @@ static void svm_vcpu_run(struct kvm_vcpu
+ * being speculatively taken.
+ */
+ if (svm->spec_ctrl)
+- wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
++ native_wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
+
+ asm volatile (
+ "push %%" _ASM_BP "; \n\t"
+@@ -5139,10 +5140,10 @@ static void svm_vcpu_run(struct kvm_vcpu
+ * save it.
+ */
+ if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
+- rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
++ svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+
+ if (svm->spec_ctrl)
+- wrmsrl(MSR_IA32_SPEC_CTRL, 0);
++ native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
+
+ /* Eliminate branch target predictions from guest mode */
+ vmexit_fill_RSB();
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -51,6 +51,7 @@
+ #include <asm/apic.h>
+ #include <asm/irq_remapping.h>
+ #include <asm/mmu_context.h>
++#include <asm/microcode.h>
+ #include <asm/nospec-branch.h>
+
+ #include "trace.h"
+@@ -9443,7 +9444,7 @@ static void __noclone vmx_vcpu_run(struc
+ * being speculatively taken.
+ */
+ if (vmx->spec_ctrl)
+- wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
++ native_wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
+
+ vmx->__launched = vmx->loaded_vmcs->launched;
+ asm(
+@@ -9579,10 +9580,10 @@ static void __noclone vmx_vcpu_run(struc
+ * save it.
+ */
+ if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
+- rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
++ vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+
+ if (vmx->spec_ctrl)
+- wrmsrl(MSR_IA32_SPEC_CTRL, 0);
++ native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
+
+ /* Eliminate branch target predictions from guest mode */
+ vmexit_fill_RSB();
--- /dev/null
+From b9c97c67fd19262c002d94ced2bfb513083e161e Mon Sep 17 00:00:00 2001
+From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Date: Sat, 10 Feb 2018 06:14:10 -0500
+Subject: media: m88ds3103: don't call a non-initalized function
+
+From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+
+commit b9c97c67fd19262c002d94ced2bfb513083e161e upstream.
+
+If m88d3103 chip ID is not recognized, the device is not initialized.
+
+However, it returns from probe without any error, causing this OOPS:
+
+[ 7.689289] Unable to handle kernel NULL pointer dereference at virtual address 00000000
+[ 7.689297] pgd = 7b0bd7a7
+[ 7.689302] [00000000] *pgd=00000000
+[ 7.689318] Internal error: Oops: 80000005 [#1] SMP ARM
+[ 7.689322] Modules linked in: dvb_usb_dvbsky(+) m88ds3103 dvb_usb_v2 dvb_core videobuf2_vmalloc videobuf2_memops videobuf2_core crc32_arm_ce videodev media
+[ 7.689358] CPU: 3 PID: 197 Comm: systemd-udevd Not tainted 4.15.0-mcc+ #23
+[ 7.689361] Hardware name: BCM2835
+[ 7.689367] PC is at 0x0
+[ 7.689382] LR is at m88ds3103_attach+0x194/0x1d0 [m88ds3103]
+[ 7.689386] pc : [<00000000>] lr : [<bf0ae1ec>] psr: 60000013
+[ 7.689391] sp : ed8e5c20 ip : ed8c1e00 fp : ed8945c0
+[ 7.689395] r10: ed894000 r9 : ed894378 r8 : eda736c0
+[ 7.689400] r7 : ed894070 r6 : ed8e5c44 r5 : bf0bb040 r4 : eda77600
+[ 7.689405] r3 : 00000000 r2 : 00000000 r1 : 00000000 r0 : eda77600
+[ 7.689412] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
+[ 7.689417] Control: 10c5383d Table: 2d8e806a DAC: 00000051
+[ 7.689423] Process systemd-udevd (pid: 197, stack limit = 0xe9dbfb63)
+[ 7.689428] Stack: (0xed8e5c20 to 0xed8e6000)
+[ 7.689439] 5c20: ed853a80 eda73640 ed894000 ed8942c0 ed853a80 bf0b9e98 ed894070 bf0b9f10
+[ 7.689449] 5c40: 00000000 00000000 bf08c17c c08dfc50 00000000 00000000 00000000 00000000
+[ 7.689459] 5c60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[ 7.689468] 5c80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[ 7.689479] 5ca0: 00000000 00000000 ed8945c0 ed8942c0 ed894000 ed894830 bf0b9e98 00000000
+[ 7.689490] 5cc0: ed894378 bf0a3cb4 bf0bc3b0 0000533b ed920540 00000000 00000034 bf0a6434
