Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlaf Hering <ohering@suse.de>2018-06-18 13:03:35 +0200
committerOlaf Hering <ohering@suse.de>2018-06-18 13:03:35 +0200
commit6974ad28760e7326fc4cec3d059bb73ce9b21955 (patch)
tree7bba7f33eb91478a94332f941dcd8620401f0c05
parentc432d89cb67a76d277e3077ccf8cae7ecc7c5073 (diff)
parenta8af698b6aaf8977e5aab4768e6fd19d1587ac6c (diff)
Merge remote-tracking branch 'kerncvs/SLE15' into SLE15-AZURE
Conflicts: rpm/package-descriptions
-rw-r--r--blacklist.conf40
-rw-r--r--config/arm64/default7
-rw-r--r--kabi/severities12
-rw-r--r--patches.apparmor/apparmor-fix-dangling-symlinks-to-policy-rawdata-aft.patch215
-rw-r--r--patches.apparmor/apparmor-fix-display-of-.ns_name-for-containers.patch41
-rw-r--r--patches.apparmor/apparmor-fix-logging-of-the-existence-test-for-signa.patch65
-rw-r--r--patches.apparmor/apparmor-fix-memory-leak-on-buffer-on-error-exit-path.patch34
-rw-r--r--patches.arch/0001-arm64-fix-endianness-annotation-for-__apply_alternat.patch70
-rw-r--r--patches.arch/0002-arm64-alternatives-Add-dynamic-patching-feature.patch219
-rw-r--r--patches.arch/0003-arm-arm64-smccc-Add-SMCCC-specific-return-codes.patch44
-rw-r--r--patches.arch/0004-arm64-Call-ARCH_WORKAROUND_2-on-transitions-between-.patch139
-rw-r--r--patches.arch/0005-arm64-Add-per-cpu-infrastructure-to-call-ARCH_WORKAR.patch84
-rw-r--r--patches.arch/0006-arm64-Add-ARCH_WORKAROUND_2-probing.patch153
-rw-r--r--patches.arch/0007-arm64-Add-ssbd-command-line-option.patch221
-rw-r--r--patches.arch/0008-arm64-ssbd-Add-global-mitigation-state-accessor.patch50
-rw-r--r--patches.arch/0009-arm64-ssbd-Skip-apply_ssbd-if-not-using-dynamic-miti.patch71
-rw-r--r--patches.arch/0010-arm64-ssbd-Restore-mitigation-status-on-CPU-resume.patch107
-rw-r--r--patches.arch/0011-arm64-ssbd-Introduce-thread-flag-to-control-userspac.patch58
-rw-r--r--patches.arch/0012-arm64-ssbd-Add-prctl-interface-for-per-thread-mitiga.patch157
-rw-r--r--patches.arch/0015-arm64-mm-Map-entry-trampoline-into-trampoline-and-ke.patch34
-rw-r--r--patches.arch/0051-arm64-kaslr-Put-kernel-vectors-address-in-separate-d.patch31
-rw-r--r--patches.arch/08-x86-mm-fixmap-generalize-the-gdt-fixmap-mechanism-introduce-struct-cpu_entry_area.patch16
-rw-r--r--patches.arch/22-x86-cpu_entry_area-move-it-out-of-the-fixmap.patch12
-rw-r--r--patches.arch/28-x86-bugs-fix-_ssb_select_mitigation-return-type.patch29
-rw-r--r--patches.arch/29-x86-bugs-make-cpu_show_common-static.patch28
-rw-r--r--patches.arch/30-x86-bugs-fix-the-parameters-alignment-and-missing-void.patch36
-rw-r--r--patches.arch/31-x86-speculation-use-synthetic-bits-for-ibrs-ibpb-stibp.patch189
-rw-r--r--patches.arch/32-x86-cpufeatures-disentangle-msr_spec_ctrl-enumeration-from-ibrs.patch141
-rw-r--r--patches.arch/33-x86-cpufeatures-disentangle-ssbd-enumeration.patch148
-rw-r--r--patches.arch/34-x86-cpufeatures-add-feature_zen.patch51
-rw-r--r--patches.arch/35-x86-speculation-handle-ht-correctly-on-amd.patch230
-rw-r--r--patches.arch/36-x86-bugs-kvm-extend-speculation-control-for-virt_spec_ctrl.patch147
-rw-r--r--patches.arch/37-x86-speculation-add-virtualized-speculative-store-bypass-disable-support.patch92
-rw-r--r--patches.arch/38-x86-speculation-rework-speculative_store_bypass_update.patch64
-rw-r--r--patches.arch/39-x86-bugs-unify-x86_spec_ctrl_-set_guest-restore_host.patch136
-rw-r--r--patches.arch/40-x86-bugs-expose-x86_spec_ctrl_base-directly.patch110
-rw-r--r--patches.arch/41-x86-bugs-remove-x86_spec_ctrl_set.patch68
-rw-r--r--patches.arch/42-x86-bugs-rework-spec_ctrl-base-and-mask-logic.patch89
-rw-r--r--patches.arch/43-x86-speculation-kvm-implement-support-for-virt_spec_ctrl-ls_cfg.patch75
-rw-r--r--patches.arch/44-kvm-svm-implement-virt_spec_ctrl-support-for-ssbd.patch204
-rw-r--r--patches.arch/45-x86-bugs-rename-ssbd_no-to-ssb_no.patch40
-rw-r--r--patches.arch/46-kvm-x86-ia32_arch_capabilities-is-always-supported.patch49
-rw-r--r--patches.arch/47-kvm-vmx-expose-ssbd-properly-to-guests.patch42
-rw-r--r--patches.arch/KABI-hide-ftrace_enabled-in-paca.patch30
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-Fix-ppc_breakpoint_available-compi.patch41
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-Handle-migration-with-POWER9-disab.patch61
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_dabr-on-PO.patch63
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_mode-SET_D.patch40
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-trace_tlbie-must-not-be-called-in-.patch61
-rw-r--r--patches.arch/cpu-hotplug-Provide-cpus_read-write_-un-lock.patch246
-rw-r--r--patches.arch/cpu-hotplug-Provide-lockdep_assert_cpus_held.patch51
-rw-r--r--patches.arch/kvm-mmu-consider-host-cache-mode-in-mmio-page-check62
-rw-r--r--patches.arch/powerpc-64-Use-barrier_nospec-in-syscall-entry.patch9
-rw-r--r--patches.arch/powerpc-64-kexec-fix-race-in-kexec-when-XIVE-is-shut.patch3
-rw-r--r--patches.arch/powerpc-64s-Add-barrier_nospec.patch (renamed from patches.arch/powerpc-Add-barrier_nospec.patch)7
-rw-r--r--patches.arch/powerpc-64s-Add-support-for-a-store-forwarding-barri.patch237
-rw-r--r--patches.arch/powerpc-64s-Add-support-for-ori-barrier_nospec-patch.patch24
-rw-r--r--patches.arch/powerpc-64s-Enable-barrier_nospec-based-on-firmware-.patch17
-rw-r--r--patches.arch/powerpc-64s-Patch-barrier_nospec-in-modules.patch (renamed from patches.arch/powerpc-64-Patch-barrier_nospec-in-modules.patch)42
-rw-r--r--patches.arch/powerpc-64s-idle-avoid-sync-for-KVM-state-when-wakin.patch42
-rw-r--r--patches.arch/powerpc-Don-t-call-lockdep_assert_cpus_held-from-arc.patch71
-rw-r--r--patches.arch/powerpc-Only-obtain-cpu_hotplug_lock-if-called-by-rt.patch132
-rw-r--r--patches.arch/powerpc-Use-barrier_nospec-in-copy_from_user.patch19
-rw-r--r--patches.arch/powerpc-fadump-Do-not-use-hugepages-when-fadump-is-a.patch108
-rw-r--r--patches.arch/powerpc-fadump-exclude-memory-holes-while-reserving-.patch87
-rw-r--r--patches.arch/powerpc-kvm-Fix-guest-boot-failure-on-Power9-since-D.patch53
-rw-r--r--patches.arch/powerpc-kvm-Fix-lockups-when-running-KVM-guests-on-P.patch84
-rw-r--r--patches.arch/powerpc-numa-Invalidate-numa_cpu_lookup_table-on-cpu.patch8
-rw-r--r--patches.arch/powerpc-perf-Add-blacklisted-events-for-Power9-DD2.1.patch98
-rw-r--r--patches.arch/powerpc-perf-Add-blacklisted-events-for-Power9-DD2.2.patch87
-rw-r--r--patches.arch/powerpc-perf-Fix-kernel-address-leak-via-sampling-re.patch76
-rw-r--r--patches.arch/powerpc-perf-Infrastructure-to-support-addition-of-b.patch93
-rw-r--r--patches.arch/powerpc-perf-Prevent-kernel-address-leak-to-userspac.patch47
-rw-r--r--patches.arch/powerpc-perf-Prevent-kernel-address-leak-via-perf_ge.patch43
-rw-r--r--patches.arch/powerpc-xive-fix-hcall-H_INT_RESET-to-support-long-b.patch3
-rw-r--r--patches.arch/powerpc-xive-prepare-all-hcalls-to-support-long-busy.patch3
-rw-r--r--patches.arch/powerpc-xive-shutdown-XIVE-when-kexec-or-kdump-is-pe.patch3
-rw-r--r--patches.arch/powerpc-xmon-Also-setup-debugger-hooks-when-single-stepping.patch73
-rw-r--r--patches.arch/powerpc64-ftrace-Add-a-field-in-paca-to-disable-ftra.patch120
-rw-r--r--patches.arch/powerpc64-ftrace-Add-helpers-to-hard-disable-ftrace.patch49
-rw-r--r--patches.arch/powerpc64-ftrace-Delay-enabling-ftrace-on-secondary-.patch82
-rw-r--r--patches.arch/powerpc64-ftrace-Disable-ftrace-during-hotplug.patch48
-rw-r--r--patches.arch/powerpc64-ftrace-Disable-ftrace-during-kvm-entry-exi.patch66
-rw-r--r--patches.arch/powerpc64-ftrace-Rearrange-ifdef-sections-in-ftrace..patch47
-rw-r--r--patches.arch/powerpc64-kexec-Hard-disable-ftrace-before-switching.patch53
-rw-r--r--patches.arch/powerpc64-module-Tighten-detection-of-mcount-call-si.patch89
-rw-r--r--patches.arch/s390-archrandom-reconsider-s390-arch-random-implementation.patch97
-rw-r--r--patches.arch/s390-archrandom-rework-arch-random-implementation.patch214
-rw-r--r--patches.arch/s390-cio-update-chpid-descriptor-after-resource-acce.patch53
-rw-r--r--patches.arch/s390-cpum_sf-ensure-sample-frequency-of-perf-event-attributes-is-non-zero.patch39
-rw-r--r--patches.arch/s390-dasd-fix-IO-error-for-newly-defined-devices.patch78
-rw-r--r--patches.arch/s390-qdio-fix-access-to-uninitialized-qdio_q-fields.patch42
-rw-r--r--patches.arch/s390-qeth-fix-MAC-address-update-sequence.patch120
-rw-r--r--patches.arch/s390-qeth-translate-SETVLAN-DELVLAN-errors.patch120
-rw-r--r--patches.arch/s390-sles15-03-01-rwlock.patch8
-rw-r--r--patches.arch/s390-uprobes-implement-arch_uretprobe_is_alive.patch43
-rw-r--r--patches.arch/s390-zcrypt-fix-cca-and-ep11-cprb-processing-failure-memory-leak.patch274
-rw-r--r--patches.arch/stop_machine-Provide-stop_machine_cpuslocked.patch121
-rw-r--r--patches.arch/workqueue-Work-around-edge-cases-for-calc-of-pool-s-.patch59
-rw-r--r--patches.arch/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch6
-rw-r--r--patches.arch/x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch7
-rw-r--r--patches.arch/x86-intel_rdt-add-command-line-parameter-to-control-l2_cdp.patch61
-rw-r--r--patches.arch/x86-intel_rdt-add-two-new-resources-for-l2-code-and-data-prioritization-cdp.patch154
-rw-r--r--patches.arch/x86-intel_rdt-enable-l2-cdp-in-msr-ia32_l2_qos_cfg.patch244
-rw-r--r--patches.arch/x86-intel_rdt-enumerate-l2-code-and-data-prioritization-cdp-feature.patch45
-rw-r--r--patches.arch/x86-mm-add-a-function-to-check-if-a-pfn-is-uc-uc-wc68
-rw-r--r--patches.arch/x86-sched-allow-topologies-where-numa-nodes-share-an-llc.patch152
-rw-r--r--patches.arch/x86-tsc-future-proof-native_calibrate_tsc.patch47
-rw-r--r--patches.drivers/0001-init-fix-false-positives-in-W-X-checking.patch86
-rw-r--r--patches.drivers/0001-qla2xxx-Mask-off-Scope-bits-in-retry-delay.patch51
-rw-r--r--patches.drivers/0001-usb-xhci-Make-some-static-functions-global.patch229
-rw-r--r--patches.drivers/0003-md-cluster-Suspend-writes-in-RAID10-if-within-range.patch77
-rw-r--r--patches.drivers/ACPI-APEI-Replace-ioremap_page_range-with-fixmap177
-rw-r--r--patches.drivers/ACPI-EC-Fix-debugfs_create_-usage57
-rw-r--r--patches.drivers/ACPI-acpi_pad-Fix-memory-leak-in-power-saving-thread40
-rw-r--r--patches.drivers/ACPI-bus-Do-not-call-_STA-on-battery-devices-with-un50
-rw-r--r--patches.drivers/ACPI-button-make-module-loadable-when-booted-in-non-60
-rw-r--r--patches.drivers/ACPI-hotplug-PCI-Check-presence-of-slot-itself-in-ge106
-rw-r--r--patches.drivers/ACPI-processor_perflib-Do-not-send-_PPC-change-notif98
-rw-r--r--patches.drivers/ACPI-scan-Initialize-watchdog-before-PNP.patch49
-rw-r--r--patches.drivers/ACPI-scan-Use-acpi_bus_get_status-to-initialize-ACPI90
-rw-r--r--patches.drivers/ACPI-sysfs-Make-ACPI-GPE-mask-kernel-parameter-cover84
-rw-r--r--patches.drivers/ACPI-video-Add-quirk-to-force-acpi-video-backlight-o40
-rw-r--r--patches.drivers/ACPI-video-Default-lcd_only-to-true-on-Win8-ready-an87
-rw-r--r--patches.drivers/ACPI-video-Only-default-only_lcd-to-true-on-Win8-rea84
-rw-r--r--patches.drivers/ACPICA-ACPI-6.0A-Changes-to-the-NFIT-ACPI-table.patch102
-rw-r--r--patches.drivers/ACPICA-Events-add-a-return-on-failure-from-acpi_hw_r44
-rw-r--r--patches.drivers/ACPICA-Fix-memory-leak-on-unusual-memory-leak33
-rw-r--r--patches.drivers/ACPICA-acpi-acpica-fix-acpi-operand-cache-leak-in-ns90
-rw-r--r--patches.drivers/ALSA-aloop-Add-missing-cable-lock-to-ctl-API-callbac110
-rw-r--r--patches.drivers/ALSA-aloop-Mark-paused-device-as-inactive57
-rw-r--r--patches.drivers/ALSA-asihpi-Hardening-for-potential-Spectre-v185
-rw-r--r--patches.drivers/ALSA-caiaq-Add-yet-more-sanity-checks-for-invalid-EP51
-rw-r--r--patches.drivers/ALSA-control-Hardening-for-potential-Spectre-v164
-rw-r--r--patches.drivers/ALSA-control-fix-a-redundant-copy-issue43
-rw-r--r--patches.drivers/ALSA-core-Report-audio_tstamp-in-snd_pcm_sync_ptr35
-rw-r--r--patches.drivers/ALSA-dice-fix-OUI-for-TC-group32
-rw-r--r--patches.drivers/ALSA-dice-fix-error-path-to-destroy-initialized-stre33
-rw-r--r--patches.drivers/ALSA-dice-fix-kernel-NULL-pointer-dereference-due-to138
-rw-r--r--patches.drivers/ALSA-emu10k1-add-a-IOMMU-workaround242
-rw-r--r--patches.drivers/ALSA-emu10k1-add-optional-debug-printouts-with-DMA-a95
-rw-r--r--patches.drivers/ALSA-emu10k1-make-sure-synth-DMA-pages-are-allocated97
-rw-r--r--patches.drivers/ALSA-emu10k1-remove-reserved_page99
-rw-r--r--patches.drivers/ALSA-emu10k1-use-dma_set_mask_and_coherent31
-rw-r--r--patches.drivers/ALSA-hda-Add-ASRock-H81M-HDS-to-the-power_save-black35
-rw-r--r--patches.drivers/ALSA-hda-Add-Clevo-W35xSS_370SS-to-the-power_save-bl38
-rw-r--r--patches.drivers/ALSA-hda-Add-Gigabyte-P55A-UD3-and-Z87-D3HP-to-the-p40
-rw-r--r--patches.drivers/ALSA-hda-Add-Icelake-PCI-ID30
-rw-r--r--patches.drivers/ALSA-hda-Add-Intel-NUC5i7RY-to-the-power_save-blackl35
-rw-r--r--patches.drivers/ALSA-hda-Add-Intel-NUC7i3BNB-to-the-power_save-black35
-rw-r--r--patches.drivers/ALSA-hda-Add-Lenovo-C50-All-in-one-to-the-power_save31
-rw-r--r--patches.drivers/ALSA-hda-Fix-incorrect-usage-of-IS_REACHABLE32
-rw-r--r--patches.drivers/ALSA-hda-Handle-kzalloc-failure-in-snd_hda_attach_pc44
-rw-r--r--patches.drivers/ALSA-hda-Hardening-for-potential-Spectre-v154
-rw-r--r--patches.drivers/ALSA-hda-New-VIA-controller-suppor-no-snoop-path33
-rw-r--r--patches.drivers/ALSA-hda-Skip-jack-and-others-for-non-existing-PCM-s60
-rw-r--r--patches.drivers/ALSA-hda-add-dock-and-led-support-for-HP-EliteBook-83030
-rw-r--r--patches.drivers/ALSA-hda-add-dock-and-led-support-for-HP-ProBook-640-G430
-rw-r--r--patches.drivers/ALSA-hda-ca0132-Add-DSP-Volume-set-and-New-mixers-fo281
-rw-r--r--patches.drivers/ALSA-hda-ca0132-Add-PCI-region2-iomap-for-SBZ74
-rw-r--r--patches.drivers/ALSA-hda-ca0132-Add-dsp-setup-gpio-functions-for-r3d224
-rw-r--r--patches.drivers/ALSA-hda-ca0132-Add-extra-exit-functions-for-R3Di-an195
-rw-r--r--patches.drivers/ALSA-hda-ca0132-Add-new-control-changes-for-SBZ-R3Di982
-rw-r--r--patches.drivers/ALSA-hda-ca0132-Add-pincfg-for-SBZ-R3Di-add-fp-hp-au185
-rw-r--r--patches.drivers/ALSA-hda-ca0132-R3Di-and-SBZ-quirk-entires-alt-firmw152
-rw-r--r--patches.drivers/ALSA-hda-ca0132-add-alt_select_in-out-for-R3Di-SBZ811
-rw-r--r--patches.drivers/ALSA-hda-ca0132-add-ca0132_alt_set_vipsource129
-rw-r--r--patches.drivers/ALSA-hda-ca0132-add-dsp-setup-related-commands-for-t456
-rw-r--r--patches.drivers/ALSA-hda-ca0132-add-extra-init-functions-for-r3di-sb397
-rw-r--r--patches.drivers/ALSA-hda-ca0132-add-the-ability-to-set-src_id-on-scp189
-rw-r--r--patches.drivers/ALSA-hda-ca0132-constify-parameter-table-for-effects89
-rw-r--r--patches.drivers/ALSA-hda-ca0132-constify-read-only-members-of-string54
-rw-r--r--patches.drivers/ALSA-hda-ca0132-constify-templates-for-control-eleme64
-rw-r--r--patches.drivers/ALSA-hda-ca0132-fix-array_size.cocci-warnings57
-rw-r--r--patches.drivers/ALSA-hda-ca0132-fix-build-failure-when-a-local-macro49
-rw-r--r--patches.drivers/ALSA-hda-ca0132-merge-strings-just-for-printk59
-rw-r--r--patches.drivers/ALSA-hda-ca0132-update-core-functions-for-sbz-r3di320
-rw-r--r--patches.drivers/ALSA-hda-conexant-Add-fixup-for-HP-Z2-G4-workstation33
-rw-r--r--patches.drivers/ALSA-hda-conexant-Add-hp-mic-fix-model-string46
-rw-r--r--patches.drivers/ALSA-hda-realtek-Add-shutup-hint51
-rw-r--r--patches.drivers/ALSA-hda-realtek-Add-some-fixes-for-ALC23345
-rw-r--r--patches.drivers/ALSA-hda-realtek-Clevo-P950ER-ALC1220-Fixup29
-rw-r--r--patches.drivers/ALSA-hda-realtek-Enable-mic-mute-hotkey-for-several-44
-rw-r--r--patches.drivers/ALSA-hda-realtek-Fixup-for-HP-x360-laptops-with-B-O-178
-rw-r--r--patches.drivers/ALSA-hda-realtek-Fixup-mute-led-on-HP-Spectre-x36077
-rw-r--r--patches.drivers/ALSA-hda-realtek-Refactor-alc269_fixup_hp_mute_led_m81
-rw-r--r--patches.drivers/ALSA-hda-realtek-Update-ALC255-depop-optimize30
-rw-r--r--patches.drivers/ALSA-hda-realtek-adjust-the-location-of-one-mic33
-rw-r--r--patches.drivers/ALSA-hda-realtek-change-the-location-for-one-of-two-32
-rw-r--r--patches.drivers/ALSA-hda-realtek-set-PINCFG_HEADSET_MIC-to-parse_fla37
-rw-r--r--patches.drivers/ALSA-hdspm-Hardening-for-potential-Spectre-v187
-rw-r--r--patches.drivers/ALSA-hiface-Add-sanity-checks-for-invalid-EPs47
-rw-r--r--patches.drivers/ALSA-line6-Add-yet-more-sanity-checks-for-invalid-EP85
-rw-r--r--patches.drivers/ALSA-line6-Use-correct-endpoint-type-for-midi-output45
-rw-r--r--patches.drivers/ALSA-line6-add-support-for-POD-HD-DESKTOP57
-rw-r--r--patches.drivers/ALSA-line6-add-support-for-POD-HD500X65
-rw-r--r--patches.drivers/ALSA-line6-remove-unnecessary-initialization-to-PODH83
-rw-r--r--patches.drivers/ALSA-opl3-Hardening-for-potential-Spectre-v153
-rw-r--r--patches.drivers/ALSA-pcm-Avoid-potential-races-between-OSS-ioctls-an374
-rw-r--r--patches.drivers/ALSA-pcm-Check-PCM-state-at-xfern-compat-ioctl36
-rw-r--r--patches.drivers/ALSA-pcm-Fix-UAF-at-PCM-release-via-PCM-timer-access57
-rw-r--r--patches.drivers/ALSA-pcm-Fix-endless-loop-for-XRUN-recovery-in-OSS-e51
-rw-r--r--patches.drivers/ALSA-pcm-Fix-mutex-unbalance-in-OSS-emulation-ioctls167
-rw-r--r--patches.drivers/ALSA-pcm-Return-EBUSY-for-OSS-ioctls-changing-busy-s180
-rw-r--r--patches.drivers/ALSA-pcm-potential-uninitialized-return-values40
-rw-r--r--patches.drivers/ALSA-rawmidi-Fix-missing-input-substream-checks-in-c91
-rw-r--r--patches.drivers/ALSA-rme9652-Hardening-for-potential-Spectre-v146
-rw-r--r--patches.drivers/ALSA-seq-Fix-races-at-MIDI-encoding-in-snd_virmidi_o51
-rw-r--r--patches.drivers/ALSA-seq-oss-Fix-unbalanced-use-lock-for-synth-MIDI-44
-rw-r--r--patches.drivers/ALSA-seq-oss-Hardening-for-potential-Spectre-v1334
-rw-r--r--patches.drivers/ALSA-timer-Fix-pause-event-notification42
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-Keep-Interface-control94
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-a-quirk-for-Nura-s-first-gen-head78
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-keep_iface-flag74
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-native-DSD-support-for-Luxman-DA-129
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-native-DSD-support-for-Mytek-DACs68
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-native-DSD-support-for-TEAC-UD-3029
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-sample-rate-quirk-for-Plantronics-C3131
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-sample-rate-quirk-for-Plantronics-C6130
-rw-r--r--patches.drivers/ALSA-usb-audio-Add-sanity-checks-for-invalid-EPs129
-rw-r--r--patches.drivers/ALSA-usb-audio-Allow-to-override-the-longname-string206
-rw-r--r--patches.drivers/ALSA-usb-audio-Apply-vendor-ID-matching-for-sample-r61
-rw-r--r--patches.drivers/ALSA-usb-audio-Avoid-superfluous-usb_set_interface-c59
-rw-r--r--patches.drivers/ALSA-usb-audio-Change-the-semantics-of-the-enable-op52
-rw-r--r--patches.drivers/ALSA-usb-audio-Disable-the-quirk-for-Nura-headset49
-rw-r--r--patches.drivers/ALSA-usb-audio-FIX-native-DSD-support-for-TEAC-UD-50119
-rw-r--r--patches.drivers/ALSA-usb-audio-Generic-DSD-detection-for-XMOS-based-45
-rw-r--r--patches.drivers/ALSA-usb-audio-Give-proper-vendor-product-name-for-D37
-rw-r--r--patches.drivers/ALSA-usb-audio-Initialize-Dell-Dock-playback-volumes106
-rw-r--r--patches.drivers/ALSA-usb-audio-Integrate-native-DSD-support-for-ITF-186
-rw-r--r--patches.drivers/ALSA-usb-audio-Remove-explicitly-listed-Mytek-device30
-rw-r--r--patches.drivers/ALSA-usb-audio-Skip-broken-EU-on-Dell-dock-USB-audio35
-rw-r--r--patches.drivers/ALSA-usb-audio-Support-changing-input-on-Sound-Blast128
-rw-r--r--patches.drivers/ALSA-usb-audio-add-boot-quirk-for-Axe-Fx-III65
-rw-r--r--patches.drivers/ALSA-usb-audio-add-more-quirks-for-DSD-interfaces69
-rw-r--r--patches.drivers/ALSA-usb-audio-simplify-set_sync_ep_implicit_fb_quir96
-rw-r--r--patches.drivers/ALSA-usb-mixer-volume-quirk-for-CM102-A-102S42
-rw-r--r--patches.drivers/ALSA-usx2y-Add-sanity-checks-for-invalid-EPs55
-rw-r--r--patches.drivers/ALSA-usx2y-Fix-invalid-stream-URBs98
-rw-r--r--patches.drivers/ALSA-vmaster-Propagate-slave-error40
-rw-r--r--patches.drivers/ASoC-Intel-Skylake-Disable-clock-gating-during-firmw54
-rw-r--r--patches.drivers/ASoC-Intel-cht_bsw_rt5645-Analog-Mic-support65
-rw-r--r--patches.drivers/ASoC-Intel-sst-remove-redundant-variable-dma_dev_nam42
-rw-r--r--patches.drivers/ASoC-adau17x1-Handling-of-DSP_RUN-register-during-fw92
-rw-r--r--patches.drivers/ASoC-fsl_esai-Fix-divisor-calculation-failure-at-low46
-rw-r--r--patches.drivers/ASoC-hdmi-codec-Fix-module-unloading-caused-kernel-c43
-rw-r--r--patches.drivers/ASoC-hdmi-codec-fix-spelling-mistake-deteced-detecte30
-rw-r--r--patches.drivers/ASoC-hdmi-codec-remove-multi-detection-support193
-rw-r--r--patches.drivers/ASoC-omap-Remove-OMAP_MUX-dependency-from-Nokia-N81037
-rw-r--r--patches.drivers/ASoC-rockchip-Fix-dai_name-for-HDMI-codec36
-rw-r--r--patches.drivers/ASoC-rockchip-rk3288-hdmi-analog-Select-needed-codec32
-rw-r--r--patches.drivers/ASoC-rsnd-mark-PM-functions-__maybe_unused48
-rw-r--r--patches.drivers/ASoC-samsung-i2s-Ensure-the-RCLK-rate-is-properly-de52
-rw-r--r--patches.drivers/ASoC-samsung-odroid-Drop-requirement-of-clocks-in-th142
-rw-r--r--patches.drivers/ASoC-samsung-odroid-Fix-32000-sample-rate-handling77
-rw-r--r--patches.drivers/ASoC-samsung-odroid-Fix-EPLL-frequency-values46
-rw-r--r--patches.drivers/ASoC-ssm2602-Replace-reg_default_raw-with-reg_defaul76
-rw-r--r--patches.drivers/ASoC-topology-Check-widget-kcontrols-before-deref38
-rw-r--r--patches.drivers/ASoC-topology-Fix-bugs-of-freeing-soc-topology32
-rw-r--r--patches.drivers/ASoC-topology-Fix-kcontrol-name-string-handling105
-rw-r--r--patches.drivers/ASoC-topology-create-TLV-data-for-dapm-widgets33
-rw-r--r--patches.drivers/ASoC-topology-fix-some-tiny-memory-leaks45
-rw-r--r--patches.drivers/Bluetooth-Add-a-new-04ca-3015-QCA_ROME-device62
-rw-r--r--patches.drivers/Bluetooth-Fix-missing-encryption-refresh-on-Security54
-rw-r--r--patches.drivers/Bluetooth-Set-HCI_QUIRK_SIMULTANEOUS_DISCOVERY-for-B28
-rw-r--r--patches.drivers/Bluetooth-btrtl-Fix-a-error-code-in-rtl_load_config31
-rw-r--r--patches.drivers/Bluetooth-btusb-Add-Dell-XPS-13-9360-to-btusb_needs_40
-rw-r--r--patches.drivers/Bluetooth-btusb-Add-USB-ID-7392-a611-for-Edimax-EW-773
-rw-r--r--patches.drivers/Bluetooth-btusb-Add-device-ID-for-RTL8822BE32
-rw-r--r--patches.drivers/Bluetooth-btusb-Add-new-NFA344A-entry2
-rw-r--r--patches.drivers/Bluetooth-btusb-Apply-QCA-Rome-patches-for-some-ATH3140
-rw-r--r--patches.drivers/Bluetooth-btusb-Only-check-needs_reset_resume-DMI-ta65
-rw-r--r--patches.drivers/Bluetooth-btusb-add-ID-for-LiteOn-04ca-301637
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Add-6-new-ACPI-HIDs67
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Add-active_low-irq-polarity-quirk-39
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Add-support-for-BCM2E7229
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Add-support-for-BCM2E7E4
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Add-support-for-MINIX-Z83-4-based-87
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Fix-setting-of-irq-trigger-type133
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Handle-empty-packet-after-firmware77
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Make-bcm_request_irq-fail-if-no-IR70
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Remove-DMI-quirk-for-the-MINIX-Z8335
-rw-r--r--patches.drivers/Bluetooth-hci_bcm-Treat-Interrupt-ACPI-resources-as-70
-rw-r--r--patches.drivers/HID-cp2112-fix-broken-gpio_direction_input-callback56
-rw-r--r--patches.drivers/HID-hidraw-Fix-crash-on-HIDIOCGFEATURE-with-a-destro39
-rw-r--r--patches.drivers/HID-i2c-hid-fix-size-check-and-type-usage58
-rw-r--r--patches.drivers/HID-intel-ish-hid-Enable-Gemini-Lake-ish-driver.patch40
-rw-r--r--patches.drivers/HID-roccat-prevent-an-out-of-bounds-read-in-kovaplus34
-rw-r--r--patches.drivers/HID-wacom-EKR-ensure-devres-groups-at-higher-indexes102
-rw-r--r--patches.drivers/HID-wacom-Fix-reporting-of-touch-toggle-WACOM_HID_WD81
-rw-r--r--patches.drivers/HID-wacom-bluetooth-send-exit-report-for-recent-Blue121
-rw-r--r--patches.drivers/IB-core-Generate-GID-change-event-regardless-of-RoCE.patch48
-rw-r--r--patches.drivers/IB-core-Refer-to-RoCE-port-property-instead-of-GID-t.patch32
-rw-r--r--patches.drivers/IB-cq-Don-t-force-IB_POLL_DIRECT-poll-context-for-ib.patch96
-rw-r--r--patches.drivers/IB-hfi1-Fix-NULL-pointer-dereference-when-invalid-nu.patch76
-rw-r--r--patches.drivers/IB-hfi1-Fix-handling-of-FECN-marked-multicast-packet.patch148
-rw-r--r--patches.drivers/IB-hfi1-Re-order-IRQ-cleanup-to-address-driver-clean.patch141
-rw-r--r--patches.drivers/IB-ipoib-Avoid-memory-leak-if-the-SA-returns-a-diffe.patch60
-rw-r--r--patches.drivers/IB-ipoib-Fix-for-potential-no-carrier-state.patch43
-rw-r--r--patches.drivers/IB-mlx4-Fix-integer-overflow-when-calculating-optima.patch55
-rw-r--r--patches.drivers/IB-mlx4-Move-mlx4_uverbs_ex_query_device_resp-to-inc.patch65
-rw-r--r--patches.drivers/IB-mlx5-Enable-ECN-capable-bits-for-UD-RoCE-v2-QPs.patch60
-rw-r--r--patches.drivers/IB-mlx5-Respect-new-UMR-capabilities.patch191
-rw-r--r--patches.drivers/IB-mlx5-Set-the-default-active-rate-and-width-to-QDR.patch40
-rw-r--r--patches.drivers/IB-mlx5-Use-unlimited-rate-when-static-rate-is-not-s.patch55
-rw-r--r--patches.drivers/IB-mlx5-pr_err-and-mlx5_ib_dbg-strings-should-end-wi.patch36
-rw-r--r--patches.drivers/IB-rdmavt-Allocate-CQ-memory-on-the-correct-node.patch57
-rw-r--r--patches.drivers/IB-srp-Fix-completion-vector-assignment-algorithm.patch46
-rw-r--r--patches.drivers/IB-srp-Fix-srp_abort.patch38
-rw-r--r--patches.drivers/IB-srpt-Fix-an-out-of-bounds-stack-access-in-srpt_ze.patch68
-rw-r--r--patches.drivers/IB-uverbs-Fix-validating-mandatory-attributes.patch37
-rw-r--r--patches.drivers/Input-ALPS-fix-TrackStick-detection-on-Thinkpad-L57079
-rw-r--r--patches.drivers/Input-atmel_mxt_ts-add-touchpad-button-mapping-for-S45
-rw-r--r--patches.drivers/Input-elan_i2c_smbus-fix-corrupted-stack129
-rw-r--r--patches.drivers/Input-goodix-disable-IRQs-while-suspended60
-rw-r--r--patches.drivers/Input-i8042-add-Lenovo-ThinkPad-L460-to-i8042-reset-38
-rw-r--r--patches.drivers/Input-i8042-enable-MUX-on-Sony-VAIO-VGN-CS-series-to70
-rw-r--r--patches.drivers/Input-leds-fix-out-of-bound-access55
-rw-r--r--patches.drivers/Input-synaptics-Lenovo-Carbon-X1-Gen5-2017-devices-s30
-rw-r--r--patches.drivers/Input-synaptics-Lenovo-Thinkpad-X1-Carbon-G5-2017-wi38
-rw-r--r--patches.drivers/Input-synaptics-add-Intertouch-support-on-X1-Carbon-39
-rw-r--r--patches.drivers/Input-synaptics-add-Lenovo-80-series-ids-to-SMBus49
-rw-r--r--patches.drivers/Input-synaptics-reset-the-ABS_X-Y-fuzz-after-initial48
-rw-r--r--patches.drivers/KEYS-Use-individual-pages-in-big_key-for-crypto-buff275
-rw-r--r--patches.drivers/NFC-fix-device-allocation-error-return41
-rw-r--r--patches.drivers/PCI-ASPM-Add-L1-Substates-definitions111
-rw-r--r--patches.drivers/PCI-ASPM-Calculate-LTR_L1.2_THRESHOLD-from-device-ch167
-rw-r--r--patches.drivers/PCI-Add-function-1-DMA-alias-quirk-for-Highpoint-Roc36
-rw-r--r--patches.drivers/PCI-Add-function-1-DMA-alias-quirk-for-Marvell-912835
-rw-r--r--patches.drivers/PCI-Create-SR-IOV-virtfn-physfn-links-before-attachi42
-rw-r--r--patches.drivers/PCI-Detach-driver-before-procfs-sysfs-teardown-on-de48
-rw-r--r--patches.drivers/PCI-PME-Handle-invalid-data-when-reading-Root-Status58
-rw-r--r--patches.drivers/PCI-Remove-messages-about-reassigning-resources51
-rw-r--r--patches.drivers/PCI-designware-ep-Fix-find_first_zero_bit-usage149
-rw-r--r--patches.drivers/PCI-shpchp-Enable-bridge-bus-mastering-if-MSI-is-ena38
-rw-r--r--patches.drivers/PM-OPP-Add-missing-of_node_put-np35
-rw-r--r--patches.drivers/PM-OPP-Call-notifier-without-holding-opp_table-lock58
-rw-r--r--patches.drivers/PM-OPP-Move-error-message-to-debug-level44
-rw-r--r--patches.drivers/PM-devfreq-Fix-potential-NULL-pointer-dereference-in39
-rw-r--r--patches.drivers/PM-docs-Drop-an-excess-character-from-devices.rst29
-rw-r--r--patches.drivers/PM-s2idle-Clear-the-events_check_enabled-flag63
-rw-r--r--patches.drivers/PM-wakeirq-Fix-unbalanced-IRQ-enable-for-wakeirq68
-rw-r--r--patches.drivers/RDMA-core-Avoid-that-ib_drain_qp-triggers-an-out-of-.patch89
-rw-r--r--patches.drivers/RDMA-core-Reduce-poll-batch-for-direct-cq-polling.patch103
-rw-r--r--patches.drivers/RDMA-mlx4-Fix-uABI-structure-layouts-for-32-64-compa.patch33
-rw-r--r--patches.drivers/RDMA-mlx5-Fix-crash-while-accessing-garbage-pointer-.patch116
-rw-r--r--patches.drivers/RDMA-mlx5-Protect-from-NULL-pointer-derefence.patch32
-rw-r--r--patches.drivers/RDMA-ocrdma-Fix-permissions-for-OCRDMA_RESET_STATS.patch34
-rw-r--r--patches.drivers/RDMA-rxe-Fix-an-out-of-bounds-read.patch85
-rw-r--r--patches.drivers/RDMA-ucma-Allow-resolving-address-w-o-specifying-sou.patch36
-rw-r--r--patches.drivers/RDMA-ucma-Introduce-safer-rdma_addr_size-variants.patch183
-rw-r--r--patches.drivers/RDMAVT-Fix-synchronization-around-percpu_ref.patch58
-rw-r--r--patches.drivers/Revert-Bluetooth-btusb-Fix-quirk-for-Atheros-1525-QC43
-rw-r--r--patches.drivers/Revert-ath10k-send-re-assoc-peer-command-when-NSS-ch152
-rw-r--r--patches.drivers/Revert-drm-i915-edp-Allow-alternate-fixed-mode-for-eDP224
-rw-r--r--patches.drivers/Revert-rt2800-use-TXOP_BACKOFF-for-probe-frames45
-rw-r--r--patches.drivers/X.509-fix-BUG_ON-when-hash-algorithm-is-unsupported50
-rw-r--r--patches.drivers/X.509-fix-NULL-dereference-when-restricting-key-with93
-rw-r--r--patches.drivers/X.509-fix-comparisons-of-pkey_algo48
-rw-r--r--patches.drivers/X.509-reject-invalid-BIT-STRING-for-subjectPublicKey68
-rw-r--r--patches.drivers/acpi-nfit-Add-support-for-detect-platform-CPU-cache-.patch122
-rw-r--r--patches.drivers/acpi-nfit-add-persistent-memory-control-flag-for-nd_.patch46
-rw-r--r--patches.drivers/acpi-nfit-quiet-invalid-block-aperture-region-warnin.patch33
-rw-r--r--patches.drivers/ath10k-Fix-kernel-panic-while-using-worker-ath10k_st103
-rw-r--r--patches.drivers/ath10k-correct-target-assert-problem-due-to-CE5-stuc38
-rw-r--r--patches.drivers/ath10k-search-all-IEs-for-variant-before-falling-bac247
-rw-r--r--patches.drivers/ath9k-fix-crash-in-spectral-scan146
-rw-r--r--patches.drivers/backlight-tdo24m-Fix-the-SPI-CS-between-transfers79
-rw-r--r--patches.drivers/be2net-Fix-error-detection-logic-for-BE3.patch31
-rw-r--r--patches.drivers/bitmap-fix-memset-optimization-on-big-endian-systems88
-rw-r--r--patches.drivers/bnxt_en-Ignore-src-port-field-in-decap-filter-nodes.patch35
-rw-r--r--patches.drivers/bnxt_en-do-not-allow-wildcard-matches-for-L2-flows.patch122
-rw-r--r--patches.drivers/bnxt_en-fix-clear-flags-in-ethtool-reset-handling.patch44
-rw-r--r--patches.drivers/brcmfmac-Fix-check-for-ISO3166-code34
-rw-r--r--patches.drivers/can-af_can-can_pernet_init-add-missing-error-handlin53
-rw-r--r--patches.drivers/can-af_can-can_rcv-replace-WARN_ONCE-by-pr_warn_once56
-rw-r--r--patches.drivers/can-af_can-canfd_rcv-replace-WARN_ONCE-by-pr_warn_on56
-rw-r--r--patches.drivers/can-c_can-don-t-indicate-triple-sampling-support-for45
-rw-r--r--patches.drivers/can-cc770-Fix-queue-stall-dropped-RTR-reply189
-rw-r--r--patches.drivers/can-cc770-Fix-stalls-on-rt-linux-remove-redundant-IR52
-rw-r--r--patches.drivers/can-cc770-Fix-use-after-free-in-cc770_tx_interrupt38
-rw-r--r--patches.drivers/can-ems_usb-cancel-urb-on-EPIPE-and-EPROTO36
