summaryrefslogtreecommitdiffstats
path: root/queue-3.16
diff options
context:
space:
mode:
authorBen Hutchings <ben@decadent.org.uk>2019-05-22 23:16:35 +0100
committerBen Hutchings <ben@decadent.org.uk>2019-05-22 23:16:35 +0100
commita44fe45dcd6971deacbd9fc47c7febd8390581d2 (patch)
tree3139f051c97321ef0bf1cf577c0273fedbee8000 /queue-3.16
parent49bc5dbc7bfde21147d2ba773d6fb29c496256e7 (diff)
downloadlinux-stable-queue-a44fe45dcd6971deacbd9fc47c7febd8390581d2.tar.gz
Release 3.16.68
Diffstat (limited to 'queue-3.16')
-rw-r--r--queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch142
-rw-r--r--queue-3.16/documentation-add-mds-vulnerability-documentation.patch336
-rw-r--r--queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch60
-rw-r--r--queue-3.16/documentation-move-l1tf-to-separate-directory.patch28
-rw-r--r--queue-3.16/jump-label-locking-static_keys-update-docs.patch304
-rw-r--r--queue-3.16/jump_label-add-jump_entry_key-helper.patch67
-rw-r--r--queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch206
-rw-r--r--queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch106
-rw-r--r--queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch72
-rw-r--r--queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch140
-rw-r--r--queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch61
-rw-r--r--queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch190
-rw-r--r--queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch67
-rw-r--r--queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch45
-rw-r--r--queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch165
-rw-r--r--queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch603
-rw-r--r--queue-3.16/locking-static_keys-fix-a-silly-typo.patch49
-rw-r--r--queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch63
-rw-r--r--queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch39
-rw-r--r--queue-3.16/locking-static_keys-rework-update-logic.patch226
-rw-r--r--queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch35
-rw-r--r--queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch109
-rw-r--r--queue-3.16/module-add-within_module-function.patch74
-rw-r--r--queue-3.16/module-jump_label-fix-module-locking.patch78
-rw-r--r--queue-3.16/s390-jump-label-add-sanity-checks.patch101
-rw-r--r--queue-3.16/s390-jump-label-use-different-nop-instruction.patch82
-rw-r--r--queue-3.16/sched-add-sched_smt_active.patch97
-rw-r--r--queue-3.16/series86
-rw-r--r--queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch109
-rw-r--r--queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch49
-rw-r--r--queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch23
-rw-r--r--queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch49
-rw-r--r--queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch142
-rw-r--r--queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch142
-rw-r--r--queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch1117
-rw-r--r--queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch72
-rw-r--r--queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch62
-rw-r--r--queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch41
-rw-r--r--queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch66
-rw-r--r--queue-3.16/x86-msr-index-cleanup-bit-defines.patch61
-rw-r--r--queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch178
-rw-r--r--queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch55
-rw-r--r--queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch320
-rw-r--r--queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch241
-rw-r--r--queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch181
-rw-r--r--queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch164
-rw-r--r--queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch104
-rw-r--r--queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch74
-rw-r--r--queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch166
-rw-r--r--queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch61
-rw-r--r--queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch140
-rw-r--r--queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch182
-rw-r--r--queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch24
-rw-r--r--queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch56
-rw-r--r--queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch151
-rw-r--r--queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch89
-rw-r--r--queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch174
-rw-r--r--queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch184
-rw-r--r--queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch118
-rw-r--r--queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch36
-rw-r--r--queue-3.16/x86-speculation-mds-add-smt-warning-message.patch56
-rw-r--r--queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch125
-rw-r--r--queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch261
-rw-r--r--queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch200
-rw-r--r--queue-3.16/x86-speculation-mds-fix-comment.patch30
-rw-r--r--queue-3.16/x86-speculation-mds-fix-documentation-typo.patch27
-rw-r--r--queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch44
-rw-r--r--queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch41
-rw-r--r--queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch79
-rw-r--r--queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch107
-rw-r--r--queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch292
-rw-r--r--queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch188
-rw-r--r--queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch236
-rw-r--r--queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch42
-rw-r--r--queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch158
-rw-r--r--queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch32
-rw-r--r--queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch59
-rw-r--r--queue-3.16/x86-speculation-rename-ssbd-update-functions.patch129
-rw-r--r--queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch257
-rw-r--r--queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch110
-rw-r--r--queue-3.16/x86-speculation-rework-smt-state-change.patch126
-rw-r--r--queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch80
-rw-r--r--queue-3.16/x86-speculation-split-out-tif-update.patch106
-rw-r--r--queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch152
-rw-r--r--queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch125
-rw-r--r--queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch70
-rw-r--r--queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch48
87 files changed, 0 insertions, 11442 deletions
diff --git a/queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch b/queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch
deleted file mode 100644
index c281209a..00000000
--- a/queue-3.16/cpu-speculation-add-mitigations-cmdline-option.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-From: Josh Poimboeuf <jpoimboe@redhat.com>
-Date: Fri, 12 Apr 2019 15:39:28 -0500
-Subject: cpu/speculation: Add 'mitigations=' cmdline option
-
-commit 98af8452945c55652de68536afdde3b520fec429 upstream.
-
-Keeping track of the number of mitigations for all the CPU speculation
-bugs has become overwhelming for many users. It's getting more and more
-complicated to decide which mitigations are needed for a given
-architecture. Complicating matters is the fact that each arch tends to
-have its own custom way to mitigate the same vulnerability.
-
-Most users fall into a few basic categories:
-
-a) they want all mitigations off;
-
-b) they want all reasonable mitigations on, with SMT enabled even if
- it's vulnerable; or
-
-c) they want all reasonable mitigations on, with SMT disabled if
- vulnerable.
-
-Define a set of curated, arch-independent options, each of which is an
-aggregation of existing options:
-
-- mitigations=off: Disable all mitigations.
-
-- mitigations=auto: [default] Enable all the default mitigations, but
- leave SMT enabled, even if it's vulnerable.
-
-- mitigations=auto,nosmt: Enable all the default mitigations, disabling
- SMT if needed by a mitigation.
-
-Currently, these options are placeholders which don't actually do
-anything. They will be fleshed out in upcoming patches.
-
-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
-Reviewed-by: Jiri Kosina <jkosina@suse.cz>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: "H . Peter Anvin" <hpa@zytor.com>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Jiri Kosina <jikos@kernel.org>
-Cc: Waiman Long <longman@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-Cc: Paul Mackerras <paulus@samba.org>
-Cc: Michael Ellerman <mpe@ellerman.id.au>
-Cc: linuxppc-dev@lists.ozlabs.org
-Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
-Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
-Cc: linux-s390@vger.kernel.org
-Cc: Catalin Marinas <catalin.marinas@arm.com>
-Cc: Will Deacon <will.deacon@arm.com>
-Cc: linux-arm-kernel@lists.infradead.org
-Cc: linux-arch@vger.kernel.org
-Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Cc: Tyler Hicks <tyhicks@canonical.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Randy Dunlap <rdunlap@infradead.org>
-Cc: Steven Price <steven.price@arm.com>
-Cc: Phil Auld <pauld@redhat.com>
-Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com
-[bwh: Backported to 3.16:
- - Drop the auto,nosmt option which we can't support
- - Adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -1906,6 +1906,25 @@ bytes respectively. Such letter suffixes
- in the "bleeding edge" mini2440 support kernel at
- http://repo.or.cz/w/linux-2.6/mini2440.git
-
-+ mitigations=
-+ Control optional mitigations for CPU vulnerabilities.
-+ This is a set of curated, arch-independent options, each
-+ of which is an aggregation of existing arch-specific
-+ options.
-+
-+ off
-+ Disable all optional CPU mitigations. This
-+ improves system performance, but it may also
-+ expose users to several CPU vulnerabilities.
-+
-+ auto (default)
-+ Mitigate all CPU vulnerabilities, but leave SMT
-+ enabled, even if it's vulnerable. This is for
-+ users who don't want to be surprised by SMT
-+ getting disabled across kernel upgrades, or who
-+ have other ways of avoiding SMT-based attacks.
-+ This is the default behavior.
-+
- mminit_loglevel=
- [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
- parameter allows control of the logging verbosity for
---- a/include/linux/cpu.h
-+++ b/include/linux/cpu.h
-@@ -277,4 +277,21 @@ void arch_cpu_idle_enter(void);
- void arch_cpu_idle_exit(void);
- void arch_cpu_idle_dead(void);
-
-+/*
-+ * These are used for a global "mitigations=" cmdline option for toggling
-+ * optional CPU mitigations.
-+ */
-+enum cpu_mitigations {
-+ CPU_MITIGATIONS_OFF,
-+ CPU_MITIGATIONS_AUTO,
-+};
-+
-+extern enum cpu_mitigations cpu_mitigations;
-+
-+/* mitigations=off */
-+static inline bool cpu_mitigations_off(void)
-+{
-+ return cpu_mitigations == CPU_MITIGATIONS_OFF;
-+}
-+
- #endif /* _LINUX_CPU_H_ */
---- a/kernel/cpu.c
-+++ b/kernel/cpu.c
-@@ -795,3 +795,16 @@ void init_cpu_online(const struct cpumas
- {
- cpumask_copy(to_cpumask(cpu_online_bits), src);
- }
-+
-+enum cpu_mitigations cpu_mitigations = CPU_MITIGATIONS_AUTO;
-+
-+static int __init mitigations_parse_cmdline(char *arg)
-+{
-+ if (!strcmp(arg, "off"))
-+ cpu_mitigations = CPU_MITIGATIONS_OFF;
-+ else if (!strcmp(arg, "auto"))
-+ cpu_mitigations = CPU_MITIGATIONS_AUTO;
-+
-+ return 0;
-+}
-+early_param("mitigations", mitigations_parse_cmdline);
diff --git a/queue-3.16/documentation-add-mds-vulnerability-documentation.patch b/queue-3.16/documentation-add-mds-vulnerability-documentation.patch
deleted file mode 100644
index b712c0d8..00000000
--- a/queue-3.16/documentation-add-mds-vulnerability-documentation.patch
+++ /dev/null
@@ -1,336 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Tue, 19 Feb 2019 00:02:31 +0100
-Subject: Documentation: Add MDS vulnerability documentation
-
-commit 5999bbe7a6ea3c62029532ec84dc06003a1fa258 upstream.
-
-Add the initial MDS vulnerability documentation.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Drop the index updates
- - Adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- /dev/null
-+++ b/Documentation/hw-vuln/mds.rst
-@@ -0,0 +1,307 @@
-+MDS - Microarchitectural Data Sampling
-+======================================
-+
-+Microarchitectural Data Sampling is a hardware vulnerability which allows
-+unprivileged speculative access to data which is available in various CPU
-+internal buffers.
-+
-+Affected processors
-+-------------------
-+
-+This vulnerability affects a wide range of Intel processors. The
-+vulnerability is not present on:
-+
-+ - Processors from AMD, Centaur and other non Intel vendors
-+
-+ - Older processor models, where the CPU family is < 6
-+
-+ - Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus)
-+
-+ - Intel processors which have the ARCH_CAP_MDS_NO bit set in the
-+ IA32_ARCH_CAPABILITIES MSR.
-+
-+Whether a processor is affected or not can be read out from the MDS
-+vulnerability file in sysfs. See :ref:`mds_sys_info`.
-+
-+Not all processors are affected by all variants of MDS, but the mitigation
-+is identical for all of them so the kernel treats them as a single
-+vulnerability.
-+
-+Related CVEs
-+------------
-+
-+The following CVE entries are related to the MDS vulnerability:
-+
-+ ============== ===== ==============================================
-+ CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
-+ CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
-+ CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
-+ ============== ===== ==============================================
-+
-+Problem
-+-------
-+
-+When performing store, load, L1 refill operations, processors write data
-+into temporary microarchitectural structures (buffers). The data in the
-+buffer can be forwarded to load operations as an optimization.
-+
-+Under certain conditions, usually a fault/assist caused by a load
-+operation, data unrelated to the load memory address can be speculatively
-+forwarded from the buffers. Because the load operation causes a fault or
-+assist and its result will be discarded, the forwarded data will not cause
-+incorrect program execution or state changes. But a malicious operation
-+may be able to forward this speculative data to a disclosure gadget which
-+allows in turn to infer the value via a cache side channel attack.
-+
-+Because the buffers are potentially shared between Hyper-Threads cross
-+Hyper-Thread attacks are possible.
-+
-+Deeper technical information is available in the MDS specific x86
-+architecture section: :ref:`Documentation/x86/mds.rst <mds>`.
-+
-+
-+Attack scenarios
-+----------------
-+
-+Attacks against the MDS vulnerabilities can be mounted from malicious non
-+priviledged user space applications running on hosts or guest. Malicious
-+guest OSes can obviously mount attacks as well.
-+
-+Contrary to other speculation based vulnerabilities the MDS vulnerability
-+does not allow the attacker to control the memory target address. As a
-+consequence the attacks are purely sampling based, but as demonstrated with
-+the TLBleed attack samples can be postprocessed successfully.
-+
-+Web-Browsers
-+^^^^^^^^^^^^
-+
-+ It's unclear whether attacks through Web-Browsers are possible at
-+ all. The exploitation through Java-Script is considered very unlikely,
-+ but other widely used web technologies like Webassembly could possibly be
-+ abused.
-+
-+
-+.. _mds_sys_info:
-+
-+MDS system information
-+-----------------------
-+
-+The Linux kernel provides a sysfs interface to enumerate the current MDS
-+status of the system: whether the system is vulnerable, and which
-+mitigations are active. The relevant sysfs file is:
-+
-+/sys/devices/system/cpu/vulnerabilities/mds
-+
-+The possible values in this file are:
-+
-+ ========================================= =================================
-+ 'Not affected' The processor is not vulnerable
-+
-+ 'Vulnerable' The processor is vulnerable,
-+ but no mitigation enabled
-+
-+ 'Vulnerable: Clear CPU buffers attempted' The processor is vulnerable but
-+ microcode is not updated.
-+ The mitigation is enabled on a
-+ best effort basis.
-+ See :ref:`vmwerv`
-+
-+ 'Mitigation: CPU buffer clear' The processor is vulnerable and the
-+ CPU buffer clearing mitigation is
-+ enabled.
-+ ========================================= =================================
-+
-+If the processor is vulnerable then the following information is appended
-+to the above information:
-+
-+ ======================== ============================================
-+ 'SMT vulnerable' SMT is enabled
-+ 'SMT mitigated' SMT is enabled and mitigated
-+ 'SMT disabled' SMT is disabled
-+ 'SMT Host state unknown' Kernel runs in a VM, Host SMT state unknown
-+ ======================== ============================================
-+
-+.. _vmwerv:
-+
-+Best effort mitigation mode
-+^^^^^^^^^^^^^^^^^^^^^^^^^^^
-+
-+ If the processor is vulnerable, but the availability of the microcode based
-+ mitigation mechanism is not advertised via CPUID the kernel selects a best
-+ effort mitigation mode. This mode invokes the mitigation instructions
-+ without a guarantee that they clear the CPU buffers.
-+
-+ This is done to address virtualization scenarios where the host has the
-+ microcode update applied, but the hypervisor is not yet updated to expose
-+ the CPUID to the guest. If the host has updated microcode the protection
-+ takes effect otherwise a few cpu cycles are wasted pointlessly.
-+
-+ The state in the mds sysfs file reflects this situation accordingly.
-+
-+
-+Mitigation mechanism
-+-------------------------
-+
-+The kernel detects the affected CPUs and the presence of the microcode
-+which is required.
-+
-+If a CPU is affected and the microcode is available, then the kernel
-+enables the mitigation by default. The mitigation can be controlled at boot
-+time via a kernel command line option. See
-+:ref:`mds_mitigation_control_command_line`.
-+
-+.. _cpu_buffer_clear:
-+
-+CPU buffer clearing
-+^^^^^^^^^^^^^^^^^^^
-+
-+ The mitigation for MDS clears the affected CPU buffers on return to user
-+ space and when entering a guest.
-+
-+ If SMT is enabled it also clears the buffers on idle entry when the CPU
-+ is only affected by MSBDS and not any other MDS variant, because the
-+ other variants cannot be protected against cross Hyper-Thread attacks.
-+
-+ For CPUs which are only affected by MSBDS the user space, guest and idle
-+ transition mitigations are sufficient and SMT is not affected.
-+
-+.. _virt_mechanism:
-+
-+Virtualization mitigation
-+^^^^^^^^^^^^^^^^^^^^^^^^^
-+
-+ The protection for host to guest transition depends on the L1TF
-+ vulnerability of the CPU:
-+
-+ - CPU is affected by L1TF:
-+
-+ If the L1D flush mitigation is enabled and up to date microcode is
-+ available, the L1D flush mitigation is automatically protecting the
-+ guest transition.
-+
-+ If the L1D flush mitigation is disabled then the MDS mitigation is
-+ invoked explicit when the host MDS mitigation is enabled.
-+
-+ For details on L1TF and virtualization see:
-+ :ref:`Documentation/hw-vuln//l1tf.rst <mitigation_control_kvm>`.
-+
-+ - CPU is not affected by L1TF:
-+
-+ CPU buffers are flushed before entering the guest when the host MDS
-+ mitigation is enabled.
-+
-+ The resulting MDS protection matrix for the host to guest transition:
-+
-+ ============ ===== ============= ============ =================
-+ L1TF MDS VMX-L1FLUSH Host MDS MDS-State
-+
-+ Don't care No Don't care N/A Not affected
-+
-+ Yes Yes Disabled Off Vulnerable
-+
-+ Yes Yes Disabled Full Mitigated
-+
-+ Yes Yes Enabled Don't care Mitigated
-+
-+ No Yes N/A Off Vulnerable
-+
-+ No Yes N/A Full Mitigated
-+ ============ ===== ============= ============ =================
-+
-+ This only covers the host to guest transition, i.e. prevents leakage from
-+ host to guest, but does not protect the guest internally. Guests need to
-+ have their own protections.
-+
-+.. _xeon_phi:
-+
-+XEON PHI specific considerations
-+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-+
-+ The XEON PHI processor family is affected by MSBDS which can be exploited
-+ cross Hyper-Threads when entering idle states. Some XEON PHI variants allow
-+ to use MWAIT in user space (Ring 3) which opens an potential attack vector
-+ for malicious user space. The exposure can be disabled on the kernel
-+ command line with the 'ring3mwait=disable' command line option.
-+
-+ XEON PHI is not affected by the other MDS variants and MSBDS is mitigated
-+ before the CPU enters a idle state. As XEON PHI is not affected by L1TF
-+ either disabling SMT is not required for full protection.
-+
-+.. _mds_smt_control:
-+
-+SMT control
-+^^^^^^^^^^^
-+
-+ All MDS variants except MSBDS can be attacked cross Hyper-Threads. That
-+ means on CPUs which are affected by MFBDS or MLPDS it is necessary to
-+ disable SMT for full protection. These are most of the affected CPUs; the
-+ exception is XEON PHI, see :ref:`xeon_phi`.
-+
-+ Disabling SMT can have a significant performance impact, but the impact
-+ depends on the type of workloads.
-+
-+ See the relevant chapter in the L1TF mitigation documentation for details:
-+ :ref:`Documentation/hw-vuln/l1tf.rst <smt_control>`.
-+
-+
-+.. _mds_mitigation_control_command_line:
-+
-+Mitigation control on the kernel command line
-+---------------------------------------------
-+
-+The kernel command line allows to control the MDS mitigations at boot
-+time with the option "mds=". The valid arguments for this option are:
-+
-+ ============ =============================================================
-+ full If the CPU is vulnerable, enable all available mitigations
-+ for the MDS vulnerability, CPU buffer clearing on exit to
-+ userspace and when entering a VM. Idle transitions are
-+ protected as well if SMT is enabled.
-+
-+ It does not automatically disable SMT.
-+
-+ off Disables MDS mitigations completely.
-+
-+ ============ =============================================================
-+
-+Not specifying this option is equivalent to "mds=full".
-+
-+
-+Mitigation selection guide
-+--------------------------
-+
-+1. Trusted userspace
-+^^^^^^^^^^^^^^^^^^^^
-+
-+ If all userspace applications are from a trusted source and do not
-+ execute untrusted code which is supplied externally, then the mitigation
-+ can be disabled.
-+
-+
-+2. Virtualization with trusted guests
-+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-+
-+ The same considerations as above versus trusted user space apply.
-+
-+3. Virtualization with untrusted guests
-+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-+
-+ The protection depends on the state of the L1TF mitigations.
-+ See :ref:`virt_mechanism`.
-+
-+ If the MDS mitigation is enabled and SMT is disabled, guest to host and
-+ guest to guest attacks are prevented.
-+
-+.. _mds_default_mitigations:
-+
-+Default mitigations
-+-------------------
-+
-+ The kernel default mitigations for vulnerable processors are:
-+
-+ - Enable CPU buffer clearing
-+
-+ The kernel does not by default enforce the disabling of SMT, which leaves
-+ SMT systems vulnerable when running untrusted code. The same rationale as
-+ for L1TF applies.
-+ See :ref:`Documentation/hw-vuln//l1tf.rst <default_mitigations>`.
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -1796,6 +1796,8 @@ bytes respectively. Such letter suffixes
- Not specifying this option is equivalent to
- mds=full.
-
-+ For details see: Documentation/hw-vuln/mds.rst
-+
- mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory
- Amount of memory to be used when the kernel is not able
- to see the whole system memory or for test.
diff --git a/queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch b/queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch
deleted file mode 100644
index 54a20362..00000000
--- a/queue-3.16/documentation-correct-the-possible-mds-sysfs-values.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From: Tyler Hicks <tyhicks@canonical.com>
-Date: Mon, 6 May 2019 23:52:58 +0000
-Subject: Documentation: Correct the possible MDS sysfs values
-
-commit ea01668f9f43021b28b3f4d5ffad50106a1e1301 upstream.
-
-Adjust the last two rows in the table that display possible values when
-MDS mitigation is enabled. They both were slightly innacurate.
-
-In addition, convert the table of possible values and their descriptions
-to a list-table. The simple table format uses the top border of equals
-signs to determine cell width which resulted in the first column being
-far too wide in comparison to the second column that contained the
-majority of the text.
-
-Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-[bwh: Backported to 3.16: adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/hw-vuln/mds.rst | 29 ++++++++++-------------
- 1 file changed, 13 insertions(+), 16 deletions(-)
-
---- a/Documentation/hw-vuln/mds.rst
-+++ b/Documentation/hw-vuln/mds.rst
-@@ -95,22 +95,19 @@ mitigations are active. The relevant sys
-
- The possible values in this file are:
-
-- ========================================= =================================
-- 'Not affected' The processor is not vulnerable
-+ .. list-table::
-
-- 'Vulnerable' The processor is vulnerable,
-- but no mitigation enabled
--
-- 'Vulnerable: Clear CPU buffers attempted' The processor is vulnerable but
-- microcode is not updated.
-- The mitigation is enabled on a
-- best effort basis.
-- See :ref:`vmwerv`
--
-- 'Mitigation: CPU buffer clear' The processor is vulnerable and the
-- CPU buffer clearing mitigation is
-- enabled.
-- ========================================= =================================
-+ * - 'Not affected'
-+ - The processor is not vulnerable
-+ * - 'Vulnerable'
-+ - The processor is vulnerable, but no mitigation enabled
-+ * - 'Vulnerable: Clear CPU buffers attempted, no microcode'
-+ - The processor is vulnerable but microcode is not updated.
-+
-+ The mitigation is enabled on a best effort basis. See :ref:`vmwerv`
-+ * - 'Mitigation: Clear CPU buffers'
-+ - The processor is vulnerable and the CPU buffer clearing mitigation is
-+ enabled.
-
- If the processor is vulnerable then the following information is appended
- to the above information:
diff --git a/queue-3.16/documentation-move-l1tf-to-separate-directory.patch b/queue-3.16/documentation-move-l1tf-to-separate-directory.patch
deleted file mode 100644
index 3767fc14..00000000
--- a/queue-3.16/documentation-move-l1tf-to-separate-directory.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Tue, 19 Feb 2019 11:10:49 +0100
-Subject: Documentation: Move L1TF to separate directory
-
-commit 65fd4cb65b2dad97feb8330b6690445910b56d6a upstream.
-
-Move L!TF to a separate directory so the MDS stuff can be added at the
-side. Otherwise the all hardware vulnerabilites have their own top level
-entry. Should have done that right away.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16: we never added the documentation, so just update
- the log message]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -1128,7 +1128,7 @@ static void __init l1tf_select_mitigatio
- pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n",
- half_pa);
- pr_info("However, doing so will make a part of your RAM unusable.\n");
-- pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html might help you decide.\n");
-+ pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html might help you decide.\n");
- return;
- }
-
diff --git a/queue-3.16/jump-label-locking-static_keys-update-docs.patch b/queue-3.16/jump-label-locking-static_keys-update-docs.patch
deleted file mode 100644
index 04ab2bd2..00000000
--- a/queue-3.16/jump-label-locking-static_keys-update-docs.patch
+++ /dev/null
@@ -1,304 +0,0 @@
-From: Jason Baron <jbaron@akamai.com>
-Date: Thu, 30 Jul 2015 03:59:48 +0000
-Subject: jump label, locking/static_keys: Update docs
-
-commit 412758cb26704e5087ca2976ec3b28fb2bdbfad4 upstream.
-
-Signed-off-by: Jason Baron <jbaron@akamai.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: benh@kernel.crashing.org
-Cc: bp@alien8.de
-Cc: davem@davemloft.net
-Cc: ddaney@caviumnetworks.com
-Cc: heiko.carstens@de.ibm.com
-Cc: linux-kernel@vger.kernel.org
-Cc: liuj97@gmail.com
-Cc: luto@amacapital.net
-Cc: michael@ellerman.id.au
-Cc: rabin@rab.in
-Cc: ralf@linux-mips.org
-Cc: rostedt@goodmis.org
-Cc: vbabka@suse.cz
-Cc: will.deacon@arm.com
-Link: http://lkml.kernel.org/r/6b50f2f6423a2244f37f4b1d2d6c211b9dcdf4f8.1438227999.git.jbaron@akamai.com
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/static-keys.txt | 99 ++++++++++++++++++-----------------
- include/linux/jump_label.h | 67 ++++++++++++++++--------
- 2 files changed, 98 insertions(+), 68 deletions(-)
-
---- a/Documentation/static-keys.txt
-+++ b/Documentation/static-keys.txt
-@@ -1,7 +1,22 @@
- Static Keys
- -----------
-
--By: Jason Baron <jbaron@redhat.com>
-+DEPRECATED API:
-+
-+The use of 'struct static_key' directly, is now DEPRECATED. In addition
-+static_key_{true,false}() is also DEPRECATED. IE DO NOT use the following:
-+
-+struct static_key false = STATIC_KEY_INIT_FALSE;
-+struct static_key true = STATIC_KEY_INIT_TRUE;
-+static_key_true()
-+static_key_false()
-+
-+The updated API replacements are:
-+
-+DEFINE_STATIC_KEY_TRUE(key);
-+DEFINE_STATIC_KEY_FALSE(key);
-+static_key_likely()
-+statick_key_unlikely()
-
- 0) Abstract
-
-@@ -9,22 +24,22 @@ Static keys allows the inclusion of seld
- performance-sensitive fast-path kernel code, via a GCC feature and a code
- patching technique. A quick example:
-
-- struct static_key key = STATIC_KEY_INIT_FALSE;
-+ DEFINE_STATIC_KEY_FALSE(key);
-
- ...
-
-- if (static_key_false(&key))
-+ if (static_branch_unlikely(&key))
- do unlikely code
- else
- do likely code
-
- ...
-- static_key_slow_inc();
-+ static_branch_enable(&key);
- ...
-- static_key_slow_inc();
-+ static_branch_disable(&key);
- ...
-
--The static_key_false() branch will be generated into the code with as little
-+The static_branch_unlikely() branch will be generated into the code with as little
- impact to the likely code path as possible.
-
-
-@@ -56,7 +71,7 @@ the branch site to change the branch dir
-
- For example, if we have a simple branch that is disabled by default:
-
-- if (static_key_false(&key))
-+ if (static_branch_unlikely(&key))
- printk("I am the true branch\n");
-
- Thus, by default the 'printk' will not be emitted. And the code generated will
-@@ -75,68 +90,55 @@ the basis for the static keys facility.
-
- In order to make use of this optimization you must first define a key:
-
-- struct static_key key;
--
--Which is initialized as:
--
-- struct static_key key = STATIC_KEY_INIT_TRUE;
-+ DEFINE_STATIC_KEY_TRUE(key);
-
- or:
-
-- struct static_key key = STATIC_KEY_INIT_FALSE;
-+ DEFINE_STATIC_KEY_FALSE(key);
-+
-
--If the key is not initialized, it is default false. The 'struct static_key',
--must be a 'global'. That is, it can't be allocated on the stack or dynamically
-+The key must be global, that is, it can't be allocated on the stack or dynamically
- allocated at run-time.
-
- The key is then used in code as:
-
-- if (static_key_false(&key))
-+ if (static_branch_unlikely(&key))
- do unlikely code
- else
- do likely code
-
- Or:
-
-- if (static_key_true(&key))
-+ if (static_branch_likely(&key))
- do likely code
- else
- do unlikely code
-
--A key that is initialized via 'STATIC_KEY_INIT_FALSE', must be used in a
--'static_key_false()' construct. Likewise, a key initialized via
--'STATIC_KEY_INIT_TRUE' must be used in a 'static_key_true()' construct. A
--single key can be used in many branches, but all the branches must match the
--way that the key has been initialized.
-+Keys defined via DEFINE_STATIC_KEY_TRUE(), or DEFINE_STATIC_KEY_FALSE, may
-+be used in either static_branch_likely() or static_branch_unlikely()
-+statemnts.
-
--The branch(es) can then be switched via:
-+Branch(es) can be set true via:
-
-- static_key_slow_inc(&key);
-+static_branch_enable(&key);
-+
-+or false via:
-+
-+static_branch_disable(&key);
-+
-+The branch(es) can then be switched via reference counts:
-+
-+ static_branch_inc(&key);
- ...
-- static_key_slow_dec(&key);
-+ static_branch_dec(&key);
-
--Thus, 'static_key_slow_inc()' means 'make the branch true', and
--'static_key_slow_dec()' means 'make the branch false' with appropriate
-+Thus, 'static_branch_inc()' means 'make the branch true', and
-+'static_branch_dec()' means 'make the branch false' with appropriate
- reference counting. For example, if the key is initialized true, a
--static_key_slow_dec(), will switch the branch to false. And a subsequent
--static_key_slow_inc(), will change the branch back to true. Likewise, if the
--key is initialized false, a 'static_key_slow_inc()', will change the branch to
--true. And then a 'static_key_slow_dec()', will again make the branch false.
--
--An example usage in the kernel is the implementation of tracepoints:
--
-- static inline void trace_##name(proto) \
-- { \
-- if (static_key_false(&__tracepoint_##name.key)) \
-- __DO_TRACE(&__tracepoint_##name, \
-- TP_PROTO(data_proto), \
-- TP_ARGS(data_args), \
-- TP_CONDITION(cond)); \
-- }
--
--Tracepoints are disabled by default, and can be placed in performance critical
--pieces of the kernel. Thus, by using a static key, the tracepoints can have
--absolutely minimal impact when not in use.
-+static_branch_dec(), will switch the branch to false. And a subsequent
-+static_branch_inc(), will change the branch back to true. Likewise, if the
-+key is initialized false, a 'static_branch_inc()', will change the branch to
-+true. And then a 'static_branch_dec()', will again make the branch false.
-
-
- 4) Architecture level code patching interface, 'jump labels'
-@@ -150,9 +152,12 @@ simply fall back to a traditional, load,
-
- * #define JUMP_LABEL_NOP_SIZE, see: arch/x86/include/asm/jump_label.h
-
--* __always_inline bool arch_static_branch(struct static_key *key), see:
-+* __always_inline bool arch_static_branch(struct static_key *key, bool branch), see:
- arch/x86/include/asm/jump_label.h
-
-+* __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch),
-+ see: arch/x86/include/asm/jump_label.h
-+
- * void arch_jump_label_transform(struct jump_entry *entry, enum jump_label_type type),
- see: arch/x86/kernel/jump_label.c
-
-@@ -173,7 +178,7 @@ SYSCALL_DEFINE0(getppid)
- {
- int pid;
-
--+ if (static_key_false(&key))
-++ if (static_branch_unlikely(&key))
- + printk("I am the true branch\n");
-
- rcu_read_lock();
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -7,17 +7,52 @@
- * Copyright (C) 2009-2012 Jason Baron <jbaron@redhat.com>
- * Copyright (C) 2011-2012 Peter Zijlstra <pzijlstr@redhat.com>
- *
-+ * DEPRECATED API:
-+ *
-+ * The use of 'struct static_key' directly, is now DEPRECATED. In addition
-+ * static_key_{true,false}() is also DEPRECATED. IE DO NOT use the following:
-+ *
-+ * struct static_key false = STATIC_KEY_INIT_FALSE;
-+ * struct static_key true = STATIC_KEY_INIT_TRUE;
-+ * static_key_true()
-+ * static_key_false()
-+ *
-+ * The updated API replacements are:
-+ *
-+ * DEFINE_STATIC_KEY_TRUE(key);
-+ * DEFINE_STATIC_KEY_FALSE(key);
-+ * static_key_likely()
-+ * statick_key_unlikely()
-+ *
- * Jump labels provide an interface to generate dynamic branches using
-- * self-modifying code. Assuming toolchain and architecture support, the result
-- * of a "if (static_key_false(&key))" statement is an unconditional branch (which
-- * defaults to false - and the true block is placed out of line).
-- *
-- * However at runtime we can change the branch target using
-- * static_key_slow_{inc,dec}(). These function as a 'reference' count on the key
-- * object, and for as long as there are references all branches referring to
-- * that particular key will point to the (out of line) true block.
-+ * self-modifying code. Assuming toolchain and architecture support, if we
-+ * define a "key" that is initially false via "DEFINE_STATIC_KEY_FALSE(key)",
-+ * an "if (static_branch_unlikely(&key))" statement is an unconditional branch
-+ * (which defaults to false - and the true block is placed out of line).
-+ * Similarly, we can define an initially true key via
-+ * "DEFINE_STATIC_KEY_TRUE(key)", and use it in the same
-+ * "if (static_branch_unlikely(&key))", in which case we will generate an
-+ * unconditional branch to the out-of-line true branch. Keys that are
-+ * initially true or false can be using in both static_branch_unlikely()
-+ * and static_branch_likely() statements.
-+ *
-+ * At runtime we can change the branch target by setting the key
-+ * to true via a call to static_branch_enable(), or false using
-+ * static_branch_disable(). If the direction of the branch is switched by
-+ * these calls then we run-time modify the branch target via a
-+ * no-op -> jump or jump -> no-op conversion. For example, for an
-+ * initially false key that is used in an "if (static_branch_unlikely(&key))"
-+ * statement, setting the key to true requires us to patch in a jump
-+ * to the out-of-line of true branch.
-+ *
-+ * In addtion to static_branch_{enable,disable}, we can also reference count
-+ * the key or branch direction via static_branch_{inc,dec}. Thus,
-+ * static_branch_inc() can be thought of as a 'make more true' and
-+ * static_branch_dec() as a 'make more false'. The inc()/dec()
-+ * interface is meant to be used exclusively from the inc()/dec() for a given
-+ * key.
- *
-- * Since this relies on modifying code, the static_key_slow_{inc,dec}() functions
-+ * Since this relies on modifying code, the branch modifying functions
- * must be considered absolute slow paths (machine wide synchronization etc.).
- * OTOH, since the affected branches are unconditional, their runtime overhead
- * will be absolutely minimal, esp. in the default (off) case where the total
-@@ -29,20 +64,10 @@
- * cause significant performance degradation. Struct static_key_deferred and
- * static_key_slow_dec_deferred() provide for this.
- *
-- * Lacking toolchain and or architecture support, jump labels fall back to a simple
-- * conditional branch.
-- *
-- * struct static_key my_key = STATIC_KEY_INIT_TRUE;
-- *
-- * if (static_key_true(&my_key)) {
-- * }
-- *
-- * will result in the true case being in-line and starts the key with a single
-- * reference. Mixing static_key_true() and static_key_false() on the same key is not
-- * allowed.
-+ * Lacking toolchain and or architecture support, static keys fall back to a
-+ * simple conditional branch.
- *
-- * Not initializing the key (static data is initialized to 0s anyway) is the
-- * same as using STATIC_KEY_INIT_FALSE.
-+ * Additional babbling in: Documentation/static-keys.txt
- */
-
- #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL)
diff --git a/queue-3.16/jump_label-add-jump_entry_key-helper.patch b/queue-3.16/jump_label-add-jump_entry_key-helper.patch
deleted file mode 100644
index eb4fb94b..00000000
--- a/queue-3.16/jump_label-add-jump_entry_key-helper.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Fri, 24 Jul 2015 15:02:27 +0200
-Subject: jump_label: Add jump_entry_key() helper
-
-commit 7dcfd915bae51571bcc339d8e3dda027287880e5 upstream.
-
-Avoid some casting with a helper, also prepares the way for
-overloading the LSB of jump_entry::key.
-
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: linux-kernel@vger.kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- kernel/jump_label.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -195,6 +195,11 @@ static inline struct jump_entry *static_
- return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK);
- }
-
-+static inline struct static_key *jump_entry_key(struct jump_entry *entry)
-+{
-+ return (struct static_key *)((unsigned long)entry->key);
-+}
-+
- static enum jump_label_type jump_label_type(struct static_key *key)
- {
- bool enabled = static_key_enabled(key);
-@@ -216,7 +221,7 @@ void __init jump_label_init(void)
- for (iter = iter_start; iter < iter_stop; iter++) {
- struct static_key *iterk;
-
-- iterk = (struct static_key *)(unsigned long)iter->key;
-+ iterk = jump_entry_key(iter);
- arch_jump_label_transform_static(iter, jump_label_type(iterk));
- if (iterk == key)
- continue;
-@@ -311,7 +316,7 @@ static int jump_label_add_module(struct
- for (iter = iter_start; iter < iter_stop; iter++) {
- struct static_key *iterk;
-
-- iterk = (struct static_key *)(unsigned long)iter->key;
-+ iterk = jump_entry_key(iter);
- if (iterk == key)
- continue;
-
-@@ -348,10 +353,10 @@ static void jump_label_del_module(struct
- struct static_key_mod *jlm, **prev;
-
- for (iter = iter_start; iter < iter_stop; iter++) {
-- if (iter->key == (jump_label_t)(unsigned long)key)
-+ if (jump_entry_key(iter) == key)
- continue;
-
-- key = (struct static_key *)(unsigned long)iter->key;
-+ key = jump_entry_key(iter);
-
- if (within_module(iter->key, mod))
- continue;
diff --git a/queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch b/queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch
deleted file mode 100644
index ada85317..00000000
--- a/queue-3.16/jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch
+++ /dev/null
@@ -1,206 +0,0 @@
-From: Anton Blanchard <anton@samba.org>
-Date: Thu, 9 Apr 2015 13:51:30 +1000
-Subject: jump_label: Allow asm/jump_label.h to be included in assembly
-
-commit 55dd0df781e58ec23d218376ea4a676e7362a98c upstream.
-
-Wrap asm/jump_label.h for all archs with #ifndef __ASSEMBLY__.
-Since these are kernel only headers, we don't need #ifdef
-__KERNEL__ so can simplify things a bit.
-
-If an architecture wants to use jump labels in assembly, it
-will still need to define a macro to create the __jump_table
-entries (see ARCH_STATIC_BRANCH in the powerpc asm/jump_label.h
-for an example).
-
-Signed-off-by: Anton Blanchard <anton@samba.org>
-Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: benh@kernel.crashing.org
-Cc: catalin.marinas@arm.com
-Cc: davem@davemloft.net
-Cc: heiko.carstens@de.ibm.com
-Cc: jbaron@akamai.com
-Cc: linux@arm.linux.org.uk
-Cc: linuxppc-dev@lists.ozlabs.org
-Cc: liuj97@gmail.com
-Cc: mgorman@suse.de
-Cc: mmarek@suse.cz
-Cc: mpe@ellerman.id.au
-Cc: paulus@samba.org
-Cc: ralf@linux-mips.org
-Cc: rostedt@goodmis.org
-Cc: schwidefsky@de.ibm.com
-Cc: will.deacon@arm.com
-Link: http://lkml.kernel.org/r/1428551492-21977-1-git-send-email-anton@samba.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/arm/include/asm/jump_label.h | 5 ++---
- arch/arm64/include/asm/jump_label.h | 8 ++++----
- arch/mips/include/asm/jump_label.h | 7 +++----
- arch/s390/include/asm/jump_label.h | 3 +++
- arch/sparc/include/asm/jump_label.h | 5 ++---
- arch/x86/include/asm/jump_label.h | 5 ++---
- 6 files changed, 16 insertions(+), 17 deletions(-)
-
---- a/arch/arm/include/asm/jump_label.h
-+++ b/arch/arm/include/asm/jump_label.h
-@@ -1,7 +1,7 @@
- #ifndef _ASM_ARM_JUMP_LABEL_H
- #define _ASM_ARM_JUMP_LABEL_H
-
--#ifdef __KERNEL__
-+#ifndef __ASSEMBLY__
-
- #include <linux/types.h>
-
-@@ -27,8 +27,6 @@ l_yes:
- return true;
- }
-
--#endif /* __KERNEL__ */
--
- typedef u32 jump_label_t;
-
- struct jump_entry {
-@@ -37,4 +35,5 @@ struct jump_entry {
- jump_label_t key;
- };
-
-+#endif /* __ASSEMBLY__ */
- #endif
---- a/arch/arm64/include/asm/jump_label.h
-+++ b/arch/arm64/include/asm/jump_label.h
-@@ -18,11 +18,12 @@
- */
- #ifndef __ASM_JUMP_LABEL_H
- #define __ASM_JUMP_LABEL_H
-+
-+#ifndef __ASSEMBLY__
-+
- #include <linux/types.h>
- #include <asm/insn.h>
-
--#ifdef __KERNEL__
--
- #define JUMP_LABEL_NOP_SIZE AARCH64_INSN_SIZE
-
- static __always_inline bool arch_static_branch(struct static_key *key)
-@@ -39,8 +40,6 @@ l_yes:
- return true;
- }
-
--#endif /* __KERNEL__ */
--
- typedef u64 jump_label_t;
-
- struct jump_entry {
-@@ -49,4 +48,5 @@ struct jump_entry {
- jump_label_t key;
- };
-
-+#endif /* __ASSEMBLY__ */
- #endif /* __ASM_JUMP_LABEL_H */
---- a/arch/mips/include/asm/jump_label.h
-+++ b/arch/mips/include/asm/jump_label.h
-@@ -8,9 +8,9 @@
- #ifndef _ASM_MIPS_JUMP_LABEL_H
- #define _ASM_MIPS_JUMP_LABEL_H
-
--#include <linux/types.h>
-+#ifndef __ASSEMBLY__
-
--#ifdef __KERNEL__
-+#include <linux/types.h>
-
- #define JUMP_LABEL_NOP_SIZE 4
-
-@@ -39,8 +39,6 @@ l_yes:
- return true;
- }
-
--#endif /* __KERNEL__ */
--
- #ifdef CONFIG_64BIT
- typedef u64 jump_label_t;
- #else
-@@ -53,4 +51,5 @@ struct jump_entry {
- jump_label_t key;
- };
-
-+#endif /* __ASSEMBLY__ */
- #endif /* _ASM_MIPS_JUMP_LABEL_H */
---- a/arch/s390/include/asm/jump_label.h
-+++ b/arch/s390/include/asm/jump_label.h
-@@ -1,6 +1,8 @@
- #ifndef _ASM_S390_JUMP_LABEL_H
- #define _ASM_S390_JUMP_LABEL_H
-
-+#ifndef __ASSEMBLY__
-+
- #include <linux/types.h>
-
- #define JUMP_LABEL_NOP_SIZE 6
-@@ -39,4 +41,5 @@ struct jump_entry {
- jump_label_t key;
- };
-
-+#endif /* __ASSEMBLY__ */
- #endif
---- a/arch/sparc/include/asm/jump_label.h
-+++ b/arch/sparc/include/asm/jump_label.h
-@@ -1,7 +1,7 @@
- #ifndef _ASM_SPARC_JUMP_LABEL_H
- #define _ASM_SPARC_JUMP_LABEL_H
-
--#ifdef __KERNEL__
-+#ifndef __ASSEMBLY__
-
- #include <linux/types.h>
-
-@@ -22,8 +22,6 @@ l_yes:
- return true;
- }
-
--#endif /* __KERNEL__ */
--
- typedef u32 jump_label_t;
-
- struct jump_entry {
-@@ -32,4 +30,5 @@ struct jump_entry {
- jump_label_t key;
- };
-
-+#endif /* __ASSEMBLY__ */
- #endif
---- a/arch/x86/include/asm/jump_label.h
-+++ b/arch/x86/include/asm/jump_label.h
-@@ -1,7 +1,7 @@
- #ifndef _ASM_X86_JUMP_LABEL_H
- #define _ASM_X86_JUMP_LABEL_H
-
--#ifdef __KERNEL__
-+#ifndef __ASSEMBLY__
-
- #include <linux/stringify.h>
- #include <linux/types.h>
-@@ -30,8 +30,6 @@ l_yes:
- return true;
- }
-
--#endif /* __KERNEL__ */
--
- #ifdef CONFIG_X86_64
- typedef u64 jump_label_t;
- #else
-@@ -44,4 +42,5 @@ struct jump_entry {
- jump_label_t key;
- };
-
-+#endif /* __ASSEMBLY__ */
- #endif
diff --git a/queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch b/queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch
deleted file mode 100644
index 91140fa4..00000000
--- a/queue-3.16/jump_label-allow-jump-labels-to-be-used-in-assembly.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From: Anton Blanchard <anton@samba.org>
-Date: Thu, 9 Apr 2015 13:51:31 +1000
-Subject: jump_label: Allow jump labels to be used in assembly
-
-commit c0ccf6f99e3a43b87980c9df7da48427885206d0 upstream.
