Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2018-05-23 07:13:14 +0200
committerKernel Build Daemon <kbuild@suse.de>2018-05-23 07:13:14 +0200
commit51b34053770bf1bc30ecb16a86376860d6fe7463 (patch)
treee85da22cca00db36c99196870725e63981076770
parent19660db2ebf440bcc931872273ba8678ca5e216d (diff)
parent890e4fa2a0c9328409fa36a9fe411aaa7d705675 (diff)
Merge branch 'SLE12-SP3' into openSUSE-42.3
-rw-r--r--patches.arch/powerpc-64s-Add-support-for-a-store-forwarding-barri.patch64
-rw-r--r--patches.arch/ppc64le-livepatch-12-Add-livepatch-stack-to-struct-thread_info8
-rw-r--r--patches.drivers/ALSA-hda-conexant-Add-fixup-for-HP-Z2-G4-workstation29
-rw-r--r--patches.drivers/nvme-target-fix-buffer-overflow.patch43
-rw-r--r--patches.fixes/0001-Fixes-typo-for-watchdog-hpwdt-Update-nmi_panic-messa.patch28
-rw-r--r--patches.fixes/0001-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch65
-rw-r--r--patches.fixes/0002-watchdog-hpwdt-Update-Module-info-and-copyright.patch43
-rw-r--r--patches.fixes/0003-watchdog-hpwdt-Update-nmi_panic-message.patch80
-rw-r--r--patches.fixes/0004-watchdog-hpwdt-Modify-to-use-watchdog-core.patch363
-rw-r--r--patches.fixes/0005-watchdog-hpwdt-condition-early-return-of-NMI-handler.patch57
-rw-r--r--patches.fixes/nvme-don-t-send-keep-alives-to-the-discovery-control.patch3
-rw-r--r--patches.kernel.org/4.4.127-004-perf-hwbp-Simplify-the-perf-hwbp-code-fix-doc.patch2
-rw-r--r--patches.suse/01-x86-nospec-simplify-alternative_msr_write.patch3
-rw-r--r--patches.suse/02-x86-bugs-concentrate-bug-detection-into-a-separate-function.patch3
-rw-r--r--patches.suse/03-x86-bugs-concentrate-bug-reporting-into-a-separate-function.patch3
-rw-r--r--patches.suse/04-x86-bugs-read-spec_ctrl-msr-during-boot-and-re-use-reserved-bits.patch3
-rw-r--r--patches.suse/05-x86-bugs-kvm-support-the-combination-of-guest-and-host-ibrs.patch3
-rw-r--r--patches.suse/06-x86-bugs-expose-sys-spec_store_bypass.patch3
-rw-r--r--patches.suse/07-x86-cpufeatures-add-x86_feature_rds.patch3
-rw-r--r--patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch3
-rw-r--r--patches.suse/09-x86-bugs-intel-set-proper-cpu-features-and-setup-rds.patch3
-rw-r--r--patches.suse/10-x86-bugs-whitelist-allowed-spec_ctrl-msr-values.patch3
-rw-r--r--patches.suse/11-x86-bugs-amd-add-support-to-disable-rds-on-famh-if-requested.patch3
-rw-r--r--patches.suse/12-x86-kvm-vmx-expose-spec_ctrl-bit2-to-the-guest.patch3
-rw-r--r--patches.suse/13-x86-speculation-create-spec-ctrl-h-to-avoid-include-hell.patch3
-rw-r--r--patches.suse/14-prctl-add-speculation-control-prctls.patch3
-rw-r--r--patches.suse/15-x86-process-allow-runtime-control-of-speculative-store-bypass.patch3
-rw-r--r--patches.suse/16-x86-speculation-add-prctl-for-speculative-store-bypass-mitigation.patch3
-rw-r--r--patches.suse/17-nospec-allow-getting-setting-on-non-current-task.patch3
-rw-r--r--patches.suse/18-proc-provide-details-on-speculation-flaw-mitigations.patch3
-rw-r--r--patches.suse/19-seccomp-enable-speculation-flaw-mitigations.patch3
-rw-r--r--patches.suse/20-x86-bugs-make-boot-modes-_ro_after_init.patch3
-rw-r--r--patches.suse/21-prctl-add-force-disable-speculation.patch3
-rw-r--r--patches.suse/22-seccomp-use-pr_spec_force_disable.patch3
-rw-r--r--patches.suse/23-seccomp-add-filter-flag-to-opt-out-of-ssb-mitigation.patch3
-rw-r--r--patches.suse/24-seccomp-move-speculation-migitation-control-to-arch-code.patch3
-rw-r--r--patches.suse/25-x86-speculation-make-seccomp-the-default-mode-for-speculative-store-bypass.patch6
-rw-r--r--patches.suse/26-x86-bugs-rename-rds-to-ssbd.patch3
-rw-r--r--patches.suse/27-proc-use-underscores-for-ssbd-in-status.patch3
-rwxr-xr-xscripts/git_sort/git_sort.py23
-rwxr-xr-xscripts/log27
-rw-r--r--series.conf7
42 files changed, 778 insertions, 128 deletions
diff --git a/patches.arch/powerpc-64s-Add-support-for-a-store-forwarding-barri.patch b/patches.arch/powerpc-64s-Add-support-for-a-store-forwarding-barri.patch
index 2b46b9b7aa..6c0bb0fa58 100644
--- a/patches.arch/powerpc-64s-Add-support-for-a-store-forwarding-barri.patch
+++ b/patches.arch/powerpc-64s-Add-support-for-a-store-forwarding-barri.patch
@@ -1,8 +1,8 @@
-From eb74009ea65d3a476fb26e9e46d51e6a8b20b1b3 Mon Sep 17 00:00:00 2001
+From 05b062b5cf5b1711bab747256fbe9f5f4b9928fb Mon Sep 17 00:00:00 2001
From: Nicholas Piggin <npiggin@gmail.com>
Date: Tue, 24 Apr 2018 16:55:14 +1000
-Subject: [PATCH 1/3] powerpc/64s: Add support for a store forwarding barrier
- at kernel entry/exit
+Subject: [PATCH] powerpc/64s: Add support for a store forwarding barrier at
+ kernel entry/exit
References: CVE-2018-3639, bsc#1087082
Patch-mainline: no, under development
@@ -26,18 +26,19 @@ Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Acked-by: Michal Suchanek <msuchanek@suse.de>
---
- arch/powerpc/include/asm/exception-64s.h | 29 +++++++
+ arch/powerpc/include/asm/exception-64s.h | 29 ++++++++
arch/powerpc/include/asm/feature-fixups.h | 19 +++++
arch/powerpc/include/asm/setup.h | 12 ++-
- arch/powerpc/kernel/exceptions-64s.S | 27 +++++-
- arch/powerpc/kernel/setup_64.c | 137 +++++++++++++++++++++++++++++-
- arch/powerpc/kernel/vmlinux.lds.S | 14 +++
- arch/powerpc/lib/feature-fixups.c | 105 +++++++++++++++++++++++
+ arch/powerpc/kernel/exceptions-64s.S | 27 ++++++-
+ arch/powerpc/kernel/setup_64.c | 119 +++++++++++++++++++++++++++++-
+ arch/powerpc/kernel/vmlinux.lds.S | 14 ++++
+ arch/powerpc/lib/feature-fixups.c | 105 ++++++++++++++++++++++++++
arch/powerpc/platforms/powernv/setup.c | 1 +
arch/powerpc/platforms/pseries/setup.c | 1 +
- 9 files changed, 338 insertions(+), 7 deletions(-)
+ 9 files changed, 320 insertions(+), 7 deletions(-)
diff --git a/arch/powerpc/include/asm/exception-64s.h b/arch/powerpc/include/asm/exception-64s.h
+index 9bddbec441b8..4f03287e95cc 100644
--- a/arch/powerpc/include/asm/exception-64s.h
+++ b/arch/powerpc/include/asm/exception-64s.h
@@ -50,6 +50,27 @@
@@ -247,19 +248,18 @@ index aab556f0ebd4..8d996c39eb71 100644
rfi_flush_fallback:
SET_SCRATCH0(r13);
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
+index ad5b45439661..5a006b81fac0 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
-@@ -71,6 +71,9 @@
+@@ -70,6 +70,7 @@
#include <asm/kvm_ppc.h>
#include <asm/hugetlb.h>
#include <asm/epapr_hcalls.h>
-+#ifdef CONFIG_PPC_PSERIES
-+#include <asm/plpar_wrappers.h>
-+#endif
++#include <asm/security_features.h>
#ifdef DEBUG
#define DBG(fmt...) udbg_printf(fmt)
-@@ -850,11 +853,48 @@ early_initcall(disable_hardlockup_detector);
+@@ -847,11 +848,48 @@ early_initcall(disable_hardlockup_detector);
#endif
#ifdef CONFIG_PPC_BOOK3S_64
@@ -309,15 +309,14 @@ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
