This is the start of the stable review cycle for the 4.16.11 release. There are 110 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue May 22 21:04:14 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.11-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.16.11-rc1 Alexei Starovoitov <ast@xxxxxxxxxx> bpf: Prevent memory disambiguation attack Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Rename SSBD_NO to SSB_NO Tom Lendacky <thomas.lendacky@xxxxxxx> KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/bugs: Rework spec_ctrl base and mask logic Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/bugs: Remove x86_spec_ctrl_set() Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/bugs: Expose x86_spec_ctrl_base directly Borislav Petkov <bp@xxxxxxx> x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/speculation: Rework speculative_store_bypass_update() Tom Lendacky <thomas.lendacky@xxxxxxx> x86/speculation: Add virtualized speculative store bypass disable support Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/speculation: Handle HT correctly on AMD Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/cpufeatures: Add FEATURE_ZEN Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/cpufeatures: Disentangle SSBD enumeration Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS Borislav Petkov <bp@xxxxxxx> x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP Thomas Gleixner <tglx@xxxxxxxxxxxxx> KVM: SVM: Move spec control call after restore of GS Jim Mattson <jmattson@xxxxxxxxxx> x86/cpu: Make alternative_msr_write work for 32-bit code Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Fix the parameters alignment and missing void Jiri Kosina <jkosina@xxxxxxx> x86/bugs: Make cpu_show_common() static Jiri Kosina <jkosina@xxxxxxx> x86/bugs: Fix __ssb_select_mitigation() return type Borislav Petkov <bp@xxxxxxx> Documentation/spec_ctrl: Do some minor cleanups Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> proc: Use underscores for SSBD in 'status' Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Rename _RDS to _SSBD Kees Cook <keescook@xxxxxxxxxxxx> x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Thomas Gleixner <tglx@xxxxxxxxxxxxx> seccomp: Move speculation migitation control to arch code Kees Cook <keescook@xxxxxxxxxxxx> seccomp: Add filter flag to opt-out of SSB mitigation Thomas Gleixner <tglx@xxxxxxxxxxxxx> seccomp: Use PR_SPEC_FORCE_DISABLE Thomas Gleixner <tglx@xxxxxxxxxxxxx> prctl: Add force disable speculation Kees Cook <keescook@xxxxxxxxxxxx> x86/bugs: Make boot modes __ro_after_init Kees Cook <keescook@xxxxxxxxxxxx> seccomp: Enable speculation flaw mitigations Kees Cook <keescook@xxxxxxxxxxxx> proc: Provide details on speculation flaw mitigations Kees Cook <keescook@xxxxxxxxxxxx> nospec: Allow getting/setting on non-current task Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/speculation: Add prctl for Speculative Store Bypass mitigation Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/process: Allow runtime control of Speculative Store Bypass Thomas Gleixner <tglx@xxxxxxxxxxxxx> prctl: Add speculation control prctls Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/speculation: Create spec-ctrl.h to avoid include hell Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Whitelist allowed SPEC_CTRL MSR values Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs/intel: Set proper CPU features and setup RDS Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/cpufeatures: Add X86_FEATURE_RDS Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Expose /sys/../spec_store_bypass Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs, KVM: Support the combination of guest and host IBRS Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Concentrate bug reporting into a separate function Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> x86/bugs: Concentrate bug detection into a separate function Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> x86/nospec: Simplify alternative_msr_write() Liu Bo <bo.liu@xxxxxxxxxxxxxxxxx> btrfs: fix reading stale metadata blocks after degraded raid1 mounts Nikolay Borisov <nborisov@xxxxxxxx> btrfs: Fix delalloc inodes invalidation during transaction abort Nikolay Borisov <nborisov@xxxxxxxx> btrfs: Split btrfs_del_delalloc_inode