release v4.16-9

CHANGELOG.md

@@ -1,3 +1,7 @@
+v4.16-9 2018-05-24
+--------------------
+Upgrade to v4.16.11
+
 v4.16-8 2018-05-21
 --------------------
 Upgrade to v4.16.10

aur/PKGBUILD

@@ -2,7 +2,7 @@
 
 pkgbase=linux-samus4
 pkgver=4.16
-pkgrel=8
+pkgrel=9
 arch=('x86_64')
 url="https://github.com/raphael/linux-samus"
 license=('GPL2')

build/linux-4.16.11-ph_4.16.11-ph-83.dsc

@@ -0,0 +1,21 @@
+Format: 3.0 (quilt)
+Source: linux-4.16.11-ph
+Binary: linux-image-4.16.11-ph, linux-headers-4.16.11-ph, linux-libc-dev
+Architecture: any
+Version: 4.16.11-ph-83
+Maintainer: Anonymous <root@chromia>
+Homepage: http://www.kernel.org/
+Build-Depends: bc, kmod, cpio
+Package-List:
+ linux-headers-4.16.11-ph deb kernel optional arch=any
+ linux-image-4.16.11-ph deb kernel optional arch=any
+ linux-libc-dev deb devel optional arch=any
+Checksums-Sha1:
+ 04d57d588f3c4eb25ffa63cc193136eaf5734bb4 502845254 linux-4.16.11-ph_4.16.11-ph.orig.tar.gz
+ a4806620bdeec54b31b5113dfe25d4dcca100f0d 1209 linux-4.16.11-ph_4.16.11-ph-83.debian.tar.gz
+Checksums-Sha256:
+ 4d726779f0e14051ec18aa55f1ef600092c2f5a0738fd281bbf433fe8c4a420c 502845254 linux-4.16.11-ph_4.16.11-ph.orig.tar.gz
+ 9644709e97fcd048c037b521a74ebfd443b053a0d73677e477bed00b690926f5 1209 linux-4.16.11-ph_4.16.11-ph-83.debian.tar.gz
+Files:
+ 7a922a6a11187ad8073d7bc9cc2e54dd 502845254 linux-4.16.11-ph_4.16.11-ph.orig.tar.gz
+ 79df0418f414893efbd93f5cdc838a31 1209 linux-4.16.11-ph_4.16.11-ph-83.debian.tar.gz