+[ 7.689500] 5ce0: ee952070 ed826600 bf0a7038 bf0a2dd8 00000001 bf0a6768 bf0a2f90 ed8943c0
+[ 7.689511] 5d00: 00000000 c08eca68 ed826620 ed826620 00000000 ee952070 bf0bc034 ee952000
+[ 7.689521] 5d20: ed826600 bf0bb080 ffffffed c0aa9e9c c0aa9dac ed826620 c16edf6c c168c2c8
+[ 7.689531] 5d40: c16edf70 00000000 bf0bc034 0000000d 00000000 c08e268c bf0bb080 ed826600
+[ 7.689541] 5d60: bf0bc034 ed826654 ed826620 bf0bc034 c164c8bc 00000000 00000001 00000000
+[ 7.689553] 5d80: 00000028 c08e2948 00000000 bf0bc034 c08e2848 c08e0778 ee9f0a58 ed88bab4
+[ 7.689563] 5da0: bf0bc034 ed90ba80 c168c1f0 c08e1934 bf0bb3bc c17045ac bf0bc034 c164c8bc
+[ 7.689574] 5dc0: bf0bc034 bf0bb3bc ed91f564 c08e34ec bf0bc000 c164c8bc bf0bc034 c0aa8dc4
+[ 7.689584] 5de0: ffffe000 00000000 bf0bf000 ed91f600 ed91f564 c03021e4 00000001 00000000
+[ 7.689595] 5e00: c166e040 8040003f ed853a80 bf0bc448 00000000 c1678174 ed853a80 f0f22000
+[ 7.689605] 5e20: f0f21fff 8040003f 014000c0 ed91e700 ed91e700 c16d8e68 00000001 ed91e6c0
+[ 7.689615] 5e40: bf0bc400 00000001 bf0bc400 ed91f564 00000001 00000000 00000028 c03c9a24
+[ 7.689625] 5e60: 00000001 c03c8c94 ed8e5f50 ed8e5f50 00000001 bf0bc400 ed91f540 c03c8cb0
+[ 7.689637] 5e80: bf0bc40c 00007fff bf0bc400 c03c60b0 00000000 bf0bc448 00000028 c0e09684
+[ 7.689647] 5ea0: 00000002 bf0bc530 c1234bf8 bf0bc5dc bf0bc514 c10ebbe8 ffffe000 bf000000
+[ 7.689657] 5ec0: 00011538 00000000 ed8e5f48 00000000 00000000 00000000 00000000 00000000
+[ 7.689666] 5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[ 7.689676] 5f00: 00000000 00000000 7fffffff 00000000 00000013 b6e55a18 0000017b c0309104
+[ 7.689686] 5f20: ed8e4000 00000000 00510af0 c03c9430 7fffffff 00000000 00000003 00000000
+[ 7.689697] 5f40: 00000000 f0f0f000 00011538 00000000 f0f107b0 f0f0f000 00011538 f0f1fdb8
+[ 7.689707] 5f60: f0f1fbe8 f0f1b974 00004000 000041e0 bf0bc3d0 00000001 00000000 000024c4
+[ 7.689717] 5f80: 0000002d 0000002e 00000019 00000000 00000010 00000000 16894000 00000000
+[ 7.689727] 5fa0: 00000000 c0308f20 16894000 00000000 00000013 b6e55a18 00000000 b6e5652c
+[ 7.689737] 5fc0: 16894000 00000000 00000000 0000017b 00020000 00508110 00000000 00510af0
+[ 7.689748] 5fe0: bef68948 bef68938 b6e4d3d0 b6d32590 60000010 00000013 00000000 00000000
+[ 7.689790] [<bf0ae1ec>] (m88ds3103_attach [m88ds3103]) from [<bf0b9f10>] (dvbsky_s960c_attach+0x78/0x280 [dvb_usb_dvbsky])
+[ 7.689821] [<bf0b9f10>] (dvbsky_s960c_attach [dvb_usb_dvbsky]) from [<bf0a3cb4>] (dvb_usbv2_probe+0xa3c/0x1024 [dvb_usb_v2])
+[ 7.689849] [<bf0a3cb4>] (dvb_usbv2_probe [dvb_usb_v2]) from [<c0aa9e9c>] (usb_probe_interface+0xf0/0x2a8)
+[ 7.689869] [<c0aa9e9c>] (usb_probe_interface) from [<c08e268c>] (driver_probe_device+0x2f8/0x4b4)
+[ 7.689881] [<c08e268c>] (driver_probe_device) from [<c08e2948>] (__driver_attach+0x100/0x11c)
+[ 7.689895] [<c08e2948>] (__driver_attach) from [<c08e0778>] (bus_for_each_dev+0x4c/0x9c)
+[ 7.689909] [<c08e0778>] (bus_for_each_dev) from [<c08e1934>] (bus_add_driver+0x1c0/0x264)
+[ 7.689919] [<c08e1934>] (bus_add_driver) from [<c08e34ec>] (driver_register+0x78/0xf4)
+[ 7.689931] [<c08e34ec>] (driver_register) from [<c0aa8dc4>] (usb_register_driver+0x70/0x134)
+[ 7.689946] [<c0aa8dc4>] (usb_register_driver) from [<c03021e4>] (do_one_initcall+0x44/0x168)
+[ 7.689963] [<c03021e4>] (do_one_initcall) from [<c03c9a24>] (do_init_module+0x64/0x1f4)
+[ 7.689979] [<c03c9a24>] (do_init_module) from [<c03c8cb0>] (load_module+0x20a0/0x25c8)
+[ 7.689993] [<c03c8cb0>] (load_module) from [<c03c9430>] (SyS_finit_module+0xb4/0xec)
+[ 7.690007] [<c03c9430>] (SyS_finit_module) from [<c0308f20>] (ret_fast_syscall+0x0/0x54)
+[ 7.690018] Code: bad PC value
+
+This may happen on normal circumstances, if, for some reason, the demod
+hangs and start returning an invalid chip ID:
+
+[ 10.394395] m88ds3103 3-0068: Unknown device. Chip_id=00
+
+So, change the logic to cause probe to fail with -ENODEV, preventing
+the OOPS.