-rw-r--r--patches.drivers/can-esd_usb2-Fix-can_dlc-value-for-received-RTR-fram37
-rw-r--r--patches.drivers/can-esd_usb2-cancel-urb-on-EPIPE-and-EPROTO36
-rw-r--r--patches.drivers/can-flex_can-Correct-the-checking-for-frame-length-i36
-rw-r--r--patches.drivers/can-flexcan-fix-VF610-state-transition-issue41
-rw-r--r--patches.drivers/can-flexcan-fix-i.MX28-state-transition-issue35
-rw-r--r--patches.drivers/can-flexcan-fix-i.MX6-state-transition-issue33
-rw-r--r--patches.drivers/can-flexcan-fix-p1010-state-transition-issue35
-rw-r--r--patches.drivers/can-flexcan-fix-state-transition-regression36
-rw-r--r--patches.drivers/can-flexcan-implement-error-passive-state-quirk162
-rw-r--r--patches.drivers/can-flexcan-rename-legacy-error-state-quirk60
-rw-r--r--patches.drivers/can-gs_usb-fix-busy-loop-if-no-more-TX-context-is-av52
-rw-r--r--patches.drivers/can-gs_usb-fix-return-value-of-the-set_bittiming-cal32
-rw-r--r--patches.drivers/can-ifi-Check-core-revision-upon-probe59
-rw-r--r--patches.drivers/can-ifi-Fix-transmitter-delay-calculation38
-rw-r--r--patches.drivers/can-ifi-Repair-the-error-handling195
-rw-r--r--patches.drivers/can-kvaser_usb-Correct-return-value-in-printout33
-rw-r--r--patches.drivers/can-kvaser_usb-Fix-comparison-bug-in-kvaser_usb_read38
-rw-r--r--patches.drivers/can-kvaser_usb-Ignore-CMD_FLUSH_QUEUE_REPLY-messages50
-rw-r--r--patches.drivers/can-kvaser_usb-Increase-correct-stats-counter-in-kva30
-rw-r--r--patches.drivers/can-kvaser_usb-cancel-urb-on-EPIPE-and-EPROTO36
-rw-r--r--patches.drivers/can-kvaser_usb-free-buf-in-error-paths37
-rw-r--r--patches.drivers/can-kvaser_usb-ratelimit-errors-if-incomplete-messag43
-rw-r--r--patches.drivers/can-mcba_usb-cancel-urb-on-EPROTO34
-rw-r--r--patches.drivers/can-mcba_usb-fix-device-disconnect-bug40
-rw-r--r--patches.drivers/can-peak-Add-support-for-new-PCIe-M2-CAN-FD-interfac64
-rw-r--r--patches.drivers/can-peak-fix-potential-bug-in-packet-fragmentation70
-rw-r--r--patches.drivers/can-peak-pci-fix-potential-bug-when-probe-fails53
-rw-r--r--patches.drivers/can-peak-pcie_fd-fix-echo_skb-is-occupied-bug82
-rw-r--r--patches.drivers/can-peak-pcie_fd-fix-potential-bug-in-restarting-tx-48
-rw-r--r--patches.drivers/can-peak-pcie_fd-remove-useless-code-when-interface-51
-rw-r--r--patches.drivers/can-sun4i-fix-loopback-mode38
-rw-r--r--patches.drivers/can-sun4i-handle-overrun-in-RX-FIFO49
-rw-r--r--patches.drivers/can-ti_hecc-Fix-napi-poll-return-value-for-repoll36
-rw-r--r--patches.drivers/can-usb_8dev-cancel-urb-on-EPIPE-and-EPROTO36
-rw-r--r--patches.drivers/can-vxcan-improve-handling-of-missing-peer-name-attr37
-rw-r--r--patches.drivers/cdrom-information-leak-in-cdrom_ioctl_media_changed35
-rw-r--r--patches.drivers/cfg80211-clear-wep-keys-after-disconnection34
-rw-r--r--patches.drivers/cfg80211-further-limit-wiphy-names-to-64-bytes40
-rw-r--r--patches.drivers/cfg80211-limit-wiphy-names-to-128-bytes50
-rw-r--r--patches.drivers/coresight-Fix-disabling-of-CoreSight-TPIU58
-rw-r--r--patches.drivers/cros_ec-fix-nul-termination-for-firmware-build-info36
-rw-r--r--patches.drivers/crypto-AF_ALG-remove-SGL-terminator-indicator-when-c55
-rw-r--r--patches.drivers/crypto-aes-generic-build-with-Os-on-gcc-789
-rw-r--r--patches.drivers/crypto-aes-generic-fix-aes-generic-regression-on-pow48
-rw-r--r--patches.drivers/crypto-af_alg-fix-possible-uninit-value-in-alg_bind49
-rw-r--r--patches.drivers/crypto-ahash-Fix-early-termination-in-hash-walk43
-rw-r--r--patches.drivers/crypto-arm-arm64-Fix-random-regeneration-of-S_shippe68
-rw-r--r--patches.drivers/crypto-atmel-aes-fix-the-keys-zeroing-on-errors33
-rw-r--r--patches.drivers/crypto-caam-Fix-null-dereference-at-error-path47
-rw-r--r--patches.drivers/crypto-caam-fix-incorrect-define32
-rw-r--r--patches.drivers/crypto-caam-qi-fix-IV-DMA-mapping-and-updating430
-rw-r--r--patches.drivers/crypto-ccp-fix-sparse-use-plain-integer-as-null-pointer.patch64
-rw-r--r--patches.drivers/crypto-drbg-set-freed-buffers-to-NULL38
-rw-r--r--patches.drivers/crypto-lrw-Free-rctx-ext-with-kzfree32
-rw-r--r--patches.drivers/crypto-qat-remove-unused-and-redundant-pointer-vf_in36
-rw-r--r--patches.drivers/crypto-sunxi-ss-Add-MODULE_ALIAS-to-sun4i-ss30
-rw-r--r--patches.drivers/crypto-x86-cast5-avx-fix-ECB-encryption-when-long-sg42
-rw-r--r--patches.drivers/cxgb4-Correct-ntuple-mask-validation-for-hash-filter.patch135
-rw-r--r--patches.drivers/cxgb4-fix-error-return-code-in-adap_init0.patch30
-rw-r--r--patches.drivers/cxgb4-fix-offset-in-collecting-TX-rate-limit-info.patch66
-rw-r--r--patches.drivers/cxgb4vf-Fix-SGE-FL-buffer-initialization-logic-for-6.patch68
-rw-r--r--patches.drivers/dmaengine-at_hdmac-fix-potential-NULL-pointer-derefe46
-rw-r--r--patches.drivers/dmaengine-at_xdmac-fix-rare-residue-corruption70
-rw-r--r--patches.drivers/dmaengine-dmatest-fix-container_of-member-in-dmatest32
-rw-r--r--patches.drivers/dmaengine-dmatest-move-callback-wait-queue-to-thread159
-rw-r--r--patches.drivers/dmaengine-dmatest-warn-user-when-dma-test-times-out36
-rw-r--r--patches.drivers/dmaengine-edma-Align-the-memcpy-acnt-array-size-with77
-rw-r--r--patches.drivers/dmaengine-ioat-Fix-error-handling-path31
-rw-r--r--patches.drivers/dmaengine-jz4740-disable-unprepare-clk-if-probe-fail42
-rw-r--r--patches.drivers/dmaengine-ti-dma-crossbar-Correct-am335x-am43xx-mux-51
-rw-r--r--patches.drivers/dmaengine-ti-dma-crossbar-Fix-event-mapping-for-TPCC44
-rw-r--r--patches.drivers/dmaengine-ti-dma-crossbar-Fix-possible-race-conditio40
-rw-r--r--patches.drivers/docs-disable-KASLR-when-debugging-kernel41
-rw-r--r--patches.drivers/drivers-infiniband-core-verbs.c-fix-build-with-gcc-4.patch41
-rw-r--r--patches.drivers/drivers-infiniband-ulp-srpt-ib_srpt.c-fix-build-with.patch40
-rw-r--r--patches.drivers/drm-Allow-determining-if-current-task-is-output-poll72
-rw-r--r--patches.drivers/drm-Match-sysfs-name-in-link-removal-to-link-creatio48
-rw-r--r--patches.drivers/drm-amd-powerplay-Fix-enum-mismatch73
-rw-r--r--patches.drivers/drm-amdgpu-Add-an-ATPX-quirk-for-hybrid-laptop30
-rw-r--r--patches.drivers/drm-amdgpu-Fix-PCIe-lane-width-calculation41
-rw-r--r--patches.drivers/drm-amdgpu-Fix-always_valid-bos-multiple-LRU-inserti59
-rw-r--r--patches.drivers/drm-amdgpu-Fix-deadlock-on-runtime-suspend150
-rw-r--r--patches.drivers/drm-amdgpu-adjust-timeout-for-ib_ring_tests-v289
-rw-r--r--patches.drivers/drm-amdgpu-disable-GFX-ring-and-disable-PQ-wptr-in-h43
-rw-r--r--patches.drivers/drm-amdgpu-sdma-fix-mask-in-emit_pipeline_sync70
-rw-r--r--patches.drivers/drm-amdgpu-set-COMPUTE_PGM_RSRC1-for-SGPR-VGPR-clear62
-rw-r--r--patches.drivers/drm-amdgpu-si-implement-get-set-pcie_lanes-asic-call108
-rw-r--r--patches.drivers/drm-armada-fix-leak-of-crtc-structure80
-rw-r--r--patches.drivers/drm-ast-Fixed-1280x800-Display-Issue39
-rw-r--r--patches.drivers/drm-atomic-Clean-old_state-new_state-in-drm_atomic_s76
-rw-r--r--patches.drivers/drm-atomic-Clean-private-obj-old_state-new_state-in-49
-rw-r--r--patches.drivers/drm-bridge-analogix-dp-Fix-runtime-PM-state-in-get_m81
-rw-r--r--patches.drivers/drm-bridge-dw-hdmi-Fix-overflow-workaround-for-Amlog43
-rw-r--r--patches.drivers/drm-bridge-tc358767-do-no-fail-on-hi-res-displays52
-rw-r--r--patches.drivers/drm-bridge-tc358767-filter-out-too-high-modes35
-rw-r--r--patches.drivers/drm-bridge-tc358767-fix-1-lane-behavior62
-rw-r--r--patches.drivers/drm-bridge-tc358767-fix-AUXDATAn-registers-access33
-rw-r--r--patches.drivers/drm-bridge-tc358767-fix-DP0_MISC-register-set42
-rw-r--r--patches.drivers/drm-bridge-tc358767-fix-timing-calculations88
-rw-r--r--patches.drivers/drm-bridge-vga-dac-Fix-edid-memory-leak41
-rw-r--r--patches.drivers/drm-exynos-Allow-DRM_EXYNOS-on-s5pv21033
-rw-r--r--patches.drivers/drm-exynos-Fix-default-value-for-zpos-plane-property50
-rw-r--r--patches.drivers/drm-exynos-dsi-mask-frame-done-interrupt44
-rw-r--r--patches.drivers/drm-exynos-fix-comparison-to-bitshift-when-dealing-w30
-rw-r--r--patches.drivers/drm-exynos-g2d-use-monotonic-timestamps68
-rw-r--r--patches.drivers/drm-fsl-dcu-enable-IRQ-before-drm_atomic_helper_resu38
-rw-r--r--patches.drivers/drm-handle-HDMI-2.0-VICs-in-AVI-info-frames19
-rw-r--r--patches.drivers/drm-hisilicon-Ensure-LDI-regs-are-properly-configure45
-rw-r--r--patches.drivers/drm-i915-Adjust-eDP-s-logical-vco-in-a-reliable-plac143
-rw-r--r--patches.drivers/drm-i915-Call-i915_perf_fini-on-init_hw-error-unwind108
-rw-r--r--patches.drivers/drm-i915-Disable-LVDS-on-Radiant-P84545
-rw-r--r--patches.drivers/drm-i915-Do-no-use-kfree-to-free-a-kmem_cache_alloc-41
-rw-r--r--patches.drivers/drm-i915-Don-t-request-a-bug-report-for-unsafe-modul45
-rw-r--r--patches.drivers/drm-i915-Enable-display-WA-1183-from-its-correct-spo64
-rw-r--r--patches.drivers/drm-i915-Fix-LSPCON-TMDS-output-buffer-enabling-from92
-rw-r--r--patches.drivers/drm-i915-Fix-drm-intel_enable_lvds-ERROR-message-in-61
-rw-r--r--patches.drivers/drm-i915-Remove-stale-asserts-from-i915_gem_find_act69
-rw-r--r--patches.drivers/drm-i915-Restore-planes-after-load-detection37
-rw-r--r--patches.drivers/drm-i915-audio-Fix-audio-detection-issue-on-GLK47
-rw-r--r--patches.drivers/drm-i915-audio-set-minimum-CD-clock-to-twice-the-BCL77
-rw-r--r--patches.drivers/drm-i915-bios-filter-out-invalid-DDC-pins-from-VBT-c173
-rw-r--r--patches.drivers/drm-i915-execlists-Use-rmb-to-order-CSB-reads68
-rw-r--r--patches.drivers/drm-i915-gen9-Add-WaClearHIZ_WM_CHICKEN3-for-bxt-and57
-rw-r--r--patches.drivers/drm-i915-glk-Add-MODULE_FIRMWARE-for-Geminilake47
-rw-r--r--patches.drivers/drm-i915-gvt-throw-error-on-unhandled-vfio-ioctls32
-rw-r--r--patches.drivers/drm-i915-lvds-Move-acpi-lid-notification-registratio153
-rw-r--r--patches.drivers/drm-i915-userptr-reject-zero-user_size39
-rw-r--r--patches.drivers/drm-imx-move-arming-of-the-vblank-event-to-atomic_fl47
-rw-r--r--patches.drivers/drm-meson-Fix-an-un-handled-error-path-in-meson_drv_35
-rw-r--r--patches.drivers/drm-meson-Fix-some-error-handling-paths-in-meson_drv76
-rw-r--r--patches.drivers/drm-meson-fix-vsync-buffer-update81
-rw-r--r--patches.drivers/drm-msm-Fix-possible-null-dereference-on-failure-of-61
-rw-r--r--patches.drivers/drm-msm-fix-leak-in-failed-get_pages58
-rw-r--r--patches.drivers/drm-nouveau-Clean-up-nv50_head_atomic_check_mode-and112
-rw-r--r--patches.drivers/drm-nouveau-Convert-nouveau-to-use-new-iterator-macr234
-rw-r--r--patches.drivers/drm-nouveau-Drop-drm_vblank_cleanup39
-rw-r--r--patches.drivers/drm-nouveau-Enable-stereoscopic-3D-output-over-HDMI47
-rw-r--r--patches.drivers/drm-nouveau-Fix-deadlock-in-nv50_mstm_register_conne217
-rw-r--r--patches.drivers/drm-nouveau-Fix-deadlock-on-runtime-suspend114
-rw-r--r--patches.drivers/drm-nouveau-Fix-merge-commit90
-rw-r--r--patches.drivers/drm-nouveau-Handle-drm_atomic_helper_swap_state-fail50
-rw-r--r--patches.drivers/drm-nouveau-Handle-frame-packing-mode-geometry-and-t95
-rw-r--r--patches.drivers/drm-nouveau-Pass-mode-dependent-AVI-and-Vendor-HDMI-95
-rw-r--r--patches.drivers/drm-nouveau-Skip-vga_fini-on-non-PCI-device39
-rw-r--r--patches.drivers/drm-nouveau-Use-the-drm_driver.dumb_destroy-default39
-rw-r--r--patches.drivers/drm-nouveau-bar-gf100-add-config-option-to-limit-BAR72
-rw-r--r--patches.drivers/drm-nouveau-bios-Demote-missing-fp-table-message-to-41
-rw-r--r--patches.drivers/drm-nouveau-bios-iccsense-rails-for-power-sensors-ha43
-rw-r--r--patches.drivers/drm-nouveau-bios-init-add-a-new-devinit-script-inter44
-rw-r--r--patches.drivers/drm-nouveau-bios-init-add-or-link-args-separate-from75
-rw-r--r--patches.drivers/drm-nouveau-bios-init-bump-script-offset-to-32-bits59
-rw-r--r--patches.drivers/drm-nouveau-bios-init-remove-internal-use-of-nvbios_770
-rw-r--r--patches.drivers/drm-nouveau-bios-init-rename-crtc-to-head136
-rw-r--r--patches.drivers/drm-nouveau-bios-init-rename-nvbios_init-to-nvbios_d57
-rw-r--r--patches.drivers/drm-nouveau-bios-volt-Parse-min-and-max-for-Version-41
-rw-r--r--patches.drivers/drm-nouveau-bl-fix-backlight-regression67
-rw-r--r--patches.drivers/drm-nouveau-devinit-use-new-devinit-script-interpret88
-rw-r--r--patches.drivers/drm-nouveau-disp-Add-mechanism-to-convert-HDMI-InfoF136
-rw-r--r--patches.drivers/drm-nouveau-disp-Silence-DCB-warnings81
-rw-r--r--patches.drivers/drm-nouveau-disp-add-tv-encoders-to-output-resource-39
-rw-r--r--patches.drivers/drm-nouveau-disp-common-implementation-of-scanoutpos663
-rw-r--r--patches.drivers/drm-nouveau-disp-delay-output-path-connector-constru251
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-determine-a-failsafe-link-traini115
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-determine-link-bandwidth-require200
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-no-need-for-lt_state-except-duri146
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-only-check-for-re-train-when-the174
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-remove-DP_PWR-method84
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-store-current-link-configuration227
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-train-link-only-when-actively-di76
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-use-cached-link-configuration-wh105
-rw-r--r--patches.drivers/drm-nouveau-disp-dp-use-new-devinit-script-interpret125
-rw-r--r--patches.drivers/drm-nouveau-disp-fork-off-some-new-hw-specific-imple617
-rw-r--r--patches.drivers/drm-nouveau-disp-g84-Extend-NVKM-HDMI-power-control-156
-rw-r--r--patches.drivers/drm-nouveau-disp-g84-gt200-Use-supplied-HDMI-InfoFra104
-rw-r--r--patches.drivers/drm-nouveau-disp-g84-port-OR-HDMI-control-to-nvkm_io837
-rw-r--r--patches.drivers/drm-nouveau-disp-g94-port-OR-DP-drive-setting-contro457
-rw-r--r--patches.drivers/drm-nouveau-disp-g94-port-OR-DP-lane-mapping-to-nvkm178
-rw-r--r--patches.drivers/drm-nouveau-disp-g94-port-OR-DP-link-power-control-t298
-rw-r--r--patches.drivers/drm-nouveau-disp-g94-port-OR-DP-link-setup-to-nvkm_i332
-rw-r--r--patches.drivers/drm-nouveau-disp-g94-port-OR-DP-training-pattern-con297
-rw-r--r--patches.drivers/drm-nouveau-disp-gf119-Use-supplied-HDMI-InfoFrames96
-rw-r--r--patches.drivers/drm-nouveau-disp-gf119-add-missing-drive-vfunc-ptr46
-rw-r--r--patches.drivers/drm-nouveau-disp-gf119-avoid-creating-non-existent-h59
-rw-r--r--patches.drivers/drm-nouveau-disp-gf119-port-OR-DP-VCPI-control-to-nv182
-rw-r--r--patches.drivers/drm-nouveau-disp-gk104-Use-supplied-HDMI-InfoFrames92
-rw-r--r--patches.drivers/drm-nouveau-disp-gm200-allow-non-identity-mapping-of42
-rw-r--r--patches.drivers/drm-nouveau-disp-gt215-Use-supplied-HDMI-InfoFrames104
-rw-r--r--patches.drivers/drm-nouveau-disp-gt215-port-HDA-ELD-controls-to-nvkm616
-rw-r--r--patches.drivers/drm-nouveau-disp-identity-map-display-paths-to-outpu211
-rw-r--r--patches.drivers/drm-nouveau-disp-introduce-acquire-release-display-p749
-rw-r--r--patches.drivers/drm-nouveau-disp-introduce-input-output-resource-abs784
-rw-r--r--patches.drivers/drm-nouveau-disp-introduce-object-to-track-per-head-1076
-rw-r--r--patches.drivers/drm-nouveau-disp-move-vblank_-get-put-methods-into-n474
-rw-r--r--patches.drivers/drm-nouveau-disp-nv04-avoid-creation-of-output-paths31
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-avoid-creating-ORs-that-aren-t232
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-execute-supervisor-on-its-own-87
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-fetch-head-OR-state-at-beginni392
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-gt21x-remove-workaround-for-dp68
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-implement-a-common-supervisor-168
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-implement-a-common-supervisor-2.0314
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-implement-a-common-supervisor-2.1111
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-implement-a-common-supervisor-2.21149
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-implement-a-common-supervisor-3.0556
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-port-OR-manual-sink-detection-383
-rw-r--r--patches.drivers/drm-nouveau-disp-nv50-port-OR-power-state-control-to996
-rw-r--r--patches.drivers/drm-nouveau-disp-remove-hw-specific-customisation-of865
-rw-r--r--patches.drivers/drm-nouveau-disp-rename-nvkm_output-to-nvkm_outp272
-rw-r--r--patches.drivers/drm-nouveau-disp-rename-nvkm_output_dp-to-nvkm_dp770
-rw-r--r--patches.drivers/drm-nouveau-disp-s-nvkm_connector-nvkm_conn246
-rw-r--r--patches.drivers/drm-nouveau-disp-shuffle-functions-around3209
-rw-r--r--patches.drivers/drm-nouveau-falcon-use-a-more-reasonable-msgqueue-ti31
-rw-r--r--patches.drivers/drm-nouveau-fb-gf100-zero-mmu-debug-buffers40
-rw-r--r--patches.drivers/drm-nouveau-fb-ram-nv40-use-new-devinit-script-inter79
-rw-r--r--patches.drivers/drm-nouveau-fbcon-fix-oops-without-fbdev-emulation55
-rw-r--r--patches.drivers/drm-nouveau-hwmon-Add-config-for-all-sensors-and-the107
-rw-r--r--patches.drivers/drm-nouveau-hwmon-Add-nouveau_hwmon_ops-structure-wi202
-rw-r--r--patches.drivers/drm-nouveau-hwmon-Change-permissions-to-numeric71
-rw-r--r--patches.drivers/drm-nouveau-hwmon-Remove-old-code-add-.write-.read-o980
-rw-r--r--patches.drivers/drm-nouveau-hwmon-expose-the-auto_point-and-pwm_min-88
-rw-r--r--patches.drivers/drm-nouveau-kms-nv04-nv40-improve-overlay-error-dete141
-rw-r--r--patches.drivers/drm-nouveau-kms-nv04-nv40-prevent-undisplayable-fram59
-rw-r--r--patches.drivers/drm-nouveau-kms-nv04-nv4x-fix-exposed-format-list80
-rw-r--r--patches.drivers/drm-nouveau-kms-nv04-use-new-devinit-script-interpre45
-rw-r--r--patches.drivers/drm-nouveau-kms-nv10-nv40-add-NV21-support-to-overla53
-rw-r--r--patches.drivers/drm-nouveau-mc-gf100-add-pmu-to-reset-mask33
-rw-r--r--patches.drivers/drm-nouveau-mpeg-print-more-debug-info-when-rejectin73
-rw-r--r--patches.drivers/drm-nouveau-pmu-fuc-don-t-use-movw-directly-anymore3086
-rw-r--r--patches.drivers/drm-nouveau-pmu-gt215-abstract-detection-of-whether-230
-rw-r--r--patches.drivers/drm-nouveau-pmu-gt215-fix-reset191
-rw-r--r--patches.drivers/drm-nouveau-remove-dead-code-and-pointless-local-lut221
-rw-r--r--patches.drivers/drm-nouveau-silence-suspend-resume-debugging-message99
-rw-r--r--patches.drivers/drm-nouveau-tegra-Don-t-leave-GPU-in-reset36
-rw-r--r--patches.drivers/drm-nouveau-tegra-Skip-manual-unpowergating-when-not44
-rw-r--r--patches.drivers/drm-nouveau-therm-fix-spelling-mistake-on-array-thre49
-rw-r--r--patches.drivers/drm-nouveau-therm-gm200-Added144
-rw-r--r--patches.drivers/drm-nouveau-tmr-remove-nvkm_timer_alarm_cancel119
-rw-r--r--patches.drivers/drm-nouveau-use-drm_for_each_connector_iter50
-rw-r--r--patches.drivers/drm-omap-DMM-Check-for-DMM-readiness-after-successfu39
-rw-r--r--patches.drivers/drm-panel-simple-Fix-the-bus-format-for-the-Ontat-pa35
-rw-r--r--patches.drivers/drm-psr-Fix-missed-entry-in-PSR-setup-time-table44
-rw-r--r--patches.drivers/drm-radeon-Fix-PCIe-lane-width-calculation46
-rw-r--r--patches.drivers/drm-radeon-Fix-deadlock-on-runtime-suspend216
-rw-r--r--patches.drivers/drm-radeon-add-PX-quirk-for-Asus-K73TK32
-rw-r--r--patches.drivers/drm-radeon-make-MacBook-Pro-d3_delay-quirk-more-gene99
-rw-r--r--patches.drivers/drm-rcar-du-lvds-Fix-LVDS-startup-on-R-Car-Gen252
-rw-r--r--patches.drivers/drm-rcar-du-lvds-Fix-LVDS-startup-on-R-Car-Gen357
-rw-r--r--patches.drivers/drm-rockchip-Clear-all-interrupts-before-requesting-86
-rw-r--r--patches.drivers/drm-rockchip-Respect-page-offset-for-PRIME-mmap-call58
-rw-r--r--patches.drivers/drm-rockchip-dw-mipi-dsi-fix-possible-un-balanced-ru42
-rw-r--r--patches.drivers/drm-set-FMODE_UNSIGNED_OFFSET-for-drm-files35
-rw-r--r--patches.drivers/drm-sun4i-Fix-dclk_set_phase38
-rw-r--r--patches.drivers/drm-sun4i-Fix-error-path-handling45
-rw-r--r--patches.drivers/drm-tegra-Shutdown-on-driver-unbind34
-rw-r--r--patches.drivers/drm-tilcdc-ensure-nonatomic-iowrite64-is-not-used50
-rw-r--r--patches.drivers/drm-udl-Properly-check-framebuffer-mmap-offsets2
-rw-r--r--patches.drivers/drm-vc4-Fix-memory-leak-during-BO-teardown53
-rw-r--r--patches.drivers/drm-vc4-Fix-scaling-of-uni-planar-formats33
-rw-r--r--patches.drivers/drm-virtio-fix-vq-wait_event-condition44
-rw-r--r--patches.drivers/drm-vmwgfx-Fix-32-bit-VMW_PORT_HB_-IN-OUT-macros76
-rw-r--r--patches.drivers/drm-vmwgfx-Fix-a-buffer-object-leak32
-rw-r--r--patches.drivers/drm-vmwgfx-Set-dmabuf_size-when-vmw_dmabuf_init-is-s36
-rw-r--r--patches.drivers/drm-vmwgfx-Unpin-the-screen-object-backup-buffer-whe90
-rw-r--r--patches.drivers/efi-esrt-Use-memunmap-instead-of-kfree-to-free-the-r38
-rw-r--r--patches.drivers/etnaviv-fix-gem-object-list-corruption38
-rw-r--r--patches.drivers/etnaviv-fix-submit-error-path34
-rw-r--r--patches.drivers/extcon-intel-cht-wc-Set-direction-and-drv-flags-for-56
-rw-r--r--patches.drivers/fbdev-controlfb-Add-missing-modes-to-fix-out-of-boun45
-rw-r--r--patches.drivers/firewire-ohci-work-around-oversized-DMA-reads-on-JMi46
-rw-r--r--patches.drivers/firmware-dmi_scan-Fix-UUID-length-safety-check36
-rw-r--r--patches.drivers/firmware-dmi_scan-Fix-handling-of-empty-DMI-strings84
-rw-r--r--patches.drivers/firmware-fix-checking-for-return-values-for-fw_add_d68
-rw-r--r--patches.drivers/geneve-Fix-function-matching-VNI-and-tunnel-ID-on-bi42
-rw-r--r--patches.drivers/geneve-fix-fill_info-when-link-down88
-rw-r--r--patches.drivers/gpio-ath79-add-missing-MODULE_DESCRIPTION-LICENSE36
-rw-r--r--patches.drivers/gpio-davinci-Assign-first-bank-regs-for-unbanked-cas31
-rw-r--r--patches.drivers/gpio-fix-error-path-in-lineevent_create34
-rw-r--r--patches.drivers/gpio-fix-gpio-line-names-property-retrieval125
-rw-r--r--patches.drivers/gpio-iop-add-missing-MODULE_DESCRIPTION-AUTHOR-LICEN36
-rw-r--r--patches.drivers/gpio-label-descriptors-using-the-device-name40
-rw-r--r--patches.drivers/gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-conte100
-rw-r--r--patches.drivers/gpioib-do-not-free-unrequested-descriptors57
-rw-r--r--patches.drivers/gpu-ipu-v3-pre-fix-device-node-leak-in-ipu_pre_looku37
-rw-r--r--patches.drivers/gpu-ipu-v3-prg-avoid-possible-array-underflow61
-rw-r--r--patches.drivers/gpu-ipu-v3-prg-fix-device-node-leak-in-ipu_prg_looku37
-rw-r--r--patches.drivers/hwmon-ina2xx-Fix-access-to-uninitialized-mutex66
-rw-r--r--patches.drivers/hwmon-ina2xx-Make-calibration-register-value-fixed212
-rw-r--r--patches.drivers/i2c-designware-fix-poll-after-enable-regression42
-rw-r--r--patches.drivers/i2c-i801-Restore-configuration-at-shutdown49
-rw-r--r--patches.drivers/i2c-i801-Save-register-SMBSLVCMD-value-only-once48
-rw-r--r--patches.drivers/i2c-ismt-Separate-I2C-block-read-from-SMBus-block-re58
-rw-r--r--patches.drivers/i2c-mv64xxx-Apply-errata-delay-only-in-standard-mode46
-rw-r--r--patches.drivers/i40e-Fix-attach-VF-to-VM-issue.patch58
-rw-r--r--patches.drivers/i40e-program-fragmented-IPv4-filter-input-set.patch59
-rw-r--r--patches.drivers/i40evf-Don-t-schedule-reset_task-when-device-is-bein.patch59
-rw-r--r--patches.drivers/i40evf-don-t-rely-on-netif_running-outside-rtnl_lock.patch88
-rw-r--r--patches.drivers/i40evf-ignore-link-up-if-not-running.patch69
-rw-r--r--patches.drivers/i40iw-Avoid-panic-when-reading-back-the-IRQ-aff.patch111
-rw-r--r--patches.drivers/i40iw-Zero-out-consumer-key-on-allocate-stag-for-FMR.patch32
-rw-r--r--patches.drivers/ibmvnic-Check-CRQ-command-return-codes.patch181
-rw-r--r--patches.drivers/ibmvnic-Create-separate-initialization-routine-for-r.patch106
-rw-r--r--patches.drivers/ibmvnic-Fix-non-fatal-firmware-error-reset.patch39
-rw-r--r--patches.drivers/ibmvnic-Fix-partial-success-login-retries.patch66
-rw-r--r--patches.drivers/ibmvnic-Fix-statistics-buffers-memory-leak.patch79
-rw-r--r--patches.drivers/ibmvnic-Free-coherent-DMA-memory-if-FW-map-failed.patch34
-rw-r--r--patches.drivers/ibmvnic-Handle-error-case-when-setting-link-state.patch38
-rw-r--r--patches.drivers/ibmvnic-Introduce-active-CRQ-state.patch96
-rw-r--r--patches.drivers/ibmvnic-Introduce-hard-reset-recovery.patch188
-rw-r--r--patches.drivers/ibmvnic-Mark-NAPI-flag-as-disabled-when-released.patch34
-rw-r--r--patches.drivers/ibmvnic-Only-do-H_EOI-for-mobility-events.patch60
-rw-r--r--patches.drivers/ibmvnic-Return-error-code-if-init-interrupted-by-tra.patch40
-rw-r--r--patches.drivers/ibmvnic-Set-resetting-state-at-earliest-possible-poi.patch44
-rw-r--r--patches.drivers/igb-Allow-to-remove-administratively-set-MAC-on-VFs.patch113
-rw-r--r--patches.drivers/igb-Clear-TXSTMP-when-ptp_tx_work-is-timeout.patch70
-rw-r--r--patches.drivers/igb-Fix-a-test-with-HWTSTAMP_TX_ON.patch37
-rw-r--r--patches.drivers/iio-ABI-Fix-name-of-timestamp-sysfs-file33
-rw-r--r--patches.drivers/iio-ad7793-Fix-the-serial-interface-reset44
-rw-r--r--patches.drivers/iio-ad_sigma_delta-Implement-a-dedicated-reset-funct74
-rw-r--r--patches.drivers/iio-adc-accel-Fix-up-module-licenses49
-rw-r--r--patches.drivers/iio-adc-cpcap-fix-incorrect-validation37
-rw-r--r--patches.drivers/iio-adc-mcp320x-Fix-oops-on-module-unload45
-rw-r--r--patches.drivers/iio-adc-mcp320x-Fix-readout-of-negative-voltages93
-rw-r--r--patches.drivers/iio-adc-meson-saradc-fix-the-bit_idx-of-the-adc_en-c40
-rw-r--r--patches.drivers/iio-adc-stm32-fix-scan-of-multiple-channels-with-DMA45
-rw-r--r--patches.drivers/iio-adc-ti-ads1015-add-10-to-conversion-wait-time40
-rw-r--r--patches.drivers/iio-adc-twl4030-Disable-the-vusb3v1-rugulator-in-the42
-rw-r--r--patches.drivers/iio-adc-twl4030-Fix-an-error-handling-path-in-twl40337
-rw-r--r--patches.drivers/iio-adis_lib-Initialize-trigger-before-requesting-in96
-rw-r--r--patches.drivers/iio-buffer-check-if-a-buffer-has-been-set-up-when-po32
-rw-r--r--patches.drivers/iio-core-Return-error-for-failed-read_reg37
-rw-r--r--patches.drivers/iio-fix-kernel-doc-build-errors43
-rw-r--r--patches.drivers/iio-health-max30102-Add-power-enable-parameter-to-ge87
-rw-r--r--patches.drivers/iio-health-max30102-Temperature-should-be-in-milli-C35
-rw-r--r--patches.drivers/iio-imu-st_lsm6dsx-fix-endianness-in-st_lsm6dsx_read32
-rw-r--r--patches.drivers/iio-st_pressure-st_accel-Initialise-sensor-platform-76
-rw-r--r--patches.drivers/iio-st_pressure-st_accel-pass-correct-platform-data-51
-rw-r--r--patches.drivers/iio-trigger-stm32-timer-fix-get-set-down-count-direc64
-rw-r--r--patches.drivers/iio-trigger-stm32-timer-preset-shouldn-t-be-buffered37
-rw-r--r--patches.drivers/ima-Fallback-to-the-builtin-hash-algorithm118
-rw-r--r--patches.drivers/infiniband-drop-unknown-function-from-core_priv.h.patch34
-rw-r--r--patches.drivers/initial-support-display-only-for-GP10873
-rw-r--r--patches.drivers/intel_th-Use-correct-device-when-freeing-buffers58
-rw-r--r--patches.drivers/iommu-amd-take-into-account-that-alloc_dev_data-may-return-null35
-rw-r--r--patches.drivers/iommu-vt-d-clear-pasid-table-entry-when-memory-unbound32
-rw-r--r--patches.drivers/isdn-eicon-fix-a-missing-check-bug185
-rw-r--r--patches.drivers/iw_cxgb4-Atomically-flush-per-QP-HW-CQEs.patch85
-rw-r--r--patches.drivers/iw_cxgb4-Fix-an-error-handling-path-in-c4iw_get_dma_.patch34
-rw-r--r--patches.drivers/iw_cxgb4-print-mapped-ports-correctly.patch62
-rw-r--r--patches.drivers/iwlmvm-tdls-Check-TDLS-channel-switch-support66
-rw-r--r--patches.drivers/iwlwifi-add-a-bunch-of-new-9000-PCI-IDs265
-rw-r--r--patches.drivers/iwlwifi-add-shared-clock-PHY-config-flag-for-some-de197
-rw-r--r--patches.drivers/iwlwifi-avoid-collecting-firmware-dump-if-not-loaded194
-rw-r--r--patches.drivers/iwlwifi-fix-non_shared_ant-for-9000-devices31
-rw-r--r--patches.drivers/iwlwifi-mvm-Correctly-set-IGTK-for-AP61
-rw-r--r--patches.drivers/iwlwifi-mvm-Correctly-set-the-tid-for-mcast-queue55
-rw-r--r--patches.drivers/iwlwifi-mvm-Direct-multicast-frames-to-the-correct-s38
-rw-r--r--patches.drivers/iwlwifi-mvm-Fix-channel-switch-for-count-0-and-174
-rw-r--r--patches.drivers/iwlwifi-mvm-Increase-session-protection-time-after-C133
-rw-r--r--patches.drivers/iwlwifi-mvm-always-init-rs-with-20mhz-bandwidth-rate99
-rw-r--r--patches.drivers/iwlwifi-mvm-clear-tx-queue-id-when-unreserving-aggre70
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-IBSS-for-devices-that-support-statio83
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-TSO-with-highly-fragmented-SKBs66
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-TX-of-CCMP-25653
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-array-out-of-bounds-reference85
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-assert-0x2B00-on-older-FWs96
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-error-checking-for-multi-broadcast-s41
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-failed-to-remove-key-message43
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-race-in-queue-notification-wait69
-rw-r--r--patches.drivers/iwlwifi-mvm-fix-security-bug-in-PN-checking115
-rw-r--r--patches.drivers/iwlwifi-mvm-honor-the-max_amsdu_subframes-limit36
-rw-r--r--patches.drivers/iwlwifi-mvm-make-sure-internal-station-has-a-valid-i36
-rw-r--r--patches.drivers/iwlwifi-mvm-set-the-correct-tid-when-we-flush-the-MC58
-rw-r--r--patches.drivers/ixgbe-don-t-set-RXDCTL.RLPML-for-82599.patch45
-rw-r--r--patches.drivers/ixgbe-prevent-ptp_rx_hang-from-running-when-in-FILTE.patch45
-rw-r--r--patches.drivers/leds-pm8058-Silence-pointer-to-integer-size-warning37
-rw-r--r--patches.drivers/libnvdimm-btt-add-a-couple-of-missing-kernel-doc-lin.patch40
-rw-r--r--patches.drivers/libnvdimm-btt-clean-up-warning-and-error-messages.patch177
-rw-r--r--patches.drivers/libnvdimm-btt-fix-an-incompatibility-in-the-log-layout.patch43
-rw-r--r--patches.drivers/libnvdimm-btt-fix-format-string-warnings.patch57
-rw-r--r--patches.drivers/libnvdimm-dimm-handle-EACCES-failures-from-label-rea.patch91
-rw-r--r--patches.drivers/libnvdimm-expose-platform-persistence-attribute-for-.patch47
-rw-r--r--patches.drivers/libnvdimm-label-change-min-label-storage-size-per-uefi-2.7.patch44
-rw-r--r--patches.drivers/libnvdimm-namespace-use-a-safe-lookup-for-dimm-device-name.patch70
-rw-r--r--patches.drivers/libnvdimm-nfit-fix-persistence-domain-reporting.patch82
-rw-r--r--patches.drivers/libnvdimm-re-enable-deep-flush-for-pmem-devices-via-.patch38
-rw-r--r--patches.drivers/libnvdimm-region-hide-persistence_domain-when-unknow.patch40
-rw-r--r--patches.drivers/mac80211-Do-not-disconnect-on-invalid-operating-clas65
-rw-r--r--patches.drivers/mac80211-Fix-condition-validating-WMM-IE35
-rw-r--r--patches.drivers/mac80211-Fix-sending-ADDBA-response-for-an-ongoing-s41
-rw-r--r--patches.drivers/mac80211-Fix-setting-TX-power-on-monitor-interfaces124
-rw-r--r--patches.drivers/mac80211-drop-frames-with-unexpected-DS-bits-from-fa30
-rw-r--r--patches.drivers/mac80211-mesh-fix-wrong-mesh-TTL-offset-calculation78
-rw-r--r--patches.drivers/mac80211-round-IEEE80211_TX_STATUS_HEADROOM-up-to-mu34
-rw-r--r--patches.drivers/media-atomisp_fops.c-disable-atomisp_compat_ioctl3247
-rw-r--r--patches.drivers/media-au0828-add-VIDEO_V4L2-dependency44
-rw-r--r--patches.drivers/media-au0828-fix-VIDEO_V4L2-dependency2
-rw-r--r--patches.drivers/media-cx23885-Override-888-ImpactVCBe-crystal-freque42
-rw-r--r--patches.drivers/media-cx23885-Set-subdev-host-data-to-clk_freq-point35
-rw-r--r--patches.drivers/media-dmxdev-fix-error-code-for-invalid-ioctls31
-rw-r--r--patches.drivers/media-em28xx-Add-Hauppauge-SoloHD-DualHD-bulk-models80
-rw-r--r--patches.drivers/media-em28xx-USB-bulk-packet-size-fix45