static int __init handle_no_rfi_flush(char *p)
{
pr_info("rfi-flush: disabled on command line.");
-@@ -883,10 +923,21 @@ static void do_nothing(void *unused)
+@@ -880,10 +918,21 @@ static void do_nothing(void *unused)
*/
}
-void rfi_flush_enable(bool enable)
+static void stf_barrier_enable(bool enable)
- {
- if (enable) {
-- do_rfi_flush_fixups(enabled_flush_types);
++{
++ if (enable) {
+ do_stf_barrier_fixups(stf_enabled_flush_types);
+ on_each_cpu(do_nothing, NULL, 1);
+ } else
@@ -327,13 +326,14 @@ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
+}
+
+static void rfi_flush_enable(bool enable)
-+{
-+ if (enable) {
+ {
+ if (enable) {
+- do_rfi_flush_fixups(enabled_flush_types);
+ do_rfi_flush_fixups(rfi_enabled_flush_types);
on_each_cpu(do_nothing, NULL, 1);
} else
do_rfi_flush_fixups(L1D_FLUSH_NONE);
-@@ -894,6 +945,57 @@ void rfi_flush_enable(bool enable)
+@@ -891,6 +940,41 @@ void rfi_flush_enable(bool enable)
rfi_flush = enable;
}
@@ -341,10 +341,6 @@ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
+{
+ enum stf_barrier_type type;
+ bool enable, hv;
-+#ifdef CONFIG_PPC_PSERIES
-+ struct h_cpu_char_result result;
-+ long rc;
-+#endif
+
+ hv = cpu_has_feature(CPU_FTR_HVMODE);
+
@@ -358,21 +354,9 @@ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
+ else
+ type = STF_BARRIER_NONE;
+
-+#if 0
+ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
+ (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) ||
+ (security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && hv));
-+#else
-+ enable = true; /* Enable by default */
-+#endif
-+#ifdef CONFIG_PPC_PSERIES
-+ rc = plpar_get_cpu_characteristics(&result);
-+ if (rc == H_SUCCESS) {
-+ if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
-+ (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
-+ enable = false;
-+ }
-+#endif
+
+ if (type == STF_BARRIER_FALLBACK) {
+ pr_info("stf-barrier: fallback barrier available\n");
@@ -391,7 +375,7 @@ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
static void __ref init_fallback_flush(void)
{
u64 l1d_size, limit;
-@@ -935,13 +1037,39 @@ void setup_rfi_flush(enum l1d_flush_type types, bool enable)
+@@ -932,13 +1016,39 @@ void setup_rfi_flush(enum l1d_flush_type types, bool enable)
if (types & L1D_FLUSH_MTTRIG)
pr_info("rfi-flush: mttrig type flush available\n");
@@ -432,7 +416,7 @@ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
static int rfi_flush_set(void *data, u64 val)
{
bool enable;
-@@ -971,6 +1099,7 @@ DEFINE_SIMPLE_ATTRIBUTE(fops_rfi_flush, rfi_flush_get, rfi_flush_set, "%llu\n");
+@@ -968,6 +1078,7 @@ DEFINE_SIMPLE_ATTRIBUTE(fops_rfi_flush, rfi_flush_get, rfi_flush_set, "%llu\n");
static __init int rfi_flush_debugfs_init(void)
{
debugfs_create_file("rfi_flush", 0600, powerpc_debugfs_root, NULL, &fops_rfi_flush);
@@ -606,5 +590,5 @@ index 71824c95cf14..49c82268bb30 100644
/* By default, only probe PCI (can be overridden by rtas_pci) */
pci_add_flags(PCI_PROBE_ONLY);
--
-2.12.3
+2.13.6
diff --git a/patches.arch/ppc64le-livepatch-12-Add-livepatch-stack-to-struct-thread_info b/patches.arch/ppc64le-livepatch-12-Add-livepatch-stack-to-struct-thread_info
index 41318da43f..3a62f8d886 100644
--- a/patches.arch/ppc64le-livepatch-12-Add-livepatch-stack-to-struct-thread_info
+++ b/patches.arch/ppc64le-livepatch-12-Add-livepatch-stack-to-struct-thread_info
@@ -104,13 +104,13 @@ Acked-by: Torsten Duwe <duwe@suse.de>
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -69,6 +69,7 @@
- #include <asm/kvm_ppc.h>
#include <asm/hugetlb.h>
#include <asm/epapr_hcalls.h>
+ #include <asm/security_features.h>
+#include <asm/livepatch.h>
- #ifdef CONFIG_PPC_PSERIES
- #include <asm/plpar_wrappers.h>
- #endif
+
+ #ifdef DEBUG
+ #define DBG(fmt...) udbg_printf(fmt)
@@ -670,16 +671,16 @@ static void __init emergency_stack_init(
limit = min(safe_stack_limit(), ppc64_rma_size);
diff --git a/patches.drivers/ALSA-hda-conexant-Add-fixup-for-HP-Z2-G4-workstation b/patches.drivers/ALSA-hda-conexant-Add-fixup-for-HP-Z2-G4-workstation
new file mode 100644
index 0000000000..87798593c4
--- /dev/null
+++ b/patches.drivers/ALSA-hda-conexant-Add-fixup-for-HP-Z2-G4-workstation
@@ -0,0 +1,29 @@
+From f16041df4c360eccacfe90f96673b37829e4c959 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 18 May 2018 12:14:32 +0200
+Subject: [PATCH 1/2] ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
+Git-commit: f16041df4c360eccacfe90f96673b37829e4c959
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git
+Patch-mainline: Queued in subsystem maintainer repository
+References: bsc#1092975
+
+HP Z2 G4 requires the same workaround as other HP machines that have
+no mic-pin detection.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_conexant.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -965,6 +965,7 @@ static const struct snd_pci_quirk cxt506
+ SND_PCI_QUIRK(0x103c, 0x822e, "HP ProBook 440 G4", CXT_FIXUP_MUTE_LED_GPIO),
+ SND_PCI_QUIRK(0x103c, 0x8299, "HP 800 G3 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x103c, 0x829a, "HP 800 G3 DM", CXT_FIXUP_HP_MIC_NO_PRESENCE),
++ SND_PCI_QUIRK(0x103c, 0x8455, "HP Z2 G4", CXT_FIXUP_HP_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN),
+ SND_PCI_QUIRK(0x152d, 0x0833, "OLPC XO-1.5", CXT_FIXUP_OLPC_XO),
+ SND_PCI_QUIRK(0x17aa, 0x20f2, "Lenovo T400", CXT_PINCFG_LENOVO_TP410),
diff --git a/patches.drivers/nvme-target-fix-buffer-overflow.patch b/patches.drivers/nvme-target-fix-buffer-overflow.patch
new file mode 100644
index 0000000000..ec6cbf111c
--- /dev/null
+++ b/patches.drivers/nvme-target-fix-buffer-overflow.patch
@@ -0,0 +1,43 @@
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 12 Apr 2018 09:16:07 -0600
+Subject: nvme: target: fix buffer overflow
+Patch-mainline: v4.17-rc1
+Git-commit: 6038aa532a224da68c478f34f4dbce33c47169e6
+References: FATE#321732 FATE#321590 bsc#993388
+
+nvmet_execute_get_disc_log_page() passes a fixed-length string into
+nvmet_format_discovery_entry(), which then does a longer memcpy() on
+it, as pointed out by gcc-8:
+
+In function 'nvmet_format_discovery_entry',
+ inlined from 'nvmet_execute_get_disc_log_page' at drivers/nvme/target/discovery.c:126:4:
+drivers/nvme/target/discovery.c:62:2: error: 'memcpy' forming offset [38, 223] is out of the bounds [0, 37] [-Werror=array-bounds]
+ memcpy(e->subnqn, subsys_nqn, NVMF_NQN_SIZE);
+
+Using strncpy() will make this well-defined, filling the rest of the
+buffer with zeroes, under the assumption that the input is either
+a NUL-terminated string, or a byte sequence containing no zeroes.
+If the input is a string that is longer than NVMF_NQN_SIZE, we
+continue to have no NUL-termination in the output.