-
-To use jump labels in assembly we need the HAVE_JUMP_LABEL
-define, so we select a fallback version if the toolchain does
-not support them.
-
-Modify linux/jump_label.h so it can be included by assembly
-files. We also need to add -DCC_HAVE_ASM_GOTO to KBUILD_AFLAGS.
-
-Signed-off-by: Anton Blanchard <anton@samba.org>
-Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: benh@kernel.crashing.org
-Cc: catalin.marinas@arm.com
-Cc: davem@davemloft.net
-Cc: heiko.carstens@de.ibm.com
-Cc: jbaron@akamai.com
-Cc: linux@arm.linux.org.uk
-Cc: linuxppc-dev@lists.ozlabs.org
-Cc: liuj97@gmail.com
-Cc: mgorman@suse.de
-Cc: mmarek@suse.cz
-Cc: mpe@ellerman.id.au
-Cc: paulus@samba.org
-Cc: ralf@linux-mips.org
-Cc: rostedt@goodmis.org
-Cc: schwidefsky@de.ibm.com
-Cc: will.deacon@arm.com
-Link: http://lkml.kernel.org/r/1428551492-21977-2-git-send-email-anton@samba.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Makefile | 1 +
- include/linux/jump_label.h | 21 +++++++++++++++++----
- 2 files changed, 18 insertions(+), 4 deletions(-)
-
---- a/Makefile
-+++ b/Makefile
-@@ -761,6 +761,7 @@ KBUILD_ARFLAGS := $(call ar-option,D)
- # check for 'asm goto'
- ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC)), y)
- KBUILD_CFLAGS += -DCC_HAVE_ASM_GOTO
-+ KBUILD_AFLAGS += -DCC_HAVE_ASM_GOTO
- endif
-
- include $(srctree)/scripts/Makefile.extrawarn
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -45,6 +45,12 @@
- * same as using STATIC_KEY_INIT_FALSE.
- */
-
-+#if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL)
-+# define HAVE_JUMP_LABEL
-+#endif
-+
-+#ifndef __ASSEMBLY__
-+
- #include <linux/types.h>
- #include <linux/compiler.h>
- #include <linux/bug.h>
-@@ -55,7 +61,7 @@ extern bool static_key_initialized;
- "%s used before call to jump_label_init", \
- __func__)
-
--#if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL)
-+#ifdef HAVE_JUMP_LABEL
-
- struct static_key {
- atomic_t enabled;
-@@ -66,13 +72,18 @@ struct static_key {
- #endif
- };
-
--# include <asm/jump_label.h>
--# define HAVE_JUMP_LABEL
- #else
- struct static_key {
- atomic_t enabled;
- };
--#endif /* CC_HAVE_ASM_GOTO && CONFIG_JUMP_LABEL */
-+#endif /* HAVE_JUMP_LABEL */
-+#endif /* __ASSEMBLY__ */
-+
-+#ifdef HAVE_JUMP_LABEL
-+#include <asm/jump_label.h>
-+#endif
-+
-+#ifndef __ASSEMBLY__
-
- enum jump_label_type {
- JUMP_LABEL_DISABLE = 0,
-@@ -223,3 +234,5 @@ static inline void static_key_disable(st
- }
-
- #endif /* _LINUX_JUMP_LABEL_H */
-+
-+#endif /* __ASSEMBLY__ */
diff --git a/queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch b/queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch
deleted file mode 100644
index 5ef7a245..00000000
--- a/queue-3.16/jump_label-fix-small-typos-in-the-documentation.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From: Ingo Molnar <mingo@kernel.org>
-Date: Sun, 10 Aug 2014 08:53:39 +0200
-Subject: jump_label: Fix small typos in the documentation
-
-commit fd3cbdc0d1b5254a2e8793df58c409b469899a3f upstream.
-
-Was reading through the documentation of this code and noticed
-a few typos, missing commas, etc.
-
-Cc: Jason Baron <jbaron@akamai.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: Mel Gorman <mgorman@suse.de>
-Cc: linux-kernel@vger.kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- include/linux/jump_label.h | 17 ++++++++---------
- 1 file changed, 8 insertions(+), 9 deletions(-)
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -8,28 +8,28 @@
- * Copyright (C) 2011-2012 Peter Zijlstra <pzijlstr@redhat.com>
- *
- * Jump labels provide an interface to generate dynamic branches using
-- * self-modifying code. Assuming toolchain and architecture support the result
-- * of a "if (static_key_false(&key))" statement is a unconditional branch (which
-+ * self-modifying code. Assuming toolchain and architecture support, the result
-+ * of a "if (static_key_false(&key))" statement is an unconditional branch (which
- * defaults to false - and the true block is placed out of line).
- *
- * However at runtime we can change the branch target using
- * static_key_slow_{inc,dec}(). These function as a 'reference' count on the key
-- * object and for as long as there are references all branches referring to
-+ * object, and for as long as there are references all branches referring to
- * that particular key will point to the (out of line) true block.
- *
-- * Since this relies on modifying code the static_key_slow_{inc,dec}() functions
-+ * Since this relies on modifying code, the static_key_slow_{inc,dec}() functions
- * must be considered absolute slow paths (machine wide synchronization etc.).
-- * OTOH, since the affected branches are unconditional their runtime overhead
-+ * OTOH, since the affected branches are unconditional, their runtime overhead
- * will be absolutely minimal, esp. in the default (off) case where the total
- * effect is a single NOP of appropriate size. The on case will patch in a jump
- * to the out-of-line block.
- *
-- * When the control is directly exposed to userspace it is prudent to delay the
-+ * When the control is directly exposed to userspace, it is prudent to delay the
- * decrement to avoid high frequency code modifications which can (and do)
- * cause significant performance degradation. Struct static_key_deferred and
- * static_key_slow_dec_deferred() provide for this.
- *
-- * Lacking toolchain and or architecture support, it falls back to a simple
-+ * Lacking toolchain and or architecture support, jump labels fall back to a simple
- * conditional branch.
- *
- * struct static_key my_key = STATIC_KEY_INIT_TRUE;
-@@ -43,8 +43,7 @@
- *
- * Not initializing the key (static data is initialized to 0s anyway) is the
- * same as using STATIC_KEY_INIT_FALSE.
-- *
--*/
-+ */
-
- #include <linux/types.h>
- #include <linux/compiler.h>
diff --git a/queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch b/queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch
deleted file mode 100644
index c8f84de9..00000000
--- a/queue-3.16/jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Fri, 24 Jul 2015 14:55:40 +0200
-Subject: jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related
- helpers to the static_key* pattern
-
-commit a1efb01feca597b2abbc89873b40ef8ec6690168 upstream.
-
-Rename the JUMP_LABEL_TYPE_* macros to be JUMP_TYPE_* and move the
-inline helpers into kernel/jump_label.c, since that's the only place
-they're ever used.
-
-Also rename the helpers where it's all about static keys.
-
-This is the second step in removing the naming confusion that has led to
-a stream of avoidable bugs such as:
-
- a833581e372a ("x86, perf: Fix static_key bug in load_mm_cr4()")
-
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: linux-kernel@vger.kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- include/linux/jump_label.h | 25 +++++--------------------
- kernel/jump_label.c | 25 ++++++++++++++++---------
- 2 files changed, 21 insertions(+), 29 deletions(-)
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -101,24 +101,9 @@ static inline int static_key_count(struc
-
- #ifdef HAVE_JUMP_LABEL
-
--#define JUMP_LABEL_TYPE_FALSE_BRANCH 0UL
--#define JUMP_LABEL_TYPE_TRUE_BRANCH 1UL
--#define JUMP_LABEL_TYPE_MASK 1UL
--
--static
--inline struct jump_entry *jump_label_get_entries(struct static_key *key)
--{
-- return (struct jump_entry *)((unsigned long)key->entries
-- & ~JUMP_LABEL_TYPE_MASK);
--}
--
--static inline bool jump_label_get_branch_default(struct static_key *key)
--{
-- if (((unsigned long)key->entries & JUMP_LABEL_TYPE_MASK) ==
-- JUMP_LABEL_TYPE_TRUE_BRANCH)
-- return true;
-- return false;
--}
-+#define JUMP_TYPE_FALSE 0UL
-+#define JUMP_TYPE_TRUE 1UL
-+#define JUMP_TYPE_MASK 1UL
-
- static __always_inline bool static_key_false(struct static_key *key)
- {
-@@ -147,10 +132,10 @@ extern void jump_label_apply_nops(struct
-
- #define STATIC_KEY_INIT_TRUE ((struct static_key) \
- { .enabled = ATOMIC_INIT(1), \
-- .entries = (void *)JUMP_LABEL_TYPE_TRUE_BRANCH })
-+ .entries = (void *)JUMP_TYPE_TRUE })
- #define STATIC_KEY_INIT_FALSE ((struct static_key) \
- { .enabled = ATOMIC_INIT(0), \
-- .entries = (void *)JUMP_LABEL_TYPE_FALSE_BRANCH })
-+ .entries = (void *)JUMP_TYPE_FALSE })
-
- #else /* !HAVE_JUMP_LABEL */
-
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -56,6 +56,11 @@ jump_label_sort_entries(struct jump_entr
-
- static void jump_label_update(struct static_key *key, int enable);
-
-+static inline bool static_key_type(struct static_key *key)
-+{
-+ return (unsigned long)key->entries & JUMP_TYPE_MASK;
-+}
-+
- void static_key_slow_inc(struct static_key *key)
- {
- STATIC_KEY_CHECK_USE();
-@@ -64,7 +69,7 @@ void static_key_slow_inc(struct static_k
-
- jump_label_lock();
- if (atomic_read(&key->enabled) == 0) {
-- if (!jump_label_get_branch_default(key))
-+ if (!static_key_type(key))
- jump_label_update(key, JUMP_LABEL_JMP);
- else
- jump_label_update(key, JUMP_LABEL_NOP);
-@@ -87,7 +92,7 @@ static void __static_key_slow_dec(struct
- atomic_inc(&key->enabled);
- schedule_delayed_work(work, rate_limit);
- } else {
-- if (!jump_label_get_branch_default(key))
-+ if (!static_key_type(key))
- jump_label_update(key, JUMP_LABEL_NOP);
- else
- jump_label_update(key, JUMP_LABEL_JMP);
-@@ -185,15 +190,17 @@ static void __jump_label_update(struct s
- }
- }
-
--static enum jump_label_type jump_label_type(struct static_key *key)
-+static inline struct jump_entry *static_key_entries(struct static_key *key)
- {
-- bool true_branch = jump_label_get_branch_default(key);
-- bool state = static_key_enabled(key);
-+ return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK);
-+}
-
-- if ((!true_branch && state) || (true_branch && !state))
-- return JUMP_LABEL_JMP;
-+static enum jump_label_type jump_label_type(struct static_key *key)
-+{
-+ bool enabled = static_key_enabled(key);
-+ bool type = static_key_type(key);
-
-- return JUMP_LABEL_NOP;
-+ return enabled ^ type;
- }
-
- void __init jump_label_init(void)
-@@ -449,7 +456,7 @@ int jump_label_text_reserved(void *start
- static void jump_label_update(struct static_key *key, int enable)
- {
- struct jump_entry *stop = __stop___jump_table;
-- struct jump_entry *entry = jump_label_get_entries(key);
-+ struct jump_entry *entry = static_key_entries(key);
- #ifdef CONFIG_MODULES
- struct module *mod;
-
diff --git a/queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch b/queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch
deleted file mode 100644
index c4e0f042..00000000
--- a/queue-3.16/jump_label-make-static_key_enabled-work-on-static_key_true-false.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Tejun Heo <tj@kernel.org>
-Date: Fri, 18 Sep 2015 11:56:28 -0400
-Subject: jump_label: make static_key_enabled() work on static_key_true/false
- types too
-
-commit fa128fd735bd236b6b04d3fedfed7a784137c185 upstream.
-
-static_key_enabled() can be used on struct static_key but not on its
-wrapper types static_key_true and static_key_false. The function is
-useful for debugging and management of static keys. Update it so that
-it can be used for the wrapper types too.
-
-Signed-off-by: Tejun Heo <tj@kernel.org>
-Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- include/linux/jump_label.h | 18 +++++++++++-------
- 1 file changed, 11 insertions(+), 7 deletions(-)
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -214,11 +214,6 @@ static inline int jump_label_apply_nops(
- #define STATIC_KEY_INIT STATIC_KEY_INIT_FALSE
- #define jump_label_enabled static_key_enabled
-
--static inline bool static_key_enabled(struct static_key *key)
--{
-- return static_key_count(key) > 0;
--}
--
- static inline void static_key_enable(struct static_key *key)
- {
- int count = static_key_count(key);
-@@ -265,6 +260,17 @@ struct static_key_false {
- #define DEFINE_STATIC_KEY_FALSE(name) \
- struct static_key_false name = STATIC_KEY_FALSE_INIT
-
-+extern bool ____wrong_branch_error(void);
-+
-+#define static_key_enabled(x) \
-+({ \
-+ if (!__builtin_types_compatible_p(typeof(*x), struct static_key) && \
-+ !__builtin_types_compatible_p(typeof(*x), struct static_key_true) &&\
-+ !__builtin_types_compatible_p(typeof(*x), struct static_key_false)) \
-+ ____wrong_branch_error(); \
-+ static_key_count((struct static_key *)x) > 0; \
-+})
-+
- #ifdef HAVE_JUMP_LABEL
-
- /*
-@@ -323,8 +329,6 @@ struct static_key_false {
- * See jump_label_type() / jump_label_init_type().
- */
-
--extern bool ____wrong_branch_error(void);
--
- #define static_branch_likely(x) \
- ({ \
- bool branch; \
diff --git a/queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch b/queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch
deleted file mode 100644
index 851fe881..00000000
--- a/queue-3.16/jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Fri, 24 Jul 2015 14:45:44 +0200
-Subject: jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP}
-
-commit 76b235c6bcb16062d663e2ee96db0b69f2e6bc14 upstream.
-
-Since we've already stepped away from ENABLE is a JMP and DISABLE is a
-NOP with the branch_default bits, and are going to make it even worse,
-rename it to make it all clearer.
-
-This way we don't mix multiple levels of logic attributes, but have a
-plain 'physical' name for what the current instruction patching status
-of a jump label is.
-
-This is a first step in removing the naming confusion that has led to
-a stream of avoidable bugs such as:
-
- a833581e372a ("x86, perf: Fix static_key bug in load_mm_cr4()")
-
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: linux-kernel@vger.kernel.org
-[ Beefed up the changelog. ]
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/arm/kernel/jump_label.c | 2 +-
- arch/arm64/kernel/jump_label.c | 2 +-
- arch/mips/kernel/jump_label.c | 2 +-
- arch/powerpc/kernel/jump_label.c | 2 +-
- arch/s390/kernel/jump_label.c | 2 +-
- arch/sparc/kernel/jump_label.c | 2 +-
- arch/x86/kernel/jump_label.c | 2 +-
- include/linux/jump_label.h | 4 ++--
- kernel/jump_label.c | 18 +++++++++---------
- 9 files changed, 18 insertions(+), 18 deletions(-)
-
---- a/arch/arm/kernel/jump_label.c
-+++ b/arch/arm/kernel/jump_label.c
-@@ -13,7 +13,7 @@ static void __arch_jump_label_transform(
- void *addr = (void *)entry->code;
- unsigned int insn;
-
-- if (type == JUMP_LABEL_ENABLE)
-+ if (type == JUMP_LABEL_JMP)
- insn = arm_gen_branch(entry->code, entry->target);
- else
- insn = arm_gen_nop();
---- a/arch/arm64/kernel/jump_label.c
-+++ b/arch/arm64/kernel/jump_label.c
-@@ -29,7 +29,7 @@ static void __arch_jump_label_transform(
- void *addr = (void *)entry->code;
- u32 insn;
-
-- if (type == JUMP_LABEL_ENABLE) {
-+ if (type == JUMP_LABEL_JMP) {
- insn = aarch64_insn_gen_branch_imm(entry->code,
- entry->target,
- AARCH64_INSN_BRANCH_NOLINK);
---- a/arch/mips/kernel/jump_label.c
-+++ b/arch/mips/kernel/jump_label.c
-@@ -51,7 +51,7 @@ void arch_jump_label_transform(struct ju
- /* Target must have the right alignment and ISA must be preserved. */
- BUG_ON((e->target & J_ALIGN_MASK) != J_ISA_BIT);
-
-- if (type == JUMP_LABEL_ENABLE) {
-+ if (type == JUMP_LABEL_JMP) {
- insn.j_format.opcode = J_ISA_BIT ? mm_j32_op : j_op;
- insn.j_format.target = e->target >> J_RANGE_SHIFT;
- } else {
---- a/arch/powerpc/kernel/jump_label.c
-+++ b/arch/powerpc/kernel/jump_label.c
-@@ -17,7 +17,7 @@ void arch_jump_label_transform(struct ju
- {
- u32 *addr = (u32 *)(unsigned long)entry->code;
-
-- if (type == JUMP_LABEL_ENABLE)
-+ if (type == JUMP_LABEL_JMP)
- patch_branch(addr, entry->target, 0);
- else
- patch_instruction(addr, PPC_INST_NOP);
---- a/arch/s390/kernel/jump_label.c
-+++ b/arch/s390/kernel/jump_label.c
-@@ -60,7 +60,7 @@ static void __jump_label_transform(struc
- {
- struct insn old, new;
-
-- if (type == JUMP_LABEL_ENABLE) {
-+ if (type == JUMP_LABEL_JMP) {
- jump_label_make_nop(entry, &old);
- jump_label_make_branch(entry, &new);
- } else {
---- a/arch/sparc/kernel/jump_label.c
-+++ b/arch/sparc/kernel/jump_label.c
-@@ -16,7 +16,7 @@ void arch_jump_label_transform(struct ju
- u32 val;
- u32 *insn = (u32 *) (unsigned long) entry->code;
-
-- if (type == JUMP_LABEL_ENABLE) {
-+ if (type == JUMP_LABEL_JMP) {
- s32 off = (s32)entry->target - (s32)entry->code;
-
- #ifdef CONFIG_SPARC64
---- a/arch/x86/kernel/jump_label.c
-+++ b/arch/x86/kernel/jump_label.c
-@@ -45,7 +45,7 @@ static void __jump_label_transform(struc
- const unsigned char default_nop[] = { STATIC_KEY_INIT_NOP };
- const unsigned char *ideal_nop = ideal_nops[NOP_ATOMIC5];
-
-- if (type == JUMP_LABEL_ENABLE) {
-+ if (type == JUMP_LABEL_JMP) {
- if (init) {
- /*
- * Jump label is enabled for the first time.
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -86,8 +86,8 @@ struct static_key {
- #ifndef __ASSEMBLY__
-
- enum jump_label_type {
-- JUMP_LABEL_DISABLE = 0,
-- JUMP_LABEL_ENABLE,
-+ JUMP_LABEL_NOP = 0,
-+ JUMP_LABEL_JMP,
- };
-
- struct module;
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -65,9 +65,9 @@ void static_key_slow_inc(struct static_k
- jump_label_lock();
- if (atomic_read(&key->enabled) == 0) {
- if (!jump_label_get_branch_default(key))
-- jump_label_update(key, JUMP_LABEL_ENABLE);
-+ jump_label_update(key, JUMP_LABEL_JMP);
- else
-- jump_label_update(key, JUMP_LABEL_DISABLE);
-+ jump_label_update(key, JUMP_LABEL_NOP);
- }
- atomic_inc(&key->enabled);
- jump_label_unlock();
-@@ -88,9 +88,9 @@ static void __static_key_slow_dec(struct
- schedule_delayed_work(work, rate_limit);
- } else {
- if (!jump_label_get_branch_default(key))
-- jump_label_update(key, JUMP_LABEL_DISABLE);
-+ jump_label_update(key, JUMP_LABEL_NOP);
- else
-- jump_label_update(key, JUMP_LABEL_ENABLE);
-+ jump_label_update(key, JUMP_LABEL_JMP);
- }
- jump_label_unlock();
- }
-@@ -191,9 +191,9 @@ static enum jump_label_type jump_label_t
- bool state = static_key_enabled(key);
-
- if ((!true_branch && state) || (true_branch && !state))
-- return JUMP_LABEL_ENABLE;
-+ return JUMP_LABEL_JMP;
-
-- return JUMP_LABEL_DISABLE;
-+ return JUMP_LABEL_NOP;
- }
-
- void __init jump_label_init(void)
-@@ -283,7 +283,7 @@ void jump_label_apply_nops(struct module
- return;
-
- for (iter = iter_start; iter < iter_stop; iter++) {
-- arch_jump_label_transform_static(iter, JUMP_LABEL_DISABLE);
-+ arch_jump_label_transform_static(iter, JUMP_LABEL_NOP);
- }
- }
-
-@@ -325,8 +325,8 @@ static int jump_label_add_module(struct
- jlm->next = key->next;
- key->next = jlm;
-
-- if (jump_label_type(key) == JUMP_LABEL_ENABLE)
-- __jump_label_update(key, iter, iter_stop, JUMP_LABEL_ENABLE);
-+ if (jump_label_type(key) == JUMP_LABEL_JMP)
-+ __jump_label_update(key, iter, iter_stop, JUMP_LABEL_JMP);
- }
-
- return 0;
diff --git a/queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch b/queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch
deleted file mode 100644
index 2d731db0..00000000
--- a/queue-3.16/jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Wed, 12 Aug 2015 21:04:22 +0200
-Subject: jump_label/x86: Work around asm build bug on older/backported GCCs
-
-commit d420acd816c07c7be31bd19d09cbcb16e5572fa6 upstream.
-
-Boris reported that gcc version 4.4.4 20100503 (Red Hat
-4.4.4-2) fails to build linux-next kernels that have
-this fresh commit via the locking tree:
-
- 11276d5306b8 ("locking/static_keys: Add a new static_key interface")
-
-The problem appears to be that even though @key and @branch are
-compile time constants, it doesn't see the following expression
-as an immediate value:
-
- &((char *)key)[branch]
-
-More recent GCCs don't appear to have this problem.
-
-In particular, Red Hat backported the 'asm goto' feature into 4.4,
-'normal' 4.4 compilers will not have this feature and thus not
-run into this asm.
-
-The workaround is to supply both values to the asm as immediates
-and do the addition in asm.
-
-Suggested-by: H. Peter Anvin <hpa@zytor.com>
-Reported-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
-Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: linux-kernel@vger.kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/jump_label.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/arch/x86/include/asm/jump_label.h
-+++ b/arch/x86/include/asm/jump_label.h
-@@ -22,9 +22,9 @@ static __always_inline bool arch_static_
- ".byte " __stringify(STATIC_KEY_INIT_NOP) "\n\t"
- ".pushsection __jump_table, \"aw\" \n\t"
- _ASM_ALIGN "\n\t"
-- _ASM_PTR "1b, %l[l_yes], %c0 \n\t"
-+ _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t"
- ".popsection \n\t"
-- : : "i" (&((char *)key)[branch]) : : l_yes);
-+ : : "i" (key), "i" (branch) : : l_yes);
-
- return false;
- l_yes:
-@@ -38,9 +38,9 @@ static __always_inline bool arch_static_
- "2:\n\t"
- ".pushsection __jump_table, \"aw\" \n\t"
- _ASM_ALIGN "\n\t"
-- _ASM_PTR "1b, %l[l_yes], %c0 \n\t"
-+ _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t"
- ".popsection \n\t"
-- : : "i" (&((char *)key)[branch]) : : l_yes);
-+ : : "i" (key), "i" (branch) : : l_yes);
-
- return false;
- l_yes:
diff --git a/queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch b/queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch
deleted file mode 100644
index 776c3f17..00000000
--- a/queue-3.16/kvm-x86-report-stibp-on-get_supported_cpuid.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 5 Dec 2018 17:19:56 -0200
-Subject: kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
-
-commit d7b09c827a6cf291f66637a36f46928dd1423184 upstream.
-
-Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL
-to the guest, which makes STIBP available to guests. This was implemented
-by commits d28b387fb74d ("KVM/VMX: Allow direct access to
-MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to
-MSR_IA32_SPEC_CTRL").
-
-However, we never updated GET_SUPPORTED_CPUID to let userspace know that
-STIBP can be enabled in CPUID. Fix that by updating
-kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features.
-
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-Reviewed-by: Jim Mattson <jmattson@google.com>
-Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/kvm/cpuid.c
-+++ b/arch/x86/kvm/cpuid.c
-@@ -303,7 +303,7 @@ static inline int __do_cpuid_ent(struct
- /* cpuid 0x80000008.ebx */
- const u32 kvm_cpuid_8000_0008_ebx_x86_features =
- F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) |
-- F(AMD_SSB_NO);
-+ F(AMD_SSB_NO) | F(AMD_STIBP);
-
- /* cpuid 0xC0000001.edx */
- const u32 kvm_supported_word5_x86_features =
-@@ -319,7 +319,8 @@ static inline int __do_cpuid_ent(struct
-
- /* cpuid 7.0.edx*/
- const u32 kvm_cpuid_7_0_edx_x86_features =
-- F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES);
-+ F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) |
-+ F(INTEL_STIBP);
-
- /* all calls to cpuid_count() should be made on the same cpu */
- get_cpu();
diff --git a/queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch b/queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch
deleted file mode 100644
index aa3739ce..00000000
--- a/queue-3.16/locking-static_key-fix-concurrent-static_key_slow_inc.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 21 Jun 2016 18:52:17 +0200
-Subject: locking/static_key: Fix concurrent static_key_slow_inc()
-
-commit 4c5ea0a9cd02d6aa8adc86e100b2a4cff8d614ff upstream.
-
-The following scenario is possible:
-
- CPU 1 CPU 2
- static_key_slow_inc()
- atomic_inc_not_zero()
- -> key.enabled == 0, no increment
- jump_label_lock()
- atomic_inc_return()
- -> key.enabled == 1 now
- static_key_slow_inc()
- atomic_inc_not_zero()
- -> key.enabled == 1, inc to 2
- return
- ** static key is wrong!
- jump_label_update()
- jump_label_unlock()
-
-Testing the static key at the point marked by (**) will follow the
-wrong path for jumps that have not been patched yet. This can
-actually happen when creating many KVM virtual machines with userspace
-LAPIC emulation; just run several copies of the following program:
-
- #include <fcntl.h>
- #include <unistd.h>
- #include <sys/ioctl.h>
- #include <linux/kvm.h>
-
- int main(void)
- {
- for (;;) {
- int kvmfd = open("/dev/kvm", O_RDONLY);
- int vmfd = ioctl(kvmfd, KVM_CREATE_VM, 0);
- close(ioctl(vmfd, KVM_CREATE_VCPU, 1));
- close(vmfd);
- close(kvmfd);
- }
- return 0;
- }
-
-Every KVM_CREATE_VCPU ioctl will attempt a static_key_slow_inc() call.
-The static key's purpose is to skip NULL pointer checks and indeed one
-of the processes eventually dereferences NULL.
-
-As explained in the commit that introduced the bug:
-
- 706249c222f6 ("locking/static_keys: Rework update logic")
-
-jump_label_update() needs key.enabled to be true. The solution adopted
-here is to temporarily make key.enabled == -1, and use go down the
-slow path when key.enabled <= 0.
-
-Reported-by: Dmitry Vyukov <dvyukov@google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Fixes: 706249c222f6 ("locking/static_keys: Rework update logic")
-Link: http://lkml.kernel.org/r/1466527937-69798-1-git-send-email-pbonzini@redhat.com
-[ Small stylistic edits to the changelog and the code. ]
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- include/linux/jump_label.h | 16 +++++++++++++---
- kernel/jump_label.c | 36 +++++++++++++++++++++++++++++++++---
- 2 files changed, 46 insertions(+), 6 deletions(-)
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -117,13 +117,18 @@ struct module;
-
- #include <linux/atomic.h>
-
-+#ifdef HAVE_JUMP_LABEL
-+
- static inline int static_key_count(struct static_key *key)
- {
-- return atomic_read(&key->enabled);
-+ /*
-+ * -1 means the first static_key_slow_inc() is in progress.
-+ * static_key_enabled() must return true, so return 1 here.
-+ */
-+ int n = atomic_read(&key->enabled);
-+ return n >= 0 ? n : 1;
- }
-
--#ifdef HAVE_JUMP_LABEL
--
- #define JUMP_TYPE_FALSE 0UL
- #define JUMP_TYPE_TRUE 1UL
- #define JUMP_TYPE_MASK 1UL
-@@ -162,6 +167,11 @@ extern void jump_label_apply_nops(struct
-
- #else /* !HAVE_JUMP_LABEL */
-
-+static inline int static_key_count(struct static_key *key)
-+{
-+ return atomic_read(&key->enabled);
-+}
-+
- static __always_inline void jump_label_init(void)
- {
- static_key_initialized = true;
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -58,13 +58,36 @@ static void jump_label_update(struct sta
-
- void static_key_slow_inc(struct static_key *key)
- {
-+ int v, v1;
-+
- STATIC_KEY_CHECK_USE();
-- if (atomic_inc_not_zero(&key->enabled))
-- return;
-+
-+ /*
-+ * Careful if we get concurrent static_key_slow_inc() calls;
-+ * later calls must wait for the first one to _finish_ the
-+ * jump_label_update() process. At the same time, however,
-+ * the jump_label_update() call below wants to see
-+ * static_key_enabled(&key) for jumps to be updated properly.
-+ *
-+ * So give a special meaning to negative key->enabled: it sends
-+ * static_key_slow_inc() down the slow path, and it is non-zero
-+ * so it counts as "enabled" in jump_label_update(). Note that
-+ * atomic_inc_unless_negative() checks >= 0, so roll our own.
-+ */
-+ for (v = atomic_read(&key->enabled); v > 0; v = v1) {
-+ v1 = atomic_cmpxchg(&key->enabled, v, v + 1);
-+ if (likely(v1 == v))
-+ return;
-+ }
-
- jump_label_lock();
-- if (atomic_inc_return(&key->enabled) == 1)
-+ if (atomic_read(&key->enabled) == 0) {
-+ atomic_set(&key->enabled, -1);
- jump_label_update(key);
-+ atomic_set(&key->enabled, 1);
-+ } else {
-+ atomic_inc(&key->enabled);
-+ }
- jump_label_unlock();
- }
- EXPORT_SYMBOL_GPL(static_key_slow_inc);
-@@ -72,6 +95,13 @@ EXPORT_SYMBOL_GPL(static_key_slow_inc);
- static void __static_key_slow_dec(struct static_key *key,
- unsigned long rate_limit, struct delayed_work *work)
- {
-+ /*
-+ * The negative count check is valid even when a negative
-+ * key->enabled is in use by static_key_slow_inc(); a
-+ * __static_key_slow_dec() before the first static_key_slow_inc()
-+ * returns is unbalanced, because all other static_key_slow_inc()
-+ * instances block while the update is in progress.
-+ */
- if (!atomic_dec_and_mutex_lock(&key->enabled, &jump_label_mutex)) {
- WARN(atomic_read(&key->enabled) < 0,
- "jump label: negative count!\n");
diff --git a/queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch b/queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch
deleted file mode 100644
index 0670683c..00000000
--- a/queue-3.16/locking-static_keys-add-a-new-static_key-interface.patch
+++ /dev/null
@@ -1,603 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Fri, 24 Jul 2015 15:09:55 +0200
-Subject: locking/static_keys: Add a new static_key interface
-
-commit 11276d5306b8e5b438a36bbff855fe792d7eaa61 upstream.
-
-There are various problems and short-comings with the current
-static_key interface:
-
- - static_key_{true,false}() read like a branch depending on the key
- value, instead of the actual likely/unlikely branch depending on
- init value.
-
- - static_key_{true,false}() are, as stated above, tied to the
- static_key init values STATIC_KEY_INIT_{TRUE,FALSE}.
-
- - we're limited to the 2 (out of 4) possible options that compile to
- a default NOP because that's what our arch_static_branch() assembly
- emits.
-
-So provide a new static_key interface:
-
- DEFINE_STATIC_KEY_TRUE(name);
- DEFINE_STATIC_KEY_FALSE(name);
-
-Which define a key of different types with an initial true/false
-value.
-
-Then allow:
-
- static_branch_likely()
- static_branch_unlikely()
-
-to take a key of either type and emit the right instruction for the
-case.
-
-This means adding a second arch_static_branch_jump() assembly helper
-which emits a JMP per default.
-
-In order to determine the right instruction for the right state,
-encode the branch type in the LSB of jump_entry::key.
-
-This is the final step in removing the naming confusion that has led to
-a stream of avoidable bugs such as:
-
- a833581e372a ("x86, perf: Fix static_key bug in load_mm_cr4()")
-
-... but it also allows new static key combinations that will give us
-performance enhancements in the subsequent patches.
-
-Tested-by: Rabin Vincent <rabin@rab.in> # arm
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Acked-by: Michael Ellerman <mpe@ellerman.id.au> # ppc
-Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> # s390
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: linux-kernel@vger.kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-[bwh: Backported to 3.16:
- - For s390, use the 31-bit-compatible macros in arch_static_branch_jump()
- -
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/arm/include/asm/jump_label.h | 25 +++--
- arch/arm64/include/asm/jump_label.h | 18 +++-
- arch/mips/include/asm/jump_label.h | 19 +++-
- arch/powerpc/include/asm/jump_label.h | 19 +++-
- arch/s390/include/asm/jump_label.h | 19 +++-
- arch/sparc/include/asm/jump_label.h | 35 ++++--
- arch/x86/include/asm/jump_label.h | 21 +++-
- include/linux/jump_label.h | 149 ++++++++++++++++++++++++--
- kernel/jump_label.c | 37 +++++--
- 9 files changed, 298 insertions(+), 44 deletions(-)
-
---- a/arch/arm/include/asm/jump_label.h
-+++ b/arch/arm/include/asm/jump_label.h
-@@ -4,23 +4,32 @@
- #ifndef __ASSEMBLY__
-
- #include <linux/types.h>
-+#include <asm/unified.h>
-
- #define JUMP_LABEL_NOP_SIZE 4
-
--#ifdef CONFIG_THUMB2_KERNEL
--#define JUMP_LABEL_NOP "nop.w"
--#else
--#define JUMP_LABEL_NOP "nop"
--#endif
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
-+{
-+ asm_volatile_goto("1:\n\t"
-+ WASM(nop) "\n\t"
-+ ".pushsection __jump_table, \"aw\"\n\t"
-+ ".word 1b, %l[l_yes], %c0\n\t"
-+ ".popsection\n\t"
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
-+ return false;
-+l_yes:
-+ return true;
-+}
-
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
- {
- asm_volatile_goto("1:\n\t"
-- JUMP_LABEL_NOP "\n\t"
-+ WASM(b) " %l[l_yes]\n\t"
- ".pushsection __jump_table, \"aw\"\n\t"
- ".word 1b, %l[l_yes], %c0\n\t"
- ".popsection\n\t"
-- : : "i" (key) : : l_yes);
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-
- return false;
- l_yes:
---- a/arch/arm64/include/asm/jump_label.h
-+++ b/arch/arm64/include/asm/jump_label.h
-@@ -26,14 +26,28 @@
-
- #define JUMP_LABEL_NOP_SIZE AARCH64_INSN_SIZE
-
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
- asm goto("1: nop\n\t"
- ".pushsection __jump_table, \"aw\"\n\t"
- ".align 3\n\t"
- ".quad 1b, %l[l_yes], %c0\n\t"
- ".popsection\n\t"
-- : : "i"(key) : : l_yes);
-+ : : "i"(&((char *)key)[branch]) : : l_yes);
-+
-+ return false;
-+l_yes:
-+ return true;
-+}
-+
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
-+{
-+ asm goto("1: b %l[l_yes]\n\t"
-+ ".pushsection __jump_table, \"aw\"\n\t"
-+ ".align 3\n\t"
-+ ".quad 1b, %l[l_yes], %c0\n\t"
-+ ".popsection\n\t"
-+ : : "i"(&((char *)key)[branch]) : : l_yes);
-
- return false;
- l_yes:
---- a/arch/mips/include/asm/jump_label.h
-+++ b/arch/mips/include/asm/jump_label.h
-@@ -26,14 +26,29 @@
- #define NOP_INSN "nop"
- #endif
-
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
- asm_volatile_goto("1:\t" NOP_INSN "\n\t"
- "nop\n\t"
- ".pushsection __jump_table, \"aw\"\n\t"
- WORD_INSN " 1b, %l[l_yes], %0\n\t"
- ".popsection\n\t"
-- : : "i" (key) : : l_yes);
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
-+ return false;
-+l_yes:
-+ return true;
-+}
-+
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
-+{
-+ asm_volatile_goto("1:\tj %l[l_yes]\n\t"
-+ "nop\n\t"
-+ ".pushsection __jump_table, \"aw\"\n\t"
-+ WORD_INSN " 1b, %l[l_yes], %0\n\t"
-+ ".popsection\n\t"
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
- return false;
- l_yes:
- return true;
---- a/arch/powerpc/include/asm/jump_label.h
-+++ b/arch/powerpc/include/asm/jump_label.h
-@@ -17,14 +17,29 @@
- #define JUMP_ENTRY_TYPE stringify_in_c(FTR_ENTRY_LONG)
- #define JUMP_LABEL_NOP_SIZE 4
-
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
- asm_volatile_goto("1:\n\t"
- "nop\n\t"
- ".pushsection __jump_table, \"aw\"\n\t"
- JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t"
- ".popsection \n\t"
-- : : "i" (key) : : l_yes);
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
-+ return false;
-+l_yes:
-+ return true;
-+}
-+
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
-+{
-+ asm_volatile_goto("1:\n\t"
-+ "b %l[l_yes]\n\t"
-+ ".pushsection __jump_table, \"aw\"\n\t"
-+ JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t"
-+ ".popsection \n\t"
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
- return false;
- l_yes:
- return true;
---- a/arch/s390/include/asm/jump_label.h
-+++ b/arch/s390/include/asm/jump_label.h
-@@ -20,14 +20,29 @@
- * We use a brcl 0,2 instruction for jump labels at compile time so it
- * can be easily distinguished from a hotpatch generated instruction.
- */
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
- asm_volatile_goto("0: brcl 0,"__stringify(JUMP_LABEL_NOP_OFFSET)"\n"
- ".pushsection __jump_table, \"aw\"\n"
- ASM_ALIGN "\n"
- ASM_PTR " 0b, %l[label], %0\n"
- ".popsection\n"
-- : : "X" (key) : : label);
-+ : : "X" (&((char *)key)[branch]) : : label);
-+
-+ return false;
-+label:
-+ return true;
-+}
-+
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
-+{
-+ asm_volatile_goto("0: brcl 15, %l[label]\n"
-+ ".pushsection __jump_table, \"aw\"\n"
-+ ASM_ALIGN "\n"
-+ ASM_PTR " 0b, %l[label], %0\n"
-+ ".popsection\n"
-+ : : "X" (&((char *)key)[branch]) : : label);
-+
- return false;
- label:
- return true;
---- a/arch/sparc/include/asm/jump_label.h
-+++ b/arch/sparc/include/asm/jump_label.h
-@@ -7,16 +7,33 @@
-
- #define JUMP_LABEL_NOP_SIZE 4
-
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
-- asm_volatile_goto("1:\n\t"
-- "nop\n\t"
-- "nop\n\t"
-- ".pushsection __jump_table, \"aw\"\n\t"
-- ".align 4\n\t"
-- ".word 1b, %l[l_yes], %c0\n\t"
-- ".popsection \n\t"
-- : : "i" (key) : : l_yes);
-+ asm_volatile_goto("1:\n\t"
-+ "nop\n\t"
-+ "nop\n\t"
-+ ".pushsection __jump_table, \"aw\"\n\t"
-+ ".align 4\n\t"
-+ ".word 1b, %l[l_yes], %c0\n\t"
-+ ".popsection \n\t"
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
-+ return false;
-+l_yes:
-+ return true;
-+}
-+
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
-+{
-+ asm_volatile_goto("1:\n\t"
-+ "b %l[l_yes]\n\t"
-+ "nop\n\t"
-+ ".pushsection __jump_table, \"aw\"\n\t"
-+ ".align 4\n\t"
-+ ".word 1b, %l[l_yes], %c0\n\t"
-+ ".popsection \n\t"
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
- return false;
- l_yes:
- return true;
---- a/arch/x86/include/asm/jump_label.h
-+++ b/arch/x86/include/asm/jump_label.h
-@@ -16,7 +16,7 @@
- # define STATIC_KEY_INIT_NOP GENERIC_NOP5_ATOMIC
- #endif
-
--static __always_inline bool arch_static_branch(struct static_key *key)
-+static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
- asm_volatile_goto("1:"
- ".byte " __stringify(STATIC_KEY_INIT_NOP) "\n\t"
-@@ -24,7 +24,24 @@ static __always_inline bool arch_static_
- _ASM_ALIGN "\n\t"
- _ASM_PTR "1b, %l[l_yes], %c0 \n\t"
- ".popsection \n\t"
-- : : "i" (key) : : l_yes);
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
-+ return false;
-+l_yes:
-+ return true;
-+}
-+
-+static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
-+{
-+ asm_volatile_goto("1:"
-+ ".byte 0xe9\n\t .long %l[l_yes] - 2f\n\t"
-+ "2:\n\t"
-+ ".pushsection __jump_table, \"aw\" \n\t"
-+ _ASM_ALIGN "\n\t"
-+ _ASM_PTR "1b, %l[l_yes], %c0 \n\t"
-+ ".popsection \n\t"
-+ : : "i" (&((char *)key)[branch]) : : l_yes);
-+
- return false;
- l_yes:
- return true;
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -107,12 +107,12 @@ static inline int static_key_count(struc
-
- static __always_inline bool static_key_false(struct static_key *key)
- {
-- return arch_static_branch(key);
-+ return arch_static_branch(key, false);
- }
-
- static __always_inline bool static_key_true(struct static_key *key)
- {
-- return !static_key_false(key);
-+ return !arch_static_branch(key, true);
- }
-
- extern struct jump_entry __start___jump_table[];
-@@ -130,12 +130,12 @@ extern void static_key_slow_inc(struct s
- extern void static_key_slow_dec(struct static_key *key);
- extern void jump_label_apply_nops(struct module *mod);
-
--#define STATIC_KEY_INIT_TRUE ((struct static_key) \
-+#define STATIC_KEY_INIT_TRUE \
- { .enabled = ATOMIC_INIT(1), \
-- .entries = (void *)JUMP_TYPE_TRUE })
--#define STATIC_KEY_INIT_FALSE ((struct static_key) \
-+ .entries = (void *)JUMP_TYPE_TRUE }
-+#define STATIC_KEY_INIT_FALSE \
- { .enabled = ATOMIC_INIT(0), \
-- .entries = (void *)JUMP_TYPE_FALSE })
-+ .entries = (void *)JUMP_TYPE_FALSE }
-
- #else /* !HAVE_JUMP_LABEL */
-
-@@ -183,10 +183,8 @@ static inline int jump_label_apply_nops(
- return 0;
- }
-
--#define STATIC_KEY_INIT_TRUE ((struct static_key) \
-- { .enabled = ATOMIC_INIT(1) })
--#define STATIC_KEY_INIT_FALSE ((struct static_key) \
-- { .enabled = ATOMIC_INIT(0) })
-+#define STATIC_KEY_INIT_TRUE { .enabled = ATOMIC_INIT(1) }
-+#define STATIC_KEY_INIT_FALSE { .enabled = ATOMIC_INIT(0) }
-
- #endif /* HAVE_JUMP_LABEL */
-
-@@ -218,6 +216,137 @@ static inline void static_key_disable(st
- static_key_slow_dec(key);
- }
-
-+/* -------------------------------------------------------------------------- */
-+
-+/*
-+ * Two type wrappers around static_key, such that we can use compile time
-+ * type differentiation to emit the right code.
-+ *
-+ * All the below code is macros in order to play type games.