-rw-r--r--patches.drivers/media-lgdt3306a-Fix-a-double-kfree-on-i2c-device-rem37
-rw-r--r--patches.drivers/media-lgdt3306a-Fix-module-count-mismatch-on-usb-unp43
-rw-r--r--patches.drivers/media-v4l2-compat-ioctl32-don-t-oops-on-overlay128
-rw-r--r--patches.drivers/media-videobuf2-core-don-t-go-out-of-the-buffer-rang79
-rw-r--r--patches.drivers/media-vivid-check-if-the-cec_adapter-is-valid32
-rw-r--r--patches.drivers/mei-me-add-cannon-point-device-ids46
-rw-r--r--patches.drivers/mei-me-add-cannon-point-device-ids-for-4th-device44
-rw-r--r--patches.drivers/mei-remove-dev_err-message-on-an-unsupported-ioctl32
-rw-r--r--patches.drivers/mfd-cros-ec-spi-Don-t-send-first-message-too-soon46
-rw-r--r--patches.drivers/mmc-jz4740-Fix-race-condition-in-IRQ-mask-update53
-rw-r--r--patches.drivers/mmc-sdhci-iproc-add-SDHCI_QUIRK2_HOST_OFF_CARD_ON-fo36
-rw-r--r--patches.drivers/mmc-sdhci-iproc-fix-32bit-writes-for-TRANSFER_MODE-r102
-rw-r--r--patches.drivers/mmc-sdhci-iproc-remove-hard-coded-mmc-cap-1.8v34
-rw-r--r--patches.drivers/mmc-sdhci-pci-Fix-voltage-switch-for-some-Intel-host59
-rw-r--r--patches.drivers/mmc-sdhci-pci-Only-do-AMD-tuning-for-HS20085
-rw-r--r--patches.drivers/mtd-ubi-wl-Fix-error-return-code-in-ubi_wl_init49
-rw-r--r--patches.drivers/mwifiex-pcie-tighten-a-check-in-mwifiex_pcie_process32
-rw-r--r--patches.drivers/net-ethtool-Add-missing-kernel-doc-for-FEC-parameter.patch30
-rw-r--r--patches.drivers/net-mlx5-Eliminate-query-xsrq-dead-code.patch63
-rw-r--r--patches.drivers/net-mlx5-Fix-build-break-when-CONFIG_SMP-n.patch57
-rw-r--r--patches.drivers/net-mlx5-Fix-mlx5_get_vector_affinity-function.patch70
-rw-r--r--patches.drivers/net-mlx5e-Allow-offloading-ipv4-header-re-write-for-.patch32
-rw-r--r--patches.drivers/net-mlx5e-Do-not-reset-Receive-Queue-params-on-every.patch97
-rw-r--r--patches.drivers/net-mlx5e-Fixed-sleeping-inside-atomic-context.patch57
-rw-r--r--patches.drivers/net-mlx5e-Remove-unused-define-MLX5_MPWRQ_STRIDES_PE.patch28
-rw-r--r--patches.drivers/net-sched-actions-return-explicit-error-when-tunnel_.patch84
-rw-r--r--patches.drivers/net-sched-fix-NULL-dereference-in-the-error-path-of--3239534a.patch97
-rw-r--r--patches.drivers/net-sched-fix-NULL-dereference-in-the-error-path-of-.patch93
-rw-r--r--patches.drivers/net-sched-fix-NULL-dereference-on-the-error-path-of-.patch88
-rw-r--r--patches.drivers/nfit-skip-region-registration-for-incomplete-control-regions.patch60
-rw-r--r--patches.drivers/nfit-test-Add-platform-cap-support-from-ACPI-6.2a-to.patch57
-rw-r--r--patches.drivers/nfp-use-full-40-bits-of-the-NSP-buffer-address.patch59
-rw-r--r--patches.drivers/nvme-add-quirk-to-force-medium-priority-for-sq-creation.patch77
-rw-r--r--patches.drivers/nvme-don-t-send-keep-alives-to-the-discovery-controller.patch55
-rw-r--r--patches.drivers/nvme-fix-extended-data-LBA-supported-setting.patch36
-rw-r--r--patches.drivers/nvme-fix-lockdep-warning-in-nvme_mpath_clear_current_path.patch57
-rw-r--r--patches.drivers/nvme-target-fix-buffer-overflow.patch43
-rw-r--r--patches.drivers/nvme_fc-fix-abort-race-on-teardown-with-lld-reject.patch9
-rw-r--r--patches.drivers/nvme_fc-fix-ctrl-create-failures-racing-with-workq-i.patch9
-rw-r--r--patches.drivers/nvme_fc-io-timeout-should-defer-abort-to-ctrl-reset.patch9
-rw-r--r--patches.drivers/nvme_fc-on-remoteport-reuse-set-new-nport_id-and-rol.patch9
-rw-r--r--patches.drivers/nvmet-fix-space-padding-in-serial-number.patch34
-rw-r--r--patches.drivers/nvmet_fc-prevent-new-io-rqsts-in-possible-isr-comple.patch9
-rw-r--r--patches.drivers/omapdrm-panel-fix-compatible-vendor-string-for-td028130
-rw-r--r--patches.drivers/parport_pc-Add-support-for-WCH-CH382L-PCI-E-single-p48
-rw-r--r--patches.drivers/pci-dpc-do-not-enable-dpc-if-aer-control-is-not-allowed-by-the-bios56
-rw-r--r--patches.drivers/pinctrl-baytrail-Enable-glitch-filter-for-GPIOs-used45
-rw-r--r--patches.drivers/pinctrl-denverton-Fix-UART2-RTS-pin-mode30
-rw-r--r--patches.drivers/pinctrl-intel-Initialize-GPIO-properly-when-used-thr89
-rw-r--r--patches.drivers/platform-chrome-Use-proper-protocol-transfer-functio54
-rw-r--r--patches.drivers/platform-x86-asus-wireless-Fix-NULL-pointer-derefere94
-rw-r--r--patches.drivers/platform-x86-fujitsu-laptop-Support-Lifebook-U7x7-ho67
-rw-r--r--patches.drivers/platform-x86-ideapad-laptop-Add-MIIX-720-12IKB-to-no34
-rw-r--r--patches.drivers/platform-x86-thinkpad_acpi-suppress-warning-about-pa57
-rw-r--r--patches.drivers/power-supply-ab8500_charger-Bail-out-in-case-of-erro43
-rw-r--r--patches.drivers/power-supply-ab8500_charger-Fix-an-error-handling-pa33
-rw-r--r--patches.drivers/power-supply-axp288_charger-Properly-stop-work-on-pr55
-rw-r--r--patches.drivers/qed-Fix-l2-initializations-over-iWARP-personality.patch42
-rw-r--r--patches.drivers/qed-Fix-non-TCP-packets-should-be-dropped-on-iWARP-l.patch52
-rw-r--r--patches.drivers/qed-Free-RoCE-ILT-Memory-on-rmmod-qedr.patch62
-rw-r--r--patches.drivers/qed-Use-after-free-in-qed_rdma_free.patch31
-rw-r--r--patches.drivers/qede-Fix-gfp-flags-sent-to-rdma-event-node-allocatio.patch32
-rw-r--r--patches.drivers/qede-Fix-qedr-link-update.patch47
-rw-r--r--patches.drivers/qla2xxx-Add-FC-NVMe-abort-processing.patch10
-rw-r--r--patches.drivers/qla2xxx-Add-changes-for-devloss-timeout-in-driver.patch10
-rw-r--r--patches.drivers/qla2xxx-Cleanup-code-to-improve-FC-NVMe-error-handli.patch10
-rw-r--r--patches.drivers/qla2xxx-Fix-Async-GPN_FT-for-FCP-and-FC-NVMe-scan.patch7
-rw-r--r--patches.drivers/qla2xxx-Fix-FC-NVMe-IO-abort-during-driver-reset.patch10
-rw-r--r--patches.drivers/qla2xxx-Fix-n2n_ae-flag-to-prevent-dev_loss-on-PDB-c.patch10
-rw-r--r--patches.drivers/qla2xxx-Fix-retry-for-PRLI-RJT-with-reason-of-BUSY.patch10
-rw-r--r--patches.drivers/qla2xxx-Remove-nvme_done_list.patch9
-rw-r--r--patches.drivers/qla2xxx-Remove-unneeded-message-and-minor-cleanup-fo.patch12
-rw-r--r--patches.drivers/qla2xxx-Restore-ZIO-threshold-setting.patch10
-rw-r--r--patches.drivers/qla2xxx-Return-busy-if-rport-going-away.patch10
-rw-r--r--patches.drivers/qla2xxx-Set-IIDMA-and-fcport-state-before-qla_nvme_r.patch10
-rw-r--r--patches.drivers/qla2xxx-Update-driver-version-to-10.00.00.06-k.patch11
-rw-r--r--patches.drivers/r8169-fix-powering-up-RTL8168h49
-rw-r--r--patches.drivers/r8169-fix-setting-driver_data-after-register_netdev49
-rw-r--r--patches.drivers/radeon-hide-pointless-warning-when-compile-testing52
-rw-r--r--patches.drivers/radix-tree-fix-multi-order-iteration-race.patch116
-rw-r--r--patches.drivers/radix-tree-test-suite-add-item_delete_rcu.patch81
-rw-r--r--patches.drivers/radix-tree-test-suite-fix-compilation-issue.patch57
-rw-r--r--patches.drivers/radix-tree-test-suite-fix-mapshift-build-target.patch61
-rw-r--r--patches.drivers/radix-tree-test-suite-multi-order-iteration-race.patch193
-rw-r--r--patches.drivers/random-crng_reseed-should-lock-the-crng-instance-tha39
-rw-r--r--patches.drivers/random-use-a-different-mixing-algorithm-for-add_devi112
-rw-r--r--patches.drivers/random-use-a-tighter-cap-in-credit_entropy_bits_safe37
-rw-r--r--patches.drivers/regulator-cpcap-Fix-standby-mode57
-rw-r--r--patches.drivers/resource-fix-integer-overflow-at-reallocation53
-rw-r--r--patches.drivers/rfkill-gpio-fix-memory-leak-in-probe-error-path45
-rw-r--r--patches.drivers/rhashtable-Fix-rhlist-duplicates-insertion58
-rw-r--r--patches.drivers/rt2x00-do-not-pause-queue-unconditionally-on-error-p68
-rw-r--r--patches.drivers/rtc-opal-Fix-handling-of-firmware-error-codes-preven81
-rw-r--r--patches.drivers/rtc-pcf8563-fix-output-clock-rate32
-rw-r--r--patches.drivers/rtc-pl031-make-interrupt-optional51
-rw-r--r--patches.drivers/rtl8187-Fix-NULL-pointer-dereference-in-priv-conf_mu73
-rw-r--r--patches.drivers/rtlwifi-rtl8192cu-Remove-variable-self-assignment-in43
-rw-r--r--patches.drivers/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch39
-rw-r--r--patches.drivers/scsi-lpfc-fix-wq-cq-creation-for-older-asic-s.patch3
-rw-r--r--patches.drivers/scsi-qla2xxx-Delete-session-for-nport-id-change.patch49
-rw-r--r--patches.drivers/scsi-qla2xxx-Fix-small-memory-leak-in-qla2x00_probe_.patch230
-rw-r--r--patches.drivers/scsi-sg-allocate-with-_gfp_zero-in-sg_build_indirect.patch35
-rw-r--r--patches.drivers/sdhci-Advertise-2.0v-supply-on-SDIO-host-controller57
-rw-r--r--patches.drivers/serdev-fix-receive_buf-return-value-when-no-callback38
-rw-r--r--patches.drivers/serdev-fix-registration-of-second-slave91
-rw-r--r--patches.drivers/serdev-ttyport-add-missing-open-error-handling64
-rw-r--r--patches.drivers/serdev-ttyport-add-missing-receive_buf-sanity-checks57
-rw-r--r--patches.drivers/serdev-ttyport-enforce-tty-driver-open-requirement51
-rw-r--r--patches.drivers/serdev-ttyport-fix-NULL-deref-on-hangup45
-rw-r--r--patches.drivers/serdev-ttyport-fix-tty-locking-in-close37
-rw-r--r--patches.drivers/serial-8250-Preserve-DLD-7-4-for-PORT_XR17V35X36
-rw-r--r--patches.drivers/serial-8250_dw-Disable-clock-on-error34
-rw-r--r--patches.drivers/serial-8250_fintek-Fix-finding-base_port-with-activa39
-rw-r--r--patches.drivers/serial-8250_pci-Add-Brainboxes-UC-260-4-port-serial-41
-rw-r--r--patches.drivers/serial-core-mark-port-as-initialized-in-autoconfig40
-rw-r--r--patches.drivers/serial-imx-Only-wakeup-via-RTSDEN-bit-if-the-system-47
-rw-r--r--patches.drivers/serial-omap-Fix-EFR-write-on-RTS-deassertion35
-rw-r--r--patches.drivers/serial-sh-sci-prevent-lockup-on-full-TTY-buffers49
-rw-r--r--patches.drivers/sky2-Increase-D3-delay-to-sky2-stops-working-after-s35
-rw-r--r--patches.drivers/spi-Fix-scatterlist-elements-size-in-spi_map_buf49
-rw-r--r--patches.drivers/spi-a3700-Fix-clk-prescaling-for-coefficient-over-1551
-rw-r--r--patches.drivers/spi-a3700-Return-correct-value-on-timeout-detection37
-rw-r--r--patches.drivers/spi-armada-3700-Fix-failing-commands-with-quad-SPI62
-rw-r--r--patches.drivers/spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_rem43
-rw-r--r--patches.drivers/spi-atmel-init-FIFOs-before-spi-enable48
-rw-r--r--patches.drivers/spi-bcm-qspi-Fix-use-after-free-in-bcm_qspi_probe-in64
-rw-r--r--patches.drivers/spi-imx-do-not-access-registers-while-clocks-disable51
-rw-r--r--patches.drivers/spi-sh-msiof-Fix-DMA-transfer-size-check34
-rw-r--r--patches.drivers/spi-spi-axi-fix-potential-use-after-free-after-dereg42
-rw-r--r--patches.drivers/spi-sun4i-disable-clocks-in-the-remove-function33
-rw-r--r--patches.drivers/spi-sun6i-disable-unprepare-clocks-on-remove37
-rw-r--r--patches.drivers/spi-xilinx-Detect-stall-with-Unknown-commands66
-rw-r--r--patches.drivers/staging-bcm2835-audio-Release-resources-on-module_ex253
-rw-r--r--patches.drivers/staging-comedi-fix-comedi_nsamples_left34
-rw-r--r--patches.drivers/staging-comedi-ni_mio_common-ack-ai-fifo-error-inter33
-rw-r--r--patches.drivers/staging-iio-ad5933-switch-buffer-mode-to-software52
-rw-r--r--patches.drivers/staging-iio-ad7192-Fix-use-the-dedicated-reset-funct41
-rw-r--r--patches.drivers/staging-iio-adc-ad7192-fix-external-frequency-settin80
-rw-r--r--patches.drivers/staging-rtl8192u-return-ENOMEM-on-failed-allocation-36
-rw-r--r--patches.drivers/staging-vchiq_2835_arm-Fix-NULL-ptr-dereference-in-f47
-rw-r--r--patches.drivers/swiotlb-suppress-warning-when-__GFP_NOWARN-is-set74
-rw-r--r--patches.drivers/thermal-drivers-step_wise-Fix-temperature-regulation155
-rw-r--r--patches.drivers/thermal-enable-broadcom-menu-for-arm64-bcm2835.patch39
-rw-r--r--patches.drivers/thermal-imx-Fix-race-condition-in-imx_thermal_probe54
-rw-r--r--patches.drivers/thermal-power_allocator-fix-one-race-condition-issue67
-rw-r--r--patches.drivers/thunderbolt-Resume-control-channel-after-hibernation37
-rw-r--r--patches.drivers/tty-fix-__tty_insert_flip_char-regression45
-rw-r--r--patches.drivers/tty-fix-oops-when-rmmod-825085
-rw-r--r--patches.drivers/tty-fix-tty_ldisc_receive_buf-documentation31
-rw-r--r--patches.drivers/tty-improve-tty_insert_flip_char-fast-path94
-rw-r--r--patches.drivers/tty-improve-tty_insert_flip_char-slow-path45
-rw-r--r--patches.drivers/tty-make-n_tty_read-always-abort-if-hangup-is-in-pro236
-rw-r--r--patches.drivers/tty-serial-atmel-add-new-version-check-for-usart33
-rw-r--r--patches.drivers/tty-vt-fix-up-tabstops-properly59
-rw-r--r--patches.drivers/ubi-Fix-error-for-write-access41
-rw-r--r--patches.drivers/ubi-Fix-race-condition-between-ubi-volume-creation-a59
-rw-r--r--patches.drivers/ubi-Reject-MLC-NAND44
-rw-r--r--patches.drivers/ubi-block-Fix-locking-for-idr_alloc-idr_remove187
-rw-r--r--patches.drivers/ubi-fastmap-Cancel-work-upon-detach66
-rw-r--r--patches.drivers/ubi-fastmap-Don-t-flush-fastmap-work-on-detach31
-rw-r--r--patches.drivers/ubi-fastmap-Erase-outdated-anchor-PEBs-during-attach137
-rw-r--r--patches.drivers/vfio-disable-filesystem-dax-page-pinning.patch80
-rw-r--r--patches.drivers/video-fbdev-atmel_lcdfb-fix-display-timings-lookup56
-rw-r--r--patches.drivers/video-fbdev-aty-do-not-leak-uninitialized-padding-in33
-rw-r--r--patches.drivers/video-fbdev-au1200fb-Release-some-resources-if-a-mem32
-rw-r--r--patches.drivers/video-fbdev-au1200fb-Return-an-error-code-if-a-memor35
-rw-r--r--patches.drivers/video-fbdev-mmp-add-MODULE_LICENSE40
-rw-r--r--patches.drivers/video-hdmi-Allow-empty-HDMI-infoframes135
-rw-r--r--patches.drivers/virtio-release-virtio-index-when-fail-to-device_regi31
-rw-r--r--patches.drivers/vmxnet3-repair-memory-leak57
-rw-r--r--patches.drivers/vt-change-SGR-21-to-follow-the-standards65
-rw-r--r--patches.drivers/vt6655-Fix-a-possible-sleep-in-atomic-bug-in-vt6655_41
-rw-r--r--patches.drivers/watchdog-f71808e_wdt-Fix-WD_EN-register-read32
-rw-r--r--patches.drivers/wcn36xx-Fix-dynamic-power-saving82
-rw-r--r--patches.drivers/wcn36xx-Introduce-mutual-exclusion-of-fw-configurati274
-rw-r--r--patches.drivers/wil6210-missing-length-check-in-wmi_set_ie38
-rw-r--r--patches.drivers/wl1251-check-return-from-call-to-wl1251_acx_arp_ip_f36
-rw-r--r--patches.fixes/0001-ACPI-scan-Send-change-uevent-with-offine-environment.patch50
-rw-r--r--patches.fixes/0001-NET-usb-qmi_wwan-add-support-for-ublox-R410M-PID-0x9.patch46
-rw-r--r--patches.fixes/0001-USB-Accept-bulk-endpoints-with-1024-byte-maxpacket.patch46
-rw-r--r--patches.fixes/0001-USB-fix-USB3-devices-behind-USB3-hubs-not-resuming-a.patch65
-rw-r--r--patches.fixes/0001-USB-serial-pl2303-new-device-id-for-Chilitag.patch50
-rw-r--r--patches.fixes/0001-USB-serial-simple-add-Motorola-Tetra-driver.patch80
-rw-r--r--patches.fixes/0001-acpi-nfit-rework-NVDIMM-leaf-method-detection.patch135
-rw-r--r--patches.fixes/0001-dlm-fix-a-clerical-error-when-set-SCTP_NODELAY.patch37
-rw-r--r--patches.fixes/0001-iov_iter-fix-return-type-of-_pipe_get_pages.patch28
-rw-r--r--patches.fixes/0001-kernel-exit.c-avoid-undefined-behaviour-when-calling.patch58
-rw-r--r--patches.fixes/0001-kernel-signal.c-avoid-undefined-behaviour-in-kill_so.patch59
-rw-r--r--patches.fixes/0001-kexec_file-do-not-add-extra-alignment-to-efi-memmap.patch67
-rw-r--r--patches.fixes/0001-md-use-a-separate-bio_set-for-synchronous-IO.patch38
-rw-r--r--patches.fixes/0001-mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap-v.patch239
-rw-r--r--patches.fixes/0001-mm-shmem-do-not-wait-for-lock_page-in-shmem_unused_h.patch103
-rw-r--r--patches.fixes/0001-mm-thp-do-not-cause-memcg-oom-for-thp.patch86
-rw-r--r--patches.fixes/0001-net-usb-qmi_wwan.c-Add-USB-id-for-lt4120-modem.patch32
-rw-r--r--patches.fixes/0001-objtool-perf-Fix-GCC-8-Wrestrict-error.patch51
-rw-r--r--patches.fixes/0001-proc-do-not-access-cmdline-nor-environ-from-file-bac.patch111
-rw-r--r--patches.fixes/0001-qmi_wwan-do-not-steal-interfaces-from-class-drivers.patch56
-rw-r--r--patches.fixes/0001-thunderbolt-Prevent-crash-when-ICM-firmware-is-not-r.patch58
-rw-r--r--patches.fixes/0001-thunderbolt-Serialize-PCIe-tunnel-creation-with-PCI-.patch54
-rw-r--r--patches.fixes/0001-thunderbolt-Wait-a-bit-longer-for-ICM-to-authenticat.patch59
-rw-r--r--patches.fixes/0001-tools-lib-subcmd-pager.c-do-not-alias-select-params.patch47
-rw-r--r--patches.fixes/0001-usb-core-Add-quirk-for-HP-v222w-16GB-Mini.patch41
-rw-r--r--patches.fixes/0001-usb-quirks-add-control-message-delay-for-1b1c-1b20.patch84
-rw-r--r--patches.fixes/0001-usb-typec-ucsi-Increase-command-completion-timeout-v.patch38
-rw-r--r--patches.fixes/0001-usb-xhci-Disable-slot-even-when-virt-dev-is-null.patch63
-rw-r--r--patches.fixes/0001-usb-xhci-Fix-potential-memory-leak-in-xhci_disable_s.patch144
-rw-r--r--patches.fixes/0001-usbip-usbip_host-delete-device-from-busid_table-afte.patch51
-rw-r--r--patches.fixes/0001-usbip-usbip_host-fix-NULL-ptr-deref-and-use-after-fr.patch298
-rw-r--r--patches.fixes/0001-usbip-usbip_host-fix-bad-unlock-balance-during-stub_.patch58
-rw-r--r--patches.fixes/0001-usbip-usbip_host-fix-to-hold-parent-lock-for-device_.patch40
-rw-r--r--patches.fixes/0001-usbip-usbip_host-run-rebind-from-exit-when-module-is.patch135
-rw-r--r--patches.fixes/0001-usbip-vudc-fix-null-pointer-dereference-on-udc-lock.patch43
-rw-r--r--patches.fixes/0001-xhci-Fix-USB-ports-for-Dell-Inspiron-5775.patch47
-rw-r--r--patches.fixes/0001-xhci-Fix-front-USB-ports-on-ASUS-PRIME-B350M-A.patch4
-rw-r--r--patches.fixes/0001-xhci-fix-endpoint-context-tracer-output.patch74
-rw-r--r--patches.fixes/0001-xhci-workaround-for-AMD-Promontory-disabled-ports-wa.patch226
-rw-r--r--patches.fixes/0001-xhci-zero-usb-device-slot_id-member-when-disabling-a.patch42
-rw-r--r--patches.fixes/0002-dlm-make-sctp_connect_to_sock-return-in-specified-ti.patch65
-rw-r--r--patches.fixes/0002-iov_iter-fix-memory-leak-in-pipe_get_pages_alloc.patch28
-rw-r--r--patches.fixes/0003-dlm-remove-O_NONBLOCK-flag-in-sctp_connect_to_sock.patch71
-rw-r--r--patches.fixes/0003-md-fix-md_write_start-deadlock-w-o-metadata-devices.patch18
-rw-r--r--patches.fixes/9p-trans_virtio-discard-zero-length-reply.patch40
-rw-r--r--patches.fixes/ACPI-NUMA-ia64-Parse-all-entries-of-SRAT-memory-affi.patch67
-rw-r--r--patches.fixes/GFS2-Take-inode-off-order_write-list-when-setting-jd.patch73
-rw-r--r--patches.fixes/afs-Connect-up-the-CB.ProbeUuid.patch36
-rw-r--r--patches.fixes/afs-Fix-missing-error-handling-in-afs_write_end.patch49
-rw-r--r--patches.fixes/bdi-Fix-oops-in-wb_workfn.patch56
-rw-r--r--patches.fixes/bdi-wake-up-concurrent-wb_shutdown-callers.patch67
-rw-r--r--patches.fixes/bfq-iosched-ensure-to-clear-bic-bfqq-pointers-when-p.patch53
-rw-r--r--patches.fixes/block-Set-BIO_TRACE_COMPLETION-on-new-bio-during-spl.patch36
-rw-r--r--patches.fixes/block-bfq-put-async-queues-for-root-bfq-groups-too.patch72
-rw-r--r--patches.fixes/block-loop-fix-deadlock-after-loop_set_status.patch136
-rw-r--r--patches.fixes/bpf-add-schedule-points-in-percpu-arrays-management.patch47
-rw-r--r--patches.fixes/bpf-fix-bpf_skb_adjust_net-bpf_skb_proto_xlat-to-dea.patch152
-rw-r--r--patches.fixes/bpf-fix-mlock-precharge-on-arraymaps.patch88
-rw-r--r--patches.fixes/bpf-ppc64-fix-out-of-bounds-access-in-tail-call.patch41
-rw-r--r--patches.fixes/bpf-x64-fix-memleak-when-not-converging-after-image.patch45
-rw-r--r--patches.fixes/bpf-x64-implement-retpoline-for-tail-call.patch175
-rw-r--r--patches.fixes/brd-fix-overflow-in-__brd_direct_access.patch43
-rw-r--r--patches.fixes/ceph-adding-protection-for-showing-cap-reservation-info.patch43
-rw-r--r--patches.fixes/ceph-always-update-atime-mtime-ctime-for-new-inode.patch57
-rw-r--r--patches.fixes/ceph-change-variable-name-to-follow-common-rule.patch165
-rw-r--r--patches.fixes/ceph-check-if-mds-create-snaprealm-when-setting-quota.patch74
-rw-r--r--patches.fixes/ceph-don-t-wait-on-writeback-when-there-is-no-more-dirty-pages.patch44
-rw-r--r--patches.fixes/ceph-filter-out-used-flags-when-printing-unused-open-flags.patch28
-rw-r--r--patches.fixes/ceph-fix-invalid-point-dereference-for-error-case-in-mdsc-destroy.patch47
-rw-r--r--patches.fixes/ceph-fix-rsize-wsize-capping-in-ceph_direct_read_write.patch48
-rw-r--r--patches.fixes/ceph-fix-st_nlink-stat-for-directories.patch41
-rw-r--r--patches.fixes/ceph-keep-consistent-semantic-in-fscache-related-option-combination.patch38
-rw-r--r--patches.fixes/ceph-mark-the-cap-cache-as-unreclaimable.patch32
-rw-r--r--patches.fixes/ceph-optimize-mds-session-register.patch70
-rw-r--r--patches.fixes/ceph-optimize-memory-usage.patch633
-rw-r--r--patches.fixes/ceph-optimizing-cap-allocation.patch49
-rw-r--r--patches.fixes/ceph-optimizing-cap-reservation.patch139
-rw-r--r--patches.fixes/ceph-release-unreserved-caps-if-having-enough-available-caps.patch48
-rw-r--r--patches.fixes/ceph-return-proper-bool-type-to-caller-instead-of-pointer.patch32
-rw-r--r--patches.fixes/ceph-use-seq_show_option-for-string-type-options.patch40
-rw-r--r--patches.fixes/cgroup-Fix-deadlock-in-cpu-hotplug-path.patch70
-rw-r--r--patches.fixes/cgroup-Reinit-cgroup_taskset-structure-before-cgroup_migrate_execute-returns.patch79
-rw-r--r--patches.fixes/cifs-silence-compiler-warnings-showing-up-with-gcc-8.patch42
-rw-r--r--patches.fixes/cpufreq-schedutil-Avoid-using-invalid-next_freq.patch41
-rw-r--r--patches.fixes/cpuidle-fix-broadcast-control-when-broadcast-can-not-be-entered.patch35
-rw-r--r--patches.fixes/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch44
-rw-r--r--patches.fixes/delayacct-Account-blkio-completion-on-the-correct-ta.patch193
-rw-r--r--patches.fixes/device-dax-allow-MAP_SYNC-to-succeed.patch48
-rw-r--r--patches.fixes/direct-io-Prevent-NULL-pointer-access-in-submit_page.patch42
-rw-r--r--patches.fixes/dm-table-switch-to-readonly24
-rw-r--r--patches.fixes/eCryptfs-don-t-pass-up-plaintext-names-when-using-fi.patch161
-rw-r--r--patches.fixes/ext4-Fix-hole-length-detection-in-ext4_ind_map_block.patch18
-rw-r--r--patches.fixes/ext4-Fix-offset-overflow-on-32-bit-archs-in-ext4_iom.patch11
-rw-r--r--patches.fixes/ext4-add-MODULE_SOFTDEP-to-ensure-crc32c-is-included.patch36
-rw-r--r--patches.fixes/ext4-add-bounds-checking-to-ext4_xattr_find_entry.patch102
-rw-r--r--patches.fixes/ext4-add-validity-checks-for-bitmap-block-numbers.patch100
-rw-r--r--patches.fixes/ext4-always-initialize-the-crc32c-checksum-driver.patch50
-rw-r--r--patches.fixes/ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overl.patch56
-rw-r--r--patches.fixes/ext4-don-t-update-checksum-of-new-initialized-bitmap.patch121
-rw-r--r--patches.fixes/ext4-eliminate-sleep-from-shutdown-ioctl.patch39
-rw-r--r--patches.fixes/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch49
-rw-r--r--patches.fixes/ext4-fix-bitmap-position-validation.patch79
-rw-r--r--patches.fixes/ext4-make-metadata-csum-checks-safer.patch46
-rw-r--r--patches.fixes/ext4-move-call-to-ext4_error-into-ext4_xattr_check_b.patch125
-rw-r--r--patches.fixes/ext4-pass-ESHUTDOWN-code-to-jbd2-layer.patch96
-rw-r--r--patches.fixes/ext4-prevent-right-shifting-extents-beyond-EXT_MAX_B.patch74
-rw-r--r--patches.fixes/ext4-protect-i_disksize-update-by-i_data_sem-in-dire.patch63
-rw-r--r--patches.fixes/ext4-set-h_journal-if-there-is-a-failure-starting-a-.patch48
-rw-r--r--patches.fixes/ext4-shutdown-should-not-prevent-get_write_access.patch42
-rw-r--r--patches.fixes/f2fs-avoid-hungtask-when-GC-encrypted-block-if-io_bi.patch115
-rw-r--r--patches.fixes/f2fs-expose-some-sectors-to-user-in-inline-data-or-d.patch39
-rw-r--r--patches.fixes/f2fs-fix-heap-mode-to-reset-it-back.patch57
-rw-r--r--patches.fixes/f2fs-fix-to-clear-CP_TRIMMED_FLAG.patch37
-rw-r--r--patches.fixes/fanotify-fix-logic-of-events-on-child.patch88
-rw-r--r--patches.fixes/fs-aio-Add-explicit-RCU-grace-period-when-freeing-ki.patch96
-rw-r--r--patches.fixes/fs-aio-Use-RCU-accessors-for-kioctx_table-table.patch100
-rw-r--r--patches.fixes/fs-fat-inode.c-fix-sb_rdonly-change.patch42
-rw-r--r--patches.fixes/fs-reiserfs-journal.c-add-missing-resierfs_warning-a.patch56
-rw-r--r--patches.fixes/fsnotify-Fix-fsnotify_mark_connector-race.patch71
-rw-r--r--patches.fixes/fuse-fix-READDIRPLUS-skipping-an-entry.patch45
-rw-r--r--patches.fixes/gfs2-Fix-debugfs-glocks-dump.patch92
-rw-r--r--patches.fixes/ip6_vti-adjust-vti-mtu-according-to-mtu-of-lower-dev.patch89
-rw-r--r--patches.fixes/ip_gre-fix-IFLA_MTU-ignored-on-NEWLINK.patch43
-rw-r--r--patches.fixes/ipv4-igmp-guard-against-silly-MTU-values.patch154
-rw-r--r--patches.fixes/ipv6-omit-traffic-class-when-calculating-flow-hash.patch61
-rw-r--r--patches.fixes/jbd2-if-the-journal-is-aborted-then-don-t-allow-upda.patch46
-rw-r--r--patches.fixes/jffs2_kill_sb-deal-with-failed-allocations.patch30
-rw-r--r--patches.fixes/kernel-acct.c-fix-the-acct-needcheck-check-in-check_free_space.patch49
-rw-r--r--patches.fixes/kernel-async.c-revert-async-simplify-lowest_in_progress.patch85
-rw-r--r--patches.fixes/kernel-relay.c-revert-kernel-relay.c-fix-potential-memory-leak.patch41
-rw-r--r--patches.fixes/kernel-signal.c-protect-the-SIGNAL_UNKILLABLE-tasks-from-sig_kernel_only-signals.patch34
-rw-r--r--patches.fixes/kernel-signal.c-protect-the-traced-SIGNAL_UNKILLABLE-tasks-from-SIGKILL.patch54
-rw-r--r--patches.fixes/kernel-signal.c-remove-the-no-longer-needed-SIGNAL_UNKILLABLE-check-in-complete_signal.patch83
-rw-r--r--patches.fixes/kexec-export-pg_swapbacked-to-vmcoreinfo42
-rw-r--r--patches.fixes/l2tp-do-not-accept-arbitrary-sockets.patch75
-rw-r--r--patches.fixes/libceph-adding-missing-message-types-to-ceph_msg_type_name.patch42
-rw-r--r--patches.fixes/libceph-ceph-change-permission-for-readonly-debugfs-entries.patch104
-rw-r--r--patches.fixes/libceph-fix-misjudgement-of-maximum-monitor-number.patch28
-rw-r--r--patches.fixes/libceph-reschedule-a-tick-in-finish_hunting.patch46
-rw-r--r--patches.fixes/libceph-un-backoff-on-tick-when-we-have-a-authenticated-session.patch57
-rw-r--r--patches.fixes/libceph-validate-con-state-at-the-top-of-try_write.patch53
-rw-r--r--patches.fixes/linux-uaccess.h-Fix-copy_in_user-declaration.patch33
-rw-r--r--patches.fixes/lock_parent-needs-to-recheck-if-dentry-got-__dentry_.patch54
-rw-r--r--patches.fixes/loop-handle-short-DIO-reads.patch73
-rw-r--r--patches.fixes/mbcache-initialize-entry-e_referenced-in-mb_cache_en.patch92
-rw-r--r--patches.fixes/mm-fadvise-discard-partial-page-if-endbyte-is-also-E.patch221
-rw-r--r--patches.fixes/mm-filemap.c-fix-NULL-pointer-in-page_cache_tree_ins.patch84
-rw-r--r--patches.fixes/mm-fix-device-dax-pud-write-faults-triggered-by-get_.patch115
-rw-r--r--patches.fixes/mm-fix-memory-size-alignment-in-devm_memremap_pages_release.patch38
-rw-r--r--patches.fixes/mm-huge_memory-c-_split_huge_page-use-atomic-clearpagedirty.patch52
-rw-r--r--patches.fixes/mm-khugepaged-c-convert-vm_bug_on-to-collapse-fail.patch54
-rw-r--r--patches.fixes/mm-ksm-c-fix-inconsistent-accounting-of-zero-pages.patch47
-rw-r--r--patches.fixes/mm-mempolicy-c-avoid-use-uninitialized-preferred_node.patch43
-rw-r--r--patches.fixes/mm-page_alloc-do-not-break-_gfp_thisnode-by-zonelist-reset.patch71
-rw-r--r--patches.fixes/mm-page_owner-fix-recursion-bug-after-changing-skip-entries.patch81
-rw-r--r--patches.fixes/mm-percpu-add-support-for-__GFP_NOWARN-flag.patch98
-rw-r--r--patches.fixes/mm-slab-reschedule-cache_reap-on-the-same-cpu.patch53
-rw-r--r--patches.fixes/mm-swap-fix-race-between-swap-count-continuation-operations.patch159
-rw-r--r--patches.fixes/mm-thp-do-not-wait-for-lock_page-in-deferred_split_scan.patch45
-rw-r--r--patches.fixes/netfilter-ebtables-fix-erroneous-reject-of-last-rule.patch2
-rw-r--r--patches.fixes/netfilter-use-skb_to_full_sk-in-ip6_route_me_harder.patch58
-rw-r--r--patches.fixes/ocfs2-acl-use-ip_xattr_sem-to-protect-getting-extend.patch98
-rw-r--r--patches.fixes/ocfs2-dlm-wait-for-dlm-recovery-done-when-migrating-.patch174
-rw-r--r--patches.fixes/ocfs2-return-EROFS-to-mount.ocfs2-if-inode-block-is-.patch70
-rw-r--r--patches.fixes/ovl-Put-upperdentry-if-ovl_check_origin-fails.patch37
-rw-r--r--patches.fixes/ovl-Return-ENOMEM-if-an-allocation-fails-ovl_lookup.patch36
-rw-r--r--patches.fixes/ovl-fix-failure-to-fsync-lower-dir.patch55
-rw-r--r--patches.fixes/ovl-fix-lookup-with-middle-layer-opaque-dir-and-abso.patch91
-rw-r--r--patches.fixes/partitions-msdos-Unable-to-mount-UFS-44bsd-partition38
-rw-r--r--patches.fixes/rbd-use-gfp_noio-for-parent-stat-and-data-requests.patch44
-rw-r--r--patches.fixes/rds-Fix-NULL-pointer-dereference-in-__rds_rdma_map.patch95
-rw-r--r--patches.fixes/rds-Incorrect-reference-counting-in-TCP-socket-creat.patch71
-rw-r--r--patches.fixes/regulator-gpio-fix-some-error-handling-paths-in-gpio_regulator_probe.patch87
-rw-r--r--patches.fixes/sched-Make-resched_cpu-unconditional.patch64
-rw-r--r--patches.fixes/sched-Stop-resched_cpu-from-sending-IPIs-to-offline-CPUs.patch69
-rw-r--r--patches.fixes/sched-Stop-switched_to_rt-from-sending-IPIs-to-offline-CPUs.patch72
-rw-r--r--patches.fixes/sctp-verify-size-of-a-new-chunk-in-_sctp_make_chunk.patch84
-rw-r--r--patches.fixes/sget-handle-failures-of-register_shrinker.patch35
-rw-r--r--patches.fixes/srcu-Provide-ordering-for-CPU-not-involved-in-grace-.patch65
-rw-r--r--patches.fixes/tcp-revert-F-RTO-middle-box-workaround.patch58
-rw-r--r--patches.fixes/timers-Invoke-timer_start_debug-where-it-makes-sense.patch48
-rw-r--r--patches.fixes/timers-Reinitialize-per-cpu-bases-on-hotplug.patch101
-rw-r--r--patches.fixes/timers-Unconditionally-check-deferrable-base.patch36
-rw-r--r--patches.fixes/timers-Use-deferrable-base-independent-of-base-nohz_active.patch77
-rw-r--r--patches.fixes/ubifs-Check-ubifs_wbuf_sync-return-code.patch58
-rw-r--r--patches.fixes/ubifs-free-the-encrypted-symlink-target.patch66
-rw-r--r--patches.fixes/udf-Avoid-overflow-when-session-starts-at-large-offs.patch36
-rw-r--r--patches.fixes/udf-Fix-leak-of-UTF-16-surrogates-into-encoded-strin.patch54
-rw-r--r--patches.fixes/vti-fix-use-after-free-in-vti_tunnel_xmit-vti6_tnl_x.patch96
-rw-r--r--patches.fixes/vti6-Change-minimum-MTU-to-IPV4_MIN_MTU-vti6-can-car.patch50
-rw-r--r--patches.fixes/vti6-Fix-dev-max_mtu-setting.patch37
-rw-r--r--patches.fixes/vti6-Keep-set-MTU-on-link-creation-or-change-validat.patch126
-rw-r--r--patches.fixes/vti6-Properly-adjust-vti6-MTU-from-MTU-of-lower-devi.patch87
-rw-r--r--patches.fixes/workqueue-Allow-retrieval-of-current-task-s-work-str68
-rw-r--r--patches.fixes/workqueue-use-put_device-instead-of-kfree31
-rw-r--r--patches.fixes/xen-acpi-off-by-one-in-read_apci_id.patch34
-rw-r--r--patches.kabi/ALSA-emu10k1-kabi-workaround.patch42
-rw-r--r--patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch118
-rw-r--r--patches.kabi/ALSA-pcm-timer-inclusion-kabi-fix.patch29
-rw-r--r--patches.kabi/acpi-ec-gpe-kabi-fix.patch32
-rw-r--r--patches.kabi/fix-kvm-kabi.patch40
-rw-r--r--patches.kabi/fsnotify-Fix-fsnotify_mark_connector-race-kabi.patch41
-rw-r--r--patches.kabi/iwlwifi-fw_runtime_ops-kabi-compat.patch27
-rw-r--r--patches.kabi/iwlwifi-iwl_cfg-kabi-fix.patch28
-rw-r--r--patches.kabi/kabi-protect-struct-acpi_nfit_desc.patch23
-rw-r--r--patches.kabi/mm-swap-fix-race-between-swap-count-continuation-operation-kabi.patch36
-rw-r--r--patches.kabi/ocfs2-dlm-wait-for-dlm-recovery-done-kabi.patch27
-rw-r--r--patches.kabi/powerpc-livepatch-fix-kabi-breaker-stacktraces.patch26
-rw-r--r--patches.kabi/usb-audio-quirk-kabi-fix.patch32
-rw-r--r--patches.suse/0001-md-r5cache-fix-io_unit-handling-in-r5l_log_endio.patch120
-rw-r--r--patches.suse/0003-block-Add-comment-to-submit_bio_wait.patch37
-rw-r--r--patches.suse/0004-bio-integrity-move-the-bio-integrity-profile-check-e.patch47