build/linux-4.16.11-ph_4.16.11-ph-83_amd64.changes

@@ -0,0 +1,39 @@
+Format: 1.8
+Date: Thu, 24 May 2018 14:02:15 -0700
+Source: linux-4.16.11-ph
+Binary: linux-image-4.16.11-ph linux-headers-4.16.11-ph linux-libc-dev
+Architecture: source amd64
+Version: 4.16.11-ph-83
+Distribution: vivid
+Urgency: low
+Maintainer: Anonymous <root@chromia>
+Changed-By: Anonymous <root@chromia>
+Description:
+ linux-headers-4.16.11-ph - Linux kernel headers for 4.16.11-ph on ${kernel:debarch}
+ linux-image-4.16.11-ph - Linux kernel, version 4.16.11-ph
+ linux-libc-dev - Linux support headers for userspace development
+Changes:
+ linux-4.16.11-ph (4.16.11-ph-83) vivid; urgency=low
+ .
+   * Custom built Linux kernel.
+Checksums-Sha1:
+ 0f28aae55419ad848ee73c3b1823d67f84685626 1050 linux-4.16.11-ph_4.16.11-ph-83.dsc
+ 04d57d588f3c4eb25ffa63cc193136eaf5734bb4 502845254 linux-4.16.11-ph_4.16.11-ph.orig.tar.gz
+ a4806620bdeec54b31b5113dfe25d4dcca100f0d 1209 linux-4.16.11-ph_4.16.11-ph-83.debian.tar.gz
+ ae2461f967e04f2c7c6b11758bab6dfe57d8740f 11615454 linux-headers-4.16.11-ph_4.16.11-ph-83_amd64.deb
+ 5d9c32db325716963b31e7f755702770d2eeffcf 54683722 linux-image-4.16.11-ph_4.16.11-ph-83_amd64.deb
+ 920d3cea7df56092907bd39d2a6b53c81209649a 985542 linux-libc-dev_4.16.11-ph-83_amd64.deb
+Checksums-Sha256:
+ 25dc6a2c33ade2facd7191e31122e8c514298bb6c39b7230b443bd169489c3d6 1050 linux-4.16.11-ph_4.16.11-ph-83.dsc
+ 4d726779f0e14051ec18aa55f1ef600092c2f5a0738fd281bbf433fe8c4a420c 502845254 linux-4.16.11-ph_4.16.11-ph.orig.tar.gz
+ 9644709e97fcd048c037b521a74ebfd443b053a0d73677e477bed00b690926f5 1209 linux-4.16.11-ph_4.16.11-ph-83.debian.tar.gz
+ fffc62616f59153e506be58f80b51ab5d45b79fe81537ce88e9fbc919cd7a0d9 11615454 linux-headers-4.16.11-ph_4.16.11-ph-83_amd64.deb
+ bf655d9fd097f2e204f24f18cacafa6a2dc65d3a787bf9d834a7e448693b8ac9 54683722 linux-image-4.16.11-ph_4.16.11-ph-83_amd64.deb
+ ca87926ed5d538afb43cfd917489cc9c5e74a3abcffc56be7fb0370c91bb3ca7 985542 linux-libc-dev_4.16.11-ph-83_amd64.deb
+Files:
+ db561c1ed27f2a4aa89021834926e990 1050 kernel optional linux-4.16.11-ph_4.16.11-ph-83.dsc
+ 7a922a6a11187ad8073d7bc9cc2e54dd 502845254 kernel optional linux-4.16.11-ph_4.16.11-ph.orig.tar.gz
+ 79df0418f414893efbd93f5cdc838a31 1209 kernel optional linux-4.16.11-ph_4.16.11-ph-83.debian.tar.gz
+ 904e974c7ffad339227d77a9c3e68810 11615454 kernel optional linux-headers-4.16.11-ph_4.16.11-ph-83_amd64.deb
+ b1ffc9b7d9cf78a4dd6cd2cf04d6962e 54683722 kernel optional linux-image-4.16.11-ph_4.16.11-ph-83_amd64.deb
+ 70da5dc9b322a6bd5cd13cf717401f5c 985542 devel optional linux-libc-dev_4.16.11-ph-83_amd64.deb

build/linux/Documentation/ABI/testing/sysfs-devices-system-cpu

@@ -453,6 +453,7 @@ What:		/sys/devices/system/cpu/vulnerabilities
 		/sys/devices/system/cpu/vulnerabilities/meltdown
 		/sys/devices/system/cpu/vulnerabilities/spectre_v1
 		/sys/devices/system/cpu/vulnerabilities/spectre_v2
+		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
 Date:		January 2018
 Contact:	Linux kernel mailing list <[email protected]>
 Description:	Information about CPU vulnerabilities

build/linux/Documentation/admin-guide/kernel-parameters.txt

@@ -2647,6 +2647,9 @@
 			allow data leaks with this option, which is equivalent
 			to spectre_v2=off.
 
+	nospec_store_bypass_disable
+			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability
+
 	noxsave		[BUGS=X86] Disables x86 extended register state save
 			and restore using xsave. The kernel will fallback to
 			enabling legacy floating-point and sse state.
@@ -3997,6 +4000,48 @@
 			Not specifying this option is equivalent to
 			spectre_v2=auto.
 
+	spec_store_bypass_disable=
+			[HW] Control Speculative Store Bypass (SSB) Disable mitigation
+			(Speculative Store Bypass vulnerability)
+
+			Certain CPUs are vulnerable to an exploit against a
+			a common industry wide performance optimization known
+			as "Speculative Store Bypass" in which recent stores
+			to the same memory location may not be observed by
+			later loads during speculative execution. The idea
+			is that such stores are unlikely and that they can
+			be detected prior to instruction retirement at the
+			end of a particular speculation execution window.
+
+			In vulnerable processors, the speculatively forwarded
+			store can be used in a cache side channel attack, for
+			example to read memory to which the attacker does not
+			directly have access (e.g. inside sandboxed code).
+
+			This parameter controls whether the Speculative Store
+			Bypass optimization is used.
+
+			on      - Unconditionally disable Speculative Store Bypass
+			off     - Unconditionally enable Speculative Store Bypass
+			auto    - Kernel detects whether the CPU model contains an
+				  implementation of Speculative Store Bypass and
+				  picks the most appropriate mitigation. If the
+				  CPU is not vulnerable, "off" is selected. If the
+				  CPU is vulnerable the default mitigation is
+				  architecture and Kconfig dependent. See below.
+			prctl   - Control Speculative Store Bypass per thread
+				  via prctl. Speculative Store Bypass is enabled
+				  for a process by default. The state of the control
+				  is inherited on fork.
+			seccomp - Same as "prctl" above, but all seccomp threads
+				  will disable SSB unless they explicitly opt out.
+
+			Not specifying this option is equivalent to
+			spec_store_bypass_disable=auto.
+
+			Default mitigations:
+			X86:	If CONFIG_SECCOMP=y "seccomp", otherwise "prctl"
+
 	spia_io_base=	[HW,MTD]
 	spia_fio_base=
 	spia_pedr=