-+ */
-+
-+struct static_key_true {
-+ struct static_key key;
-+};
-+
-+struct static_key_false {
-+ struct static_key key;
-+};
-+
-+#define STATIC_KEY_TRUE_INIT (struct static_key_true) { .key = STATIC_KEY_INIT_TRUE, }
-+#define STATIC_KEY_FALSE_INIT (struct static_key_false){ .key = STATIC_KEY_INIT_FALSE, }
-+
-+#define DEFINE_STATIC_KEY_TRUE(name) \
-+ struct static_key_true name = STATIC_KEY_TRUE_INIT
-+
-+#define DEFINE_STATIC_KEY_FALSE(name) \
-+ struct static_key_false name = STATIC_KEY_FALSE_INIT
-+
-+#ifdef HAVE_JUMP_LABEL
-+
-+/*
-+ * Combine the right initial value (type) with the right branch order
-+ * to generate the desired result.
-+ *
-+ *
-+ * type\branch| likely (1) | unlikely (0)
-+ * -----------+-----------------------+------------------
-+ * | |
-+ * true (1) | ... | ...
-+ * | NOP | JMP L
-+ * | <br-stmts> | 1: ...
-+ * | L: ... |
-+ * | |
-+ * | | L: <br-stmts>
-+ * | | jmp 1b
-+ * | |
-+ * -----------+-----------------------+------------------
-+ * | |
-+ * false (0) | ... | ...
-+ * | JMP L | NOP
-+ * | <br-stmts> | 1: ...
-+ * | L: ... |
-+ * | |
-+ * | | L: <br-stmts>
-+ * | | jmp 1b
-+ * | |
-+ * -----------+-----------------------+------------------
-+ *
-+ * The initial value is encoded in the LSB of static_key::entries,
-+ * type: 0 = false, 1 = true.
-+ *
-+ * The branch type is encoded in the LSB of jump_entry::key,
-+ * branch: 0 = unlikely, 1 = likely.
-+ *
-+ * This gives the following logic table:
-+ *
-+ * enabled type branch instuction
-+ * -----------------------------+-----------
-+ * 0 0 0 | NOP
-+ * 0 0 1 | JMP
-+ * 0 1 0 | NOP
-+ * 0 1 1 | JMP
-+ *
-+ * 1 0 0 | JMP
-+ * 1 0 1 | NOP
-+ * 1 1 0 | JMP
-+ * 1 1 1 | NOP
-+ *
-+ * Which gives the following functions:
-+ *
-+ * dynamic: instruction = enabled ^ branch
-+ * static: instruction = type ^ branch
-+ *
-+ * See jump_label_type() / jump_label_init_type().
-+ */
-+
-+extern bool ____wrong_branch_error(void);
-+
-+#define static_branch_likely(x) \
-+({ \
-+ bool branch; \
-+ if (__builtin_types_compatible_p(typeof(*x), struct static_key_true)) \
-+ branch = !arch_static_branch(&(x)->key, true); \
-+ else if (__builtin_types_compatible_p(typeof(*x), struct static_key_false)) \
-+ branch = !arch_static_branch_jump(&(x)->key, true); \
-+ else \
-+ branch = ____wrong_branch_error(); \
-+ branch; \
-+})
-+
-+#define static_branch_unlikely(x) \
-+({ \
-+ bool branch; \
-+ if (__builtin_types_compatible_p(typeof(*x), struct static_key_true)) \
-+ branch = arch_static_branch_jump(&(x)->key, false); \
-+ else if (__builtin_types_compatible_p(typeof(*x), struct static_key_false)) \
-+ branch = arch_static_branch(&(x)->key, false); \
-+ else \
-+ branch = ____wrong_branch_error(); \
-+ branch; \
-+})
-+
-+#else /* !HAVE_JUMP_LABEL */
-+
-+#define static_branch_likely(x) likely(static_key_enabled(&(x)->key))
-+#define static_branch_unlikely(x) unlikely(static_key_enabled(&(x)->key))
-+
-+#endif /* HAVE_JUMP_LABEL */
-+
-+/*
-+ * Advanced usage; refcount, branch is enabled when: count != 0
-+ */
-+
-+#define static_branch_inc(x) static_key_slow_inc(&(x)->key)
-+#define static_branch_dec(x) static_key_slow_dec(&(x)->key)
-+
-+/*
-+ * Normal usage; boolean enable/disable.
-+ */
-+
-+#define static_branch_enable(x) static_key_enable(&(x)->key)
-+#define static_branch_disable(x) static_key_disable(&(x)->key)
-+
- #endif /* _LINUX_JUMP_LABEL_H */
-
- #endif /* __ASSEMBLY__ */
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -172,16 +172,22 @@ static inline bool static_key_type(struc
-
- static inline struct static_key *jump_entry_key(struct jump_entry *entry)
- {
-- return (struct static_key *)((unsigned long)entry->key);
-+ return (struct static_key *)((unsigned long)entry->key & ~1UL);
-+}
-+
-+static bool jump_entry_branch(struct jump_entry *entry)
-+{
-+ return (unsigned long)entry->key & 1UL;
- }
-
- static enum jump_label_type jump_label_type(struct jump_entry *entry)
- {
- struct static_key *key = jump_entry_key(entry);
- bool enabled = static_key_enabled(key);
-- bool type = static_key_type(key);
-+ bool branch = jump_entry_branch(entry);
-
-- return enabled ^ type;
-+ /* See the comment in linux/jump_label.h */
-+ return enabled ^ branch;
- }
-
- static void __jump_label_update(struct static_key *key,
-@@ -212,7 +218,10 @@ void __init jump_label_init(void)
- for (iter = iter_start; iter < iter_stop; iter++) {
- struct static_key *iterk;
-
-- arch_jump_label_transform_static(iter, jump_label_type(iter));
-+ /* rewrite NOPs */
-+ if (jump_label_type(iter) == JUMP_LABEL_NOP)
-+ arch_jump_label_transform_static(iter, JUMP_LABEL_NOP);
-+
- iterk = jump_entry_key(iter);
- if (iterk == key)
- continue;
-@@ -232,6 +241,16 @@ void __init jump_label_init(void)
-
- #ifdef CONFIG_MODULES
-
-+static enum jump_label_type jump_label_init_type(struct jump_entry *entry)
-+{
-+ struct static_key *key = jump_entry_key(entry);
-+ bool type = static_key_type(key);
-+ bool branch = jump_entry_branch(entry);
-+
-+ /* See the comment in linux/jump_label.h */
-+ return type ^ branch;
-+}
-+
- struct static_key_mod {
- struct static_key_mod *next;
- struct jump_entry *entries;
-@@ -283,8 +302,11 @@ void jump_label_apply_nops(struct module
- if (iter_start == iter_stop)
- return;
-
-- for (iter = iter_start; iter < iter_stop; iter++)
-- arch_jump_label_transform_static(iter, JUMP_LABEL_NOP);
-+ for (iter = iter_start; iter < iter_stop; iter++) {
-+ /* Only write NOPs for arch_branch_static(). */
-+ if (jump_label_init_type(iter) == JUMP_LABEL_NOP)
-+ arch_jump_label_transform_static(iter, JUMP_LABEL_NOP);
-+ }
- }
-
- static int jump_label_add_module(struct module *mod)
-@@ -325,7 +347,8 @@ static int jump_label_add_module(struct
- jlm->next = key->next;
- key->next = jlm;
-
-- if (jump_label_type(iter) == JUMP_LABEL_JMP)
-+ /* Only update if we've changed from our initial state */
-+ if (jump_label_type(iter) != jump_label_init_type(iter))
- __jump_label_update(key, iter, iter_stop);
- }
-
diff --git a/queue-3.16/locking-static_keys-fix-a-silly-typo.patch b/queue-3.16/locking-static_keys-fix-a-silly-typo.patch
deleted file mode 100644
index 25c1d6d2..00000000
--- a/queue-3.16/locking-static_keys-fix-a-silly-typo.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From: Jonathan Corbet <corbet@lwn.net>
-Date: Mon, 7 Sep 2015 13:18:03 -0600
-Subject: locking/static_keys: Fix a silly typo
-
-commit edcd591c77a48da753456f92daf8bb50fe9bac93 upstream.
-
-Commit:
-
- 412758cb2670 ("jump label, locking/static_keys: Update docs")
-
-introduced a typo that might as well get fixed.
-
-Signed-off-by: Jonathan Corbet <corbet@lwn.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Jason Baron <jbaron@akamai.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Link: http://lkml.kernel.org/r/20150907131803.54c027e1@lwn.net
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/static-keys.txt | 2 +-
- include/linux/jump_label.h | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
---- a/Documentation/static-keys.txt
-+++ b/Documentation/static-keys.txt
-@@ -16,7 +16,7 @@ The updated API replacements are:
- DEFINE_STATIC_KEY_TRUE(key);
- DEFINE_STATIC_KEY_FALSE(key);
- static_key_likely()
--statick_key_unlikely()
-+static_key_unlikely()
-
- 0) Abstract
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -22,7 +22,7 @@
- * DEFINE_STATIC_KEY_TRUE(key);
- * DEFINE_STATIC_KEY_FALSE(key);
- * static_key_likely()
-- * statick_key_unlikely()
-+ * static_key_unlikely()
- *
- * Jump labels provide an interface to generate dynamic branches using
- * self-modifying code. Assuming toolchain and architecture support, if we
diff --git a/queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch b/queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch
deleted file mode 100644
index d5d19997..00000000
--- a/queue-3.16/locking-static_keys-fix-up-the-static-keys-documentation.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From: Jonathan Corbet <corbet@lwn.net>
-Date: Mon, 14 Sep 2015 17:11:05 -0600
-Subject: locking/static_keys: Fix up the static keys documentation
-
-commit 1975dbc276c6ab62230cf4f9df5ddc9ff0e0e473 upstream.
-
-Fix a few small mistakes in the static key documentation and
-delete an unneeded sentence.
-
-Suggested-by: Jason Baron <jbaron@akamai.com>
-Signed-off-by: Jonathan Corbet <corbet@lwn.net>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Link: http://lkml.kernel.org/r/20150914171105.511e1e21@lwn.net
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/static-keys.txt | 4 ++--
- include/linux/jump_label.h | 10 ++++------
- 2 files changed, 6 insertions(+), 8 deletions(-)
-
---- a/Documentation/static-keys.txt
-+++ b/Documentation/static-keys.txt
-@@ -15,8 +15,8 @@ The updated API replacements are:
-
- DEFINE_STATIC_KEY_TRUE(key);
- DEFINE_STATIC_KEY_FALSE(key);
--static_key_likely()
--static_key_unlikely()
-+static_branch_likely()
-+static_branch_unlikely()
-
- 0) Abstract
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -21,8 +21,8 @@
- *
- * DEFINE_STATIC_KEY_TRUE(key);
- * DEFINE_STATIC_KEY_FALSE(key);
-- * static_key_likely()
-- * static_key_unlikely()
-+ * static_branch_likely()
-+ * static_branch_unlikely()
- *
- * Jump labels provide an interface to generate dynamic branches using
- * self-modifying code. Assuming toolchain and architecture support, if we
-@@ -45,12 +45,10 @@
- * statement, setting the key to true requires us to patch in a jump
- * to the out-of-line of true branch.
- *
-- * In addtion to static_branch_{enable,disable}, we can also reference count
-+ * In addition to static_branch_{enable,disable}, we can also reference count
- * the key or branch direction via static_branch_{inc,dec}. Thus,
- * static_branch_inc() can be thought of as a 'make more true' and
-- * static_branch_dec() as a 'make more false'. The inc()/dec()
-- * interface is meant to be used exclusively from the inc()/dec() for a given
-- * key.
-+ * static_branch_dec() as a 'make more false'.
- *
- * Since this relies on modifying code, the branch modifying functions
- * must be considered absolute slow paths (machine wide synchronization etc.).
diff --git a/queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch b/queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch
deleted file mode 100644
index 48cb8a3d..00000000
--- a/queue-3.16/locking-static_keys-provide-declare-and-well-as-define-macros.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Tony Luck <tony.luck@intel.com>
-Date: Thu, 1 Sep 2016 11:39:33 -0700
-Subject: locking/static_keys: Provide DECLARE and well as DEFINE macros
-
-commit b8fb03785d4de097507d0cf45873525e0ac4d2b2 upstream.
-
-We will need to provide declarations of static keys in header
-files. Provide DECLARE_STATIC_KEY_{TRUE,FALSE} macros.
-
-Signed-off-by: Tony Luck <tony.luck@intel.com>
-Acked-by: Borislav Petkov <bp@suse.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Dan Williams <dan.j.williams@intel.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Link: http://lkml.kernel.org/r/816881cf85bd3cf13385d212882618f38a3b5d33.1472754711.git.tony.luck@intel.com
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- include/linux/jump_label.h | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -267,9 +267,15 @@ struct static_key_false {
- #define DEFINE_STATIC_KEY_TRUE(name) \
- struct static_key_true name = STATIC_KEY_TRUE_INIT
-
-+#define DECLARE_STATIC_KEY_TRUE(name) \
-+ extern struct static_key_true name
-+
- #define DEFINE_STATIC_KEY_FALSE(name) \
- struct static_key_false name = STATIC_KEY_FALSE_INIT
-
-+#define DECLARE_STATIC_KEY_FALSE(name) \
-+ extern struct static_key_false name
-+
- extern bool ____wrong_branch_error(void);
-
- #define static_key_enabled(x) \
diff --git a/queue-3.16/locking-static_keys-rework-update-logic.patch b/queue-3.16/locking-static_keys-rework-update-logic.patch
deleted file mode 100644
index db4a13a6..00000000
--- a/queue-3.16/locking-static_keys-rework-update-logic.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Fri, 24 Jul 2015 15:06:37 +0200
-Subject: locking/static_keys: Rework update logic
-
-commit 706249c222f68471b6f8e9e8e9b77665c404b226 upstream.
-
-Instead of spreading the branch_default logic all over the place,
-concentrate it into the one jump_label_type() function.
-
-This does mean we need to actually increment/decrement the enabled
-count _before_ calling the update path, otherwise jump_label_type()
-will not see the right state.
-
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: linux-kernel@vger.kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- kernel/jump_label.c | 88 ++++++++++++++++++++-------------------------
- 1 file changed, 38 insertions(+), 50 deletions(-)
-
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -54,12 +54,7 @@ jump_label_sort_entries(struct jump_entr
- sort(start, size, sizeof(struct jump_entry), jump_label_cmp, NULL);
- }
-
--static void jump_label_update(struct static_key *key, int enable);
--
--static inline bool static_key_type(struct static_key *key)
--{
-- return (unsigned long)key->entries & JUMP_TYPE_MASK;
--}
-+static void jump_label_update(struct static_key *key);
-
- void static_key_slow_inc(struct static_key *key)
- {
-@@ -68,13 +63,8 @@ void static_key_slow_inc(struct static_k
- return;
-
- jump_label_lock();
-- if (atomic_read(&key->enabled) == 0) {
-- if (!static_key_type(key))
-- jump_label_update(key, JUMP_LABEL_JMP);
-- else
-- jump_label_update(key, JUMP_LABEL_NOP);
-- }
-- atomic_inc(&key->enabled);
-+ if (atomic_inc_return(&key->enabled) == 1)
-+ jump_label_update(key);
- jump_label_unlock();
- }
- EXPORT_SYMBOL_GPL(static_key_slow_inc);
-@@ -92,10 +82,7 @@ static void __static_key_slow_dec(struct
- atomic_inc(&key->enabled);
- schedule_delayed_work(work, rate_limit);
- } else {
-- if (!static_key_type(key))
-- jump_label_update(key, JUMP_LABEL_NOP);
-- else
-- jump_label_update(key, JUMP_LABEL_JMP);
-+ jump_label_update(key);
- }
- jump_label_unlock();
- }
-@@ -161,7 +148,7 @@ static int __jump_label_text_reserved(st
- return 0;
- }
-
--/*
-+/*
- * Update code which is definitely not currently executing.
- * Architectures which need heavyweight synchronization to modify
- * running code can override this to make the non-live update case
-@@ -170,29 +157,17 @@ static int __jump_label_text_reserved(st
- void __weak __init_or_module arch_jump_label_transform_static(struct jump_entry *entry,
- enum jump_label_type type)
- {
-- arch_jump_label_transform(entry, type);
-+ arch_jump_label_transform(entry, type);
- }
-
--static void __jump_label_update(struct static_key *key,
-- struct jump_entry *entry,
-- struct jump_entry *stop, int enable)
-+static inline struct jump_entry *static_key_entries(struct static_key *key)
- {
-- for (; (entry < stop) &&
-- (entry->key == (jump_label_t)(unsigned long)key);
-- entry++) {
-- /*
-- * entry->code set to 0 invalidates module init text sections
-- * kernel_text_address() verifies we are not in core kernel
-- * init code, see jump_label_invalidate_module_init().
-- */
-- if (entry->code && kernel_text_address(entry->code))
-- arch_jump_label_transform(entry, enable);
-- }
-+ return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK);
- }
-
--static inline struct jump_entry *static_key_entries(struct static_key *key)
-+static inline bool static_key_type(struct static_key *key)
- {
-- return (struct jump_entry *)((unsigned long)key->entries & ~JUMP_TYPE_MASK);
-+ return (unsigned long)key->entries & JUMP_TYPE_MASK;
- }
-
- static inline struct static_key *jump_entry_key(struct jump_entry *entry)
-@@ -200,14 +175,30 @@ static inline struct static_key *jump_en
- return (struct static_key *)((unsigned long)entry->key);
- }
-
--static enum jump_label_type jump_label_type(struct static_key *key)
-+static enum jump_label_type jump_label_type(struct jump_entry *entry)
- {
-+ struct static_key *key = jump_entry_key(entry);
- bool enabled = static_key_enabled(key);
- bool type = static_key_type(key);
-
- return enabled ^ type;
- }
-
-+static void __jump_label_update(struct static_key *key,
-+ struct jump_entry *entry,
-+ struct jump_entry *stop)
-+{
-+ for (; (entry < stop) && (jump_entry_key(entry) == key); entry++) {
-+ /*
-+ * entry->code set to 0 invalidates module init text sections
-+ * kernel_text_address() verifies we are not in core kernel
-+ * init code, see jump_label_invalidate_module_init().
-+ */
-+ if (entry->code && kernel_text_address(entry->code))
-+ arch_jump_label_transform(entry, jump_label_type(entry));
-+ }
-+}
-+
- void __init jump_label_init(void)
- {
- struct jump_entry *iter_start = __start___jump_table;
-@@ -221,8 +212,8 @@ void __init jump_label_init(void)
- for (iter = iter_start; iter < iter_stop; iter++) {
- struct static_key *iterk;
-
-+ arch_jump_label_transform_static(iter, jump_label_type(iter));
- iterk = jump_entry_key(iter);
-- arch_jump_label_transform_static(iter, jump_label_type(iterk));
- if (iterk == key)
- continue;
-
-@@ -262,17 +253,15 @@ static int __jump_label_mod_text_reserve
- start, end);
- }
-
--static void __jump_label_mod_update(struct static_key *key, int enable)
-+static void __jump_label_mod_update(struct static_key *key)
- {
-- struct static_key_mod *mod = key->next;
-+ struct static_key_mod *mod;
-
-- while (mod) {
-+ for (mod = key->next; mod; mod = mod->next) {
- struct module *m = mod->mod;
-
- __jump_label_update(key, mod->entries,
-- m->jump_entries + m->num_jump_entries,
-- enable);
-- mod = mod->next;
-+ m->jump_entries + m->num_jump_entries);
- }
- }
-
-@@ -294,9 +283,8 @@ void jump_label_apply_nops(struct module
- if (iter_start == iter_stop)
- return;
-
-- for (iter = iter_start; iter < iter_stop; iter++) {
-+ for (iter = iter_start; iter < iter_stop; iter++)
- arch_jump_label_transform_static(iter, JUMP_LABEL_NOP);
-- }
- }
-
- static int jump_label_add_module(struct module *mod)
-@@ -337,8 +325,8 @@ static int jump_label_add_module(struct
- jlm->next = key->next;
- key->next = jlm;
-
-- if (jump_label_type(key) == JUMP_LABEL_JMP)
-- __jump_label_update(key, iter, iter_stop, JUMP_LABEL_JMP);
-+ if (jump_label_type(iter) == JUMP_LABEL_JMP)
-+ __jump_label_update(key, iter, iter_stop);
- }
-
- return 0;
-@@ -458,14 +446,14 @@ int jump_label_text_reserved(void *start
- return ret;
- }
-
--static void jump_label_update(struct static_key *key, int enable)
-+static void jump_label_update(struct static_key *key)
- {
- struct jump_entry *stop = __stop___jump_table;
- struct jump_entry *entry = static_key_entries(key);
- #ifdef CONFIG_MODULES
- struct module *mod;
-
-- __jump_label_mod_update(key, enable);
-+ __jump_label_mod_update(key);
-
- preempt_disable();
- mod = __module_address((unsigned long)key);
-@@ -475,7 +463,7 @@ static void jump_label_update(struct sta
- #endif
- /* if there are no users, entry can be NULL */
- if (entry)
-- __jump_label_update(key, entry, stop, enable);
-+ __jump_label_update(key, entry, stop);
- }
-
- #endif
diff --git a/queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch b/queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch
deleted file mode 100644
index e5b3c197..00000000
--- a/queue-3.16/mips-jump_label.c-correct-the-span-of-the-j-instruction.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: "Maciej W. Rozycki" <macro@codesourcery.com>
-Date: Mon, 17 Nov 2014 16:09:54 +0000
-Subject: MIPS: jump_label.c: Correct the span of the J instruction
-
-commit 99436f7d69045800ffd1d66912f85d37150c7e2b upstream.
-
-Correct the check for the span of the 256MB segment addressable by the J
-instruction according to this instruction's semantics. The calculation
-of the jump target is applied to the address of the delay-slot
-instruction that immediately follows. Adjust the check accordingly by
-adding 4 to `e->code' that holds the address of the J instruction
-itself.
-
-Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
-Cc: linux-mips@linux-mips.org
-Patchwork: https://patchwork.linux-mips.org/patch/8515/
-Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/mips/kernel/jump_label.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/arch/mips/kernel/jump_label.c
-+++ b/arch/mips/kernel/jump_label.c
-@@ -27,8 +27,8 @@ void arch_jump_label_transform(struct ju
- union mips_instruction *insn_p =
- (union mips_instruction *)(unsigned long)e->code;
-
-- /* Jump only works within a 256MB aligned region. */
-- BUG_ON((e->target & ~J_RANGE_MASK) != (e->code & ~J_RANGE_MASK));
-+ /* Jump only works within a 256MB aligned region of its delay slot. */
-+ BUG_ON((e->target & ~J_RANGE_MASK) != ((e->code + 4) & ~J_RANGE_MASK));
-
- /* Target must have 4 byte alignment. */
- BUG_ON((e->target & 3) != 0);
diff --git a/queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch b/queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch
deleted file mode 100644
index 533af0ee..00000000
--- a/queue-3.16/mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From: "Maciej W. Rozycki" <macro@codesourcery.com>
-Date: Mon, 17 Nov 2014 16:10:32 +0000
-Subject: MIPS: jump_label.c: Handle the microMIPS J instruction encoding
-
-commit 935c2dbec4d6d3163ee8e7409996904a734ad89a upstream.
-
-Implement the microMIPS encoding of the J instruction for the purpose of
-the static keys feature, fixing a crash early on in bootstrap as the
-kernel is unhappy seeing the ISA bit set in jump table entries. Make
-sure the ISA bit correctly reflects the instruction encoding chosen for
-the kernel, 0 for the standard MIPS and 1 for the microMIPS encoding.
-
-Also make sure the instruction to patch is a 32-bit NOP in the microMIPS
-mode as by default the 16-bit short encoding is assumed
-
-Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
-Cc: linux-mips@linux-mips.org
-Patchwork: https://patchwork.linux-mips.org/patch/8516/
-Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/mips/include/asm/jump_label.h | 8 +++++-
- arch/mips/kernel/jump_label.c | 40 +++++++++++++++++++++++-------
- 2 files changed, 38 insertions(+), 10 deletions(-)
-
---- a/arch/mips/include/asm/jump_label.h
-+++ b/arch/mips/include/asm/jump_label.h
-@@ -20,9 +20,15 @@
- #define WORD_INSN ".word"
- #endif
-
-+#ifdef CONFIG_CPU_MICROMIPS
-+#define NOP_INSN "nop32"
-+#else
-+#define NOP_INSN "nop"
-+#endif
-+
- static __always_inline bool arch_static_branch(struct static_key *key)
- {
-- asm_volatile_goto("1:\tnop\n\t"
-+ asm_volatile_goto("1:\t" NOP_INSN "\n\t"
- "nop\n\t"
- ".pushsection __jump_table, \"aw\"\n\t"
- WORD_INSN " 1b, %l[l_yes], %0\n\t"
---- a/arch/mips/kernel/jump_label.c
-+++ b/arch/mips/kernel/jump_label.c
-@@ -18,31 +18,53 @@
-
- #ifdef HAVE_JUMP_LABEL
-
--#define J_RANGE_MASK ((1ul << 28) - 1)
-+/*
-+ * Define parameters for the standard MIPS and the microMIPS jump
-+ * instruction encoding respectively:
-+ *
-+ * - the ISA bit of the target, either 0 or 1 respectively,
-+ *
-+ * - the amount the jump target address is shifted right to fit in the
-+ * immediate field of the machine instruction, either 2 or 1,
-+ *
-+ * - the mask determining the size of the jump region relative to the
-+ * delay-slot instruction, either 256MB or 128MB,
-+ *
-+ * - the jump target alignment, either 4 or 2 bytes.
-+ */
-+#define J_ISA_BIT IS_ENABLED(CONFIG_CPU_MICROMIPS)
-+#define J_RANGE_SHIFT (2 - J_ISA_BIT)
-+#define J_RANGE_MASK ((1ul << (26 + J_RANGE_SHIFT)) - 1)
-+#define J_ALIGN_MASK ((1ul << J_RANGE_SHIFT) - 1)
-
- void arch_jump_label_transform(struct jump_entry *e,
- enum jump_label_type type)
- {
-+ union mips_instruction *insn_p;
- union mips_instruction insn;
-- union mips_instruction *insn_p =
-- (union mips_instruction *)(unsigned long)e->code;
-
-- /* Jump only works within a 256MB aligned region of its delay slot. */
-+ insn_p = (union mips_instruction *)msk_isa16_mode(e->code);
-+
-+ /* Jump only works within an aligned region its delay slot is in. */
- BUG_ON((e->target & ~J_RANGE_MASK) != ((e->code + 4) & ~J_RANGE_MASK));
-
-- /* Target must have 4 byte alignment. */
-- BUG_ON((e->target & 3) != 0);
-+ /* Target must have the right alignment and ISA must be preserved. */
-+ BUG_ON((e->target & J_ALIGN_MASK) != J_ISA_BIT);
-
- if (type == JUMP_LABEL_ENABLE) {
-- insn.j_format.opcode = j_op;
-- insn.j_format.target = (e->target & J_RANGE_MASK) >> 2;
-+ insn.j_format.opcode = J_ISA_BIT ? mm_j32_op : j_op;
-+ insn.j_format.target = e->target >> J_RANGE_SHIFT;
- } else {
- insn.word = 0; /* nop */
- }
-
- get_online_cpus();
- mutex_lock(&text_mutex);
-- *insn_p = insn;
-+ if (IS_ENABLED(CONFIG_CPU_MICROMIPS)) {
-+ insn_p->halfword[0] = insn.word >> 16;
-+ insn_p->halfword[1] = insn.word;
-+ } else
-+ *insn_p = insn;
-
- flush_icache_range((unsigned long)insn_p,
- (unsigned long)insn_p + sizeof(*insn_p));
diff --git a/queue-3.16/module-add-within_module-function.patch b/queue-3.16/module-add-within_module-function.patch
deleted file mode 100644
index b844fdc2..00000000
--- a/queue-3.16/module-add-within_module-function.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Petr Mladek <pmladek@suse.cz>
-Date: Sun, 27 Jul 2014 07:24:01 +0930
-Subject: module: add within_module() function
-
-commit 9b20a352d78a7651aa68a9220f77ccb03009d892 upstream.
-
-It is just a small optimization that allows to replace few
-occurrences of within_module_init() || within_module_core()
-with a single call.
-
-Signed-off-by: Petr Mladek <pmladek@suse.cz>
-Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- include/linux/module.h | 5 +++++
- kernel/module.c | 12 ++++--------
- 2 files changed, 9 insertions(+), 8 deletions(-)
-
---- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -408,6 +408,11 @@ static inline int within_module_init(uns
- addr < (unsigned long)mod->module_init + mod->init_size;
- }
-
-+static inline int within_module(unsigned long addr, const struct module *mod)
-+{
-+ return within_module_init(addr, mod) || within_module_core(addr, mod);
-+}
-+
- /* Search for module by name: must hold module_mutex. */
- struct module *find_module(const char *name);
-
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -3489,8 +3489,7 @@ const char *module_address_lookup(unsign
- list_for_each_entry_rcu(mod, &modules, list) {
- if (mod->state == MODULE_STATE_UNFORMED)
- continue;
-- if (within_module_init(addr, mod) ||
-- within_module_core(addr, mod)) {
-+ if (within_module(addr, mod)) {
- if (modname)
- *modname = mod->name;
- ret = get_ksymbol(mod, addr, size, offset);
-@@ -3514,8 +3513,7 @@ int lookup_module_symbol_name(unsigned l
- list_for_each_entry_rcu(mod, &modules, list) {
- if (mod->state == MODULE_STATE_UNFORMED)
- continue;
-- if (within_module_init(addr, mod) ||
-- within_module_core(addr, mod)) {
-+ if (within_module(addr, mod)) {
- const char *sym;
-
- sym = get_ksymbol(mod, addr, NULL, NULL);
-@@ -3540,8 +3538,7 @@ int lookup_module_symbol_attrs(unsigned
- list_for_each_entry_rcu(mod, &modules, list) {
- if (mod->state == MODULE_STATE_UNFORMED)
- continue;
-- if (within_module_init(addr, mod) ||
-- within_module_core(addr, mod)) {
-+ if (within_module(addr, mod)) {
- const char *sym;
-
- sym = get_ksymbol(mod, addr, size, offset);
-@@ -3804,8 +3801,7 @@ struct module *__module_address(unsigned
- list_for_each_entry_rcu(mod, &modules, list) {
- if (mod->state == MODULE_STATE_UNFORMED)
- continue;
-- if (within_module_core(addr, mod)
-- || within_module_init(addr, mod))
-+ if (within_module(addr, mod))
- return mod;
- }
- return NULL;
diff --git a/queue-3.16/module-jump_label-fix-module-locking.patch b/queue-3.16/module-jump_label-fix-module-locking.patch
deleted file mode 100644
index bb7d4b10..00000000
--- a/queue-3.16/module-jump_label-fix-module-locking.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Wed, 27 May 2015 11:09:35 +0930
-Subject: module, jump_label: Fix module locking
-
-commit bed831f9a251968272dae10a83b512c7db256ef0 upstream.
-
-As per the module core lockdep annotations in the coming patch:
-
-[ 18.034047] ---[ end trace 9294429076a9c673 ]---
-[ 18.047760] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
-[ 18.059228] ffffffff817d8676 ffff880036683c38 ffffffff8157e98b 0000000000000001
-[ 18.067541] 0000000000000000 ffff880036683c78 ffffffff8105fbc7 ffff880036683c68
-[ 18.075851] ffffffffa0046b08 0000000000000000 ffffffffa0046d00 ffffffffa0046cc8
-[ 18.084173] Call Trace:
-[ 18.086906] [<ffffffff8157e98b>] dump_stack+0x4f/0x7b
-[ 18.092649] [<ffffffff8105fbc7>] warn_slowpath_common+0x97/0xe0
-[ 18.099361] [<ffffffff8105fc2a>] warn_slowpath_null+0x1a/0x20
-[ 18.105880] [<ffffffff810ee502>] __module_address+0x1d2/0x1e0
-[ 18.112400] [<ffffffff81161153>] jump_label_module_notify+0x143/0x1e0
-[ 18.119710] [<ffffffff810814bf>] notifier_call_chain+0x4f/0x70
-[ 18.126326] [<ffffffff8108160e>] __blocking_notifier_call_chain+0x5e/0x90
-[ 18.134009] [<ffffffff81081656>] blocking_notifier_call_chain+0x16/0x20
-[ 18.141490] [<ffffffff810f0f00>] load_module+0x1b50/0x2660
-[ 18.147720] [<ffffffff810f1ade>] SyS_init_module+0xce/0x100
-[ 18.154045] [<ffffffff81587429>] system_call_fastpath+0x12/0x17
-[ 18.160748] ---[ end trace 9294429076a9c674 ]---
-
-Jump labels is not doing it right; fix this.
-
-Cc: Rusty Russell <rusty@rustcorp.com.au>
-Cc: Jason Baron <jbaron@akamai.com>
-Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- kernel/jump_label.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -309,7 +309,7 @@ static int jump_label_add_module(struct
- continue;
-
- key = iterk;
-- if (__module_address(iter->key) == mod) {
-+ if (within_module(iter->key, mod)) {
- /*
- * Set key->entries to iter, but preserve JUMP_LABEL_TRUE_BRANCH.
- */
-@@ -346,7 +346,7 @@ static void jump_label_del_module(struct
-
- key = (struct static_key *)(unsigned long)iter->key;
-
-- if (__module_address(iter->key) == mod)
-+ if (within_module(iter->key, mod))
- continue;
-
- prev = &key->next;
-@@ -450,14 +450,16 @@ static void jump_label_update(struct sta
- {
- struct jump_entry *stop = __stop___jump_table;
- struct jump_entry *entry = jump_label_get_entries(key);
--
- #ifdef CONFIG_MODULES
-- struct module *mod = __module_address((unsigned long)key);
-+ struct module *mod;
-
- __jump_label_mod_update(key, enable);
-
-+ preempt_disable();
-+ mod = __module_address((unsigned long)key);
- if (mod)
- stop = mod->jump_entries + mod->num_jump_entries;
-+ preempt_enable();
- #endif
- /* if there are no users, entry can be NULL */
- if (entry)
diff --git a/queue-3.16/s390-jump-label-add-sanity-checks.patch b/queue-3.16/s390-jump-label-add-sanity-checks.patch
deleted file mode 100644
index 2429a8d1..00000000
--- a/queue-3.16/s390-jump-label-add-sanity-checks.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From: Heiko Carstens <heiko.carstens@de.ibm.com>
-Date: Thu, 29 Jan 2015 13:45:35 +0100
-Subject: s390/jump label: add sanity checks
-
-commit 5c6497c50f8d809eac6d01512c291a1f67382abd upstream.
-
-Add sanity checks to verify that only expected code will be replaced.
-If the code patterns do not match print the code patterns and panic,
-since something went terribly wrong.
-
-Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
-Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/s390/kernel/jump_label.c | 56 ++++++++++++++++++++++++++---------
- 1 file changed, 42 insertions(+), 14 deletions(-)
-
---- a/arch/s390/kernel/jump_label.c
-+++ b/arch/s390/kernel/jump_label.c
-@@ -22,31 +22,59 @@ struct insn_args {
- enum jump_label_type type;
- };
-
-+static void jump_label_make_nop(struct jump_entry *entry, struct insn *insn)
-+{
-+ /* brcl 0,0 */
-+ insn->opcode = 0xc004;
-+ insn->offset = 0;
-+}
-+
-+static void jump_label_make_branch(struct jump_entry *entry, struct insn *insn)
-+{
-+ /* brcl 15,offset */
-+ insn->opcode = 0xc0f4;
-+ insn->offset = (entry->target - entry->code) >> 1;
-+}
-+
-+static void jump_label_bug(struct jump_entry *entry, struct insn *insn)
-+{
-+ unsigned char *ipc = (unsigned char *)entry->code;
-+ unsigned char *ipe = (unsigned char *)insn;
-+
-+ pr_emerg("Jump label code mismatch at %pS [%p]\n", ipc, ipc);
-+ pr_emerg("Found: %02x %02x %02x %02x %02x %02x\n",
-+ ipc[0], ipc[1], ipc[2], ipc[3], ipc[4], ipc[5]);
-+ pr_emerg("Expected: %02x %02x %02x %02x %02x %02x\n",
-+ ipe[0], ipe[1], ipe[2], ipe[3], ipe[4], ipe[5]);
-+ panic("Corrupted kernel text");
-+}
-+
- static void __jump_label_transform(struct jump_entry *entry,
-- enum jump_label_type type)
-+ enum jump_label_type type,
-+ int init)
- {
-- struct insn insn;
-- int rc;
-+ struct insn old, new;
-
- if (type == JUMP_LABEL_ENABLE) {
-- /* brcl 15,offset */
-- insn.opcode = 0xc0f4;
-- insn.offset = (entry->target - entry->code) >> 1;
-+ jump_label_make_nop(entry, &old);
-+ jump_label_make_branch(entry, &new);
- } else {
-- /* brcl 0,0 */
-- insn.opcode = 0xc004;
-- insn.offset = 0;
-+ if (init)
-+ jump_label_make_nop(entry, &old);
-+ else
-+ jump_label_make_branch(entry, &old);
-+ jump_label_make_nop(entry, &new);
- }
--
-- rc = probe_kernel_write((void *)entry->code, &insn, JUMP_LABEL_NOP_SIZE);
-- WARN_ON_ONCE(rc < 0);
-+ if (memcmp((void *)entry->code, &old, sizeof(old)))
-+ jump_label_bug(entry, &old);
-+ probe_kernel_write((void *)entry->code, &new, sizeof(new));
- }
-
- static int __sm_arch_jump_label_transform(void *data)
- {
- struct insn_args *args = data;
-
-- __jump_label_transform(args->entry, args->type);
-+ __jump_label_transform(args->entry, args->type, 0);
- return 0;
- }
-
-@@ -64,7 +92,7 @@ void arch_jump_label_transform(struct ju
- void arch_jump_label_transform_static(struct jump_entry *entry,
- enum jump_label_type type)
- {
-- __jump_label_transform(entry, type);
-+ __jump_label_transform(entry, type, 1);
- }
-
- #endif
diff --git a/queue-3.16/s390-jump-label-use-different-nop-instruction.patch b/queue-3.16/s390-jump-label-use-different-nop-instruction.patch
deleted file mode 100644
index 54ca1d9c..00000000
--- a/queue-3.16/s390-jump-label-use-different-nop-instruction.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From: Heiko Carstens <heiko.carstens@de.ibm.com>
-Date: Thu, 29 Jan 2015 14:10:22 +0100
-Subject: s390/jump label: use different nop instruction
-
-commit d5caa4dbf9bd2ad8cd7f6be0ca76722be947182b upstream.
-
-Use a brcl 0,2 instruction for jump label nops during compile time,
-so we don't mix up the different nops during mcount/hotpatch call
-site detection.
-The initial jump label code instruction replacement will exchange
-these instructions with either a branch or a brcl 0,0 instruction.
-
-Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
-Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/s390/include/asm/jump_label.h | 7 ++++++-
- arch/s390/kernel/jump_label.c | 19 +++++++++++++------
- 2 files changed, 19 insertions(+), 7 deletions(-)
-
---- a/arch/s390/include/asm/jump_label.h
-+++ b/arch/s390/include/asm/jump_label.h
-@@ -4,6 +4,7 @@
- #include <linux/types.h>
-
- #define JUMP_LABEL_NOP_SIZE 6
-+#define JUMP_LABEL_NOP_OFFSET 2
-
- #ifdef CONFIG_64BIT
- #define ASM_PTR ".quad"
-@@ -13,9 +14,13 @@
- #define ASM_ALIGN ".balign 4"
- #endif
-
-+/*
-+ * We use a brcl 0,2 instruction for jump labels at compile time so it
-+ * can be easily distinguished from a hotpatch generated instruction.
-+ */
- static __always_inline bool arch_static_branch(struct static_key *key)
- {
-- asm_volatile_goto("0: brcl 0,0\n"
-+ asm_volatile_goto("0: brcl 0,"__stringify(JUMP_LABEL_NOP_OFFSET)"\n"
- ".pushsection __jump_table, \"aw\"\n"
- ASM_ALIGN "\n"
- ASM_PTR " 0b, %l[label], %0\n"
---- a/arch/s390/kernel/jump_label.c
-+++ b/arch/s390/kernel/jump_label.c
-@@ -49,6 +49,11 @@ static void jump_label_bug(struct jump_e
- panic("Corrupted kernel text");
- }
-
-+static struct insn orignop = {
-+ .opcode = 0xc004,
-+ .offset = JUMP_LABEL_NOP_OFFSET >> 1,
-+};
-+
- static void __jump_label_transform(struct jump_entry *entry,
- enum jump_label_type type,
- int init)
-@@ -59,14 +64,16 @@ static void __jump_label_transform(struc
- jump_label_make_nop(entry, &old);
- jump_label_make_branch(entry, &new);
- } else {
-- if (init)
-- jump_label_make_nop(entry, &old);
-- else
-- jump_label_make_branch(entry, &old);
-+ jump_label_make_branch(entry, &old);
- jump_label_make_nop(entry, &new);
- }
-- if (memcmp((void *)entry->code, &old, sizeof(old)))
-- jump_label_bug(entry, &old);
-+ if (init) {
-+ if (memcmp((void *)entry->code, &orignop, sizeof(orignop)))
-+ jump_label_bug(entry, &old);
-+ } else {
-+ if (memcmp((void *)entry->code, &old, sizeof(old)))
-+ jump_label_bug(entry, &old);
-+ }
- probe_kernel_write((void *)entry->code, &new, sizeof(new));
- }
-
diff --git a/queue-3.16/sched-add-sched_smt_active.patch b/queue-3.16/sched-add-sched_smt_active.patch
deleted file mode 100644
index 391dd79c..00000000
--- a/queue-3.16/sched-add-sched_smt_active.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Fri, 10 May 2019 00:46:25 +0100
-Subject: sched: Add sched_smt_active()
-
-Add the sched_smt_active() function needed for some x86 speculation
-mitigations. This was introduced upstream by commits 1b568f0aabf2
-"sched/core: Optimize SCHED_SMT", ba2591a5993e "sched/smt: Update
-sched_smt_present at runtime", c5511d03ec09 "sched/smt: Make
-sched_smt_present track topology", and 321a874a7ef8 "sched/smt: Expose
-sched_smt_present static key". The upstream implementation uses the
-static_key_{disable,enable}_cpuslocked() functions, which aren't
-practical to backport.
-
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
----
- include/linux/sched/smt.h | 18 ++++++++++++++++++
- kernel/sched/core.c | 19 +++++++++++++++++++
- kernel/sched/sched.h | 1 +
- 3 files changed, 38 insertions(+)
-
---- /dev/null
-+++ b/include/linux/sched/smt.h
-@@ -0,0 +1,18 @@
-+/* SPDX-License-Identifier: GPL-2.0 */
-+#ifndef _LINUX_SCHED_SMT_H
-+#define _LINUX_SCHED_SMT_H
-+
-+#include <linux/atomic.h>
-+
-+#ifdef CONFIG_SCHED_SMT
-+extern atomic_t sched_smt_present;
-+
-+static __always_inline bool sched_smt_active(void)
-+{
-+ return atomic_read(&sched_smt_present);
-+}
-+#else
-+static inline bool sched_smt_active(void) { return false; }
-+#endif
-+
-+#endif
---- a/kernel/sched/core.c
-+++ b/kernel/sched/core.c
-@@ -5210,6 +5210,10 @@ static void __cpuinit set_cpu_rq_start_t
- rq->age_stamp = sched_clock_cpu(cpu);
- }
-
-+#ifdef CONFIG_SCHED_SMT
-+atomic_t sched_smt_present = ATOMIC_INIT(0);
-+#endif
-+
- static int sched_cpu_active(struct notifier_block *nfb,
- unsigned long action, void *hcpu)
- {
-@@ -5226,6 +5230,13 @@ static int sched_cpu_active(struct notif
- * Thus, fall-through and help the starting CPU along.
- */
- case CPU_DOWN_FAILED:
-+#ifdef CONFIG_SCHED_SMT
-+ /*
-+ * When going up, increment the number of cores with SMT present.
-+ */
-+ if (cpumask_weight(cpu_smt_mask((long)hcpu)) == 2)
-+ atomic_inc(&sched_smt_present);
-+#endif
- set_cpu_active((long)hcpu, true);
- return NOTIFY_OK;
- default:
-@@ -5243,6 +5254,14 @@ static int sched_cpu_inactive(struct not
- case CPU_DOWN_PREPARE:
- set_cpu_active(cpu, false);
-
-+#ifdef CONFIG_SCHED_SMT
-+ /*
-+ * When going down, decrement the number of cores with SMT present.