+
+Fixes: a07b4970f464 ("nvmet: add a generic NVMe target")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Keith Busch <keith.busch@intel.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/nvme/target/discovery.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/nvme/target/discovery.c
++++ b/drivers/nvme/target/discovery.c
+@@ -58,7 +58,7 @@ static void nvmet_format_discovery_entry
+ memcpy(e->trsvcid, port->disc_addr.trsvcid, NVMF_TRSVCID_SIZE);
+ memcpy(e->traddr, port->disc_addr.traddr, NVMF_TRADDR_SIZE);
+ memcpy(e->tsas.common, port->disc_addr.tsas.common, NVMF_TSAS_SIZE);
+- memcpy(e->subnqn, subsys_nqn, NVMF_NQN_SIZE);
++ strncpy(e->subnqn, subsys_nqn, NVMF_NQN_SIZE);
+ }
+
+ static void nvmet_execute_get_disc_log_page(struct nvmet_req *req)
diff --git a/patches.fixes/0001-Fixes-typo-for-watchdog-hpwdt-Update-nmi_panic-messa.patch b/patches.fixes/0001-Fixes-typo-for-watchdog-hpwdt-Update-nmi_panic-messa.patch
new file mode 100644
index 0000000000..77c0c5071f
--- /dev/null
+++ b/patches.fixes/0001-Fixes-typo-for-watchdog-hpwdt-Update-nmi_panic-messa.patch
@@ -0,0 +1,28 @@
+From 7e155fa3d91478f9e2f22c842a9f15bcecf0e8a0 Mon Sep 17 00:00:00 2001
+From: Yadan Fan <ydfan@suse.com>
+Date: Mon, 14 May 2018 15:30:15 +0800
+Subject: [PATCH] Fixes typo for (watchdog: hpwdt: Update nmi_panic message)
+Patch-mainline: Not yet, submitted to upstream but not merged yet
+References: bsc#1085185
+
+Acked-by: Yadan Fan <ydfan@suse.com>
+---
+ drivers/watchdog/hpwdt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
+index ed33d73eb606..8ee982be58d1 100644
+--- a/drivers/watchdog/hpwdt.c
++++ b/drivers/watchdog/hpwdt.c
+@@ -121,7 +121,7 @@ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs)
+ "3. OA Forward Progress Log\n"
+ "4. iLO Event Log";
+
+- if (ilo5 && ulReason == NMI_UNKNOWN && mynmi)
++ if (ilo5 && ulReason == NMI_UNKNOWN && !mynmi)
+ return NMI_DONE;
+
+ if (allow_kdump)
+--
+2.14.1
+
diff --git a/patches.fixes/0001-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch b/patches.fixes/0001-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch
index baae4a8ebe..6abb74266b 100644
--- a/patches.fixes/0001-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch
+++ b/patches.fixes/0001-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch
@@ -1,50 +1,18 @@
-From 3712e377ef58223cbd7d8ae424f0644cb98dc41c Mon Sep 17 00:00:00 2001
-From: Jerry Hoemann <jerry.hoemann@hpe.com>
-Date: Sun, 25 Feb 2018 20:22:20 -0700
-Subject: [PATCH] watchdog: hpwdt: Remove legacy NMI sourcing.
-Patch-mainline: v4.16-rc2
+From 3dfe6018e14a62aa21e8468d5a38bc7ce43c1b80 Mon Sep 17 00:00:00 2001
+From: Yadan Fan <ydfan@suse.com>
+Date: Wed, 11 Apr 2018 17:27:04 +0800
+Subject: [PATCH 1/5] watchdog: hpwdt: Remove legacy NMI sourcing
+Patch-mainline: v4.16-rc2
Git-commit: 2b3d89b402b085b08498e896c65267a145bed486
References: bsc#1085185
-Gen8 and prior Proliant systems supported the "CRU" interface
-to firmware. This interfaces allows linux to "call back" into firmware
-to source the cause of an NMI. This feature isn't fully utilized
-as the actual source of the NMI isn't printed, the driver only
-indicates that the source couldn't be determined when the call
-fails.
-
-With the advent of Gen9, iCRU replaces the CRU. The call back
-feature is no longer available in firmware. To be compatible and
-not attempt to call back into firmware on system not supporting CRU,
-the SMBIOS table is consulted to determine if it is safe to
-make the call back or not.
-
-This results in about half of the driver code being devoted
-to either making CRU calls or determing if it is safe to make
-CRU calls. As noted, the driver isn't really using the results of
-the CRU calls.
-
-Furthermore, as a consequence of the Spectre security issue, the
-BIOS/EFI calls are being wrapped into Spectre-disabling section.
-Removing the call back in hpwdt_pretimeout assists in this effort.
-
-As the CRU sourcing of the NMI isn't required for handling the
-NMI and there are security concerns with making the call back, remove
-the legacy (pre Gen9) NMI sourcing and the DMI code to determine if
-the system had the CRU interface.
-
-Signed-off-by: Jerry Hoemann <jerry.hoemann@hpe.com>
-Acked-by: Ingo Molnar <mingo@kernel.org>
-Reviewed-by: Guenter Roeck <linux@roeck-us.net>
-Signed-off-by: Guenter Roeck <linux@roeck-us.net>
-Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Acked-by: Yadan Fan <ydfan@suse.com>
---
drivers/watchdog/hpwdt.c | 503 +----------------------------------------------
- 1 file changed, 9 insertions(+), 494 deletions(-)
+ 1 file changed, 10 insertions(+), 493 deletions(-)
diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
-index c6b5761479b9..adfcdaebda09 100644
+index c6b5761479b9..1a14a5dd7079 100644
--- a/drivers/watchdog/hpwdt.c
+++ b/drivers/watchdog/hpwdt.c
@@ -28,14 +28,6 @@
@@ -477,17 +445,17 @@ index c6b5761479b9..adfcdaebda09 100644
panic("An NMI occurred. Depending on your system the reason "
"for the NMI is logged in any one of the following "
"resources:\n"
-@@ -516,9 +126,6 @@ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs)
+@@ -516,8 +126,7 @@ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs)
"2. OA Syslog\n"
"3. OA Forward Progress Log\n"
"4. iLO Event Log");
-
-out:
-- return NMI_DONE;
++
+ return NMI_DONE;
}
#endif /* CONFIG_HPWDT_NMI_DECODING */
-
-@@ -675,84 +282,11 @@ static struct miscdevice hpwdt_miscdev = {
+@@ -675,84 +284,11 @@ static struct miscdevice hpwdt_miscdev = {
* Init & Exit
*/
@@ -573,7 +541,7 @@ index c6b5761479b9..adfcdaebda09 100644
/*
* Only one function can register for NMI_UNKNOWN
*/
-@@ -780,45 +314,26 @@ error:
+@@ -780,44 +316,25 @@ error:
dev_warn(&dev->dev,
"Unable to register a die notifier (err=%d).\n",
retval);
@@ -614,16 +582,15 @@ index c6b5761479b9..adfcdaebda09 100644
{
int retval;
- /*
+- /*
- * Check if we can do NMI decoding or not
- */
- hpwdt_check_nmi_decoding(dev);
-
-- /*
+ /*
* First let's find out if we are on an iLO2+ server. We will
* not run on a legacy ASM box.
- * So we only support the G5 ProLiant servers and higher.
-@@ -922,6 +437,6 @@ MODULE_PARM_DESC(nowayout, "Watchdog cannot be stopped once started (default="
+@@ -922,6 +439,6 @@ MODULE_PARM_DESC(nowayout, "Watchdog cannot be stopped once started (default="
#ifdef CONFIG_HPWDT_NMI_DECODING
module_param(allow_kdump, int, 0);
MODULE_PARM_DESC(allow_kdump, "Start a kernel dump after NMI occurs");
@@ -632,5 +599,5 @@ index c6b5761479b9..adfcdaebda09 100644
module_pci_driver(hpwdt_driver);
--
-2.13.6
+2.14.1
diff --git a/patches.fixes/0002-watchdog-hpwdt-Update-Module-info-and-copyright.patch b/patches.fixes/0002-watchdog-hpwdt-Update-Module-info-and-copyright.patch
new file mode 100644
index 0000000000..827761cb6e
--- /dev/null
+++ b/patches.fixes/0002-watchdog-hpwdt-Update-Module-info-and-copyright.patch
@@ -0,0 +1,43 @@
+From d41118fe69ede91fe901220da1b0de237f85e817 Mon Sep 17 00:00:00 2001
+From: Jerry Hoemann <jerry.hoemann@hpe.com>
+Date: Sun, 25 Feb 2018 20:22:19 -0700
+Subject: [PATCH 2/5] watchdog: hpwdt: Update Module info and copyright.
+Patch-mainline: v4.16-rc2
+Git-commit: 9a46fc4ec98701b4e87eac57f34594b9aed50511
+References: bsc#1085185
+
+Update Copyright and Module description to reflect branding changes.
+
+Signed-off-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
+Acked-by: Yadan Fan <ydfan@suse.com>
+---
+ drivers/watchdog/hpwdt.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
+index 1a14a5dd7079..f1204a66986d 100644
+--- a/drivers/watchdog/hpwdt.c
++++ b/drivers/watchdog/hpwdt.c
+@@ -4,7 +4,7 @@
+ *
+ * SoftDog 0.05: A Software Watchdog Device
+ *
+- * (c) Copyright 2015 Hewlett Packard Enterprise Development LP
++ * (c) Copyright 2018 Hewlett Packard Enterprise Development LP
+ * Thomas Mingarelli <thomas.mingarelli@hpe.com>
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -425,7 +425,7 @@ static struct pci_driver hpwdt_driver = {
+ };
+
+ MODULE_AUTHOR("Tom Mingarelli");
+-MODULE_DESCRIPTION("hp watchdog driver");
++MODULE_DESCRIPTION("hpe watchdog driver");
+ MODULE_LICENSE("GPL");
+ MODULE_VERSION(HPWDT_VERSION);
+
+--
+2.14.1
+
diff --git a/patches.fixes/0003-watchdog-hpwdt-Update-nmi_panic-message.patch b/patches.fixes/0003-watchdog-hpwdt-Update-nmi_panic-message.patch
new file mode 100644
index 0000000000..0b3ea8d9fe
--- /dev/null
+++ b/patches.fixes/0003-watchdog-hpwdt-Update-nmi_panic-message.patch
@@ -0,0 +1,80 @@
+From 717ba9341c91b1ba7ccb1d11863b61c9aa6e26aa Mon Sep 17 00:00:00 2001
+From: Jerry Hoemann <jerry.hoemann@hpe.com>
+Date: Sun, 25 Feb 2018 20:22:21 -0700
+Subject: [PATCH 3/5] watchdog: hpwdt: Update nmi_panic message.
