From cd6c82afa701533257852aeb53bfd1360700362e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 1 Jul 2019 17:39:02 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	cpu-speculation-warn-on-unsupported-mitigations-parameter.patch
	nfs-flexfiles-use-the-correct-tcp-timeout-for-flexfiles-i-o.patch
	x86-microcode-fix-the-microcode-load-on-cpu-hotplug-for-real.patch
	x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch
---
 ...on-unsupported-mitigations-parameter.patch | 47 +++++++++++++
 ...orrect-tcp-timeout-for-flexfiles-i-o.patch | 33 +++++++++
 queue-4.14/series                             |  4 ++
 ...crocode-load-on-cpu-hotplug-for-real.patch | 66 +++++++++++++++++
 ...ts-to-use-ssbd-even-if-host-does-not.patch | 70 +++++++++++++++++++
 5 files changed, 220 insertions(+)
 create mode 100644 queue-4.14/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch
 create mode 100644 queue-4.14/nfs-flexfiles-use-the-correct-tcp-timeout-for-flexfiles-i-o.patch
 create mode 100644 queue-4.14/x86-microcode-fix-the-microcode-load-on-cpu-hotplug-for-real.patch
 create mode 100644 queue-4.14/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch

diff --git a/queue-4.14/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch b/queue-4.14/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch
new file mode 100644
index 00000000000..07ca1a9fde9
--- /dev/null
+++ b/queue-4.14/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch
@@ -0,0 +1,47 @@
+From 1bf72720281770162c87990697eae1ba2f1d917a Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Thu, 16 May 2019 09:09:35 +0200
+Subject: cpu/speculation: Warn on unsupported mitigations= parameter
+
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+
+commit 1bf72720281770162c87990697eae1ba2f1d917a upstream.
+
+Currently, if the user specifies an unsupported mitigation strategy on the
+kernel command line, it will be ignored silently.  The code will fall back
+to the default strategy, possibly leaving the system more vulnerable than
+expected.
+
+This may happen due to e.g. a simple typo, or, for a stable kernel release,
+because not all mitigation strategies have been backported.
+
+Inform the user by printing a message.
+
+Fixes: 98af8452945c5565 ("cpu/speculation: Add 'mitigations=' cmdline option")
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Jiri Kosina <jkosina@suse.cz>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Ben Hutchings <ben@decadent.org.uk>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20190516070935.22546-1-geert@linux-m68k.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cpu.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -2308,6 +2308,9 @@ static int __init mitigations_parse_cmdl
+ 		cpu_mitigations = CPU_MITIGATIONS_AUTO;
+ 	else if (!strcmp(arg, "auto,nosmt"))
+ 		cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
++	else
++		pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n",
++			arg);
+ 
+ 	return 0;
+ }
diff --git a/queue-4.14/nfs-flexfiles-use-the-correct-tcp-timeout-for-flexfiles-i-o.patch b/queue-4.14/nfs-flexfiles-use-the-correct-tcp-timeout-for-flexfiles-i-o.patch
new file mode 100644
index 00000000000..8c4440bea35
--- /dev/null
+++ b/queue-4.14/nfs-flexfiles-use-the-correct-tcp-timeout-for-flexfiles-i-o.patch
@@ -0,0 +1,33 @@
+From 68f461593f76bd5f17e87cdd0bea28f4278c7268 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trondmy@gmail.com>
+Date: Tue, 25 Jun 2019 16:41:16 -0400
+Subject: NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
+
+From: Trond Myklebust <trondmy@gmail.com>
+
+commit 68f461593f76bd5f17e87cdd0bea28f4278c7268 upstream.
+
+Fix a typo where we're confusing the default TCP retrans value
+(NFS_DEF_TCP_RETRANS) for the default TCP timeout value.
+
+Fixes: 15d03055cf39f ("pNFS/flexfiles: Set reasonable default ...")
+Cc: stable@vger.kernel.org # 4.8+
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/flexfilelayout/flexfilelayoutdev.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c
++++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c
+@@ -18,7 +18,7 @@
+ 
+ #define NFSDBG_FACILITY		NFSDBG_PNFS_LD
+ 
+-static unsigned int dataserver_timeo = NFS_DEF_TCP_RETRANS;
++static unsigned int dataserver_timeo = NFS_DEF_TCP_TIMEO;
+ static unsigned int dataserver_retrans;
+ 
+ static bool ff_layout_has_available_ds(struct pnfs_layout_segment *lseg);
diff --git a/queue-4.14/series b/queue-4.14/series
index 8dac5f9ad87..298e60932e5 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -19,3 +19,7 @@ fs-binfmt_flat.c-make-load_flat_shared_library-work.patch
 mm-page_idle.c-fix-oops-because-end_pfn-is-larger-than-max_pfn.patch
 dm-log-writes-make-sure-super-sector-log-updates-are-written-in-order.patch
 scsi-vmw_pscsi-fix-use-after-free-in-pvscsi_queue_lck.patch
+x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch
+x86-microcode-fix-the-microcode-load-on-cpu-hotplug-for-real.patch
+nfs-flexfiles-use-the-correct-tcp-timeout-for-flexfiles-i-o.patch
+cpu-speculation-warn-on-unsupported-mitigations-parameter.patch
diff --git a/queue-4.14/x86-microcode-fix-the-microcode-load-on-cpu-hotplug-for-real.patch b/queue-4.14/x86-microcode-fix-the-microcode-load-on-cpu-hotplug-for-real.patch
new file mode 100644
index 00000000000..047c41a2073
--- /dev/null
+++ b/queue-4.14/x86-microcode-fix-the-microcode-load-on-cpu-hotplug-for-real.patch
@@ -0,0 +1,66 @@
+From 5423f5ce5ca410b3646f355279e4e937d452e622 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 18 Jun 2019 22:31:40 +0200
+Subject: x86/microcode: Fix the microcode load on CPU hotplug for real
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 5423f5ce5ca410b3646f355279e4e937d452e622 upstream.