-+ */
-+ if (cpumask_weight(cpu_smt_mask(cpu)) == 2)
-+ atomic_dec(&sched_smt_present);
-+#endif
-+
- /* explicitly allow suspend */
- if (!(action & CPU_TASKS_FROZEN)) {
- struct dl_bw *dl_b = dl_bw_of(cpu);
---- a/kernel/sched/sched.h
-+++ b/kernel/sched/sched.h
-@@ -2,6 +2,7 @@
- #include <linux/sched.h>
- #include <linux/sched/sysctl.h>
- #include <linux/sched/rt.h>
-+#include <linux/sched/smt.h>
- #include <linux/sched/deadline.h>
- #include <linux/mutex.h>
- #include <linux/spinlock.h>
diff --git a/queue-3.16/series b/queue-3.16/series
deleted file mode 100644
index 7a55cbbd..00000000
--- a/queue-3.16/series
+++ /dev/null
@@ -1,86 +0,0 @@
-x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch
-module-add-within_module-function.patch
-jump_label-fix-small-typos-in-the-documentation.patch
-mips-jump_label.c-correct-the-span-of-the-j-instruction.patch
-mips-jump_label.c-handle-the-micromips-j-instruction-encoding.patch
-s390-jump-label-add-sanity-checks.patch
-s390-jump-label-use-different-nop-instruction.patch
-jump_label-allow-asm-jump_label.h-to-be-included-in-assembly.patch
-jump_label-allow-jump-labels-to-be-used-in-assembly.patch
-module-jump_label-fix-module-locking.patch
-jump_label-rename-jump_label_-en-dis-able-to-jump_label_-jmp-nop.patch
-jump_label-locking-static_keys-rename-jump_label_type_-and-related.patch
-jump_label-add-jump_entry_key-helper.patch
-locking-static_keys-rework-update-logic.patch
-locking-static_keys-add-a-new-static_key-interface.patch
-jump-label-locking-static_keys-update-docs.patch
-jump_label-x86-work-around-asm-build-bug-on-older-backported-gccs.patch
-locking-static_keys-fix-a-silly-typo.patch
-locking-static_keys-fix-up-the-static-keys-documentation.patch
-jump_label-make-static_key_enabled-work-on-static_key_true-false.patch
-x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch
-x86-asm-add-asm-macros-for-static-keys-jump-labels.patch
-x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch
-x86-cpufeature-carve-out-x86_feature_.patch
-locking-static_key-fix-concurrent-static_key_slow_inc.patch
-locking-static_keys-provide-declare-and-well-as-define-macros.patch
-x86-speculation-support-enhanced-ibrs-on-future-cpus.patch
-x86-speculation-simplify-the-cpu-bug-detection-logic.patch
-x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch
-x86-cpu-sanitize-fam6_atom-naming.patch
-x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch
-x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
-x86-speculation-propagate-information-about-rsb-filling-mitigation.patch
-x86-speculation-update-the-tif_ssbd-comment.patch
-x86-speculation-clean-up-spectre_v2_parse_cmdline.patch
-x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch
-x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch
-x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch
-x86-speculation-rename-ssbd-update-functions.patch
-x86-speculation-reorganize-speculation-control-msrs-update.patch
-x86-kconfig-select-sched_smt-if-smp-enabled.patch
-sched-add-sched_smt_active.patch
-x86-speculation-rework-smt-state-change.patch
-x86-speculation-reorder-the-spec_v2-code.patch
-x86-speculation-mark-string-arrays-const-correctly.patch
-x86-speculataion-mark-command-line-parser-data-__initdata.patch
-x86-speculation-unify-conditional-spectre-v2-print-functions.patch
-x86-speculation-add-command-line-control-for-indirect-branch.patch
-x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch
-x86-process-consolidate-and-simplify-switch_to_xtra-code.patch
-x86-speculation-avoid-__switch_to_xtra-calls.patch
-x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch
-x86-speculation-split-out-tif-update.patch
-x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch
-x86-speculation-prevent-stale-spec_ctrl-msr-content.patch
-x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch
-x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch
-x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch
-x86-speculation-provide-ibpb-always-command-line-options.patch
-kvm-x86-report-stibp-on-get_supported_cpuid.patch
-x86-msr-index-cleanup-bit-defines.patch
-x86-speculation-consolidate-cpu-whitelists.patch
-x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
-x86-speculation-mds-add-bug_msbds_only.patch
-x86-kvm-expose-x86_feature_md_clear-to-guests.patch
-x86-speculation-mds-add-mds_clear_cpu_buffers.patch
-x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch
-x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch
-x86-speculation-mds-add-mitigation-control-for-mds.patch
-x86-speculation-l1tf-document-l1tf-in-sysfs.patch
-x86-speculation-mds-add-sysfs-reporting-for-mds.patch
-x86-speculation-mds-add-mitigation-mode-vmwerv.patch
-documentation-move-l1tf-to-separate-directory.patch
-documentation-add-mds-vulnerability-documentation.patch
-x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch
-x86-speculation-mds-add-smt-warning-message.patch
-x86-speculation-mds-fix-comment.patch
-x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch
-cpu-speculation-add-mitigations-cmdline-option.patch
-x86-speculation-support-mitigations-cmdline-option.patch
-x86-speculation-mds-add-mitigations-support-for-mds.patch
-x86-mds-add-mdsum-variant-to-the-mds-documentation.patch
-documentation-correct-the-possible-mds-sysfs-values.patch
-x86-speculation-mds-fix-documentation-typo.patch
-x86-cpu-bugs-use-__initconst-for-const-init-data.patch
-x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch
diff --git a/queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch b/queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch
deleted file mode 100644
index 3c354cae..00000000
--- a/queue-3.16/x86-asm-add-asm-macros-for-static-keys-jump-labels.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From: Andy Lutomirski <luto@kernel.org>
-Date: Thu, 12 Nov 2015 12:59:03 -0800
-Subject: x86/asm: Add asm macros for static keys/jump labels
-
-commit 2671c3e4fe2a34bd9bf2eecdf5d1149d4b55dbdf upstream.
-
-Unfortunately, we can only do this if HAVE_JUMP_LABEL. In
-principle, we could do some serious surgery on the core jump
-label infrastructure to keep the patch infrastructure available
-on x86 on all builds, but that's probably not worth it.
-
-Implementing the macros using a conditional branch as a fallback
-seems like a bad idea: we'd have to clobber flags.
-
-This limitation can't cause silent failures -- trying to include
-asm/jump_label.h at all on a non-HAVE_JUMP_LABEL kernel will
-error out. The macro's users are responsible for handling this
-issue themselves.
-
-Signed-off-by: Andy Lutomirski <luto@kernel.org>
-Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Andy Lutomirski <luto@amacapital.net>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: Brian Gerst <brgerst@gmail.com>
-Cc: Denys Vlasenko <dvlasenk@redhat.com>
-Cc: Frederic Weisbecker <fweisbec@gmail.com>
-Cc: H. Peter Anvin <hpa@zytor.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Link: http://lkml.kernel.org/r/63aa45c4b692e8469e1876d6ccbb5da707972990.1447361906.git.luto@kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/jump_label.h | 52 ++++++++++++++++++++++++++-----
- 1 file changed, 44 insertions(+), 8 deletions(-)
-
---- a/arch/x86/include/asm/jump_label.h
-+++ b/arch/x86/include/asm/jump_label.h
-@@ -14,13 +14,6 @@
- #error asm/jump_label.h included on a non-jump-label kernel
- #endif
-
--#ifndef __ASSEMBLY__
--
--#include <linux/stringify.h>
--#include <linux/types.h>
--#include <asm/nops.h>
--#include <asm/asm.h>
--
- #define JUMP_LABEL_NOP_SIZE 5
-
- #ifdef CONFIG_X86_64
-@@ -29,6 +22,14 @@
- # define STATIC_KEY_INIT_NOP GENERIC_NOP5_ATOMIC
- #endif
-
-+#include <asm/asm.h>
-+#include <asm/nops.h>
-+
-+#ifndef __ASSEMBLY__
-+
-+#include <linux/stringify.h>
-+#include <linux/types.h>
-+
- static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
- {
- asm_volatile_goto("1:"
-@@ -72,5 +73,40 @@ struct jump_entry {
- jump_label_t key;
- };
-
--#endif /* __ASSEMBLY__ */
-+#else /* __ASSEMBLY__ */
-+
-+.macro STATIC_JUMP_IF_TRUE target, key, def
-+.Lstatic_jump_\@:
-+ .if \def
-+ /* Equivalent to "jmp.d32 \target" */
-+ .byte 0xe9
-+ .long \target - .Lstatic_jump_after_\@
-+.Lstatic_jump_after_\@:
-+ .else
-+ .byte STATIC_KEY_INIT_NOP
-+ .endif
-+ .pushsection __jump_table, "aw"
-+ _ASM_ALIGN
-+ _ASM_PTR .Lstatic_jump_\@, \target, \key
-+ .popsection
-+.endm
-+
-+.macro STATIC_JUMP_IF_FALSE target, key, def
-+.Lstatic_jump_\@:
-+ .if \def
-+ .byte STATIC_KEY_INIT_NOP
-+ .else
-+ /* Equivalent to "jmp.d32 \target" */
-+ .byte 0xe9
-+ .long \target - .Lstatic_jump_after_\@
-+.Lstatic_jump_after_\@:
-+ .endif
-+ .pushsection __jump_table, "aw"
-+ _ASM_ALIGN
-+ _ASM_PTR .Lstatic_jump_\@, \target, \key + 1
-+ .popsection
-+.endm
-+
-+#endif /* __ASSEMBLY__ */
-+
- #endif
diff --git a/queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch b/queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch
deleted file mode 100644
index 35ec4f43..00000000
--- a/queue-3.16/x86-asm-error-out-if-asm-jump_label.h-is-included-inappropriately.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From: Andy Lutomirski <luto@kernel.org>
-Date: Thu, 12 Nov 2015 12:59:02 -0800
-Subject: x86/asm: Error out if asm/jump_label.h is included inappropriately
-
-commit c28454332fe0b65e22c3a2717e5bf05b5b47ca20 upstream.
-
-Rather than potentially generating incorrect code on a
-non-HAVE_JUMP_LABEL kernel if someone includes asm/jump_label.h,
-error out.
-
-Signed-off-by: Andy Lutomirski <luto@kernel.org>
-Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Andy Lutomirski <luto@amacapital.net>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: Brian Gerst <brgerst@gmail.com>
-Cc: Denys Vlasenko <dvlasenk@redhat.com>
-Cc: Frederic Weisbecker <fweisbec@gmail.com>
-Cc: H. Peter Anvin <hpa@zytor.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Link: http://lkml.kernel.org/r/99407f0ac7fa3ab03a3d31ce076d47b5c2f44795.1447361906.git.luto@kernel.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/jump_label.h | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
---- a/arch/x86/include/asm/jump_label.h
-+++ b/arch/x86/include/asm/jump_label.h
-@@ -1,6 +1,19 @@
- #ifndef _ASM_X86_JUMP_LABEL_H
- #define _ASM_X86_JUMP_LABEL_H
-
-+#ifndef HAVE_JUMP_LABEL
-+/*
-+ * For better or for worse, if jump labels (the gcc extension) are missing,
-+ * then the entire static branch patching infrastructure is compiled out.
-+ * If that happens, the code in here will malfunction. Raise a compiler
-+ * error instead.
-+ *
-+ * In theory, jump labels and the static branch patching infrastructure
-+ * could be decoupled to fix this.
-+ */
-+#error asm/jump_label.h included on a non-jump-label kernel
-+#endif
-+
- #ifndef __ASSEMBLY__
-
- #include <linux/stringify.h>
diff --git a/queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch b/queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch
deleted file mode 100644
index a0035b44..00000000
--- a/queue-3.16/x86-bugs-change-l1tf-mitigation-string-to-match-upstream.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Tue, 14 May 2019 13:46:46 +0100
-Subject: x86/bugs: Change L1TF mitigation string to match upstream
-
-Commit 72c6d2db64fa "x86/litf: Introduce vmx status variable" upstream
-changed "Page Table Inversion" to "PTE Inversion". That was part of
-the implementation of additional mitigations for VMX which haven't
-been applied to this branch. Just change this string to be consistent
-and match documentation.
-
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -1225,7 +1225,7 @@ static ssize_t cpu_show_common(struct de
-
- case X86_BUG_L1TF:
- if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV))
-- return sprintf(buf, "Mitigation: Page Table Inversion\n");
-+ return sprintf(buf, "Mitigation: PTE Inversion\n");
- break;
-
- case X86_BUG_MDS:
diff --git a/queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch b/queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch
deleted file mode 100644
index 776d4156..00000000
--- a/queue-3.16/x86-cpu-bugs-use-__initconst-for-const-init-data.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From: Andi Kleen <ak@linux.intel.com>
-Date: Fri, 29 Mar 2019 17:47:43 -0700
-Subject: x86/cpu/bugs: Use __initconst for 'const' init data
-
-commit 1de7edbb59c8f1b46071f66c5c97b8a59569eb51 upstream.
-
-Some of the recently added const tables use __initdata which causes section
-attribute conflicts.
-
-Use __initconst instead.
-
-Fixes: fa1202ef2243 ("x86/speculation: Add command line control")
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Link: https://lkml.kernel.org/r/20190330004743.29541-9-andi@firstfloor.org
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -383,7 +383,7 @@ static const struct {
- const char *option;
- enum spectre_v2_user_cmd cmd;
- bool secure;
--} v2_user_options[] __initdata = {
-+} v2_user_options[] __initconst = {
- { "auto", SPECTRE_V2_USER_CMD_AUTO, false },
- { "off", SPECTRE_V2_USER_CMD_NONE, false },
- { "on", SPECTRE_V2_USER_CMD_FORCE, true },
-@@ -519,7 +519,7 @@ static const struct {
- const char *option;
- enum spectre_v2_mitigation_cmd cmd;
- bool secure;
--} mitigation_options[] __initdata = {
-+} mitigation_options[] __initconst = {
- { "off", SPECTRE_V2_CMD_NONE, false },
- { "on", SPECTRE_V2_CMD_FORCE, true },
- { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false },
-@@ -796,7 +796,7 @@ static const char * const ssb_strings[]
- static const struct {
- const char *option;
- enum ssb_mitigation_cmd cmd;
--} ssb_mitigation_options[] __initdata = {
-+} ssb_mitigation_options[] __initconst = {
- { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */
- { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */
- { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */
diff --git a/queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch b/queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch
deleted file mode 100644
index 24bf6b5d..00000000
--- a/queue-3.16/x86-cpu-sanitize-fam6_atom-naming.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-From: Peter Zijlstra <peterz@infradead.org>
-Date: Tue, 7 Aug 2018 10:17:27 -0700
-Subject: x86/cpu: Sanitize FAM6_ATOM naming
-
-commit f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e upstream.
-
-Going primarily by:
-
- https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors
-
-with additional information gleaned from other related pages; notably:
-
- - Bonnell shrink was called Saltwell
- - Moorefield is the Merriefield refresh which makes it Airmont
-
-The general naming scheme is: FAM6_ATOM_UARCH_SOCTYPE
-
- for i in `git grep -l FAM6_ATOM` ; do
- sed -i -e 's/ATOM_PINEVIEW/ATOM_BONNELL/g' \
- -e 's/ATOM_LINCROFT/ATOM_BONNELL_MID/' \
- -e 's/ATOM_PENWELL/ATOM_SALTWELL_MID/g' \
- -e 's/ATOM_CLOVERVIEW/ATOM_SALTWELL_TABLET/g' \
- -e 's/ATOM_CEDARVIEW/ATOM_SALTWELL/g' \
- -e 's/ATOM_SILVERMONT1/ATOM_SILVERMONT/g' \
- -e 's/ATOM_SILVERMONT2/ATOM_SILVERMONT_X/g' \
- -e 's/ATOM_MERRIFIELD/ATOM_SILVERMONT_MID/g' \
- -e 's/ATOM_MOOREFIELD/ATOM_AIRMONT_MID/g' \
- -e 's/ATOM_DENVERTON/ATOM_GOLDMONT_X/g' \
- -e 's/ATOM_GEMINI_LAKE/ATOM_GOLDMONT_PLUS/g' ${i}
- done
-
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
-Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
-Cc: Jiri Olsa <jolsa@redhat.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Stephane Eranian <eranian@google.com>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: Vince Weaver <vincent.weaver@maine.edu>
-Cc: dave.hansen@linux.intel.com
-Cc: len.brown@intel.com
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-[bwh: Backported to 3.16:
- - Drop changes to CPU IDs that weren't already included
- - Adjust filenames, context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/include/asm/intel-family.h
-+++ b/arch/x86/include/asm/intel-family.h
-@@ -50,19 +50,23 @@
-
- /* "Small Core" Processors (Atom) */
-
--#define INTEL_FAM6_ATOM_PINEVIEW 0x1C
--#define INTEL_FAM6_ATOM_LINCROFT 0x26
--#define INTEL_FAM6_ATOM_PENWELL 0x27
--#define INTEL_FAM6_ATOM_CLOVERVIEW 0x35
--#define INTEL_FAM6_ATOM_CEDARVIEW 0x36
--#define INTEL_FAM6_ATOM_SILVERMONT1 0x37 /* BayTrail/BYT / Valleyview */
--#define INTEL_FAM6_ATOM_SILVERMONT2 0x4D /* Avaton/Rangely */
--#define INTEL_FAM6_ATOM_AIRMONT 0x4C /* CherryTrail / Braswell */
--#define INTEL_FAM6_ATOM_MERRIFIELD 0x4A /* Tangier */
--#define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Anniedale */
--#define INTEL_FAM6_ATOM_GOLDMONT 0x5C
--#define INTEL_FAM6_ATOM_DENVERTON 0x5F /* Goldmont Microserver */
--#define INTEL_FAM6_ATOM_GEMINI_LAKE 0x7A
-+#define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */
-+#define INTEL_FAM6_ATOM_BONNELL_MID 0x26 /* Silverthorne, Lincroft */
-+
-+#define INTEL_FAM6_ATOM_SALTWELL 0x36 /* Cedarview */
-+#define INTEL_FAM6_ATOM_SALTWELL_MID 0x27 /* Penwell */
-+#define INTEL_FAM6_ATOM_SALTWELL_TABLET 0x35 /* Cloverview */
-+
-+#define INTEL_FAM6_ATOM_SILVERMONT 0x37 /* Bay Trail, Valleyview */
-+#define INTEL_FAM6_ATOM_SILVERMONT_X 0x4D /* Avaton, Rangely */
-+#define INTEL_FAM6_ATOM_SILVERMONT_MID 0x4A /* Merriefield */
-+
-+#define INTEL_FAM6_ATOM_AIRMONT 0x4C /* Cherry Trail, Braswell */
-+#define INTEL_FAM6_ATOM_AIRMONT_MID 0x5A /* Moorefield */
-+
-+#define INTEL_FAM6_ATOM_GOLDMONT 0x5C /* Apollo Lake */
-+#define INTEL_FAM6_ATOM_GOLDMONT_X 0x5F /* Denverton */
-+#define INTEL_FAM6_ATOM_GOLDMONT_PLUS 0x7A /* Gemini Lake */
-
- /* Xeon Phi */
-
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -808,11 +808,11 @@ static void identify_cpu_without_cpuid(s
- }
-
- static const __initconst struct x86_cpu_id cpu_no_speculation[] = {
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL, X86_FEATURE_ANY },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_TABLET, X86_FEATURE_ANY },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL_MID, X86_FEATURE_ANY },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_MID, X86_FEATURE_ANY },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL, X86_FEATURE_ANY },
- { X86_VENDOR_CENTAUR, 5 },
- { X86_VENDOR_INTEL, 5 },
- { X86_VENDOR_NSC, 5 },
-@@ -827,10 +827,10 @@ static const __initconst struct x86_cpu_
-
- /* Only list CPUs which speculate but are non susceptible to SSB */
- static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
-@@ -843,14 +843,14 @@ static const __initconst struct x86_cpu_
-
- static const __initconst struct x86_cpu_id cpu_no_l1tf[] = {
- /* in addition to cpu_no_speculation */
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MOOREFIELD },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT_MID },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_DENVERTON },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GEMINI_LAKE },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_X },
-+ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_PLUS },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
- {}
diff --git a/queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch b/queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch
deleted file mode 100644
index ad4930ac..00000000
--- a/queue-3.16/x86-cpufeature-add-bug-flags-to-proc-cpuinfo.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-From: Borislav Petkov <bp@suse.de>
-Date: Tue, 24 Jun 2014 13:25:03 +0200
-Subject: x86/cpufeature: Add bug flags to /proc/cpuinfo
-
-commit 80a208bd3948aceddf0429bd9f9b4cd858d526df upstream.
-
-Dump the flags which denote we have detected and/or have applied bug
-workarounds to the CPU we're executing on, in a similar manner to the
-feature flags.
-
-The advantage is that those are not accumulating over time like the CPU
-features.
-
-Signed-off-by: Borislav Petkov <bp@suse.de>
-Link: http://lkml.kernel.org/r/1403609105-8332-2-git-send-email-bp@alien8.de
-Signed-off-by: H. Peter Anvin <hpa@zytor.com>
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/cpufeature.h | 10 ++++--
- arch/x86/kernel/cpu/mkcapflags.sh | 51 ++++++++++++++++++++++---------
- arch/x86/kernel/cpu/proc.c | 8 +++++
- 3 files changed, 53 insertions(+), 16 deletions(-)
-
---- a/arch/x86/include/asm/cpufeature.h
-+++ b/arch/x86/include/asm/cpufeature.h
-@@ -268,8 +268,8 @@
- #define X86_BUG_F00F X86_BUG(0) /* Intel F00F */
- #define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */
- #define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */
--#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* AMD Erratum 383 */
--#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* AMD Erratum 400 */
-+#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */
-+#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */
- #define X86_BUG_CPU_MELTDOWN X86_BUG(5) /* CPU is affected by meltdown attack and needs kernel page table isolation */
- #define X86_BUG_SPECTRE_V1 X86_BUG(6) /* CPU is affected by Spectre variant 1 attack with conditional branches */
- #define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */
-@@ -284,6 +284,12 @@
- extern const char * const x86_cap_flags[NCAPINTS*32];
- extern const char * const x86_power_flags[32];
-
-+/*
-+ * In order to save room, we index into this array by doing
-+ * X86_BUG_<name> - NCAPINTS*32.
-+ */
-+extern const char * const x86_bug_flags[NBUGINTS*32];
-+
- #define test_cpu_cap(c, bit) \
- test_bit(bit, (unsigned long *)((c)->x86_capability))
-
---- a/arch/x86/kernel/cpu/mkcapflags.sh
-+++ b/arch/x86/kernel/cpu/mkcapflags.sh
-@@ -1,23 +1,25 @@
- #!/bin/sh
- #
--# Generate the x86_cap_flags[] array from include/asm/cpufeature.h
-+# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeature.h
- #
-
- IN=$1
- OUT=$2
-
--TABS="$(printf '\t\t\t\t\t')"
--trap 'rm "$OUT"' EXIT
-+function dump_array()
-+{
-+ ARRAY=$1
-+ SIZE=$2
-+ PFX=$3
-+ POSTFIX=$4
-
--(
-- echo "#ifndef _ASM_X86_CPUFEATURE_H"
-- echo "#include <asm/cpufeature.h>"
-- echo "#endif"
-- echo ""
-- echo "const char * const x86_cap_flags[NCAPINTS*32] = {"
-+ PFX_SZ=$(echo $PFX | wc -c)
-+ TABS="$(printf '\t\t\t\t\t')"
-+
-+ echo "const char * const $ARRAY[$SIZE] = {"
-
-- # Iterate through any input lines starting with #define X86_FEATURE_
-- sed -n -e 's/\t/ /g' -e 's/^ *# *define *X86_FEATURE_//p' $IN |
-+ # Iterate through any input lines starting with #define $PFX
-+ sed -n -e 's/\t/ /g' -e "s/^ *# *define *$PFX//p" $IN |
- while read i
- do
- # Name is everything up to the first whitespace
-@@ -31,11 +33,32 @@ trap 'rm "$OUT"' EXIT
- # Name is uppercase, VALUE is all lowercase
- VALUE="$(echo "$VALUE" | tr A-Z a-z)"
-
-- TABCOUNT=$(( ( 5*8 - 14 - $(echo "$NAME" | wc -c) ) / 8 ))
-- printf "\t[%s]%.*s = %s,\n" \
-- "X86_FEATURE_$NAME" "$TABCOUNT" "$TABS" "$VALUE"
-+ if [ -n "$POSTFIX" ]; then
-+ T=$(( $PFX_SZ + $(echo $POSTFIX | wc -c) + 2 ))
-+ TABS="$(printf '\t\t\t\t\t\t')"
-+ TABCOUNT=$(( ( 6*8 - ($T + 1) - $(echo "$NAME" | wc -c) ) / 8 ))
-+ printf "\t[%s - %s]%.*s = %s,\n" "$PFX$NAME" "$POSTFIX" "$TABCOUNT" "$TABS" "$VALUE"
-+ else
-+ TABCOUNT=$(( ( 5*8 - ($PFX_SZ + 1) - $(echo "$NAME" | wc -c) ) / 8 ))
-+ printf "\t[%s]%.*s = %s,\n" "$PFX$NAME" "$TABCOUNT" "$TABS" "$VALUE"
-+ fi
- done
- echo "};"
-+}
-+
-+trap 'rm "$OUT"' EXIT
-+
-+(
-+ echo "#ifndef _ASM_X86_CPUFEATURE_H"
-+ echo "#include <asm/cpufeature.h>"
-+ echo "#endif"
-+ echo ""
-+
-+ dump_array "x86_cap_flags" "NCAPINTS*32" "X86_FEATURE_" ""
-+ echo ""
-+
-+ dump_array "x86_bug_flags" "NBUGINTS*32" "X86_BUG_" "NCAPINTS*32"
-+
- ) > $OUT
-
- trap - EXIT
---- a/arch/x86/kernel/cpu/proc.c
-+++ b/arch/x86/kernel/cpu/proc.c
-@@ -97,6 +97,14 @@ static int show_cpuinfo(struct seq_file
- if (cpu_has(c, i) && x86_cap_flags[i] != NULL)
- seq_printf(m, " %s", x86_cap_flags[i]);
-
-+ seq_printf(m, "\nbugs\t\t:");
-+ for (i = 0; i < 32*NBUGINTS; i++) {
-+ unsigned int bug_bit = 32*NCAPINTS + i;
-+
-+ if (cpu_has_bug(c, bug_bit) && x86_bug_flags[i])
-+ seq_printf(m, " %s", x86_bug_flags[i]);
-+ }
-+
- seq_printf(m, "\nbogomips\t: %lu.%02lu\n",
- c->loops_per_jiffy/(500000/HZ),
- (c->loops_per_jiffy/(5000/HZ)) % 100);
diff --git a/queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch b/queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch
deleted file mode 100644
index 3d746ada..00000000
--- a/queue-3.16/x86-cpufeature-carve-out-x86_feature_.patch
+++ /dev/null
@@ -1,1117 +0,0 @@
-From: Borislav Petkov <bp@suse.de>
-Date: Tue, 26 Jan 2016 22:12:04 +0100
-Subject: x86/cpufeature: Carve out X86_FEATURE_*
-
-commit cd4d09ec6f6c12a2cc3db5b7d8876a325a53545b upstream.
-
-Move them to a separate header and have the following
-dependency:
-
- x86/cpufeatures.h <- x86/processor.h <- x86/cpufeature.h
-
-This makes it easier to use the header in asm code and not
-include the whole cpufeature.h and add guards for asm.
-
-Suggested-by: H. Peter Anvin <hpa@zytor.com>
-Signed-off-by: Borislav Petkov <bp@suse.de>
-Cc: Andy Lutomirski <luto@amacapital.net>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: Brian Gerst <brgerst@gmail.com>
-Cc: Denys Vlasenko <dvlasenk@redhat.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Link: http://lkml.kernel.org/r/1453842730-28463-5-git-send-email-bp@alien8.de
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-[bwh: Backported to 3.16 to avoid a dependency loop:
- - Drop some inapplicable changes
- - Move all the previously backported feature and bug flags across
- - Also change <asm/nospec-branch.h> and lib/retpoline.S to use
- <asm/cpufeatures.h>
- - Also include <asm/cpufeatures.h> in <asm/barrier.h>, as the vdso fails to
- build without that
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -629,7 +629,7 @@ bytes respectively. Such letter suffixes
-
- clearcpuid=BITNUM [X86]
- Disable CPUID feature X for the kernel. See
-- arch/x86/include/asm/cpufeature.h for the valid bit
-+ arch/x86/include/asm/cpufeatures.h for the valid bit
- numbers. Note the Linux specific bits are not necessarily
- stable over kernel options, but the vendor specific
- ones should be.
---- a/arch/x86/boot/cpuflags.h
-+++ b/arch/x86/boot/cpuflags.h
-@@ -1,7 +1,7 @@
- #ifndef BOOT_CPUFLAGS_H
- #define BOOT_CPUFLAGS_H
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/processor-flags.h>
-
- struct cpu_features {
---- a/arch/x86/boot/mkcpustr.c
-+++ b/arch/x86/boot/mkcpustr.c
-@@ -16,7 +16,7 @@
- #include <stdio.h>
-
- #include "../include/asm/required-features.h"
--#include "../include/asm/cpufeature.h"
-+#include "../include/asm/cpufeatures.h"
- #include "../kernel/cpu/capflags.c"
-
- int main(void)
---- a/arch/x86/crypto/crc32-pclmul_glue.c
-+++ b/arch/x86/crypto/crc32-pclmul_glue.c
-@@ -33,7 +33,7 @@
- #include <linux/crc32.h>
- #include <crypto/internal/hash.h>
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/cpu_device_id.h>
- #include <asm/i387.h>
-
---- a/arch/x86/crypto/crc32c-intel_glue.c
-+++ b/arch/x86/crypto/crc32c-intel_glue.c
-@@ -30,7 +30,7 @@
- #include <linux/kernel.h>
- #include <crypto/internal/hash.h>
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/cpu_device_id.h>
- #include <asm/i387.h>
- #include <asm/fpu-internal.h>
---- a/arch/x86/crypto/crct10dif-pclmul_glue.c
-+++ b/arch/x86/crypto/crct10dif-pclmul_glue.c
-@@ -30,7 +30,7 @@
- #include <linux/string.h>
- #include <linux/kernel.h>
- #include <asm/i387.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/cpu_device_id.h>
-
- asmlinkage __u16 crc_t10dif_pcl(__u16 crc, const unsigned char *buf,
---- a/arch/x86/include/asm/alternative.h
-+++ b/arch/x86/include/asm/alternative.h
-@@ -148,12 +148,6 @@ static inline int alternatives_text_rese
- ".popsection\n"
-
- /*
-- * This must be included *after* the definition of ALTERNATIVE due to
-- * <asm/arch_hweight.h>
-- */
--#include <asm/cpufeature.h>
--
--/*
- * Alternative instructions for different CPU types or capabilities.
- *
- * This allows to use optimized instructions even on generic binary
---- a/arch/x86/include/asm/apic.h
-+++ b/arch/x86/include/asm/apic.h
-@@ -6,7 +6,6 @@
-
- #include <asm/alternative.h>
- #include <asm/cpufeature.h>
--#include <asm/processor.h>
- #include <asm/apicdef.h>
- #include <linux/atomic.h>
- #include <asm/fixmap.h>
---- a/arch/x86/include/asm/arch_hweight.h
-+++ b/arch/x86/include/asm/arch_hweight.h
-@@ -1,6 +1,8 @@
- #ifndef _ASM_X86_HWEIGHT_H
- #define _ASM_X86_HWEIGHT_H
-
-+#include <asm/cpufeatures.h>
-+
- #ifdef CONFIG_64BIT
- /* popcnt %edi, %eax -- redundant REX prefix for alignment */
- #define POPCNT32 ".byte 0xf3,0x40,0x0f,0xb8,0xc7"
---- a/arch/x86/include/asm/barrier.h
-+++ b/arch/x86/include/asm/barrier.h
-@@ -3,6 +3,7 @@
-
- #include <asm/alternative.h>
- #include <asm/nops.h>
-+#include <asm/cpufeatures.h>
-
- /*
- * Force strict CPU ordering.
---- a/arch/x86/include/asm/cmpxchg.h
-+++ b/arch/x86/include/asm/cmpxchg.h
-@@ -2,6 +2,7 @@
- #define ASM_X86_CMPXCHG_H
-
- #include <linux/compiler.h>
-+#include <asm/cpufeatures.h>
- #include <asm/alternative.h> /* Provides LOCK_PREFIX */
-
- /*
---- a/arch/x86/include/asm/cpufeature.h
-+++ b/arch/x86/include/asm/cpufeature.h
-@@ -4,277 +4,7 @@
- #ifndef _ASM_X86_CPUFEATURE_H
- #define _ASM_X86_CPUFEATURE_H
-
--#ifndef _ASM_X86_REQUIRED_FEATURES_H
--#include <asm/required-features.h>
--#endif
--
--#define NCAPINTS 12 /* N 32-bit words worth of info */
--#define NBUGINTS 1 /* N 32-bit bug flags */
--
--/*
-- * Note: If the comment begins with a quoted string, that string is used
-- * in /proc/cpuinfo instead of the macro name. If the string is "",
-- * this feature bit is not displayed in /proc/cpuinfo at all.
-- */
--
--/* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */
--#define X86_FEATURE_FPU (0*32+ 0) /* Onboard FPU */
--#define X86_FEATURE_VME (0*32+ 1) /* Virtual Mode Extensions */
--#define X86_FEATURE_DE (0*32+ 2) /* Debugging Extensions */
--#define X86_FEATURE_PSE (0*32+ 3) /* Page Size Extensions */
--#define X86_FEATURE_TSC (0*32+ 4) /* Time Stamp Counter */
--#define X86_FEATURE_MSR (0*32+ 5) /* Model-Specific Registers */
--#define X86_FEATURE_PAE (0*32+ 6) /* Physical Address Extensions */
--#define X86_FEATURE_MCE (0*32+ 7) /* Machine Check Exception */
--#define X86_FEATURE_CX8 (0*32+ 8) /* CMPXCHG8 instruction */
--#define X86_FEATURE_APIC (0*32+ 9) /* Onboard APIC */
--#define X86_FEATURE_SEP (0*32+11) /* SYSENTER/SYSEXIT */
--#define X86_FEATURE_MTRR (0*32+12) /* Memory Type Range Registers */
--#define X86_FEATURE_PGE (0*32+13) /* Page Global Enable */
--#define X86_FEATURE_MCA (0*32+14) /* Machine Check Architecture */
--#define X86_FEATURE_CMOV (0*32+15) /* CMOV instructions */
-- /* (plus FCMOVcc, FCOMI with FPU) */
--#define X86_FEATURE_PAT (0*32+16) /* Page Attribute Table */
--#define X86_FEATURE_PSE36 (0*32+17) /* 36-bit PSEs */
--#define X86_FEATURE_PN (0*32+18) /* Processor serial number */
--#define X86_FEATURE_CLFLUSH (0*32+19) /* CLFLUSH instruction */
--#define X86_FEATURE_DS (0*32+21) /* "dts" Debug Store */
--#define X86_FEATURE_ACPI (0*32+22) /* ACPI via MSR */
--#define X86_FEATURE_MMX (0*32+23) /* Multimedia Extensions */
--#define X86_FEATURE_FXSR (0*32+24) /* FXSAVE/FXRSTOR, CR4.OSFXSR */
--#define X86_FEATURE_XMM (0*32+25) /* "sse" */
--#define X86_FEATURE_XMM2 (0*32+26) /* "sse2" */
--#define X86_FEATURE_SELFSNOOP (0*32+27) /* "ss" CPU self snoop */
--#define X86_FEATURE_HT (0*32+28) /* Hyper-Threading */
--#define X86_FEATURE_ACC (0*32+29) /* "tm" Automatic clock control */
--#define X86_FEATURE_IA64 (0*32+30) /* IA-64 processor */
--#define X86_FEATURE_PBE (0*32+31) /* Pending Break Enable */
--
--/* AMD-defined CPU features, CPUID level 0x80000001, word 1 */
--/* Don't duplicate feature flags which are redundant with Intel! */
--#define X86_FEATURE_SYSCALL (1*32+11) /* SYSCALL/SYSRET */
--#define X86_FEATURE_MP (1*32+19) /* MP Capable. */
--#define X86_FEATURE_NX (1*32+20) /* Execute Disable */
--#define X86_FEATURE_MMXEXT (1*32+22) /* AMD MMX extensions */
--#define X86_FEATURE_FXSR_OPT (1*32+25) /* FXSAVE/FXRSTOR optimizations */
--#define X86_FEATURE_GBPAGES (1*32+26) /* "pdpe1gb" GB pages */
--#define X86_FEATURE_RDTSCP (1*32+27) /* RDTSCP */
--#define X86_FEATURE_LM (1*32+29) /* Long Mode (x86-64) */
--#define X86_FEATURE_3DNOWEXT (1*32+30) /* AMD 3DNow! extensions */
--#define X86_FEATURE_3DNOW (1*32+31) /* 3DNow! */
--
--/* Transmeta-defined CPU features, CPUID level 0x80860001, word 2 */
--#define X86_FEATURE_RECOVERY (2*32+ 0) /* CPU in recovery mode */
--#define X86_FEATURE_LONGRUN (2*32+ 1) /* Longrun power control */
--#define X86_FEATURE_LRTI (2*32+ 3) /* LongRun table interface */
--
--/* Other features, Linux-defined mapping, word 3 */
--/* This range is used for feature bits which conflict or are synthesized */
--#define X86_FEATURE_CXMMX (3*32+ 0) /* Cyrix MMX extensions */
--#define X86_FEATURE_K6_MTRR (3*32+ 1) /* AMD K6 nonstandard MTRRs */
--#define X86_FEATURE_CYRIX_ARR (3*32+ 2) /* Cyrix ARRs (= MTRRs) */
--#define X86_FEATURE_CENTAUR_MCR (3*32+ 3) /* Centaur MCRs (= MTRRs) */
--/* cpu types for specific tunings: */
--#define X86_FEATURE_K8 (3*32+ 4) /* "" Opteron, Athlon64 */
--#define X86_FEATURE_K7 (3*32+ 5) /* "" Athlon */
--#define X86_FEATURE_P3 (3*32+ 6) /* "" P3 */
--#define X86_FEATURE_P4 (3*32+ 7) /* "" P4 */
--#define X86_FEATURE_CONSTANT_TSC (3*32+ 8) /* TSC ticks at a constant rate */
--#define X86_FEATURE_UP (3*32+ 9) /* smp kernel running on up */
--#define X86_FEATURE_FXSAVE_LEAK (3*32+10) /* "" FXSAVE leaks FOP/FIP/FOP */
--#define X86_FEATURE_ARCH_PERFMON (3*32+11) /* Intel Architectural PerfMon */
--#define X86_FEATURE_PEBS (3*32+12) /* Precise-Event Based Sampling */
--#define X86_FEATURE_BTS (3*32+13) /* Branch Trace Store */
--#define X86_FEATURE_SYSCALL32 (3*32+14) /* "" syscall in ia32 userspace */
--#define X86_FEATURE_SYSENTER32 (3*32+15) /* "" sysenter in ia32 userspace */
--#define X86_FEATURE_REP_GOOD (3*32+16) /* rep microcode works well */
--#define X86_FEATURE_MFENCE_RDTSC (3*32+17) /* "" Mfence synchronizes RDTSC */
--#define X86_FEATURE_LFENCE_RDTSC (3*32+18) /* "" Lfence synchronizes RDTSC */
--#define X86_FEATURE_11AP (3*32+19) /* "" Bad local APIC aka 11AP */
--#define X86_FEATURE_NOPL (3*32+20) /* The NOPL (0F 1F) instructions */
--#define X86_FEATURE_ALWAYS (3*32+21) /* "" Always-present feature */
--#define X86_FEATURE_XTOPOLOGY (3*32+22) /* cpu topology enum extensions */
--#define X86_FEATURE_TSC_RELIABLE (3*32+23) /* TSC is known to be reliable */
--#define X86_FEATURE_NONSTOP_TSC (3*32+24) /* TSC does not stop in C states */
--#define X86_FEATURE_CLFLUSH_MONITOR (3*32+25) /* "" clflush reqd with monitor */
--#define X86_FEATURE_EXTD_APICID (3*32+26) /* has extended APICID (8 bits) */
--#define X86_FEATURE_AMD_DCM (3*32+27) /* multi-node processor */
--#define X86_FEATURE_APERFMPERF (3*32+28) /* APERFMPERF */
--#define X86_FEATURE_EAGER_FPU (3*32+29) /* "eagerfpu" Non lazy FPU restore */
--#define X86_FEATURE_NONSTOP_TSC_S3 (3*32+30) /* TSC doesn't stop in S3 state */
--
--/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
--#define X86_FEATURE_XMM3 (4*32+ 0) /* "pni" SSE-3 */
--#define X86_FEATURE_PCLMULQDQ (4*32+ 1) /* PCLMULQDQ instruction */
--#define X86_FEATURE_DTES64 (4*32+ 2) /* 64-bit Debug Store */
--#define X86_FEATURE_MWAIT (4*32+ 3) /* "monitor" Monitor/Mwait support */
--#define X86_FEATURE_DSCPL (4*32+ 4) /* "ds_cpl" CPL Qual. Debug Store */
--#define X86_FEATURE_VMX (4*32+ 5) /* Hardware virtualization */
--#define X86_FEATURE_SMX (4*32+ 6) /* Safer mode */
--#define X86_FEATURE_EST (4*32+ 7) /* Enhanced SpeedStep */
--#define X86_FEATURE_TM2 (4*32+ 8) /* Thermal Monitor 2 */
--#define X86_FEATURE_SSSE3 (4*32+ 9) /* Supplemental SSE-3 */
--#define X86_FEATURE_CID (4*32+10) /* Context ID */
--#define X86_FEATURE_FMA (4*32+12) /* Fused multiply-add */
--#define X86_FEATURE_CX16 (4*32+13) /* CMPXCHG16B */
--#define X86_FEATURE_XTPR (4*32+14) /* Send Task Priority Messages */
--#define X86_FEATURE_PDCM (4*32+15) /* Performance Capabilities */
--#define X86_FEATURE_PCID (4*32+17) /* Process Context Identifiers */
--#define X86_FEATURE_DCA (4*32+18) /* Direct Cache Access */
--#define X86_FEATURE_XMM4_1 (4*32+19) /* "sse4_1" SSE-4.1 */
--#define X86_FEATURE_XMM4_2 (4*32+20) /* "sse4_2" SSE-4.2 */
--#define X86_FEATURE_X2APIC (4*32+21) /* x2APIC */
--#define X86_FEATURE_MOVBE (4*32+22) /* MOVBE instruction */
--#define X86_FEATURE_POPCNT (4*32+23) /* POPCNT instruction */
--#define X86_FEATURE_TSC_DEADLINE_TIMER (4*32+24) /* Tsc deadline timer */
--#define X86_FEATURE_AES (4*32+25) /* AES instructions */
--#define X86_FEATURE_XSAVE (4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */
--#define X86_FEATURE_OSXSAVE (4*32+27) /* "" XSAVE enabled in the OS */
--#define X86_FEATURE_AVX (4*32+28) /* Advanced Vector Extensions */
--#define X86_FEATURE_F16C (4*32+29) /* 16-bit fp conversions */
--#define X86_FEATURE_RDRAND (4*32+30) /* The RDRAND instruction */
--#define X86_FEATURE_HYPERVISOR (4*32+31) /* Running on a hypervisor */
--
--/* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */
--#define X86_FEATURE_XSTORE (5*32+ 2) /* "rng" RNG present (xstore) */
--#define X86_FEATURE_XSTORE_EN (5*32+ 3) /* "rng_en" RNG enabled */
--#define X86_FEATURE_XCRYPT (5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */
--#define X86_FEATURE_XCRYPT_EN (5*32+ 7) /* "ace_en" on-CPU crypto enabled */
--#define X86_FEATURE_ACE2 (5*32+ 8) /* Advanced Cryptography Engine v2 */
--#define X86_FEATURE_ACE2_EN (5*32+ 9) /* ACE v2 enabled */
--#define X86_FEATURE_PHE (5*32+10) /* PadLock Hash Engine */
--#define X86_FEATURE_PHE_EN (5*32+11) /* PHE enabled */
--#define X86_FEATURE_PMM (5*32+12) /* PadLock Montgomery Multiplier */
--#define X86_FEATURE_PMM_EN (5*32+13) /* PMM enabled */
--
--/* More extended AMD flags: CPUID level 0x80000001, ecx, word 6 */
--#define X86_FEATURE_LAHF_LM (6*32+ 0) /* LAHF/SAHF in long mode */
--#define X86_FEATURE_CMP_LEGACY (6*32+ 1) /* If yes HyperThreading not valid */
--#define X86_FEATURE_SVM (6*32+ 2) /* Secure virtual machine */
--#define X86_FEATURE_EXTAPIC (6*32+ 3) /* Extended APIC space */
--#define X86_FEATURE_CR8_LEGACY (6*32+ 4) /* CR8 in 32-bit mode */
--#define X86_FEATURE_ABM (6*32+ 5) /* Advanced bit manipulation */
--#define X86_FEATURE_SSE4A (6*32+ 6) /* SSE-4A */
--#define X86_FEATURE_MISALIGNSSE (6*32+ 7) /* Misaligned SSE mode */
--#define X86_FEATURE_3DNOWPREFETCH (6*32+ 8) /* 3DNow prefetch instructions */
--#define X86_FEATURE_OSVW (6*32+ 9) /* OS Visible Workaround */
--#define X86_FEATURE_IBS (6*32+10) /* Instruction Based Sampling */
--#define X86_FEATURE_XOP (6*32+11) /* extended AVX instructions */
--#define X86_FEATURE_SKINIT (6*32+12) /* SKINIT/STGI instructions */
--#define X86_FEATURE_WDT (6*32+13) /* Watchdog timer */
--#define X86_FEATURE_LWP (6*32+15) /* Light Weight Profiling */
--#define X86_FEATURE_FMA4 (6*32+16) /* 4 operands MAC instructions */
--#define X86_FEATURE_TCE (6*32+17) /* translation cache extension */
--#define X86_FEATURE_NODEID_MSR (6*32+19) /* NodeId MSR */
--#define X86_FEATURE_TBM (6*32+21) /* trailing bit manipulations */
--#define X86_FEATURE_TOPOEXT (6*32+22) /* topology extensions CPUID leafs */
--#define X86_FEATURE_PERFCTR_CORE (6*32+23) /* core performance counter extensions */
--#define X86_FEATURE_PERFCTR_NB (6*32+24) /* NB performance counter extensions */
--#define X86_FEATURE_PERFCTR_L2 (6*32+28) /* L2 performance counter extensions */
--
--/*
-- * Auxiliary flags: Linux defined - For features scattered in various
-- * CPUID levels like 0x6, 0xA etc, word 7
-- */
--#define X86_FEATURE_IDA (7*32+ 0) /* Intel Dynamic Acceleration */
--#define X86_FEATURE_ARAT (7*32+ 1) /* Always Running APIC Timer */
--#define X86_FEATURE_CPB (7*32+ 2) /* AMD Core Performance Boost */
--#define X86_FEATURE_EPB (7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */
--#define X86_FEATURE_XSAVEOPT (7*32+ 4) /* Optimized Xsave */
--#define X86_FEATURE_PLN (7*32+ 5) /* Intel Power Limit Notification */
--#define X86_FEATURE_PTS (7*32+ 6) /* Intel Package Thermal Status */
--#define X86_FEATURE_DTHERM (7*32+ 7) /* Digital Thermal Sensor */
--#define X86_FEATURE_HW_PSTATE (7*32+ 8) /* AMD HW-PState */
--#define X86_FEATURE_PROC_FEEDBACK (7*32+ 9) /* AMD ProcFeedbackInterface */
--#define X86_FEATURE_INVPCID_SINGLE (7*32+10) /* Effectively INVPCID && CR4.PCIDE=1 */
--#define X86_FEATURE_RSB_CTXSW (7*32+11) /* "" Fill RSB on context switches */
--
--#define X86_FEATURE_USE_IBPB (7*32+12) /* "" Indirect Branch Prediction Barrier enabled */
--#define X86_FEATURE_USE_IBRS_FW (7*32+13) /* "" Use IBRS during runtime firmware calls */
--#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE (7*32+14) /* "" Disable Speculative Store Bypass. */
--#define X86_FEATURE_LS_CFG_SSBD (7*32+15) /* "" AMD SSBD implementation */
--#define X86_FEATURE_IBRS (7*32+16) /* Indirect Branch Restricted Speculation */
--#define X86_FEATURE_IBPB (7*32+17) /* Indirect Branch Prediction Barrier */
--#define X86_FEATURE_STIBP (7*32+18) /* Single Thread Indirect Branch Predictors */
--#define X86_FEATURE_MSR_SPEC_CTRL (7*32+19) /* "" MSR SPEC_CTRL is implemented */
--#define X86_FEATURE_SSBD (7*32+20) /* Speculative Store Bypass Disable */
--#define X86_FEATURE_ZEN (7*32+21) /* "" CPU is AMD family 0x17 (Zen) */
--#define X86_FEATURE_L1TF_PTEINV (7*32+22) /* "" L1TF workaround PTE inversion */
--
--#define X86_FEATURE_RETPOLINE (7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */
--#define X86_FEATURE_RETPOLINE_AMD (7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */
--/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
--#define X86_FEATURE_KAISER (7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */
--
--/* Virtualization flags: Linux defined, word 8 */
--#define X86_FEATURE_TPR_SHADOW (8*32+ 0) /* Intel TPR Shadow */
--#define X86_FEATURE_VNMI (8*32+ 1) /* Intel Virtual NMI */
--#define X86_FEATURE_FLEXPRIORITY (8*32+ 2) /* Intel FlexPriority */
--#define X86_FEATURE_EPT (8*32+ 3) /* Intel Extended Page Table */
--#define X86_FEATURE_VPID (8*32+ 4) /* Intel Virtual Processor ID */
--#define X86_FEATURE_NPT (8*32+ 5) /* AMD Nested Page Table support */
--#define X86_FEATURE_LBRV (8*32+ 6) /* AMD LBR Virtualization support */
--#define X86_FEATURE_SVML (8*32+ 7) /* "svm_lock" AMD SVM locking MSR */
--#define X86_FEATURE_NRIPS (8*32+ 8) /* "nrip_save" AMD SVM next_rip save */
--#define X86_FEATURE_TSCRATEMSR (8*32+ 9) /* "tsc_scale" AMD TSC scaling support */
--#define X86_FEATURE_VMCBCLEAN (8*32+10) /* "vmcb_clean" AMD VMCB clean bits support */
--#define X86_FEATURE_FLUSHBYASID (8*32+11) /* AMD flush-by-ASID support */
--#define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */
--#define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */
--#define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */
--#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */
--
--
--/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
--#define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
--#define X86_FEATURE_TSC_ADJUST (9*32+ 1) /* TSC adjustment MSR 0x3b */
--#define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */
--#define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */
--#define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */
--#define X86_FEATURE_SMEP (9*32+ 7) /* Supervisor Mode Execution Protection */
--#define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */
--#define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */
--#define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */
--#define X86_FEATURE_RTM (9*32+11) /* Restricted Transactional Memory */
--#define X86_FEATURE_MPX (9*32+14) /* Memory Protection Extension */
--#define X86_FEATURE_AVX512F (9*32+16) /* AVX-512 Foundation */
--#define X86_FEATURE_RDSEED (9*32+18) /* The RDSEED instruction */
--#define X86_FEATURE_ADX (9*32+19) /* The ADCX and ADOX instructions */
--#define X86_FEATURE_SMAP (9*32+20) /* Supervisor Mode Access Prevention */
--#define X86_FEATURE_CLFLUSHOPT (9*32+23) /* CLFLUSHOPT instruction */
--#define X86_FEATURE_AVX512PF (9*32+26) /* AVX-512 Prefetch */
--#define X86_FEATURE_AVX512ER (9*32+27) /* AVX-512 Exponential and Reciprocal */
--#define X86_FEATURE_AVX512CD (9*32+28) /* AVX-512 Conflict Detection */
--
--/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */
--#define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */
--#define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */
--#define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
--#define X86_FEATURE_SPEC_CTRL_SSBD (10*32+31) /* "" Speculative Store Bypass Disable */
--
--/* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 11 */
--#define X86_FEATURE_AMD_IBPB (11*32+12) /* "" Indirect Branch Prediction Barrier */
--#define X86_FEATURE_AMD_IBRS (11*32+14) /* "" Indirect Branch Restricted Speculation */
--#define X86_FEATURE_AMD_STIBP (11*32+15) /* "" Single Thread Indirect Branch Predictors */
--#define X86_FEATURE_AMD_SSBD (11*32+24) /* "" Speculative Store Bypass Disable */
--#define X86_FEATURE_VIRT_SSBD (11*32+25) /* Virtualized Speculative Store Bypass Disable */
--#define X86_FEATURE_AMD_SSB_NO (11*32+26) /* "" Speculative Store Bypass is fixed in hardware. */
--
--/*
-- * BUG word(s)
-- */
--#define X86_BUG(x) (NCAPINTS*32 + (x))
--
--#define X86_BUG_F00F X86_BUG(0) /* Intel F00F */
--#define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */
--#define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */
--#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */
--#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */
--#define X86_BUG_CPU_MELTDOWN X86_BUG(5) /* CPU is affected by meltdown attack and needs kernel page table isolation */
--#define X86_BUG_SPECTRE_V1 X86_BUG(6) /* CPU is affected by Spectre variant 1 attack with conditional branches */
--#define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */
--#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */
--#define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */
-+#include <asm/processor.h>
-
- #if defined(__KERNEL__) && !defined(__ASSEMBLY__)
-
---- /dev/null
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -0,0 +1,274 @@
-+#ifndef _ASM_X86_CPUFEATURES_H
-+#define _ASM_X86_CPUFEATURES_H
-+
-+#ifndef _ASM_X86_REQUIRED_FEATURES_H
-+#include <asm/required-features.h>
-+#endif
-+
-+#define NCAPINTS 12 /* N 32-bit words worth of info */
-+#define NBUGINTS 1 /* N 32-bit bug flags */
-+
-+/*
-+ * Note: If the comment begins with a quoted string, that string is used
-+ * in /proc/cpuinfo instead of the macro name. If the string is "",
-+ * this feature bit is not displayed in /proc/cpuinfo at all.