+Patch-mainline: v4.16-rc2
+Git-commit: a042229a18acb0422dca08cf92cf940695b5fcb7
+References: bsc#1085185
+
+Include the nmistat in the nmi_panic message to give support
+an indication why the NMI was called (e.g. a timeout or generate
+nmi button.)
+
+Signed-off-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
+Acked-by: Yadan Fan <ydfan@suse.com>
+---
+ drivers/watchdog/hpwdt.c | 20 ++++++++++++--------
+ kernel/panic.c | 2 ++
+ 2 files changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
+index f1204a66986d..f240c81d3170 100644
+--- a/drivers/watchdog/hpwdt.c
++++ b/drivers/watchdog/hpwdt.c
+@@ -113,19 +113,23 @@ static int hpwdt_my_nmi(void)
+ */
+ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs)
+ {
+- if ((ulReason == NMI_UNKNOWN) && !hpwdt_my_nmi())
++ unsigned int mynmi = hpwdt_my_nmi();
++ static char panic_msg[] =
++ "00: An NMI occurred. Depending on your system the reason "
++ "for the NMI is logged in any one of the following resources:\n"
++ "1. Integrated Management Log (IML)\n"
++ "2. OA Syslog\n"
++ "3. OA Forward Progress Log\n"
++ "4. iLO Event Log";
++
++ if ((ulReason == NMI_UNKNOWN) && mynmi)
+ return NMI_DONE;
+
+ if (allow_kdump)
+ hpwdt_stop();
+
+- panic("An NMI occurred. Depending on your system the reason "
+- "for the NMI is logged in any one of the following "
+- "resources:\n"
+- "1. Integrated Management Log (IML)\n"
+- "2. OA Syslog\n"
+- "3. OA Forward Progress Log\n"
+- "4. iLO Event Log");
++ hex_byte_pack(panic_msg, mynmi);
++ nmi_panic(regs, panic_msg);
+
+ return NMI_DONE;
+ }
+diff --git a/kernel/panic.c b/kernel/panic.c
+index 63a623eeb6b3..decde97cf791 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -69,6 +69,7 @@ void __weak nmi_panic_self_stop(struct pt_regs *regs)
+ {
+ panic_smp_self_stop();
+ }
++EXPORT_SYMBOL(nmi_panic_self_stop);
+
+ /*
+ * Stop other CPUs in panic. Architecture dependent code may override this
+@@ -97,6 +98,7 @@ void __weak crash_smp_send_stop(void)
+ }
+
+ atomic_t panic_cpu = ATOMIC_INIT(PANIC_CPU_INVALID);
++EXPORT_SYMBOL(panic_cpu);
+
+ /**
+ * panic - halt the system
+--
+2.14.1
+
diff --git a/patches.fixes/0004-watchdog-hpwdt-Modify-to-use-watchdog-core.patch b/patches.fixes/0004-watchdog-hpwdt-Modify-to-use-watchdog-core.patch
new file mode 100644
index 0000000000..511b876bbc
--- /dev/null
+++ b/patches.fixes/0004-watchdog-hpwdt-Modify-to-use-watchdog-core.patch
@@ -0,0 +1,363 @@
+From 4d2a5d56eafa07939c7f05090d365e8e2f961998 Mon Sep 17 00:00:00 2001
+From: Jerry Hoemann <jerry.hoemann@hpe.com>
+Date: Sun, 25 Feb 2018 20:22:22 -0700
+Subject: [PATCH 4/5] watchdog: hpwdt: Modify to use watchdog core.
+Patch-mainline: v4.16-rc2
+Git-commit: d0a4027f2789d7682afce2cea066d32c85e3d8c4
+References: bsc#1085185
+
+Follow Documentation/watchdog/convert_drivers_to_kernel_api.txt to
+convert hpwdt from legacy watchdog driver to use the watchdog core.
+
+Removed functions: hpwdt_open, hpwdt_release, hpwdt_write, hpwdt_ioctl
+Removed data structures: hpwdt_fops, hpwdt_miscdev, watchdog_device
+Modified functions: hpwdt_start, hpwdt_stop, hpwdt_ping, hpwdt_gettimeleft
+Added functions: hpwdt_settimeout
+Added structures: watchdog_device
+
+Update Kconfig file to show that hpwdt now selects WATCHDOG_CORE.
+
+Signed-off-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
+Acked-by: Yadan Fan <ydfan@suse.com>
+---
+ drivers/watchdog/Kconfig | 1 +
+ drivers/watchdog/hpwdt.c | 216 +++++++++++------------------------------------
+ 2 files changed, 48 insertions(+), 169 deletions(-)
+
+diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
+index 800d459063f9..4da745c9666f 100644
+--- a/drivers/watchdog/Kconfig
++++ b/drivers/watchdog/Kconfig
+@@ -900,6 +900,7 @@ config IT87_WDT
+
+ config HP_WATCHDOG
+ tristate "HP ProLiant iLO2+ Hardware Watchdog Timer"
++ select WATCHDOG_CORE
+ depends on X86 && PCI
+ help
+ A software monitoring watchdog and NMI sourcing driver. This driver
+diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
+index f240c81d3170..a2ae78a6135e 100644
+--- a/drivers/watchdog/hpwdt.c
++++ b/drivers/watchdog/hpwdt.c
+@@ -16,17 +16,13 @@
+ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+ #include <linux/device.h>
+-#include <linux/fs.h>
+ #include <linux/io.h>
+-#include <linux/bitops.h>
+ #include <linux/kernel.h>
+-#include <linux/miscdevice.h>
+ #include <linux/module.h>
+ #include <linux/moduleparam.h>
+ #include <linux/pci.h>
+ #include <linux/pci_ids.h>
+ #include <linux/types.h>
+-#include <linux/uaccess.h>
+ #include <linux/watchdog.h>
+ #include <asm/nmi.h>
+
+@@ -42,8 +38,6 @@ static bool nowayout = WATCHDOG_NOWAYOUT;
+ #ifdef CONFIG_HPWDT_NMI_DECODING
+ static unsigned int allow_kdump = 1;
+ #endif
+-static char expect_release;
+-static unsigned long hpwdt_is_open;
+
+ static void __iomem *pci_mem_addr; /* the PCI-memory address */
+ static unsigned long __iomem *hpwdt_nmistat;
+@@ -61,11 +55,14 @@ MODULE_DEVICE_TABLE(pci, hpwdt_devices);
+ /*
+ * Watchdog operations
+ */
+-static void hpwdt_start(void)
++static int hpwdt_start(struct watchdog_device *wdd)
+ {
+- reload = SECS_TO_TICKS(soft_margin);
++ reload = SECS_TO_TICKS(wdd->timeout);
++
+ iowrite16(reload, hpwdt_timer_reg);
+ iowrite8(0x85, hpwdt_timer_con);
++
++ return 0;
+ }
+
+ static void hpwdt_stop(void)
+@@ -77,31 +74,32 @@ static void hpwdt_stop(void)
+ iowrite8(data, hpwdt_timer_con);
+ }
+
+-static void hpwdt_ping(void)
++static int hpwdt_stop_core(struct watchdog_device *wdd)
+ {
+- iowrite16(reload, hpwdt_timer_reg);
++ hpwdt_stop();
++
++ return 0;
+ }
+
+-static int hpwdt_change_timer(int new_margin)
++static int hpwdt_ping(struct watchdog_device *wdd)
+ {
+- if (new_margin < 1 || new_margin > HPWDT_MAX_TIMER) {
+- pr_warn("New value passed in is invalid: %d seconds\n",
+- new_margin);
+- return -EINVAL;
+- }
+-
+- soft_margin = new_margin;
+- pr_debug("New timer passed in is %d seconds\n", new_margin);
+- reload = SECS_TO_TICKS(soft_margin);
+-
++ iowrite16(reload, hpwdt_timer_reg);
+ return 0;
+ }
+
+-static int hpwdt_time_left(void)
++static unsigned int hpwdt_gettimeleft(struct watchdog_device *wdd)
+ {
+ return TICKS_TO_SECS(ioread16(hpwdt_timer_reg));
+ }
+
++static int hpwdt_settimeout(struct watchdog_device *wdd, unsigned int val)
++{
++ wdd->timeout = val;
++ hpwdt_ping(wdd);
++
++ return 0;
++}
++