+
+Detected while testing DVB MMAP patches on Raspberry Pi 3 with
+DVBSky S960CI.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/dvb-frontends/m88ds3103.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/media/dvb-frontends/m88ds3103.c
++++ b/drivers/media/dvb-frontends/m88ds3103.c
+@@ -1262,11 +1262,12 @@ static int m88ds3103_select(struct i2c_m
+ * New users must use I2C client binding directly!
+ */
+ struct dvb_frontend *m88ds3103_attach(const struct m88ds3103_config *cfg,
+- struct i2c_adapter *i2c, struct i2c_adapter **tuner_i2c_adapter)
++ struct i2c_adapter *i2c,
++ struct i2c_adapter **tuner_i2c_adapter)
+ {
+ struct i2c_client *client;
+ struct i2c_board_info board_info;
+- struct m88ds3103_platform_data pdata;
++ struct m88ds3103_platform_data pdata = {};
+
+ pdata.clk = cfg->clock;
+ pdata.i2c_wr_max = cfg->i2c_wr_max;
+@@ -1409,6 +1410,8 @@ static int m88ds3103_probe(struct i2c_cl
+ case M88DS3103_CHIP_ID:
+ break;
+ default:
++ ret = -ENODEV;
++ dev_err(&client->dev, "Unknown device. Chip_id=%02x\n", dev->chip_id);
+ goto err_kfree;
+ }
+
--- /dev/null
+From b98c6a160a057d5686a8c54c79cc6c8c94a7d0c8 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Fri, 16 Feb 2018 13:20:48 -0800
+Subject: nospec: Allow index argument to have const-qualified type
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit b98c6a160a057d5686a8c54c79cc6c8c94a7d0c8 upstream.
+
+The last expression in a statement expression need not be a bare
+variable, quoting gcc docs
+
+ The last thing in the compound statement should be an expression
+ followed by a semicolon; the value of this subexpression serves as the
+ value of the entire construct.
+
+and we already use that in e.g. the min/max macros which end with a
+ternary expression.
+
+This way, we can allow index to have const-qualified type, which will in
+some cases avoid the need for introducing a local copy of index of
+non-const qualified type. That, in turn, can prevent readers not
+familiar with the internals of array_index_nospec from wondering about
+the seemingly redundant extra variable, and I think that's worthwhile
+considering how confusing the whole _nospec business is.
+
+The expression _i&_mask has type unsigned long (since that is the type
+of _mask, and the BUILD_BUG_ONs guarantee that _i will get promoted to
+that), so in order not to change the type of the whole expression, add
+a cast back to typeof(_i).