-+ */
-+
-+/* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */
-+#define X86_FEATURE_FPU ( 0*32+ 0) /* Onboard FPU */
-+#define X86_FEATURE_VME ( 0*32+ 1) /* Virtual Mode Extensions */
-+#define X86_FEATURE_DE ( 0*32+ 2) /* Debugging Extensions */
-+#define X86_FEATURE_PSE ( 0*32+ 3) /* Page Size Extensions */
-+#define X86_FEATURE_TSC ( 0*32+ 4) /* Time Stamp Counter */
-+#define X86_FEATURE_MSR ( 0*32+ 5) /* Model-Specific Registers */
-+#define X86_FEATURE_PAE ( 0*32+ 6) /* Physical Address Extensions */
-+#define X86_FEATURE_MCE ( 0*32+ 7) /* Machine Check Exception */
-+#define X86_FEATURE_CX8 ( 0*32+ 8) /* CMPXCHG8 instruction */
-+#define X86_FEATURE_APIC ( 0*32+ 9) /* Onboard APIC */
-+#define X86_FEATURE_SEP ( 0*32+11) /* SYSENTER/SYSEXIT */
-+#define X86_FEATURE_MTRR ( 0*32+12) /* Memory Type Range Registers */
-+#define X86_FEATURE_PGE ( 0*32+13) /* Page Global Enable */
-+#define X86_FEATURE_MCA ( 0*32+14) /* Machine Check Architecture */
-+#define X86_FEATURE_CMOV ( 0*32+15) /* CMOV instructions */
-+ /* (plus FCMOVcc, FCOMI with FPU) */
-+#define X86_FEATURE_PAT ( 0*32+16) /* Page Attribute Table */
-+#define X86_FEATURE_PSE36 ( 0*32+17) /* 36-bit PSEs */
-+#define X86_FEATURE_PN ( 0*32+18) /* Processor serial number */
-+#define X86_FEATURE_CLFLUSH ( 0*32+19) /* CLFLUSH instruction */
-+#define X86_FEATURE_DS ( 0*32+21) /* "dts" Debug Store */
-+#define X86_FEATURE_ACPI ( 0*32+22) /* ACPI via MSR */
-+#define X86_FEATURE_MMX ( 0*32+23) /* Multimedia Extensions */
-+#define X86_FEATURE_FXSR ( 0*32+24) /* FXSAVE/FXRSTOR, CR4.OSFXSR */
-+#define X86_FEATURE_XMM ( 0*32+25) /* "sse" */
-+#define X86_FEATURE_XMM2 ( 0*32+26) /* "sse2" */
-+#define X86_FEATURE_SELFSNOOP ( 0*32+27) /* "ss" CPU self snoop */
-+#define X86_FEATURE_HT ( 0*32+28) /* Hyper-Threading */
-+#define X86_FEATURE_ACC ( 0*32+29) /* "tm" Automatic clock control */
-+#define X86_FEATURE_IA64 ( 0*32+30) /* IA-64 processor */
-+#define X86_FEATURE_PBE ( 0*32+31) /* Pending Break Enable */
-+
-+/* AMD-defined CPU features, CPUID level 0x80000001, word 1 */
-+/* Don't duplicate feature flags which are redundant with Intel! */
-+#define X86_FEATURE_SYSCALL ( 1*32+11) /* SYSCALL/SYSRET */
-+#define X86_FEATURE_MP ( 1*32+19) /* MP Capable. */
-+#define X86_FEATURE_NX ( 1*32+20) /* Execute Disable */
-+#define X86_FEATURE_MMXEXT ( 1*32+22) /* AMD MMX extensions */
-+#define X86_FEATURE_FXSR_OPT ( 1*32+25) /* FXSAVE/FXRSTOR optimizations */
-+#define X86_FEATURE_GBPAGES ( 1*32+26) /* "pdpe1gb" GB pages */
-+#define X86_FEATURE_RDTSCP ( 1*32+27) /* RDTSCP */
-+#define X86_FEATURE_LM ( 1*32+29) /* Long Mode (x86-64) */
-+#define X86_FEATURE_3DNOWEXT ( 1*32+30) /* AMD 3DNow! extensions */
-+#define X86_FEATURE_3DNOW ( 1*32+31) /* 3DNow! */
-+
-+/* Transmeta-defined CPU features, CPUID level 0x80860001, word 2 */
-+#define X86_FEATURE_RECOVERY ( 2*32+ 0) /* CPU in recovery mode */
-+#define X86_FEATURE_LONGRUN ( 2*32+ 1) /* Longrun power control */
-+#define X86_FEATURE_LRTI ( 2*32+ 3) /* LongRun table interface */
-+
-+/* Other features, Linux-defined mapping, word 3 */
-+/* This range is used for feature bits which conflict or are synthesized */
-+#define X86_FEATURE_CXMMX ( 3*32+ 0) /* Cyrix MMX extensions */
-+#define X86_FEATURE_K6_MTRR ( 3*32+ 1) /* AMD K6 nonstandard MTRRs */
-+#define X86_FEATURE_CYRIX_ARR ( 3*32+ 2) /* Cyrix ARRs (= MTRRs) */
-+#define X86_FEATURE_CENTAUR_MCR ( 3*32+ 3) /* Centaur MCRs (= MTRRs) */
-+/* cpu types for specific tunings: */
-+#define X86_FEATURE_K8 ( 3*32+ 4) /* "" Opteron, Athlon64 */
-+#define X86_FEATURE_K7 ( 3*32+ 5) /* "" Athlon */
-+#define X86_FEATURE_P3 ( 3*32+ 6) /* "" P3 */
-+#define X86_FEATURE_P4 ( 3*32+ 7) /* "" P4 */
-+#define X86_FEATURE_CONSTANT_TSC ( 3*32+ 8) /* TSC ticks at a constant rate */
-+#define X86_FEATURE_UP ( 3*32+ 9) /* smp kernel running on up */
-+#define X86_FEATURE_FXSAVE_LEAK ( 3*32+10) /* "" FXSAVE leaks FOP/FIP/FOP */
-+#define X86_FEATURE_ARCH_PERFMON ( 3*32+11) /* Intel Architectural PerfMon */
-+#define X86_FEATURE_PEBS ( 3*32+12) /* Precise-Event Based Sampling */
-+#define X86_FEATURE_BTS ( 3*32+13) /* Branch Trace Store */
-+#define X86_FEATURE_SYSCALL32 ( 3*32+14) /* "" syscall in ia32 userspace */
-+#define X86_FEATURE_SYSENTER32 ( 3*32+15) /* "" sysenter in ia32 userspace */
-+#define X86_FEATURE_REP_GOOD ( 3*32+16) /* rep microcode works well */
-+#define X86_FEATURE_MFENCE_RDTSC ( 3*32+17) /* "" Mfence synchronizes RDTSC */
-+#define X86_FEATURE_LFENCE_RDTSC ( 3*32+18) /* "" Lfence synchronizes RDTSC */
-+#define X86_FEATURE_11AP ( 3*32+19) /* "" Bad local APIC aka 11AP */
-+#define X86_FEATURE_NOPL ( 3*32+20) /* The NOPL (0F 1F) instructions */
-+#define X86_FEATURE_ALWAYS ( 3*32+21) /* "" Always-present feature */
-+#define X86_FEATURE_XTOPOLOGY ( 3*32+22) /* cpu topology enum extensions */
-+#define X86_FEATURE_TSC_RELIABLE ( 3*32+23) /* TSC is known to be reliable */
-+#define X86_FEATURE_NONSTOP_TSC ( 3*32+24) /* TSC does not stop in C states */
-+#define X86_FEATURE_CLFLUSH_MONITOR ( 3*32+25) /* "" clflush reqd with monitor */
-+#define X86_FEATURE_EXTD_APICID ( 3*32+26) /* has extended APICID (8 bits) */
-+#define X86_FEATURE_AMD_DCM ( 3*32+27) /* multi-node processor */
-+#define X86_FEATURE_APERFMPERF ( 3*32+28) /* APERFMPERF */
-+#define X86_FEATURE_EAGER_FPU ( 3*32+29) /* "eagerfpu" Non lazy FPU restore */
-+#define X86_FEATURE_NONSTOP_TSC_S3 ( 3*32+30) /* TSC doesn't stop in S3 state */
-+
-+/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
-+#define X86_FEATURE_XMM3 ( 4*32+ 0) /* "pni" SSE-3 */
-+#define X86_FEATURE_PCLMULQDQ ( 4*32+ 1) /* PCLMULQDQ instruction */
-+#define X86_FEATURE_DTES64 ( 4*32+ 2) /* 64-bit Debug Store */
-+#define X86_FEATURE_MWAIT ( 4*32+ 3) /* "monitor" Monitor/Mwait support */
-+#define X86_FEATURE_DSCPL ( 4*32+ 4) /* "ds_cpl" CPL Qual. Debug Store */
-+#define X86_FEATURE_VMX ( 4*32+ 5) /* Hardware virtualization */
-+#define X86_FEATURE_SMX ( 4*32+ 6) /* Safer mode */
-+#define X86_FEATURE_EST ( 4*32+ 7) /* Enhanced SpeedStep */
-+#define X86_FEATURE_TM2 ( 4*32+ 8) /* Thermal Monitor 2 */
-+#define X86_FEATURE_SSSE3 ( 4*32+ 9) /* Supplemental SSE-3 */
-+#define X86_FEATURE_CID ( 4*32+10) /* Context ID */
-+#define X86_FEATURE_FMA ( 4*32+12) /* Fused multiply-add */
-+#define X86_FEATURE_CX16 ( 4*32+13) /* CMPXCHG16B */
-+#define X86_FEATURE_XTPR ( 4*32+14) /* Send Task Priority Messages */
-+#define X86_FEATURE_PDCM ( 4*32+15) /* Performance Capabilities */
-+#define X86_FEATURE_PCID ( 4*32+17) /* Process Context Identifiers */
-+#define X86_FEATURE_DCA ( 4*32+18) /* Direct Cache Access */
-+#define X86_FEATURE_XMM4_1 ( 4*32+19) /* "sse4_1" SSE-4.1 */
-+#define X86_FEATURE_XMM4_2 ( 4*32+20) /* "sse4_2" SSE-4.2 */
-+#define X86_FEATURE_X2APIC ( 4*32+21) /* x2APIC */
-+#define X86_FEATURE_MOVBE ( 4*32+22) /* MOVBE instruction */
-+#define X86_FEATURE_POPCNT ( 4*32+23) /* POPCNT instruction */
-+#define X86_FEATURE_TSC_DEADLINE_TIMER ( 4*32+24) /* Tsc deadline timer */
-+#define X86_FEATURE_AES ( 4*32+25) /* AES instructions */
-+#define X86_FEATURE_XSAVE ( 4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */
-+#define X86_FEATURE_OSXSAVE ( 4*32+27) /* "" XSAVE enabled in the OS */
-+#define X86_FEATURE_AVX ( 4*32+28) /* Advanced Vector Extensions */
-+#define X86_FEATURE_F16C ( 4*32+29) /* 16-bit fp conversions */
-+#define X86_FEATURE_RDRAND ( 4*32+30) /* The RDRAND instruction */
-+#define X86_FEATURE_HYPERVISOR ( 4*32+31) /* Running on a hypervisor */
-+
-+/* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */
-+#define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */
-+#define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */
-+#define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */
-+#define X86_FEATURE_XCRYPT_EN ( 5*32+ 7) /* "ace_en" on-CPU crypto enabled */
-+#define X86_FEATURE_ACE2 ( 5*32+ 8) /* Advanced Cryptography Engine v2 */
-+#define X86_FEATURE_ACE2_EN ( 5*32+ 9) /* ACE v2 enabled */
-+#define X86_FEATURE_PHE ( 5*32+10) /* PadLock Hash Engine */
-+#define X86_FEATURE_PHE_EN ( 5*32+11) /* PHE enabled */
-+#define X86_FEATURE_PMM ( 5*32+12) /* PadLock Montgomery Multiplier */
-+#define X86_FEATURE_PMM_EN ( 5*32+13) /* PMM enabled */
-+
-+/* More extended AMD flags: CPUID level 0x80000001, ecx, word 6 */
-+#define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* LAHF/SAHF in long mode */
-+#define X86_FEATURE_CMP_LEGACY ( 6*32+ 1) /* If yes HyperThreading not valid */
-+#define X86_FEATURE_SVM ( 6*32+ 2) /* Secure virtual machine */
-+#define X86_FEATURE_EXTAPIC ( 6*32+ 3) /* Extended APIC space */
-+#define X86_FEATURE_CR8_LEGACY ( 6*32+ 4) /* CR8 in 32-bit mode */
-+#define X86_FEATURE_ABM ( 6*32+ 5) /* Advanced bit manipulation */
-+#define X86_FEATURE_SSE4A ( 6*32+ 6) /* SSE-4A */
-+#define X86_FEATURE_MISALIGNSSE ( 6*32+ 7) /* Misaligned SSE mode */
-+#define X86_FEATURE_3DNOWPREFETCH ( 6*32+ 8) /* 3DNow prefetch instructions */
-+#define X86_FEATURE_OSVW ( 6*32+ 9) /* OS Visible Workaround */
-+#define X86_FEATURE_IBS ( 6*32+10) /* Instruction Based Sampling */
-+#define X86_FEATURE_XOP ( 6*32+11) /* extended AVX instructions */
-+#define X86_FEATURE_SKINIT ( 6*32+12) /* SKINIT/STGI instructions */
-+#define X86_FEATURE_WDT ( 6*32+13) /* Watchdog timer */
-+#define X86_FEATURE_LWP ( 6*32+15) /* Light Weight Profiling */
-+#define X86_FEATURE_FMA4 ( 6*32+16) /* 4 operands MAC instructions */
-+#define X86_FEATURE_TCE ( 6*32+17) /* translation cache extension */
-+#define X86_FEATURE_NODEID_MSR ( 6*32+19) /* NodeId MSR */
-+#define X86_FEATURE_TBM ( 6*32+21) /* trailing bit manipulations */
-+#define X86_FEATURE_TOPOEXT ( 6*32+22) /* topology extensions CPUID leafs */
-+#define X86_FEATURE_PERFCTR_CORE ( 6*32+23) /* core performance counter extensions */
-+#define X86_FEATURE_PERFCTR_NB ( 6*32+24) /* NB performance counter extensions */
-+#define X86_FEATURE_PERFCTR_L2 ( 6*32+28) /* L2 performance counter extensions */
-+
-+/*
-+ * Auxiliary flags: Linux defined - For features scattered in various
-+ * CPUID levels like 0x6, 0xA etc, word 7
-+ */
-+#define X86_FEATURE_IDA ( 7*32+ 0) /* Intel Dynamic Acceleration */
-+#define X86_FEATURE_ARAT ( 7*32+ 1) /* Always Running APIC Timer */
-+#define X86_FEATURE_CPB ( 7*32+ 2) /* AMD Core Performance Boost */
-+#define X86_FEATURE_EPB ( 7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */
-+#define X86_FEATURE_XSAVEOPT ( 7*32+ 4) /* Optimized Xsave */
-+#define X86_FEATURE_PLN ( 7*32+ 5) /* Intel Power Limit Notification */
-+#define X86_FEATURE_PTS ( 7*32+ 6) /* Intel Package Thermal Status */
-+#define X86_FEATURE_DTHERM ( 7*32+ 7) /* Digital Thermal Sensor */
-+#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
-+#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
-+#define X86_FEATURE_INVPCID_SINGLE ( 7*32+10) /* Effectively INVPCID && CR4.PCIDE=1 */
-+#define X86_FEATURE_RSB_CTXSW ( 7*32+11) /* "" Fill RSB on context switches */
-+#define X86_FEATURE_USE_IBPB ( 7*32+12) /* "" Indirect Branch Prediction Barrier enabled */
-+#define X86_FEATURE_USE_IBRS_FW ( 7*32+13) /* "" Use IBRS during runtime firmware calls */
-+#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+14) /* "" Disable Speculative Store Bypass. */
-+#define X86_FEATURE_LS_CFG_SSBD ( 7*32+15) /* "" AMD SSBD implementation */
-+#define X86_FEATURE_IBRS ( 7*32+16) /* Indirect Branch Restricted Speculation */
-+#define X86_FEATURE_IBPB ( 7*32+17) /* Indirect Branch Prediction Barrier */
-+#define X86_FEATURE_STIBP ( 7*32+18) /* Single Thread Indirect Branch Predictors */
-+#define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+19) /* "" MSR SPEC_CTRL is implemented */
-+#define X86_FEATURE_SSBD ( 7*32+20) /* Speculative Store Bypass Disable */
-+#define X86_FEATURE_ZEN ( 7*32+21) /* "" CPU is AMD family 0x17 (Zen) */
-+#define X86_FEATURE_L1TF_PTEINV ( 7*32+22) /* "" L1TF workaround PTE inversion */
-+#define X86_FEATURE_RETPOLINE ( 7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */
-+#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */
-+/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
-+#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */
-+
-+/* Virtualization flags: Linux defined, word 8 */
-+#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
-+#define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */
-+#define X86_FEATURE_FLEXPRIORITY ( 8*32+ 2) /* Intel FlexPriority */
-+#define X86_FEATURE_EPT ( 8*32+ 3) /* Intel Extended Page Table */
-+#define X86_FEATURE_VPID ( 8*32+ 4) /* Intel Virtual Processor ID */
-+#define X86_FEATURE_NPT ( 8*32+ 5) /* AMD Nested Page Table support */
-+#define X86_FEATURE_LBRV ( 8*32+ 6) /* AMD LBR Virtualization support */
-+#define X86_FEATURE_SVML ( 8*32+ 7) /* "svm_lock" AMD SVM locking MSR */
-+#define X86_FEATURE_NRIPS ( 8*32+ 8) /* "nrip_save" AMD SVM next_rip save */
-+#define X86_FEATURE_TSCRATEMSR ( 8*32+ 9) /* "tsc_scale" AMD TSC scaling support */
-+#define X86_FEATURE_VMCBCLEAN ( 8*32+10) /* "vmcb_clean" AMD VMCB clean bits support */
-+#define X86_FEATURE_FLUSHBYASID ( 8*32+11) /* AMD flush-by-ASID support */
-+#define X86_FEATURE_DECODEASSISTS ( 8*32+12) /* AMD Decode Assists support */
-+#define X86_FEATURE_PAUSEFILTER ( 8*32+13) /* AMD filtered pause intercept */
-+#define X86_FEATURE_PFTHRESHOLD ( 8*32+14) /* AMD pause filter threshold */
-+#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */
-+
-+
-+/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
-+#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
-+#define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3b */
-+#define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */
-+#define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */
-+#define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */
-+#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Protection */
-+#define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */
-+#define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */
-+#define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */
-+#define X86_FEATURE_RTM ( 9*32+11) /* Restricted Transactional Memory */
-+#define X86_FEATURE_MPX ( 9*32+14) /* Memory Protection Extension */
-+#define X86_FEATURE_AVX512F ( 9*32+16) /* AVX-512 Foundation */
-+#define X86_FEATURE_RDSEED ( 9*32+18) /* The RDSEED instruction */
-+#define X86_FEATURE_ADX ( 9*32+19) /* The ADCX and ADOX instructions */
-+#define X86_FEATURE_SMAP ( 9*32+20) /* Supervisor Mode Access Prevention */
-+#define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */
-+#define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */
-+#define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */
-+#define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */
-+
-+/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */
-+#define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */
-+#define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */
-+#define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
-+#define X86_FEATURE_SPEC_CTRL_SSBD (10*32+31) /* "" Speculative Store Bypass Disable */
-+
-+/* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 11 */
-+#define X86_FEATURE_AMD_IBPB (11*32+12) /* "" Indirect Branch Prediction Barrier */
-+#define X86_FEATURE_AMD_IBRS (11*32+14) /* "" Indirect Branch Restricted Speculation */
-+#define X86_FEATURE_AMD_STIBP (11*32+15) /* "" Single Thread Indirect Branch Predictors */
-+#define X86_FEATURE_AMD_SSBD (11*32+24) /* "" Speculative Store Bypass Disable */
-+#define X86_FEATURE_VIRT_SSBD (11*32+25) /* Virtualized Speculative Store Bypass Disable */
-+#define X86_FEATURE_AMD_SSB_NO (11*32+26) /* "" Speculative Store Bypass is fixed in hardware. */
-+
-+/*
-+ * BUG word(s)
-+ */
-+#define X86_BUG(x) (NCAPINTS*32 + (x))
-+
-+#define X86_BUG_F00F X86_BUG(0) /* Intel F00F */
-+#define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */
-+#define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */
-+#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */
-+#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */
-+#define X86_BUG_CPU_MELTDOWN X86_BUG(5) /* CPU is affected by meltdown attack and needs kernel page table isolation */
-+#define X86_BUG_SPECTRE_V1 X86_BUG(6) /* CPU is affected by Spectre variant 1 attack with conditional branches */
-+#define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */
-+#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */
-+#define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */
-+
-+#endif /* _ASM_X86_CPUFEATURES_H */
---- a/arch/x86/include/asm/mwait.h
-+++ b/arch/x86/include/asm/mwait.h
-@@ -3,6 +3,8 @@
-
- #include <linux/sched.h>
-
-+#include <asm/cpufeature.h>
-+
- #define MWAIT_SUBSTATE_MASK 0xf
- #define MWAIT_CSTATE_MASK 0xf
- #define MWAIT_SUBSTATE_SIZE 4
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -5,7 +5,7 @@
-
- #include <asm/alternative.h>
- #include <asm/alternative-asm.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/msr-index.h>
-
- /*
---- a/arch/x86/include/asm/processor.h
-+++ b/arch/x86/include/asm/processor.h
-@@ -13,7 +13,7 @@ struct mm_struct;
- #include <asm/types.h>
- #include <asm/sigcontext.h>
- #include <asm/current.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/page.h>
- #include <asm/pgtable_types.h>
- #include <asm/percpu.h>
-@@ -23,7 +23,6 @@ struct mm_struct;
- #include <asm/special_insns.h>
-
- #include <linux/personality.h>
--#include <linux/cpumask.h>
- #include <linux/cache.h>
- #include <linux/threads.h>
- #include <linux/math64.h>
---- a/arch/x86/include/asm/smap.h
-+++ b/arch/x86/include/asm/smap.h
-@@ -15,7 +15,7 @@
-
- #include <linux/stringify.h>
- #include <asm/nops.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
-
- /* "Raw" instruction opcodes */
- #define __ASM_CLAC .byte 0x0f,0x01,0xca
---- a/arch/x86/include/asm/smp.h
-+++ b/arch/x86/include/asm/smp.h
-@@ -16,7 +16,6 @@
- #endif
- #include <asm/thread_info.h>
- #include <asm/cpumask.h>
--#include <asm/cpufeature.h>
-
- extern int smp_num_siblings;
- extern unsigned int num_processors;
---- a/arch/x86/include/asm/thread_info.h
-+++ b/arch/x86/include/asm/thread_info.h
-@@ -20,7 +20,7 @@
- #ifndef __ASSEMBLY__
- struct task_struct;
- struct exec_domain;
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <linux/atomic.h>
-
- struct thread_info {
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -5,6 +5,7 @@
- #include <linux/sched.h>
-
- #include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <asm/special_insns.h>
- #include <asm/smp.h>
-
---- a/arch/x86/include/asm/uaccess_64.h
-+++ b/arch/x86/include/asm/uaccess_64.h
-@@ -8,7 +8,7 @@
- #include <linux/errno.h>
- #include <linux/lockdep.h>
- #include <asm/alternative.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/page.h>
-
- /*
---- a/arch/x86/kernel/cpu/Makefile
-+++ b/arch/x86/kernel/cpu/Makefile
-@@ -49,7 +49,7 @@ obj-$(CONFIG_HYPERVISOR_GUEST) += vmwar
- quiet_cmd_mkcapflags = MKCAP $@
- cmd_mkcapflags = $(CONFIG_SHELL) $(srctree)/$(src)/mkcapflags.sh $< $@
-
--cpufeature = $(src)/../../include/asm/cpufeature.h
-+cpufeature = $(src)/../../include/asm/cpufeatures.h
-
- targets += capflags.c
- $(obj)/capflags.c: $(cpufeature) $(src)/mkcapflags.sh FORCE
---- a/arch/x86/kernel/cpu/centaur.c
-+++ b/arch/x86/kernel/cpu/centaur.c
-@@ -1,7 +1,7 @@
- #include <linux/bitops.h>
- #include <linux/kernel.h>
-
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <asm/e820.h>
- #include <asm/mtrr.h>
- #include <asm/msr.h>
---- a/arch/x86/kernel/cpu/cyrix.c
-+++ b/arch/x86/kernel/cpu/cyrix.c
-@@ -8,6 +8,7 @@
- #include <linux/timer.h>
- #include <asm/pci-direct.h>
- #include <asm/tsc.h>
-+#include <asm/cpufeature.h>
-
- #include "cpu.h"
-
---- a/arch/x86/kernel/cpu/intel.c
-+++ b/arch/x86/kernel/cpu/intel.c
-@@ -8,7 +8,7 @@
- #include <linux/module.h>
- #include <linux/uaccess.h>
-
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <asm/pgtable.h>
- #include <asm/msr.h>
- #include <asm/bugs.h>
---- a/arch/x86/kernel/cpu/intel_cacheinfo.c
-+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
-@@ -15,7 +15,7 @@
- #include <linux/sched.h>
- #include <linux/pci.h>
-
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <linux/smp.h>
- #include <asm/amd_nb.h>
- #include <asm/smp.h>
---- a/arch/x86/kernel/cpu/match.c
-+++ b/arch/x86/kernel/cpu/match.c
-@@ -1,5 +1,5 @@
- #include <asm/cpu_device_id.h>
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <linux/cpu.h>
- #include <linux/module.h>
- #include <linux/slab.h>
---- a/arch/x86/kernel/cpu/mkcapflags.sh
-+++ b/arch/x86/kernel/cpu/mkcapflags.sh
-@@ -1,6 +1,6 @@
- #!/bin/sh
- #
--# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeature.h
-+# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeatures.h
- #
-
- IN=$1
-@@ -49,8 +49,8 @@ function dump_array()
- trap 'rm "$OUT"' EXIT
-
- (
-- echo "#ifndef _ASM_X86_CPUFEATURE_H"
-- echo "#include <asm/cpufeature.h>"
-+ echo "#ifndef _ASM_X86_CPUFEATURES_H"
-+ echo "#include <asm/cpufeatures.h>"
- echo "#endif"
- echo ""
-
---- a/arch/x86/kernel/cpu/mtrr/main.c
-+++ b/arch/x86/kernel/cpu/mtrr/main.c
-@@ -47,7 +47,7 @@
- #include <linux/smp.h>
- #include <linux/syscore_ops.h>
-
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <asm/e820.h>
- #include <asm/mtrr.h>
- #include <asm/msr.h>
---- a/arch/x86/kernel/cpu/transmeta.c
-+++ b/arch/x86/kernel/cpu/transmeta.c
-@@ -1,6 +1,6 @@
- #include <linux/kernel.h>
- #include <linux/mm.h>
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <asm/msr.h>
- #include "cpu.h"
-
---- a/arch/x86/kernel/e820.c
-+++ b/arch/x86/kernel/e820.c
-@@ -24,6 +24,7 @@
- #include <asm/e820.h>
- #include <asm/proto.h>
- #include <asm/setup.h>
-+#include <asm/cpufeature.h>
-
- /*
- * The e820 map is the map that gets modified e.g. with command line parameters
---- a/arch/x86/kernel/entry_32.S
-+++ b/arch/x86/kernel/entry_32.S
-@@ -54,7 +54,7 @@
- #include <asm/processor-flags.h>
- #include <asm/ftrace.h>
- #include <asm/irq_vectors.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/alternative-asm.h>
- #include <asm/asm.h>
- #include <asm/smap.h>
---- a/arch/x86/kernel/head_32.S
-+++ b/arch/x86/kernel/head_32.S
-@@ -19,7 +19,7 @@
- #include <asm/setup.h>
- #include <asm/processor-flags.h>
- #include <asm/msr-index.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/percpu.h>
- #include <asm/nops.h>
-
---- a/arch/x86/kernel/hpet.c
-+++ b/arch/x86/kernel/hpet.c
-@@ -12,6 +12,7 @@
- #include <linux/pm.h>
- #include <linux/io.h>
-
-+#include <asm/cpufeature.h>
- #include <asm/fixmap.h>
- #include <asm/hpet.h>
- #include <asm/time.h>
---- a/arch/x86/kernel/msr.c
-+++ b/arch/x86/kernel/msr.c
-@@ -38,7 +38,7 @@
- #include <linux/uaccess.h>
- #include <linux/gfp.h>
-
--#include <asm/processor.h>
-+#include <asm/cpufeature.h>
- #include <asm/msr.h>
-
- static struct class *msr_class;
---- a/arch/x86/kernel/verify_cpu.S
-+++ b/arch/x86/kernel/verify_cpu.S
-@@ -30,7 +30,7 @@
- * appropriately. Either display a message or halt.
- */
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/msr-index.h>
-
- verify_cpu:
---- a/arch/x86/lib/clear_page_64.S
-+++ b/arch/x86/lib/clear_page_64.S
-@@ -56,7 +56,7 @@ ENDPROC(clear_page)
- *
- */
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
-
- .section .altinstr_replacement,"ax"
- 1: .byte 0xeb /* jmp <disp8> */
---- a/arch/x86/lib/copy_page_64.S
-+++ b/arch/x86/lib/copy_page_64.S
-@@ -97,7 +97,7 @@ ENDPROC(copy_page)
- /* Some CPUs run faster using the string copy instructions.
- It is also a lot simpler. Use this when possible */
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
-
- .section .altinstr_replacement,"ax"
- 1: .byte 0xeb /* jmp <disp8> */
---- a/arch/x86/lib/copy_user_64.S
-+++ b/arch/x86/lib/copy_user_64.S
-@@ -14,7 +14,7 @@
- #include <asm/current.h>
- #include <asm/asm-offsets.h>
- #include <asm/thread_info.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/alternative-asm.h>
- #include <asm/asm.h>
- #include <asm/smap.h>
---- a/arch/x86/lib/memcpy_64.S
-+++ b/arch/x86/lib/memcpy_64.S
-@@ -2,7 +2,7 @@
-
- #include <linux/linkage.h>
-
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/dwarf2.h>
- #include <asm/alternative-asm.h>
-
---- a/arch/x86/lib/memmove_64.S
-+++ b/arch/x86/lib/memmove_64.S
-@@ -8,7 +8,7 @@
- #define _STRING_C
- #include <linux/linkage.h>
- #include <asm/dwarf2.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/alternative-asm.h>
-
- #undef memmove
---- a/arch/x86/lib/memset_64.S
-+++ b/arch/x86/lib/memset_64.S
-@@ -2,7 +2,7 @@
-
- #include <linux/linkage.h>
- #include <asm/dwarf2.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/alternative-asm.h>
-
- /*
---- a/arch/x86/lib/retpoline.S
-+++ b/arch/x86/lib/retpoline.S
-@@ -3,7 +3,7 @@
- #include <linux/stringify.h>
- #include <linux/linkage.h>
- #include <asm/dwarf2.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/alternative-asm.h>
- #include <asm/nospec-branch.h>
-
---- a/arch/x86/mm/setup_nx.c
-+++ b/arch/x86/mm/setup_nx.c
-@@ -4,6 +4,7 @@
-
- #include <asm/pgtable.h>
- #include <asm/proto.h>
-+#include <asm/cpufeature.h>
-
- static int disable_nx;
-
---- a/arch/x86/oprofile/op_model_amd.c
-+++ b/arch/x86/oprofile/op_model_amd.c
-@@ -24,7 +24,6 @@
- #include <asm/nmi.h>
- #include <asm/apic.h>
- #include <asm/processor.h>
--#include <asm/cpufeature.h>
-
- #include "op_x86_model.h"
- #include "op_counter.h"
---- a/arch/x86/um/asm/barrier.h
-+++ b/arch/x86/um/asm/barrier.h
-@@ -3,7 +3,7 @@
-
- #include <asm/asm.h>
- #include <asm/segment.h>
--#include <asm/cpufeature.h>
-+#include <asm/cpufeatures.h>
- #include <asm/cmpxchg.h>
- #include <asm/nops.h>
-
---- a/arch/x86/vdso/vdso32-setup.c
-+++ b/arch/x86/vdso/vdso32-setup.c
-@@ -11,7 +11,6 @@
- #include <linux/kernel.h>
- #include <linux/mm_types.h>
-
--#include <asm/cpufeature.h>
- #include <asm/processor.h>
- #include <asm/vdso.h>
-
---- a/arch/x86/vdso/vma.c
-+++ b/arch/x86/vdso/vma.c
-@@ -17,6 +17,7 @@
- #include <asm/vdso.h>
- #include <asm/page.h>
- #include <asm/hpet.h>
-+#include <asm/cpufeature.h>
-
- #if defined(CONFIG_X86_64)
- unsigned int __read_mostly vdso64_enabled = 1;
---- a/lib/atomic64_test.c
-+++ b/lib/atomic64_test.c
-@@ -17,7 +17,7 @@
- #include <linux/atomic.h>
-
- #ifdef CONFIG_X86
--#include <asm/processor.h> /* for boot_cpu_has below */
-+#include <asm/cpufeature.h> /* for boot_cpu_has below */
- #endif
-
- #define INIT(c) do { atomic64_set(&v, c); r = c; } while (0)
diff --git a/queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch b/queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch
deleted file mode 100644
index 1f3a2ab2..00000000
--- a/queue-3.16/x86-headers-don-t-include-asm-processor.h-in-asm-atomic.h.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From: Andi Kleen <ak@linux.intel.com>
-Date: Tue, 1 Dec 2015 17:00:57 -0800
-Subject: x86/headers: Don't include asm/processor.h in asm/atomic.h
-
-commit 153a4334c439cfb62e1d31cee0c790ba4157813d upstream.
-
-asm/atomic.h doesn't really need asm/processor.h anymore. Everything
-it uses has moved to other header files. So remove that include.
-
-processor.h is a nasty header that includes lots of
-other headers and makes it prone to include loops. Removing the
-include here makes asm/atomic.h a "leaf" header that can
-be safely included in most other headers.
-
-The only fallout is in the lib/atomic tester which relied on
-this implicit include. Give it an explicit include.
-(the include is in ifdef because the user is also in ifdef)
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
-Cc: Jiri Olsa <jolsa@redhat.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Mike Galbraith <efault@gmx.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Stephane Eranian <eranian@google.com>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: Vince Weaver <vincent.weaver@maine.edu>
-Cc: rostedt@goodmis.org
-Link: http://lkml.kernel.org/r/1449018060-1742-1-git-send-email-andi@firstfloor.org
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-[bwh: Backported to 3.16 to avoid a dependency loop; adjusted context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/atomic.h | 1 -
- arch/x86/include/asm/atomic64_32.h | 1 -
- lib/atomic64_test.c | 4 ++++
- 3 files changed, 4 insertions(+), 2 deletions(-)
-
---- a/arch/x86/include/asm/atomic.h
-+++ b/arch/x86/include/asm/atomic.h
-@@ -3,7 +3,6 @@
-
- #include <linux/compiler.h>
- #include <linux/types.h>
--#include <asm/processor.h>
- #include <asm/alternative.h>
- #include <asm/cmpxchg.h>
- #include <asm/rmwcc.h>
---- a/arch/x86/include/asm/atomic64_32.h
-+++ b/arch/x86/include/asm/atomic64_32.h
-@@ -3,7 +3,6 @@
-
- #include <linux/compiler.h>
- #include <linux/types.h>
--#include <asm/processor.h>
- //#include <asm/cmpxchg.h>
-
- /* An 64bit atomic type */
---- a/lib/atomic64_test.c
-+++ b/lib/atomic64_test.c
-@@ -16,6 +16,10 @@
- #include <linux/kernel.h>
- #include <linux/atomic.h>
-
-+#ifdef CONFIG_X86
-+#include <asm/processor.h> /* for boot_cpu_has below */
-+#endif
-+
- #define INIT(c) do { atomic64_set(&v, c); r = c; } while (0)
- static __init int test_atomic64(void)
- {
diff --git a/queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch b/queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch
deleted file mode 100644
index 2198098e..00000000
--- a/queue-3.16/x86-kconfig-select-sched_smt-if-smp-enabled.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:37 +0100
-Subject: x86/Kconfig: Select SCHED_SMT if SMP enabled
-
-commit dbe733642e01dd108f71436aaea7b328cb28fd87 upstream.