+
+A recent change moved the microcode loader hotplug callback into the early
+startup phase which is running with interrupts disabled. It missed that
+the callbacks invoke sysfs functions which might sleep causing nice 'might
+sleep' splats with proper debugging enabled.
+
+Split the callbacks and only load the microcode in the early startup phase
+and move the sysfs handling back into the later threaded and preemptible
+bringup phase where it was before.
+
+Fixes: 78f4e932f776 ("x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback")
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: stable@vger.kernel.org
+Cc: x86-ml <x86@kernel.org>
+Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1906182228350.1766@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/core.c |   15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/cpu/microcode/core.c
++++ b/arch/x86/kernel/cpu/microcode/core.c
+@@ -790,13 +790,16 @@ static struct syscore_ops mc_syscore_ops
+ 	.resume			= mc_bp_resume,
+ };
+ 
+-static int mc_cpu_online(unsigned int cpu)
++static int mc_cpu_starting(unsigned int cpu)
+ {
+-	struct device *dev;
+-
+-	dev = get_cpu_device(cpu);
+ 	microcode_update_cpu(cpu);
+ 	pr_debug("CPU%d added\n", cpu);
++	return 0;
++}
++
++static int mc_cpu_online(unsigned int cpu)
++{
++	struct device *dev = get_cpu_device(cpu);
+ 
+ 	if (sysfs_create_group(&dev->kobj, &mc_attr_group))
+ 		pr_err("Failed to create group for CPU%d\n", cpu);
+@@ -873,7 +876,9 @@ int __init microcode_init(void)
+ 		goto out_ucode_group;
+ 
+ 	register_syscore_ops(&mc_syscore_ops);
+-	cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:online",
++	cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting",
++				  mc_cpu_starting, NULL);
++	cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
+ 				  mc_cpu_online, mc_cpu_down_prep);
+ 
+ 	pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION);
diff --git a/queue-4.14/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch b/queue-4.14/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch
new file mode 100644
index 00000000000..163169c8bc3
--- /dev/null
+++ b/queue-4.14/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch
@@ -0,0 +1,70 @@
+From c1f7fec1eb6a2c86d01bc22afce772c743451d88 Mon Sep 17 00:00:00 2001
+From: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
+Date: Mon, 10 Jun 2019 13:20:10 -0400
+Subject: x86/speculation: Allow guests to use SSBD even if host does not
+
+From: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
+
+commit c1f7fec1eb6a2c86d01bc22afce772c743451d88 upstream.
+
+The bits set in x86_spec_ctrl_mask are used to calculate the guest's value
+of SPEC_CTRL that is written to the MSR before VMENTRY, and control which
+mitigations the guest can enable.  In the case of SSBD, unless the host has
+enabled SSBD always on mode (by passing "spec_store_bypass_disable=on" in
+the kernel parameters), the SSBD bit is not set in the mask and the guest
+can not properly enable the SSBD always on mitigation mode.
+
+This has been confirmed by running the SSBD PoC on a guest using the SSBD
+always on mitigation mode (booted with kernel parameter
+"spec_store_bypass_disable=on"), and verifying that the guest is vulnerable
+unless the host is also using SSBD always on mode. In addition, the guest
+OS incorrectly reports the SSB vulnerability as mitigated.
+
+Always set the SSBD bit in x86_spec_ctrl_mask when the host CPU supports
+it, allowing the guest to use SSBD whether or not the host has chosen to
+enable the mitigation in any of its modes.
+
+Fixes: be6fcb5478e9 ("x86/bugs: Rework spec_ctrl base and mask logic")
+Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
+Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Cc: bp@alien8.de
+Cc: rkrcmar@redhat.com
+Cc: kvm@vger.kernel.org
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/1560187210-11054-1-git-send-email-alejandro.j.jimenez@oracle.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/bugs.c |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -821,6 +821,16 @@ static enum ssb_mitigation __init __ssb_
+ 	}
+ 
+ 	/*
++	 * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper
++	 * bit in the mask to allow guests to use the mitigation even in the
++	 * case where the host does not enable it.
++	 */
++	if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
++	    static_cpu_has(X86_FEATURE_AMD_SSBD)) {
++		x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
++	}
++
++	/*
+ 	 * We have three CPU feature flags that are in play here:
+ 	 *  - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
+ 	 *  - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass
+@@ -837,7 +847,6 @@ static enum ssb_mitigation __init __ssb_
+ 			x86_amd_ssb_disable();
+ 		} else {
+ 			x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
+-			x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
+ 			wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+ 		}
+ 	}
-- 
2.47.3