-rw-r--r--patches.suse/0005-dm-crypt-don-t-mess-with-BIP_BLOCK_INTEGRITY.patch36
-rw-r--r--patches.suse/0006-md-bitmap-copy-correct-data-for-bitmap-super.patch51
-rw-r--r--patches.suse/0007-md-replace-seq_release_private-with-seq_release.patch39
-rw-r--r--patches.suse/0008-kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch15
-rw-r--r--patches.suse/0008-md-r5cache-call-mddev_lock-unlock-in-r5c_journal_mod.patch58
-rw-r--r--patches.suse/0009-raid5-remove-raid5_build_block.patch59
-rw-r--r--patches.suse/0010-md-raid0-attach-correct-cgroup-info-in-bio.patch47
-rw-r--r--patches.suse/0011-dm-rq-make-dm-sq-requeuing-behavior-consistent-with-.patch66
-rw-r--r--patches.suse/0012-dm-rq-do-not-update-rq-partially-in-each-ending-bio.patch111
-rw-r--r--patches.suse/0013-dm-integrity-optimize-writing-dm-bufio-buffers-that-.patch260
-rw-r--r--patches.suse/0014-dm-integrity-count-and-display-checksum-failures.patch79
-rw-r--r--patches.suse/0015-dm-ioctl-constify-ioctl-lookup-table.patch35
-rw-r--r--patches.suse/0016-dm-log-writes-don-t-use-all-the-cpu-while-waiting-to.patch39
-rw-r--r--patches.suse/0017-dm-log-writes-fix-512b-sectorsize-support.patch141
-rw-r--r--patches.suse/0018-dm-integrity-do-not-check-integrity-for-failed-read-.patch47
-rw-r--r--patches.suse/0019-dm-integrity-make-blk_integrity_profile-structure-co.patch36
-rw-r--r--patches.suse/0020-dm-integrity-use-init_completion-instead-of-COMPLETI.patch133
-rw-r--r--patches.suse/0021-md-separate-request-handling.patch129
-rw-r--r--patches.suse/0022-md-fix-a-race-condition-for-flush-request-handling.patch57
-rw-r--r--patches.suse/0023-dm-raid-fix-a-race-condition-in-request-handling.patch39
-rw-r--r--patches.suse/0024-md-raid5-cap-worker-count.patch47
-rw-r--r--patches.suse/0025-dm-crypt-fix-memory-leak-in-crypt_ctr_cipher_old.patch35
-rw-r--r--patches.suse/0026-dm-crypt-reject-sector_size-feature-if-device-length.patch41
-rw-r--r--patches.suse/0027-dm-raid-fix-incorrect-status-output-at-the-end-of-a-.patch96
-rw-r--r--patches.suse/0028-locking-atomics-dm-integrity-Convert-ACCESS_ONCE-to-.patch134
-rw-r--r--patches.suse/0029-locking-atomics-COCCINELLE-treewide-Convert-trivial-.patch3768
-rw-r--r--patches.suse/0030-dm-convert-dm_dev_internal.count-from-atomic_t-to-re.patch92
-rw-r--r--patches.suse/0031-dm-convert-table_device.count-from-atomic_t-to-refco.patch92
-rw-r--r--patches.suse/0032-dm-cache-convert-dm_cache_metadata.ref_count-from-at.patch88
-rw-r--r--patches.suse/0033-dm-cache-fix-race-condition-in-the-writeback-mode-ov.patch161
-rw-r--r--patches.suse/0034-dm-cache-pass-cache-structure-to-mode-functions.patch131
-rw-r--r--patches.suse/0035-dm-cache-submit-writethrough-writes-in-parallel-to-o.patch144
-rw-r--r--patches.suse/0036-dm-cache-remove-all-obsolete-writethrough-specific-c.patch175
-rw-r--r--patches.suse/0037-dm-cache-simplify-get_per_bio_data-by-removing-data_.patch228
-rw-r--r--patches.suse/0038-dm-log-writes-add-support-for-inline-data-buffers.patch144
-rw-r--r--patches.suse/0039-dm-log-writes-add-support-for-DAX.patch161
-rw-r--r--patches.suse/0040-dm-space-map-metadata-use-ARRAY_SIZE.patch56
-rw-r--r--patches.suse/0041-dm-zoned-ignore-last-smaller-runt-zone.patch82
-rw-r--r--patches.suse/0042-dm-small-cleanup-in-dm_get_md.patch47
-rw-r--r--patches.suse/0043-dm-crypt-allow-unaligned-bv_offset.patch58
-rw-r--r--patches.suse/0044-dm-integrity-allow-unaligned-bv_offset.patch47
-rw-r--r--patches.suse/0045-dm-raid-fix-panic-when-attempting-to-force-a-raid-to.patch74
-rw-r--r--patches.suse/0046-dm-cache-policy-smq-handle-races-with-queuing-backgr.patch80
-rw-r--r--patches.suse/0047-dm-cache-policy-smq-take-origin-idle-status-into-acc.patch60
-rw-r--r--patches.suse/0048-dm-cache-background-tracker-limit-amount-of-backgrou.patch59
-rw-r--r--patches.suse/0049-dm-cache-policy-smq-change-max-background-work-from-.patch36
-rw-r--r--patches.suse/0050-dm-cache-policy-smq-allocate-cache-blocks-in-order.patch60
-rw-r--r--patches.suse/0051-dm-cache-remove-usused-deferred_cells-member-from-st.patch40
-rw-r--r--patches.suse/0052-dm-cache-lift-common-migration-preparation-code-to-a.patch61
-rw-r--r--patches.suse/0053-md-fix-deadlock-error-in-recent-patch.patch44
-rw-r--r--patches.suse/0054-md-bitmap-revert-a-patch.patch47
-rw-r--r--patches.suse/0055-md-cluster-make-function-cluster_check_sync_size-sta.patch38
-rw-r--r--patches.suse/0056-md-raid10-remove-VLAIS.patch74
-rw-r--r--patches.suse/0057-md-rename-some-drivers-md-files-to-have-an-md-prefix.patch8512
-rw-r--r--patches.suse/0058-md-raid10-remove-a-couple-of-redundant-variables-and.patch72
-rw-r--r--patches.suse/0059-raid5-Set-R5_Expanded-on-parity-devices-as-well-as-d.patch55
-rw-r--r--patches.suse/0060-md-forbid-a-RAID5-from-having-both-a-bitmap-and-a-jo.patch81
-rw-r--r--patches.suse/0061-md-always-hold-reconfig_mutex-when-calling-mddev_sus.patch148
-rw-r--r--patches.suse/0062-md-don-t-call-bitmap_create-while-array-is-quiesced.patch71
-rw-r--r--patches.suse/0063-md-move-suspend_hi-lo-handling-into-core-md-code.patch166
-rw-r--r--patches.suse/0064-md-use-mddev_suspend-resume-instead-of-quiesce.patch103
-rw-r--r--patches.suse/0065-md-allow-metadata-update-while-suspending.patch91
-rw-r--r--patches.suse/0066-md-remove-special-meaning-of-quiesce-.-2.patch323
-rw-r--r--patches.suse/0067-md-use-TASK_IDLE-instead-of-blocking-signals.patch53
-rw-r--r--patches.suse/0068-raid1-prevent-freeze_array-wait_all_barriers-deadloc.patch86
-rw-r--r--patches.suse/0069-md-use-lockdep_assert_held.patch119
-rw-r--r--patches.suse/0070-raid1-remove-obsolete-code-in-raid1_write_request.patch72
-rw-r--r--patches.suse/0071-md-remove-redundant-variable-q.patch45
-rw-r--r--patches.suse/0072-md-don-t-check-MD_SB_CHANGE_CLEAN-in-md_allow_write.patch62
-rw-r--r--patches.suse/0073-md-be-cautious-about-using-curr_resync_completed-for.patch155
-rw-r--r--patches.suse/0074-md-bitmap-clear-BITMAP_WRITE_ERROR-bit-before-writin.patch45
-rw-r--r--patches.suse/0075-md-release-allocated-bitset-sync_set.patch46
-rw-r--r--patches.suse/0076-md-free-unused-memory-after-bitmap-resize.patch74
-rw-r--r--patches.suse/0077-bitops-Introduce-assign_bit.patch135
-rw-r--r--patches.suse/0078-dm-discard-support-requires-all-targets-in-a-table-s.patch100
-rw-r--r--patches.suse/0079-dm-do-not-set-discards_supported-in-targets-that-do-.patch60
-rw-r--r--patches.suse/0080-dm-clear-all-discard-attributes-in-queue_limits-when.patch44
-rw-r--r--patches.suse/0081-dm-bufio-fix-integer-overflow-when-limiting-maximum-.patch78
-rw-r--r--patches.suse/0082-md-raid5-correct-degraded-calculation-in-raid5_error.patch55
-rw-r--r--patches.suse/0083-md-r5cache-move-mddev_lock-out-of-r5c_journal_mode_s.patch86
-rw-r--r--patches.suse/0084-md-limit-mdstat-resync-progress-to-max_sectors.patch53
-rw-r--r--patches.suse/0085-md-raid1-10-add-missed-blk-plug.patch68
-rw-r--r--patches.suse/0086-dm-table-fix-regression-from-improper-dm_dev_interna.patch49
-rw-r--r--patches.suse/0087-dm-fix-various-targets-to-dm_register_target-after-m.patch261
-rw-r--r--patches.suse/0088-dm-bufio-fix-shrinker-scans-when-nr_to_scan-retain_t.patch79
-rw-r--r--patches.suse/0089-dm-thin-metadata-THIN_MAX_CONCURRENT_LOCKS-should-be.patch59
-rw-r--r--patches.suse/0090-dm-btree-fix-serious-bug-in-btree_split_beneath.patch77
-rw-r--r--patches.suse/0091-dm-crypt-fix-crash-by-adding-missing-check-for-auth-.patch51
-rw-r--r--patches.suse/0092-dm-integrity-don-t-store-cipher-request-on-the-stack.patch136
-rw-r--r--patches.suse/0093-dm-crypt-wipe-kernel-key-copy-after-IV-initializatio.patch77
-rw-r--r--patches.suse/0094-dm-crypt-fix-error-return-code-in-crypt_ctr.patch36
-rw-r--r--patches.suse/0095-dm-limit-the-max-bio-size-as-BIO_MAX_PAGES-PAGE_SIZE.patch47
-rw-r--r--patches.suse/0096-bcache-comment-on-direct-access-to-bvec-table.patch55
-rw-r--r--patches.suse/0098-dm-crypt-don-t-clear-bvec-bv_page-in-crypt_free_buff.patch38
-rw-r--r--patches.suse/0099-bcache-ret-IOERR-when-read-meets-metadata-error.patch90
-rw-r--r--patches.suse/0100-bcache-stop-writeback-thread-after-detaching.patch55
-rw-r--r--patches.suse/0101-bcache-Use-PTR_ERR_OR_ZERO.patch43
-rw-r--r--patches.suse/0102-bcache-segregate-flash-only-volume-write-streams.patch86
-rw-r--r--patches.suse/0103-bcache-fix-wrong-return-value-in-bch_debug_init.patch213
-rw-r--r--patches.suse/0104-bcache-writeback-properly-order-backing-device-IO.patch126
-rw-r--r--patches.suse/0105-bcache-allow-quick-writeback-when-backing-idle.patch93
-rw-r--r--patches.suse/0106-bcache-Fix-improve-efficiency-of-closure_sync.patch243
-rw-r--r--patches.suse/0107-bcache-mark-closure_sync-__sched.patch44
-rw-r--r--patches.suse/0108-bcache-fix-unmatched-generic_end_io_acct-generic_sta.patch51
-rw-r--r--patches.suse/0109-bcache-reduce-cache_set-devices-iteration-by-devices.patch126
-rw-r--r--patches.suse/0110-bcache-fix-misleading-error-message-in-bch_count_io_.patch124
-rw-r--r--patches.suse/0111-bcache-fix-writeback-target-calc-on-large-devices.patch115
-rw-r--r--patches.suse/0112-bcache-closures-move-control-bits-one-bit-right.patch43
-rw-r--r--patches.suse/0113-md-raid1-raid10-silence-warning-about-wait-within-wa.patch85
-rw-r--r--patches.suse/0114-md-r5cache-print-more-info-of-log-recovery.patch40
-rw-r--r--patches.suse/0115-raid5-ppl-PPL-support-for-disks-with-write-back-cach.patch494
-rw-r--r--patches.suse/0116-dm-raid-fix-deadlock-caused-by-premature-md_stop_wri.patch70
-rw-r--r--patches.suse/0117-dm-raid-consume-sizes-after-md_finish_reshape-comple.patch126
-rw-r--r--patches.suse/0118-dm-raid-correct-resizing-state-relative-to-reshape-s.patch61
-rw-r--r--patches.suse/0119-dm-raid-fix-raid-set-size-revalidation.patch105
-rw-r--r--patches.suse/0120-dm-raid-add-component-device-size-checks-to-avoid-ru.patch65
-rw-r--r--patches.suse/0121-dm-raid-fix-raid_resume-to-keep-raid-set-frozen-as-n.patch55
-rw-r--r--patches.suse/0122-dm-raid-display-a-consistent-copy-of-the-MD-status-v.patch132
-rw-r--r--patches.suse/0123-dm-raid-avoid-passing-array_in_sync-variable-to-raid.patch149
-rw-r--r--patches.suse/0124-dm-raid-fix-rs_get_progress-synchronization-state-ra.patch204
-rw-r--r--patches.suse/0125-dm-raid-small-cleanup-and-remove-unsed-struct-raid_s.patch58
-rw-r--r--patches.suse/0126-dm-raid-bump-target-version-to-reflect-numerous-fixe.patch47
-rw-r--r--patches.suse/0127-dm-raid-validate-current-raid-sets-redundancy.patch53
-rw-r--r--patches.suse/0128-dm-raid-stop-keeping-raid-set-frozen-altogether.patch260
-rw-r--r--patches.suse/0129-dm-raid-ensure-a-chars-during-reshape.patch41
-rw-r--r--patches.suse/0130-dm-raid-simplify-rs_get_progress.patch56
-rw-r--r--patches.suse/0131-dm-raid-use-rs_is_raid.patch96
-rw-r--r--patches.suse/0132-dm-fix-comment-above-dm_accept_partial_bio.patch35
-rw-r--r--patches.suse/0133-dm-crypt-remove-BIOSET_NEED_RESCUER-flag.patch42
-rw-r--r--patches.suse/0134-dm-io-remove-BIOSET_NEED_RESCUER-flag-from-bios-bios.patch43
-rw-r--r--patches.suse/0135-dm-ensure-bio-submission-follows-a-depth-first-tree-.patch140
-rw-r--r--patches.suse/0136-dm-remove-unused-num_write_bios-target-interface.patch79
-rw-r--r--patches.suse/0137-dm-safely-allocate-multiple-bioset-bios.patch142
-rw-r--r--patches.suse/0138-dm-remove-BIOSET_NEED_RESCUER-based-dm_offload-infra.patch113
-rw-r--r--patches.suse/0139-dm-ensure-bio-based-DM-s-bioset-and-io_pool-support-.patch144
-rw-r--r--patches.suse/0140-dm-fix-__send_changing_extent_only-to-send-first-bio.patch134
-rw-r--r--patches.suse/0141-dm-set-QUEUE_FLAG_DAX-accordingly-in-dm_table_set_re.patch50
-rw-r--r--patches.suse/0142-dm-remove-stale-comment-blocks.patch52
-rw-r--r--patches.suse/0143-dm-rename-bio-member-of-dm_io-structure-to-orig_bio.patch131
-rw-r--r--patches.suse/0144-dm-simplify-start-of-block-stats-accounting-for-bio-.patch67
-rw-r--r--patches.suse/0145-dm-bufio-use-REQ_OP_READ-and-REQ_OP_WRITE.patch81
-rw-r--r--patches.suse/0146-dm-bufio-add-missed-destroys-of-client-mutex.patch42
-rw-r--r--patches.suse/0147-dm-bufio-check-result-of-register_shrinker.patch56
-rw-r--r--patches.suse/0148-dm-bufio-eliminate-unnecessary-labels-in-dm_bufio_cl.patch70
-rw-r--r--patches.suse/0149-dm-raid-make-raid_sets-symbol-static.patch37
-rw-r--r--patches.suse/0150-dm-move-dm_table_destroy-to-same-header-as-dm_table_.patch53
-rw-r--r--patches.suse/0151-dm-flakey-check-for-null-arg_name-in-parse_features.patch41
-rw-r--r--patches.suse/0152-dm-backfill-missing-calls-to-mutex_destroy.patch183
-rw-r--r--patches.suse/0153-dm-log-writes-fix-max-length-used-for-kstrndup.patch35
-rw-r--r--patches.suse/0154-dm-thin-fix-trailing-semicolon-in-__remap_and_issue_.patch36
-rw-r--r--patches.suse/0155-bcache-add-journal-statistic.patch121
-rw-r--r--patches.suse/0156-bcache-fix-high-CPU-occupancy-during-journal.patch174
-rw-r--r--patches.suse/0157-bcache-properly-set-task-state-in-bch_writeback_thre.patch117
-rw-r--r--patches.suse/0158-bcache-set-error_limit-correctly.patch127
-rw-r--r--patches.suse/0159-bcache-fix-for-allocator-and-register-thread-race.patch172
-rw-r--r--patches.suse/0160-bcache-set-writeback_rate_update_seconds-in-range-1-.patch84
-rw-r--r--patches.suse/0161-bcache-return-attach-error-when-no-cache-set-exist.patch64
-rw-r--r--patches.suse/0162-bcache-fix-for-data-collapse-after-re-attaching-an-a.patch131
-rw-r--r--patches.suse/0163-scsi-raid_class-Add-JBOD-RAID-level.patch47
-rw-r--r--patches.suse/0164-dm-correctly-handle-chained-bios-in-dec_pending.patch58
-rw-r--r--patches.suse/0165-md-raid5-simplify-uninitialization-of-shrinker.patch39
-rw-r--r--patches.suse/0166-md-raid1-Fix-trailing-semicolon.patch35
-rw-r--r--patches.suse/0167-md-multipath-Use-seq_putc-in-multipath_status.patch37
-rw-r--r--patches.suse/0168-MD-Free-bioset-when-md_run-fails.patch84
-rw-r--r--patches.suse/0169-md-document-lifetime-of-internal-rdev-pointer.patch97
-rw-r--r--patches.suse/0170-md-only-allow-remove_and_add_spares-when-no-sync_thr.patch65
-rw-r--r--patches.suse/0171-raid5-ppl-fix-handling-flush-requests.patch65
-rw-r--r--patches.suse/0172-md-raid5-avoid-string-overflow-warning.patch69
-rw-r--r--patches.suse/0173-md-cluster-choose-correct-label-when-clustered-layou.patch36
-rw-r--r--patches.suse/0174-md-fix-a-potential-deadlock-of-raid5-raid10-reshape.patch125
-rw-r--r--patches.suse/0175-md-raid1-fix-NULL-pointer-dereference.patch94
-rw-r--r--patches.suse/0176-bcache-correct-flash-only-vols-check-all-uuids.patch49
-rw-r--r--patches.suse/0177-bcache-fix-kcrashes-with-fio-in-RAID5-backend-dev.patch103
-rw-r--r--patches.suse/0178-md-Delete-gendisk-before-cleaning-up-the-request-que.patch46
-rw-r--r--patches.suse/0179-dm-raid-fix-incorrect-sync_ratio-when-degraded.patch63
-rw-r--r--patches.suse/0180-bcache-fix-cached_dev-count-usage-for-bch_cache_set_.patch183
-rw-r--r--patches.suse/0181-bcache-quit-dc-writeback_thread-when-BCACHE_DEV_DETA.patch136
-rw-r--r--patches.suse/0182-bcache-stop-dc-writeback_rate_update-properly.patch273
-rw-r--r--patches.suse/0183-bcache-add-CACHE_SET_IO_DISABLE-to-struct-cache_set-.patch535
-rw-r--r--patches.suse/0184-bcache-add-stop_when_cache_set_failed-option-to-back.patch261
-rw-r--r--patches.suse/0185-bcache-fix-inaccurate-io-state-for-detached-bcache-d.patch128
-rw-r--r--patches.suse/0186-bcache-fix-incorrect-sysfs-output-value-of-strip-siz.patch43
-rw-r--r--patches.suse/0187-bcache-fix-error-return-value-in-memory-shrink.patch36
-rw-r--r--patches.suse/0188-bcache-fix-using-of-loop-variable-in-memory-shrink.patch66
-rw-r--r--patches.suse/0189-bcache-move-closure-debug-file-into-debug-directory.patch155
-rw-r--r--patches.suse/0190-bcache-add-backing_request_endio-for-bi_end_io.patch262
-rw-r--r--patches.suse/0191-bcache-add-io_disable-to-struct-cached_dev.patch241
-rw-r--r--patches.suse/0192-bcache-Fix-indentation.patch50
-rw-r--r--patches.suse/0193-bcache-Add-__printf-annotation-to-__bch_check_keys.patch46
-rw-r--r--patches.suse/0194-bcache-Annotate-switch-fall-through.patch55
-rw-r--r--patches.suse/0195-bcache-Fix-kernel-doc-warnings.patch122
-rw-r--r--patches.suse/0196-bcache-Remove-an-unused-variable.patch40
-rw-r--r--patches.suse/0197-bcache-Suppress-more-warnings-about-set-but-not-used.patch60
-rw-r--r--patches.suse/0198-bcache-Reduce-the-number-of-sparse-complaints-about-.patch44
-rw-r--r--patches.suse/0199-bcache-Fix-a-compiler-warning-in-bcache_device_init.patch51
-rw-r--r--patches.suse/0200-raid-remove-tile-specific-raid6-implementation.patch185
-rw-r--r--patches.suse/0201-dax-dm-allow-device-mapper-to-operate-without-dax-su.patch291
-rw-r--r--patches.suse/0202-dm-crypt-limit-the-number-of-allocated-pages.patch155
-rw-r--r--patches.suse/0203-dm-remove-unused-macro-DM_MOD_NAME_SIZE.patch32
-rw-r--r--patches.suse/0204-dm-integrity-fail-early-if-required-HMAC-key-is-not-.patch44
-rw-r--r--patches.suse/0205-dm-log-writes-record-metadata-flag-for-better-flags-.patch59
-rw-r--r--patches.suse/0206-dm-stripe-get-rid-of-a-Variable-Length-Array-VLA.patch57
-rw-r--r--patches.suse/0207-dm-raid-fix-nosync-status.patch39
-rw-r--r--patches.suse/0208-dm-bufio-delete-outdated-comment.patch37
-rw-r--r--patches.suse/0209-dm-bufio-move-dm-bufio.h-to-include-linux.patch401
-rw-r--r--patches.suse/0210-dm-bufio-get-rid-of-slab-cache-name-allocations.patch90
-rw-r--r--patches.suse/0211-dm-bufio-remove-code-that-merges-slab-caches.patch165
-rw-r--r--patches.suse/0212-dm-bufio-relax-alignment-constraint-on-slab-cache.patch49
-rw-r--r--patches.suse/0213-dm-bufio-reorder-fields-in-dm_buffer-structure.patch63
-rw-r--r--patches.suse/0214-dm-bufio-use-slab-cache-for-dm_buffer-structure-allo.patch125
-rw-r--r--patches.suse/0215-dm-bufio-support-non-power-of-two-block-sizes.patch172
-rw-r--r--patches.suse/0216-dm-bufio-don-t-embed-a-bio-in-the-dm_buffer-structur.patch226
-rw-r--r--patches.suse/0217-dm-raid-fix-parse_raid_params-variable-range-issue.patch108
-rw-r--r--patches.suse/0218-md-cluster-don-t-update-recovery_offset-for-faulty-d.patch40
-rw-r--r--patches.suse/0219-md-raid1-exit-sync-request-if-MD_RECOVERY_INTR-is-se.patch114
-rw-r--r--patches.suse/0220-raid1-copy-write-hint-from-master-bio-to-behind-bio.patch34
-rw-r--r--patches.suse/0221-bcache-store-disk-name-in-struct-cache-and-struct-ca.patch315
-rw-r--r--patches.suse/0222-bcache-set-CACHE_SET_IO_DISABLE-in-bch_cached_dev_er.patch82
-rw-r--r--patches.suse/0223-bcache-count-backing-device-I-O-error-for-writeback-.patch50
-rw-r--r--patches.suse/0224-bcache-add-wait_for_kthread_stop-in-bch_allocator_th.patch96
-rw-r--r--patches.suse/0225-bcache-set-dc-io_disable-to-true-in-conditional_stop.patch62
-rw-r--r--patches.suse/0226-bcache-use-pr_info-to-inform-duplicated-CACHE_SET_IO.patch45
-rw-r--r--patches.suse/0227-tools-headers-Restore-READ_ONCE-C-compatibility.patch65
-rw-r--r--patches.suse/0228-dm-bufio-fix-buffer-alignment.patch51
-rw-r--r--patches.suse/0229-bcache-return-0-from-bch_debug_init-if-CONFIG_DEBUG_.patch53
-rw-r--r--patches.suse/ACPI-watchdog-Make-acpi_has_watchdog-false-after-fai59
-rw-r--r--patches.suse/Input-synaptics-Add-intertouch-blacklist-for-Thinkpa.patch46
-rw-r--r--patches.suse/KABI-cpu-hotplug-provide-the-old-get-put_online_cpus.patch52
-rw-r--r--patches.suse/block-replace-bi_bdev-with-a-gendisk-pointer-and-par.patch895
-rw-r--r--patches.suse/bpf-prevent-memory-disambiguation-attack.patch3
-rw-r--r--patches.suse/brcmsmac-allocate-ucode-with-GFP_KERNEL.patch5
-rw-r--r--patches.suse/btrfs-use-kvzalloc-to-allocate-btrfs_fs_info.patch5
-rw-r--r--patches.suse/ceph-don-t-check-quota-for-snap-inode.patch12
-rw-r--r--patches.suse/ceph-fix-root-quota-realm-check.patch8
-rw-r--r--patches.suse/ceph-quota-add-counter-for-snaprealms-with-quota.patch14
-rw-r--r--patches.suse/ceph-quota-add-initial-infrastructure-to-support-cephfs-quotas.patch69
-rw-r--r--patches.suse/ceph-quota-add-quotas-to-the-in-tree-cephfs-documentation.patch40
-rw-r--r--patches.suse/ceph-quota-cache-inode-pointer-in-ceph_snap_realm.patch22
-rw-r--r--patches.suse/ceph-quota-don-t-allow-cross-quota-renames.patch13
-rw-r--r--patches.suse/ceph-quota-support-for-ceph-quota-max_bytes.patch16
-rw-r--r--patches.suse/ceph-quota-support-for-ceph-quota-max_files.patch21
-rw-r--r--patches.suse/ceph-quota-update-mds-when-max_bytes-is-approaching.patch16
-rw-r--r--patches.suse/livepatch-allow-to-call-a-custom-callback-when-freeing-shadow-variables.patch3
-rw-r--r--patches.suse/livepatch-initialize-shadow-variables-safely-by-a-custom-callback.patch3
-rw-r--r--patches.suse/mm-fix-the-NULL-mapping-case-in-__isolate_lru_page.patch48
-rw-r--r--patches.suse/mm-free_pcppages_bulk-do-not-hold-lock-when-picking-pages-to-free.patch4
-rw-r--r--patches.suse/mm-free_pcppages_bulk-prefetch-buddy-while-not-holding-lock.patch118
-rw-r--r--patches.suse/mm-free_pcppages_bulk-update-pcp-count-inside.patch4
-rw-r--r--patches.suse/mremap-Remove-LATENCY_LIMIT-from-mremap-to-reduce-the-number-of-TLB-shootdowns.patch100
-rw-r--r--patches.suse/powerpc-64s-Enhance-the-information-in-cpu_show_spec.patch26
-rw-r--r--patches.suse/powerpc-livepatch-fix-build-error-with-kprobes-disabled.patch44
-rw-r--r--patches.suse/powerpc-livepatch-implement-reliable-stack-tracing-for-the-consistency-model.patch (renamed from patches.suse/ppc64le-HAVE_RELIABLE_STACKTRACE)130
-rw-r--r--patches.suse/ppc64le-fix-idle-stacktrace.patch97
-rw-r--r--patches.suse/ppc64le-stacktrace-fix-graph-ftrace-interaction.patch49
-rw-r--r--patches.suse/ppc64le-stacktrace-fix-text-check.patch51
-rw-r--r--patches.suse/ppc64le-stacktrace-mark-exception-stacks-unreliable.patch60
-rw-r--r--patches.suse/ppc64le-stacktrace-mark-kretprobe-stacks-unreliable.patch45
-rw-r--r--patches.suse/quota-report-root-dir-quota-usage-in-statfs.patch16
-rw-r--r--patches.suse/sched-fair-Avoid-an-unnecessary-lookup-of-current-CPU-ID-during-wake_affine.patch14
-rw-r--r--patches.suse/sched-fair-Consider-SD_NUMA-when-selecting-the-most-idle-group-to-schedule-on.patch14
-rw-r--r--patches.suse/sched-fair-Defer-calculation-of-prev_eff_load-in-wake_affine-until-needed.patch14
-rw-r--r--patches.suse/sched-fair-Do-not-migrate-due-to-a-sync-wakeup-on-exit.patch15
-rw-r--r--patches.suse/sched-fair-Do-not-migrate-on-wake_affine_weight-if-weights-are-equal.patch14
-rw-r--r--patches.suse/sched-numa-Delay-retrying-placement-for-automatic-NUMA-balance-after-wake_affine.patch236
-rw-r--r--patches.suse/sched-numa-Stagger-NUMA-balancing-scan-periods-for-new-threads.patch188
-rw-r--r--patches.suse/sched-numa-avoid-trapping-faults-and-attempting-migration-of-file-backed-dirty-pages.patch6
-rw-r--r--patches.suse/suse-hv-hv_compose_msi_msg.patch81
-rw-r--r--patches.suse/suse-hv-netvsc-ifup.patch46
-rw-r--r--patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch76
-rw-r--r--patches.suse/x86-speculation-Move-firmware_restrict_branch_specul.patch2
-rw-r--r--rpm/config.sh2
-rw-r--r--rpm/kernel-binary.spec.in63
-rw-r--r--rpm/kernel-docs.spec.in2
-rw-r--r--rpm/kernel-source.spec.in1
-rwxr-xr-xrpm/klp-symbols60
-rw-r--r--rpm/macros.kernel-source2
-rwxr-xr-xrpm/mkspec6
-rwxr-xr-xrpm/split-modules4
-rwxr-xr-xscripts/bugzilla-cli18
-rwxr-xr-xscripts/bugzilla-create189
-rwxr-xr-xscripts/bugzilla-resolve24
-rw-r--r--scripts/bugzilla/__init__.py39
-rw-r--r--scripts/bugzilla/_cli.py1181
-rw-r--r--scripts/bugzilla/apiversion.py11
-rw-r--r--scripts/bugzilla/base.py1856
-rw-r--r--scripts/bugzilla/bug.py450
-rw-r--r--scripts/bugzilla/oldclasses.py23
-rw-r--r--scripts/bugzilla/rhbugzilla.py352
-rw-r--r--scripts/bugzilla/transport.py196
-rw-r--r--scripts/git_sort/README.md2
-rwxr-xr-xscripts/git_sort/clone_all.py45
-rwxr-xr-xscripts/git_sort/git_sort.py111
-rw-r--r--scripts/git_sort/lib.py131
-rwxr-xr-xscripts/git_sort/merge_tool.py27
-rwxr-xr-xscripts/git_sort/sequence-insert.py2
-rwxr-xr-xscripts/git_sort/series_conf.py8
-rwxr-xr-xscripts/git_sort/series_insert.py4
-rwxr-xr-xscripts/git_sort/series_sort.py7
-rw-r--r--scripts/git_sort/tests/support.py27
-rwxr-xr-xscripts/git_sort/tests/test_git_sort.py66
-rwxr-xr-xscripts/git_sort/tests/test_quilt_mode.py167
-rwxr-xr-x[-rw-r--r--]scripts/git_sort/tests/test_series_insert.py40
-rwxr-xr-xscripts/git_sort/tests/test_series_sort.py735
-rwxr-xr-xscripts/log2146
-rwxr-xr-xscripts/osc_wrapper6
-rwxr-xr-xscripts/python/check-patchhdr20
-rwxr-xr-xscripts/python/suse_git/header.py12
-rw-r--r--scripts/python/suse_git/patch.py4
-rw-r--r--scripts/python/test-all.sh2
-rwxr-xr-xscripts/python/tests/test_header.py49
-rwxr-xr-xscripts/sequence-patch.sh15
-rw-r--r--scripts/tests/lib.py9
-rwxr-xr-xscripts/tests/test_log2.py571
-rw-r--r--series.conf1551
-rw-r--r--supported.conf8
1486 files changed, 145779 insertions, 2334 deletions
diff --git a/blacklist.conf b/blacklist.conf
index e28d98cd75..8a9051490e 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -183,10 +183,6 @@ a152992062aa3803eeabfda84b5b844721ddf6ed # drm/imx: not applicable
aac64f7de999d5a7fff55f49434fdd87df919829 # not needed
13ab183d138f607d885e995d625e58d47678bf97 # we do not have bde5f6bc68db
6314dab4b8fb8493d810e175cb340376052c69b6 # we do not have 2b02c20ce0c2
-25c058ccaf2ebbc3e250ec1e199e161f91fe27d4 # drm: lack of current_work()
-d61a5c1063515e855bedb1b81e20e50b0ac3541e # drm/nouveau: depends on 25c058cc
-15734feff2bdac24aa3266c437cffa42851990e3 # drm/radeon: depends on 25c058cc
-aa0aad57909eb321746325951d66af88a83bc956 # drm/amdgpu: depends on 25c058cc
071750e550af46b5d3a84ad56c2a108c3e136284 # drm: cherry-picked
0caf81b5c53d9bd332a95dbcb44db8de0b397a7c # drm: cherry-picked
760a898d8069111704e1bd43f00ebf369ae46e57 # drm: cherry-picked
@@ -267,7 +263,6 @@ dce1e131dd4dc68099ff1b70aa03cd2d0acf8639 # drm/amdgpu: not applicable
b43aaee69d4327d05e7624d9471c17d015b4d67d # drm/amdgpu: already applied
89ce6e0afee8eafa679093207dabd717af9d09c5 # drm/amdgpu: not applicable
fa7c7939b4bf112cd06ba166b739244077898990 # drm/amdgpu: not applicable
-1b5c7ef3d0d0610bda9b63263f7c5b7178d11015 # drm/nouveau: no need, v4.13+
adab595d16abe48e9c097f000bf8921d35b28fb7 # drm/amdgpu: not applicable
400b6afbaa949914460e5fd1d769c5e26ef1f6b8 # drm/amdgpu: not applicable
95244db2d3f743f37e69446a2807dd1a42750542 # drm/ttm: not for 4.12
@@ -334,4 +329,39 @@ a743bbeef27b9176987ec0cb7f906ab0ab52d1da # not relevant: PPro
590347e4000356f55eb10b03ced2686bd74dab40 # compiler warning for gcc-version < 6.3
0063ec4459dcf1583c7aa84ada0f7125450d9245 # cosmetic issue only
ddc212313f16cd65fcf5e8d9ae223f8374822e4d # small optimisation for old compilers
+0a3ff78699d1817e711441715d22665475466036 # compiler warning for gcc-version < 6.3
+9a3b7e5e65c4b4d332df5f607c0838c3fb918673 # doc
+a8ed748708ba9c9976fb0d7b4844f4c2fa5ecb34 # duplicate patch
+e5d6574ded7c3a15d02341253929780bc4ee1408 # duplicate patch
+7cc62d0b8e257fbac8e2972074351bc766b96853 # drm/i915: not applicable
+f9094b7603c011d27db7ba109e69881c72fa611d # geneve: we always support ipv6
+cd7e61b93d068a80bfe6cb55bf00f17332d831a1 # drm/i915/gvt: not applicable
+10996f802109c83421ca30556cfe36ffc3bebae3 # drm/i915/gvt: not applicable
+23ea8b63a1e2e15199da4461eb303f642fa04f60 # duplicate to 45d0be876308bf2f858559e84455219eadd9ddc7
+9a3b7e5e65c4b4d332df5f607c0838c3fb918673 # doc
+1202d4ba2899e083417b7b4fb9b544942fd2b9b7 # just a change in tracepoint name
+8a1ac5dc7be09883051b1bf89a5e57d7ad850fa5 # just a build fix for cross arch build testing
+a09acf4b43b90581bf53b0c03cc84ed693bf27e2 # cleanup for future afs change
+2f860691c2d2e3af1404ffeb2d22dd5c3dbca811 # build bug, not needed in our configuration
+2bd7b4aacdb6efa5ccd4749c365c171b884791d2 # would break kABI
2796d303e3c5ec213c578ed3a66872205c126eb8 # RMDA unsupported in cifs.ko
+2e898e4c0a3897ccd434adac5abb8330194f527b # cleanup & relatively complex locking change
+3172485f4f8032649c144e4aafa550e1e6179332 # cleanup
+6e2fb22103b99c26ae30a46512abe75526d8e4c9 # Only for Alpha architecture
+191eac33009e6a6d31e87cfa425a20d0e79704b4 # Only part of dec214d00e0d78a08b947d7dccdfdb84407a9f4d present
+4f9ca2d8686ecfdd40ca4f0294a3d94f83f05cea # not applicable
+af8a41cccf8f469165c6debc8fe07c5fd2ca501a # rtlwifi: btc_power_on_setting ops is missing in SLE15
+3cd091a773936c54344a519f7ee1379ccb620bee # ACPI/EC: suspend_noirq & resume_noirq ops not defined yet in SLE15
+5bfa7ac3883e702a0a0a33a8449b044d7dab3efe # crypto/virtio: might break kABI
+bc137dfdbec27c0ec5731a89002daded4a4aa1ea # gpio_wdt: prerequisite is 4.13
+ed032c1bede83ec9bd5f7e803e663cb7f76e5947 # driver/core: of_node_reused undefined in SLE15 kernel
+c5a050d65a1a795442120ab53093aa05ee32ae4f # i2c-core: not cleanly applicable (code split, etc)
+5bfa7ac3883e702a0a0a33a8449b044d7dab3efe # cosmetic build fix
+e254d1afac83fd441e4051771b3d8f5eaf49fd3a # bug requires dec214d00e0d "ext4: xattr inode deduplication"
+8a2b307c21d4b290e3cbe33f768f194286d07c23 # bug requires dec214d00e0d "ext4: xattr inode deduplication"
+fc218544fbc800d1c91348ec834cacfb257348f7 # requires major changes to libceph from 4.17
+0ee78c101425aae681c631ba59c6ac7f44b1d83a # changes only debug messages
+2695578b896aea472b2c0dcbe9d92daa71738484 # relevant only on 32bit
+dc82e52492f684dcd5ed9e4773e72dbf2203d75e # ALSA core: breaks kABI due to enum renumbering
+880cd276dff17ea29e9a8404275c9502b265afa7 # not relevant, bsc#1097471
+40c57963789d451c26269e3bc9f9e803060fd9af # ASoC core: breaks kABI
diff --git a/config/arm64/default b/config/arm64/default
index 40496111a6..809456112f 100644
--- a/config/arm64/default
+++ b/config/arm64/default
@@ -625,6 +625,7 @@ CONFIG_CRASH_DUMP=y
CONFIG_FORCE_MAX_ZONEORDER=11
CONFIG_UNMAP_KERNEL_AT_EL0=y
CONFIG_HARDEN_BRANCH_PREDICTOR=y
+CONFIG_ARM64_SSBD=y
CONFIG_ARMV8_DEPRECATED=y
CONFIG_SWP_EMULATION=y
CONFIG_CP15_BARRIER_EMULATION=y
@@ -3946,6 +3947,12 @@ CONFIG_ARMADA_THERMAL=m
CONFIG_MTK_THERMAL=m
#
+# Broadcom thermal drivers
+#
+CONFIG_BCM2835_THERMAL=m
+# CONFIG_BCM_NS_THERMAL is not set
+
+#
# Samsung thermal drivers
#
CONFIG_EXYNOS_THERMAL=m
diff --git a/kabi/severities b/kabi/severities
index 6c429d5697..4e371243f3 100644
--- a/kabi/severities
+++ b/kabi/severities
@@ -15,3 +15,15 @@ klp_shadow_* PASS
arch/powerpc/kvm/* PASS
kvmppc_* PASS
+
+# removed upstream, not included in inlines/defines
+x86_spec_ctrl_get_default PASS
+x86_spec_ctrl_restore_host PASS
+x86_spec_ctrl_set PASS
+x86_spec_ctrl_set_guest PASS
+
+# only inter-module local symbols
+drivers/gpu/drm/meson/* PASS
+
+# nobody cares bcache symbols
+drivers/md/bcache/* PASS
diff --git a/patches.apparmor/apparmor-fix-dangling-symlinks-to-policy-rawdata-aft.patch b/patches.apparmor/apparmor-fix-dangling-symlinks-to-policy-rawdata-aft.patch
new file mode 100644
index 0000000000..a2ce9f48fe
--- /dev/null
+++ b/patches.apparmor/apparmor-fix-dangling-symlinks-to-policy-rawdata-aft.patch
@@ -0,0 +1,215 @@
+From 1180b4c757aab5506f1be367000364dd5cf5cd02 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Thu, 15 Mar 2018 22:31:38 -0700
+Subject: [PATCH] apparmor: fix dangling symlinks to policy rawdata after replacement
+Git-commit: 1180b4c757aab5506f1be367000364dd5cf5cd02
+Patch-mainline: v4.17-rc1
+References: bsc#1095893
+
+When policy replacement occurs the symlinks in the profile directory
+need to be updated to point to the new rawdata, otherwise once the
+old rawdata is removed the symlink becomes broken.
+
+Fix this by dynamically generating the symlink everytime it is read.
+These links are used enough that their value needs to be cached and
+this way we can avoid needing locking to read and update the link
+value.