+ #ifdef CONFIG_HPWDT_NMI_DECODING
+ static int hpwdt_my_nmi(void)
+ {
+@@ -135,68 +133,6 @@ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs)
+ }
+ #endif /* CONFIG_HPWDT_NMI_DECODING */
+
+-/*
+- * /dev/watchdog handling
+- */
+-static int hpwdt_open(struct inode *inode, struct file *file)
+-{
+- /* /dev/watchdog can only be opened once */
+- if (test_and_set_bit(0, &hpwdt_is_open))
+- return -EBUSY;
+-
+- /* Start the watchdog */
+- hpwdt_start();
+- hpwdt_ping();
+-
+- return nonseekable_open(inode, file);
+-}
+-
+-static int hpwdt_release(struct inode *inode, struct file *file)
+-{
+- /* Stop the watchdog */
+- if (expect_release == 42) {
+- hpwdt_stop();
+- } else {
+- pr_crit("Unexpected close, not stopping watchdog!\n");
+- hpwdt_ping();
+- }
+-
+- expect_release = 0;
+-
+- /* /dev/watchdog is being closed, make sure it can be re-opened */
+- clear_bit(0, &hpwdt_is_open);
+-
+- return 0;
+-}
+-
+-static ssize_t hpwdt_write(struct file *file, const char __user *data,
+- size_t len, loff_t *ppos)
+-{
+- /* See if we got the magic character 'V' and reload the timer */
+- if (len) {
+- if (!nowayout) {
+- size_t i;
+-
+- /* note: just in case someone wrote the magic character
+- * five months ago... */
+- expect_release = 0;
+-
+- /* scan to see whether or not we got the magic char. */
+- for (i = 0; i != len; i++) {
+- char c;
+- if (get_user(c, data + i))
+- return -EFAULT;
+- if (c == 'V')
+- expect_release = 42;
+- }
+- }
+-
+- /* someone wrote to us, we should reload the timer */
+- hpwdt_ping();
+- }
+-
+- return len;
+-}
+
+ static const struct watchdog_info ident = {
+ .options = WDIOF_SETTIMEOUT |
+@@ -205,90 +141,32 @@ static const struct watchdog_info ident = {
+ .identity = "HPE iLO2+ HW Watchdog Timer",
+ };
+
+-static long hpwdt_ioctl(struct file *file, unsigned int cmd,
+- unsigned long arg)
+-{
+- void __user *argp = (void __user *)arg;
+- int __user *p = argp;
+- int new_margin, options;
+- int ret = -ENOTTY;
+-
+- switch (cmd) {
+- case WDIOC_GETSUPPORT:
+- ret = 0;
+- if (copy_to_user(argp, &ident, sizeof(ident)))
+- ret = -EFAULT;
+- break;
+-
+- case WDIOC_GETSTATUS:
+- case WDIOC_GETBOOTSTATUS:
+- ret = put_user(0, p);
+- break;
+-
+- case WDIOC_KEEPALIVE:
+- hpwdt_ping();
+- ret = 0;
+- break;
+-
+- case WDIOC_SETOPTIONS:
+- ret = get_user(options, p);
+- if (ret)
+- break;
+-
+- if (options & WDIOS_DISABLECARD)
+- hpwdt_stop();
+-
+- if (options & WDIOS_ENABLECARD) {
+- hpwdt_start();
+- hpwdt_ping();
+- }
+- break;
+-
+- case WDIOC_SETTIMEOUT:
+- ret = get_user(new_margin, p);
+- if (ret)
+- break;
+-
+- ret = hpwdt_change_timer(new_margin);
+- if (ret)
+- break;
+-
+- hpwdt_ping();
+- /* Fall */
+- case WDIOC_GETTIMEOUT:
+- ret = put_user(soft_margin, p);
+- break;
+-
+- case WDIOC_GETTIMELEFT:
+- ret = put_user(hpwdt_time_left(), p);
+- break;
+- }
+- return ret;
+-}
+-
+ /*
+ * Kernel interfaces
+ */
+-static const struct file_operations hpwdt_fops = {
+- .owner = THIS_MODULE,
+- .llseek = no_llseek,
+- .write = hpwdt_write,
+- .unlocked_ioctl = hpwdt_ioctl,
+- .open = hpwdt_open,
+- .release = hpwdt_release,
++
++static const struct watchdog_ops hpwdt_ops = {
++ .owner = THIS_MODULE,
++ .start = hpwdt_start,
++ .stop = hpwdt_stop_core,
++ .ping = hpwdt_ping,
++ .set_timeout = hpwdt_settimeout,
++ .get_timeleft = hpwdt_gettimeleft,
+ };
+
+-static struct miscdevice hpwdt_miscdev = {
+- .minor = WATCHDOG_MINOR,
+- .name = "watchdog",
+- .fops = &hpwdt_fops,
++static struct watchdog_device hpwdt_dev = {
++ .info = &ident,
++ .ops = &hpwdt_ops,
++ .min_timeout = 1,
++ .max_timeout = HPWDT_MAX_TIMER,
++ .timeout = DEFAULT_MARGIN,
+ };
+
++
+ /*
+ * Init & Exit
+ */
+
+-
+ static int hpwdt_init_nmi_decoding(struct pci_dev *dev)
+ {
+ #ifdef CONFIG_HPWDT_NMI_DECODING
+@@ -379,29 +257,29 @@ static int hpwdt_init_one(struct pci_dev *dev,
+ /* Make sure that timer is disabled until /dev/watchdog is opened */
+ hpwdt_stop();
+
+- /* Make sure that we have a valid soft_margin */
+- if (hpwdt_change_timer(soft_margin))
+- hpwdt_change_timer(DEFAULT_MARGIN);
+-
+ /* Initialize NMI Decoding functionality */
+ retval = hpwdt_init_nmi_decoding(dev);
+ if (retval != 0)
+ goto error_init_nmi_decoding;
+
+- retval = misc_register(&hpwdt_miscdev);
++ watchdog_set_nowayout(&hpwdt_dev, nowayout);
++ if (watchdog_init_timeout(&hpwdt_dev, soft_margin, NULL))
++ dev_warn(&dev->dev, "Invalid soft_margin: %d.\n", soft_margin);
++
++ hpwdt_dev.parent = &dev->dev;
++ retval = watchdog_register_device(&hpwdt_dev);
+ if (retval < 0) {
+- dev_warn(&dev->dev,
+- "Unable to register miscdev on minor=%d (err=%d).\n",
+- WATCHDOG_MINOR, retval);
+- goto error_misc_register;
++ dev_err(&dev->dev, "watchdog register failed: %d.\n", retval);
++ goto error_wd_register;
+ }
+
+ dev_info(&dev->dev, "HPE Watchdog Timer Driver: %s"
+ ", timer margin: %d seconds (nowayout=%d).\n",
+- HPWDT_VERSION, soft_margin, nowayout);
++ HPWDT_VERSION, hpwdt_dev.timeout, nowayout);
++
+ return 0;
+
+-error_misc_register:
++error_wd_register:
+ hpwdt_exit_nmi_decoding();
+ error_init_nmi_decoding:
+ pci_iounmap(dev, pci_mem_addr);
+@@ -415,7 +293,7 @@ static void hpwdt_exit(struct pci_dev *dev)
+ if (!nowayout)
+ hpwdt_stop();
+
+- misc_deregister(&hpwdt_miscdev);
++ watchdog_unregister_device(&hpwdt_dev);
+ hpwdt_exit_nmi_decoding();
+ pci_iounmap(dev, pci_mem_addr);
+ pci_disable_device(dev);
+--
+2.14.1
+
diff --git a/patches.fixes/0005-watchdog-hpwdt-condition-early-return-of-NMI-handler.patch b/patches.fixes/0005-watchdog-hpwdt-condition-early-return-of-NMI-handler.patch
new file mode 100644
index 0000000000..951d297cb9
--- /dev/null
+++ b/patches.fixes/0005-watchdog-hpwdt-condition-early-return-of-NMI-handler.patch
@@ -0,0 +1,57 @@
+From 37c6ed8168bb6e23b0b79d8b27f3b1bae43860fd Mon Sep 17 00:00:00 2001
+From: Jerry Hoemann <jerry.hoemann@hpe.com>
+Date: Sun, 25 Feb 2018 20:22:23 -0700
+Subject: [PATCH 5/5] watchdog: hpwdt: condition early return of NMI handler on
+ iLO5
+Patch-mainline: v4.16-rc2
+Git-commit: a6c24733d29315fd2d8dd7140f83e834658c62d5
+References: bsc#1085185
+
+Modify prior change to not claim an NMI unless originated
+from iLO to apply only to iLO5 and later going forward.
+This restores hpwdt traditional behavior of calling panic
+if the NMI is NMI_IO_CHECK, NMI_SERR, or NMI_UNKNOWN for
+legacy hardware.