build/linux/Documentation/devicetree/bindings/net/marvell-pp2.txt

@@ -21,9 +21,10 @@ Required properties:
 	- main controller clock (for both armada-375-pp2 and armada-7k-pp2)
 	- GOP clock (for both armada-375-pp2 and armada-7k-pp2)
 	- MG clock (only for armada-7k-pp2)
+	- MG Core clock (only for armada-7k-pp2)
 	- AXI clock (only for armada-7k-pp2)
-- clock-names: names of used clocks, must be "pp_clk", "gop_clk", "mg_clk"
-  and "axi_clk" (the 2 latter only for armada-7k-pp2).
+- clock-names: names of used clocks, must be "pp_clk", "gop_clk", "mg_clk",
+  "mg_core_clk" and "axi_clk" (the 3 latter only for armada-7k-pp2).
 
 The ethernet ports are represented by subnodes. At least one port is
 required.
@@ -80,8 +81,8 @@ cpm_ethernet: ethernet@0 {
 	compatible = "marvell,armada-7k-pp22";
 	reg = <0x0 0x100000>, <0x129000 0xb000>;
 	clocks = <&cpm_syscon0 1 3>, <&cpm_syscon0 1 9>,
-		 <&cpm_syscon0 1 5>, <&cpm_syscon0 1 18>;
-	clock-names = "pp_clk", "gop_clk", "gp_clk", "axi_clk";
+		 <&cpm_syscon0 1 5>, <&cpm_syscon0 1 6>, <&cpm_syscon0 1 18>;
+	clock-names = "pp_clk", "gop_clk", "mg_clk", "mg_core_clk", "axi_clk";
 
 	eth0: eth0 {
 		interrupts = <ICU_GRP_NSR 39 IRQ_TYPE_LEVEL_HIGH>,

build/linux/Documentation/userspace-api/index.rst

@@ -19,6 +19,7 @@ place where this information is gathered.
    no_new_privs
    seccomp_filter
    unshare
+   spec_ctrl
 