+
+Fixes: a481f4d917835 ("apparmor: add custom apparmorfs that will be used by policy namespace files")
+Buglink: http://bugs.launchpad.net/bugs/1755563
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+
+---
+ security/apparmor/apparmorfs.c | 126 +++++++++++++++++++++++++++++++----------
+ 1 file changed, 95 insertions(+), 31 deletions(-)
+
+diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+index dd12acb70af6..ea37330c2a02 100644
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -313,6 +313,7 @@ static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
+ * @name: name of dentry to create
+ * @parent: parent directory for this dentry
+ * @target: if symlink, symlink target string
++ * @private: private data
+ * @iops: struct of inode_operations that should be used
+ *
+ * If @target parameter is %NULL, then the @iops parameter needs to be
+@@ -321,17 +322,17 @@ static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
+ static struct dentry *aafs_create_symlink(const char *name,
+ struct dentry *parent,
+ const char *target,
++ void *private,
+ const struct inode_operations *iops)
+ {
+ struct dentry *dent;
+ char *link = NULL;
+
+ if (target) {
+- link = kstrdup(target, GFP_KERNEL);
+ if (!link)
+ return ERR_PTR(-ENOMEM);
+ }
+- dent = aafs_create(name, S_IFLNK | 0444, parent, NULL, link, NULL,
++ dent = aafs_create(name, S_IFLNK | 0444, parent, private, link, NULL,
+ iops);
+ if (IS_ERR(dent))
+ kfree(link);
+@@ -1482,26 +1483,95 @@ static int profile_depth(struct aa_profile *profile)
+ return depth;
+ }
+
+-static int gen_symlink_name(char *buffer, size_t bsize, int depth,
+- const char *dirname, const char *fname)
++static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
+ {
++ char *buffer, *s;
+ int error;
++ int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
++
++ s = buffer = kmalloc(size, GFP_KERNEL);
++ if (!buffer)
++ return ERR_PTR(-ENOMEM);
+
+ for (; depth > 0; depth--) {
+- if (bsize < 7)
+- return -ENAMETOOLONG;
+- strcpy(buffer, "../../");
+- buffer += 6;
+- bsize -= 6;
++ strcpy(s, "../../");
++ s += 6;
++ size -= 6;
+ }
+
+- error = snprintf(buffer, bsize, "raw_data/%s/%s", dirname, fname);
+- if (error >= bsize || error < 0)
+- return -ENAMETOOLONG;
++ error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
++ if (error >= size || error < 0)
++ return ERR_PTR(-ENAMETOOLONG);
+
+- return 0;
++ return buffer;
++}
++
++static void rawdata_link_cb(void *arg)
++{
++ kfree(arg);
++}
++
++static const char *rawdata_get_link_base(struct dentry *dentry,
++ struct inode *inode,
++ struct delayed_call *done,
++ const char *name)
++{
++ struct aa_proxy *proxy = inode->i_private;
++ struct aa_label *label;
++ struct aa_profile *profile;
++ char *target;
++ int depth;
++
++ if (!dentry)
++ return ERR_PTR(-ECHILD);
++
++ label = aa_get_label_rcu(&proxy->label);
++ profile = labels_profile(label);
++ depth = profile_depth(profile);
++ target = gen_symlink_name(depth, profile->rawdata->name, name);
++ aa_put_label(label);
++
++ if (IS_ERR(target))
++ return target;
++
++ set_delayed_call(done, rawdata_link_cb, target);
++
++ return target;
+ }
+
++static const char *rawdata_get_link_sha1(struct dentry *dentry,
++ struct inode *inode,
++ struct delayed_call *done)
++{
++ return rawdata_get_link_base(dentry, inode, done, "sha1");
++}
++
++static const char *rawdata_get_link_abi(struct dentry *dentry,
++ struct inode *inode,
++ struct delayed_call *done)
++{
++ return rawdata_get_link_base(dentry, inode, done, "abi");
++}
++
++static const char *rawdata_get_link_data(struct dentry *dentry,
++ struct inode *inode,
++ struct delayed_call *done)
++{
++ return rawdata_get_link_base(dentry, inode, done, "raw_data");
++}
++
++static const struct inode_operations rawdata_link_sha1_iops = {
++ .get_link = rawdata_get_link_sha1,
++};
++
++static const struct inode_operations rawdata_link_abi_iops = {
++ .get_link = rawdata_get_link_abi,
++};
++static const struct inode_operations rawdata_link_data_iops = {
++ .get_link = rawdata_get_link_data,
++};
++
++
+ /*
+ * Requires: @profile->ns->lock held
+ */
+@@ -1572,34 +1642,28 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
+ }
+
+ if (profile->rawdata) {
+- char target[64];
+- int depth = profile_depth(profile);
+-
+- error = gen_symlink_name(target, sizeof(target), depth,
+- profile->rawdata->name, "sha1");
+- if (error < 0)
+- goto fail2;
+- dent = aafs_create_symlink("raw_sha1", dir, target, NULL);
++ dent = aafs_create_symlink("raw_sha1", dir, NULL,
++ profile->label.proxy,
++ &rawdata_link_sha1_iops);
+ if (IS_ERR(dent))
+ goto fail;
++ aa_get_proxy(profile->label.proxy);
+ profile->dents[AAFS_PROF_RAW_HASH] = dent;
+
+- error = gen_symlink_name(target, sizeof(target), depth,
+- profile->rawdata->name, "abi");
+- if (error < 0)
+- goto fail2;
+- dent = aafs_create_symlink("raw_abi", dir, target, NULL);
++ dent = aafs_create_symlink("raw_abi", dir, NULL,
++ profile->label.proxy,
++ &rawdata_link_abi_iops);
+ if (IS_ERR(dent))
+ goto fail;
++ aa_get_proxy(profile->label.proxy);
+ profile->dents[AAFS_PROF_RAW_ABI] = dent;
+
+- error = gen_symlink_name(target, sizeof(target), depth,
+- profile->rawdata->name, "raw_data");
+- if (error < 0)
+- goto fail2;
+- dent = aafs_create_symlink("raw_data", dir, target, NULL);
++ dent = aafs_create_symlink("raw_data", dir, NULL,
++ profile->label.proxy,
++ &rawdata_link_data_iops);
+ if (IS_ERR(dent))
+ goto fail;
++ aa_get_proxy(profile->label.proxy);
+ profile->dents[AAFS_PROF_RAW_DATA] = dent;
+ }
+
+--
+2.16.3
+
diff --git a/patches.apparmor/apparmor-fix-display-of-.ns_name-for-containers.patch b/patches.apparmor/apparmor-fix-display-of-.ns_name-for-containers.patch
new file mode 100644
index 0000000000..1b025b7f63
--- /dev/null
+++ b/patches.apparmor/apparmor-fix-display-of-.ns_name-for-containers.patch
@@ -0,0 +1,41 @@
+From 040d9e2bce0a5b321c402b79ee43a8e8d2fd3b06 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Tue, 23 Jan 2018 01:47:42 -0800
+Subject: [PATCH] apparmor: fix display of .ns_name for containers
+Git-commit: 040d9e2bce0a5b321c402b79ee43a8e8d2fd3b06
+Patch-mainline: v4.17-rc1
+References: bsc#1095893
+
+The .ns_name should not be virtualized by the current ns view. It
+needs to report the ns base name as that is being used during startup
+as part of determining apparmor policy namespace support.
+
+Buglink: http://bugs.launchpad.net/bugs/1746463
+Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
+Cc: Stable <stable@vger.kernel.org>
+Reported-by: Serge Hallyn <serge@hallyn.com>
+Tested-by: Serge Hallyn <serge@hallyn.com>
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+---
+ security/apparmor/apparmorfs.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+index 1ccd0139a088..dd12acb70af6 100644
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v)
+ static int seq_ns_name_show(struct seq_file *seq, void *v)
+ {
+ struct aa_label *label = begin_current_label_crit_section();
+-
+- seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
+- labels_ns(label), true));
++ seq_printf(seq, "%s\n", labels_ns(label)->base.name);
+ end_current_label_crit_section(label);
+
+ return 0;
+--
+2.16.3
+
diff --git a/patches.apparmor/apparmor-fix-logging-of-the-existence-test-for-signa.patch b/patches.apparmor/apparmor-fix-logging-of-the-existence-test-for-signa.patch
new file mode 100644
index 0000000000..5d8c7decd9
--- /dev/null
+++ b/patches.apparmor/apparmor-fix-logging-of-the-existence-test-for-signa.patch
@@ -0,0 +1,65 @@
+From 588558eb6d0e0b6edfa65a67e906c2ffeba63ff1 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Thu, 1 Feb 2018 11:24:10 +0100
+Subject: [PATCH 3/6] apparmor: fix logging of the existence test for signals
+Git-commit: 588558eb6d0e0b6edfa65a67e906c2ffeba63ff1
+Patch-mainline: v4.17-rc1
+References: bsc#1095893
+
+The existence test is not being properly logged as the signal mapping
+maps it to the last entry in the named signal table. This is done
+to help catch bugs by making the 0 mapped signal value invalid so
+that we can catch the signal value not being filled in.
+
+When fixing the off-by-one comparision logic the reporting of the
+existence test was broken, because the logic behind the mapped named
+table was hidden. Fix this by adding a define for the name lookup
+and using it.
+
+Cc: Stable <stable@vger.kernel.org>
+Fixes: f7dc4c9a855a1 ("apparmor: fix off-by-one comparison on MAXMAPPED_SIG")
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+---
+ security/apparmor/include/sig_names.h | 4 +++-
+ security/apparmor/ipc.c | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/security/apparmor/include/sig_names.h b/security/apparmor/include/sig_names.h
+index 92e62fe95292..5ca47c50dfa7 100644
+--- a/security/apparmor/include/sig_names.h
++++ b/security/apparmor/include/sig_names.h
+@@ -2,6 +2,8 @@
+
+ #define SIGUNKNOWN 0
+ #define MAXMAPPED_SIG 35
++#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1)
++
+ /* provide a mapping of arch signal to internal signal # for mediation
+ * those that are always an alias SIGCLD for SIGCLHD and SIGPOLL for SIGIO
+ * map to the same entry those that may/or may not get a separate entry
+@@ -56,7 +58,7 @@ static const int sig_map[MAXMAPPED_SIG] = {
+ };
+
+ /* this table is ordered post sig_map[sig] mapping */
+-static const char *const sig_names[MAXMAPPED_SIG + 1] = {
++static const char *const sig_names[MAXMAPPED_SIGNAME] = {
+ "unknown",
+ "hup",
+ "int",
+diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
+index b40678f3c1d5..586facd35f7c 100644
+--- a/security/apparmor/ipc.c
++++ b/security/apparmor/ipc.c
+@@ -174,7 +174,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
+ audit_signal_mask(ab, aad(sa)->denied);
+ }
+ }
+- if (aad(sa)->signal < MAXMAPPED_SIG)
++ if (aad(sa)->signal < MAXMAPPED_SIGNAME)
+ audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);
+ else
+ audit_log_format(ab, " signal=rtmin+%d",
+--
+2.16.3
+
diff --git a/patches.apparmor/apparmor-fix-memory-leak-on-buffer-on-error-exit-path.patch b/patches.apparmor/apparmor-fix-memory-leak-on-buffer-on-error-exit-path.patch
new file mode 100644
index 0000000000..e2e25dfbce
--- /dev/null
+++ b/patches.apparmor/apparmor-fix-memory-leak-on-buffer-on-error-exit-path.patch
@@ -0,0 +1,34 @@
+From: Colin Ian King <colin.king@canonical.com>
+Date: Tue Mar 27 14:35:58 2018 +0100
+Subject: apparmor: fix memory leak on buffer on error exit path
+Git-commit: 588558eb6d0e0b6edfa65a67e906c2ffeba63ff1
+Patch-mainline: v4.17-rc1
+References: bsc#1095893
+
+Currently on the error exit path the allocated buffer is not free'd
+causing a memory leak. Fix this by kfree'ing it.
+
+Detected by CoverityScan, CID#1466876 ("Resource leaks")
+
+Fixes: 1180b4c757aa ("apparmor: fix dangling symlinks to policy rawdata after replacement")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+
+diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+index 62301ddbbe5e..f4308683c0af 100644
+
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -1497,8 +1497,10 @@ static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
+ }
+
+ error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
+- if (error >= size || error < 0)
++ if (error >= size || error < 0) {
++ kfree(buffer);
+ return ERR_PTR(-ENAMETOOLONG);
++ }
+
+ return buffer;
+ }
diff --git a/patches.arch/0001-arm64-fix-endianness-annotation-for-__apply_alternat.patch b/patches.arch/0001-arm64-fix-endianness-annotation-for-__apply_alternat.patch
new file mode 100644
index 0000000000..6942c768fa
--- /dev/null
+++ b/patches.arch/0001-arm64-fix-endianness-annotation-for-__apply_alternat.patch
@@ -0,0 +1,70 @@
+From 7614f1ed166898b68c42604d79e21628549d76ef Mon Sep 17 00:00:00 2001
+From: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
+Date: Thu, 29 Jun 2017 16:40:12 +0200
+Subject: [PATCH 01/12] arm64: fix endianness annotation for
+ __apply_alternatives()/get_alt_insn()
+
+Git-commit: 15ad6ace52039c7e39435c4d712d147126604a97
+Patch-mainline: v4.13-rc1
+References: bsc#1085308
+
+get_alt_insn() is used to read and create ARM instructions, which
+are always stored in memory in little-endian order. These values
+are thus correctly converted to/from native order when processed
+but the pointers used to hold the address of these instructions
+are declared as for native order values.
+
+Fix this by declaring the pointers as __le32* instead of u32* and
+make the few appropriate needed changes like removing the unneeded
+cast '(u32*)' in front of __ALT_PTR()'s definition.
+
+Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/kernel/alternative.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c
+index 8840c109c5d6..6dd0a3a3e5c9 100644
+--- a/arch/arm64/kernel/alternative.c
++++ b/arch/arm64/kernel/alternative.c
+@@ -28,7 +28,7 @@
+ #include <asm/sections.h>
+ #include <linux/stop_machine.h>
+
+-#define __ALT_PTR(a,f) (u32 *)((void *)&(a)->f + (a)->f)
++#define __ALT_PTR(a,f) ((void *)&(a)->f + (a)->f)
+ #define ALT_ORIG_PTR(a) __ALT_PTR(a, orig_offset)
+ #define ALT_REPL_PTR(a) __ALT_PTR(a, alt_offset)
+
+@@ -60,7 +60,7 @@ static bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
+
+ #define align_down(x, a) ((unsigned long)(x) & ~(((unsigned long)(a)) - 1))
+
+-static u32 get_alt_insn(struct alt_instr *alt, u32 *insnptr, u32 *altinsnptr)
++static u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnptr)
+ {
+ u32 insn;
+
+@@ -109,7 +109,7 @@ static void __apply_alternatives(void *alt_region, bool use_linear_alias)
+ {
+ struct alt_instr *alt;
+ struct alt_region *region = alt_region;
+- u32 *origptr, *replptr, *updptr;
++ __le32 *origptr, *replptr, *updptr;
+
+ for (alt = region->begin; alt < region->end; alt++) {
+ u32 insn;
+@@ -124,7 +124,7 @@ static void __apply_alternatives(void *alt_region, bool use_linear_alias)
+
+ origptr = ALT_ORIG_PTR(alt);
+ replptr = ALT_REPL_PTR(alt);
+- updptr = use_linear_alias ? (u32 *)lm_alias(origptr) : origptr;
++ updptr = use_linear_alias ? lm_alias(origptr) : origptr;
+ nr_inst = alt->alt_len / sizeof(insn);
+
+ for (i = 0; i < nr_inst; i++) {
+--
+2.11.0
+
diff --git a/patches.arch/0002-arm64-alternatives-Add-dynamic-patching-feature.patch b/patches.arch/0002-arm64-alternatives-Add-dynamic-patching-feature.patch
new file mode 100644
index 0000000000..c1f96ea9dc
--- /dev/null
+++ b/patches.arch/0002-arm64-alternatives-Add-dynamic-patching-feature.patch
@@ -0,0 +1,219 @@
+From 970f333ae76da2b78190f750bb2898acb5690df1 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Sun, 3 Dec 2017 12:02:14 +0000
+Subject: [PATCH 02/12] arm64: alternatives: Add dynamic patching feature
+
+Git-commit: dea5e2a4c5bcf196f879a66cebdcca07793e8ba4
+Patch-mainline: v4.17-rc1
+References: bsc#1085308
+
+We've so far relied on a patching infrastructure that only gave us
+a single alternative, without any way to provide a range of potential
+replacement instructions. For a single feature, this is an all or
+nothing thing.
+
+It would be interesting to have a more flexible grained way of patching
+the kernel though, where we could dynamically tune the code that gets
+injected.
+
+In order to achive this, let's introduce a new form of dynamic patching,
+assiciating a callback to a patching site. This callback gets source and
+target locations of the patching request, as well as the number of
+instructions to be patched.
+
+Dynamic patching is declared with the new ALTERNATIVE_CB and alternative_cb
+directives:
+
+ asm volatile(ALTERNATIVE_CB("mov %0, #0\n", callback)
+ : "r" (v));
+or
+ alternative_cb callback
+ mov x0, #0
+ alternative_cb_end
+
+where callback is the C function computing the alternative.
+
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/include/asm/alternative.h | 41 ++++++++++++++++++++++++++++++----
+ arch/arm64/kernel/alternative.c | 43 +++++++++++++++++++++++++++---------
+ 2 files changed, 69 insertions(+), 15 deletions(-)
+
+diff --git a/arch/arm64/include/asm/alternative.h b/arch/arm64/include/asm/alternative.h
+index 6e1cb8c5af4d..349972fcdaa3 100644
+--- a/arch/arm64/include/asm/alternative.h
++++ b/arch/arm64/include/asm/alternative.h
+@@ -4,6 +4,8 @@
+ #include <asm/cpucaps.h>
+ #include <asm/insn.h>
+
++#define ARM64_CB_PATCH ARM64_NCAPS
++
+ #ifndef __ASSEMBLY__
+
+ #include <linux/init.h>
+@@ -19,12 +21,19 @@ struct alt_instr {
+ u8 alt_len; /* size of new instruction(s), <= orig_len */
+ };
+
++typedef void (*alternative_cb_t)(struct alt_instr *alt,
++ __le32 *origptr, __le32 *updptr, int nr_inst);
++
+ void __init apply_alternatives_all(void);
+ void apply_alternatives(void *start, size_t length);
+
+-#define ALTINSTR_ENTRY(feature) \
++#define ALTINSTR_ENTRY(feature,cb) \
+ " .word 661b - .\n" /* label */ \
++ " .if " __stringify(cb) " == 0\n" \
+ " .word 663f - .\n" /* new instruction */ \
++ " .else\n" \
++ " .word " __stringify(cb) "- .\n" /* callback */ \
++ " .endif\n" \
+ " .hword " __stringify(feature) "\n" /* feature bit */ \
+ " .byte 662b-661b\n" /* source len */ \
+ " .byte 664f-663f\n" /* replacement len */
+@@ -42,15 +51,18 @@ void apply_alternatives(void *start, size_t length);
+ * but most assemblers die if insn1 or insn2 have a .inst. This should
+ * be fixed in a binutils release posterior to 2.25.51.0.2 (anything
+ * containing commit 4e4d08cf7399b606 or c1baaddf8861).
++ *
++ * Alternatives with callbacks do not generate replacement instructions.
+ */
+-#define __ALTERNATIVE_CFG(oldinstr, newinstr, feature, cfg_enabled) \
++#define __ALTERNATIVE_CFG(oldinstr, newinstr, feature, cfg_enabled, cb) \
+ ".if "__stringify(cfg_enabled)" == 1\n" \
+ "661:\n\t" \
+ oldinstr "\n" \
+ "662:\n" \
+ ".pushsection .altinstructions,\"a\"\n" \
+- ALTINSTR_ENTRY(feature) \
++ ALTINSTR_ENTRY(feature,cb) \
+ ".popsection\n" \
++ " .if " __stringify(cb) " == 0\n" \
+ ".pushsection .altinstr_replacement, \"a\"\n" \
+ "663:\n\t" \
+ newinstr "\n" \
+@@ -58,11 +70,17 @@ void apply_alternatives(void *start, size_t length);
+ ".popsection\n\t" \
+ ".org . - (664b-663b) + (662b-661b)\n\t" \
+ ".org . - (662b-661b) + (664b-663b)\n" \
++ ".else\n\t" \
++ "663:\n\t" \
++ "664:\n\t" \
++ ".endif\n" \
+ ".endif\n"
+
+ #define _ALTERNATIVE_CFG(oldinstr, newinstr, feature, cfg, ...) \
+- __ALTERNATIVE_CFG(oldinstr, newinstr, feature, IS_ENABLED(cfg))
++ __ALTERNATIVE_CFG(oldinstr, newinstr, feature, IS_ENABLED(cfg), 0)
+
++#define ALTERNATIVE_CB(oldinstr, cb) \
++ __ALTERNATIVE_CFG(oldinstr, "NOT_AN_INSTRUCTION", ARM64_CB_PATCH, 1, cb)
+ #else
+
+ #include <asm/assembler.h>
+@@ -129,6 +147,14 @@ void apply_alternatives(void *start, size_t length);
+ 661:
+ .endm
+
++.macro alternative_cb cb
++ .set .Lasm_alt_mode, 0
++ .pushsection .altinstructions, "a"
++ altinstruction_entry 661f, \cb, ARM64_CB_PATCH, 662f-661f, 0
++ .popsection
++661:
++.endm
++
+ /*
+ * Provide the other half of the alternative code sequence.
+ */
+@@ -155,6 +181,13 @@ void apply_alternatives(void *start, size_t length);
+ .endm
+
+ /*
++ * Callback-based alternative epilogue
++ */
++.macro alternative_cb_end
++662:
++.endm
++
++/*
+ * Provides a trivial alternative or default sequence consisting solely
+ * of NOPs. The number of NOPs is chosen automatically to match the
+ * previous case.
+diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c
+index 6dd0a3a3e5c9..bb640576c586 100644
+--- a/arch/arm64/kernel/alternative.c
++++ b/arch/arm64/kernel/alternative.c
+@@ -105,32 +105,53 @@ static u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnp
+ return insn;
+ }
+
++static void patch_alternative(struct alt_instr *alt,
++ __le32 *origptr, __le32 *updptr, int nr_inst)
++{
++ __le32 *replptr;
++ int i;
++
++ replptr = ALT_REPL_PTR(alt);
++ for (i = 0; i < nr_inst; i++) {
++ u32 insn;
++
++ insn = get_alt_insn(alt, origptr + i, replptr + i);
++ updptr[i] = cpu_to_le32(insn);
++ }
++}
++
+ static void __apply_alternatives(void *alt_region, bool use_linear_alias)
+ {
+ struct alt_instr *alt;
+ struct alt_region *region = alt_region;
+- __le32 *origptr, *replptr, *updptr;
++ __le32 *origptr, *updptr;
++ alternative_cb_t alt_cb;
+
+ for (alt = region->begin; alt < region->end; alt++) {
+- u32 insn;
+- int i, nr_inst;
++ int nr_inst;
+
+- if (!cpus_have_cap(alt->cpufeature))
++ /* Use ARM64_CB_PATCH as an unconditional patch */
++ if (alt->cpufeature < ARM64_CB_PATCH &&
++ !cpus_have_cap(alt->cpufeature))
+ continue;
+
+- BUG_ON(alt->alt_len != alt->orig_len);
++ if (alt->cpufeature == ARM64_CB_PATCH)
++ BUG_ON(alt->alt_len != 0);
++ else
++ BUG_ON(alt->alt_len != alt->orig_len);
+
+ pr_info_once("patching kernel code\n");
+
+ origptr = ALT_ORIG_PTR(alt);
+- replptr = ALT_REPL_PTR(alt);
+ updptr = use_linear_alias ? lm_alias(origptr) : origptr;
+- nr_inst = alt->alt_len / sizeof(insn);
++ nr_inst = alt->orig_len / AARCH64_INSN_SIZE;
+
+- for (i = 0; i < nr_inst; i++) {
+- insn = get_alt_insn(alt, origptr + i, replptr + i);
+- updptr[i] = cpu_to_le32(insn);
+- }
++ if (alt->cpufeature < ARM64_CB_PATCH)
++ alt_cb = patch_alternative;
++ else
++ alt_cb = ALT_REPL_PTR(alt);
++
++ alt_cb(alt, origptr, updptr, nr_inst);
+
+ flush_icache_range((uintptr_t)origptr,
+ (uintptr_t)(origptr + nr_inst));
+--
+2.11.0
+
diff --git a/patches.arch/0003-arm-arm64-smccc-Add-SMCCC-specific-return-codes.patch b/patches.arch/0003-arm-arm64-smccc-Add-SMCCC-specific-return-codes.patch
new file mode 100644
index 0000000000..4af3d2914c
--- /dev/null
+++ b/patches.arch/0003-arm-arm64-smccc-Add-SMCCC-specific-return-codes.patch
@@ -0,0 +1,44 @@
+From d2b0050f7c34607670a64aee4c9d17fe98904b42 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:05 +0100
+Subject: [PATCH 03/12] arm/arm64: smccc: Add SMCCC-specific return codes
+
+Git-commit: eff0e9e1078ea7dc1d794dc50e31baef984c46d7
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+We've so far used the PSCI return codes for SMCCC because they
+were extremely similar. But with the new ARM DEN 0070A specification,
+"NOT_REQUIRED" (-2) is clashing with PSCI's "PSCI_RET_INVALID_PARAMS".
+
+Let's bite the bullet and add SMCCC specific return codes. Users
+can be repainted as and when required.
+
+Acked-by: Will Deacon <will.deacon@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ include/linux/arm-smccc.h | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
+index a031897fca76..c89da86de99f 100644
+--- a/include/linux/arm-smccc.h
++++ b/include/linux/arm-smccc.h
+@@ -291,5 +291,10 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1,
+ */
+ #define arm_smccc_1_1_hvc(...) __arm_smccc_1_1(SMCCC_HVC_INST, __VA_ARGS__)
+
++/* Return codes defined in ARM DEN 0070A */
++#define SMCCC_RET_SUCCESS 0
++#define SMCCC_RET_NOT_SUPPORTED -1
++#define SMCCC_RET_NOT_REQUIRED -2
++
+ #endif /*__ASSEMBLY__*/
+ #endif /*__LINUX_ARM_SMCCC_H*/
+--
+2.11.0
+
diff --git a/patches.arch/0004-arm64-Call-ARCH_WORKAROUND_2-on-transitions-between-.patch b/patches.arch/0004-arm64-Call-ARCH_WORKAROUND_2-on-transitions-between-.patch
new file mode 100644
index 0000000000..2f3dc1af62
--- /dev/null
+++ b/patches.arch/0004-arm64-Call-ARCH_WORKAROUND_2-on-transitions-between-.patch
@@ -0,0 +1,139 @@
+From 9fa7b1a3e2bd501053cbae6a126d32e1d37865bd Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:06 +0100
+Subject: [PATCH 04/12] arm64: Call ARCH_WORKAROUND_2 on transitions between
+ EL0 and EL1
+
+Git-commit: 8e2906245f1e3b0d027169d9f2e55ce0548cb96e
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+In order for the kernel to protect itself, let's call the SSBD mitigation
+implemented by the higher exception level (either hypervisor or firmware)
+on each transition between userspace and kernel.
+
+We must take the PSCI conduit into account in order to target the
+right exception level, hence the introduction of a runtime patching
+callback.
+
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/kernel/cpu_errata.c | 24 ++++++++++++++++++++++++
+ arch/arm64/kernel/entry.S | 22 ++++++++++++++++++++++
+ include/linux/arm-smccc.h | 5 +++++
+ 3 files changed, 51 insertions(+)
+
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
+index 58028d9ebb1f..3394edc44ae8 100644
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -214,6 +214,30 @@ static int qcom_enable_link_stack_sanitization(void *data)
+ }
+ #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
+
++#ifdef CONFIG_ARM64_SSBD
++void __init arm64_update_smccc_conduit(struct alt_instr *alt,
++ __le32 *origptr, __le32 *updptr,
++ int nr_inst)
++{
++ u32 insn;
++
++ BUG_ON(nr_inst != 1);
++
++ switch (psci_ops.conduit) {
++ case PSCI_CONDUIT_HVC:
++ insn = aarch64_insn_get_hvc_value();
++ break;
++ case PSCI_CONDUIT_SMC:
++ insn = aarch64_insn_get_smc_value();
++ break;
++ default:
++ return;
++ }
++
++ *updptr = cpu_to_le32(insn);
++}
++#endif /* CONFIG_ARM64_SSBD */
++
+ #define MIDR_RANGE(model, min, max) \
+ .def_scope = SCOPE_LOCAL_CPU, \
+ .matches = is_affected_midr_range, \
+diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
+index cd3666e0b505..b3dcf1db3897 100644
+--- a/arch/arm64/kernel/entry.S
++++ b/arch/arm64/kernel/entry.S
+@@ -18,6 +18,7 @@
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
++#include <linux/arm-smccc.h>
+ #include <linux/init.h>
+ #include <linux/linkage.h>
+
+@@ -136,6 +137,18 @@ alternative_else_nop_endif
+ add \dst, \dst, #(\sym - .entry.tramp.text)
+ .endm
+
++ // This macro corrupts x0-x3. It is the caller's duty
++ // to save/restore them if required.
++ .macro apply_ssbd, state
++#ifdef CONFIG_ARM64_SSBD
++ mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2
++ mov w1, #\state
++alternative_cb arm64_update_smccc_conduit
++ nop // Patched to SMC/HVC #0
++alternative_cb_end
++#endif
++ .endm
++
+ .macro kernel_entry, el, regsize = 64
+ .if \regsize == 32
+ mov w0, w0 // zero upper 32 bits of x0
+@@ -162,6 +175,13 @@ alternative_else_nop_endif
+ ldr x19, [tsk, #TSK_TI_FLAGS] // since we can unmask debug
+ disable_step_tsk x19, x20 // exceptions when scheduling.
+
++ apply_ssbd 1
++
++#ifdef CONFIG_ARM64_SSBD
++ ldp x0, x1, [sp, #16 * 0]
++ ldp x2, x3, [sp, #16 * 1]
++#endif
++
+ mov x29, xzr // fp pointed to user-space
+ .else
+ add x21, sp, #S_FRAME_SIZE
+@@ -304,6 +324,8 @@ alternative_if ARM64_WORKAROUND_845719
+ alternative_else_nop_endif
+ #endif
+ 3:
++ apply_ssbd 0
++
+ .endif
+
+ msr elr_el1, x21 // set up the return data
+diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
+index c89da86de99f..ca1d2cc2cdfa 100644
+--- a/include/linux/arm-smccc.h
++++ b/include/linux/arm-smccc.h
+@@ -80,6 +80,11 @@
+ ARM_SMCCC_SMC_32, \
+ 0, 0x8000)
+
++#define ARM_SMCCC_ARCH_WORKAROUND_2 \
++ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
++ ARM_SMCCC_SMC_32, \
++ 0, 0x7fff)
++
+ #ifndef __ASSEMBLY__
+
+ #include <linux/linkage.h>
+--
+2.11.0
+
diff --git a/patches.arch/0005-arm64-Add-per-cpu-infrastructure-to-call-ARCH_WORKAR.patch b/patches.arch/0005-arm64-Add-per-cpu-infrastructure-to-call-ARCH_WORKAR.patch
new file mode 100644
index 0000000000..82dd3d2b8c
--- /dev/null
+++ b/patches.arch/0005-arm64-Add-per-cpu-infrastructure-to-call-ARCH_WORKAR.patch
@@ -0,0 +1,84 @@
+From 3eb7db476e4eddcc2c9a16448c5840b3855ed077 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:07 +0100
+Subject: [PATCH 05/12] arm64: Add per-cpu infrastructure to call
+ ARCH_WORKAROUND_2
+
+Git-commit: 5cf9ce6e5ea50f805c6188c04ed0daaec7b6887d
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+In a heterogeneous system, we can end up with both affected and
+unaffected CPUs. Let's check their status before calling into the
+firmware.
+
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/kernel/cpu_errata.c | 2 ++
+ arch/arm64/kernel/entry.S | 11 +++++++----
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
+index 3394edc44ae8..56c15cb9c22b 100644
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -215,6 +215,8 @@ static int qcom_enable_link_stack_sanitization(void *data)
+ #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
+
+ #ifdef CONFIG_ARM64_SSBD
++DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
++
+ void __init arm64_update_smccc_conduit(struct alt_instr *alt,
+ __le32 *origptr, __le32 *updptr,
+ int nr_inst)
+diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
+index b3dcf1db3897..8154cc45e325 100644
+--- a/arch/arm64/kernel/entry.S
++++ b/arch/arm64/kernel/entry.S
+@@ -139,8 +139,10 @@ alternative_else_nop_endif
+
+ // This macro corrupts x0-x3. It is the caller's duty
+ // to save/restore them if required.
+- .macro apply_ssbd, state
++ .macro apply_ssbd, state, targ, tmp1, tmp2
+ #ifdef CONFIG_ARM64_SSBD
++ ldr_this_cpu \tmp2, arm64_ssbd_callback_required, \tmp1
++ cbz \tmp2, \targ
+ mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2
+ mov w1, #\state
+ alternative_cb arm64_update_smccc_conduit
+@@ -175,12 +177,13 @@ alternative_cb_end
+ ldr x19, [tsk, #TSK_TI_FLAGS] // since we can unmask debug
+ disable_step_tsk x19, x20 // exceptions when scheduling.
+
+- apply_ssbd 1
++ apply_ssbd 1, 1f, x22, x23
+
+ #ifdef CONFIG_ARM64_SSBD
+ ldp x0, x1, [sp, #16 * 0]
+ ldp x2, x3, [sp, #16 * 1]
+ #endif
++1:
+
+ mov x29, xzr // fp pointed to user-space
+ .else
+@@ -324,8 +327,8 @@ alternative_if ARM64_WORKAROUND_845719
+ alternative_else_nop_endif
+ #endif
+ 3:
+- apply_ssbd 0
+-
++ apply_ssbd 0, 5f, x0, x1
++5:
+ .endif
+
+ msr elr_el1, x21 // set up the return data
+--
+2.11.0
+
diff --git a/patches.arch/0006-arm64-Add-ARCH_WORKAROUND_2-probing.patch b/patches.arch/0006-arm64-Add-ARCH_WORKAROUND_2-probing.patch
new file mode 100644
index 0000000000..709cb150e0
--- /dev/null
+++ b/patches.arch/0006-arm64-Add-ARCH_WORKAROUND_2-probing.patch
@@ -0,0 +1,153 @@
+From 784c42ac8aca1e9cf4d3e535c202fa081449a8c9 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:08 +0100
+Subject: [PATCH] arm64: Add ARCH_WORKAROUND_2 probing
+
+Git-commit: a725e3dda1813ed306734823ac4c65ca04e38500
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+As for Spectre variant-2, we rely on SMCCC 1.1 to provide the
+discovery mechanism for detecting the SSBD mitigation.
+
+A new capability is also allocated for that purpose, and a
+config option.
+
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/Kconfig | 9 ++++++
+ arch/arm64/include/asm/cpucaps.h | 3 +-
+ arch/arm64/kernel/cpu_errata.c | 69 ++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 80 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
+index 5abeb9781e2e..ff03618e95dd 100644
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -880,6 +880,15 @@ config HARDEN_BRANCH_PREDICTOR
+
+ If unsure, say Y.
+
++config ARM64_SSBD
++ bool "Speculative Store Bypass Disable" if EXPERT
++ default y
++ help
++ This enables mitigation of the bypassing of previous stores
++ by speculative loads.
++
++ If unsure, say Y.
++
+ menuconfig ARMV8_DEPRECATED
+ bool "Emulate deprecated/obsolete ARMv8 instructions"
+ depends on COMPAT
+diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
+index ff89c3ad6d54..eae4af34a210 100644
+--- a/arch/arm64/include/asm/cpucaps.h
++++ b/arch/arm64/include/asm/cpucaps.h
+@@ -42,7 +42,8 @@
+ #define ARM64_UNMAP_KERNEL_AT_EL0 21
+ #define ARM64_HARDEN_BRANCH_PREDICTOR 22
+ #define ARM64_HARDEN_BP_POST_GUEST_EXIT 23
++#define ARM64_SSBD 24
+
+-#define ARM64_NCAPS 24
++#define ARM64_NCAPS 25
+
+ #endif /* __ASM_CPUCAPS_H */
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
+index 56c15cb9c22b..c514523625d7 100644
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -238,6 +238,67 @@ void __init arm64_update_smccc_conduit(struct alt_instr *alt,
+
+ *updptr = cpu_to_le32(insn);
+ }
++
++static void arm64_set_ssbd_mitigation(bool state)
++{
++ switch (psci_ops.conduit) {
++ case PSCI_CONDUIT_HVC:
++ arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_2, state, NULL);
++ break;
++
++ case PSCI_CONDUIT_SMC:
++ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2, state, NULL);
++ break;
++
++ default:
++ WARN_ON_ONCE(1);
++ break;
++ }
++}
++
++static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry,
++ int scope)
++{
++ struct arm_smccc_res res;
++ bool supported = true;
++
++ WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
++
++ if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
++ return false;
++
++ /*
++ * The probe function return value is either negative
++ * (unsupported or mitigated), positive (unaffected), or zero
++ * (requires mitigation). We only need to do anything in the
++ * last case.
++ */
++ switch (psci_ops.conduit) {
++ case PSCI_CONDUIT_HVC:
++ arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
++ ARM_SMCCC_ARCH_WORKAROUND_2, &res);
++ if ((int)res.a0 != 0)
++ supported = false;
++ break;
++
++ case PSCI_CONDUIT_SMC:
++ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
++ ARM_SMCCC_ARCH_WORKAROUND_2, &res);
++ if ((int)res.a0 != 0)
++ supported = false;
++ break;
++
++ default:
++ supported = false;
++ }
++
++ if (supported) {
++ __this_cpu_write(arm64_ssbd_callback_required, 1);
++ arm64_set_ssbd_mitigation(true);
++ }
++
++ return supported;
++}
+ #endif /* CONFIG_ARM64_SSBD */
+
+ #define MIDR_RANGE(model, min, max) \
+@@ -431,6 +492,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
+ .enable = enable_smccc_arch_workaround_1,
+ },
+ #endif
++#ifdef CONFIG_ARM64_SSBD
++ {
++ .desc = "Speculative Store Bypass Disable",
++ .capability = ARM64_SSBD,
++ .def_scope = SCOPE_LOCAL_CPU,
++ .matches = has_ssbd_mitigation,
++ },
++#endif
+ {
+ }
+ };
+--
+2.11.0
+
diff --git a/patches.arch/0007-arm64-Add-ssbd-command-line-option.patch b/patches.arch/0007-arm64-Add-ssbd-command-line-option.patch
new file mode 100644
index 0000000000..841155f7ac
--- /dev/null
+++ b/patches.arch/0007-arm64-Add-ssbd-command-line-option.patch
@@ -0,0 +1,221 @@
+From f553305ef2a4ecbb2e2967428c28a8c58bf39c19 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:09 +0100
+Subject: [PATCH 07/12] arm64: Add 'ssbd' command-line option
+
+Git-commit: a43ae4dfe56a01f5b98ba0cb2f784b6a43bafcc6
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+On a system where the firmware implements ARCH_WORKAROUND_2,
+it may be useful to either permanently enable or disable the
+workaround for cases where the user decides that they'd rather
+not get a trap overhead, and keep the mitigation permanently
+on or off instead of switching it on exception entry/exit.
+
+In any case, default to the mitigation being enabled.
+
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ Documentation/admin-guide/kernel-parameters.txt | 17 ++++
+ arch/arm64/include/asm/cpufeature.h | 6 ++
+ arch/arm64/kernel/cpu_errata.c | 103 ++++++++++++++++++++----
+ 3 files changed, 110 insertions(+), 16 deletions(-)
+
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index b73fced8ed20..b6ea04a69d06 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -3962,6 +3962,23 @@
+ expediting. Set to zero to disable automatic
+ expediting.
+
++ ssbd= [ARM64,HW]
++ Speculative Store Bypass Disable control
++
++ On CPUs that are vulnerable to the Speculative
++ Store Bypass vulnerability and offer a
++ firmware based mitigation, this parameter
++ indicates how the mitigation should be used:
++
++ force-on: Unconditionally enable mitigation for
++ for both kernel and userspace
++ force-off: Unconditionally disable mitigation for
++ for both kernel and userspace
++ kernel: Always enable mitigation in the
++ kernel, and offer a prctl interface
++ to allow userspace to register its
++ interest in being mitigated too.
++
+ stack_guard_gap= [MM]
+ override the default stack gap protection. The value
+ is in page units and it defines how many pages prior
+diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
+index 428ee1f2468c..0bd5ebfb328e 100644
+--- a/arch/arm64/include/asm/cpufeature.h
++++ b/arch/arm64/include/asm/cpufeature.h
+@@ -262,6 +262,12 @@ static inline bool system_uses_ttbr0_pan(void)
+ !cpus_have_const_cap(ARM64_HAS_PAN);
+ }
+
++#define ARM64_SSBD_UNKNOWN -1
++#define ARM64_SSBD_FORCE_DISABLE 0
++#define ARM64_SSBD_KERNEL 1
++#define ARM64_SSBD_FORCE_ENABLE 2
++#define ARM64_SSBD_MITIGATED 3
++
+ #endif /* __ASSEMBLY__ */
+
+ #endif
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
+index 13da4f12e73b..41613819514a 100644
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -217,6 +217,38 @@ static int qcom_enable_link_stack_sanitization(void *data)
+ #ifdef CONFIG_ARM64_SSBD
+ DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
+
++int ssbd_state __read_mostly = ARM64_SSBD_KERNEL;
++
++static const struct ssbd_options {
++ const char *str;
++ int state;
++} ssbd_options[] = {
++ { "force-on", ARM64_SSBD_FORCE_ENABLE, },
++ { "force-off", ARM64_SSBD_FORCE_DISABLE, },
++ { "kernel", ARM64_SSBD_KERNEL, },
++};
++
++static int __init ssbd_cfg(char *buf)
++{
++ int i;
++
++ if (!buf || !buf[0])
++ return -EINVAL;
++
++ for (i = 0; i < ARRAY_SIZE(ssbd_options); i++) {
++ int len = strlen(ssbd_options[i].str);
++
++ if (strncmp(buf, ssbd_options[i].str, len))
++ continue;
++
++ ssbd_state = ssbd_options[i].state;
++ return 0;
++ }
++
++ return -EINVAL;
++}
++early_param("ssbd", ssbd_cfg);
++
+ void __init arm64_update_smccc_conduit(struct alt_instr *alt,
+ __le32 *origptr, __le32 *updptr,
+ int nr_inst)
+@@ -260,44 +292,83 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry,
+ int scope)
+ {
+ struct arm_smccc_res res;
+- bool supported = true;
++ bool required = true;
++ s32 val;
+
+ WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
+
+- if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
++ if (psci_ops.smccc_version == SMCCC_VERSION_1_0) {
++ ssbd_state = ARM64_SSBD_UNKNOWN;
+ return false;
++ }
+
+- /*
+- * The probe function return value is either negative
+- * (unsupported or mitigated), positive (unaffected), or zero
+- * (requires mitigation). We only need to do anything in the
+- * last case.