+
+Signed-off-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
+Acked-by: Yadan Fan <ydfan@suse.com>
+---
+ drivers/watchdog/hpwdt.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
+index a2ae78a6135e..ed33d73eb606 100644
+--- a/drivers/watchdog/hpwdt.c
++++ b/drivers/watchdog/hpwdt.c
+@@ -32,6 +32,7 @@
+ #define HPWDT_MAX_TIMER TICKS_TO_SECS(65535)
+ #define DEFAULT_MARGIN 30
+
++static bool ilo5;
+ static unsigned int soft_margin = DEFAULT_MARGIN; /* in seconds */
+ static unsigned int reload; /* the computed soft_margin */
+ static bool nowayout = WATCHDOG_NOWAYOUT;
+@@ -120,7 +121,7 @@ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs)
+ "3. OA Forward Progress Log\n"
+ "4. iLO Event Log";
+
+- if ((ulReason == NMI_UNKNOWN) && mynmi)
++ if (ilo5 && ulReason == NMI_UNKNOWN && mynmi)
+ return NMI_DONE;
+
+ if (allow_kdump)
+@@ -277,6 +278,9 @@ static int hpwdt_init_one(struct pci_dev *dev,
+ ", timer margin: %d seconds (nowayout=%d).\n",
+ HPWDT_VERSION, hpwdt_dev.timeout, nowayout);
+
++ if (dev->subsystem_vendor == PCI_VENDOR_ID_HP_3PAR)
++ ilo5 = true;
++
+ return 0;
+
+ error_wd_register:
+--
+2.14.1
+
diff --git a/patches.fixes/nvme-don-t-send-keep-alives-to-the-discovery-control.patch b/patches.fixes/nvme-don-t-send-keep-alives-to-the-discovery-control.patch
index a6400e6e71..b6ab54c9ac 100644
--- a/patches.fixes/nvme-don-t-send-keep-alives-to-the-discovery-control.patch
+++ b/patches.fixes/nvme-don-t-send-keep-alives-to-the-discovery-control.patch
@@ -2,7 +2,8 @@ From: Johannes Thumshirn <jthumshirn@suse.de>
Date: Tue, 27 Mar 2018 10:22:33 +0200
Subject: [PATCH] nvme: don't send keep-alives to the discovery controller
References: bsc#1086607
-Patch-Mainline: submitted linux-nvme 2018/03/25
+Patch-Mainline: v4.17-rc1
+Git-commit: 74c6c71530847808d4e3be7b205719270efee80c
NVMe over Fabrics 1.0 Section 5.2 "Discovery Controller Properties and
Command Support" Figure 31 "Discovery Controller – Admin Commands"
diff --git a/patches.kernel.org/4.4.127-004-perf-hwbp-Simplify-the-perf-hwbp-code-fix-doc.patch b/patches.kernel.org/4.4.127-004-perf-hwbp-Simplify-the-perf-hwbp-code-fix-doc.patch
index b1bd55ef01..115c25f6cf 100644
--- a/patches.kernel.org/4.4.127-004-perf-hwbp-Simplify-the-perf-hwbp-code-fix-doc.patch
+++ b/patches.kernel.org/4.4.127-004-perf-hwbp-Simplify-the-perf-hwbp-code-fix-doc.patch
@@ -1,7 +1,7 @@
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Mon, 26 Mar 2018 15:39:07 -1000
Subject: [PATCH] perf/hwbp: Simplify the perf-hwbp code, fix documentation
-References: bnc#1012382
+References: bnc#1012382, bsc#1089895, CVE-2018-1000199
Patch-mainline: 4.4.127
Git-commit: f67b15037a7a50c57f72e69a6d59941ad90a0f0f
diff --git a/patches.suse/01-x86-nospec-simplify-alternative_msr_write.patch b/patches.suse/01-x86-nospec-simplify-alternative_msr_write.patch
index 1bc73edae1..2a06ef0d03 100644
--- a/patches.suse/01-x86-nospec-simplify-alternative_msr_write.patch
+++ b/patches.suse/01-x86-nospec-simplify-alternative_msr_write.patch
@@ -1,7 +1,8 @@
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 1 May 2018 15:55:51 +0200
Subject: x86/nospec: Simplify alternative_msr_write()
-Patch-mainline: not yet, queued in subsystem tree
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+Git-commit: 1aa7a5735a41418d8e01fa7c9565eb2657e2ea3f
References: bsc#1087082 CVE-2018-3639
The macro is not type safe and I did look for why that "g" constraint for
diff --git a/patches.suse/02-x86-bugs-concentrate-bug-detection-into-a-separate-function.patch b/patches.suse/02-x86-bugs-concentrate-bug-detection-into-a-separate-function.patch
index 8cd5a22591..c19a6a5a38 100644
--- a/patches.suse/02-x86-bugs-concentrate-bug-detection-into-a-separate-function.patch
+++ b/patches.suse/02-x86-bugs-concentrate-bug-detection-into-a-separate-function.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:16 -0400
Subject: x86/bugs: Concentrate bug detection into a separate function
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 4a28bfe3267b68e22c663ac26185aa16c9b879ef
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Combine the various logic which goes through all those
diff --git a/patches.suse/03-x86-bugs-concentrate-bug-reporting-into-a-separate-function.patch b/patches.suse/03-x86-bugs-concentrate-bug-reporting-into-a-separate-function.patch
index 6226d5cf91..a1a6a90eaa 100644
--- a/patches.suse/03-x86-bugs-concentrate-bug-reporting-into-a-separate-function.patch
+++ b/patches.suse/03-x86-bugs-concentrate-bug-reporting-into-a-separate-function.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:17 -0400
Subject: x86/bugs: Concentrate bug reporting into a separate function
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: d1059518b4789cabe34bb4b714d07e6089c82ca1
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Those SysFS functions have a similar preamble, as such make common
diff --git a/patches.suse/04-x86-bugs-read-spec_ctrl-msr-during-boot-and-re-use-reserved-bits.patch b/patches.suse/04-x86-bugs-read-spec_ctrl-msr-during-boot-and-re-use-reserved-bits.patch
index 9ed6ab42b6..8bc5b9721d 100644
--- a/patches.suse/04-x86-bugs-read-spec_ctrl-msr-during-boot-and-re-use-reserved-bits.patch
+++ b/patches.suse/04-x86-bugs-read-spec_ctrl-msr-during-boot-and-re-use-reserved-bits.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:18 -0400
Subject: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 1b86883ccb8d5d9506529d42dbe1a5257cb30b18
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
The 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to all
diff --git a/patches.suse/05-x86-bugs-kvm-support-the-combination-of-guest-and-host-ibrs.patch b/patches.suse/05-x86-bugs-kvm-support-the-combination-of-guest-and-host-ibrs.patch
index 8b08c5e4b3..ecfece3def 100644
--- a/patches.suse/05-x86-bugs-kvm-support-the-combination-of-guest-and-host-ibrs.patch
+++ b/patches.suse/05-x86-bugs-kvm-support-the-combination-of-guest-and-host-ibrs.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:19 -0400
Subject: x86/bugs, KVM: Support the combination of guest and host IBRS
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 5cf687548705412da47c9cec342fd952d71ed3d5
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
A guest may modify the SPEC_CTRL MSR from the value used by the
diff --git a/patches.suse/06-x86-bugs-expose-sys-spec_store_bypass.patch b/patches.suse/06-x86-bugs-expose-sys-spec_store_bypass.patch
index 16d9fdf24a..d05c7b205a 100644
--- a/patches.suse/06-x86-bugs-expose-sys-spec_store_bypass.patch
+++ b/patches.suse/06-x86-bugs-expose-sys-spec_store_bypass.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:20 -0400
Subject: x86/bugs: Expose /sys/../spec_store_bypass
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: c456442cd3a59eeb1d60293c26cbe2ff2c4e42cf
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Add the sysfs file for the new vulerability. It does not do much except
diff --git a/patches.suse/07-x86-cpufeatures-add-x86_feature_rds.patch b/patches.suse/07-x86-cpufeatures-add-x86_feature_rds.patch
index c0ef1b8c19..b0547539f4 100644
--- a/patches.suse/07-x86-cpufeatures-add-x86_feature_rds.patch
+++ b/patches.suse/07-x86-cpufeatures-add-x86_feature_rds.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Sat, 28 Apr 2018 22:34:17 +0200
Subject: x86/cpufeature: Add X86_FEATURE_RDS
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 0cc5fa00b0a88dad140b4e5c2cead9951ad36822
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Add the CPU feature bit CPUID.7.0.EDX[31] which indicates whether the CPU
diff --git a/patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch b/patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch
index 7b083206da..55b27cecea 100644
--- a/patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch
+++ b/patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch
@@ -2,7 +2,8 @@ From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:21 -0400
Subject: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 24f7fc83b9204d20f878c57cb77d261ae825e033
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Contemporary high performance processors use a common industry-wide
diff --git a/patches.suse/09-x86-bugs-intel-set-proper-cpu-features-and-setup-rds.patch b/patches.suse/09-x86-bugs-intel-set-proper-cpu-features-and-setup-rds.patch
index d61ff4f1ac..55952b2c5e 100644
--- a/patches.suse/09-x86-bugs-intel-set-proper-cpu-features-and-setup-rds.patch
+++ b/patches.suse/09-x86-bugs-intel-set-proper-cpu-features-and-setup-rds.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:22 -0400
Subject: x86/bugs/intel: Set proper CPU features and setup RDS
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 772439717dbf703b39990be58d8d4e3e4ad0598a
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Intel CPUs expose methods to:
diff --git a/patches.suse/10-x86-bugs-whitelist-allowed-spec_ctrl-msr-values.patch b/patches.suse/10-x86-bugs-whitelist-allowed-spec_ctrl-msr-values.patch
index 13667241eb..06e3ca023c 100644
--- a/patches.suse/10-x86-bugs-whitelist-allowed-spec_ctrl-msr-values.patch
+++ b/patches.suse/10-x86-bugs-whitelist-allowed-spec_ctrl-msr-values.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:23 -0400
Subject: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 1115a859f33276fe8afb31c60cf9d8e657872558
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Intel and AMD SPEC_CTRL (0x48) MSR semantics may differ in the
diff --git a/patches.suse/11-x86-bugs-amd-add-support-to-disable-rds-on-famh-if-requested.patch b/patches.suse/11-x86-bugs-amd-add-support-to-disable-rds-on-famh-if-requested.patch
index 2fe7a5867e..a2e40386a7 100644
--- a/patches.suse/11-x86-bugs-amd-add-support-to-disable-rds-on-famh-if-requested.patch
+++ b/patches.suse/11-x86-bugs-amd-add-support-to-disable-rds-on-famh-if-requested.patch
@@ -2,7 +2,8 @@ From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:24 -0400
Subject: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
requested
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 764f3c21588a059cd783c6ba0734d4db2d72822d
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
AMD does not need the Speculative Store Bypass mitigation to be enabled.