into 2 functions Anand Jain <anand.jain@xxxxxxxxxx> btrfs: fix crash when trying to resume balance without the resume flag Misono Tomohiro <misono.tomohiro@xxxxxxxxxxxxxx> btrfs: property: Set incompat flag if lzo/zstd compression is set Robbie Ko <robbieko@xxxxxxxxxxxx> Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting Filipe Manana <fdmanana@xxxxxxxx> Btrfs: fix xattr loss after power failure Masami Hiramatsu <mhiramat@xxxxxxxxxx> ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Masami Hiramatsu <mhiramat@xxxxxxxxxx> ARM: 8770/1: kprobes: Prohibit probing on optimized_callback Masami Hiramatsu <mhiramat@xxxxxxxxxx> ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed Dexuan Cui <decui@xxxxxxxxxxxxx> tick/broadcast: Use for_each_cpu() specially on UP kernels Dmitry Safonov <dima@xxxxxxxxxx> x86/mm: Drop TS_COMPAT on 64-bit exec() syscall Thomas Gleixner <tglx@xxxxxxxxxxxxx> x86/apic/x2apic: Initialize cluster ID properly Masami Hiramatsu <mhiramat@xxxxxxxxxx> ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> x86/pkeys: Do not special case protection key 0 Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> x86/pkeys: Override pkey when moving away from PROT_EXEC Coly Li <colyli@xxxxxxx> bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n Martin Schwidefsky <schwidefsky@xxxxxxxxxx> s390: remove indirect branch from do_softirq_own_stack Julian Wiedmann <jwi@xxxxxxxxxxxxx> s390/qdio: don't release memory in qdio_setup_irq() Hendrik Brueckner <brueckner@xxxxxxxxxxxxx> s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Julian Wiedmann <jwi@xxxxxxxxxxxxx> s390/qdio: fix access to uninitialized qdio_q fields Michel Thierry <michel.thierry@xxxxxxxxx> drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> mm: don't allow deferred pages with NEED_PER_CPU_KM Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx> radix tree: fix multi-order iteration race Matthew Wilcox <mawilcox@xxxxxxxxxxxxx> lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly Miquel Raynal <miquel.raynal@xxxxxxxxxxx> cpufreq: armada-37xx: driver relies on cpufreq-dt Haneen Mohammed <hamohammed.sa@xxxxxxxxx> drm: Match sysfs name in link removal to link creation Nicholas Piggin <npiggin@xxxxxxxxx> powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Boris Brezillon <boris.brezillon@xxxxxxxxxxx> mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 Alexander Monakov <amonakov@xxxxxxxxx> i2c: designware: fix poll-after-enable regression Maxime Chevallier <maxime.chevallier@xxxxxxxxxxx> ARM64: dts: marvell: armada-cp110: Add mg_core_clk for ethernet node Maxime Chevallier <maxime.chevallier@xxxxxxxxxxx> ARM64: dts: marvell: armada-cp110: Add clocks for the xmdio node kbuild test robot <fengguang.wu@xxxxxxxxx> netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static Florian Westphal <fw@xxxxxxxxx> netfilter: nf_tables: can't fail after linking rule into active rule list Florian Westphal <fw@xxxxxxxxx> netfilter: nf_tables: free set name in error path Jann Horn <jannh@xxxxxxxxxx> tee: shm: fix use-after-free via temporarily dropped reference Guenter Roeck <linux@xxxxxxxxxxxx> x86/amd_nb: Add support for Raven Ridge CPUs Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx> vsprintf: Replace memory barrier with static_key for random_ptr_key update Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx> tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Halil Pasic <pasic@xxxxxxxxxxxxxxxxxx> vfio: ccw: fix cleanup if cp_prefetch fails Guenter Roeck <linux@xxxxxxxxxxxx> hwmon: (k10temp) Use API function to access System Management Network Guenter Roeck <linux@xxxxxxxxxxxx> hwmon: (k10temp) Fix reading critical temperature register Andre Przywara <andre.przywara@xxxxxxx> KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Andre Przywara <andre.przywara@xxxxxxx> KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls Andre Przywara <andre.przywara@xxxxxxx> KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity Andre Przywara <andre.przywara@xxxxxxx> KVM: arm/arm64: Properly protect VGIC locks from IRQs Sean Christopherson <sean.j.christopherson@xxxxxxxxx> KVM: vmx: update sec exec controls for UMIP iff emulating UMIP Kamal Dasu <kdasu.kdev@xxxxxxxxx> spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kamal Dasu <kdasu.kdev@xxxxxxxxx> spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> spi: pxa2xx: Allow 64-bit DMA Wenwen Wang <wang6495@xxxxxxx> ALSA: control: fix a redundant-copy issue Hans de Goede <hdegoede@xxxxxxxxxx> ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Jeremy Soller <jeremy@xxxxxxxxxxxx> ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup Federico Cuello <fedux@xxxxxxxxxxxx> ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Shuah Khan (Samsung OSG) <shuah@xxxxxxxxxx> usbip: usbip_host: fix bad unlock balance during stub_probe() Shuah Khan (Samsung OSG) <shuah@xxxxxxxxxx> usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Shuah Khan (Samsung OSG) <shuah@xxxxxxxxxx> usbip: usbip_host: run rebind from exit when module is removed Shuah Khan (Samsung OSG) <shuah@xxxxxxxxxx> usbip: usbip_host: delete device from busid_table after rebind Shuah Khan <shuah@xxxxxxxxxx> usbip: usbip_host: refine probe and disconnect debug msgs to be useful Mathias Nyman <mathias.nyman@xxxxxxxxxxxxxxx> xhci: Fix USB3 NULL pointer dereference at logical disconnect. ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/kernel-parameters.txt | 45 +++ .../devicetree/bindings/net/marvell-pp2.txt | 9 +- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/spec_ctrl.rst | 94 +++++ Makefile | 4 +- arch/arm/include/asm/assembler.h | 10 + arch/arm/include/asm/kvm_mmu.h | 16 + arch/arm/kernel/traps.c | 5 +- arch/arm/lib/getuser.S | 10 + arch/arm/probes/kprobes/opt-arm.c | 4 +- arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 7 +- arch/arm64/include/asm/kvm_mmu.h | 16 + arch/powerpc/platforms/powernv/opal-nvram.c | 14 +- arch/s390/kernel/irq.c | 5 +- arch/s390/kernel/perf_cpum_sf.c | 4 + arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/include/asm/cpufeatures.h | 20 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/asm/mmu_context.h | 2 +- arch/x86/include/asm/msr-index.h | 9 + arch/x86/include/asm/nospec-branch.h | 43 ++- arch/x86/include/asm/pkeys.h | 18 +- arch/x86/include/asm/spec-ctrl.h | 80 +++++ arch/x86/include/asm/thread_info.h | 4 +- arch/x86/kernel/amd_nb.c | 6 + arch/x86/kernel/apic/x2apic_cluster.c | 1 + arch/x86/kernel/cpu/amd.c | 22 ++ arch/x86/kernel/cpu/bugs.c | 397 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 146 ++++++++ arch/x86/kernel/process_64.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/svm.c | 66 ++-- arch/x86/kvm/vmx.c | 60 ++-- arch/x86/kvm/x86.c | 13 +- arch/x86/mm/pkeys.c | 21 +- arch/x86/xen/mmu.c | 4 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/base/cpu.c | 8 + drivers/cpufreq/Kconfig.arm | 2 +- drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/i915/i915_reg.h | 3 + drivers/gpu/drm/i915/intel_engine_cs.c | 4 + drivers/hwmon/Kconfig | 2 +- drivers/hwmon/k10temp.c | 51 ++- drivers/i2c/busses/i2c-designware-master.c | 5 +- drivers/md/bcache/debug.c | 3 + drivers/mtd/nand/marvell_nand.c | 8 +- drivers/s390/cio/qdio_setup.c | 12 +- drivers/s390/cio/vfio_ccw_cp.c | 13 +- drivers/spi/spi-bcm-qspi.c | 28 +- drivers/spi/spi-pxa2xx.h | 2 +- drivers/tee/tee_shm.c | 5 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/usbip/stub.h | 2 + drivers/usb/usbip/stub_dev.c | 43 ++- drivers/usb/usbip/stub_main.c | 105 +++++- fs/btrfs/ctree.c | 22 +- fs/btrfs/ctree.h | 2 + fs/btrfs/disk-io.c | 26 +- fs/btrfs/inode.c | 13 +- fs/btrfs/props.c | 12 +- fs/btrfs/tree-log.c | 7 + fs/btrfs/volumes.c | 9 + fs/proc/array.c | 25 ++ include/linux/bpf_verifier.h | 1 + include/linux/cpu.h | 2 + include/linux/efi.h | 8 +- include/linux/nospec.h | 10 + include/linux/sched.h | 10 +- include/linux/seccomp.h | 5 +- include/trace/events/xen.h | 16 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 5 +- kernel/bpf/verifier.c | 59 ++- kernel/seccomp.c | 21 +- kernel/sys.c | 23 ++ kernel/time/tick-broadcast.c | 8 + lib/radix-tree.c | 6 +- lib/test_bitmap.c | 21 +- lib/vsprintf.c | 26 +- mm/Kconfig | 1 + net/netfilter/nf_tables_api.c | 75 ++-- sound/core/control_compat.c | 3 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/usb/mixer.c | 8 + tools/testing/selftests/seccomp/seccomp_bpf.c | 22 +- virt/kvm/arm/vgic/vgic-debug.c | 5 +- virt/kvm/arm/vgic/vgic-its.c | 34 +- virt/kvm/arm/vgic/vgic-v3.c | 4 +- virt/kvm/arm/vgic/vgic.c | 22 +- 96 files changed, 1731 insertions(+), 373 deletions(-)