+- */
+ switch (psci_ops.conduit) {
+ case PSCI_CONDUIT_HVC:
+ arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
+ ARM_SMCCC_ARCH_WORKAROUND_2, &res);
+- if ((int)res.a0 != 0)
+- supported = false;
+ break;
+
+ case PSCI_CONDUIT_SMC:
+ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
+ ARM_SMCCC_ARCH_WORKAROUND_2, &res);
+- if ((int)res.a0 != 0)
+- supported = false;
+ break;
+
+ default:
+- supported = false;
++ ssbd_state = ARM64_SSBD_UNKNOWN;
++ return false;
++ }
++
++ val = (s32)res.a0;
++
++ switch (val) {
++ case SMCCC_RET_NOT_SUPPORTED:
++ ssbd_state = ARM64_SSBD_UNKNOWN;
++ return false;
++
++ case SMCCC_RET_NOT_REQUIRED:
++ pr_info_once("%s mitigation not required\n", entry->desc);
++ ssbd_state = ARM64_SSBD_MITIGATED;
++ return false;
++
++ case SMCCC_RET_SUCCESS:
++ required = true;
++ break;
++
++ case 1: /* Mitigation not required on this CPU */
++ required = false;
++ break;
++
++ default:
++ WARN_ON(1);
++ return false;
+ }
+
+- if (supported) {
+- __this_cpu_write(arm64_ssbd_callback_required, 1);
++ switch (ssbd_state) {
++ case ARM64_SSBD_FORCE_DISABLE:
++ pr_info_once("%s disabled from command-line\n", entry->desc);
++ arm64_set_ssbd_mitigation(false);
++ required = false;
++ break;
++
++ case ARM64_SSBD_KERNEL:
++ if (required) {
++ __this_cpu_write(arm64_ssbd_callback_required, 1);
++ arm64_set_ssbd_mitigation(true);
++ }
++ break;
++
++ case ARM64_SSBD_FORCE_ENABLE:
++ pr_info_once("%s forced from command-line\n", entry->desc);
+ arm64_set_ssbd_mitigation(true);
++ required = true;
++ break;
++
++ default:
++ WARN_ON(1);
++ break;
+ }
+
+- return supported;
++ return required;
+ }
+ #endif /* CONFIG_ARM64_SSBD */
+
+--
+2.11.0
+
diff --git a/patches.arch/0008-arm64-ssbd-Add-global-mitigation-state-accessor.patch b/patches.arch/0008-arm64-ssbd-Add-global-mitigation-state-accessor.patch
new file mode 100644
index 0000000000..76fe066c7e
--- /dev/null
+++ b/patches.arch/0008-arm64-ssbd-Add-global-mitigation-state-accessor.patch
@@ -0,0 +1,50 @@
+From 75e314cf31433862f6f94d9b6795a0c066d572e9 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:10 +0100
+Subject: [PATCH 08/12] arm64: ssbd: Add global mitigation state accessor
+
+Git-commit: c32e1736ca03904c03de0e4459a673be194f56fd
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+We're about to need the mitigation state in various parts of the
+kernel in order to do the right thing for userspace and guests.
+
+Let's expose an accessor that will let other subsystems know
+about the state.
+
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/include/asm/cpufeature.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
+index 0bd5ebfb328e..a2415ee6b8a3 100644
+--- a/arch/arm64/include/asm/cpufeature.h
++++ b/arch/arm64/include/asm/cpufeature.h
+@@ -268,6 +268,16 @@ static inline bool system_uses_ttbr0_pan(void)
+ #define ARM64_SSBD_FORCE_ENABLE 2
+ #define ARM64_SSBD_MITIGATED 3
+
++static inline int arm64_get_ssbd_state(void)
++{
++#ifdef CONFIG_ARM64_SSBD
++ extern int ssbd_state;
++ return ssbd_state;
++#else
++ return ARM64_SSBD_UNKNOWN;
++#endif
++}
++
+ #endif /* __ASSEMBLY__ */
+
+ #endif
+--
+2.11.0
+
diff --git a/patches.arch/0009-arm64-ssbd-Skip-apply_ssbd-if-not-using-dynamic-miti.patch b/patches.arch/0009-arm64-ssbd-Skip-apply_ssbd-if-not-using-dynamic-miti.patch
new file mode 100644
index 0000000000..3548789897
--- /dev/null
+++ b/patches.arch/0009-arm64-ssbd-Skip-apply_ssbd-if-not-using-dynamic-miti.patch
@@ -0,0 +1,71 @@
+From 63f8f8d7fab9b062c581f9c519607b87eccdf54c Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:11 +0100
+Subject: [PATCH 09/12] arm64: ssbd: Skip apply_ssbd if not using dynamic
+ mitigation
+
+Git-commit: 986372c4367f46b34a3c0f6918d7fb95cbdf39d6
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+In order to avoid checking arm64_ssbd_callback_required on each
+kernel entry/exit even if no mitigation is required, let's
+add yet another alternative that by default jumps over the mitigation,
+and that gets nop'ed out if we're doing dynamic mitigation.
+
+Think of it as a poor man's static key...
+
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/kernel/cpu_errata.c | 14 ++++++++++++++
+ arch/arm64/kernel/entry.S | 3 +++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
+index 41613819514a..0f18d03561bf 100644
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -271,6 +271,20 @@ void __init arm64_update_smccc_conduit(struct alt_instr *alt,
+ *updptr = cpu_to_le32(insn);
+ }
+
++void __init arm64_enable_wa2_handling(struct alt_instr *alt,
++ __le32 *origptr, __le32 *updptr,
++ int nr_inst)
++{
++ BUG_ON(nr_inst != 1);
++ /*
++ * Only allow mitigation on EL1 entry/exit and guest
++ * ARCH_WORKAROUND_2 handling if the SSBD state allows it to
++ * be flipped.
++ */
++ if (arm64_get_ssbd_state() == ARM64_SSBD_KERNEL)
++ *updptr = cpu_to_le32(aarch64_insn_gen_nop());
++}
++
+ static void arm64_set_ssbd_mitigation(bool state)
+ {
+ switch (psci_ops.conduit) {
+diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
+index 8154cc45e325..c43f25a09cbb 100644
+--- a/arch/arm64/kernel/entry.S
++++ b/arch/arm64/kernel/entry.S
+@@ -141,6 +141,9 @@ alternative_else_nop_endif
+ // to save/restore them if required.
+ .macro apply_ssbd, state, targ, tmp1, tmp2
+ #ifdef CONFIG_ARM64_SSBD
++alternative_cb arm64_enable_wa2_handling
++ b \targ
++alternative_cb_end
+ ldr_this_cpu \tmp2, arm64_ssbd_callback_required, \tmp1
+ cbz \tmp2, \targ
+ mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2
+--
+2.11.0
+
diff --git a/patches.arch/0010-arm64-ssbd-Restore-mitigation-status-on-CPU-resume.patch b/patches.arch/0010-arm64-ssbd-Restore-mitigation-status-on-CPU-resume.patch
new file mode 100644
index 0000000000..16dfafa97d
--- /dev/null
+++ b/patches.arch/0010-arm64-ssbd-Restore-mitigation-status-on-CPU-resume.patch
@@ -0,0 +1,107 @@
+From a242ee827f46802b0cb9249a35f36f4807d525f5 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:12 +0100
+Subject: [PATCH 10/12] arm64: ssbd: Restore mitigation status on CPU resume
+
+Git-commit: 647d0519b53f440a55df163de21c52a8205431cc
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+On a system where firmware can dynamically change the state of the
+mitigation, the CPU will always come up with the mitigation enabled,
+including when coming back from suspend.
+
+If the user has requested "no mitigation" via a command line option,
+let's enforce it by calling into the firmware again to disable it.
+
+Similarily, for a resume from hibernate, the mitigation could have
+been disabled by the boot kernel. Let's ensure that it is set
+back on in that case.
+
+Acked-by: Will Deacon <will.deacon@arm.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/include/asm/cpufeature.h | 6 ++++++
+ arch/arm64/kernel/cpu_errata.c | 2 +-
+ arch/arm64/kernel/hibernate.c | 11 +++++++++++
+ arch/arm64/kernel/suspend.c | 8 ++++++++
+ 4 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
+index a2415ee6b8a3..c5bc80a03515 100644
+--- a/arch/arm64/include/asm/cpufeature.h
++++ b/arch/arm64/include/asm/cpufeature.h
+@@ -278,6 +278,12 @@ static inline int arm64_get_ssbd_state(void)
+ #endif
+ }
+
++#ifdef CONFIG_ARM64_SSBD
++void arm64_set_ssbd_mitigation(bool state);
++#else
++static inline void arm64_set_ssbd_mitigation(bool state) {}
++#endif
++
+ #endif /* __ASSEMBLY__ */
+
+ #endif
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
+index 0f18d03561bf..702e002737b7 100644
+--- a/arch/arm64/kernel/cpu_errata.c
++++ b/arch/arm64/kernel/cpu_errata.c
+@@ -285,7 +285,7 @@ void __init arm64_enable_wa2_handling(struct alt_instr *alt,
+ *updptr = cpu_to_le32(aarch64_insn_gen_nop());
+ }
+
+-static void arm64_set_ssbd_mitigation(bool state)
++void arm64_set_ssbd_mitigation(bool state)
+ {
+ switch (psci_ops.conduit) {
+ case PSCI_CONDUIT_HVC:
+diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c
+index f20cf7e99249..a3a3c6039f89 100644
+--- a/arch/arm64/kernel/hibernate.c
++++ b/arch/arm64/kernel/hibernate.c
+@@ -313,6 +313,17 @@ int swsusp_arch_suspend(void)
+
+ sleep_cpu = -EINVAL;
+ __cpu_suspend_exit();
++
++ /*
++ * Just in case the boot kernel did turn the SSBD
++ * mitigation off behind our back, let's set the state
++ * to what we expect it to be.
++ */
++ switch (arm64_get_ssbd_state()) {
++ case ARM64_SSBD_FORCE_ENABLE:
++ case ARM64_SSBD_KERNEL:
++ arm64_set_ssbd_mitigation(true);
++ }
+ }
+
+ local_daif_restore(flags);
+diff --git a/arch/arm64/kernel/suspend.c b/arch/arm64/kernel/suspend.c
+index d2d2edac78f2..0b6f903892c0 100644
+--- a/arch/arm64/kernel/suspend.c
++++ b/arch/arm64/kernel/suspend.c
+@@ -62,6 +62,14 @@ void notrace __cpu_suspend_exit(void)
+ */
+ if (hw_breakpoint_restore)
+ hw_breakpoint_restore(cpu);
++
++ /*
++ * On resume, firmware implementing dynamic mitigation will
++ * have turned the mitigation on. If the user has forcefully
++ * disabled it, make sure their wishes are obeyed.
++ */
++ if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE)
++ arm64_set_ssbd_mitigation(false);
+ }
+
+ /*
+--
+2.11.0
+
diff --git a/patches.arch/0011-arm64-ssbd-Introduce-thread-flag-to-control-userspac.patch b/patches.arch/0011-arm64-ssbd-Introduce-thread-flag-to-control-userspac.patch
new file mode 100644
index 0000000000..1e98d32335
--- /dev/null
+++ b/patches.arch/0011-arm64-ssbd-Introduce-thread-flag-to-control-userspac.patch
@@ -0,0 +1,58 @@
+From ce775f209f122e47e36f3dd3df903b71d3fe331e Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:13 +0100
+Subject: [PATCH 11/12] arm64: ssbd: Introduce thread flag to control userspace
+ mitigation
+
+Git-commit: 9dd9614f5476687abbff8d4b12cd08ae70d7c2ad
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+In order to allow userspace to be mitigated on demand, let's
+introduce a new thread flag that prevents the mitigation from
+being turned off when exiting to userspace, and doesn't turn
+it on on entry into the kernel (with the assumption that the
+mitigation is always enabled in the kernel itself).
+
+This will be used by a prctl interface introduced in a later
+patch.
+
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/include/asm/thread_info.h | 1 +
+ arch/arm64/kernel/entry.S | 2 ++
+ 2 files changed, 3 insertions(+)
+
+diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
+index aa04b733b349..f72f809f4765 100644
+--- a/arch/arm64/include/asm/thread_info.h
++++ b/arch/arm64/include/asm/thread_info.h
+@@ -88,6 +88,7 @@ struct thread_info {
+ #define TIF_RESTORE_SIGMASK 20
+ #define TIF_SINGLESTEP 21
+ #define TIF_32BIT 22 /* 32bit process */
++#define TIF_SSBD 25 /* Wants SSB mitigation */
+
+ #define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
+ #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
+diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
+index c43f25a09cbb..53e252f461f0 100644
+--- a/arch/arm64/kernel/entry.S
++++ b/arch/arm64/kernel/entry.S
+@@ -146,6 +146,8 @@ alternative_cb arm64_enable_wa2_handling
+ alternative_cb_end
+ ldr_this_cpu \tmp2, arm64_ssbd_callback_required, \tmp1
+ cbz \tmp2, \targ
++ ldr \tmp2, [tsk, #TSK_TI_FLAGS]
++ tbnz \tmp2, #TIF_SSBD, \targ
+ mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2
+ mov w1, #\state
+ alternative_cb arm64_update_smccc_conduit
+--
+2.11.0
+
diff --git a/patches.arch/0012-arm64-ssbd-Add-prctl-interface-for-per-thread-mitiga.patch b/patches.arch/0012-arm64-ssbd-Add-prctl-interface-for-per-thread-mitiga.patch
new file mode 100644
index 0000000000..d1eca93a36
--- /dev/null
+++ b/patches.arch/0012-arm64-ssbd-Add-prctl-interface-for-per-thread-mitiga.patch
@@ -0,0 +1,157 @@
+From 122fa21ae88145292d2cd1eeb5bba0ba6e19f241 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 29 May 2018 13:11:14 +0100
+Subject: [PATCH] arm64: ssbd: Add prctl interface for per-thread mitigation
+
+Git-commit: 9cdc0108baa8ef87c76ed834619886a46bd70cbe
+Patch-mainline: Queued
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+References: bsc#1085308
+
+If running on a system that performs dynamic SSBD mitigation, allow
+userspace to request the mitigation for itself. This is implemented
+as a prctl call, allowing the mitigation to be enabled or disabled at
+will for this particular thread.
+
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
+---
+ arch/arm64/kernel/Makefile | 1 +
+ arch/arm64/kernel/ssbd.c | 111 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 112 insertions(+)
+ create mode 100644 arch/arm64/kernel/ssbd.c
+
+diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
+index 947b8a5fa874..ae9a6201acab 100644
+--- a/arch/arm64/kernel/Makefile
++++ b/arch/arm64/kernel/Makefile
+@@ -53,6 +53,7 @@ arm64-obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o \
+ arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test.o
+ arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o
+ arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
++arm64-obj-$(CONFIG_ARM64_SSBD) += ssbd.o
+
+ ifeq ($(CONFIG_KVM),y)
+ arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o
+diff --git a/arch/arm64/kernel/ssbd.c b/arch/arm64/kernel/ssbd.c
+new file mode 100644
+index 000000000000..931b9cc85e98
+--- /dev/null
++++ b/arch/arm64/kernel/ssbd.c
+@@ -0,0 +1,111 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Copyright (C) 2018 ARM Ltd, All Rights Reserved.
++ */
++
++#include <linux/errno.h>
++#include <linux/sched.h>
++#include <linux/thread_info.h>
++#include <linux/prctl.h>
++
++#include <asm/cpufeature.h>
++
++/*
++ * prctl interface for SSBD
++ * FIXME: Drop the below ifdefery once merged in 4.18.
++ */
++#ifdef PR_SPEC_STORE_BYPASS
++static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
++{
++ int state = arm64_get_ssbd_state();
++
++ /* Unsupported */
++ if (state == ARM64_SSBD_UNKNOWN)
++ return -EINVAL;
++
++ /* Treat the unaffected/mitigated state separately */
++ if (state == ARM64_SSBD_MITIGATED) {
++ switch (ctrl) {
++ case PR_SPEC_ENABLE:
++ return -EPERM;
++ case PR_SPEC_DISABLE:
++ case PR_SPEC_FORCE_DISABLE:
++ return 0;
++ }
++ }
++
++ /*
++ * Things are a bit backward here: the arm64 internal API
++ * *enables the mitigation* when the userspace API *disables
++ * speculation*. So much fun.
++ */
++ switch (ctrl) {
++ case PR_SPEC_ENABLE:
++ /* If speculation is force disabled, enable is not allowed */
++ if (state == ARM64_SSBD_FORCE_ENABLE ||
++ task_spec_ssb_force_disable(task))
++ return -EPERM;
++ task_clear_spec_ssb_disable(task);
++ clear_tsk_thread_flag(task, TIF_SSBD);
++ break;
++ case PR_SPEC_DISABLE:
++ if (state == ARM64_SSBD_FORCE_DISABLE)
++ return -EPERM;
++ task_set_spec_ssb_disable(task);
++ set_tsk_thread_flag(task, TIF_SSBD);
++ break;
++ case PR_SPEC_FORCE_DISABLE:
++ if (state == ARM64_SSBD_FORCE_DISABLE)
++ return -EPERM;
++ task_set_spec_ssb_disable(task);
++ task_set_spec_ssb_force_disable(task);
++ set_tsk_thread_flag(task, TIF_SSBD);
++ break;
++ default:
++ return -ERANGE;
++ }
++
++ return 0;
++}
++
++int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
++ unsigned long ctrl)
++{
++ switch (which) {
++ case PR_SPEC_STORE_BYPASS:
++ return ssbd_prctl_set(task, ctrl);
++ default:
++ return -ENODEV;
++ }
++}
++
++static int ssbd_prctl_get(struct task_struct *task)
++{
++ switch (arm64_get_ssbd_state()) {
++ case ARM64_SSBD_UNKNOWN:
++ return -EINVAL;
++ case ARM64_SSBD_FORCE_ENABLE:
++ return PR_SPEC_DISABLE;
++ case ARM64_SSBD_KERNEL:
++ if (task_spec_ssb_force_disable(task))
++ return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
++ if (task_spec_ssb_disable(task))
++ return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
++ return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
++ case ARM64_SSBD_FORCE_DISABLE:
++ return PR_SPEC_ENABLE;
++ default:
++ return PR_SPEC_NOT_AFFECTED;
++ }
++}
++
++int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
++{
++ switch (which) {
++ case PR_SPEC_STORE_BYPASS:
++ return ssbd_prctl_get(task);
++ default:
++ return -ENODEV;
++ }
++}
++#endif /* PR_SPEC_STORE_BYPASS */
+--
+2.11.0
+
diff --git a/patches.arch/0015-arm64-mm-Map-entry-trampoline-into-trampoline-and-ke.patch b/patches.arch/0015-arm64-mm-Map-entry-trampoline-into-trampoline-and-ke.patch
index bb4ed04422..ba02ac2e99 100644
--- a/patches.arch/0015-arm64-mm-Map-entry-trampoline-into-trampoline-and-ke.patch
+++ b/patches.arch/0015-arm64-mm-Map-entry-trampoline-into-trampoline-and-ke.patch
@@ -23,21 +23,18 @@ Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
---
- arch/arm64/include/asm/fixmap.h | 5 +++++
- arch/arm64/include/asm/pgtable.h | 1 +
- arch/arm64/kernel/asm-offsets.c | 6 +++++-
- arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++
- 4 files changed, 34 insertions(+), 1 deletion(-)
+ arch/arm64/include/asm/fixmap.h | 4 ++++
+ arch/arm64/include/asm/pgtable.h | 1 +
+ arch/arm64/kernel/asm-offsets.c | 6 +++++-
+ arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++
+ 4 files changed, 33 insertions(+), 1 deletion(-)
-diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
-index caf86be815ba..7b1d88c18143 100644
--- a/arch/arm64/include/asm/fixmap.h
+++ b/arch/arm64/include/asm/fixmap.h
-@@ -51,6 +51,11 @@ enum fixed_addresses {
+@@ -58,6 +58,10 @@ enum fixed_addresses {
+ FIX_APEI_GHES_NMI,
+ #endif /* CONFIG_ACPI_APEI_GHES */
- FIX_EARLYCON_MEM_BASE,
- FIX_TEXT_POKE0,
-+
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ FIX_ENTRY_TRAMP_TEXT,
+#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
@@ -45,11 +42,9 @@ index caf86be815ba..7b1d88c18143 100644
__end_of_permanent_fixed_addresses,
/*
-diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
-index e7e8479069a0..279240669ba1 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
-@@ -669,6 +669,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -676,6 +676,7 @@ static inline void pmdp_set_wrprotect(st
extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
@@ -57,8 +52,6 @@ index e7e8479069a0..279240669ba1 100644
/*
* Encode and decode a swap entry:
-diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
-index b3bb7ef97bc8..5d2d3560f186 100644
--- a/arch/arm64/kernel/asm-offsets.c
+++ b/arch/arm64/kernel/asm-offsets.c
@@ -24,6 +24,7 @@
@@ -69,7 +62,7 @@ index b3bb7ef97bc8..5d2d3560f186 100644
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/smp_plat.h>
-@@ -147,11 +148,14 @@ int main(void)
+@@ -148,11 +149,14 @@ int main(void)
DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
@@ -85,11 +78,9 @@ index b3bb7ef97bc8..5d2d3560f186 100644
+#endif
return 0;
}
-diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
-index 0c429ec6fde8..dbefd84acd25 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
-@@ -521,6 +521,29 @@ static int __init parse_rodata(char *arg)
+@@ -521,6 +521,29 @@ static int __init parse_rodata(char *arg
}
early_param("rodata", parse_rodata);
@@ -119,6 +110,3 @@ index 0c429ec6fde8..dbefd84acd25 100644
/*
* Create fine-grained mappings for the kernel.
*/
---
-2.11.0
-
diff --git a/patches.arch/0051-arm64-kaslr-Put-kernel-vectors-address-in-separate-d.patch b/patches.arch/0051-arm64-kaslr-Put-kernel-vectors-address-in-separate-d.patch
index 54986b856d..42c2f927ce 100644
--- a/patches.arch/0051-arm64-kaslr-Put-kernel-vectors-address-in-separate-d.patch
+++ b/patches.arch/0051-arm64-kaslr-Put-kernel-vectors-address-in-separate-d.patch
@@ -23,29 +23,25 @@ Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
---
- arch/arm64/include/asm/fixmap.h | 1 +
- arch/arm64/kernel/entry.S | 14 ++++++++++++++
- arch/arm64/kernel/vmlinux.lds.S | 5 ++++-
- arch/arm64/mm/mmu.c | 10 +++++++++-
+ arch/arm64/include/asm/fixmap.h | 1 +
+ arch/arm64/kernel/entry.S | 14 ++++++++++++++
+ arch/arm64/kernel/vmlinux.lds.S | 5 ++++-
+ arch/arm64/mm/mmu.c | 10 +++++++++-
4 files changed, 28 insertions(+), 2 deletions(-)
-diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
-index 7b1d88c18143..d8e58051f32d 100644
--- a/arch/arm64/include/asm/fixmap.h
+++ b/arch/arm64/include/asm/fixmap.h
-@@ -53,6 +53,7 @@ enum fixed_addresses {
- FIX_TEXT_POKE0,
+@@ -59,6 +59,7 @@ enum fixed_addresses {
+ #endif /* CONFIG_ACPI_APEI_GHES */
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ FIX_ENTRY_TRAMP_DATA,
FIX_ENTRY_TRAMP_TEXT,
#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
-diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
-index 6fb7344b80f5..c046b181b352 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
-@@ -1005,7 +1005,13 @@ alternative_else_nop_endif
+@@ -997,7 +997,13 @@ alternative_else_nop_endif
msr tpidrro_el0, x30 // Restored in kernel_ventry
.endif
tramp_map_kernel x30
@@ -59,7 +55,7 @@ index 6fb7344b80f5..c046b181b352 100644
prfm plil1strm, [x30, #(1b - tramp_vectors)]
msr vbar_el1, x30
add x30, x30, #(1b - tramp_vectors)
-@@ -1048,6 +1054,14 @@ END(tramp_exit_compat)
+@@ -1040,6 +1046,14 @@ END(tramp_exit_compat)
.ltorg
.popsection // .entry.tramp.text
@@ -74,11 +70,9 @@ index 6fb7344b80f5..c046b181b352 100644
#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
/*
-diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
-index 7bbb54d7bdd1..3aaf374b0f46 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
-@@ -250,7 +250,10 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
+@@ -250,7 +250,10 @@ ASSERT(__idmap_text_end - (__idmap_text_
ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1))
<= SZ_4K, "Hibernate exit text too big or misaligned")
#endif
@@ -90,11 +84,9 @@ index 7bbb54d7bdd1..3aaf374b0f46 100644
/*
* If padding is applied before .head.text, virt<->phys conversions will fail.
*/
-diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
-index dbefd84acd25..1663293ed5d5 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
-@@ -537,8 +537,16 @@ static int __init map_entry_trampoline(void)
+@@ -537,8 +537,16 @@ static int __init map_entry_trampoline(v
__create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
prot, pgd_pgtable_alloc, 0);
@@ -112,6 +104,3 @@ index dbefd84acd25..1663293ed5d5 100644
return 0;
}
core_initcall(map_entry_trampoline);
---
-2.11.0
-
diff --git a/patches.arch/08-x86-mm-fixmap-generalize-the-gdt-fixmap-mechanism-introduce-struct-cpu_entry_area.patch b/patches.arch/08-x86-mm-fixmap-generalize-the-gdt-fixmap-mechanism-introduce-struct-cpu_entry_area.patch
index 4e2e6872b8..62a2b77f51 100644
--- a/patches.arch/08-x86-mm-fixmap-generalize-the-gdt-fixmap-mechanism-introduce-struct-cpu_entry_area.patch
+++ b/patches.arch/08-x86-mm-fixmap-generalize-the-gdt-fixmap-mechanism-introduce-struct-cpu_entry_area.patch
@@ -97,9 +97,9 @@ Acked-by: Borislav Petkov <bp@suse.de>
+ FIX_CPU_ENTRY_AREA_TOP,
+ FIX_CPU_ENTRY_AREA_BOTTOM = FIX_CPU_ENTRY_AREA_TOP + (CPU_ENTRY_AREA_PAGES * NR_CPUS) - 1,
- __end_of_permanent_fixed_addresses,
-
-@@ -185,5 +198,25 @@ void __init *early_memremap_decrypted_wp
+ #ifdef CONFIG_ACPI_APEI_GHES
+ /* Used for GHES mapping from assorted contexts */
+@@ -191,5 +204,25 @@ void __init *early_memremap_decrypted_wp
void __early_set_fixmap(enum fixed_addresses idx,
phys_addr_t phys, pgprot_t flags);
@@ -127,7 +127,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
#endif /* _ASM_X86_FIXMAP_H */
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
-@@ -448,12 +448,12 @@ void load_percpu_segment(int cpu)
+@@ -466,12 +466,12 @@ void load_percpu_segment(int cpu)
load_stack_canary_segment();
}
@@ -143,7 +143,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
#else
/*
* On native 32-bit systems, the GDT cannot be read-only because
-@@ -464,11 +464,11 @@ static inline void setup_fixmap_gdt(int
+@@ -482,11 +482,11 @@ static inline void setup_fixmap_gdt(int
* On Xen PV, the GDT must be read-only because the hypervisor requires
* it.
*/
@@ -157,7 +157,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
}
/* Load the original GDT from the per-cpu structure */
-@@ -1573,7 +1573,7 @@ void cpu_init(void)
+@@ -1592,7 +1592,7 @@ void cpu_init(void)
if (is_uv_system())
uv_cpu_init();
@@ -166,7 +166,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
load_fixmap_gdt(cpu);
}
-@@ -1634,7 +1634,7 @@ void cpu_init(void)
+@@ -1654,7 +1654,7 @@ void cpu_init(void)
fpu__init_cpu();
@@ -177,7 +177,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
#endif
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
-@@ -2342,7 +2342,7 @@ static void xen_set_fixmap(unsigned idx,
+@@ -2336,7 +2336,7 @@ static void xen_set_fixmap(unsigned idx,
#endif
case FIX_TEXT_POKE0:
case FIX_TEXT_POKE1:
diff --git a/patches.arch/22-x86-cpu_entry_area-move-it-out-of-the-fixmap.patch b/patches.arch/22-x86-cpu_entry_area-move-it-out-of-the-fixmap.patch
index db9c57cedb..a013a8eb75 100644
--- a/patches.arch/22-x86-cpu_entry_area-move-it-out-of-the-fixmap.patch
+++ b/patches.arch/22-x86-cpu_entry_area-move-it-out-of-the-fixmap.patch
@@ -106,9 +106,9 @@ Acked-by: Borislav Petkov <bp@suse.de>
- FIX_CPU_ENTRY_AREA_TOP,
- FIX_CPU_ENTRY_AREA_BOTTOM = FIX_CPU_ENTRY_AREA_TOP + (CPU_ENTRY_AREA_PAGES * NR_CPUS) - 1,
- __end_of_permanent_fixed_addresses,
-
-@@ -137,7 +132,7 @@ enum fixed_addresses {
+ #ifdef CONFIG_ACPI_APEI_GHES
+ /* Used for GHES mapping from assorted contexts */
+@@ -143,7 +138,7 @@ enum fixed_addresses {
extern void reserve_top_address(unsigned long reserve);
#define FIXADDR_SIZE (__end_of_permanent_fixed_addresses << PAGE_SHIFT)
@@ -117,7 +117,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
extern int fixmaps_set;
-@@ -185,30 +180,5 @@ void __init *early_memremap_decrypted_wp
+@@ -191,30 +186,5 @@ void __init *early_memremap_decrypted_wp
void __early_set_fixmap(enum fixed_addresses idx,
phys_addr_t phys, pgprot_t flags);
@@ -489,7 +489,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
#include <asm/fixmap.h>
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
-@@ -2325,7 +2325,6 @@ static void xen_set_fixmap(unsigned idx,
+@@ -2337,7 +2337,6 @@ static void xen_set_fixmap(unsigned idx,
switch (idx) {
case FIX_BTMAP_END ... FIX_BTMAP_BEGIN:
@@ -497,7 +497,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
#ifdef CONFIG_X86_32
case FIX_WP_TEST:
# ifdef CONFIG_HIGHMEM
-@@ -2336,7 +2335,6 @@ static void xen_set_fixmap(unsigned idx,
+@@ -2348,7 +2347,6 @@ static void xen_set_fixmap(unsigned idx,
#endif
case FIX_TEXT_POKE0:
case FIX_TEXT_POKE1:
diff --git a/patches.arch/28-x86-bugs-fix-_ssb_select_mitigation-return-type.patch b/patches.arch/28-x86-bugs-fix-_ssb_select_mitigation-return-type.patch
new file mode 100644
index 0000000000..7a6f56c57e
--- /dev/null
+++ b/patches.arch/28-x86-bugs-fix-_ssb_select_mitigation-return-type.patch
@@ -0,0 +1,29 @@
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Thu, 10 May 2018 22:47:18 +0200
+Subject: x86/bugs: Fix __ssb_select_mitigation() return type
+Git-commit: d66d8ff3d21667b41eddbe86b35ab411e40d8c5f
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+__ssb_select_mitigation() returns one of the members of enum ssb_mitigation,
+not ssb_mitigation_cmd; fix the prototype to reflect that.
+
+Fixes: 24f7fc83b9204 ("x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation")
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kernel/cpu/bugs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -486,7 +486,7 @@ static enum ssb_mitigation_cmd __init ss
+ return cmd;
+ }
+
+-static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
++static enum ssb_mitigation __init __ssb_select_mitigation(void)
+ {
+ enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
+ enum ssb_mitigation_cmd cmd;
diff --git a/patches.arch/29-x86-bugs-make-cpu_show_common-static.patch b/patches.arch/29-x86-bugs-make-cpu_show_common-static.patch
new file mode 100644
index 0000000000..f5fcffdeb9
--- /dev/null
+++ b/patches.arch/29-x86-bugs-make-cpu_show_common-static.patch
@@ -0,0 +1,28 @@
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Thu, 10 May 2018 22:47:32 +0200
+Subject: x86/bugs: Make cpu_show_common() static
+Git-commit: 7bb4d366cba992904bffa4820d24e70a3de93e76
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+cpu_show_common() is not used outside of arch/x86/kernel/cpu/bugs.c, so
+make it static.
+
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kernel/cpu/bugs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -658,7 +658,7 @@ void x86_spec_ctrl_setup_ap(void)
+
+ #ifdef CONFIG_SYSFS
+
+-ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
++static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
+ char *buf, unsigned int bug)
+ {
+ if (!boot_cpu_has_bug(bug))
diff --git a/patches.arch/30-x86-bugs-fix-the-parameters-alignment-and-missing-void.patch b/patches.arch/30-x86-bugs-fix-the-parameters-alignment-and-missing-void.patch
new file mode 100644
index 0000000000..b2a807ecc9
--- /dev/null
+++ b/patches.arch/30-x86-bugs-fix-the-parameters-alignment-and-missing-void.patch
@@ -0,0 +1,36 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Fri, 11 May 2018 16:50:35 -0400
+Subject: x86/bugs: Fix the parameters alignment and missing void
+Git-commit: ffed645e3be0e32f8e9ab068d257aee8d0fe8eec
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Fixes: 7bb4d366c ("x86/bugs: Make cpu_show_common() static")
+Fixes: 24f7fc83b ("x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation")
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kernel/cpu/bugs.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -549,7 +549,7 @@ static enum ssb_mitigation __init __ssb_
+ return mode;
+ }
+
+-static void ssb_select_mitigation()
++static void ssb_select_mitigation(void)
+ {
+ ssb_mode = __ssb_select_mitigation();
+
+@@ -659,7 +659,7 @@ void x86_spec_ctrl_setup_ap(void)
+ #ifdef CONFIG_SYSFS
+
+ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
+- char *buf, unsigned int bug)
++ char *buf, unsigned int bug)
+ {
+ if (!boot_cpu_has_bug(bug))
+ return sprintf(buf, "Not affected\n");
diff --git a/patches.arch/31-x86-speculation-use-synthetic-bits-for-ibrs-ibpb-stibp.patch b/patches.arch/31-x86-speculation-use-synthetic-bits-for-ibrs-ibpb-stibp.patch
new file mode 100644
index 0000000000..26f890cc39
--- /dev/null
+++ b/patches.arch/31-x86-speculation-use-synthetic-bits-for-ibrs-ibpb-stibp.patch
@@ -0,0 +1,189 @@
+From: Borislav Petkov <bp@suse.de>
+Date: Wed, 2 May 2018 18:15:14 +0200
+Subject: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: e7c587da125291db39ddf1f49b18e5970adbac17
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Intel and AMD have different CPUID bits hence for those use synthetic bits
+which get set on the respective vendor's in init_speculation_control(). So
+that debacles like what the commit message of
+
+ c65732e4f721 ("x86/cpu: Restore CPUID_8000_0008_EBX reload")
+
+talks about don't happen anymore.
+
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Tested-by: Jörg Otte <jrg.otte@gmail.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
+Link: https://lkml.kernel.org/r/20180504161815.GG9257@pd.tnic
+---
+ arch/x86/include/asm/cpufeatures.h | 11 ++++++-----
+ arch/x86/kernel/cpu/common.c | 14 ++++++++++----
+ arch/x86/kvm/cpuid.c | 10 +++++-----
+ arch/x86/kvm/svm.c | 6 +++---
+ arch/x86/kvm/vmx.c | 9 ++-------
+ 5 files changed, 26 insertions(+), 24 deletions(-)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -199,7 +199,6 @@
+ #define X86_FEATURE_CAT_L2 ( 7*32+ 5) /* Cache Allocation Technology L2 */
+ #define X86_FEATURE_CDP_L3 ( 7*32+ 6) /* Code and Data Prioritization L3 */
+ #define X86_FEATURE_INVPCID_SINGLE ( 7*32+ 7) /* Effectively INVPCID && CR4.PCIDE=1 */
+-
+ #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
+ #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
+ #define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */
+@@ -212,12 +211,14 @@
+ #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */
+ #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */
+ #define X86_FEATURE_SEV ( 7*32+20) /* AMD Secure Encrypted Virtualization */
+-
+ #define X86_FEATURE_USE_IBPB ( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
+ #define X86_FEATURE_USE_IBRS_FW ( 7*32+22) /* "" Use IBRS during runtime firmware calls */
+ #define X86_FEATURE_USE_IBRS ( 7*32+23) /* "" Use IBRS for Spectre v2 safety */
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+24) /* "" Disable Speculative Store Bypass. */
+ #define X86_FEATURE_AMD_SSBD (7*32+25) /* "" AMD SSBD implementation */
++#define X86_FEATURE_IBRS ( 7*32+26) /* Indirect Branch Restricted Speculation */
++#define X86_FEATURE_IBPB ( 7*32+27) /* Indirect Branch Prediction Barrier */
++#define X86_FEATURE_STIBP ( 7*32+28) /* Single Thread Indirect Branch Predictors */
+
+ /* Virtualization flags: Linux defined, word 8 */
+ #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
+@@ -278,9 +279,9 @@
+ #define X86_FEATURE_CLZERO (13*32+0) /* CLZERO instruction */
+ #define X86_FEATURE_IRPERF (13*32+1) /* Instructions Retired Count */
+ #define X86_FEATURE_XSAVEERPTR (13*32+ 2) /* Always save/restore FP error pointers */
+-#define X86_FEATURE_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */
+-#define X86_FEATURE_IBRS (13*32+14) /* Indirect Branch Restricted Speculation */
+-#define X86_FEATURE_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors */
++#define X86_FEATURE_AMD_IBPB (13*32+12) /* "" Indirect Branch Prediction Barrier */
++#define X86_FEATURE_AMD_IBRS (13*32+14) /* "" Indirect Branch Restricted Speculation */
++#define X86_FEATURE_AMD_STIBP (13*32+15) /* "" Single Thread Indirect Branch Predictors */
+
+ /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */
+ #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -733,17 +733,23 @@ static void init_speculation_control(str
+ * and they also have a different bit for STIBP support. Also,
+ * a hypervisor might have set the individual AMD bits even on
+ * Intel CPUs, for finer-grained selection of what's available.
+- *
+- * We use the AMD bits in 0x8000_0008 EBX as the generic hardware
+- * features, which are visible in /proc/cpuinfo and used by the
+- * kernel. So set those accordingly from the Intel bits.
+ */
+ if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
+ set_cpu_cap(c, X86_FEATURE_IBRS);
+ set_cpu_cap(c, X86_FEATURE_IBPB);
+ }
++
+ if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
+ set_cpu_cap(c, X86_FEATURE_STIBP);
++
++ if (cpu_has(c, X86_FEATURE_AMD_IBRS))
++ set_cpu_cap(c, X86_FEATURE_IBRS);
++
++ if (cpu_has(c, X86_FEATURE_AMD_IBPB))
++ set_cpu_cap(c, X86_FEATURE_IBPB);
++
++ if (cpu_has(c, X86_FEATURE_AMD_STIBP))
++ set_cpu_cap(c, X86_FEATURE_STIBP);
+ }
+
+ void get_cpu_cap(struct cpuinfo_x86 *c)
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -367,7 +367,7 @@ static inline int __do_cpuid_ent(struct
+
+ /* cpuid 0x80000008.ebx */
+ const u32 kvm_cpuid_8000_0008_ebx_x86_features =
+- F(IBPB) | F(IBRS);
++ F(AMD_IBPB) | F(AMD_IBRS);
+
+ /* cpuid 0xC0000001.edx */
+ const u32 kvm_cpuid_C000_0001_edx_x86_features =
+@@ -632,10 +632,10 @@ static inline int __do_cpuid_ent(struct
+ entry->eax = g_phys_as | (virt_as << 8);
+ entry->edx = 0;
+ /* IBRS and IBPB aren't necessarily present in hardware cpuid */
+- if (boot_cpu_has(X86_FEATURE_IBPB))
+- entry->ebx |= F(IBPB);
+- if (boot_cpu_has(X86_FEATURE_IBRS))
+- entry->ebx |= F(IBRS);
++ if (boot_cpu_has(X86_FEATURE_AMD_IBPB))
++ entry->ebx |= F(AMD_IBPB);
++ if (boot_cpu_has(X86_FEATURE_AMD_IBRS))
++ entry->ebx |= F(AMD_IBRS);
+ entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features;
+ cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
+ break;
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -3931,7 +3931,7 @@ static int svm_get_msr(struct kvm_vcpu *
+ break;
+ case MSR_IA32_SPEC_CTRL:
+ if (!msr_info->host_initiated &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_IBRS))
++ !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS))
+ return 1;
+
+ msr_info->data = svm->spec_ctrl;
+@@ -4029,7 +4029,7 @@ static int svm_set_msr(struct kvm_vcpu *
+ break;
+ case MSR_IA32_SPEC_CTRL:
+ if (!msr->host_initiated &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_IBRS))
++ !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS))
+ return 1;
+
+ /* The STIBP bit doesn't fault even if it's not advertised */
+@@ -4056,7 +4056,7 @@ static int svm_set_msr(struct kvm_vcpu *
+ break;
+ case MSR_IA32_PRED_CMD:
+ if (!msr->host_initiated &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_IBPB))
++ !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBPB))
+ return 1;
+
+ if (data & ~PRED_CMD_IBPB)
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -3296,9 +3296,7 @@ static int vmx_get_msr(struct kvm_vcpu *
+ break;
+ case MSR_IA32_SPEC_CTRL:
+ if (!msr_info->host_initiated &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_IBRS) &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_SSBD))
++ !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
+ return 1;
+
+ msr_info->data = to_vmx(vcpu)->spec_ctrl;
+@@ -3418,9 +3416,7 @@ static int vmx_set_msr(struct kvm_vcpu *
+ break;
+ case MSR_IA32_SPEC_CTRL:
+ if (!msr_info->host_initiated &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_IBRS) &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_SSBD))
++ !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
+ return 1;
+
+ /* The STIBP bit doesn't fault even if it's not advertised */
+@@ -3450,7 +3446,6 @@ static int vmx_set_msr(struct kvm_vcpu *
+ break;
+ case MSR_IA32_PRED_CMD:
+ if (!msr_info->host_initiated &&
+- !guest_cpuid_has(vcpu, X86_FEATURE_IBPB) &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
+ return 1;
+
diff --git a/patches.arch/32-x86-cpufeatures-disentangle-msr_spec_ctrl-enumeration-from-ibrs.patch b/patches.arch/32-x86-cpufeatures-disentangle-msr_spec_ctrl-enumeration-from-ibrs.patch
new file mode 100644
index 0000000000..2ae717e298
--- /dev/null
+++ b/patches.arch/32-x86-cpufeatures-disentangle-msr_spec_ctrl-enumeration-from-ibrs.patch
@@ -0,0 +1,141 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 10 May 2018 19:13:18 +0200
+Subject: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
+Git-commit: 7eb8956a7fec3c1f0abc2a5517dada99ccc8a961
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+The availability of the SPEC_CTRL MSR is enumerated by a CPUID bit on
+Intel and implied by IBRS or STIBP support on AMD. That's just confusing
+and in case an AMD CPU has IBRS not supported because the underlying
+problem has been fixed but has another bit valid in the SPEC_CTRL MSR,
+the thing falls apart.