-
-CONFIG_SCHED_SMT is enabled by all distros, so there is not a real point to
-have it configurable. The runtime overhead in the core scheduler code is
-minimal because the actual SMT scheduling parts are conditional on a static
-key.
-
-This allows to expose the scheduler's SMT state static key to the
-speculation control code. Alternatively the scheduler's static key could be
-made always available when CONFIG_SMP is enabled, but that's just adding an
-unused static key to every other architecture for nothing.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.337452245@linutronix.de
-[bwh: Backported to 3.16: CONFIG_SCHED_SMT depended on CONFG_X86_HT, but that
- also follows CONFIG_SMP]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/Kconfig | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -798,13 +798,7 @@ config NR_CPUS
- approximately eight kilobytes to the kernel image.
-
- config SCHED_SMT
-- bool "SMT (Hyperthreading) scheduler support"
-- depends on X86_HT
-- ---help---
-- SMT scheduler support improves the CPU scheduler's decision making
-- when dealing with Intel Pentium 4 chips with HyperThreading at a
-- cost of slightly increased overhead in some places. If unsure say
-- N here.
-+ def_bool y if SMP
-
- config SCHED_MC
- def_bool y
diff --git a/queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch b/queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch
deleted file mode 100644
index f420803e..00000000
--- a/queue-3.16/x86-kvm-expose-x86_feature_md_clear-to-guests.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Andi Kleen <ak@linux.intel.com>
-Date: Fri, 18 Jan 2019 16:50:23 -0800
-Subject: x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
-
-commit 6c4dbbd14730c43f4ed808a9c42ca41625925c22 upstream.
-
-X86_FEATURE_MD_CLEAR is a new CPUID bit which is set when microcode
-provides the mechanism to invoke a flush of various exploitable CPU buffers
-by invoking the VERW instruction.
-
-Hand it through to guests so they can adjust their mitigations.
-
-This also requires corresponding qemu changes, which are available
-separately.
-
-[ tglx: Massaged changelog ]
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kvm/cpuid.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/arch/x86/kvm/cpuid.c
-+++ b/arch/x86/kvm/cpuid.c
-@@ -320,7 +320,7 @@ static inline int __do_cpuid_ent(struct
- /* cpuid 7.0.edx*/
- const u32 kvm_cpuid_7_0_edx_x86_features =
- F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) |
-- F(INTEL_STIBP);
-+ F(INTEL_STIBP) | F(MD_CLEAR);
-
- /* all calls to cpuid_count() should be made on the same cpu */
- get_cpu();
diff --git a/queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch b/queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch
deleted file mode 100644
index ec2b97f0..00000000
--- a/queue-3.16/x86-mds-add-mdsum-variant-to-the-mds-documentation.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From: speck for Pawan Gupta <speck@linutronix.de>
-Date: Mon, 6 May 2019 12:23:50 -0700
-Subject: x86/mds: Add MDSUM variant to the MDS documentation
-
-commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream.
-
-Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
-Sampling Uncacheable Memory (MDSUM) which is a variant of
-Microarchitectural Data Sampling (MDS). MDS is a family of side channel
-attacks on internal buffers in Intel CPUs.
-
-MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
-memory that takes a fault or assist can leave data in a microarchitectural
-structure that may later be observed using one of the same methods used by
-MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
-The existing mitigation for MDS applies to MDSUM as well.
-
-Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16: adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/hw-vuln/mds.rst | 5 +++--
- Documentation/x86/mds.rst | 5 +++++
- 2 files changed, 8 insertions(+), 2 deletions(-)
-
---- a/Documentation/hw-vuln/mds.rst
-+++ b/Documentation/hw-vuln/mds.rst
-@@ -32,11 +32,12 @@ Related CVEs
-
- The following CVE entries are related to the MDS vulnerability:
-
-- ============== ===== ==============================================
-+ ============== ===== ===================================================
- CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
- CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
- CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
-- ============== ===== ==============================================
-+ CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory
-+ ============== ===== ===================================================
-
- Problem
- -------
---- a/Documentation/x86/mds.rst
-+++ b/Documentation/x86/mds.rst
-@@ -12,6 +12,7 @@ on internal buffers in Intel CPUs. The v
- - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
-+ - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
-
- MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
- dependent load (store-to-load forwarding) as an optimization. The forward
-@@ -38,6 +39,10 @@ faulting or assisting loads under certai
- exploited eventually. Load ports are shared between Hyper-Threads so cross
- thread leakage is possible.
-
-+MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
-+memory that takes a fault or assist can leave data in a microarchitectural
-+structure that may later be observed using one of the same methods used by
-+MSBDS, MFBDS or MLPDS.
-
- Exposure assumptions
- --------------------
diff --git a/queue-3.16/x86-msr-index-cleanup-bit-defines.patch b/queue-3.16/x86-msr-index-cleanup-bit-defines.patch
deleted file mode 100644
index 1836bc07..00000000
--- a/queue-3.16/x86-msr-index-cleanup-bit-defines.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Thu, 21 Feb 2019 12:36:50 +0100
-Subject: x86/msr-index: Cleanup bit defines
-
-commit d8eabc37310a92df40d07c5a8afc53cebf996716 upstream.
-
-Greg pointed out that speculation related bit defines are using (1 << N)
-format instead of BIT(N). Aside of that (1 << N) is wrong as it should use
-1UL at least.
-
-Clean it up.
-
-[ Josh Poimboeuf: Fix tools build ]
-
-Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Since <asm/msr-index.h> is a UAPI header here, open-code BIT() and drop
- changes under tools/
- - Drop changes to flush MSRs which we haven't defined]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/include/uapi/asm/msr-index.h
-+++ b/arch/x86/include/uapi/asm/msr-index.h
-@@ -33,14 +33,14 @@
-
- /* Intel MSRs. Some also available on other CPUs */
- #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */
--#define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */
-+#define SPEC_CTRL_IBRS (1UL << 0) /* Indirect Branch Restricted Speculation */
- #define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */
--#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */
-+#define SPEC_CTRL_STIBP (1UL << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */
- #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */
--#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */
-+#define SPEC_CTRL_SSBD (1UL << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */
-
- #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */
--#define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */
-+#define PRED_CMD_IBPB (1UL << 0) /* Indirect Branch Prediction Barrier */
-
- #define MSR_IA32_PERFCTR0 0x000000c1
- #define MSR_IA32_PERFCTR1 0x000000c2
-@@ -58,9 +58,9 @@
- #define MSR_MTRRcap 0x000000fe
-
- #define MSR_IA32_ARCH_CAPABILITIES 0x0000010a
--#define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */
--#define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */
--#define ARCH_CAP_SSB_NO (1 << 4) /*
-+#define ARCH_CAP_RDCL_NO (1UL << 0) /* Not susceptible to Meltdown */
-+#define ARCH_CAP_IBRS_ALL (1UL << 1) /* Enhanced IBRS support */
-+#define ARCH_CAP_SSB_NO (1UL << 4) /*
- * Not susceptible to Speculative Store Bypass
- * attack, so no Speculative Store Bypass
- * control required.
diff --git a/queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch b/queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch
deleted file mode 100644
index dcef36c8..00000000
--- a/queue-3.16/x86-process-consolidate-and-simplify-switch_to_xtra-code.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:47 +0100
-Subject: x86/process: Consolidate and simplify switch_to_xtra() code
-
-commit ff16701a29cba3aafa0bd1656d766813b2d0a811 upstream.
-
-Move the conditional invocation of __switch_to_xtra() into an inline
-function so the logic can be shared between 32 and 64 bit.
-
-Remove the handthrough of the TSS pointer and retrieve the pointer directly
-in the bitmap handling function. Use this_cpu_ptr() instead of the
-per_cpu() indirection.
-
-This is a preparatory change so integration of conditional indirect branch
-speculation optimization happens only in one place.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.280855518@linutronix.de
-[bwh: Backported to 3.16:
- - Use init_tss instead of cpu_tss_rw
- - __switch_to() still uses the tss variable, so don't delete it
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/include/asm/switch_to.h
-+++ b/arch/x86/include/asm/switch_to.h
-@@ -6,9 +6,6 @@
- struct task_struct; /* one of the stranger aspects of C forward declarations */
- __visible struct task_struct *__switch_to(struct task_struct *prev,
- struct task_struct *next);
--struct tss_struct;
--void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
-- struct tss_struct *tss);
-
- #ifdef CONFIG_X86_32
-
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -32,6 +32,8 @@
- #include <asm/tlbflush.h>
- #include <asm/spec-ctrl.h>
-
-+#include "process.h"
-+
- /*
- * per-CPU TSS segments. Threads are completely 'soft' on Linux,
- * no more per-task TSS's. The TSS size is kept cacheline-aligned
-@@ -197,11 +199,12 @@ int set_tsc_mode(unsigned int val)
- return 0;
- }
-
--static inline void switch_to_bitmap(struct tss_struct *tss,
-- struct thread_struct *prev,
-+static inline void switch_to_bitmap(struct thread_struct *prev,
- struct thread_struct *next,
- unsigned long tifp, unsigned long tifn)
- {
-+ struct tss_struct *tss = this_cpu_ptr(&init_tss);
-+
- if (tifn & _TIF_IO_BITMAP) {
- /*
- * Copy the relevant range of the IO bitmap.
-@@ -388,8 +391,7 @@ void speculation_ctrl_update(unsigned lo
- preempt_enable();
- }
-
--void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
-- struct tss_struct *tss)
-+void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
- {
- struct thread_struct *prev, *next;
- unsigned long tifp, tifn;
-@@ -399,7 +401,7 @@ void __switch_to_xtra(struct task_struct
-
- tifn = ACCESS_ONCE(task_thread_info(next_p)->flags);
- tifp = ACCESS_ONCE(task_thread_info(prev_p)->flags);
-- switch_to_bitmap(tss, prev, next, tifp, tifn);
-+ switch_to_bitmap(prev, next, tifp, tifn);
-
- propagate_user_return_notify(prev_p, next_p);
-
---- /dev/null
-+++ b/arch/x86/kernel/process.h
-@@ -0,0 +1,24 @@
-+// SPDX-License-Identifier: GPL-2.0
-+//
-+// Code shared between 32 and 64 bit
-+
-+void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p);
-+
-+/*
-+ * This needs to be inline to optimize for the common case where no extra
-+ * work needs to be done.
-+ */
-+static inline void switch_to_extra(struct task_struct *prev,
-+ struct task_struct *next)
-+{
-+ unsigned long next_tif = task_thread_info(next)->flags;
-+ unsigned long prev_tif = task_thread_info(prev)->flags;
-+
-+ /*
-+ * __switch_to_xtra() handles debug registers, i/o bitmaps,
-+ * speculation mitigations etc.
-+ */
-+ if (unlikely(next_tif & _TIF_WORK_CTXSW_NEXT ||
-+ prev_tif & _TIF_WORK_CTXSW_PREV))
-+ __switch_to_xtra(prev, next);
-+}
---- a/arch/x86/kernel/process_32.c
-+++ b/arch/x86/kernel/process_32.c
-@@ -55,6 +55,8 @@
- #include <asm/debugreg.h>
- #include <asm/switch_to.h>
-
-+#include "process.h"
-+
- asmlinkage void ret_from_fork(void) __asm__("ret_from_fork");
- asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
-
-@@ -298,12 +300,7 @@ __switch_to(struct task_struct *prev_p,
- task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count);
- this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count);
-
-- /*
-- * Now maybe handle debug registers and/or IO bitmaps
-- */
-- if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV ||
-- task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT))
-- __switch_to_xtra(prev_p, next_p, tss);
-+ switch_to_extra(prev_p, next_p);
-
- /*
- * Leave lazy mode, flushing any hypercalls made here.
---- a/arch/x86/kernel/process_64.c
-+++ b/arch/x86/kernel/process_64.c
-@@ -51,6 +51,8 @@
- #include <asm/switch_to.h>
- #include <asm/xen/hypervisor.h>
-
-+#include "process.h"
-+
- asmlinkage extern void ret_from_fork(void);
-
- __visible DEFINE_PER_CPU_USER_MAPPED(unsigned long, old_rsp);
-@@ -428,12 +430,7 @@ __switch_to(struct task_struct *prev_p,
- (unsigned long)task_stack_page(next_p) +
- THREAD_SIZE - KERNEL_STACK_OFFSET);
-
-- /*
-- * Now maybe reload the debug registers and handle I/O bitmaps
-- */
-- if (unlikely(task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT ||
-- task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV))
-- __switch_to_xtra(prev_p, next_p, tss);
-+ switch_to_extra(prev_p, next_p);
-
- #ifdef CONFIG_XEN
- /*
diff --git a/queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch b/queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch
deleted file mode 100644
index 6c19a80e..00000000
--- a/queue-3.16/x86-speculataion-mark-command-line-parser-data-__initdata.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:43 +0100
-Subject: x86/speculataion: Mark command line parser data __initdata
-
-commit 30ba72a990f5096ae08f284de17986461efcc408 upstream.
-
-No point to keep that around.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.893886356@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -303,7 +303,7 @@ static const struct {
- const char *option;
- enum spectre_v2_mitigation_cmd cmd;
- bool secure;
--} mitigation_options[] = {
-+} mitigation_options[] __initdata = {
- { "off", SPECTRE_V2_CMD_NONE, false },
- { "on", SPECTRE_V2_CMD_FORCE, true },
- { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false },
-@@ -546,7 +546,7 @@ static const char * const ssb_strings[]
- static const struct {
- const char *option;
- enum ssb_mitigation_cmd cmd;
--} ssb_mitigation_options[] = {
-+} ssb_mitigation_options[] __initdata = {
- { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */
- { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */
- { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */
diff --git a/queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch b/queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch
deleted file mode 100644
index c7f46ec1..00000000
--- a/queue-3.16/x86-speculation-add-command-line-control-for-indirect-branch.patch
+++ /dev/null
@@ -1,320 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:45 +0100
-Subject: x86/speculation: Add command line control for indirect branch
- speculation
-
-commit fa1202ef224391b6f5b26cdd44cc50495e8fab54 upstream.
-
-Add command line control for user space indirect branch speculation
-mitigations. The new option is: spectre_v2_user=
-
-The initial options are:
-
- - on: Unconditionally enabled
- - off: Unconditionally disabled
- -auto: Kernel selects mitigation (default off for now)
-
-When the spectre_v2= command line argument is either 'on' or 'off' this
-implies that the application to application control follows that state even
-if a contradicting spectre_v2_user= argument is supplied.
-
-Originally-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.082720373@linutronix.de
-[bwh: Backported to 3.16:
- - Don't use __ro_after_init or cpu_smt_control
- - Adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -3176,9 +3176,13 @@ bytes respectively. Such letter suffixes
-
- spectre_v2= [X86] Control mitigation of Spectre variant 2
- (indirect branch speculation) vulnerability.
-+ The default operation protects the kernel from
-+ user space attacks.
-
-- on - unconditionally enable
-- off - unconditionally disable
-+ on - unconditionally enable, implies
-+ spectre_v2_user=on
-+ off - unconditionally disable, implies
-+ spectre_v2_user=off
- auto - kernel detects whether your CPU model is
- vulnerable
-
-@@ -3188,6 +3192,12 @@ bytes respectively. Such letter suffixes
- CONFIG_RETPOLINE configuration option, and the
- compiler with which the kernel was built.
-
-+ Selecting 'on' will also enable the mitigation
-+ against user space to user space task attacks.
-+
-+ Selecting 'off' will disable both the kernel and
-+ the user space protections.
-+
- Specific mitigations can also be selected manually:
-
- retpoline - replace indirect branches
-@@ -3197,6 +3207,24 @@ bytes respectively. Such letter suffixes
- Not specifying this option is equivalent to
- spectre_v2=auto.
-
-+ spectre_v2_user=
-+ [X86] Control mitigation of Spectre variant 2
-+ (indirect branch speculation) vulnerability between
-+ user space tasks
-+
-+ on - Unconditionally enable mitigations. Is
-+ enforced by spectre_v2=on
-+
-+ off - Unconditionally disable mitigations. Is
-+ enforced by spectre_v2=off
-+
-+ auto - Kernel selects the mitigation depending on
-+ the available CPU features and vulnerability.
-+ Default is off.
-+
-+ Not specifying this option is equivalent to
-+ spectre_v2_user=auto.
-+
- spec_store_bypass_disable=
- [HW] Control Speculative Store Bypass (SSB) Disable mitigation
- (Speculative Store Bypass vulnerability)
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -3,6 +3,8 @@
- #ifndef _ASM_X86_NOSPEC_BRANCH_H_
- #define _ASM_X86_NOSPEC_BRANCH_H_
-
-+#include <linux/static_key.h>
-+
- #include <asm/alternative.h>
- #include <asm/alternative-asm.h>
- #include <asm/cpufeatures.h>
-@@ -172,6 +174,12 @@ enum spectre_v2_mitigation {
- SPECTRE_V2_IBRS_ENHANCED,
- };
-
-+/* The indirect branch speculation control variants */
-+enum spectre_v2_user_mitigation {
-+ SPECTRE_V2_USER_NONE,
-+ SPECTRE_V2_USER_STRICT,
-+};
-+
- /* The Speculative Store Bypass disable variants */
- enum ssb_mitigation {
- SPEC_STORE_BYPASS_NONE,
-@@ -248,5 +256,7 @@ do { \
- preempt_enable(); \
- } while (0)
-
-+DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp);
-+
- #endif /* __ASSEMBLY__ */
- #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -51,6 +51,9 @@ static u64 x86_spec_ctrl_mask = SPEC_CTR
- u64 x86_amd_ls_cfg_base;
- u64 x86_amd_ls_cfg_ssbd_mask;
-
-+/* Control conditional STIPB in switch_to() */
-+DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp);
-+
- #ifdef CONFIG_X86_32
-
- static double __initdata x = 4195835.0;
-@@ -252,6 +255,8 @@ static void x86_amd_ssb_disable(void)
-
- static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
-
-+static enum spectre_v2_user_mitigation spectre_v2_user = SPECTRE_V2_USER_NONE;
-+
- #ifdef RETPOLINE
- static bool spectre_v2_bad_module;
-
-@@ -290,6 +295,103 @@ enum spectre_v2_mitigation_cmd {
- SPECTRE_V2_CMD_RETPOLINE_AMD,
- };
-
-+enum spectre_v2_user_cmd {
-+ SPECTRE_V2_USER_CMD_NONE,
-+ SPECTRE_V2_USER_CMD_AUTO,
-+ SPECTRE_V2_USER_CMD_FORCE,
-+};
-+
-+static const char * const spectre_v2_user_strings[] = {
-+ [SPECTRE_V2_USER_NONE] = "User space: Vulnerable",
-+ [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection",
-+};
-+
-+static const struct {
-+ const char *option;
-+ enum spectre_v2_user_cmd cmd;
-+ bool secure;
-+} v2_user_options[] __initdata = {
-+ { "auto", SPECTRE_V2_USER_CMD_AUTO, false },
-+ { "off", SPECTRE_V2_USER_CMD_NONE, false },
-+ { "on", SPECTRE_V2_USER_CMD_FORCE, true },
-+};
-+
-+static void __init spec_v2_user_print_cond(const char *reason, bool secure)
-+{
-+ if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
-+ pr_info("spectre_v2_user=%s forced on command line.\n", reason);
-+}
-+
-+static enum spectre_v2_user_cmd __init
-+spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd)
-+{
-+ char arg[20];
-+ int ret, i;
-+
-+ switch (v2_cmd) {
-+ case SPECTRE_V2_CMD_NONE:
-+ return SPECTRE_V2_USER_CMD_NONE;
-+ case SPECTRE_V2_CMD_FORCE:
-+ return SPECTRE_V2_USER_CMD_FORCE;
-+ default:
-+ break;
-+ }
-+
-+ ret = cmdline_find_option(boot_command_line, "spectre_v2_user",
-+ arg, sizeof(arg));
-+ if (ret < 0)
-+ return SPECTRE_V2_USER_CMD_AUTO;
-+
-+ for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {
-+ if (match_option(arg, ret, v2_user_options[i].option)) {
-+ spec_v2_user_print_cond(v2_user_options[i].option,
-+ v2_user_options[i].secure);
-+ return v2_user_options[i].cmd;
-+ }
-+ }
-+
-+ pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg);
-+ return SPECTRE_V2_USER_CMD_AUTO;
-+}
-+
-+static void __init
-+spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
-+{
-+ enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE;
-+ bool smt_possible = IS_ENABLED(CONFIG_SMP);
-+
-+ if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP))
-+ return;
-+
-+ if (!IS_ENABLED(CONFIG_X86_HT))
-+ smt_possible = false;
-+
-+ switch (spectre_v2_parse_user_cmdline(v2_cmd)) {
-+ case SPECTRE_V2_USER_CMD_AUTO:
-+ case SPECTRE_V2_USER_CMD_NONE:
-+ goto set_mode;
-+ case SPECTRE_V2_USER_CMD_FORCE:
-+ mode = SPECTRE_V2_USER_STRICT;
-+ break;
-+ }
-+
-+ /* Initialize Indirect Branch Prediction Barrier */
-+ if (boot_cpu_has(X86_FEATURE_IBPB)) {
-+ setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
-+ pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n");
-+ }
-+
-+ /* If enhanced IBRS is enabled no STIPB required */
-+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-+ return;
-+
-+set_mode:
-+ spectre_v2_user = mode;
-+ /* Only print the STIBP mode when SMT possible */
-+ if (smt_possible)
-+ pr_info("%s\n", spectre_v2_user_strings[mode]);
-+}
-+
- static const char * const spectre_v2_strings[] = {
- [SPECTRE_V2_NONE] = "Vulnerable",
- [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline",
-@@ -445,12 +547,6 @@ specv2_set_mode:
- setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
- pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
-
-- /* Initialize Indirect Branch Prediction Barrier if supported */
-- if (boot_cpu_has(X86_FEATURE_IBPB)) {
-- setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
-- pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n");
-- }
--
- /*
- * Retpoline means the kernel is safe because it has no indirect
- * branches. Enhanced IBRS protects firmware too, so, enable restricted
-@@ -467,23 +563,21 @@ specv2_set_mode:
- pr_info("Enabling Restricted Speculation for firmware calls\n");
- }
-
-+ /* Set up IBPB and STIBP depending on the general spectre V2 command */
-+ spectre_v2_user_select_mitigation(cmd);
-+
- /* Enable STIBP if appropriate */
- arch_smt_update();
- }
-
- static bool stibp_needed(void)
- {
-- if (spectre_v2_enabled == SPECTRE_V2_NONE)
-- return false;
--
- /* Enhanced IBRS makes using STIBP unnecessary. */
- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
- return false;
-
-- if (!boot_cpu_has(X86_FEATURE_STIBP))
-- return false;
--
-- return true;
-+ /* Check for strict user mitigation mode */
-+ return spectre_v2_user == SPECTRE_V2_USER_STRICT;
- }
-
- static void update_stibp_msr(void *info)
-@@ -820,10 +914,13 @@ static char *stibp_state(void)
- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
- return "";
-
-- if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
-- return ", STIBP";
-- else
-- return "";
-+ switch (spectre_v2_user) {
-+ case SPECTRE_V2_USER_NONE:
-+ return ", STIBP: disabled";
-+ case SPECTRE_V2_USER_STRICT:
-+ return ", STIBP: forced";
-+ }
-+ return "";
- }
-
- static char *ibpb_state(void)
diff --git a/queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch b/queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch
deleted file mode 100644
index a5936bb0..00000000
--- a/queue-3.16/x86-speculation-add-prctl-control-for-indirect-branch-speculation.patch
+++ /dev/null
@@ -1,241 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:53 +0100
-Subject: x86/speculation: Add prctl() control for indirect branch speculation
-
-commit 9137bb27e60e554dab694eafa4cca241fa3a694f upstream.
-
-Add the PR_SPEC_INDIRECT_BRANCH option for the PR_GET_SPECULATION_CTRL and
-PR_SET_SPECULATION_CTRL prctls to allow fine grained per task control of
-indirect branch speculation via STIBP and IBPB.
-
-Invocations:
- Check indirect branch speculation status with
- - prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0);
-
- Enable indirect branch speculation with
- - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
-
- Disable indirect branch speculation with
- - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
-
- Force disable indirect branch speculation with
- - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
-
-See Documentation/userspace-api/spec_ctrl.rst.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.866780996@linutronix.de
-[bwh: Backported to 3.16:
- - Drop changes in tools/include/uapi/linux/prctl.h
- - Adjust filename, context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/spec_ctrl.rst
-+++ b/Documentation/spec_ctrl.rst
-@@ -92,3 +92,12 @@ Speculation misfeature controls
- * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
- * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
- * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
-+
-+- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes
-+ (Mitigate Spectre V2 style attacks against user processes)
-+
-+ Invocations:
-+ * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0);
-+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
-+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
-+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -178,6 +178,7 @@ enum spectre_v2_mitigation {
- enum spectre_v2_user_mitigation {
- SPECTRE_V2_USER_NONE,
- SPECTRE_V2_USER_STRICT,
-+ SPECTRE_V2_USER_PRCTL,
- };
-
- /* The Speculative Store Bypass disable variants */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -624,6 +624,8 @@ void arch_smt_update(void)
- case SPECTRE_V2_USER_STRICT:
- update_stibp_strict();
- break;
-+ case SPECTRE_V2_USER_PRCTL:
-+ break;
- }
-
- mutex_unlock(&spec_ctrl_mutex);
-@@ -810,12 +812,50 @@ static int ssb_prctl_set(struct task_str
- return 0;
- }
-
-+static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
-+{
-+ switch (ctrl) {
-+ case PR_SPEC_ENABLE:
-+ if (spectre_v2_user == SPECTRE_V2_USER_NONE)
-+ return 0;
-+ /*
-+ * Indirect branch speculation is always disabled in strict
-+ * mode.
-+ */
-+ if (spectre_v2_user == SPECTRE_V2_USER_STRICT)
-+ return -EPERM;
-+ task_clear_spec_ib_disable(task);
-+ task_update_spec_tif(task);
-+ break;
-+ case PR_SPEC_DISABLE:
-+ case PR_SPEC_FORCE_DISABLE:
-+ /*
-+ * Indirect branch speculation is always allowed when
-+ * mitigation is force disabled.
-+ */
-+ if (spectre_v2_user == SPECTRE_V2_USER_NONE)
-+ return -EPERM;
-+ if (spectre_v2_user == SPECTRE_V2_USER_STRICT)
-+ return 0;
-+ task_set_spec_ib_disable(task);
-+ if (ctrl == PR_SPEC_FORCE_DISABLE)
-+ task_set_spec_ib_force_disable(task);
-+ task_update_spec_tif(task);
-+ break;
-+ default:
-+ return -ERANGE;
-+ }
-+ return 0;
-+}
-+
- int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
- unsigned long ctrl)
- {
- switch (which) {
- case PR_SPEC_STORE_BYPASS:
- return ssb_prctl_set(task, ctrl);
-+ case PR_SPEC_INDIRECT_BRANCH:
-+ return ib_prctl_set(task, ctrl);
- default:
- return -ENODEV;
- }
-@@ -848,11 +888,34 @@ static int ssb_prctl_get(struct task_str
- }
- }
-
-+static int ib_prctl_get(struct task_struct *task)
-+{
-+ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
-+ return PR_SPEC_NOT_AFFECTED;
-+
-+ switch (spectre_v2_user) {
-+ case SPECTRE_V2_USER_NONE:
-+ return PR_SPEC_ENABLE;
-+ case SPECTRE_V2_USER_PRCTL:
-+ if (task_spec_ib_force_disable(task))
-+ return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
-+ if (task_spec_ib_disable(task))
-+ return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
-+ return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
-+ case SPECTRE_V2_USER_STRICT:
-+ return PR_SPEC_DISABLE;
-+ default:
-+ return PR_SPEC_NOT_AFFECTED;
-+ }
-+}
-+
- int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
- {
- switch (which) {
- case PR_SPEC_STORE_BYPASS:
- return ssb_prctl_get(task);
-+ case PR_SPEC_INDIRECT_BRANCH:
-+ return ib_prctl_get(task);
- default:
- return -ENODEV;
- }
-@@ -948,6 +1011,8 @@ static char *stibp_state(void)
- return ", STIBP: disabled";
- case SPECTRE_V2_USER_STRICT:
- return ", STIBP: forced";
-+ case SPECTRE_V2_USER_PRCTL:
-+ return "";
- }
- return "";
- }
-@@ -960,6 +1025,8 @@ static char *ibpb_state(void)
- return ", IBPB: disabled";
- case SPECTRE_V2_USER_STRICT:
- return ", IBPB: always-on";
-+ case SPECTRE_V2_USER_PRCTL:
-+ return "";
- }
- }
- return "";
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -390,6 +390,11 @@ static unsigned long speculation_ctrl_up
- set_tsk_thread_flag(tsk, TIF_SSBD);
- else
- clear_tsk_thread_flag(tsk, TIF_SSBD);
-+
-+ if (task_spec_ib_disable(tsk))
-+ set_tsk_thread_flag(tsk, TIF_SPEC_IB);
-+ else
-+ clear_tsk_thread_flag(tsk, TIF_SPEC_IB);
- }
- /* Return the updated threadinfo flags*/
- return task_thread_info(tsk)->flags;
---- a/include/linux/sched.h
-+++ b/include/linux/sched.h
-@@ -1975,6 +1975,8 @@ static inline void memalloc_noio_restore
- #define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */
- #define PFA_SPEC_SSB_DISABLE 3 /* Speculative Store Bypass disabled */
- #define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/
-+#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */
-+#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */
-
- #define TASK_PFA_TEST(name, func) \
- static inline bool task_##func(struct task_struct *p) \
-@@ -2004,6 +2006,13 @@ TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ss
- TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
- TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
-
-+TASK_PFA_TEST(SPEC_IB_DISABLE, spec_ib_disable)
-+TASK_PFA_SET(SPEC_IB_DISABLE, spec_ib_disable)
-+TASK_PFA_CLEAR(SPEC_IB_DISABLE, spec_ib_disable)
-+
-+TASK_PFA_TEST(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable)
-+TASK_PFA_SET(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable)
-+
- /*
- * task->jobctl flags
- */
---- a/include/uapi/linux/prctl.h
-+++ b/include/uapi/linux/prctl.h
-@@ -157,6 +157,7 @@
- #define PR_SET_SPECULATION_CTRL 53
- /* Speculation control variants */
- # define PR_SPEC_STORE_BYPASS 0
-+# define PR_SPEC_INDIRECT_BRANCH 1
- /* Return and control values for PR_SET/GET_SPECULATION_CTRL */
- # define PR_SPEC_NOT_AFFECTED 0
- # define PR_SPEC_PRCTL (1UL << 0)
diff --git a/queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch b/queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch
deleted file mode 100644
index ab27a3f3..00000000
--- a/queue-3.16/x86-speculation-add-seccomp-spectre-v2-user-space-protection-mode.patch
+++ /dev/null
@@ -1,181 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:55 +0100
-Subject: x86/speculation: Add seccomp Spectre v2 user space protection mode
-
-commit 6b3e64c237c072797a9ec918654a60e3a46488e2 upstream.
-
-If 'prctl' mode of user space protection from spectre v2 is selected
-on the kernel command-line, STIBP and IBPB are applied on tasks which
-restrict their indirect branch speculation via prctl.
-
-SECCOMP enables the SSBD mitigation for sandboxed tasks already, so it
-makes sense to prevent spectre v2 user space to user space attacks as
-well.
-
-The Intel mitigation guide documents how STIPB works:
-
- Setting bit 1 (STIBP) of the IA32_SPEC_CTRL MSR on a logical processor
- prevents the predicted targets of indirect branches on any logical
- processor of that core from being controlled by software that executes
- (or executed previously) on another logical processor of the same core.
-
-Ergo setting STIBP protects the task itself from being attacked from a task
-running on a different hyper-thread and protects the tasks running on
-different hyper-threads from being attacked.
-
-While the document suggests that the branch predictors are shielded between
-the logical processors, the observed performance regressions suggest that
-STIBP simply disables the branch predictor more or less completely. Of
-course the document wording is vague, but the fact that there is also no
-requirement for issuing IBPB when STIBP is used points clearly in that
-direction. The kernel still issues IBPB even when STIBP is used until Intel
-clarifies the whole mechanism.
-
-IBPB is issued when the task switches out, so malicious sandbox code cannot
-mistrain the branch predictor for the next user space task on the same
-logical processor.
-
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185006.051663132@linutronix.de
-[bwh: Backported to 3.16: adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/kernel-parameters.txt | 9 ++++++++-
- arch/x86/include/asm/nospec-branch.h | 1 +
- arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++-
- 3 files changed, 25 insertions(+), 2 deletions(-)
-
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -3223,9 +3223,16 @@ bytes respectively. Such letter suffixes
- per thread. The mitigation control state
- is inherited on fork.
-
-+ seccomp
-+ - Same as "prctl" above, but all seccomp
-+ threads will enable the mitigation unless
-+ they explicitly opt out.
-+
- auto - Kernel selects the mitigation depending on
- the available CPU features and vulnerability.
-- Default is prctl.
-+
-+ Default mitigation:
-+ If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl"
-
- Not specifying this option is equivalent to
- spectre_v2_user=auto.
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -179,6 +179,7 @@ enum spectre_v2_user_mitigation {
- SPECTRE_V2_USER_NONE,
- SPECTRE_V2_USER_STRICT,
- SPECTRE_V2_USER_PRCTL,
-+ SPECTRE_V2_USER_SECCOMP,
- };
-
- /* The Speculative Store Bypass disable variants */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -308,12 +308,14 @@ enum spectre_v2_user_cmd {
- SPECTRE_V2_USER_CMD_AUTO,
- SPECTRE_V2_USER_CMD_FORCE,
- SPECTRE_V2_USER_CMD_PRCTL,
-+ SPECTRE_V2_USER_CMD_SECCOMP,
- };
-
- static const char * const spectre_v2_user_strings[] = {
- [SPECTRE_V2_USER_NONE] = "User space: Vulnerable",
- [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection",
- [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl",
-+ [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl",
- };
-
- static const struct {
-@@ -325,6 +327,7 @@ static const struct {
- { "off", SPECTRE_V2_USER_CMD_NONE, false },
- { "on", SPECTRE_V2_USER_CMD_FORCE, true },
- { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false },
-+ { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false },
- };
-
- static void __init spec_v2_user_print_cond(const char *reason, bool secure)
-@@ -383,10 +386,16 @@ spectre_v2_user_select_mitigation(enum s
- case SPECTRE_V2_USER_CMD_FORCE:
- mode = SPECTRE_V2_USER_STRICT;
- break;
-- case SPECTRE_V2_USER_CMD_AUTO:
- case SPECTRE_V2_USER_CMD_PRCTL:
- mode = SPECTRE_V2_USER_PRCTL;
- break;
-+ case SPECTRE_V2_USER_CMD_AUTO:
-+ case SPECTRE_V2_USER_CMD_SECCOMP:
-+ if (IS_ENABLED(CONFIG_SECCOMP))
-+ mode = SPECTRE_V2_USER_SECCOMP;
-+ else
-+ mode = SPECTRE_V2_USER_PRCTL;
-+ break;
- }
-
- /* Initialize Indirect Branch Prediction Barrier */
-@@ -398,6 +407,7 @@ spectre_v2_user_select_mitigation(enum s
- static_branch_enable(&switch_mm_always_ibpb);
- break;
- case SPECTRE_V2_USER_PRCTL:
-+ case SPECTRE_V2_USER_SECCOMP:
- static_branch_enable(&switch_mm_cond_ibpb);
- break;
- default:
-@@ -649,6 +659,7 @@ void arch_smt_update(void)
- update_stibp_strict();
- break;
- case SPECTRE_V2_USER_PRCTL:
-+ case SPECTRE_V2_USER_SECCOMP:
- update_indir_branch_cond();
- break;
- }
-@@ -891,6 +902,8 @@ void arch_seccomp_spec_mitigate(struct t
- {
- if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
- ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
-+ if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP)
-+ ib_prctl_set(task, PR_SPEC_FORCE_DISABLE);
- }
- #endif
-
-@@ -922,6 +935,7 @@ static int ib_prctl_get(struct task_stru
- case SPECTRE_V2_USER_NONE:
- return PR_SPEC_ENABLE;
- case SPECTRE_V2_USER_PRCTL:
-+ case SPECTRE_V2_USER_SECCOMP:
- if (task_spec_ib_force_disable(task))
- return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
- if (task_spec_ib_disable(task))
-@@ -1037,6 +1051,7 @@ static char *stibp_state(void)
- case SPECTRE_V2_USER_STRICT:
- return ", STIBP: forced";
- case SPECTRE_V2_USER_PRCTL:
-+ case SPECTRE_V2_USER_SECCOMP:
- if (static_key_enabled(&switch_to_cond_stibp))
- return ", STIBP: conditional";
- }
diff --git a/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch b/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch
deleted file mode 100644
index b78aef04..00000000
--- a/queue-3.16/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From: Jiri Kosina <jkosina@suse.cz>
-Date: Tue, 25 Sep 2018 14:38:18 +0200
-Subject: x86/speculation: Apply IBPB more strictly to avoid cross-process data
- leak
-
-commit dbfe2953f63c640463c630746cd5d9de8b2f63ae upstream.
-
-Currently, IBPB is only issued in cases when switching into a non-dumpable
-process, the rationale being to protect such 'important and security
-sensitive' processess (such as GPG) from data leaking into a different
-userspace process via spectre v2.
-
-This is however completely insufficient to provide proper userspace-to-userpace
-spectrev2 protection, as any process can poison branch buffers before being
-scheduled out, and the newly scheduled process immediately becomes spectrev2
-victim.
-
-In order to minimize the performance impact (for usecases that do require
-spectrev2 protection), issue the barrier only in cases when switching between
-processess where the victim can't be ptraced by the potential attacker (as in
-such cases, the attacker doesn't have to bother with branch buffers at all).
-
-[ tglx: Split up PTRACE_MODE_NOACCESS_CHK into PTRACE_MODE_SCHED and
- PTRACE_MODE_IBPB to be able to do ptrace() context tracking reasonably
- fine-grained ]
-
-Fixes: 18bf3c3ea8 ("x86/speculation: Use Indirect Branch Prediction Barrier in context switch")
-Originally-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: "WoodhouseDavid" <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: "SchauflerCasey" <casey.schaufler@intel.com>
-Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251437340.15880@cbobk.fhfr.pm
-[bwh: Backported to 3.16: we still can't use ctx_id to optimise the check]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -7,6 +7,7 @@
- #include <linux/module.h>
- #include <linux/cpu.h>
- #include <linux/debugfs.h>
-+#include <linux/ptrace.h>
-
- #include <asm/tlbflush.h>
- #include <asm/mmu_context.h>
-@@ -95,6 +96,19 @@ void switch_mm(struct mm_struct *prev, s
- local_irq_restore(flags);
- }
-
-+static bool ibpb_needed(struct task_struct *tsk)
-+{
-+ /*
-+ * Check if the current (previous) task has access to the memory
-+ * of the @tsk (next) task. If access is denied, make sure to
-+ * issue a IBPB to stop user->user Spectre-v2 attacks.
-+ *
-+ * Note: __ptrace_may_access() returns 0 or -ERRNO.
-+ */
-+ return (tsk && tsk->mm &&
-+ ptrace_may_access_sched(tsk, PTRACE_MODE_SPEC_IBPB));
-+}
-+
- void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
- struct task_struct *tsk)
- {
-@@ -107,16 +121,12 @@ void switch_mm_irqs_off(struct mm_struct
- * one process from doing Spectre-v2 attacks on another.
- *
- * As an optimization, flush indirect branches only when
-- * switching into processes that disable dumping. This
-- * protects high value processes like gpg, without having
-- * too high performance overhead. IBPB is *expensive*!
-- *
-- * This will not flush branches when switching into kernel
-- * threads. It will flush if we switch to a different non-
-- * dumpable process.
-+ * switching into a processes that can't be ptrace by the
-+ * current one (as in such case, attacker has much more
-+ * convenient way how to tamper with the next process than
-+ * branch buffer poisoning).
- */
-- if (tsk && tsk->mm &&
-- get_dumpable(tsk->mm) != SUID_DUMP_USER)
-+ if (static_cpu_has(X86_FEATURE_USE_IBPB) && ibpb_needed(tsk))
- indirect_branch_prediction_barrier();
-
- this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
---- a/include/linux/ptrace.h
-+++ b/include/linux/ptrace.h
-@@ -59,14 +59,17 @@ extern void exit_ptrace(struct task_stru
- #define PTRACE_MODE_READ 0x01
- #define PTRACE_MODE_ATTACH 0x02
- #define PTRACE_MODE_NOAUDIT 0x04
--#define PTRACE_MODE_FSCREDS 0x08
--#define PTRACE_MODE_REALCREDS 0x10
-+#define PTRACE_MODE_FSCREDS 0x08
-+#define PTRACE_MODE_REALCREDS 0x10
-+#define PTRACE_MODE_SCHED 0x20
-+#define PTRACE_MODE_IBPB 0x40
-
- /* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */
- #define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS)
- #define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS)
- #define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS)
- #define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS)
-+#define PTRACE_MODE_SPEC_IBPB (PTRACE_MODE_ATTACH_REALCREDS | PTRACE_MODE_IBPB)
-
- /**
- * ptrace_may_access - check whether the caller is permitted to access
-@@ -84,6 +87,20 @@ extern void exit_ptrace(struct task_stru
- */
- extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
-
-+/**
-+ * ptrace_may_access - check whether the caller is permitted to access
-+ * a target task.
-+ * @task: target task
-+ * @mode: selects type of access and caller credentials
-+ *
-+ * Returns true on success, false on denial.
-+ *
-+ * Similar to ptrace_may_access(). Only to be called from context switch
-+ * code. Does not call into audit and the regular LSM hooks due to locking
-+ * constraints.
-+ */
-+extern bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode);
-+
- static inline int ptrace_reparented(struct task_struct *child)
- {
- return !same_thread_group(child->real_parent, child->parent);
---- a/kernel/ptrace.c
-+++ b/kernel/ptrace.c
-@@ -262,6 +262,9 @@ static int ptrace_check_attach(struct ta
-
- static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
- {
-+ if (mode & PTRACE_MODE_SCHED)
-+ return false;
-+
- if (mode & PTRACE_MODE_NOAUDIT)
- return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
- else
-@@ -329,9 +332,16 @@ ok:
- !ptrace_has_cap(mm->user_ns, mode)))
- return -EPERM;
-
-+ if (mode & PTRACE_MODE_SCHED)
-+ return 0;
- return security_ptrace_access_check(task, mode);
- }
-
-+bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode)
-+{
-+ return __ptrace_may_access(task, mode | PTRACE_MODE_SCHED);
-+}
-+
- bool ptrace_may_access(struct task_struct *task, unsigned int mode)
- {
- int err;
diff --git a/queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch b/queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch
deleted file mode 100644
index 3c7b6560..00000000
--- a/queue-3.16/x86-speculation-avoid-__switch_to_xtra-calls.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:48 +0100
-Subject: x86/speculation: Avoid __switch_to_xtra() calls
-
-commit 5635d99953f04b550738f6f4c1c532667c3fd872 upstream.
-
-The TIF_SPEC_IB bit does not need to be evaluated in the decision to invoke
-__switch_to_xtra() when:
-
- - CONFIG_SMP is disabled
-
- - The conditional STIPB mode is disabled
-
-The TIF_SPEC_IB bit still controls IBPB in both cases so the TIF work mask
-checks might invoke __switch_to_xtra() for nothing if TIF_SPEC_IB is the
-only set bit in the work masks.
-
-Optimize it out by masking the bit at compile time for CONFIG_SMP=n and at
-run time when the static key controlling the conditional STIBP mode is
-disabled.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.374062201@linutronix.de
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/thread_info.h | 13 +++++++++++--
- arch/x86/kernel/process.h | 15 +++++++++++++++
- 2 files changed, 26 insertions(+), 2 deletions(-)
-
---- a/arch/x86/include/asm/thread_info.h
-+++ b/arch/x86/include/asm/thread_info.h
-@@ -149,9 +149,18 @@ struct thread_info {
- _TIF_USER_RETURN_NOTIFY | _TIF_UPROBE)
-
- /* flags to check in __switch_to() */
--#define _TIF_WORK_CTXSW \
-+#define _TIF_WORK_CTXSW_BASE \
- (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP| \
-- _TIF_SSBD|_TIF_SPEC_IB)
-+ _TIF_SSBD)
-+
-+/*
-+ * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated.