diff --git a/patches.suse/12-x86-kvm-vmx-expose-spec_ctrl-bit2-to-the-guest.patch b/patches.suse/12-x86-kvm-vmx-expose-spec_ctrl-bit2-to-the-guest.patch
index 546dd6e7bd..c11c93cdc0 100644
--- a/patches.suse/12-x86-kvm-vmx-expose-spec_ctrl-bit2-to-the-guest.patch
+++ b/patches.suse/12-x86-kvm-vmx-expose-spec_ctrl-bit2-to-the-guest.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 25 Apr 2018 22:04:25 -0400
Subject: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: da39556f66f5cfe8f9c989206974f1cb16ca5d7c
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Expose the CPUID.7.EDX[31] bit to the guest, and also guard against various
diff --git a/patches.suse/13-x86-speculation-create-spec-ctrl-h-to-avoid-include-hell.patch b/patches.suse/13-x86-speculation-create-spec-ctrl-h-to-avoid-include-hell.patch
index 15fdfe8122..ec11ad9393 100644
--- a/patches.suse/13-x86-speculation-create-spec-ctrl-h-to-avoid-include-hell.patch
+++ b/patches.suse/13-x86-speculation-create-spec-ctrl-h-to-avoid-include-hell.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Sun, 29 Apr 2018 15:01:37 +0200
Subject: x86/speculation: Create spec-ctrl.h to avoid include hell
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 28a2775217b17208811fa43a9e96bd1fdf417b86
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Having everything in nospec-branch.h creates a hell of dependencies when
diff --git a/patches.suse/14-prctl-add-speculation-control-prctls.patch b/patches.suse/14-prctl-add-speculation-control-prctls.patch
index 1d0e158649..6ec5b13d10 100644
--- a/patches.suse/14-prctl-add-speculation-control-prctls.patch
+++ b/patches.suse/14-prctl-add-speculation-control-prctls.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Sun, 29 Apr 2018 15:20:11 +0200
Subject: prctl: Add speculation control prctls
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: b617cfc858161140d69cc0b5cc211996b557a1c7
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Add two new prctls to control aspects of speculation related vulnerabilites
diff --git a/patches.suse/15-x86-process-allow-runtime-control-of-speculative-store-bypass.patch b/patches.suse/15-x86-process-allow-runtime-control-of-speculative-store-bypass.patch
index 3b5c75e3c7..bf303c882c 100644
--- a/patches.suse/15-x86-process-allow-runtime-control-of-speculative-store-bypass.patch
+++ b/patches.suse/15-x86-process-allow-runtime-control-of-speculative-store-bypass.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Sun, 29 Apr 2018 15:21:42 +0200
Subject: x86/process: Allow runtime control of Speculative Store Bypass
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 885f82bfbc6fefb6664ea27965c3ab9ac4194b8c
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
The Speculative Store Bypass vulnerability can be mitigated with the
diff --git a/patches.suse/16-x86-speculation-add-prctl-for-speculative-store-bypass-mitigation.patch b/patches.suse/16-x86-speculation-add-prctl-for-speculative-store-bypass-mitigation.patch
index cc39f19ff7..b4da74afea 100644
--- a/patches.suse/16-x86-speculation-add-prctl-for-speculative-store-bypass-mitigation.patch
+++ b/patches.suse/16-x86-speculation-add-prctl-for-speculative-store-bypass-mitigation.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Sun, 29 Apr 2018 15:26:40 +0200
Subject: x86/speculation: Add prctl for Speculative Store Bypass mitigation
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: a73ec77ee17ec556fe7f165d00314cb7c047b1ac
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Add prctl based control for Speculative Store Bypass mitigation and make it
diff --git a/patches.suse/17-nospec-allow-getting-setting-on-non-current-task.patch b/patches.suse/17-nospec-allow-getting-setting-on-non-current-task.patch
index 2877402bbc..9a2f7a3cad 100644
--- a/patches.suse/17-nospec-allow-getting-setting-on-non-current-task.patch
+++ b/patches.suse/17-nospec-allow-getting-setting-on-non-current-task.patch
@@ -1,7 +1,8 @@
From: Kees Cook <keescook@chromium.org>
Date: Tue, 1 May 2018 15:19:04 -0700
Subject: nospec: Allow getting/setting on non-current task
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 7bbf1373e228840bb0295a2ca26d548ef37f448e
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Adjust arch_prctl_get/set_spec_ctrl() to operate on tasks other than
diff --git a/patches.suse/18-proc-provide-details-on-speculation-flaw-mitigations.patch b/patches.suse/18-proc-provide-details-on-speculation-flaw-mitigations.patch
index 75937d39ab..36ac0ac038 100644
--- a/patches.suse/18-proc-provide-details-on-speculation-flaw-mitigations.patch
+++ b/patches.suse/18-proc-provide-details-on-speculation-flaw-mitigations.patch
@@ -1,7 +1,8 @@
From: Kees Cook <keescook@chromium.org>
Date: Tue, 1 May 2018 15:31:45 -0700
Subject: proc: Provide details on speculation flaw mitigations
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: fae1fa0fc6cca8beee3ab8ed71d54f9a78fa3f64
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
As done with seccomp and no_new_privs, also show speculation flaw
diff --git a/patches.suse/19-seccomp-enable-speculation-flaw-mitigations.patch b/patches.suse/19-seccomp-enable-speculation-flaw-mitigations.patch
index 5b63108323..ebd19ba651 100644
--- a/patches.suse/19-seccomp-enable-speculation-flaw-mitigations.patch
+++ b/patches.suse/19-seccomp-enable-speculation-flaw-mitigations.patch
@@ -1,7 +1,8 @@
From: Kees Cook <keescook@chromium.org>
Date: Tue, 1 May 2018 15:07:31 -0700
Subject: seccomp: Enable speculation flaw mitigations
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 5c3070890d06ff82eecb808d02d2ca39169533ef
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
When speculation flaw mitigations are opt-in (via prctl), using seccomp
diff --git a/patches.suse/20-x86-bugs-make-boot-modes-_ro_after_init.patch b/patches.suse/20-x86-bugs-make-boot-modes-_ro_after_init.patch
index bef843467e..e3c335d36f 100644
--- a/patches.suse/20-x86-bugs-make-boot-modes-_ro_after_init.patch
+++ b/patches.suse/20-x86-bugs-make-boot-modes-_ro_after_init.patch
@@ -1,7 +1,8 @@
From: Kees Cook <keescook@chromium.org>
Date: Thu, 3 May 2018 15:03:30 -0700
Subject: x86/bugs: Make boot modes __ro_after_init
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: f9544b2b076ca90d887c5ae5d74fab4c21bb7c13
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
There's no reason for these to be changed after boot.