+
+Add a synthetic feature bit X86_FEATURE_MSR_SPEC_CTRL to denote the
+availability on both Intel and AMD.
+
+While at it replace the boot_cpu_has() checks with static_cpu_has() where
+possible. This prevents late microcode loading from exposing SPEC_CTRL, but
+late loading is already very limited as it does not reevaluate the
+mitigation options and other bits and pieces. Having static_cpu_has() is
+the simplest and least fragile solution.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/cpufeatures.h | 1 +
+ arch/x86/kernel/cpu/bugs.c | 18 +++++++++++-------
+ arch/x86/kernel/cpu/common.c | 9 +++++++--
+ arch/x86/kernel/cpu/intel.c | 1 +
+ 4 files changed, 20 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -207,6 +207,7 @@
+ #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */
+ #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
+ #define X86_FEATURE_CDP_L2 ( 7*32+15) /* Code and Data Prioritization L2 */
++#define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */
+
+ #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */
+ #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -63,7 +63,7 @@ void __init check_bugs(void)
+ * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
+ * init code as it is not enumerated and depends on the family.
+ */
+- if (boot_cpu_has(X86_FEATURE_IBRS))
++ if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+
+ /* Select the proper spectre mitigation before patching alternatives */
+@@ -146,7 +146,7 @@ u64 x86_spec_ctrl_get_default(void)
+ {
+ u64 msrval = x86_spec_ctrl_base;
+
+- if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
+ msrval |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+ return msrval;
+ }
+@@ -156,10 +156,12 @@ void x86_spec_ctrl_set_guest(u64 guest_s
+ {
+ u64 host = x86_spec_ctrl_base;
+
+- if (!boot_cpu_has(X86_FEATURE_IBRS))
++ /* Is MSR_SPEC_CTRL implemented ? */
++ if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ return;
+
+- if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
++ /* Intel controls SSB in MSR_SPEC_CTRL */
++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
+ host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+
+ if (host != guest_spec_ctrl)
+@@ -171,10 +173,12 @@ void x86_spec_ctrl_restore_host(u64 gues
+ {
+ u64 host = x86_spec_ctrl_base;
+
+- if (!boot_cpu_has(X86_FEATURE_IBRS))
++ /* Is MSR_SPEC_CTRL implemented ? */
++ if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ return;
+
+- if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
++ /* Intel controls SSB in MSR_SPEC_CTRL */
++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
+ host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+
+ if (host != guest_spec_ctrl)
+@@ -649,7 +653,7 @@ int arch_prctl_spec_ctrl_get(struct task
+
+ void x86_spec_ctrl_setup_ap(void)
+ {
+- if (boot_cpu_has(X86_FEATURE_IBRS))
++ if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
+
+ if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -737,19 +737,24 @@ static void init_speculation_control(str
+ if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
+ set_cpu_cap(c, X86_FEATURE_IBRS);
+ set_cpu_cap(c, X86_FEATURE_IBPB);
++ set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
+ }
+
+ if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
+ set_cpu_cap(c, X86_FEATURE_STIBP);
+
+- if (cpu_has(c, X86_FEATURE_AMD_IBRS))
++ if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
+ set_cpu_cap(c, X86_FEATURE_IBRS);
++ set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
++ }
+
+ if (cpu_has(c, X86_FEATURE_AMD_IBPB))
+ set_cpu_cap(c, X86_FEATURE_IBPB);
+
+- if (cpu_has(c, X86_FEATURE_AMD_STIBP))
++ if (cpu_has(c, X86_FEATURE_AMD_STIBP)) {
+ set_cpu_cap(c, X86_FEATURE_STIBP);
++ set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
++ }
+ }
+
+ void get_cpu_cap(struct cpuinfo_x86 *c)
+--- a/arch/x86/kernel/cpu/intel.c
++++ b/arch/x86/kernel/cpu/intel.c
+@@ -187,6 +187,7 @@ static void early_init_intel(struct cpui
+ setup_clear_cpu_cap(X86_FEATURE_IBPB);
+ setup_clear_cpu_cap(X86_FEATURE_STIBP);
+ setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
++ setup_clear_cpu_cap(X86_FEATURE_MSR_SPEC_CTRL);
+ setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
+ setup_clear_cpu_cap(X86_FEATURE_SSBD);
+ }
diff --git a/patches.arch/33-x86-cpufeatures-disentangle-ssbd-enumeration.patch b/patches.arch/33-x86-cpufeatures-disentangle-ssbd-enumeration.patch
new file mode 100644
index 0000000000..1b2c673bb0
--- /dev/null
+++ b/patches.arch/33-x86-cpufeatures-disentangle-ssbd-enumeration.patch
@@ -0,0 +1,148 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 10 May 2018 20:21:36 +0200
+Subject: x86/cpufeatures: Disentangle SSBD enumeration
+Git-commit: 52817587e706686fcdb27f14c1b000c92f266c96
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+The SSBD enumeration is similarly to the other bits magically shared
+between Intel and AMD though the mechanisms are different.
+
+Make X86_FEATURE_SSBD synthetic and set it depending on the vendor specific
+features or family dependent setup.
+
+Change the Intel bit to X86_FEATURE_SPEC_CTRL_SSBD to denote that SSBD is
+controlled via MSR_SPEC_CTRL and fix up the usage sites.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/cpufeatures.h | 6 +++---
+ arch/x86/kernel/cpu/amd.c | 7 +------
+ arch/x86/kernel/cpu/bugs.c | 10 +++++-----
+ arch/x86/kernel/cpu/common.c | 3 +++
+ arch/x86/kernel/cpu/intel.c | 1 +
+ arch/x86/kernel/process.c | 2 +-
+ 6 files changed, 14 insertions(+), 15 deletions(-)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -208,7 +208,7 @@
+ #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
+ #define X86_FEATURE_CDP_L2 ( 7*32+15) /* Code and Data Prioritization L2 */
+ #define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */
+-
++#define X86_FEATURE_SSBD ( 7*32+17) /* Speculative Store Bypass Disable */
+ #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */
+ #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */
+ #define X86_FEATURE_SEV ( 7*32+20) /* AMD Secure Encrypted Virtualization */
+@@ -216,7 +216,7 @@
+ #define X86_FEATURE_USE_IBRS_FW ( 7*32+22) /* "" Use IBRS during runtime firmware calls */
+ #define X86_FEATURE_USE_IBRS ( 7*32+23) /* "" Use IBRS for Spectre v2 safety */
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+24) /* "" Disable Speculative Store Bypass. */
+-#define X86_FEATURE_AMD_SSBD (7*32+25) /* "" AMD SSBD implementation */
++#define X86_FEATURE_LS_CFG_SSBD ( 7*32+25) /* "" AMD SSBD implementation via LS_CFG MSR */
+ #define X86_FEATURE_IBRS ( 7*32+26) /* Indirect Branch Restricted Speculation */
+ #define X86_FEATURE_IBPB ( 7*32+27) /* Indirect Branch Prediction Barrier */
+ #define X86_FEATURE_STIBP ( 7*32+28) /* Single Thread Indirect Branch Predictors */
+@@ -336,7 +336,7 @@
+ #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */
+ #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */
+ #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
+-#define X86_FEATURE_SSBD (18*32+31) /* Speculative Store Bypass Disable */
++#define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */
+
+ /*
+ * BUG word(s)
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -569,8 +569,8 @@ static void bsp_init_amd(struct cpuinfo_
+ * avoid RMW. If that faults, do not enable SSBD.
+ */
+ if (!rdmsrl_safe(MSR_AMD64_LS_CFG, &x86_amd_ls_cfg_base)) {
++ setup_force_cpu_cap(X86_FEATURE_LS_CFG_SSBD);
+ setup_force_cpu_cap(X86_FEATURE_SSBD);
+- setup_force_cpu_cap(X86_FEATURE_AMD_SSBD);
+ x86_amd_ls_cfg_ssbd_mask = 1ULL << bit;
+ }
+ }
+@@ -907,11 +907,6 @@ static void init_amd(struct cpuinfo_x86
+ /* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */
+ if (!cpu_has(c, X86_FEATURE_XENPV))
+ set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
+-
+- if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) {
+- set_cpu_cap(c, X86_FEATURE_SSBD);
+- set_cpu_cap(c, X86_FEATURE_AMD_SSBD);
+- }
+ }
+
+ #ifdef CONFIG_X86_32
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -160,8 +160,8 @@ void x86_spec_ctrl_set_guest(u64 guest_s
+ if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ return;
+
+- /* Intel controls SSB in MSR_SPEC_CTRL */
+- if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
++ /* SSBD controlled in MSR_SPEC_CTRL */
++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
+ host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+
+ if (host != guest_spec_ctrl)
+@@ -177,8 +177,8 @@ void x86_spec_ctrl_restore_host(u64 gues
+ if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ return;
+
+- /* Intel controls SSB in MSR_SPEC_CTRL */
+- if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
++ /* SSBD controlled in MSR_SPEC_CTRL */
++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
+ host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+
+ if (host != guest_spec_ctrl)
+@@ -190,7 +190,7 @@ static void x86_amd_ssb_disable(void)
+ {
+ u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
+
+- if (boot_cpu_has(X86_FEATURE_AMD_SSBD))
++ if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
+ wrmsrl(MSR_AMD64_LS_CFG, msrval);
+ }
+
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -743,6 +743,9 @@ static void init_speculation_control(str
+ if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
+ set_cpu_cap(c, X86_FEATURE_STIBP);
+
++ if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD))
++ set_cpu_cap(c, X86_FEATURE_SSBD);
++
+ if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
+ set_cpu_cap(c, X86_FEATURE_IBRS);
+ set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
+--- a/arch/x86/kernel/cpu/intel.c
++++ b/arch/x86/kernel/cpu/intel.c
+@@ -190,6 +190,7 @@ static void early_init_intel(struct cpui
+ setup_clear_cpu_cap(X86_FEATURE_MSR_SPEC_CTRL);
+ setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
+ setup_clear_cpu_cap(X86_FEATURE_SSBD);
++ setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL_SSBD);
+ }
+
+ /*
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -283,7 +283,7 @@ static __always_inline void __speculativ
+ {
+ u64 msr;
+
+- if (static_cpu_has(X86_FEATURE_AMD_SSBD)) {
++ if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
+ msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
+ wrmsrl(MSR_AMD64_LS_CFG, msr);
+ } else {
diff --git a/patches.arch/34-x86-cpufeatures-add-feature_zen.patch b/patches.arch/34-x86-cpufeatures-add-feature_zen.patch
new file mode 100644
index 0000000000..5e6ebfee9a
--- /dev/null
+++ b/patches.arch/34-x86-cpufeatures-add-feature_zen.patch
@@ -0,0 +1,51 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 10 May 2018 16:26:00 +0200
+Subject: x86/cpufeatures: Add FEATURE_ZEN
+Git-commit: d1035d971829dcf80e8686ccde26f94b0a069472
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Add a ZEN feature bit so family-dependent static_cpu_has() optimizations
+can be built for ZEN.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/cpufeatures.h | 1 +
+ arch/x86/kernel/cpu/amd.c | 6 ++++++
+ 2 files changed, 7 insertions(+)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -220,6 +220,7 @@
+ #define X86_FEATURE_IBRS ( 7*32+26) /* Indirect Branch Restricted Speculation */
+ #define X86_FEATURE_IBPB ( 7*32+27) /* Indirect Branch Prediction Barrier */
+ #define X86_FEATURE_STIBP ( 7*32+28) /* Single Thread Indirect Branch Predictors */
++#define X86_FEATURE_ZEN ( 7*32+29) /* "" CPU is AMD family 0x17 (Zen) */
+
+ /* Virtualization flags: Linux defined, word 8 */
+ #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -809,6 +809,11 @@ static void init_amd_bd(struct cpuinfo_x
+ }
+ }
+
++static void init_amd_zn(struct cpuinfo_x86 *c)
++{
++ set_cpu_cap(c, X86_FEATURE_ZEN);
++}
++
+ static void init_amd(struct cpuinfo_x86 *c)
+ {
+ early_init_amd(c);
+@@ -837,6 +842,7 @@ static void init_amd(struct cpuinfo_x86
+ case 0x10: init_amd_gh(c); break;
+ case 0x12: init_amd_ln(c); break;
+ case 0x15: init_amd_bd(c); break;
++ case 0x17: init_amd_zn(c); break;
+ }
+
+ /*
diff --git a/patches.arch/35-x86-speculation-handle-ht-correctly-on-amd.patch b/patches.arch/35-x86-speculation-handle-ht-correctly-on-amd.patch
new file mode 100644
index 0000000000..62237a4647
--- /dev/null
+++ b/patches.arch/35-x86-speculation-handle-ht-correctly-on-amd.patch
@@ -0,0 +1,230 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 9 May 2018 21:53:09 +0200
+Subject: x86/speculation: Handle HT correctly on AMD
+Git-commit: 1f50ddb4f4189243c05926b842dc1a0332195f31
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+The AMD64_LS_CFG MSR is a per core MSR on Family 17H CPUs. That means when
+hyperthreading is enabled the SSBD bit toggle needs to take both cores into
+account. Otherwise the following situation can happen:
+
+CPU0 CPU1
+
+disable SSB
+ disable SSB
+ enable SSB <- Enables it for the Core, i.e. for CPU0 as well
+
+So after the SSB enable on CPU1 the task on CPU0 runs with SSB enabled
+again.
+
+On Intel the SSBD control is per core as well, but the synchronization
+logic is implemented behind the per thread SPEC_CTRL MSR. It works like
+this:
+
+ CORE_SPEC_CTRL = THREAD0_SPEC_CTRL | THREAD1_SPEC_CTRL
+
+i.e. if one of the threads enables a mitigation then this affects both and
+the mitigation is only disabled in the core when both threads disabled it.
+
+Add the necessary synchronization logic for AMD family 17H. Unfortunately
+that requires a spinlock to serialize the access to the MSR, but the locks
+are only shared between siblings.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/spec-ctrl.h | 6 +
+ arch/x86/kernel/process.c | 125 +++++++++++++++++++++++++++++++++++++--
+ arch/x86/kernel/smpboot.c | 5 +
+ 3 files changed, 130 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -33,6 +33,12 @@ static inline u64 ssbd_tif_to_amd_ls_cfg
+ return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
+ }
+
++#ifdef CONFIG_SMP
++extern void speculative_store_bypass_ht_init(void);
++#else
++static inline void speculative_store_bypass_ht_init(void) { }
++#endif
++
+ extern void speculative_store_bypass_update(void);
+
+ #endif
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -279,22 +279,135 @@ static inline void switch_to_bitmap(stru
+ }
+ }
+
+-static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
++#ifdef CONFIG_SMP
++
++struct ssb_state {
++ struct ssb_state *shared_state;
++ raw_spinlock_t lock;
++ unsigned int disable_state;
++ unsigned long local_state;
++};
++
++#define LSTATE_SSB 0
++
++static DEFINE_PER_CPU(struct ssb_state, ssb_state);
++
++void speculative_store_bypass_ht_init(void)
++{
++ struct ssb_state *st = this_cpu_ptr(&ssb_state);
++ unsigned int this_cpu = smp_processor_id();
++ unsigned int cpu;
++
++ st->local_state = 0;
++
++ /*
++ * Shared state setup happens once on the first bringup
++ * of the CPU. It's not destroyed on CPU hotunplug.
++ */
++ if (st->shared_state)
++ return;
++
++ raw_spin_lock_init(&st->lock);
++
++ /*
++ * Go over HT siblings and check whether one of them has set up the
++ * shared state pointer already.
++ */
++ for_each_cpu(cpu, topology_sibling_cpumask(this_cpu)) {
++ if (cpu == this_cpu)
++ continue;
++
++ if (!per_cpu(ssb_state, cpu).shared_state)
++ continue;
++
++ /* Link it to the state of the sibling: */
++ st->shared_state = per_cpu(ssb_state, cpu).shared_state;
++ return;
++ }
++
++ /*
++ * First HT sibling to come up on the core. Link shared state of
++ * the first HT sibling to itself. The siblings on the same core
++ * which come up later will see the shared state pointer and link
++ * themself to the state of this CPU.
++ */
++ st->shared_state = st;
++}
++
++/*
++ * Logic is: First HT sibling enables SSBD for both siblings in the core
++ * and last sibling to disable it, disables it for the whole core. This how
++ * MSR_SPEC_CTRL works in "hardware":
++ *
++ * CORE_SPEC_CTRL = THREAD0_SPEC_CTRL | THREAD1_SPEC_CTRL
++ */
++static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
+ {
+- u64 msr;
++ struct ssb_state *st = this_cpu_ptr(&ssb_state);
++ u64 msr = x86_amd_ls_cfg_base;
+
+- if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
+- msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
++ if (!static_cpu_has(X86_FEATURE_ZEN)) {
++ msr |= ssbd_tif_to_amd_ls_cfg(tifn);
+ wrmsrl(MSR_AMD64_LS_CFG, msr);
++ return;
++ }
++
++ if (tifn & _TIF_SSBD) {
++ /*
++ * Since this can race with prctl(), block reentry on the
++ * same CPU.
++ */
++ if (__test_and_set_bit(LSTATE_SSB, &st->local_state))
++ return;
++
++ msr |= x86_amd_ls_cfg_ssbd_mask;
++
++ raw_spin_lock(&st->shared_state->lock);
++ /* First sibling enables SSBD: */
++ if (!st->shared_state->disable_state)
++ wrmsrl(MSR_AMD64_LS_CFG, msr);
++ st->shared_state->disable_state++;
++ raw_spin_unlock(&st->shared_state->lock);
+ } else {
+- msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
+- wrmsrl(MSR_IA32_SPEC_CTRL, msr);
++ if (!__test_and_clear_bit(LSTATE_SSB, &st->local_state))
++ return;
++
++ raw_spin_lock(&st->shared_state->lock);
++ st->shared_state->disable_state--;
++ if (!st->shared_state->disable_state)
++ wrmsrl(MSR_AMD64_LS_CFG, msr);
++ raw_spin_unlock(&st->shared_state->lock);
+ }
+ }
++#else
++static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
++{
++ u64 msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
++
++ wrmsrl(MSR_AMD64_LS_CFG, msr);
++}
++#endif
++
++static __always_inline void intel_set_ssb_state(unsigned long tifn)
++{
++ u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
++
++ wrmsrl(MSR_IA32_SPEC_CTRL, msr);
++}
++
++static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
++{
++ if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
++ amd_set_core_ssb_state(tifn);
++ else
++ intel_set_ssb_state(tifn);
++}
+
+ void speculative_store_bypass_update(void)
+ {
++ preempt_disable();
+ __speculative_store_bypass_update(current_thread_info()->flags);
++ preempt_enable();
+ }
+
+ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
+--- a/arch/x86/kernel/smpboot.c
++++ b/arch/x86/kernel/smpboot.c
+@@ -79,6 +79,7 @@
+ #include <asm/misc.h>
+ #include <asm/intel-family.h>
+ #include <asm/cpu_device_id.h>
++#include <asm/spec-ctrl.h>
+
+ /* Number of siblings per CPU package */
+ int smp_num_siblings = 1;
+@@ -243,6 +244,8 @@ static void notrace start_secondary(void
+ */
+ check_tsc_sync_target();
+
++ speculative_store_bypass_ht_init();
++
+ /*
+ * Lock vector_lock and initialize the vectors on this cpu
+ * before setting the cpu online. We must set it online with
+@@ -1320,6 +1323,8 @@ void __init native_smp_prepare_cpus(unsi
+ set_mtrr_aps_delayed_init();
+
+ smp_quirk_init_udelay();
++
++ speculative_store_bypass_ht_init();
+ }
+
+ void arch_enable_nonboot_cpus_begin(void)
diff --git a/patches.arch/36-x86-bugs-kvm-extend-speculation-control-for-virt_spec_ctrl.patch b/patches.arch/36-x86-bugs-kvm-extend-speculation-control-for-virt_spec_ctrl.patch
new file mode 100644
index 0000000000..5ba230435e
--- /dev/null
+++ b/patches.arch/36-x86-bugs-kvm-extend-speculation-control-for-virt_spec_ctrl.patch
@@ -0,0 +1,147 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 9 May 2018 23:01:01 +0200
+Subject: x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
+Git-commit: ccbcd2674472a978b48c91c1fbfb66c0ff959f24
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+AMD is proposing a VIRT_SPEC_CTRL MSR to handle the Speculative Store
+Bypass Disable via MSR_AMD64_LS_CFG so that guests do not have to care
+about the bit position of the SSBD bit and thus facilitate migration.
+Also, the sibling coordination on Family 17H CPUs can only be done on
+the host.
+
+Extend x86_spec_ctrl_set_guest() and x86_spec_ctrl_restore_host() with an
+extra argument for the VIRT_SPEC_CTRL MSR.
+
+Hand in 0 from VMX and in SVM add a new virt_spec_ctrl member to the CPU
+data structure which is going to be used in later patches for the actual
+implementation.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/spec-ctrl.h | 9 ++++++---
+ arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++--
+ arch/x86/kvm/svm.c | 11 +++++++++--
+ arch/x86/kvm/vmx.c | 4 ++--
+ 4 files changed, 35 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -10,10 +10,13 @@
+ * the guest has, while on VMEXIT we restore the host view. This
+ * would be easier if SPEC_CTRL were architecturally maskable or
+ * shadowable for guests but this is not (currently) the case.
+- * Takes the guest view of SPEC_CTRL MSR as a parameter.
++ * Takes the guest view of SPEC_CTRL MSR as a parameter and also
++ * the guest's version of VIRT_SPEC_CTRL, if emulated.
+ */
+-extern void x86_spec_ctrl_set_guest(u64);
+-extern void x86_spec_ctrl_restore_host(u64);
++extern void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl,
++ u64 guest_virt_spec_ctrl);
++extern void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl,
++ u64 guest_virt_spec_ctrl);
+
+ /* AMD specific Speculative Store Bypass MSR data */
+ extern u64 x86_amd_ls_cfg_base;
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -152,7 +152,15 @@ u64 x86_spec_ctrl_get_default(void)
+ }
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
+
+-void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
++/**
++ * x86_spec_ctrl_set_guest - Set speculation control registers for the guest
++ * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
++ * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
++ * (may get translated to MSR_AMD64_LS_CFG bits)
++ *
++ * Avoids writing to the MSR if the content/bits are the same
++ */
++void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
+ {
+ u64 host = x86_spec_ctrl_base;
+
+@@ -169,7 +177,15 @@ void x86_spec_ctrl_set_guest(u64 guest_s
+ }
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest);
+
+-void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
++/**
++ * x86_spec_ctrl_restore_host - Restore host speculation control registers
++ * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
++ * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
++ * (may get translated to MSR_AMD64_LS_CFG bits)
++ *
++ * Avoids writing to the MSR if the content/bits are the same
++ */
++void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
+ {
+ u64 host = x86_spec_ctrl_base;
+
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -190,6 +190,12 @@ struct vcpu_svm {
+ } host;
+
+ u64 spec_ctrl;
++ /*
++ * Contains guest-controlled bits of VIRT_SPEC_CTRL, which will be
++ * translated into the appropriate L2_CFG bits on the host to
++ * perform speculative control.
++ */
++ u64 virt_spec_ctrl;
+
+ u32 *msrpm;
+
+@@ -1904,6 +1910,7 @@ static void svm_vcpu_reset(struct kvm_vc
+ u32 eax = 1;
+
+ svm->spec_ctrl = 0;
++ svm->virt_spec_ctrl = 0;
+
+ if (!init_event) {
+ svm->vcpu.arch.apic_base = APIC_DEFAULT_PHYS_BASE |
+@@ -5355,7 +5362,7 @@ static void svm_vcpu_run(struct kvm_vcpu
+ * is no need to worry about the conditional branch over the wrmsr
+ * being speculatively taken.
+ */
+- x86_spec_ctrl_set_guest(svm->spec_ctrl);
++ x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
+
+ asm volatile (
+ "push %%" _ASM_BP "; \n\t"
+@@ -5479,7 +5486,7 @@ static void svm_vcpu_run(struct kvm_vcpu
+ if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
+ svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+
+- x86_spec_ctrl_restore_host(svm->spec_ctrl);
++ x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
+
+ reload_tss(vcpu);
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -9460,7 +9460,7 @@ static void __noclone vmx_vcpu_run(struc
+ * is no need to worry about the conditional branch over the wrmsr
+ * being speculatively taken.
+ */
+- x86_spec_ctrl_set_guest(vmx->spec_ctrl);
++ x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0);
+
+ vmx->__launched = vmx->loaded_vmcs->launched;
+ asm(
+@@ -9598,7 +9598,7 @@ static void __noclone vmx_vcpu_run(struc
+ if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
+ vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+
+- x86_spec_ctrl_restore_host(vmx->spec_ctrl);
++ x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0);
+
+ /* Eliminate branch target predictions from guest mode */
+ vmexit_fill_RSB();
diff --git a/patches.arch/37-x86-speculation-add-virtualized-speculative-store-bypass-disable-support.patch b/patches.arch/37-x86-speculation-add-virtualized-speculative-store-bypass-disable-support.patch
new file mode 100644
index 0000000000..272b86b769
--- /dev/null
+++ b/patches.arch/37-x86-speculation-add-virtualized-speculative-store-bypass-disable-support.patch
@@ -0,0 +1,92 @@
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Thu, 17 May 2018 17:09:18 +0200
+Subject: x86/speculation: Add virtualized speculative store bypass disable
+ support
+Git-commit: 11fb0683493b2da112cd64c9dada221b52463bf7
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Some AMD processors only support a non-architectural means of enabling
+speculative store bypass disable (SSBD). To allow a simplified view of
+this to a guest, an architectural definition has been created through a new
+CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a
+hypervisor can virtualize the existence of this definition and provide an
+architectural method for using SSBD to a guest.
+
+Add the new CPUID feature, the new MSR and update the existing SSBD
+support to use this MSR when present.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/cpufeatures.h | 1 +
+ arch/x86/include/asm/msr-index.h | 2 ++
+ arch/x86/kernel/cpu/bugs.c | 4 +++-
+ arch/x86/kernel/process.c | 13 ++++++++++++-
+ 4 files changed, 18 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -284,6 +284,7 @@
+ #define X86_FEATURE_AMD_IBPB (13*32+12) /* "" Indirect Branch Prediction Barrier */
+ #define X86_FEATURE_AMD_IBRS (13*32+14) /* "" Indirect Branch Restricted Speculation */
+ #define X86_FEATURE_AMD_STIBP (13*32+15) /* "" Single Thread Indirect Branch Predictors */
++#define X86_FEATURE_VIRT_SSBD (13*32+25) /* Virtualized Speculative Store Bypass Disable */
+
+ /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */
+ #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */
+--- a/arch/x86/include/asm/msr-index.h
++++ b/arch/x86/include/asm/msr-index.h
+@@ -344,6 +344,8 @@
+ #define MSR_AMD64_SEV_ENABLED_BIT 0
+ #define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
+
++#define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f
++
+ /* Fam 17h MSRs */
+ #define MSR_F17H_IRPERF 0xc00000e9
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -206,7 +206,9 @@ static void x86_amd_ssb_disable(void)
+ {
+ u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
+
+- if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
++ if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
++ wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, SPEC_CTRL_SSBD);
++ else if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
+ wrmsrl(MSR_AMD64_LS_CFG, msrval);
+ }
+
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -388,6 +388,15 @@ static __always_inline void amd_set_core
+ }
+ #endif
+
++static __always_inline void amd_set_ssb_virt_state(unsigned long tifn)
++{
++ /*
++ * SSBD has the same definition in SPEC_CTRL and VIRT_SPEC_CTRL,
++ * so ssbd_tif_to_spec_ctrl() just works.
++ */
++ wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn));
++}
++
+ static __always_inline void intel_set_ssb_state(unsigned long tifn)
+ {
+ u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
+@@ -397,7 +406,9 @@ static __always_inline void intel_set_ss
+
+ static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
+ {
+- if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
++ if (static_cpu_has(X86_FEATURE_VIRT_SSBD))
++ amd_set_ssb_virt_state(tifn);
++ else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
+ amd_set_core_ssb_state(tifn);
+ else
+ intel_set_ssb_state(tifn);
diff --git a/patches.arch/38-x86-speculation-rework-speculative_store_bypass_update.patch b/patches.arch/38-x86-speculation-rework-speculative_store_bypass_update.patch
new file mode 100644
index 0000000000..245df91e02
--- /dev/null
+++ b/patches.arch/38-x86-speculation-rework-speculative_store_bypass_update.patch
@@ -0,0 +1,64 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 10 May 2018 20:31:44 +0200
+Subject: x86/speculation: Rework speculative_store_bypass_update()
+Git-commit: 0270be3e34efb05a88bc4c422572ece038ef3608
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+The upcoming support for the virtual SPEC_CTRL MSR on AMD needs to reuse
+speculative_store_bypass_update() to avoid code duplication. Add an
+argument for supplying a thread info (TIF) value and create a wrapper
+speculative_store_bypass_update_current() which is used at the existing
+call site.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/spec-ctrl.h | 7 ++++++-
+ arch/x86/kernel/cpu/bugs.c | 2 +-
+ arch/x86/kernel/process.c | 4 ++--
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -42,6 +42,11 @@ extern void speculative_store_bypass_ht_
+ static inline void speculative_store_bypass_ht_init(void) { }
+ #endif
+
+-extern void speculative_store_bypass_update(void);
++extern void speculative_store_bypass_update(unsigned long tif);
++
++static inline void speculative_store_bypass_update_current(void)
++{
++ speculative_store_bypass_update(current_thread_info()->flags);
++}
+
+ #endif
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -616,7 +616,7 @@ static int ssb_prctl_set(struct task_str
+ * mitigation until it is next scheduled.
+ */
+ if (task == current && update)
+- speculative_store_bypass_update();
++ speculative_store_bypass_update_current();
+
+ return 0;
+ }
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -414,10 +414,10 @@ static __always_inline void __speculativ
+ intel_set_ssb_state(tifn);
+ }
+
+-void speculative_store_bypass_update(void)
++void speculative_store_bypass_update(unsigned long tif)
+ {
+ preempt_disable();
+- __speculative_store_bypass_update(current_thread_info()->flags);
++ __speculative_store_bypass_update(tif);
+ preempt_enable();
+ }
+
diff --git a/patches.arch/39-x86-bugs-unify-x86_spec_ctrl_-set_guest-restore_host.patch b/patches.arch/39-x86-bugs-unify-x86_spec_ctrl_-set_guest-restore_host.patch
new file mode 100644
index 0000000000..c05a331c45
--- /dev/null
+++ b/patches.arch/39-x86-bugs-unify-x86_spec_ctrl_-set_guest-restore_host.patch
@@ -0,0 +1,136 @@
+From: Borislav Petkov <bp@suse.de>
+Date: Sat, 12 May 2018 00:14:51 +0200
+Subject: x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
+Git-commit: cc69b34989210f067b2c51d5539b5f96ebcc3a01
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Function bodies are very similar and are going to grow more almost
+identical code. Add a bool arg to determine whether SPEC_CTRL is being set
+for the guest or restored to the host.
+
+No functional changes.
+
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+---
+ arch/x86/include/asm/spec-ctrl.h | 33 ++++++++++++++++++---
+ arch/x86/kernel/cpu/bugs.c | 60 +++++++++------------------------------
+ 2 files changed, 44 insertions(+), 49 deletions(-)
+
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -13,10 +13,35 @@
+ * Takes the guest view of SPEC_CTRL MSR as a parameter and also
+ * the guest's version of VIRT_SPEC_CTRL, if emulated.
+ */
+-extern void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl,
+- u64 guest_virt_spec_ctrl);
+-extern void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl,
+- u64 guest_virt_spec_ctrl);
++extern void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool guest);
++
++/**
++ * x86_spec_ctrl_set_guest - Set speculation control registers for the guest
++ * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
++ * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
++ * (may get translated to MSR_AMD64_LS_CFG bits)
++ *
++ * Avoids writing to the MSR if the content/bits are the same
++ */
++static inline
++void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
++{
++ x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, true);
++}
++
++/**
++ * x86_spec_ctrl_restore_host - Restore host speculation control registers
++ * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
++ * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
++ * (may get translated to MSR_AMD64_LS_CFG bits)
++ *
++ * Avoids writing to the MSR if the content/bits are the same
++ */
++static inline
++void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
++{
++ x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, false);
++}
+
+ /* AMD specific Speculative Store Bypass MSR data */
+ extern u64 x86_amd_ls_cfg_base;
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -152,55 +152,25 @@ u64 x86_spec_ctrl_get_default(void)
+ }
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
+
+-/**
+- * x86_spec_ctrl_set_guest - Set speculation control registers for the guest
+- * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
+- * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
+- * (may get translated to MSR_AMD64_LS_CFG bits)
+- *
+- * Avoids writing to the MSR if the content/bits are the same
+- */
+-void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
++void
++x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
+ {
+- u64 host = x86_spec_ctrl_base;
++ struct thread_info *ti = current_thread_info();
++ u64 msr, host = x86_spec_ctrl_base;
+
+ /* Is MSR_SPEC_CTRL implemented ? */
+- if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+- return;
+-
+- /* SSBD controlled in MSR_SPEC_CTRL */
+- if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
+- host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+-
+- if (host != guest_spec_ctrl)
+- wrmsrl(MSR_IA32_SPEC_CTRL, guest_spec_ctrl);
+-}
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest);
+-
+-/**
+- * x86_spec_ctrl_restore_host - Restore host speculation control registers
+- * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
+- * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
+- * (may get translated to MSR_AMD64_LS_CFG bits)
+- *
+- * Avoids writing to the MSR if the content/bits are the same
+- */
+-void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
+-{
+- u64 host = x86_spec_ctrl_base;
+-
+- /* Is MSR_SPEC_CTRL implemented ? */
+- if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+- return;
+-
+- /* SSBD controlled in MSR_SPEC_CTRL */
+- if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
+- host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+-
+- if (host != guest_spec_ctrl)
+- wrmsrl(MSR_IA32_SPEC_CTRL, host);
++ if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
++ /* SSBD controlled in MSR_SPEC_CTRL */
++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
++ host |= ssbd_tif_to_spec_ctrl(ti->flags);
++
++ if (host != guest_spec_ctrl) {
++ msr = setguest ? guest_spec_ctrl : host;
++ wrmsrl(MSR_IA32_SPEC_CTRL, msr);
++ }
++ }
+ }
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host);
++EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
+
+ static void x86_amd_ssb_disable(void)
+ {
diff --git a/patches.arch/40-x86-bugs-expose-x86_spec_ctrl_base-directly.patch b/patches.arch/40-x86-bugs-expose-x86_spec_ctrl_base-directly.patch
new file mode 100644
index 0000000000..e3dd80de7a
--- /dev/null
+++ b/patches.arch/40-x86-bugs-expose-x86_spec_ctrl_base-directly.patch
@@ -0,0 +1,110 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sat, 12 May 2018 20:49:16 +0200
+Subject: x86/bugs: Expose x86_spec_ctrl_base directly
+Git-commit: fa8ac4988249c38476f6ad678a4848a736373403
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+x86_spec_ctrl_base is the system wide default value for the SPEC_CTRL MSR.
+x86_spec_ctrl_get_default() returns x86_spec_ctrl_base and was intended to
+prevent modification to that variable. Though the variable is read only
+after init and globaly visible already.
+
+Remove the function and export the variable instead.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/nospec-branch.h | 16 +++++-----------
+ arch/x86/include/asm/spec-ctrl.h | 3 ---
+ arch/x86/kernel/cpu/bugs.c | 11 +----------
+ 3 files changed, 6 insertions(+), 24 deletions(-)
+
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -214,16 +214,7 @@ enum spectre_v2_mitigation {
+ SPECTRE_V2_IBRS,
+ };
+
+-/*
+- * The Intel specification for the SPEC_CTRL MSR requires that we
+- * preserve any already set reserved bits at boot time (e.g. for
+- * future additions that this kernel is not currently aware of).
+- * We then set any additional mitigation bits that we want
+- * ourselves and always use this as the base for SPEC_CTRL.
+- * We also use this when handling guest entry/exit as below.
+- */
+ extern void x86_spec_ctrl_set(u64);
+-extern u64 x86_spec_ctrl_get_default(void);
+
+ /* The Speculative Store Bypass disable variants */
+ enum ssb_mitigation {
+@@ -309,6 +300,9 @@ static inline void unrestrict_branch_spe
+ : "memory");
+ }
+
++/* The Intel SPEC CTRL MSR base value cache */
++extern u64 x86_spec_ctrl_base;
++
+ /*
+ * With retpoline, we must use IBRS to restrict branch prediction
+ * before calling into firmware.
+@@ -317,7 +311,7 @@ static inline void unrestrict_branch_spe
+ */
+ #define firmware_restrict_branch_speculation_start() \
+ do { \
+- u64 val = x86_spec_ctrl_get_default() | SPEC_CTRL_IBRS; \
++ u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS; \
+ \
+ preempt_disable(); \
+ alternative_msr_write(MSR_IA32_SPEC_CTRL, val, \
+@@ -326,7 +320,7 @@ do { \
+
+ #define firmware_restrict_branch_speculation_end() \
+ do { \
+- u64 val = x86_spec_ctrl_get_default(); \
++ u64 val = x86_spec_ctrl_base; \
+ \
+ alternative_msr_write(MSR_IA32_SPEC_CTRL, val, \
+ X86_FEATURE_USE_IBRS_FW); \
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -47,9 +47,6 @@ void x86_spec_ctrl_restore_host(u64 gues
+ extern u64 x86_amd_ls_cfg_base;
+ extern u64 x86_amd_ls_cfg_ssbd_mask;
+
+-/* The Intel SPEC CTRL MSR base value cache */
+-extern u64 x86_spec_ctrl_base;
+-
+ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn)
+ {
+ BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -35,6 +35,7 @@ static void __init ssb_select_mitigation
+ * writes to SPEC_CTRL contain whatever reserved bits have been set.
+ */
+ u64 __ro_after_init x86_spec_ctrl_base;
++EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
+
+ /*
+ * The vendor and possibly platform specific bits which can be modified in
+@@ -142,16 +143,6 @@ void x86_spec_ctrl_set(u64 val)
+ }
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_set);
+
+-u64 x86_spec_ctrl_get_default(void)
+-{
+- u64 msrval = x86_spec_ctrl_base;
+-
+- if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
+- msrval |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
+- return msrval;
+-}
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
+-
+ void
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
+ {
diff --git a/patches.arch/41-x86-bugs-remove-x86_spec_ctrl_set.patch b/patches.arch/41-x86-bugs-remove-x86_spec_ctrl_set.patch
new file mode 100644
index 0000000000..e7854ad513
--- /dev/null
+++ b/patches.arch/41-x86-bugs-remove-x86_spec_ctrl_set.patch
@@ -0,0 +1,68 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sat, 12 May 2018 20:53:14 +0200
+Subject: x86/bugs: Remove x86_spec_ctrl_set()
+Git-commit: 4b59bdb569453a60b752b274ca61f009e37f4dae
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+x86_spec_ctrl_set() is only used in bugs.c and the extra mask checks there
+provide no real value as both call sites can just write x86_spec_ctrl_base
+to MSR_SPEC_CTRL. x86_spec_ctrl_base is valid and does not need any extra
+masking or checking.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/nospec-branch.h | 2 --
+ arch/x86/kernel/cpu/bugs.c | 13 ++-----------
+ 2 files changed, 2 insertions(+), 13 deletions(-)
+
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -214,8 +214,6 @@ enum spectre_v2_mitigation {
+ SPECTRE_V2_IBRS,
+ };
+
+-extern void x86_spec_ctrl_set(u64);
+-
+ /* The Speculative Store Bypass disable variants */
+ enum ssb_mitigation {
+ SPEC_STORE_BYPASS_NONE,
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -134,15 +134,6 @@ static const char *spectre_v2_strings[]
+ static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
+ SPECTRE_V2_NONE;
+
+-void x86_spec_ctrl_set(u64 val)
+-{
+- if (val & x86_spec_ctrl_mask)
+- WARN_ONCE(1, "SPEC_CTRL MSR value 0x%16llx is unknown.\n", val);
+- else
+- wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base | val);
+-}
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_set);
+-
+ void
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
+ {
+@@ -521,7 +512,7 @@ static enum ssb_mitigation __init __ssb_
+ case X86_VENDOR_INTEL:
+ x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
+ x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD;
+- x86_spec_ctrl_set(SPEC_CTRL_SSBD);
++ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+ break;
+ case X86_VENDOR_AMD:
+ x86_amd_ssb_disable();
+@@ -633,7 +624,7 @@ int arch_prctl_spec_ctrl_get(struct task
+ void x86_spec_ctrl_setup_ap(void)
+ {
+ if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+- x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
++ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+
+ if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
+ x86_amd_ssb_disable();
diff --git a/patches.arch/42-x86-bugs-rework-spec_ctrl-base-and-mask-logic.patch b/patches.arch/42-x86-bugs-rework-spec_ctrl-base-and-mask-logic.patch
new file mode 100644
index 0000000000..9971907dc3
--- /dev/null
+++ b/patches.arch/42-x86-bugs-rework-spec_ctrl-base-and-mask-logic.patch
@@ -0,0 +1,89 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sat, 12 May 2018 20:10:00 +0200
+Subject: x86/bugs: Rework spec_ctrl base and mask logic
+Git-commit: be6fcb5478e95bb1c91f489121238deb3abca46a
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value
+which are not to be modified. However the implementation is not really used
+and the bitmask was inverted to make a check easier, which was removed in
+"x86/bugs: Remove x86_spec_ctrl_set()"
+
+Aside of that it is missing the STIBP bit if it is supported by the
+platform, so if the mask would be used in x86_virt_spec_ctrl() then it
+would prevent a guest from setting STIBP.