-+ */
-+#ifdef CONFIG_SMP
-+# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE | _TIF_SPEC_IB)
-+#else
-+# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE)
-+#endif
-
- #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
- #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW)
---- a/arch/x86/kernel/process.h
-+++ b/arch/x86/kernel/process.h
-@@ -2,6 +2,8 @@
- //
- // Code shared between 32 and 64 bit
-
-+#include <asm/spec-ctrl.h>
-+
- void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p);
-
- /*
-@@ -14,6 +16,19 @@ static inline void switch_to_extra(struc
- unsigned long next_tif = task_thread_info(next)->flags;
- unsigned long prev_tif = task_thread_info(prev)->flags;
-
-+ if (IS_ENABLED(CONFIG_SMP)) {
-+ /*
-+ * Avoid __switch_to_xtra() invocation when conditional
-+ * STIPB is disabled and the only different bit is
-+ * TIF_SPEC_IB. For CONFIG_SMP=n TIF_SPEC_IB is not
-+ * in the TIF_WORK_CTXSW masks.
-+ */
-+ if (!static_branch_likely(&switch_to_cond_stibp)) {
-+ prev_tif &= ~_TIF_SPEC_IB;
-+ next_tif &= ~_TIF_SPEC_IB;
-+ }
-+ }
-+
- /*
- * __switch_to_xtra() handles debug registers, i/o bitmaps,
- * speculation mitigations etc.
diff --git a/queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch b/queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch
deleted file mode 100644
index f39531e3..00000000
--- a/queue-3.16/x86-speculation-clean-up-spectre_v2_parse_cmdline.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:30 +0100
-Subject: x86/speculation: Clean up spectre_v2_parse_cmdline()
-
-commit 24848509aa55eac39d524b587b051f4e86df3c12 upstream.
-
-Remove the unnecessary 'else' statement in spectre_v2_parse_cmdline()
-to save an indentation level.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185003.688010903@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 27 +++++++++++++--------------
- 1 file changed, 13 insertions(+), 14 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -336,22 +336,21 @@ static enum spectre_v2_mitigation_cmd __
-
- if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
- return SPECTRE_V2_CMD_NONE;
-- else {
-- ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
-- if (ret < 0)
-- return SPECTRE_V2_CMD_AUTO;
-
-- for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
-- if (!match_option(arg, ret, mitigation_options[i].option))
-- continue;
-- cmd = mitigation_options[i].cmd;
-- break;
-- }
-+ ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
-+ if (ret < 0)
-+ return SPECTRE_V2_CMD_AUTO;
-
-- if (i >= ARRAY_SIZE(mitigation_options)) {
-- pr_err("unknown option (%s). Switching to AUTO select\n", arg);
-- return SPECTRE_V2_CMD_AUTO;
-- }
-+ for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
-+ if (!match_option(arg, ret, mitigation_options[i].option))
-+ continue;
-+ cmd = mitigation_options[i].cmd;
-+ break;
-+ }
-+
-+ if (i >= ARRAY_SIZE(mitigation_options)) {
-+ pr_err("unknown option (%s). Switching to AUTO select\n", arg);
-+ return SPECTRE_V2_CMD_AUTO;
- }
-
- if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
diff --git a/queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch b/queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch
deleted file mode 100644
index 00a4a73c..00000000
--- a/queue-3.16/x86-speculation-consolidate-cpu-whitelists.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 27 Feb 2019 10:10:23 +0100
-Subject: x86/speculation: Consolidate CPU whitelists
-
-commit 36ad35131adacc29b328b9c8b6277a8bf0d6fd5d upstream.
-
-The CPU vulnerability whitelists have some overlap and there are more
-whitelists coming along.
-
-Use the driver_data field in the x86_cpu_id struct to denote the
-whitelisted vulnerabilities and combine all whitelists into one.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/common.c | 105 +++++++++++++++++++----------------
- 1 file changed, 56 insertions(+), 49 deletions(-)
-
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -807,60 +807,68 @@ static void identify_cpu_without_cpuid(s
- #endif
- }
-
--static const __initconst struct x86_cpu_id cpu_no_speculation[] = {
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_TABLET, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL_MID, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_MID, X86_FEATURE_ANY },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL, X86_FEATURE_ANY },
-- { X86_VENDOR_CENTAUR, 5 },
-- { X86_VENDOR_INTEL, 5 },
-- { X86_VENDOR_NSC, 5 },
-- { X86_VENDOR_ANY, 4 },
-- {}
--};
-+#define NO_SPECULATION BIT(0)
-+#define NO_MELTDOWN BIT(1)
-+#define NO_SSB BIT(2)
-+#define NO_L1TF BIT(3)
-+
-+#define VULNWL(_vendor, _family, _model, _whitelist) \
-+ { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
-+
-+#define VULNWL_INTEL(model, whitelist) \
-+ VULNWL(INTEL, 6, INTEL_FAM6_##model, whitelist)
-+
-+#define VULNWL_AMD(family, whitelist) \
-+ VULNWL(AMD, family, X86_MODEL_ANY, whitelist)
-+
-+static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
-+ VULNWL(ANY, 4, X86_MODEL_ANY, NO_SPECULATION),
-+ VULNWL(CENTAUR, 5, X86_MODEL_ANY, NO_SPECULATION),
-+ VULNWL(INTEL, 5, X86_MODEL_ANY, NO_SPECULATION),
-+ VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION),
-+
-+ VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION),
-+ VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION),
-+ VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION),
-+ VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION),
-+ VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION),
-+
-+ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF),
-+ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF),
-+ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF),
-+ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF),
-+ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF),
-+ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF),
-+
-+ VULNWL_INTEL(CORE_YONAH, NO_SSB),
-+
-+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF),
-+ VULNWL_INTEL(ATOM_GOLDMONT, NO_L1TF),
-+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_L1TF),
-+ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_L1TF),
-+
-+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF),
-+ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF),
-+ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF),
-+ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF),
-
--static const __initconst struct x86_cpu_id cpu_no_meltdown[] = {
-- { X86_VENDOR_AMD },
-+ /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
-+ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF),
- {}
- };
-
--/* Only list CPUs which speculate but are non susceptible to SSB */
--static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
-- { X86_VENDOR_AMD, 0x12, },
-- { X86_VENDOR_AMD, 0x11, },
-- { X86_VENDOR_AMD, 0x10, },
-- { X86_VENDOR_AMD, 0xf, },
-- {}
--};
-+static bool __init cpu_matches(unsigned long which)
-+{
-+ const struct x86_cpu_id *m = x86_match_cpu(cpu_vuln_whitelist);
-
--static const __initconst struct x86_cpu_id cpu_no_l1tf[] = {
-- /* in addition to cpu_no_speculation */
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT_MID },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_X },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_PLUS },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
-- {}
--};
-+ return m && !!(m->driver_data & which);
-+}
-
- static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
- {
- u64 ia32_cap = 0;
-
-- if (x86_match_cpu(cpu_no_speculation))
-+ if (cpu_matches(NO_SPECULATION))
- return;
-
- setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
-@@ -869,15 +877,14 @@ static void __init cpu_set_bug_bits(stru
- if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
- rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
-
-- if (!x86_match_cpu(cpu_no_spec_store_bypass) &&
-- !(ia32_cap & ARCH_CAP_SSB_NO) &&
-+ if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) &&
- !cpu_has(c, X86_FEATURE_AMD_SSB_NO))
- setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
-
- if (ia32_cap & ARCH_CAP_IBRS_ALL)
- setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
-
-- if (x86_match_cpu(cpu_no_meltdown))
-+ if (cpu_matches(NO_MELTDOWN))
- return;
-
- /* Rogue Data Cache Load? No! */
-@@ -886,7 +893,7 @@ static void __init cpu_set_bug_bits(stru
-
- setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
-
-- if (x86_match_cpu(cpu_no_l1tf))
-+ if (cpu_matches(NO_L1TF))
- return;
-
- setup_force_cpu_bug(X86_BUG_L1TF);
diff --git a/queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch b/queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch
deleted file mode 100644
index 01f0f002..00000000
--- a/queue-3.16/x86-speculation-disable-stibp-when-enhanced-ibrs-is-in-use.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:33 +0100
-Subject: x86/speculation: Disable STIBP when enhanced IBRS is in use
-
-commit 34bce7c9690b1d897686aac89604ba7adc365556 upstream.
-
-If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
-user space exploits from hyperthread sibling.
-
-Disable STIBP when enhanced IBRS is used.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185003.966801480@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -380,6 +380,10 @@ static bool stibp_needed(void)
- if (spectre_v2_enabled == SPECTRE_V2_NONE)
- return false;
-
-+ /* Enhanced IBRS makes using STIBP unnecessary. */
-+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-+ return false;
-+
- if (!boot_cpu_has(X86_FEATURE_STIBP))
- return false;
-
-@@ -823,6 +827,9 @@ static void __init l1tf_select_mitigatio
-
- static char *stibp_state(void)
- {
-+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-+ return "";
-+
- if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
- return ", STIBP";
- else
diff --git a/queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch b/queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
deleted file mode 100644
index 1f1fb9a9..00000000
--- a/queue-3.16/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From: Jiri Kosina <jkosina@suse.cz>
-Date: Tue, 25 Sep 2018 14:38:55 +0200
-Subject: x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
-
-commit 53c613fe6349994f023245519265999eed75957f upstream.
-
-STIBP is a feature provided by certain Intel ucodes / CPUs. This feature
-(once enabled) prevents cross-hyperthread control of decisions made by
-indirect branch predictors.
-
-Enable this feature if
-
-- the CPU is vulnerable to spectre v2
-- the CPU supports SMT and has SMT siblings online
-- spectre_v2 mitigation autoselection is enabled (default)
-
-After some previous discussion, this leaves STIBP on all the time, as wrmsr
-on crossing kernel boundary is a no-no. This could perhaps later be a bit
-more optimized (like disabling it in NOHZ, experiment with disabling it in
-idle, etc) if needed.
-
-Note that the synchronization of the mask manipulation via newly added
-spec_ctrl_mutex is currently not strictly needed, as the only updater is
-already being serialized by cpu_add_remove_lock, but let's make this a
-little bit more future-proof.
-
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: "WoodhouseDavid" <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: "SchauflerCasey" <casey.schaufler@intel.com>
-Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251438240.15880@cbobk.fhfr.pm
-[bwh: Backported to 3.16:
- - Don't add any calls to arch_smt_update() yet. They will be introduced by
- "x86/speculation: Rework SMT state change".
- - Use IS_ENABLED(CONFIG_X86_HT) instead of cpu_smt_control for now. This
- will be fixed by "x86/speculation: Rework SMT state change".]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -32,12 +32,10 @@ static void __init spectre_v2_select_mit
- static void __init ssb_select_mitigation(void);
- static void __init l1tf_select_mitigation(void);
-
--/*
-- * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
-- * writes to SPEC_CTRL contain whatever reserved bits have been set.
-- */
-+/* The base value of the SPEC_CTRL MSR that always has to be preserved. */
- u64 x86_spec_ctrl_base;
- EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
-+static DEFINE_MUTEX(spec_ctrl_mutex);
-
- /*
- * The vendor and possibly platform specific bits which can be modified in
-@@ -378,6 +376,46 @@ static enum spectre_v2_mitigation_cmd __
- return cmd;
- }
-
-+static bool stibp_needed(void)
-+{
-+ if (spectre_v2_enabled == SPECTRE_V2_NONE)
-+ return false;
-+
-+ if (!boot_cpu_has(X86_FEATURE_STIBP))
-+ return false;
-+
-+ return true;
-+}
-+
-+static void update_stibp_msr(void *info)
-+{
-+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
-+}
-+
-+void arch_smt_update(void)
-+{
-+ u64 mask;
-+
-+ if (!stibp_needed())
-+ return;
-+
-+ mutex_lock(&spec_ctrl_mutex);
-+ mask = x86_spec_ctrl_base;
-+ if (IS_ENABLED(CONFIG_X86_HT))
-+ mask |= SPEC_CTRL_STIBP;
-+ else
-+ mask &= ~SPEC_CTRL_STIBP;
-+
-+ if (mask != x86_spec_ctrl_base) {
-+ pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
-+ IS_ENABLED(CONFIG_X86_HT) ?
-+ "Enabling" : "Disabling");
-+ x86_spec_ctrl_base = mask;
-+ on_each_cpu(update_stibp_msr, NULL, 1);
-+ }
-+ mutex_unlock(&spec_ctrl_mutex);
-+}
-+
- static void __init spectre_v2_select_mitigation(void)
- {
- enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
-@@ -477,6 +515,9 @@ specv2_set_mode:
- setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW);
- pr_info("Enabling Restricted Speculation for firmware calls\n");
- }
-+
-+ /* Enable STIBP if appropriate */
-+ arch_smt_update();
- }
-
- #undef pr_fmt
-@@ -784,6 +825,8 @@ static void __init l1tf_select_mitigatio
- static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
- char *buf, unsigned int bug)
- {
-+ int ret;
-+
- if (!boot_cpu_has_bug(bug))
- return sprintf(buf, "Not affected\n");
-
-@@ -798,10 +841,12 @@ static ssize_t cpu_show_common(struct de
- return sprintf(buf, "Mitigation: __user pointer sanitization\n");
-
- case X86_BUG_SPECTRE_V2:
-- return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-+ ret = sprintf(buf, "%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
- boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
- boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
-+ (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "",
- spectre_v2_module_string());
-+ return ret;
-
- case X86_BUG_SPEC_STORE_BYPASS:
- return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
diff --git a/queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch b/queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch
deleted file mode 100644
index d33754dd..00000000
--- a/queue-3.16/x86-speculation-enable-prctl-mode-for-spectre_v2_user.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:54 +0100
-Subject: x86/speculation: Enable prctl mode for spectre_v2_user
-
-commit 7cc765a67d8e04ef7d772425ca5a2a1e2b894c15 upstream.
-
-Now that all prerequisites are in place:
-
- - Add the prctl command line option
-
- - Default the 'auto' mode to 'prctl'
-
- - When SMT state changes, update the static key which controls the
- conditional STIBP evaluation on context switch.
-
- - At init update the static key which controls the conditional IBPB
- evaluation on context switch.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.958421388@linutronix.de
-[bwh: Backported to 3.16: adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Docuemntation/kernel-parameters.txt | 7 +++-
- arch/x86/kernel/cpu/bugs.c | 41 +++++++++++++++----
- 2 files changed, 38 insertions(+), 10 deletions(-)
-
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -3218,9 +3218,14 @@ bytes respectively. Such letter suffixes
- off - Unconditionally disable mitigations. Is
- enforced by spectre_v2=off
-
-+ prctl - Indirect branch speculation is enabled,
-+ but mitigation can be enabled via prctl
-+ per thread. The mitigation control state
-+ is inherited on fork.
-+
- auto - Kernel selects the mitigation depending on
- the available CPU features and vulnerability.
-- Default is off.
-+ Default is prctl.
-
- Not specifying this option is equivalent to
- spectre_v2_user=auto.
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -307,11 +307,13 @@ enum spectre_v2_user_cmd {
- SPECTRE_V2_USER_CMD_NONE,
- SPECTRE_V2_USER_CMD_AUTO,
- SPECTRE_V2_USER_CMD_FORCE,
-+ SPECTRE_V2_USER_CMD_PRCTL,
- };
-
- static const char * const spectre_v2_user_strings[] = {
- [SPECTRE_V2_USER_NONE] = "User space: Vulnerable",
- [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection",
-+ [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl",
- };
-
- static const struct {
-@@ -322,6 +324,7 @@ static const struct {
- { "auto", SPECTRE_V2_USER_CMD_AUTO, false },
- { "off", SPECTRE_V2_USER_CMD_NONE, false },
- { "on", SPECTRE_V2_USER_CMD_FORCE, true },
-+ { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false },
- };
-
- static void __init spec_v2_user_print_cond(const char *reason, bool secure)
-@@ -375,12 +378,15 @@ spectre_v2_user_select_mitigation(enum s
- smt_possible = false;
-
- switch (spectre_v2_parse_user_cmdline(v2_cmd)) {
-- case SPECTRE_V2_USER_CMD_AUTO:
- case SPECTRE_V2_USER_CMD_NONE:
- goto set_mode;
- case SPECTRE_V2_USER_CMD_FORCE:
- mode = SPECTRE_V2_USER_STRICT;
- break;
-+ case SPECTRE_V2_USER_CMD_AUTO:
-+ case SPECTRE_V2_USER_CMD_PRCTL:
-+ mode = SPECTRE_V2_USER_PRCTL;
-+ break;
- }
-
- /* Initialize Indirect Branch Prediction Barrier */
-@@ -391,6 +397,9 @@ spectre_v2_user_select_mitigation(enum s
- case SPECTRE_V2_USER_STRICT:
- static_branch_enable(&switch_mm_always_ibpb);
- break;
-+ case SPECTRE_V2_USER_PRCTL:
-+ static_branch_enable(&switch_mm_cond_ibpb);
-+ break;
- default:
- break;
- }
-@@ -403,6 +412,12 @@ spectre_v2_user_select_mitigation(enum s
- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
- return;
-
-+ /*
-+ * If SMT is not possible or STIBP is not available clear the STIPB
-+ * mode.
-+ */
-+ if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP))
-+ mode = SPECTRE_V2_USER_NONE;
- set_mode:
- spectre_v2_user = mode;
- /* Only print the STIBP mode when SMT possible */
-@@ -610,6 +625,15 @@ static void update_stibp_strict(void)
- on_each_cpu(update_stibp_msr, NULL, 1);
- }
-
-+/* Update the static key controlling the evaluation of TIF_SPEC_IB */
-+static void update_indir_branch_cond(void)
-+{
-+ if (sched_smt_active())
-+ static_branch_enable(&switch_to_cond_stibp);
-+ else
-+ static_branch_disable(&switch_to_cond_stibp);
-+}
-+
- void arch_smt_update(void)
- {
- /* Enhanced IBRS implies STIBP. No update required. */
-@@ -625,6 +649,7 @@ void arch_smt_update(void)
- update_stibp_strict();
- break;
- case SPECTRE_V2_USER_PRCTL:
-+ update_indir_branch_cond();
- break;
- }
-
-@@ -1012,7 +1037,8 @@ static char *stibp_state(void)
- case SPECTRE_V2_USER_STRICT:
- return ", STIBP: forced";
- case SPECTRE_V2_USER_PRCTL:
-- return "";
-+ if (static_key_enabled(&switch_to_cond_stibp))
-+ return ", STIBP: conditional";
- }
- return "";
- }
-@@ -1020,14 +1046,11 @@ static char *stibp_state(void)
- static char *ibpb_state(void)
- {
- if (boot_cpu_has(X86_FEATURE_IBPB)) {
-- switch (spectre_v2_user) {
-- case SPECTRE_V2_USER_NONE:
-- return ", IBPB: disabled";
-- case SPECTRE_V2_USER_STRICT:
-+ if (static_key_enabled(&switch_mm_always_ibpb))
- return ", IBPB: always-on";
-- case SPECTRE_V2_USER_PRCTL:
-- return "";
-- }
-+ if (static_key_enabled(&switch_mm_cond_ibpb))
-+ return ", IBPB: conditional";
-+ return ", IBPB: disabled";
- }
- return "";
- }
diff --git a/queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch b/queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch
deleted file mode 100644
index 3ca5f310..00000000
--- a/queue-3.16/x86-speculation-l1tf-document-l1tf-in-sysfs.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Sat, 11 May 2019 23:45:54 +0100
-Subject: x86/speculation/l1tf: Document l1tf in sysfs
-
-The vulnerabilties/l1tf attribute was added by commit 17dbca119312
-"x86/speculation/l1tf: Add sysfs reporting for l1tf", which has
-already been backported to 3.16, but only documented in commit
-d90a7a0ec83f "x86/bugs, kvm: Introduce boot-time control of L1TF
-mitigations", which has not and probbaly won't be.
-
-Add just that line of documentation for now.
-
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/ABI/testing/sysfs-devices-system-cpu
-+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
-@@ -230,6 +230,7 @@ What: /sys/devices/system/cpu/vulnerabi
- /sys/devices/system/cpu/vulnerabilities/spectre_v1
- /sys/devices/system/cpu/vulnerabilities/spectre_v2
- /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
-+ /sys/devices/system/cpu/vulnerabilities/l1tf
- Date: January 2018
- Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
- Description: Information about CPU vulnerabilities
diff --git a/queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch b/queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch
deleted file mode 100644
index 2466c59d..00000000
--- a/queue-3.16/x86-speculation-mark-string-arrays-const-correctly.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:42 +0100
-Subject: x86/speculation: Mark string arrays const correctly
-
-commit 8770709f411763884535662744a3786a1806afd3 upstream.
-
-checkpatch.pl muttered when reshuffling the code:
- WARNING: static const char * array should probably be static const char * const
-
-Fix up all the string arrays.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.800018931@linutronix.de
-[bwh: Backported to 3.16: drop the part for KVM mitigation modes]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -290,7 +290,7 @@ enum spectre_v2_mitigation_cmd {
- SPECTRE_V2_CMD_RETPOLINE_AMD,
- };
-
--static const char *spectre_v2_strings[] = {
-+static const char * const spectre_v2_strings[] = {
- [SPECTRE_V2_NONE] = "Vulnerable",
- [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline",
- [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline",
-@@ -536,7 +536,7 @@ enum ssb_mitigation_cmd {
- SPEC_STORE_BYPASS_CMD_SECCOMP,
- };
-
--static const char *ssb_strings[] = {
-+static const char * const ssb_strings[] = {
- [SPEC_STORE_BYPASS_NONE] = "Vulnerable",
- [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled",
- [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl",
diff --git a/queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch b/queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
deleted file mode 100644
index 4756087c..00000000
--- a/queue-3.16/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From: Andi Kleen <ak@linux.intel.com>
-Date: Fri, 18 Jan 2019 16:50:16 -0800
-Subject: x86/speculation/mds: Add basic bug infrastructure for MDS
-
-commit ed5194c2732c8084af9fd159c146ea92bf137128 upstream.
-
-Microarchitectural Data Sampling (MDS), is a class of side channel attacks
-on internal buffers in Intel CPUs. The variants are:
-
- - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
-
-MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
-dependent load (store-to-load forwarding) as an optimization. The forward
-can also happen to a faulting or assisting load operation for a different
-memory address, which can be exploited under certain conditions. Store
-buffers are partitioned between Hyper-Threads so cross thread forwarding is
-not possible. But if a thread enters or exits a sleep state the store
-buffer is repartitioned which can expose data from one thread to the other.
-
-MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage
-L1 miss situations and to hold data which is returned or sent in response
-to a memory or I/O operation. Fill buffers can forward data to a load
-operation and also write data to the cache. When the fill buffer is
-deallocated it can retain the stale data of the preceding operations which
-can then be forwarded to a faulting or assisting load operation, which can
-be exploited under certain conditions. Fill buffers are shared between
-Hyper-Threads so cross thread leakage is possible.
-
-MLDPS leaks Load Port Data. Load ports are used to perform load operations
-from memory or I/O. The received data is then forwarded to the register
-file or a subsequent operation. In some implementations the Load Port can
-contain stale data from a previous operation which can be forwarded to
-faulting or assisting loads under certain conditions, which again can be
-exploited eventually. Load ports are shared between Hyper-Threads so cross
-thread leakage is possible.
-
-All variants have the same mitigation for single CPU thread case (SMT off),
-so the kernel can treat them as one MDS issue.
-
-Add the basic infrastructure to detect if the current CPU is affected by
-MDS.
-
-[ tglx: Rewrote changelog ]
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Use CPU feature word 10 and next available bug flag
- - Adjust filename, context, indentation]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/cpufeatures.h | 2 ++
- arch/x86/include/uapi/asm/msr-index.h | 5 +++++
- arch/x86/kernel/cpu/common.c | 23 +++++++++++++++--------
- 3 files changed, 22 insertions(+), 8 deletions(-)
-
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -243,6 +243,7 @@
- #define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */
-
- /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */
-+#define X86_FEATURE_MD_CLEAR (10*32+10) /* VERW clears CPU buffers */
- #define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */
- #define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */
- #define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
-@@ -271,5 +272,6 @@
- #define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */
- #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */
- #define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */
-+#define X86_BUG_MDS X86_BUG(10) /* CPU is affected by Microarchitectural data sampling */
-
- #endif /* _ASM_X86_CPUFEATURES_H */
---- a/arch/x86/include/uapi/asm/msr-index.h
-+++ b/arch/x86/include/uapi/asm/msr-index.h
-@@ -65,6 +65,11 @@
- * attack, so no Speculative Store Bypass
- * control required.
- */
-+#define ARCH_CAP_MDS_NO (1UL << 5) /*
-+ * Not susceptible to
-+ * Microarchitectural Data
-+ * Sampling (MDS) vulnerabilities.
-+ */
-
- #define MSR_IA32_BBL_CR_CTL 0x00000119
- #define MSR_IA32_BBL_CR_CTL3 0x0000011e
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -811,6 +811,7 @@ static void identify_cpu_without_cpuid(s
- #define NO_MELTDOWN BIT(1)
- #define NO_SSB BIT(2)
- #define NO_L1TF BIT(3)
-+#define NO_MDS BIT(4)
-
- #define VULNWL(_vendor, _family, _model, _whitelist) \
- { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
-@@ -827,6 +828,7 @@ static const __initconst struct x86_cpu_
- VULNWL(INTEL, 5, X86_MODEL_ANY, NO_SPECULATION),
- VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION),
-
-+ /* Intel Family 6 */
- VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION),
- VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION),
- VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION),
-@@ -843,17 +845,19 @@ static const __initconst struct x86_cpu_
- VULNWL_INTEL(CORE_YONAH, NO_SSB),
-
- VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF),
-- VULNWL_INTEL(ATOM_GOLDMONT, NO_L1TF),
-- VULNWL_INTEL(ATOM_GOLDMONT_X, NO_L1TF),
-- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_L1TF),
--
-- VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF),
-- VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF),
-- VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF),
-- VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF),
-+
-+ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF),
-+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF),
-+ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF),
-+
-+ /* AMD Family 0xf - 0x12 */
-+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
-+ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
-+ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
-+ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
-
- /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
-- VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF),
-+ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS),
- {}
- };
-
-@@ -884,6 +888,9 @@ static void __init cpu_set_bug_bits(stru
- if (ia32_cap & ARCH_CAP_IBRS_ALL)
- setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
-
-+ if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO))
-+ setup_force_cpu_bug(X86_BUG_MDS);
-+
- if (cpu_matches(NO_MELTDOWN))
- return;
-
diff --git a/queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch b/queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch
deleted file mode 100644
index 0998a3fe..00000000
--- a/queue-3.16/x86-speculation-mds-add-bug_msbds_only.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Fri, 1 Mar 2019 20:21:08 +0100
-Subject: x86/speculation/mds: Add BUG_MSBDS_ONLY
-
-commit e261f209c3666e842fd645a1e31f001c3a26def9 upstream.
-
-This bug bit is set on CPUs which are only affected by Microarchitectural
-Store Buffer Data Sampling (MSBDS) and not by any other MDS variant.
-
-This is important because the Store Buffers are partitioned between
-Hyper-Threads so cross thread forwarding is not possible. But if a thread
-enters or exits a sleep state the store buffer is repartitioned which can
-expose data from one thread to the other. This transition can be mitigated.
-
-That means that for CPUs which are only affected by MSBDS SMT can be
-enabled, if the CPU is not affected by other SMT sensitive vulnerabilities,
-e.g. L1TF. The XEON PHI variants fall into that category. Also the
-Silvermont/Airmont ATOMs, but for them it's not really relevant as they do
-not support SMT, but mark them for completeness sake.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Assign the next available bug flag
- - Adjust context, indentation]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/cpufeatures.h | 1 +
- arch/x86/kernel/cpu/common.c | 20 ++++++++++++--------
- 2 files changed, 13 insertions(+), 8 deletions(-)
-
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -273,5 +273,6 @@
- #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */
- #define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */
- #define X86_BUG_MDS X86_BUG(10) /* CPU is affected by Microarchitectural data sampling */
-+#define X86_BUG_MSBDS_ONLY X86_BUG(11) /* CPU is only affected by the MSDBS variant of BUG_MDS */
-
- #endif /* _ASM_X86_CPUFEATURES_H */
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -812,6 +812,7 @@ static void identify_cpu_without_cpuid(s
- #define NO_SSB BIT(2)
- #define NO_L1TF BIT(3)
- #define NO_MDS BIT(4)
-+#define MSBDS_ONLY BIT(5)
-
- #define VULNWL(_vendor, _family, _model, _whitelist) \
- { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
-@@ -835,16 +836,16 @@ static const __initconst struct x86_cpu_
- VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION),
- VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION),
-
-- VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF),
-- VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF),
-- VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF),
-- VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF),
-- VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF),
-- VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF),
-+ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY),
-+ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY),
-+ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY),
-+ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY),
-+ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY),
-+ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY),
-
- VULNWL_INTEL(CORE_YONAH, NO_SSB),
-
-- VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF),
-+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY),
-
- VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF),
- VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF),
-@@ -888,8 +889,11 @@ static void __init cpu_set_bug_bits(stru
- if (ia32_cap & ARCH_CAP_IBRS_ALL)
- setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
-
-- if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO))
-+ if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) {
- setup_force_cpu_bug(X86_BUG_MDS);
-+ if (cpu_matches(MSBDS_ONLY))
-+ setup_force_cpu_bug(X86_BUG_MSBDS_ONLY);
-+ }
-
- if (cpu_matches(NO_MELTDOWN))
- return;
diff --git a/queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch b/queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch
deleted file mode 100644
index c7c07f17..00000000
--- a/queue-3.16/x86-speculation-mds-add-mds_clear_cpu_buffers.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Mon, 18 Feb 2019 23:13:06 +0100
-Subject: x86/speculation/mds: Add mds_clear_cpu_buffers()
-
-commit 6a9e529272517755904b7afa639f6db59ddb793e upstream.
-
-The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by
-clearing the affected CPU buffers. The mechanism for clearing the buffers
-uses the unused and obsolete VERW instruction in combination with a
-microcode update which triggers a CPU buffer clear when VERW is executed.
-
-Provide a inline function with the assembly magic. The argument of the VERW
-instruction must be a memory operand as documented:
-
- "MD_CLEAR enumerates that the memory-operand variant of VERW (for
- example, VERW m16) has been extended to also overwrite buffers affected
- by MDS. This buffer overwriting functionality is not guaranteed for the
- register operand variant of VERW."
-
-Documentation also recommends to use a writable data segment selector:
-
- "The buffer overwriting occurs regardless of the result of the VERW
- permission check, as well as when the selector is null or causes a
- descriptor load segment violation. However, for lowest latency we
- recommend using a selector that indicates a valid writable data
- segment."
-
-Add x86 specific documentation about MDS and the internal workings of the
-mitigation.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16: drop changes to doc index and configuration]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- /dev/null
-+++ b/Documentation/x86/mds.rst
-@@ -0,0 +1,99 @@
-+Microarchitectural Data Sampling (MDS) mitigation
-+=================================================
-+
-+.. _mds:
-+
-+Overview
-+--------
-+
-+Microarchitectural Data Sampling (MDS) is a family of side channel attacks
-+on internal buffers in Intel CPUs. The variants are:
-+
-+ - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
-+ - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
-+ - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
-+
-+MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
-+dependent load (store-to-load forwarding) as an optimization. The forward
-+can also happen to a faulting or assisting load operation for a different
-+memory address, which can be exploited under certain conditions. Store
-+buffers are partitioned between Hyper-Threads so cross thread forwarding is
-+not possible. But if a thread enters or exits a sleep state the store
-+buffer is repartitioned which can expose data from one thread to the other.
-+
-+MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage
-+L1 miss situations and to hold data which is returned or sent in response
-+to a memory or I/O operation. Fill buffers can forward data to a load
-+operation and also write data to the cache. When the fill buffer is
-+deallocated it can retain the stale data of the preceding operations which
-+can then be forwarded to a faulting or assisting load operation, which can
-+be exploited under certain conditions. Fill buffers are shared between
-+Hyper-Threads so cross thread leakage is possible.
-+
-+MLPDS leaks Load Port Data. Load ports are used to perform load operations
-+from memory or I/O. The received data is then forwarded to the register
-+file or a subsequent operation. In some implementations the Load Port can
-+contain stale data from a previous operation which can be forwarded to
-+faulting or assisting loads under certain conditions, which again can be
-+exploited eventually. Load ports are shared between Hyper-Threads so cross
-+thread leakage is possible.
-+
-+
-+Exposure assumptions
-+--------------------
-+
-+It is assumed that attack code resides in user space or in a guest with one
-+exception. The rationale behind this assumption is that the code construct
-+needed for exploiting MDS requires:
-+
-+ - to control the load to trigger a fault or assist
-+
-+ - to have a disclosure gadget which exposes the speculatively accessed
-+ data for consumption through a side channel.
-+
-+ - to control the pointer through which the disclosure gadget exposes the
-+ data
-+
-+The existence of such a construct in the kernel cannot be excluded with
-+100% certainty, but the complexity involved makes it extremly unlikely.
-+
-+There is one exception, which is untrusted BPF. The functionality of
-+untrusted BPF is limited, but it needs to be thoroughly investigated
-+whether it can be used to create such a construct.
-+
-+
-+Mitigation strategy
-+-------------------
-+
-+All variants have the same mitigation strategy at least for the single CPU
-+thread case (SMT off): Force the CPU to clear the affected buffers.
-+
-+This is achieved by using the otherwise unused and obsolete VERW
-+instruction in combination with a microcode update. The microcode clears
-+the affected CPU buffers when the VERW instruction is executed.
-+
-+For virtualization there are two ways to achieve CPU buffer
-+clearing. Either the modified VERW instruction or via the L1D Flush
-+command. The latter is issued when L1TF mitigation is enabled so the extra
-+VERW can be avoided. If the CPU is not affected by L1TF then VERW needs to
-+be issued.
-+
-+If the VERW instruction with the supplied segment selector argument is
-+executed on a CPU without the microcode update there is no side effect
-+other than a small number of pointlessly wasted CPU cycles.
-+
-+This does not protect against cross Hyper-Thread attacks except for MSBDS
-+which is only exploitable cross Hyper-thread when one of the Hyper-Threads
-+enters a C-state.
-+
-+The kernel provides a function to invoke the buffer clearing:
-+
-+ mds_clear_cpu_buffers()
-+
-+The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
-+(idle) transitions.
-+
-+According to current knowledge additional mitigations inside the kernel
-+itself are not required because the necessary gadgets to expose the leaked
-+data cannot be controlled in a way which allows exploitation from malicious
-+user space or VM guests.
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -262,5 +262,30 @@ DECLARE_STATIC_KEY_FALSE(switch_to_cond_
- DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb);
- DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
-
-+#include <asm/segment.h>
-+
-+/**
-+ * mds_clear_cpu_buffers - Mitigation for MDS vulnerability
-+ *
-+ * This uses the otherwise unused and obsolete VERW instruction in
-+ * combination with microcode which triggers a CPU buffer flush when the
-+ * instruction is executed.
-+ */
-+static inline void mds_clear_cpu_buffers(void)
-+{
-+ static const u16 ds = __KERNEL_DS;
-+
-+ /*
-+ * Has to be the memory-operand variant because only that
-+ * guarantees the CPU buffer flush functionality according to
-+ * documentation. The register-operand variant does not.
-+ * Works with any segment selector, but a valid writable
-+ * data segment is the fastest variant.
-+ *
-+ * "cc" clobber is required because VERW modifies ZF.
-+ */
-+ asm volatile("verw %[ds]" : : [ds] "m" (ds) : "cc");
-+}
-+
- #endif /* __ASSEMBLY__ */
- #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */
diff --git a/queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch b/queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch
deleted file mode 100644
index 8962edef..00000000
--- a/queue-3.16/x86-speculation-mds-add-mitigation-control-for-mds.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Mon, 18 Feb 2019 22:04:08 +0100
-Subject: x86/speculation/mds: Add mitigation control for MDS
-
-commit bc1241700acd82ec69fde98c5763ce51086269f8 upstream.
-
-Now that the mitigations are in place, add a command line parameter to
-control the mitigation, a mitigation selector function and a SMT update
-mechanism.
-
-This is the minimal straight forward initial implementation which just
-provides an always on/off mode. The command line parameter is:
-
- mds=[full|off]
-
-This is consistent with the existing mitigations for other speculative
-hardware vulnerabilities.
-
-The idle invocation is dynamically updated according to the SMT state of
-the system similar to the dynamic update of the STIBP mitigation. The idle
-mitigation is limited to CPUs which are only affected by MSBDS and not any
-other variant, because the other variants cannot be mitigated on SMT
-enabled systems.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Drop " __ro_after_init"
- - Adjust filename, context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -1774,6 +1774,28 @@ bytes respectively. Such letter suffixes
- Format: <first>,<last>
- Specifies range of consoles to be captured by the MDA.
-
-+ mds= [X86,INTEL]
-+ Control mitigation for the Micro-architectural Data
-+ Sampling (MDS) vulnerability.
-+
-+ Certain CPUs are vulnerable to an exploit against CPU
-+ internal buffers which can forward information to a
-+ disclosure gadget under certain conditions.
-+
-+ In vulnerable processors, the speculatively
-+ forwarded data can be used in a cache side channel
-+ attack, to access data to which the attacker does
-+ not have direct access.
-+
-+ This parameter controls the MDS mitigation. The
-+ options are:
-+
-+ full - Enable MDS mitigation on vulnerable CPUs
-+ off - Unconditionally disable MDS mitigation
-+
-+ Not specifying this option is equivalent to
-+ mds=full.
-+
- mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory
- Amount of memory to be used when the kernel is not able
- to see the whole system memory or for test.
---- a/arch/x86/include/asm/processor.h
-+++ b/arch/x86/include/asm/processor.h
-@@ -953,4 +953,10 @@ bool xen_set_default_idle(void);
-
- void stop_this_cpu(void *dummy);
- void df_debug(struct pt_regs *regs, long error_code);
-+
-+enum mds_mitigations {
-+ MDS_MITIGATION_OFF,
-+ MDS_MITIGATION_FULL,
-+};
-+
- #endif /* _ASM_X86_PROCESSOR_H */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -32,6 +32,7 @@
- static void __init spectre_v2_select_mitigation(void);
- static void __init ssb_select_mitigation(void);
- static void __init l1tf_select_mitigation(void);
-+static void __init mds_select_mitigation(void);
-
- /* The base value of the SPEC_CTRL MSR that always has to be preserved. */
- u64 x86_spec_ctrl_base;
-@@ -157,6 +158,8 @@ void __init check_bugs(void)
-
- l1tf_select_mitigation();
-
-+ mds_select_mitigation();
-+
- #ifdef CONFIG_X86_32
- /*
- * Check whether we are able to run this kernel safely on SMP.
-@@ -268,6 +271,50 @@ static void x86_amd_ssb_disable(void)
- }
-
- #undef pr_fmt
-+#define pr_fmt(fmt) "MDS: " fmt
-+
-+/* Default mitigation for L1TF-affected CPUs */
-+static enum mds_mitigations mds_mitigation = MDS_MITIGATION_FULL;
-+
-+static const char * const mds_strings[] = {
-+ [MDS_MITIGATION_OFF] = "Vulnerable",
-+ [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers"
-+};
-+
-+static void __init mds_select_mitigation(void)
-+{
-+ if (!boot_cpu_has_bug(X86_BUG_MDS)) {
-+ mds_mitigation = MDS_MITIGATION_OFF;
-+ return;
-+ }
-+
-+ if (mds_mitigation == MDS_MITIGATION_FULL) {
-+ if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
-+ static_branch_enable(&mds_user_clear);
-+ else
-+ mds_mitigation = MDS_MITIGATION_OFF;
-+ }
-+ pr_info("%s\n", mds_strings[mds_mitigation]);
-+}
-+
-+static int __init mds_cmdline(char *str)
-+{
-+ if (!boot_cpu_has_bug(X86_BUG_MDS))
-+ return 0;
-+
-+ if (!str)
-+ return -EINVAL;
-+
-+ if (!strcmp(str, "off"))
-+ mds_mitigation = MDS_MITIGATION_OFF;
-+ else if (!strcmp(str, "full"))
-+ mds_mitigation = MDS_MITIGATION_FULL;
-+
-+ return 0;
-+}
-+early_param("mds", mds_cmdline);
-+
-+#undef pr_fmt
- #define pr_fmt(fmt) "Spectre V2 : " fmt
-
- static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
-@@ -665,6 +712,26 @@ static void update_indir_branch_cond(voi
- static_branch_disable(&switch_to_cond_stibp);
- }
-
-+/* Update the static key controlling the MDS CPU buffer clear in idle */
-+static void update_mds_branch_idle(void)
-+{
-+ /*
-+ * Enable the idle clearing if SMT is active on CPUs which are
-+ * affected only by MSBDS and not any other MDS variant.
-+ *
-+ * The other variants cannot be mitigated when SMT is enabled, so
-+ * clearing the buffers on idle just to prevent the Store Buffer
-+ * repartitioning leak would be a window dressing exercise.
-+ */
-+ if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY))
-+ return;
-+
-+ if (sched_smt_active())
-+ static_branch_enable(&mds_idle_clear);
-+ else
-+ static_branch_disable(&mds_idle_clear);
-+}
-+
- void arch_smt_update(void)
- {
- /* Enhanced IBRS implies STIBP. No update required. */
-@@ -685,6 +752,9 @@ void arch_smt_update(void)
- break;
- }
-
-+ if (mds_mitigation == MDS_MITIGATION_FULL)
-+ update_mds_branch_idle();
-+
- mutex_unlock(&spec_ctrl_mutex);
- }
-
diff --git a/queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch b/queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch
deleted file mode 100644
index 4ca8f887..00000000
--- a/queue-3.16/x86-speculation-mds-add-mitigation-mode-vmwerv.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 20 Feb 2019 09:40:40 +0100
-Subject: x86/speculation/mds: Add mitigation mode VMWERV
-
-commit 22dd8365088b6403630b82423cf906491859b65e upstream.
-
-In virtualized environments it can happen that the host has the microcode
-update which utilizes the VERW instruction to clear CPU buffers, but the
-hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
-to guests.
-
-Introduce an internal mitigation mode VMWERV which enables the invocation
-of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
-system has no updated microcode this results in a pointless execution of
-the VERW instruction wasting a few CPU cycles. If the microcode is updated,
-but not exposed to a guest then the CPU buffers will be cleared.
-
-That said: Virtual Machines Will Eventually Receive Vaccine
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/x86/mds.rst
-+++ b/Documentation/x86/mds.rst
-@@ -93,11 +93,38 @@ The kernel provides a function to invoke
- The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
- (idle) transitions.
-
-+As a special quirk to address virtualization scenarios where the host has
-+the microcode updated, but the hypervisor does not (yet) expose the
-+MD_CLEAR CPUID bit to guests, the kernel issues the VERW instruction in the
-+hope that it might actually clear the buffers. The state is reflected
-+accordingly.
-+
- According to current knowledge additional mitigations inside the kernel
- itself are not required because the necessary gadgets to expose the leaked
- data cannot be controlled in a way which allows exploitation from malicious
- user space or VM guests.
-
-+Kernel internal mitigation modes
-+--------------------------------
-+
-+ ======= ============================================================
-+ off Mitigation is disabled. Either the CPU is not affected or
-+ mds=off is supplied on the kernel command line
-+
-+ full Mitigation is eanbled. CPU is affected and MD_CLEAR is
-+ advertised in CPUID.
-+
-+ vmwerv Mitigation is enabled. CPU is affected and MD_CLEAR is not
-+ advertised in CPUID. That is mainly for virtualization
-+ scenarios where the host has the updated microcode but the
-+ hypervisor does not expose MD_CLEAR in CPUID. It's a best
-+ effort approach without guarantee.
-+ ======= ============================================================
-+
-+If the CPU is affected and mds=off is not supplied on the kernel command
-+line then the kernel selects the appropriate mitigation mode depending on
-+the availability of the MD_CLEAR CPUID bit.
-+
- Mitigation points
- -----------------
-
---- a/arch/x86/include/asm/processor.h
-+++ b/arch/x86/include/asm/processor.h
-@@ -957,6 +957,7 @@ void df_debug(struct pt_regs *regs, long
- enum mds_mitigations {
- MDS_MITIGATION_OFF,
- MDS_MITIGATION_FULL,
-+ MDS_MITIGATION_VMWERV,
- };
-
- #endif /* _ASM_X86_PROCESSOR_H */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -279,7 +279,8 @@ static enum mds_mitigations mds_mitigati
-
- static const char * const mds_strings[] = {
- [MDS_MITIGATION_OFF] = "Vulnerable",
-- [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers"
-+ [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers",
-+ [MDS_MITIGATION_VMWERV] = "Vulnerable: Clear CPU buffers attempted, no microcode",
- };
-
- static void __init mds_select_mitigation(void)
-@@ -290,10 +291,9 @@ static void __init mds_select_mitigation
- }
-
- if (mds_mitigation == MDS_MITIGATION_FULL) {
-- if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
-- static_branch_enable(&mds_user_clear);
-- else
-- mds_mitigation = MDS_MITIGATION_OFF;
-+ if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
-+ mds_mitigation = MDS_MITIGATION_VMWERV;
-+ static_branch_enable(&mds_user_clear);
- }
- pr_info("%s\n", mds_strings[mds_mitigation]);
- }
-@@ -753,8 +753,14 @@ void arch_smt_update(void)
- break;
- }
-
-- if (mds_mitigation == MDS_MITIGATION_FULL)
-+ switch (mds_mitigation) {
-+ case MDS_MITIGATION_FULL:
-+ case MDS_MITIGATION_VMWERV:
- update_mds_branch_idle();
-+ break;
-+ case MDS_MITIGATION_OFF:
-+ break;
-+ }
-
- mutex_unlock(&spec_ctrl_mutex);
- }
diff --git a/queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch b/queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch
deleted file mode 100644
index 9c5e1bfe..00000000
--- a/queue-3.16/x86-speculation-mds-add-mitigations-support-for-mds.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Josh Poimboeuf <jpoimboe@redhat.com>
-Date: Wed, 17 Apr 2019 16:39:02 -0500
-Subject: x86/speculation/mds: Add 'mitigations=' support for MDS
-
-commit 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12 upstream.