diff --git a/patches.suse/21-prctl-add-force-disable-speculation.patch b/patches.suse/21-prctl-add-force-disable-speculation.patch
index adbbc0761c..4c2c0a845d 100644
--- a/patches.suse/21-prctl-add-force-disable-speculation.patch
+++ b/patches.suse/21-prctl-add-force-disable-speculation.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 3 May 2018 22:09:15 +0200
Subject: prctl: Add force disable speculation
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 356e4bfff2c5489e016fdb925adbf12a1e3950ee
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
For certain use cases it is desired to enforce mitigations so they cannot
diff --git a/patches.suse/22-seccomp-use-pr_spec_force_disable.patch b/patches.suse/22-seccomp-use-pr_spec_force_disable.patch
index e3bc21aae7..76a2af1e07 100644
--- a/patches.suse/22-seccomp-use-pr_spec_force_disable.patch
+++ b/patches.suse/22-seccomp-use-pr_spec_force_disable.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Fri, 4 May 2018 09:40:03 +0200
Subject: seccomp: Use PR_SPEC_FORCE_DISABLE
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: b849a812f7eb92e96d1c8239b06581b2cfd8b275
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Use PR_SPEC_FORCE_DISABLE in seccomp() because seccomp does not allow to
diff --git a/patches.suse/23-seccomp-add-filter-flag-to-opt-out-of-ssb-mitigation.patch b/patches.suse/23-seccomp-add-filter-flag-to-opt-out-of-ssb-mitigation.patch
index 35e6b2e3e8..0a890633ec 100644
--- a/patches.suse/23-seccomp-add-filter-flag-to-opt-out-of-ssb-mitigation.patch
+++ b/patches.suse/23-seccomp-add-filter-flag-to-opt-out-of-ssb-mitigation.patch
@@ -1,7 +1,8 @@
From: Kees Cook <keescook@chromium.org>
Date: Thu, 3 May 2018 14:56:12 -0700
Subject: seccomp: Add filter flag to opt-out of SSB mitigation
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 00a02d0c502a06d15e07b857f8ff921e3e402675
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
If a seccomp user is not interested in Speculative Store Bypass mitigation
diff --git a/patches.suse/24-seccomp-move-speculation-migitation-control-to-arch-code.patch b/patches.suse/24-seccomp-move-speculation-migitation-control-to-arch-code.patch
index 0c94a4e098..ec6a980c16 100644
--- a/patches.suse/24-seccomp-move-speculation-migitation-control-to-arch-code.patch
+++ b/patches.suse/24-seccomp-move-speculation-migitation-control-to-arch-code.patch
@@ -1,7 +1,8 @@
From: Thomas Gleixner <tglx@linutronix.de>
Date: Fri, 4 May 2018 15:12:06 +0200
Subject: seccomp: Move speculation migitation control to arch code
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
The migitation control is simpler to implement in architecture code as it
diff --git a/patches.suse/25-x86-speculation-make-seccomp-the-default-mode-for-speculative-store-bypass.patch b/patches.suse/25-x86-speculation-make-seccomp-the-default-mode-for-speculative-store-bypass.patch
index 57f07e278a..7b402fa6c8 100644
--- a/patches.suse/25-x86-speculation-make-seccomp-the-default-mode-for-speculative-store-bypass.patch
+++ b/patches.suse/25-x86-speculation-make-seccomp-the-default-mode-for-speculative-store-bypass.patch
@@ -1,8 +1,8 @@
From: Kees Cook <keescook@chromium.org>
Date: Thu, 3 May 2018 14:37:54 -0700
-Subject: x86/speculation: Make "seccomp" the default mode for Speculative
- Store Bypass
-Patch-mainline: not yet, queued in subsystem tree
+Subject: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
+Git-commit: f21b53b20c754021935ea43364dbf53778eeba32
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Unless explicitly opted out of, anything running under seccomp will have
diff --git a/patches.suse/26-x86-bugs-rename-rds-to-ssbd.patch b/patches.suse/26-x86-bugs-rename-rds-to-ssbd.patch
index 98fc1de82a..bed4e1d0fa 100644
--- a/patches.suse/26-x86-bugs-rename-rds-to-ssbd.patch
+++ b/patches.suse/26-x86-bugs-rename-rds-to-ssbd.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 9 May 2018 21:41:38 +0200
Subject: x86/bugs: Rename _RDS to _SSBD
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: 9f65fb29374ee37856dbad847b4e121aab72b510
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
Intel collateral will reference the SSB mitigation bit in IA32_SPEC_CTL[2]
diff --git a/patches.suse/27-proc-use-underscores-for-ssbd-in-status.patch b/patches.suse/27-proc-use-underscores-for-ssbd-in-status.patch
index e330cdc774..e0efb47cfe 100644
--- a/patches.suse/27-proc-use-underscores-for-ssbd-in-status.patch
+++ b/patches.suse/27-proc-use-underscores-for-ssbd-in-status.patch
@@ -1,7 +1,8 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Wed, 9 May 2018 21:41:38 +0200
Subject: proc: Use underscores for SSBD in 'status'
-Patch-mainline: not yet, queued in subsystem tree
+Git-commit: e96f46ee8587607a828f783daa6eb5b44d25004d
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
References: bsc#1087082 CVE-2018-3639
The style for the 'status' file is CamelCase or this. _.
diff --git a/scripts/git_sort/git_sort.py b/scripts/git_sort/git_sort.py
index 93c2fd2505..0cd7e99231 100755
--- a/scripts/git_sort/git_sort.py
+++ b/scripts/git_sort/git_sort.py
@@ -218,6 +218,27 @@ oot = Head(RepoURL(None), "out-of-tree patches")
remote_match = re.compile("remote\..+\.url")
+def config_keys(repo):
+ """
+ With libgit < 0.27, pygit2's Config.__iter__() elements are str.
+ With libgit 0.27, the same elements are ConfigEntry instances.
+
+ This function is an adaptation layer to support both interfaces.
+ """
+ try:
+ first = repo.config.__iter__().next()
+ except StopIteration:
+ return
+
+ if isinstance(first, pygit2.config.ConfigEntry):
+ transform = lambda config_entry: config_entry.name
+ else:
+ transform = lambda name: name
+
+ for entry in repo.config:
+ yield transform(entry)
+
+
def get_heads(repo):
"""
Returns
@@ -227,7 +248,7 @@ def get_heads(repo):
result = collections.OrderedDict()
repo_remotes = collections.OrderedDict([
(RepoURL(repo.config[name]), ".".join(name.split(".")[1:-1]))
- for name in repo.config
+ for name in config_keys(repo)
if remote_match.match(name)])
for head in remotes:
diff --git a/scripts/log2 b/scripts/log2
index 4d913c11fa..60281faf99 100755
--- a/scripts/log2
+++ b/scripts/log2
@@ -281,8 +281,8 @@ commit_single_patches()
{
local saved_index=$(git write-tree) patch series
local file added=() modified_aux=() deleted=() no_edit
- local old_series=$(git cat-file blob HEAD:series.conf)
- local new_series=$(cat series.conf)
+ git cat-file blob HEAD:series.conf > "$tmpdir"/old_series
+ cp series.conf "$tmpdir"/new_series
for file in "${modified[@]}"; do
case "$file" in
@@ -310,7 +310,8 @@ commit_single_patches()
patch=$1
shift
# add a series.conf with a single new patch to the index
- series=$(splice_series "$patch" 3<<<$old_series 4<<<$new_series | \
+ series=$(splice_series "$patch" \
+ 3<"$tmpdir"/old_series 4<"$tmpdir"/new_series | \
git hash-object -w --stdin)
git read-tree $(git ls-tree HEAD | \
sed -r "s/(.*)\\<[0-9a-f]{40}\\>(.*\\<series\.conf)$/\1$series\2/" \
diff --git a/series.conf b/series.conf
index 5958e11529..a33ef9939f 100644
--- a/series.conf
+++ b/series.conf
@@ -16671,6 +16671,7 @@
patches.drivers/ALSA-hda-Use-IS_REACHABLE-for-dependency-on-input
patches.drivers/ALSA-hda-realtek-Add-headset-mode-support-for-Dell-l
patches.drivers/ALSA-hda-realtek-Fix-speaker-no-sound-after-system-r
+ patches.drivers/ALSA-hda-conexant-Add-fixup-for-HP-Z2-G4-workstation
patches.drivers/ASoC-wm_adsp-Fix-validation-of-firmware-and-coeff-le
patches.drivers/ASoC-au1x-Fix-timeout-tests-in-au1xac97c_ac97_read
@@ -18216,6 +18217,7 @@
patches.fixes/block-don-t-assign-cmd_flags-in-__blk_rq_prep_clone.patch
patches.suse/blk-mq-fix-bad-clear-of-RQF_MQ_INFLIGHT-in-blk_mq_ct.patch
patches.suse/block-correctly-mask-out-flags-in-blk_rq_append_bio.patch
+ patches.drivers/nvme-target-fix-buffer-overflow.patch
# bsc#1060985
patches.drivers/scsi-sd-Remove-LBPRZ-dependency-for-discards.patch
@@ -23058,6 +23060,11 @@
# bsc#1085185
patches.fixes/0001-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch
+ patches.fixes/0002-watchdog-hpwdt-Update-Module-info-and-copyright.patch
+ patches.fixes/0003-watchdog-hpwdt-Update-nmi_panic-message.patch
+ patches.fixes/0004-watchdog-hpwdt-Modify-to-use-watchdog-core.patch
+ patches.fixes/0005-watchdog-hpwdt-condition-early-return-of-NMI-handler.patch
+ patches.fixes/0001-Fixes-typo-for-watchdog-hpwdt-Update-nmi_panic-messa.patch
# bsc#1082153
patches.fixes/swap-divide-by-zero-when-zero-length-swap-file-on-ssd.patch.patch