+
+Add the STIBP bit if supported and use the mask in x86_virt_spec_ctrl() to
+sanitize the value which is supplied by the guest.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kernel/cpu/bugs.c | 26 +++++++++++++++++++-------
+ 1 file changed, 19 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -41,7 +41,7 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
+ * The vendor and possibly platform specific bits which can be modified in
+ * x86_spec_ctrl_base.
+ */
+-static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS;
++static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
+
+ /*
+ * AMD specific MSR info for Speculative Store Bypass control.
+@@ -67,6 +67,10 @@ void __init check_bugs(void)
+ if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
+ rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+
++ /* Allow STIBP in MSR_SPEC_CTRL if supported */
++ if (boot_cpu_has(X86_FEATURE_STIBP))
++ x86_spec_ctrl_mask |= SPEC_CTRL_STIBP;
++
+ /* Select the proper spectre mitigation before patching alternatives */
+ spectre_v2_select_mitigation();
+
+@@ -137,18 +141,26 @@ static enum spectre_v2_mitigation spectr
+ void
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
+ {
++ u64 msrval, guestval, hostval = x86_spec_ctrl_base;
+ struct thread_info *ti = current_thread_info();
+- u64 msr, host = x86_spec_ctrl_base;
+
+ /* Is MSR_SPEC_CTRL implemented ? */
+ if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
++ /*
++ * Restrict guest_spec_ctrl to supported values. Clear the
++ * modifiable bits in the host base value and or the
++ * modifiable bits from the guest value.
++ */
++ guestval = hostval & ~x86_spec_ctrl_mask;
++ guestval |= guest_spec_ctrl & x86_spec_ctrl_mask;
++
+ /* SSBD controlled in MSR_SPEC_CTRL */
+ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
+- host |= ssbd_tif_to_spec_ctrl(ti->flags);
++ hostval |= ssbd_tif_to_spec_ctrl(ti->flags);
+
+- if (host != guest_spec_ctrl) {
+- msr = setguest ? guest_spec_ctrl : host;
+- wrmsrl(MSR_IA32_SPEC_CTRL, msr);
++ if (hostval != guestval) {
++ msrval = setguest ? guestval : hostval;
++ wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
+ }
+ }
+ }
+@@ -511,7 +523,7 @@ static enum ssb_mitigation __init __ssb_
+ switch (boot_cpu_data.x86_vendor) {
+ case X86_VENDOR_INTEL:
+ x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
+- x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD;
++ x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+ break;
+ case X86_VENDOR_AMD:
diff --git a/patches.arch/43-x86-speculation-kvm-implement-support-for-virt_spec_ctrl-ls_cfg.patch b/patches.arch/43-x86-speculation-kvm-implement-support-for-virt_spec_ctrl-ls_cfg.patch
new file mode 100644
index 0000000000..554d938cb4
--- /dev/null
+++ b/patches.arch/43-x86-speculation-kvm-implement-support-for-virt_spec_ctrl-ls_cfg.patch
@@ -0,0 +1,75 @@
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 10 May 2018 20:42:48 +0200
+Subject: x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
+Git-commit: 47c61b3955cf712cadfc25635bf9bc174af030ea
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Add the necessary logic for supporting the emulated VIRT_SPEC_CTRL MSR to
+x86_virt_spec_ctrl(). If either X86_FEATURE_LS_CFG_SSBD or
+X86_FEATURE_VIRT_SPEC_CTRL is set then use the new guest_virt_spec_ctrl
+argument to check whether the state must be modified on the host. The
+update reuses speculative_store_bypass_update() so the ZEN-specific sibling
+coordination can be reused.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/spec-ctrl.h | 6 ++++++
+ arch/x86/kernel/cpu/bugs.c | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 36 insertions(+)
+
+--- a/arch/x86/include/asm/spec-ctrl.h
++++ b/arch/x86/include/asm/spec-ctrl.h
+@@ -53,6 +53,12 @@ static inline u64 ssbd_tif_to_spec_ctrl(
+ return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
+ }
+
++static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl)
++{
++ BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
++ return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
++}
++
+ static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
+ {
+ return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -163,6 +163,36 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl,
+ wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
+ }
+ }
++
++ /*
++ * If SSBD is not handled in MSR_SPEC_CTRL on AMD, update
++ * MSR_AMD64_L2_CFG or MSR_VIRT_SPEC_CTRL if supported.
++ */
++ if (!static_cpu_has(X86_FEATURE_LS_CFG_SSBD) &&
++ !static_cpu_has(X86_FEATURE_VIRT_SSBD))
++ return;
++
++ /*
++ * If the host has SSBD mitigation enabled, force it in the host's
++ * virtual MSR value. If its not permanently enabled, evaluate
++ * current's TIF_SSBD thread flag.
++ */
++ if (static_cpu_has(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE))
++ hostval = SPEC_CTRL_SSBD;
++ else
++ hostval = ssbd_tif_to_spec_ctrl(ti->flags);
++
++ /* Sanitize the guest value */
++ guestval = guest_virt_spec_ctrl & SPEC_CTRL_SSBD;
++
++ if (hostval != guestval) {
++ unsigned long tif;
++
++ tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) :
++ ssbd_spec_ctrl_to_tif(hostval);
++
++ speculative_store_bypass_update(tif);
++ }
+ }
+ EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
+
diff --git a/patches.arch/44-kvm-svm-implement-virt_spec_ctrl-support-for-ssbd.patch b/patches.arch/44-kvm-svm-implement-virt_spec_ctrl-support-for-ssbd.patch
new file mode 100644
index 0000000000..28e95a2108
--- /dev/null
+++ b/patches.arch/44-kvm-svm-implement-virt_spec_ctrl-support-for-ssbd.patch
@@ -0,0 +1,204 @@
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Thu, 10 May 2018 22:06:39 +0200
+Subject: KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
+Git-commit: bc226f07dcd3c9ef0b7f6236fe356ea4a9cb4769
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+Expose the new virtualized architectural mechanism, VIRT_SSBD, for using
+speculative store bypass disable (SSBD) under SVM. This will allow guests
+to use SSBD on hardware that uses non-architectural mechanisms for enabling
+SSBD.
+
+[ tglx: Folded the migration fixup from Paolo Bonzini ]
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/kvm_host.h | 2 +-
+ arch/x86/kernel/cpu/common.c | 3 ++-
+ arch/x86/kvm/cpuid.c | 11 +++++++++--
+ arch/x86/kvm/svm.c | 21 +++++++++++++++++++--
+ arch/x86/kvm/vmx.c | 18 +++++++++++++++---
+ arch/x86/kvm/x86.c | 13 ++++---------
+ 6 files changed, 50 insertions(+), 18 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -932,7 +932,7 @@ struct kvm_x86_ops {
+ int (*hardware_setup)(void); /* __init */
+ void (*hardware_unsetup)(void); /* __exit */
+ bool (*cpu_has_accelerated_tpr)(void);
+- bool (*cpu_has_high_real_mode_segbase)(void);
++ bool (*has_emulated_msr)(int index);
+ void (*cpuid_update)(struct kvm_vcpu *vcpu);
+
+ int (*vm_init)(struct kvm *kvm);
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -743,7 +743,8 @@ static void init_speculation_control(str
+ if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
+ set_cpu_cap(c, X86_FEATURE_STIBP);
+
+- if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD))
++ if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD) ||
++ cpu_has(c, X86_FEATURE_VIRT_SSBD))
+ set_cpu_cap(c, X86_FEATURE_SSBD);
+
+ if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -367,7 +367,7 @@ static inline int __do_cpuid_ent(struct
+
+ /* cpuid 0x80000008.ebx */
+ const u32 kvm_cpuid_8000_0008_ebx_x86_features =
+- F(AMD_IBPB) | F(AMD_IBRS);
++ F(AMD_IBPB) | F(AMD_IBRS) | F(VIRT_SSBD);
+
+ /* cpuid 0xC0000001.edx */
+ const u32 kvm_cpuid_C000_0001_edx_x86_features =
+@@ -631,13 +631,20 @@ static inline int __do_cpuid_ent(struct
+ g_phys_as = phys_as;
+ entry->eax = g_phys_as | (virt_as << 8);
+ entry->edx = 0;
+- /* IBRS and IBPB aren't necessarily present in hardware cpuid */
++ /*
++ * IBRS, IBPB and VIRT_SSBD aren't necessarily present in
++ * hardware cpuid
++ */
+ if (boot_cpu_has(X86_FEATURE_AMD_IBPB))
+ entry->ebx |= F(AMD_IBPB);
+ if (boot_cpu_has(X86_FEATURE_AMD_IBRS))
+ entry->ebx |= F(AMD_IBRS);
++ if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
++ entry->ebx |= F(VIRT_SSBD);
+ entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features;
+ cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
++ if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
++ entry->ebx |= F(VIRT_SSBD);
+ break;
+ }
+ case 0x80000019:
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -3946,6 +3946,13 @@ static int svm_get_msr(struct kvm_vcpu *
+ case MSR_IA32_UCODE_REV:
+ msr_info->data = 0x01000065;
+ break;
++ case MSR_AMD64_VIRT_SPEC_CTRL:
++ if (!msr_info->host_initiated &&
++ !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
++ return 1;
++
++ msr_info->data = svm->virt_spec_ctrl;
++ break;
+ case MSR_F15H_IC_CFG: {
+
+ int family, model;
+@@ -4077,6 +4084,16 @@ static int svm_set_msr(struct kvm_vcpu *
+ break;
+ set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1);
+ break;
++ case MSR_AMD64_VIRT_SPEC_CTRL:
++ if (!msr->host_initiated &&
++ !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
++ return 1;
++
++ if (data & ~SPEC_CTRL_SSBD)
++ return 1;
++
++ svm->virt_spec_ctrl = data;
++ break;
+ case MSR_STAR:
+ svm->vmcb->save.star = data;
+ break;
+@@ -5589,7 +5606,7 @@ static bool svm_cpu_has_accelerated_tpr(
+ return false;
+ }
+
+-static bool svm_has_high_real_mode_segbase(void)
++static bool svm_has_emulated_msr(int index)
+ {
+ return true;
+ }
+@@ -6808,7 +6825,7 @@ static struct kvm_x86_ops svm_x86_ops __
+ .hardware_enable = svm_hardware_enable,
+ .hardware_disable = svm_hardware_disable,
+ .cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr,
+- .cpu_has_high_real_mode_segbase = svm_has_high_real_mode_segbase,
++ .has_emulated_msr = svm_has_emulated_msr,
+
+ .vcpu_create = svm_create_vcpu,
+ .vcpu_free = svm_free_vcpu,
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -9225,9 +9225,21 @@ static void vmx_handle_external_intr(str
+ }
+ STACK_FRAME_NON_STANDARD(vmx_handle_external_intr);
+
+-static bool vmx_has_high_real_mode_segbase(void)
++static bool vmx_has_emulated_msr(int index)
+ {
+- return enable_unrestricted_guest || emulate_invalid_guest_state;
++ switch (index) {
++ case MSR_IA32_SMBASE:
++ /*
++ * We cannot do SMM unless we can run the guest in big
++ * real mode.
++ */
++ return enable_unrestricted_guest || emulate_invalid_guest_state;
++ case MSR_AMD64_VIRT_SPEC_CTRL:
++ /* This is AMD only. */
++ return false;
++ default:
++ return true;
++ }
+ }
+
+ static bool vmx_mpx_supported(void)
+@@ -12239,7 +12251,7 @@ static struct kvm_x86_ops vmx_x86_ops __
+ .hardware_enable = hardware_enable,
+ .hardware_disable = hardware_disable,
+ .cpu_has_accelerated_tpr = report_flexpriority,
+- .cpu_has_high_real_mode_segbase = vmx_has_high_real_mode_segbase,
++ .has_emulated_msr = vmx_has_emulated_msr,
+
+ .vcpu_create = vmx_create_vcpu,
+ .vcpu_free = vmx_free_vcpu,
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -1039,6 +1039,7 @@ static u32 emulated_msrs[] = {
+ MSR_IA32_SMBASE,
+ MSR_PLATFORM_INFO,
+ MSR_MISC_FEATURES_ENABLES,
++ MSR_AMD64_VIRT_SPEC_CTRL,
+ };
+
+ static unsigned num_emulated_msrs;
+@@ -2735,7 +2736,7 @@ int kvm_vm_ioctl_check_extension(struct
+ * fringe case that is not enabled except via specific settings
+ * of the module parameters.
+ */
+- r = kvm_x86_ops->cpu_has_high_real_mode_segbase();
++ r = kvm_x86_ops->has_emulated_msr(MSR_IA32_SMBASE);
+ break;
+ case KVM_CAP_VAPIC:
+ r = !kvm_x86_ops->cpu_has_accelerated_tpr();
+@@ -4366,14 +4367,8 @@ static void kvm_init_msr_list(void)
+ num_msrs_to_save = j;
+
+ for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) {
+- switch (emulated_msrs[i]) {
+- case MSR_IA32_SMBASE:
+- if (!kvm_x86_ops->cpu_has_high_real_mode_segbase())
+- continue;
+- break;
+- default:
+- break;
+- }
++ if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i]))
++ continue;
+
+ if (j < i)
+ emulated_msrs[j] = emulated_msrs[i];
diff --git a/patches.arch/45-x86-bugs-rename-ssbd_no-to-ssb_no.patch b/patches.arch/45-x86-bugs-rename-ssbd_no-to-ssb_no.patch
new file mode 100644
index 0000000000..6375ed026f
--- /dev/null
+++ b/patches.arch/45-x86-bugs-rename-ssbd_no-to-ssb_no.patch
@@ -0,0 +1,40 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Wed, 16 May 2018 23:18:09 -0400
+Subject: x86/bugs: Rename SSBD_NO to SSB_NO
+Git-commit: 240da953fcc6a9008c92fae5b1f727ee5ed167ab
+Patch-mainline: v4.18 or v4.17-rc7 (next release)
+References: bsc#1087082 CVE-2018-3639
+
+The "336996 Speculative Execution Side Channel Mitigations" from
+May defines this as SSB_NO, hence lets sync-up.
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/include/asm/msr-index.h | 2 +-
+ arch/x86/kernel/cpu/common.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/include/asm/msr-index.h
++++ b/arch/x86/include/asm/msr-index.h
+@@ -69,7 +69,7 @@
+ #define MSR_IA32_ARCH_CAPABILITIES 0x0000010a
+ #define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */
+ #define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */
+-#define ARCH_CAP_SSBD_NO (1 << 4) /*
++#define ARCH_CAP_SSB_NO (1 << 4) /*
+ * Not susceptible to Speculative Store Bypass
+ * attack, so no Speculative Store Bypass
+ * control required.
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -941,7 +941,7 @@ static void __init cpu_set_bug_bits(stru
+ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
+
+ if (!x86_match_cpu(cpu_no_spec_store_bypass) &&
+- !(ia32_cap & ARCH_CAP_SSBD_NO))
++ !(ia32_cap & ARCH_CAP_SSB_NO))
+ setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
+
+ if (x86_match_cpu(cpu_no_speculation))
diff --git a/patches.arch/46-kvm-x86-ia32_arch_capabilities-is-always-supported.patch b/patches.arch/46-kvm-x86-ia32_arch_capabilities-is-always-supported.patch
new file mode 100644
index 0000000000..768fd7f275
--- /dev/null
+++ b/patches.arch/46-kvm-x86-ia32_arch_capabilities-is-always-supported.patch
@@ -0,0 +1,49 @@
+From: Jim Mattson <jmattson@google.com>
+Date: Wed, 9 May 2018 14:29:35 -0700
+Subject: kvm: x86: IA32_ARCH_CAPABILITIES is always supported
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: 1eaafe91a0df4157521b6417b3dd8430bf5f52f0
+Patch-mainline: v4.17-rc7
+References: bsc#1087082 CVE-2018-3639
+
+If there is a possibility that a VM may migrate to a Skylake host,
+then the hypervisor should report IA32_ARCH_CAPABILITIES.RSBA[bit 2]
+as being set (future work, of course). This implies that
+CPUID.(EAX=7,ECX=0):EDX.ARCH_CAPABILITIES[bit 29] should be
+set. Therefore, kvm should report this CPUID bit as being supported
+whether or not the host supports it. Userspace is still free to clear
+the bit if it chooses.
+
+For more information on RSBA, see Intel's white paper, "Retpoline: A
+Branch Target Injection Mitigation" (Document Number 337131-001),
+currently available at https://bugzilla.kernel.org/show_bug.cgi?id=199511.
+
+Since the IA32_ARCH_CAPABILITIES MSR is emulated in kvm, there is no
+dependency on hardware support for this feature.
+
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Fixes: 28c1c9fabf48 ("KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES")
+Cc: stable@vger.kernel.org
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kvm/cpuid.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -481,6 +481,11 @@ static inline int __do_cpuid_ent(struct
+ entry->ecx &= ~F(PKU);
+ entry->edx &= kvm_cpuid_7_0_edx_x86_features;
+ cpuid_mask(&entry->edx, CPUID_7_EDX);
++ /*
++ * We emulate ARCH_CAPABILITIES in software even
++ * if the host doesn't support it.
++ */
++ entry->edx |= F(ARCH_CAPABILITIES);
+ } else {
+ entry->ebx = 0;
+ entry->ecx = 0;
diff --git a/patches.arch/47-kvm-vmx-expose-ssbd-properly-to-guests.patch b/patches.arch/47-kvm-vmx-expose-ssbd-properly-to-guests.patch
new file mode 100644
index 0000000000..be55ee9ed1
--- /dev/null
+++ b/patches.arch/47-kvm-vmx-expose-ssbd-properly-to-guests.patch
@@ -0,0 +1,42 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Mon, 21 May 2018 17:54:49 -0400
+Subject: KVM/VMX: Expose SSBD properly to guests
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: 0aa48468d00959c8a37cd3ac727284f4f7359151
+Patch-mainline: v4.17-rc7
+References: bsc#1087082 CVE-2018-3639
+
+The X86_FEATURE_SSBD is an synthetic CPU feature - that is
+it bit location has no relevance to the real CPUID 0x7.EBX[31]
+bit position. For that we need the new CPU feature name.
+
+Fixes: 52817587e706 ("x86/cpufeatures: Disentangle SSBD enumeration")
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: kvm@vger.kernel.org
+Cc: "Radim Krčmář" <rkrcmar@redhat.com>
+Cc: stable@vger.kernel.org
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Link: https://lkml.kernel.org/r/20180521215449.26423-2-konrad.wilk@oracle.com
+
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kvm/cpuid.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -394,8 +394,8 @@ static inline int __do_cpuid_ent(struct
+
+ /* cpuid 7.0.edx*/
+ const u32 kvm_cpuid_7_0_edx_x86_features =
+- F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) | F(SSBD) |
+- F(ARCH_CAPABILITIES);
++ F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) |
++ F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES);
+
+ /* all calls to cpuid_count() should be made on the same cpu */
+ get_cpu();
diff --git a/patches.arch/KABI-hide-ftrace_enabled-in-paca.patch b/patches.arch/KABI-hide-ftrace_enabled-in-paca.patch
new file mode 100644
index 0000000000..619155dee7
--- /dev/null
+++ b/patches.arch/KABI-hide-ftrace_enabled-in-paca.patch
@@ -0,0 +1,30 @@
+From ee66bf4c99cc8cf3dc12e8cf4b8c348bf9ff4905 Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Tue, 10 Apr 2018 09:55:38 +0200
+Subject: [PATCH] KABI: hide ftrace_enabled in paca
+
+Patch-mainline: no, kabi
+References: bsc#1088804
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/include/asm/paca.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
+index 3c1846a75a6f..9d738ee1d8f3 100644
+--- a/arch/powerpc/include/asm/paca.h
++++ b/arch/powerpc/include/asm/paca.h
+@@ -215,7 +215,9 @@ struct paca_struct {
+ u8 hmi_event_available; /* HMI event is available */
+ u8 hmi_p9_special_emu; /* HMI P9 special emulation */
+ #endif
++#ifndef __GENKSYMS__ /* 2byte hole -> 1byte hole */
+ u8 ftrace_enabled; /* Hard disable ftrace */
++#endif
+
+ /* Stuff for accurate time accounting */
+ struct cpu_accounting_data accounting;
+--
+2.13.6
+
diff --git a/patches.arch/KVM-PPC-Book3S-HV-Fix-ppc_breakpoint_available-compi.patch b/patches.arch/KVM-PPC-Book3S-HV-Fix-ppc_breakpoint_available-compi.patch
new file mode 100644
index 0000000000..a78f1b37a7
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-Fix-ppc_breakpoint_available-compi.patch
@@ -0,0 +1,41 @@
+From e303c08787c4cbe1ca07912817dff205ed802985 Mon Sep 17 00:00:00 2001
+From: Nicholas Piggin <npiggin@gmail.com>
+Date: Sun, 1 Apr 2018 15:50:35 +1000
+Subject: [PATCH] KVM: PPC: Book3S HV: Fix ppc_breakpoint_available compile
+ error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+References: bsc#1061840
+Patch-mainline: v4.17-rc1
+Git-commit: e303c08787c4cbe1ca07912817dff205ed802985
+
+arch/powerpc/kvm/book3s_hv.c: In function ‘kvmppc_h_set_mode’:
+arch/powerpc/kvm/book3s_hv.c:745:8: error: implicit declaration of function ‘ppc_breakpoint_available’
+ if (!ppc_breakpoint_available())
+ ^~~~~~~~~~~~~~~~~~~~~~~~
+
+Fixes: 398e712c007f ("KVM: PPC: Book3S HV: Return error from h_set_mode(SET_DAWR) on POWER9")
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/kvm/book3s_hv.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
+index 1e1211c66b26..d3486ecfc671 100644
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -49,6 +49,7 @@
+ #include <asm/reg.h>
+ #include <asm/ppc-opcode.h>
+ #include <asm/asm-prototypes.h>
++#include <asm/debug.h>
+ #include <asm/disassemble.h>
+ #include <asm/cputable.h>
+ #include <asm/cacheflush.h>
+--
+2.13.6
+
diff --git a/patches.arch/KVM-PPC-Book3S-HV-Handle-migration-with-POWER9-disab.patch b/patches.arch/KVM-PPC-Book3S-HV-Handle-migration-with-POWER9-disab.patch
new file mode 100644
index 0000000000..ae7c8bfba3
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-Handle-migration-with-POWER9-disab.patch
@@ -0,0 +1,61 @@
+From a382a2c42376d5b18beba3f469150f1338709df4 Mon Sep 17 00:00:00 2001
+From: Michael Neuling <mikey@neuling.org>
+Date: Tue, 27 Mar 2018 15:37:22 +1100
+Subject: [PATCH 6/9] KVM: PPC: Book3S HV: Handle migration with POWER9
+ disabled DAWR
+
+References: bsc#1061840
+Patch-mainline: v4.17-rc1
+Git-commit: b53221e7042764d7456933d47a83b31372ce9dac
+
+POWER9 with the DAWR disabled causes problems for partition
+migration. Either we have to fail the migration (since we lose the
+DAWR) or we silently drop the DAWR and allow the migration to pass.
+
+This patch does the latter and allows the migration to pass (at the
+cost of silently losing the DAWR). This is not ideal but hopefully the
+best overall solution. This approach has been acked by Paulus.
+
+With this patch kvmppc_set_one_reg() will store the DAWR in the vcpu
+but won't actually set it on POWER9 hardware.
+
+Signed-off-by: Michael Neuling <mikey@neuling.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/kvm/book3s_hv_rmhandlers.S | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+index 549477544ad1..984f4ac0b583 100644
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+@@ -912,8 +912,14 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
+ ld r6, VCPU_DAWRX(r4)
+ ld r7, VCPU_CIABR(r4)
+ ld r8, VCPU_TAR(r4)
++ /*
++ * Handle broken DAWR case by not writing it. This means we
++ * can still store the DAWR register for migration.
++ */
++BEGIN_FTR_SECTION
+ mtspr SPRN_DAWR, r5
+ mtspr SPRN_DAWRX, r6
++END_FTR_SECTION_IFSET(CPU_FTR_DAWR)
+ mtspr SPRN_CIABR, r7
+ mtspr SPRN_TAR, r8
+ ld r5, VCPU_IC(r4)
+@@ -1804,6 +1810,10 @@ BEGIN_FTR_SECTION
+ ld r6, STACK_SLOT_DAWR(r1)
+ ld r7, STACK_SLOT_DAWRX(r1)
+ mtspr SPRN_CIABR, r5
++ /*
++ * If the DAWR doesn't work, it's ok to write these here as
++ * this value should always be zero
++ */
+ mtspr SPRN_DAWR, r6
+ mtspr SPRN_DAWRX, r7
+ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+--
+2.13.6
+
diff --git a/patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_dabr-on-PO.patch b/patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_dabr-on-PO.patch
new file mode 100644
index 0000000000..ee75be039b
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_dabr-on-PO.patch
@@ -0,0 +1,63 @@
+From 5abef8a90e1ff542e81a1e40a73e690ac9f0a215 Mon Sep 17 00:00:00 2001
+From: Michael Neuling <mikey@neuling.org>
+Date: Tue, 27 Mar 2018 15:37:21 +1100
+Subject: [PATCH 5/9] KVM: PPC: Book3S HV: Return error from h_set_dabr() on
+ POWER9
+
+References: bsc#1061840
+Patch-mainline: v4.17-rc1
+Git-commit: e8ebedbf3131ce2db0c7092a27f752ab365eef53
+
+POWER7 compat mode guests can use h_set_dabr on POWER9. POWER9 should
+use the DAWR but since it's disabled there we can't.
+
+This returns H_UNSUPPORTED on a h_set_dabr() on POWER9 where the DAWR
+is disabled.
+
+Current Linux guests ignore this error, so they will silently not get
+the DAWR (sigh). The same error code is being used by POWERVM in this
+case.
+
+Signed-off-by: Michael Neuling <mikey@neuling.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/include/asm/hvcall.h | 1 +
+ arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +++++++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h
+index 9188553cb056..6f26da38652b 100644
+--- a/arch/powerpc/include/asm/hvcall.h
++++ b/arch/powerpc/include/asm/hvcall.h
+@@ -87,6 +87,7 @@
+ #define H_P8 -61
+ #define H_P9 -62
+ #define H_TOO_BIG -64
++#define H_UNSUPPORTED -67
+ #define H_OVERLAP -68
+ #define H_INTERRUPT -69
+ #define H_BAD_DATA -70
+diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+index 57676e366937..549477544ad1 100644
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+@@ -2517,8 +2517,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+ li r3,0
+ blr
+
++2:
++BEGIN_FTR_SECTION
++ /* POWER9 with disabled DAWR */
++ li r3, H_UNSUPPORTED
++ blr
++END_FTR_SECTION_IFCLR(CPU_FTR_DAWR)
+ /* Emulate H_SET_DABR/X on P8 for the sake of compat mode guests */
+-2: rlwimi r5, r4, 5, DAWRX_DR | DAWRX_DW
++ rlwimi r5, r4, 5, DAWRX_DR | DAWRX_DW
+ rlwimi r5, r4, 2, DAWRX_WT
+ clrrdi r4, r4, 3
+ std r4, VCPU_DAWR(r3)
+--
+2.13.6
+
diff --git a/patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_mode-SET_D.patch b/patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_mode-SET_D.patch
new file mode 100644
index 0000000000..7b93731d9d
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-Return-error-from-h_set_mode-SET_D.patch
@@ -0,0 +1,40 @@
+From 23aca2a7f7e862b0ab5224f3cedc737d2be3bf88 Mon Sep 17 00:00:00 2001
+From: Michael Neuling <mikey@neuling.org>
+Date: Tue, 27 Mar 2018 15:37:20 +1100
+Subject: [PATCH 4/9] KVM: PPC: Book3S HV: Return error from
+ h_set_mode(SET_DAWR) on POWER9
+
+References: bsc#1061840
+Patch-mainline: v4.17-rc1
+Git-commit: 398e712c007fbd0bf996d25eb6b39d8314c50db4
+
+Return H_P2 on a h_set_mode(SET_DAWR) on POWER9 where the DAWR is
+disabled.
+
+Current Linux guests ignore this error, so they will silently not get
+the DAWR (sigh). The same error code is being used by POWERVM in this
+case.
+
+Signed-off-by: Michael Neuling <mikey@neuling.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/kvm/book3s_hv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
+index 8c5286cc7490..4effe50058f7 100644
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -740,6 +740,8 @@ static int kvmppc_h_set_mode(struct kvm_vcpu *vcpu, unsigned long mflags,
+ case H_SET_MODE_RESOURCE_SET_DAWR:
+ if (!kvmppc_power8_compatible(vcpu))
+ return H_P2;
++ if (!ppc_breakpoint_available())
++ return H_P2;
+ if (mflags)
+ return H_UNSUPPORTED_FLAG_START;
+ if (value2 & DABRX_HYP)
+--
+2.13.6
+
diff --git a/patches.arch/KVM-PPC-Book3S-HV-trace_tlbie-must-not-be-called-in-.patch b/patches.arch/KVM-PPC-Book3S-HV-trace_tlbie-must-not-be-called-in-.patch
new file mode 100644
index 0000000000..4903ff92a3
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-trace_tlbie-must-not-be-called-in-.patch
@@ -0,0 +1,61 @@
+From 19ce7909ed11c49f7eddf59e7f49cd3062bf83d5 Mon Sep 17 00:00:00 2001
+From: Nicholas Piggin <npiggin@gmail.com>
+Date: Fri, 6 Apr 2018 03:56:30 +1000
+Subject: [PATCH] KVM: PPC: Book3S HV: trace_tlbie must not be called in
+ realmode
+
+References: bsc#1061840
+Patch-mainline: v4.17-rc1
+Git-commit: 19ce7909ed11c49f7eddf59e7f49cd3062bf83d5
+
+This crashes with a "Bad real address for load" attempting to load
+from the vmalloc region in realmode (faulting address is in DAR).
+
+ Oops: Bad interrupt in KVM entry/exit code, sig: 6 [#1]
+ LE SMP NR_CPUS=2048 NUMA PowerNV
+ CPU: 53 PID: 6582 Comm: qemu-system-ppc Not tainted 4.16.0-01530-g43d1859f0994
+ NIP: c0000000000155ac LR: c0000000000c2430 CTR: c000000000015580
+ REGS: c000000fff76dd80 TRAP: 0200 Not tainted (4.16.0-01530-g43d1859f0994)
+ MSR: 9000000000201003 <SF,HV,ME,RI,LE> CR: 48082222 XER: 00000000
+ CFAR: 0000000102900ef0 DAR: d00017fffd941a28 DSISR: 00000040 SOFTE: 3
+ NIP [c0000000000155ac] perf_trace_tlbie+0x2c/0x1a0
+ LR [c0000000000c2430] do_tlbies+0x230/0x2f0
+
+I suspect the reason is the per-cpu data is not in the linear chunk.
+This could be restored if that was able to be fixed, but for now,
+just remove the tracepoints.
+
+Fixes: 0428491cba92 ("powerpc/mm: Trace tlbie(l) instructions")
+Cc: stable@vger.kernel.org # v4.13+
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/kvm/book3s_hv_rm_mmu.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/arch/powerpc/kvm/book3s_hv_rm_mmu.c b/arch/powerpc/kvm/book3s_hv_rm_mmu.c
+index e1c083fbe434..78e6a392330f 100644
+--- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c
++++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c
+@@ -470,8 +470,6 @@ static void do_tlbies(struct kvm *kvm, unsigned long *rbvalues,
+ for (i = 0; i < npages; ++i) {
+ asm volatile(PPC_TLBIE_5(%0,%1,0,0,0) : :
+ "r" (rbvalues[i]), "r" (kvm->arch.lpid));
+- trace_tlbie(kvm->arch.lpid, 0, rbvalues[i],
+- kvm->arch.lpid, 0, 0, 0);
+ }
+
+ if (cpu_has_feature(CPU_FTR_P9_TLBIE_BUG)) {
+@@ -492,8 +490,6 @@ static void do_tlbies(struct kvm *kvm, unsigned long *rbvalues,
+ for (i = 0; i < npages; ++i) {
+ asm volatile(PPC_TLBIEL(%0,%1,0,0,0) : :
+ "r" (rbvalues[i]), "r" (0));
+- trace_tlbie(kvm->arch.lpid, 1, rbvalues[i],
+- 0, 0, 0, 0);
+ }
+ asm volatile("ptesync" : : : "memory");
+ }
+--
+2.13.6
+
diff --git a/patches.arch/cpu-hotplug-Provide-cpus_read-write_-un-lock.patch b/patches.arch/cpu-hotplug-Provide-cpus_read-write_-un-lock.patch
new file mode 100644
index 0000000000..d2caca87d0
--- /dev/null
+++ b/patches.arch/cpu-hotplug-Provide-cpus_read-write_-un-lock.patch
@@ -0,0 +1,246 @@
+From 8f553c498e1772cccb39a114da4a498d22992758 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 24 May 2017 10:15:12 +0200
+Subject: [PATCH] cpu/hotplug: Provide cpus_read|write_[un]lock()
+
+References: bsc#1087405
+Patch-mainline: v4.13-rc1
+Git-commit: 8f553c498e1772cccb39a114da4a498d22992758
+
+The counting 'rwsem' hackery of get|put_online_cpus() is going to be
+replaced by percpu rwsem.
+
+Rename the functions to make it clear that it's locking and not some
+refcount style interface. These new functions will be used for the
+preparatory patches which make the code ready for the percpu rwsem
+conversion.
+
+Rename all instances in the cpu hotplug code while at it.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Acked-by: Ingo Molnar <mingo@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Sebastian Siewior <bigeasy@linutronix.de>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Link: http://lkml.kernel.org/r/20170524081547.080397752@linutronix.de
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ include/linux/cpu.h | 34 +++++++++++++++++++---------------
+ kernel/cpu.c | 36 ++++++++++++++++++------------------
+ 2 files changed, 37 insertions(+), 33 deletions(-)
+
+diff --git a/include/linux/cpu.h b/include/linux/cpu.h
+index f92081234afd..055876003914 100644
+--- a/include/linux/cpu.h
++++ b/include/linux/cpu.h
+@@ -99,26 +99,30 @@ static inline void cpu_maps_update_done(void)
+ extern struct bus_type cpu_subsys;
+
+ #ifdef CONFIG_HOTPLUG_CPU
+-/* Stop CPUs going up and down. */
+-
+-extern void cpu_hotplug_begin(void);
+-extern void cpu_hotplug_done(void);
+-extern void get_online_cpus(void);
+-extern void put_online_cpus(void);
++extern void cpus_write_lock(void);
++extern void cpus_write_unlock(void);
++extern void cpus_read_lock(void);
++extern void cpus_read_unlock(void);
+ extern void cpu_hotplug_disable(void);
+ extern void cpu_hotplug_enable(void);
+ void clear_tasks_mm_cpumask(int cpu);
+ int cpu_down(unsigned int cpu);
+
+-#else /* CONFIG_HOTPLUG_CPU */
+-
+-static inline void cpu_hotplug_begin(void) {}
+-static inline void cpu_hotplug_done(void) {}
+-#define get_online_cpus() do { } while (0)
+-#define put_online_cpus() do { } while (0)
+-#define cpu_hotplug_disable() do { } while (0)
+-#define cpu_hotplug_enable() do { } while (0)
+-#endif /* CONFIG_HOTPLUG_CPU */
++#else /* CONFIG_HOTPLUG_CPU */
++
++static inline void cpus_write_lock(void) { }
++static inline void cpus_write_unlock(void) { }
++static inline void cpus_read_lock(void) { }
++static inline void cpus_read_unlock(void) { }
++static inline void cpu_hotplug_disable(void) { }
++static inline void cpu_hotplug_enable(void) { }
++#endif /* !CONFIG_HOTPLUG_CPU */
++
++/* Wrappers which go away once all code is converted */
++static inline void cpu_hotplug_begin(void) { cpus_write_lock(); }
++static inline void cpu_hotplug_done(void) { cpus_write_unlock(); }
++static inline void get_online_cpus(void) { cpus_read_lock(); }
++static inline void put_online_cpus(void) { cpus_read_unlock(); }
+
+ #ifdef CONFIG_PM_SLEEP_SMP
+ extern int freeze_secondary_cpus(int primary);
+diff --git a/kernel/cpu.c b/kernel/cpu.c
+index 9ae6fbe5b5cf..d3221ae5b474 100644
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -235,7 +235,7 @@ static struct {
+ #define cpuhp_lock_release() lock_map_release(&cpu_hotplug.dep_map)
+
+
+-void get_online_cpus(void)
++void cpus_read_lock(void)
+ {
+ might_sleep();
+ if (cpu_hotplug.active_writer == current)
+@@ -245,9 +245,9 @@ void get_online_cpus(void)
+ atomic_inc(&cpu_hotplug.refcount);
+ mutex_unlock(&cpu_hotplug.lock);
+ }
+-EXPORT_SYMBOL_GPL(get_online_cpus);
++EXPORT_SYMBOL_GPL(cpus_read_lock);
+
+-void put_online_cpus(void)
++void cpus_read_unlock(void)
+ {
+ int refcount;
+
+@@ -264,7 +264,7 @@ void put_online_cpus(void)
+ cpuhp_lock_release();
+
+ }
+-EXPORT_SYMBOL_GPL(put_online_cpus);
++EXPORT_SYMBOL_GPL(cpus_read_unlock);
+
+ /*
+ * This ensures that the hotplug operation can begin only when the
+@@ -288,7 +288,7 @@ EXPORT_SYMBOL_GPL(put_online_cpus);
+ * get_online_cpus() not an api which is called all that often.
+ *
+ */
+-void cpu_hotplug_begin(void)
++void cpus_write_lock(void)
+ {
+ DEFINE_WAIT(wait);
+
+@@ -306,7 +306,7 @@ void cpu_hotplug_begin(void)
+ finish_wait(&cpu_hotplug.wq, &wait);
+ }
+
+-void cpu_hotplug_done(void)
++void cpus_write_unlock(void)
+ {
+ cpu_hotplug.active_writer = NULL;
+ mutex_unlock(&cpu_hotplug.lock);
+@@ -773,7 +773,7 @@ static int __ref _cpu_down(unsigned int cpu, int tasks_frozen,
+ if (!cpu_present(cpu))
+ return -EINVAL;
+
+- cpu_hotplug_begin();
++ cpus_write_lock();
+
+ cpuhp_tasks_frozen = tasks_frozen;
+
+@@ -811,7 +811,7 @@ static int __ref _cpu_down(unsigned int cpu, int tasks_frozen,
+ }
+
+ out:
+- cpu_hotplug_done();
++ cpus_write_unlock();
+ return ret;
+ }
+
+@@ -893,7 +893,7 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen, enum cpuhp_state target)
+ struct task_struct *idle;
+ int ret = 0;
+
+- cpu_hotplug_begin();
++ cpus_write_lock();
+
+ if (!cpu_present(cpu)) {
+ ret = -EINVAL;
+@@ -941,7 +941,7 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen, enum cpuhp_state target)
+ target = min((int)target, CPUHP_BRINGUP_CPU);
+ ret = cpuhp_up_callbacks(cpu, st, target);
+ out:
+- cpu_hotplug_done();
++ cpus_write_unlock();
+ return ret;
+ }
+
+@@ -1424,7 +1424,7 @@ int __cpuhp_state_add_instance(enum cpuhp_state state, struct hlist_node *node,
+ if (sp->multi_instance == false)
+ return -EINVAL;
+
+- get_online_cpus();
++ cpus_read_lock();
+ mutex_lock(&cpuhp_state_mutex);
+
+ if (!invoke || !sp->startup.multi)
+@@ -1453,7 +1453,7 @@ int __cpuhp_state_add_instance(enum cpuhp_state state, struct hlist_node *node,
+ hlist_add_head(node, &sp->list);
+ unlock:
+ mutex_unlock(&cpuhp_state_mutex);
+- put_online_cpus();
++ cpus_read_unlock();
+ return ret;
+ }
+ EXPORT_SYMBOL_GPL(__cpuhp_state_add_instance);
+@@ -1486,7 +1486,7 @@ int __cpuhp_setup_state(enum cpuhp_state state,
+ if (cpuhp_cb_check(state) || !name)
+ return -EINVAL;
+
+- get_online_cpus();
++ cpus_read_lock();
+ mutex_lock(&cpuhp_state_mutex);
+
+ ret = cpuhp_store_callbacks(state, name, startup, teardown,