 .. only::  subproject and html
 

build/linux/Documentation/userspace-api/spec_ctrl.rst

@@ -0,0 +1,94 @@
+===================
+Speculation Control
+===================
+
+Quite some CPUs have speculation-related misfeatures which are in
+fact vulnerabilities causing data leaks in various forms even across
+privilege domains.
+
+The kernel provides mitigation for such vulnerabilities in various
+forms. Some of these mitigations are compile-time configurable and some
+can be supplied on the kernel command line.
+
+There is also a class of mitigations which are very expensive, but they can
+be restricted to a certain set of processes or tasks in controlled
+environments. The mechanism to control these mitigations is via
+:manpage:`prctl(2)`.
+
+There are two prctl options which are related to this:
+
+ * PR_GET_SPECULATION_CTRL
+
+ * PR_SET_SPECULATION_CTRL
+
+PR_GET_SPECULATION_CTRL
+-----------------------
+
+PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
+which is selected with arg2 of prctl(2). The return value uses bits 0-3 with
+the following meaning:
+
+==== ===================== ===================================================
+Bit  Define                Description
+==== ===================== ===================================================
+0    PR_SPEC_PRCTL         Mitigation can be controlled per task by
+                           PR_SET_SPECULATION_CTRL.
+1    PR_SPEC_ENABLE        The speculation feature is enabled, mitigation is
+                           disabled.
+2    PR_SPEC_DISABLE       The speculation feature is disabled, mitigation is
+                           enabled.
+3    PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
+                           subsequent prctl(..., PR_SPEC_ENABLE) will fail.
+==== ===================== ===================================================
+
+If all bits are 0 the CPU is not affected by the speculation misfeature.
+
+If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
+available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
+misfeature will fail.
+
+PR_SET_SPECULATION_CTRL
+-----------------------
+
+PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
+is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
+in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or
+PR_SPEC_FORCE_DISABLE.
+
+Common error codes
+------------------
+======= =================================================================
+Value   Meaning
+======= =================================================================
+EINVAL  The prctl is not implemented by the architecture or unused
+        prctl(2) arguments are not 0.
+
+ENODEV  arg2 is selecting a not supported speculation misfeature.
+======= =================================================================
+
+PR_SET_SPECULATION_CTRL error codes
+-----------------------------------
+======= =================================================================
+Value   Meaning
+======= =================================================================
+0       Success
+
+ERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
+        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.
+
+ENXIO   Control of the selected speculation misfeature is not possible.
+        See PR_GET_SPECULATION_CTRL.
+
+EPERM   Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller
+        tried to enable it again.
+======= =================================================================
+
+Speculation misfeature controls
+-------------------------------
+- PR_SPEC_STORE_BYPASS: Speculative Store Bypass
+
+  Invocations:
+   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
+   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
+   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);

build/linux/Makefile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 VERSION = 4
 PATCHLEVEL = 16
-SUBLEVEL = 10
+SUBLEVEL = 11
 EXTRAVERSION =
 LOCALVERSION =
 NAME = Fearless Coyote

build/linux/arch/arm/include/asm/assembler.h

@@ -536,4 +536,14 @@ THUMB(	orr	\reg , \reg , #PSR_T_BIT	)
 #endif
 	.endm
 
+#ifdef CONFIG_KPROBES
+#define _ASM_NOKPROBE(entry)				\
+	.pushsection "_kprobe_blacklist", "aw" ;	\
+	.balign 4 ;					\
+	.long entry;					\
+	.popsection
+#else
+#define _ASM_NOKPROBE(entry)
+#endif
+
 #endif /* __ASM_ASSEMBLER_H__ */

build/linux/arch/arm/include/asm/kvm_mmu.h

@@ -295,6 +295,22 @@ static inline unsigned int kvm_get_vmid_bits(void)
 	return 8;
 }
 
+/*
+ * We are not in the kvm->srcu critical section most of the time, so we take
+ * the SRCU read lock here. Since we copy the data from the user page, we
+ * can immediately drop the lock again.
+ */
+static inline int kvm_read_guest_lock(struct kvm *kvm,
+				      gpa_t gpa, void *data, unsigned long len)
+{
+	int srcu_idx = srcu_read_lock(&kvm->srcu);
+	int ret = kvm_read_guest(kvm, gpa, data, len);
+
+	srcu_read_unlock(&kvm->srcu, srcu_idx);
+
+	return ret;
+}
+
 static inline void *kvm_get_hyp_vector(void)
 {
 	return kvm_ksym_ref(__kvm_hyp_vector);

build/linux/arch/arm/kernel/traps.c

@@ -19,6 +19,7 @@
 #include <linux/uaccess.h>
 #include <linux/hardirq.h>
 #include <linux/kdebug.h>
+#include <linux/kprobes.h>
 #include <linux/module.h>
 #include <linux/kexec.h>
 #include <linux/bug.h>
@@ -417,7 +418,8 @@ void unregister_undef_hook(struct undef_hook *hook)
 	raw_spin_unlock_irqrestore(&undef_lock, flags);
 }
 
-static int call_undef_hook(struct pt_regs *regs, unsigned int instr)
+static nokprobe_inline
+int call_undef_hook(struct pt_regs *regs, unsigned int instr)
 {
 	struct undef_hook *hook;
 	unsigned long flags;
@@ -490,6 +492,7 @@ asmlinkage void do_undefinstr(struct pt_regs *regs)
 
 	arm_notify_die("Oops - undefined instruction", regs, &info, 0, 6);
 }
+NOKPROBE_SYMBOL(do_undefinstr)
 
 /*
  * Handle FIQ similarly to NMI on x86 systems.