+
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Arjan van de Ven <arjan@linux.intel.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Will Deacon <will.deacon@arm.com>
+Cc: linux-arch@vger.kernel.org
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/151881604837.17395.10812767547837568328.stgit@dwillia2-desk3.amr.corp.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/nospec.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/include/linux/nospec.h
++++ b/include/linux/nospec.h
+@@ -72,7 +72,6 @@ static inline unsigned long array_index_
+ BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \
+ BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \
+ \
+- _i &= _mask; \
+- _i; \
++ (typeof(_i)) (_i & _mask); \
+ })
+ #endif /* _LINUX_NOSPEC_H */
s390-qeth-fix-ipa-command-submission-race.patch
tcp-revert-f-rto-middle-box-workaround.patch
tcp-revert-f-rto-extension-to-detect-more-spurious-timeouts.patch
+blk-mq-don-t-call-io-sched-s-.requeue_request-when-requeueing-rq-to-dispatch.patch
+media-m88ds3103-don-t-call-a-non-initalized-function.patch
+edac-sb_edac-fix-out-of-bound-writes-during-dimm-configuration-on-knl.patch
+kvm-s390-take-care-of-clock-comparator-sign-control.patch
+kvm-s390-provide-only-a-single-function-for-setting-the-tod-fix-sck.patch
+kvm-s390-consider-epoch-index-on-hotplugged-cpus.patch
+kvm-s390-consider-epoch-index-on-tod-clock-syncs.patch
+nospec-allow-index-argument-to-have-const-qualified-type.patch
+x86-mm-fix-pmd-pud-_-set-clear-_flags.patch
+arm-orion-fix-orion_ge00_switch_board_info-initialization.patch
+arm-dts-rockchip-remove-1.8-ghz-operation-point-from-phycore-som.patch
+arm-mvebu-fix-broken-pl310_errata_753970-selects.patch
+arm-kvm-fix-building-with-gcc-8.patch
+kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch
+kvm-mmu-fix-overlap-between-public-and-private-memslots.patch
+kvm-x86-remove-indirect-msr-op-calls-from-spec_ctrl.patch
+kvm-x86-move-lapic-initialization-after-vmcs-creation.patch
+kvm-vmx-optimize-vmx_vcpu_run-and-svm_vcpu_run-by-marking-the-rdmsr-path-as-unlikely.patch
--- /dev/null
+From 842cef9113c2120f74f645111ded1e020193d84c Mon Sep 17 00:00:00 2001
+From: Jan Beulich <JBeulich@suse.com>
+Date: Mon, 19 Feb 2018 07:48:11 -0700
+Subject: x86/mm: Fix {pmd,pud}_{set,clear}_flags()
+
+From: Jan Beulich <JBeulich@suse.com>
+
+commit 842cef9113c2120f74f645111ded1e020193d84c upstream.
+
+Just like pte_{set,clear}_flags() their PMD and PUD counterparts should
+not do any address translation. This was outright wrong under Xen
+(causing a dead boot with no useful output on "suitable" systems), and
+produced needlessly more complicated code (even if just slightly) when
+paravirt was enabled.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/5A8AF1BB02000078001A91C3@prv-mh.provo.novell.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/pgtable.h | 8 ++++----
+ arch/x86/include/asm/pgtable_types.h | 10 ++++++++++
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/include/asm/pgtable.h
++++ b/arch/x86/include/asm/pgtable.h
+@@ -350,14 +350,14 @@ static inline pmd_t pmd_set_flags(pmd_t
+ {
+ pmdval_t v = native_pmd_val(pmd);
+
+- return __pmd(v | set);
++ return native_make_pmd(v | set);
+ }
+
+ static inline pmd_t pmd_clear_flags(pmd_t pmd, pmdval_t clear)
+ {
+ pmdval_t v = native_pmd_val(pmd);
+
+- return __pmd(v & ~clear);
++ return native_make_pmd(v & ~clear);
+ }
+
+ static inline pmd_t pmd_mkold(pmd_t pmd)
+@@ -409,14 +409,14 @@ static inline pud_t pud_set_flags(pud_t
+ {
+ pudval_t v = native_pud_val(pud);
+
+- return __pud(v | set);
++ return native_make_pud(v | set);
+ }
+
+ static inline pud_t pud_clear_flags(pud_t pud, pudval_t clear)
+ {
+ pudval_t v = native_pud_val(pud);
+
+- return __pud(v & ~clear);
++ return native_make_pud(v & ~clear);
+ }
+
+ static inline pud_t pud_mkold(pud_t pud)
+--- a/arch/x86/include/asm/pgtable_types.h
++++ b/arch/x86/include/asm/pgtable_types.h
+@@ -323,6 +323,11 @@ static inline pudval_t native_pud_val(pu
+ #else
+ #include <asm-generic/pgtable-nopud.h>
+
++static inline pud_t native_make_pud(pudval_t val)
++{
++ return (pud_t) { .p4d.pgd = native_make_pgd(val) };
++}
++
+ static inline pudval_t native_pud_val(pud_t pud)
+ {
+ return native_pgd_val(pud.p4d.pgd);
+@@ -344,6 +349,11 @@ static inline pmdval_t native_pmd_val(pm
+ #else
+ #include <asm-generic/pgtable-nopmd.h>
+
++static inline pmd_t native_make_pmd(pmdval_t val)
++{
++ return (pmd_t) { .pud.p4d.pgd = native_make_pgd(val) };
++}
++
+ static inline pmdval_t native_pmd_val(pmd_t pmd)
+ {
+ return native_pgd_val(pmd.pud.p4d.pgd);
projects / thirdparty / kernel / stable-queue.git / commitdiff