-
-Add MDS to the new 'mitigations=' cmdline option.
-
-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-[bwh: Backported to 3.16:
- - Drop the auto,nosmt option, which we can't support
- - Adjust filenames, context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -1920,6 +1920,7 @@ bytes respectively. Such letter suffixes
- nospectre_v2 [X86]
- spectre_v2_user=off [X86]
- spec_store_bypass_disable=off [X86]
-+ mds=off [X86]
-
- auto (default)
- Mitigate all CPU vulnerabilities, but leave SMT
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -287,7 +287,7 @@ static const char * const mds_strings[]
-
- static void __init mds_select_mitigation(void)
- {
-- if (!boot_cpu_has_bug(X86_BUG_MDS)) {
-+ if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
- mds_mitigation = MDS_MITIGATION_OFF;
- return;
- }
diff --git a/queue-3.16/x86-speculation-mds-add-smt-warning-message.patch b/queue-3.16/x86-speculation-mds-add-smt-warning-message.patch
deleted file mode 100644
index ded23589..00000000
--- a/queue-3.16/x86-speculation-mds-add-smt-warning-message.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Josh Poimboeuf <jpoimboe@redhat.com>
-Date: Tue, 2 Apr 2019 10:00:51 -0500
-Subject: x86/speculation/mds: Add SMT warning message
-
-commit 39226ef02bfb43248b7db12a4fdccb39d95318e3 upstream.
-
-MDS is vulnerable with SMT. Make that clear with a one-time printk
-whenever SMT first gets enabled.
-
-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Acked-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -712,6 +712,9 @@ static void update_indir_branch_cond(voi
- static_branch_disable(&switch_to_cond_stibp);
- }
-
-+#undef pr_fmt
-+#define pr_fmt(fmt) fmt
-+
- /* Update the static key controlling the MDS CPU buffer clear in idle */
- static void update_mds_branch_idle(void)
- {
-@@ -732,6 +735,8 @@ static void update_mds_branch_idle(void)
- static_branch_disable(&mds_idle_clear);
- }
-
-+#define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"
-+
- void arch_smt_update(void)
- {
- /* Enhanced IBRS implies STIBP. No update required. */
-@@ -755,6 +760,8 @@ void arch_smt_update(void)
- switch (mds_mitigation) {
- case MDS_MITIGATION_FULL:
- case MDS_MITIGATION_VMWERV:
-+ if (sched_smt_active() && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
-+ pr_warn_once(MDS_MSG_SMT);
- update_mds_branch_idle();
- break;
- case MDS_MITIGATION_OFF:
-@@ -1134,6 +1141,7 @@ static void __init l1tf_select_mitigatio
- setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV);
- }
- #undef pr_fmt
-+#define pr_fmt(fmt) fmt
-
- #ifdef CONFIG_SYSFS
-
diff --git a/queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch b/queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch
deleted file mode 100644
index a2595438..00000000
--- a/queue-3.16/x86-speculation-mds-add-sysfs-reporting-for-mds.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Mon, 18 Feb 2019 22:51:43 +0100
-Subject: x86/speculation/mds: Add sysfs reporting for MDS
-
-commit 8a4b06d391b0a42a373808979b5028f5c84d9c6a upstream.
-
-Add the sysfs reporting file for MDS. It exposes the vulnerability and
-mitigation state similar to the existing files for the other speculative
-hardware vulnerabilities.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Test x86_hyper instead of using hypervisor_is_type()
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/ABI/testing/sysfs-devices-system-cpu
-+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
-@@ -231,6 +231,7 @@ What: /sys/devices/system/cpu/vulnerabi
- /sys/devices/system/cpu/vulnerabilities/spectre_v2
- /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
- /sys/devices/system/cpu/vulnerabilities/l1tf
-+ /sys/devices/system/cpu/vulnerabilities/mds
- Date: January 2018
- Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
- Description: Information about CPU vulnerabilities
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -24,6 +24,7 @@
- #include <asm/msr.h>
- #include <asm/paravirt.h>
- #include <asm/alternative.h>
-+#include <asm/hypervisor.h>
- #include <asm/pgtable.h>
- #include <asm/cacheflush.h>
- #include <asm/intel-family.h>
-@@ -1131,6 +1132,24 @@ static void __init l1tf_select_mitigatio
-
- #ifdef CONFIG_SYSFS
-
-+static ssize_t mds_show_state(char *buf)
-+{
-+#ifdef CONFIG_HYPERVISOR_GUEST
-+ if (x86_hyper) {
-+ return sprintf(buf, "%s; SMT Host state unknown\n",
-+ mds_strings[mds_mitigation]);
-+ }
-+#endif
-+
-+ if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) {
-+ return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
-+ sched_smt_active() ? "mitigated" : "disabled");
-+ }
-+
-+ return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
-+ sched_smt_active() ? "vulnerable" : "disabled");
-+}
-+
- static char *stibp_state(void)
- {
- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-@@ -1193,6 +1212,9 @@ static ssize_t cpu_show_common(struct de
- return sprintf(buf, "Mitigation: Page Table Inversion\n");
- break;
-
-+ case X86_BUG_MDS:
-+ return mds_show_state(buf);
-+
- default:
- break;
- }
-@@ -1224,4 +1246,9 @@ ssize_t cpu_show_l1tf(struct device *dev
- {
- return cpu_show_common(dev, attr, buf, X86_BUG_L1TF);
- }
-+
-+ssize_t cpu_show_mds(struct device *dev, struct device_attribute *attr, char *buf)
-+{
-+ return cpu_show_common(dev, attr, buf, X86_BUG_MDS);
-+}
- #endif
---- a/drivers/base/cpu.c
-+++ b/drivers/base/cpu.c
-@@ -450,11 +450,18 @@ ssize_t __weak cpu_show_l1tf(struct devi
- return sprintf(buf, "Not affected\n");
- }
-
-+ssize_t __weak cpu_show_mds(struct device *dev,
-+ struct device_attribute *attr, char *buf)
-+{
-+ return sprintf(buf, "Not affected\n");
-+}
-+
- static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
- static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
- static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
- static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
- static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
-+static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
-
- static struct attribute *cpu_root_vulnerabilities_attrs[] = {
- &dev_attr_meltdown.attr,
-@@ -462,6 +469,7 @@ static struct attribute *cpu_root_vulner
- &dev_attr_spectre_v2.attr,
- &dev_attr_spec_store_bypass.attr,
- &dev_attr_l1tf.attr,
-+ &dev_attr_mds.attr,
- NULL
- };
-
---- a/include/linux/cpu.h
-+++ b/include/linux/cpu.h
-@@ -49,6 +49,8 @@ extern ssize_t cpu_show_spec_store_bypas
- struct device_attribute *attr, char *buf);
- extern ssize_t cpu_show_l1tf(struct device *dev,
- struct device_attribute *attr, char *buf);
-+extern ssize_t cpu_show_mds(struct device *dev,
-+ struct device_attribute *attr, char *buf);
-
- #ifdef CONFIG_HOTPLUG_CPU
- extern void unregister_cpu(struct cpu *cpu);
diff --git a/queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch b/queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch
deleted file mode 100644
index 19c190ea..00000000
--- a/queue-3.16/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch
+++ /dev/null
@@ -1,261 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Mon, 18 Feb 2019 23:42:51 +0100
-Subject: x86/speculation/mds: Clear CPU buffers on exit to user
-
-commit 04dcbdb8057827b043b3c71aa397c4c63e67d086 upstream.
-
-Add a static key which controls the invocation of the CPU buffer clear
-mechanism on exit to user space and add the call into
-prepare_exit_to_usermode() and do_nmi() right before actually returning.
-
-Add documentation which kernel to user space transition this covers and
-explain why some corner cases are not mitigated.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16: Add an assembly macro equivalent to
- mds_user_clear_cpu_buffers() and use this in the system call exit path,
- as we don't have prepare_exit_to_usermode()]
-Cc: Dominik Brodowski <linux@dominikbrodowski.net>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: x86@kernel.org
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/x86/mds.rst
-+++ b/Documentation/x86/mds.rst
-@@ -97,3 +97,55 @@ According to current knowledge additiona
- itself are not required because the necessary gadgets to expose the leaked
- data cannot be controlled in a way which allows exploitation from malicious
- user space or VM guests.
-+
-+Mitigation points
-+-----------------
-+
-+1. Return to user space
-+^^^^^^^^^^^^^^^^^^^^^^^
-+
-+ When transitioning from kernel to user space the CPU buffers are flushed
-+ on affected CPUs when the mitigation is not disabled on the kernel
-+ command line. The migitation is enabled through the static key
-+ mds_user_clear.
-+
-+ The mitigation is invoked in prepare_exit_to_usermode() which covers
-+ most of the kernel to user space transitions. There are a few exceptions
-+ which are not invoking prepare_exit_to_usermode() on return to user
-+ space. These exceptions use the paranoid exit code.
-+
-+ - Non Maskable Interrupt (NMI):
-+
-+ Access to sensible data like keys, credentials in the NMI context is
-+ mostly theoretical: The CPU can do prefetching or execute a
-+ misspeculated code path and thereby fetching data which might end up
-+ leaking through a buffer.
-+
-+ But for mounting other attacks the kernel stack address of the task is
-+ already valuable information. So in full mitigation mode, the NMI is
-+ mitigated on the return from do_nmi() to provide almost complete
-+ coverage.
-+
-+ - Double fault (#DF):
-+
-+ A double fault is usually fatal, but the ESPFIX workaround, which can
-+ be triggered from user space through modify_ldt(2) is a recoverable
-+ double fault. #DF uses the paranoid exit path, so explicit mitigation
-+ in the double fault handler is required.
-+
-+ - Machine Check Exception (#MC):
-+
-+ Another corner case is a #MC which hits between the CPU buffer clear
-+ invocation and the actual return to user. As this still is in kernel
-+ space it takes the paranoid exit path which does not clear the CPU
-+ buffers. So the #MC handler repopulates the buffers to some
-+ extent. Machine checks are not reliably controllable and the window is
-+ extremly small so mitigation would just tick a checkbox that this
-+ theoretical corner case is covered. To keep the amount of special
-+ cases small, ignore #MC.
-+
-+ - Debug Exception (#DB):
-+
-+ This takes the paranoid exit path only when the INT1 breakpoint is in
-+ kernel space. #DB on a user space address takes the regular exit path,
-+ so no extra mitigation required.
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -262,6 +262,8 @@ DECLARE_STATIC_KEY_FALSE(switch_to_cond_
- DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb);
- DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
-
-+DECLARE_STATIC_KEY_FALSE(mds_user_clear);
-+
- #include <asm/segment.h>
-
- /**
-@@ -287,5 +289,31 @@ static inline void mds_clear_cpu_buffers
- asm volatile("verw %[ds]" : : [ds] "m" (ds) : "cc");
- }
-
-+/**
-+ * mds_user_clear_cpu_buffers - Mitigation for MDS vulnerability
-+ *
-+ * Clear CPU buffers if the corresponding static key is enabled
-+ */
-+static inline void mds_user_clear_cpu_buffers(void)
-+{
-+ if (static_branch_likely(&mds_user_clear))
-+ mds_clear_cpu_buffers();
-+}
-+
- #endif /* __ASSEMBLY__ */
-+
-+#ifdef __ASSEMBLY__
-+.macro MDS_USER_CLEAR_CPU_BUFFERS
-+#ifdef CONFIG_JUMP_LABEL
-+ STATIC_JUMP_IF_FALSE .Lmds_skip_clear_\@, mds_user_clear, def=0
-+#endif
-+#ifdef CONFIG_X86_64
-+ verw mds_clear_cpu_buffers_ds(%rip)
-+#else
-+ verw mds_clear_cpu_buffers_ds
-+#endif
-+.Lmds_skip_clear_\@:
-+.endm
-+#endif
-+
- #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -58,6 +58,12 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_cond_i
- /* Control unconditional IBPB in switch_mm() */
- DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
-
-+/* Control MDS CPU buffer clear before returning to user space */
-+DEFINE_STATIC_KEY_FALSE(mds_user_clear);
-+
-+/* For use by asm MDS_CLEAR_CPU_BUFFERS */
-+const u16 mds_clear_cpu_buffers_ds = __KERNEL_DS;
-+
- #ifdef CONFIG_X86_32
-
- static double __initdata x = 4195835.0;
---- a/arch/x86/kernel/nmi.c
-+++ b/arch/x86/kernel/nmi.c
-@@ -29,6 +29,7 @@
- #include <asm/mach_traps.h>
- #include <asm/nmi.h>
- #include <asm/x86_init.h>
-+#include <asm/nospec-branch.h>
-
- #define CREATE_TRACE_POINTS
- #include <trace/events/nmi.h>
-@@ -522,6 +523,9 @@ nmi_restart:
- write_cr2(this_cpu_read(nmi_cr2));
- if (this_cpu_dec_return(nmi_state))
- goto nmi_restart;
-+
-+ if (user_mode(regs))
-+ mds_user_clear_cpu_buffers();
- }
- NOKPROBE_SYMBOL(do_nmi);
-
---- a/arch/x86/kernel/traps.c
-+++ b/arch/x86/kernel/traps.c
-@@ -55,6 +55,7 @@
- #include <asm/fixmap.h>
- #include <asm/mach_traps.h>
- #include <asm/alternative.h>
-+#include <asm/nospec-branch.h>
-
- #ifdef CONFIG_X86_64
- #include <asm/x86_init.h>
-@@ -258,6 +259,14 @@ dotraplinkage void do_double_fault(struc
- normal_regs->orig_ax = 0; /* Missing (lost) #GP error code */
- regs->ip = (unsigned long)general_protection;
- regs->sp = (unsigned long)&normal_regs->orig_ax;
-+
-+ /*
-+ * This situation can be triggered by userspace via
-+ * modify_ldt(2) and the return does not take the regular
-+ * user space exit, so a CPU buffer clear is required when
-+ * MDS mitigation is enabled.
-+ */
-+ mds_user_clear_cpu_buffers();
- return;
- }
- #endif
---- a/arch/x86/kernel/entry_32.S
-+++ b/arch/x86/kernel/entry_32.S
-@@ -443,6 +443,7 @@ sysenter_after_call:
- testl $_TIF_ALLWORK_MASK, %ecx
- jne sysexit_audit
- sysenter_exit:
-+ MDS_USER_CLEAR_CPU_BUFFERS
- /* if something modifies registers it must also disable sysexit */
- movl PT_EIP(%esp), %edx
- movl PT_OLDESP(%esp), %ecx
-@@ -531,6 +532,7 @@ syscall_exit:
- jne syscall_exit_work
-
- restore_all:
-+ MDS_USER_CLEAR_CPU_BUFFERS
- TRACE_IRQS_IRET
- restore_all_notrace:
- #ifdef CONFIG_X86_ESPFIX32
---- a/arch/x86/kernel/entry_64.S
-+++ b/arch/x86/kernel/entry_64.S
-@@ -475,6 +475,7 @@ sysret_check:
- movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx
- andl %edi,%edx
- jnz sysret_careful
-+ MDS_USER_CLEAR_CPU_BUFFERS
- CFI_REMEMBER_STATE
- /*
- * sysretq will re-enable interrupts:
-@@ -870,6 +871,7 @@ retint_swapgs: /* return to user-space
- * The iretq could re-enable interrupts:
- */
- DISABLE_INTERRUPTS(CLBR_ANY)
-+ MDS_USER_CLEAR_CPU_BUFFERS
- TRACE_IRQS_IRETQ
- /*
- * This opens a window where we have a user CR3, but are
-@@ -1384,7 +1386,7 @@ paranoid_userspace:
- GET_THREAD_INFO(%rcx)
- movl TI_flags(%rcx),%ebx
- andl $_TIF_WORK_MASK,%ebx
-- jz paranoid_kernel
-+ jz paranoid_userspace_done
- movq %rsp,%rdi /* &pt_regs */
- call sync_regs
- movq %rax,%rsp /* switch stack for scheduling */
-@@ -1406,6 +1408,9 @@ paranoid_schedule:
- DISABLE_INTERRUPTS(CLBR_ANY)
- TRACE_IRQS_OFF
- jmp paranoid_userspace
-+paranoid_userspace_done:
-+ MDS_USER_CLEAR_CPU_BUFFERS
-+ jmp paranoid_kernel
- CFI_ENDPROC
- END(paranoid_exit)
-
---- a/arch/x86/ia32/ia32entry.S
-+++ b/arch/x86/ia32/ia32entry.S
-@@ -188,6 +188,7 @@ sysenter_dispatch:
- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
- jnz sysexit_audit
- sysexit_from_sys_call:
-+ MDS_USER_CLEAR_CPU_BUFFERS
- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
- /* clear IF, that popfq doesn't enable interrupts early */
- andl $~0x200,EFLAGS-R11(%rsp)
-@@ -362,6 +363,7 @@ cstar_dispatch:
- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
- jnz sysretl_audit
- sysretl_from_sys_call:
-+ MDS_USER_CLEAR_CPU_BUFFERS
- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
- RESTORE_ARGS 0,-ARG_SKIP,0,0,0
- movl RIP-ARGOFFSET(%rsp),%ecx
diff --git a/queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch b/queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch
deleted file mode 100644
index 91685f54..00000000
--- a/queue-3.16/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch
+++ /dev/null
@@ -1,200 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Mon, 18 Feb 2019 23:04:01 +0100
-Subject: x86/speculation/mds: Conditionally clear CPU buffers on idle entry
-
-commit 07f07f55a29cb705e221eda7894dd67ab81ef343 upstream.
-
-Add a static key which controls the invocation of the CPU buffer clear
-mechanism on idle entry. This is independent of other MDS mitigations
-because the idle entry invocation to mitigate the potential leakage due to
-store buffer repartitioning is only necessary on SMT systems.
-
-Add the actual invocations to the different halt/mwait variants which
-covers all usage sites. mwaitx is not patched as it's not available on
-Intel CPUs.
-
-The buffer clear is only invoked before entering the C-State to prevent
-that stale data from the idling CPU is spilled to the Hyper-Thread sibling
-after the Store buffer got repartitioned and all entries are available to
-the non idle sibling.
-
-When coming out of idle the store buffer is partitioned again so each
-sibling has half of it available. Now CPU which returned from idle could be
-speculatively exposed to contents of the sibling, but the buffers are
-flushed either on exit to user space or on VMENTER.
-
-When later on conditional buffer clearing is implemented on top of this,
-then there is no action required either because before returning to user
-space the context switch will set the condition flag which causes a flush
-on the return to user path.
-
-Note, that the buffer clearing on idle is only sensible on CPUs which are
-solely affected by MSBDS and not any other variant of MDS because the other
-MDS variants cannot be mitigated when SMT is enabled, so the buffer
-clearing on idle would be a window dressing exercise.
-
-This intentionally does not handle the case in the acpi/processor_idle
-driver which uses the legacy IO port interface for C-State transitions for
-two reasons:
-
- - The acpi/processor_idle driver was replaced by the intel_idle driver
- almost a decade ago. Anything Nehalem upwards supports it and defaults
- to that new driver.
-
- - The legacy IO port interface is likely to be used on older and therefore
- unaffected CPUs or on systems which do not receive microcode updates
- anymore, so there is no point in adding that.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Borislav Petkov <bp@suse.de>
-Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
-Reviewed-by: Jon Masters <jcm@redhat.com>
-Tested-by: Jon Masters <jcm@redhat.com>
-[bwh: Backported to 3.16:
- - Drop change in _mwaitx()
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/x86/mds.rst
-+++ b/Documentation/x86/mds.rst
-@@ -149,3 +149,45 @@ Mitigation points
- This takes the paranoid exit path only when the INT1 breakpoint is in
- kernel space. #DB on a user space address takes the regular exit path,
- so no extra mitigation required.
-+
-+
-+2. C-State transition
-+^^^^^^^^^^^^^^^^^^^^^
-+
-+ When a CPU goes idle and enters a C-State the CPU buffers need to be
-+ cleared on affected CPUs when SMT is active. This addresses the
-+ repartitioning of the store buffer when one of the Hyper-Threads enters
-+ a C-State.
-+
-+ When SMT is inactive, i.e. either the CPU does not support it or all
-+ sibling threads are offline CPU buffer clearing is not required.
-+
-+ The idle clearing is enabled on CPUs which are only affected by MSBDS
-+ and not by any other MDS variant. The other MDS variants cannot be
-+ protected against cross Hyper-Thread attacks because the Fill Buffer and
-+ the Load Ports are shared. So on CPUs affected by other variants, the
-+ idle clearing would be a window dressing exercise and is therefore not
-+ activated.
-+
-+ The invocation is controlled by the static key mds_idle_clear which is
-+ switched depending on the chosen mitigation mode and the SMT state of
-+ the system.
-+
-+ The buffer clear is only invoked before entering the C-State to prevent
-+ that stale data from the idling CPU from spilling to the Hyper-Thread
-+ sibling after the store buffer got repartitioned and all entries are
-+ available to the non idle sibling.
-+
-+ When coming out of idle the store buffer is partitioned again so each
-+ sibling has half of it available. The back from idle CPU could be then
-+ speculatively exposed to contents of the sibling. The buffers are
-+ flushed either on exit to user space or on VMENTER so malicious code
-+ in user space or the guest cannot speculatively access them.
-+
-+ The mitigation is hooked into all variants of halt()/mwait(), but does
-+ not cover the legacy ACPI IO-Port mechanism because the ACPI idle driver
-+ has been superseded by the intel_idle driver around 2010 and is
-+ preferred on all affected CPUs which are expected to gain the MD_CLEAR
-+ functionality in microcode. Aside of that the IO-Port mechanism is a
-+ legacy interface which is only used on older systems which are either
-+ not affected or do not receive microcode updates anymore.
---- a/arch/x86/include/asm/irqflags.h
-+++ b/arch/x86/include/asm/irqflags.h
-@@ -4,6 +4,9 @@
- #include <asm/processor-flags.h>
-
- #ifndef __ASSEMBLY__
-+
-+#include <asm/nospec-branch.h>
-+
- /*
- * Interrupt control:
- */
-@@ -46,11 +49,13 @@ static inline void native_irq_enable(voi
-
- static inline void native_safe_halt(void)
- {
-+ mds_idle_clear_cpu_buffers();
- asm volatile("sti; hlt": : :"memory");
- }
-
- static inline void native_halt(void)
- {
-+ mds_idle_clear_cpu_buffers();
- asm volatile("hlt": : :"memory");
- }
-
---- a/arch/x86/include/asm/mwait.h
-+++ b/arch/x86/include/asm/mwait.h
-@@ -4,6 +4,7 @@
- #include <linux/sched.h>
-
- #include <asm/cpufeature.h>
-+#include <asm/nospec-branch.h>
-
- #define MWAIT_SUBSTATE_MASK 0xf
- #define MWAIT_CSTATE_MASK 0xf
-@@ -27,6 +28,8 @@ static inline void __monitor(const void
-
- static inline void __mwait(unsigned long eax, unsigned long ecx)
- {
-+ mds_idle_clear_cpu_buffers();
-+
- /* "mwait %eax, %ecx;" */
- asm volatile(".byte 0x0f, 0x01, 0xc9;"
- :: "a" (eax), "c" (ecx));
-@@ -34,6 +37,8 @@ static inline void __mwait(unsigned long
-
- static inline void __sti_mwait(unsigned long eax, unsigned long ecx)
- {
-+ mds_idle_clear_cpu_buffers();
-+
- trace_hardirqs_on();
- /* "mwait %eax, %ecx;" */
- asm volatile("sti; .byte 0x0f, 0x01, 0xc9;"
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -263,6 +263,7 @@ DECLARE_STATIC_KEY_FALSE(switch_mm_cond_
- DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
-
- DECLARE_STATIC_KEY_FALSE(mds_user_clear);
-+DECLARE_STATIC_KEY_FALSE(mds_idle_clear);
-
- #include <asm/segment.h>
-
-@@ -300,6 +301,17 @@ static inline void mds_user_clear_cpu_bu
- mds_clear_cpu_buffers();
- }
-
-+/**
-+ * mds_idle_clear_cpu_buffers - Mitigation for MDS vulnerability
-+ *
-+ * Clear CPU buffers if the corresponding static key is enabled
-+ */
-+static inline void mds_idle_clear_cpu_buffers(void)
-+{
-+ if (static_branch_likely(&mds_idle_clear))
-+ mds_clear_cpu_buffers();
-+}
-+
- #endif /* __ASSEMBLY__ */
-
- #ifdef __ASSEMBLY__
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -60,6 +60,9 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_always
-
- /* Control MDS CPU buffer clear before returning to user space */
- DEFINE_STATIC_KEY_FALSE(mds_user_clear);
-+/* Control MDS CPU buffer clear before idling (halt, mwait) */
-+DEFINE_STATIC_KEY_FALSE(mds_idle_clear);
-+EXPORT_SYMBOL_GPL(mds_idle_clear);
-
- /* For use by asm MDS_CLEAR_CPU_BUFFERS */
- const u16 mds_clear_cpu_buffers_ds = __KERNEL_DS;
diff --git a/queue-3.16/x86-speculation-mds-fix-comment.patch b/queue-3.16/x86-speculation-mds-fix-comment.patch
deleted file mode 100644
index e118d0f4..00000000
--- a/queue-3.16/x86-speculation-mds-fix-comment.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
-Date: Fri, 12 Apr 2019 17:50:57 -0400
-Subject: x86/speculation/mds: Fix comment
-
-commit cae5ec342645746d617dd420d206e1588d47768a upstream.
-
-s/L1TF/MDS/
-
-Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -276,7 +276,7 @@ static void x86_amd_ssb_disable(void)
- #undef pr_fmt
- #define pr_fmt(fmt) "MDS: " fmt
-
--/* Default mitigation for L1TF-affected CPUs */
-+/* Default mitigation for MDS-affected CPUs */
- static enum mds_mitigations mds_mitigation = MDS_MITIGATION_FULL;
-
- static const char * const mds_strings[] = {
diff --git a/queue-3.16/x86-speculation-mds-fix-documentation-typo.patch b/queue-3.16/x86-speculation-mds-fix-documentation-typo.patch
deleted file mode 100644
index 87af1c89..00000000
--- a/queue-3.16/x86-speculation-mds-fix-documentation-typo.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Josh Poimboeuf <jpoimboe@redhat.com>
-Date: Tue, 7 May 2019 15:05:22 -0500
-Subject: x86/speculation/mds: Fix documentation typo
-
-commit 95310e348a321b45fb746c176961d4da72344282 upstream.
-
-Fix a minor typo in the MDS documentation: "eanbled" -> "enabled".
-
-Reported-by: Jeff Bastian <jbastian@redhat.com>
-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/x86/mds.rst | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/Documentation/x86/mds.rst
-+++ b/Documentation/x86/mds.rst
-@@ -116,7 +116,7 @@ Kernel internal mitigation modes
- off Mitigation is disabled. Either the CPU is not affected or
- mds=off is supplied on the kernel command line
-
-- full Mitigation is eanbled. CPU is affected and MD_CLEAR is
-+ full Mitigation is enabled. CPU is affected and MD_CLEAR is
- advertised in CPUID.
-
- vmwerv Mitigation is enabled. CPU is affected and MD_CLEAR is not
diff --git a/queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch b/queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch
deleted file mode 100644
index 778bf88b..00000000
--- a/queue-3.16/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Date: Fri, 12 Apr 2019 17:50:58 -0400
-Subject: x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations
- off
-
-commit e2c3c94788b08891dcf3dbe608f9880523ecd71b upstream.
-
-This code is only for CPUs which are affected by MSBDS, but are *not*
-affected by the other two MDS issues.
-
-For such CPUs, enabling the mds_idle_clear mitigation is enough to
-mitigate SMT.
-
-However if user boots with 'mds=off' and still has SMT enabled, we should
-not report that SMT is mitigated:
-
-$cat /sys//devices/system/cpu/vulnerabilities/mds
-Vulnerable; SMT mitigated
-
-But rather:
-Vulnerable; SMT vulnerable
-
-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Link: https://lkml.kernel.org/r/20190412215118.294906495@localhost.localdomain
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -1156,7 +1156,8 @@ static ssize_t mds_show_state(char *buf)
-
- if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) {
- return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
-- sched_smt_active() ? "mitigated" : "disabled");
-+ (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" :
-+ sched_smt_active() ? "mitigated" : "disabled"));
- }
-
- return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
diff --git a/queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch b/queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch
deleted file mode 100644
index 4f92dbc3..00000000
--- a/queue-3.16/x86-speculation-move-arch_smt_update-call-to-after-mitigation.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Josh Poimboeuf <jpoimboe@redhat.com>
-Date: Tue, 2 Apr 2019 10:00:14 -0500
-Subject: x86/speculation: Move arch_smt_update() call to after mitigation
- decisions
-
-commit 7c3658b20194a5b3209a143f63bc9c643c6a3ae2 upstream.
-
-arch_smt_update() now has a dependency on both Spectre v2 and MDS
-mitigations. Move its initial call to after all the mitigation decisions
-have been made.
-
-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Acked-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -161,6 +161,8 @@ void __init check_bugs(void)
-
- mds_select_mitigation();
-
-+ arch_smt_update();
-+
- #ifdef CONFIG_X86_32
- /*
- * Check whether we are able to run this kernel safely on SMP.
-@@ -677,9 +679,6 @@ specv2_set_mode:
-
- /* Set up IBPB and STIBP depending on the general spectre V2 command */
- spectre_v2_user_select_mitigation(cmd);
--
-- /* Enable STIBP if appropriate */
-- arch_smt_update();
- }
-
- static void update_stibp_msr(void * __unused)
diff --git a/queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch b/queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch
deleted file mode 100644
index b857b9c6..00000000
--- a/queue-3.16/x86-speculation-move-stipb-ibpb-string-conditionals-out-of.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:32 +0100
-Subject: x86/speculation: Move STIPB/IBPB string conditionals out of
- cpu_show_common()
-
-commit a8f76ae41cd633ac00be1b3019b1eb4741be3828 upstream.
-
-The Spectre V2 printout in cpu_show_common() handles conditionals for the
-various mitigation methods directly in the sprintf() argument list. That's
-hard to read and will become unreadable if more complex decisions need to
-be made for a particular method.
-
-Move the conditionals for STIBP and IBPB string selection into helper
-functions, so they can be extended later on.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185003.874479208@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++--
- 1 file changed, 18 insertions(+), 2 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -821,6 +821,22 @@ static void __init l1tf_select_mitigatio
-
- #ifdef CONFIG_SYSFS
-
-+static char *stibp_state(void)
-+{
-+ if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
-+ return ", STIBP";
-+ else
-+ return "";
-+}
-+
-+static char *ibpb_state(void)
-+{
-+ if (boot_cpu_has(X86_FEATURE_USE_IBPB))
-+ return ", IBPB";
-+ else
-+ return "";
-+}
-+
- static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
- char *buf, unsigned int bug)
- {
-@@ -839,9 +855,9 @@ static ssize_t cpu_show_common(struct de
-
- case X86_BUG_SPECTRE_V2:
- return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-- boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
-+ ibpb_state(),
- boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
-- (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "",
-+ stibp_state(),
- boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",
- spectre_v2_module_string());
-
diff --git a/queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch b/queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch
deleted file mode 100644
index 25473f8c..00000000
--- a/queue-3.16/x86-speculation-prepare-arch_smt_update-for-prctl-mode.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:52 +0100
-Subject: x86/speculation: Prepare arch_smt_update() for PRCTL mode
-
-commit 6893a959d7fdebbab5f5aa112c277d5a44435ba1 upstream.
-
-The upcoming fine grained per task STIBP control needs to be updated on CPU
-hotplug as well.
-
-Split out the code which controls the strict mode so the prctl control code
-can be added later. Mark the SMP function call argument __unused while at it.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.759457117@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 46 +++++++++++++++++++++-----------------
- 1 file changed, 25 insertions(+), 21 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -588,40 +588,44 @@ specv2_set_mode:
- arch_smt_update();
- }
-
--static bool stibp_needed(void)
-+static void update_stibp_msr(void * __unused)
- {
-- /* Enhanced IBRS makes using STIBP unnecessary. */
-- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-- return false;
--
-- /* Check for strict user mitigation mode */
-- return spectre_v2_user == SPECTRE_V2_USER_STRICT;
-+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
- }
-
--static void update_stibp_msr(void *info)
-+/* Update x86_spec_ctrl_base in case SMT state changed. */
-+static void update_stibp_strict(void)
- {
-- wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
-+ u64 mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP;
-+
-+ if (sched_smt_active())
-+ mask |= SPEC_CTRL_STIBP;
-+
-+ if (mask == x86_spec_ctrl_base)
-+ return;
-+
-+ pr_info("Update user space SMT mitigation: STIBP %s\n",
-+ mask & SPEC_CTRL_STIBP ? "always-on" : "off");
-+ x86_spec_ctrl_base = mask;
-+ on_each_cpu(update_stibp_msr, NULL, 1);
- }
-
- void arch_smt_update(void)
- {
-- u64 mask;
--
-- if (!stibp_needed())
-+ /* Enhanced IBRS implies STIBP. No update required. */
-+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
- return;
-
- mutex_lock(&spec_ctrl_mutex);
-
-- mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP;
-- if (sched_smt_active())
-- mask |= SPEC_CTRL_STIBP;
--
-- if (mask != x86_spec_ctrl_base) {
-- pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
-- mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling");
-- x86_spec_ctrl_base = mask;
-- on_each_cpu(update_stibp_msr, NULL, 1);
-+ switch (spectre_v2_user) {
-+ case SPECTRE_V2_USER_NONE:
-+ break;
-+ case SPECTRE_V2_USER_STRICT:
-+ update_stibp_strict();
-+ break;
- }
-+
- mutex_unlock(&spec_ctrl_mutex);
- }
-
diff --git a/queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch b/queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch
deleted file mode 100644
index 56eb052d..00000000
--- a/queue-3.16/x86-speculation-prepare-for-conditional-ibpb-in-switch_mm.patch
+++ /dev/null
@@ -1,292 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:49 +0100
-Subject: x86/speculation: Prepare for conditional IBPB in switch_mm()
-
-commit 4c71a2b6fd7e42814aa68a6dec88abf3b42ea573 upstream.
-
-The IBPB speculation barrier is issued from switch_mm() when the kernel
-switches to a user space task with a different mm than the user space task
-which ran last on the same CPU.
-
-An additional optimization is to avoid IBPB when the incoming task can be
-ptraced by the outgoing task. This optimization only works when switching
-directly between two user space tasks. When switching from a kernel task to
-a user space task the optimization fails because the previous task cannot
-be accessed anymore. So for quite some scenarios the optimization is just
-adding overhead.
-
-The upcoming conditional IBPB support will issue IBPB only for user space
-tasks which have the TIF_SPEC_IB bit set. This requires to handle the
-following cases:
-
- 1) Switch from a user space task (potential attacker) which has
- TIF_SPEC_IB set to a user space task (potential victim) which has
- TIF_SPEC_IB not set.
-
- 2) Switch from a user space task (potential attacker) which has
- TIF_SPEC_IB not set to a user space task (potential victim) which has
- TIF_SPEC_IB set.
-
-This needs to be optimized for the case where the IBPB can be avoided when
-only kernel threads ran in between user space tasks which belong to the
-same process.
-
-The current check whether two tasks belong to the same context is using the
-tasks context id. While correct, it's simpler to use the mm pointer because
-it allows to mangle the TIF_SPEC_IB bit into it. The context id based
-mechanism requires extra storage, which creates worse code.
-
-When a task is scheduled out its TIF_SPEC_IB bit is mangled as bit 0 into
-the per CPU storage which is used to track the last user space mm which was
-running on a CPU. This bit can be used together with the TIF_SPEC_IB bit of
-the incoming task to make the decision whether IBPB needs to be issued or
-not to cover the two cases above.
-
-As conditional IBPB is going to be the default, remove the dubious ptrace
-check for the IBPB always case and simply issue IBPB always when the
-process changes.
-
-Move the storage to a different place in the struct as the original one
-created a hole.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.466447057@linutronix.de
-[bwh: Backported to 3.16:
- - Drop changes in initialize_tlbstate_and_flush()
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -257,6 +257,8 @@ do { \
- } while (0)
-
- DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp);
-+DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb);
-+DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
-
- #endif /* __ASSEMBLY__ */
- #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -268,6 +268,12 @@ void native_flush_tlb_others(const struc
- struct tlb_state {
- struct mm_struct *active_mm;
- int state;
-+
-+ /* Last user mm for optimizing IBPB */
-+ union {
-+ struct mm_struct *last_user_mm;
-+ unsigned long last_user_mm_ibpb;
-+ };
- };
- DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate);
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -53,6 +53,10 @@ u64 x86_amd_ls_cfg_ssbd_mask;
-
- /* Control conditional STIPB in switch_to() */
- DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp);
-+/* Control conditional IBPB in switch_mm() */
-+DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb);
-+/* Control unconditional IBPB in switch_mm() */
-+DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
-
- #ifdef CONFIG_X86_32
-
-@@ -382,7 +386,17 @@ spectre_v2_user_select_mitigation(enum s
- /* Initialize Indirect Branch Prediction Barrier */
- if (boot_cpu_has(X86_FEATURE_IBPB)) {
- setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
-- pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n");
-+
-+ switch (mode) {
-+ case SPECTRE_V2_USER_STRICT:
-+ static_branch_enable(&switch_mm_always_ibpb);
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",
-+ mode == SPECTRE_V2_USER_STRICT ? "always-on" : "conditional");
- }
-
- /* If enhanced IBRS is enabled no STIPB required */
-@@ -929,10 +943,15 @@ static char *stibp_state(void)
-
- static char *ibpb_state(void)
- {
-- if (boot_cpu_has(X86_FEATURE_USE_IBPB))
-- return ", IBPB";
-- else
-- return "";
-+ if (boot_cpu_has(X86_FEATURE_IBPB)) {
-+ switch (spectre_v2_user) {
-+ case SPECTRE_V2_USER_NONE:
-+ return ", IBPB: disabled";
-+ case SPECTRE_V2_USER_STRICT:
-+ return ", IBPB: always-on";
-+ }
-+ }
-+ return "";
- }
-
- static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
---- a/arch/x86/mm/tlb.c
-+++ b/arch/x86/mm/tlb.c
-@@ -7,7 +7,6 @@
- #include <linux/module.h>
- #include <linux/cpu.h>
- #include <linux/debugfs.h>
--#include <linux/ptrace.h>
-
- #include <asm/tlbflush.h>
- #include <asm/mmu_context.h>
-@@ -34,6 +33,12 @@ DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb
- * Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi
- */
-
-+/*
-+ * Use bit 0 to mangle the TIF_SPEC_IB state into the mm pointer which is
-+ * stored in cpu_tlb_state.last_user_mm_ibpb.
-+ */
-+#define LAST_USER_MM_IBPB 0x1UL
-+
- struct flush_tlb_info {
- struct mm_struct *flush_mm;
- unsigned long flush_start;
-@@ -96,17 +101,87 @@ void switch_mm(struct mm_struct *prev, s
- local_irq_restore(flags);
- }
-
--static bool ibpb_needed(struct task_struct *tsk)
-+static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next)
-+{
-+ unsigned long next_tif = task_thread_info(next)->flags;
-+ unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB;
-+
-+ return (unsigned long)next->mm | ibpb;
-+}
-+
-+static void cond_ibpb(struct task_struct *next)
- {
-+ if (!next || !next->mm)
-+ return;
-+
- /*
-- * Check if the current (previous) task has access to the memory
-- * of the @tsk (next) task. If access is denied, make sure to
-- * issue a IBPB to stop user->user Spectre-v2 attacks.
-- *
-- * Note: __ptrace_may_access() returns 0 or -ERRNO.
-+ * Both, the conditional and the always IBPB mode use the mm
-+ * pointer to avoid the IBPB when switching between tasks of the
-+ * same process. Using the mm pointer instead of mm->context.ctx_id
-+ * opens a hypothetical hole vs. mm_struct reuse, which is more or
-+ * less impossible to control by an attacker. Aside of that it
-+ * would only affect the first schedule so the theoretically
-+ * exposed data is not really interesting.
- */
-- return (tsk && tsk->mm &&
-- ptrace_may_access_sched(tsk, PTRACE_MODE_SPEC_IBPB));
-+ if (static_branch_likely(&switch_mm_cond_ibpb)) {
-+ unsigned long prev_mm, next_mm;
-+
-+ /*
-+ * This is a bit more complex than the always mode because
-+ * it has to handle two cases:
-+ *
-+ * 1) Switch from a user space task (potential attacker)
-+ * which has TIF_SPEC_IB set to a user space task
-+ * (potential victim) which has TIF_SPEC_IB not set.
-+ *
-+ * 2) Switch from a user space task (potential attacker)
-+ * which has TIF_SPEC_IB not set to a user space task
-+ * (potential victim) which has TIF_SPEC_IB set.
-+ *
-+ * This could be done by unconditionally issuing IBPB when
-+ * a task which has TIF_SPEC_IB set is either scheduled in
-+ * or out. Though that results in two flushes when:
-+ *
-+ * - the same user space task is scheduled out and later
-+ * scheduled in again and only a kernel thread ran in
-+ * between.
-+ *
-+ * - a user space task belonging to the same process is
-+ * scheduled in after a kernel thread ran in between
-+ *
-+ * - a user space task belonging to the same process is
-+ * scheduled in immediately.
-+ *
-+ * Optimize this with reasonably small overhead for the
-+ * above cases. Mangle the TIF_SPEC_IB bit into the mm
-+ * pointer of the incoming task which is stored in
-+ * cpu_tlbstate.last_user_mm_ibpb for comparison.
-+ */
-+ next_mm = mm_mangle_tif_spec_ib(next);
-+ prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_ibpb);
-+
-+ /*
-+ * Issue IBPB only if the mm's are different and one or
-+ * both have the IBPB bit set.
-+ */
-+ if (next_mm != prev_mm &&
-+ (next_mm | prev_mm) & LAST_USER_MM_IBPB)
-+ indirect_branch_prediction_barrier();
-+
-+ this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, next_mm);
-+ }
-+
-+ if (static_branch_unlikely(&switch_mm_always_ibpb)) {
-+ /*
-+ * Only flush when switching to a user space task with a
-+ * different context than the user space task which ran
-+ * last on this CPU.
-+ */
-+ if (this_cpu_read(cpu_tlbstate.last_user_mm) != next->mm) {
-+ indirect_branch_prediction_barrier();
-+ this_cpu_write(cpu_tlbstate.last_user_mm, next->mm);
-+ }
-+ }
- }
-
- void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
-@@ -119,15 +194,8 @@ void switch_mm_irqs_off(struct mm_struct
- * Avoid user/user BTB poisoning by flushing the branch
- * predictor when switching between processes. This stops
- * one process from doing Spectre-v2 attacks on another.
-- *
-- * As an optimization, flush indirect branches only when
-- * switching into a processes that can't be ptrace by the
-- * current one (as in such case, attacker has much more
-- * convenient way how to tamper with the next process than
-- * branch buffer poisoning).
- */
-- if (static_cpu_has(X86_FEATURE_USE_IBPB) && ibpb_needed(tsk))
-- indirect_branch_prediction_barrier();
-+ cond_ibpb(tsk);
-
- this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
- this_cpu_write(cpu_tlbstate.active_mm, next);
diff --git a/queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch b/queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch
deleted file mode 100644
index 29ecf208..00000000
--- a/queue-3.16/x86-speculation-prepare-for-per-task-indirect-branch-speculation.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:46 +0100
-Subject: x86/speculation: Prepare for per task indirect branch speculation
- control
-
-commit 5bfbe3ad5840d941b89bcac54b821ba14f50a0ba upstream.
-
-To avoid the overhead of STIBP always on, it's necessary to allow per task
-control of STIBP.
-
-Add a new task flag TIF_SPEC_IB and evaluate it during context switch if
-SMT is active and flag evaluation is enabled by the speculation control
-code. Add the conditional evaluation to x86_virt_spec_ctrl() as well so the
-guest/host switch works properly.
-
-This has no effect because TIF_SPEC_IB cannot be set yet and the static key
-which controls evaluation is off. Preparatory patch for adding the control
-code.
-
-[ tglx: Simplify the context switch logic and make the TIF evaluation
- depend on SMP=y and on the static key controlling the conditional
- update. Rename it to TIF_SPEC_IB because it controls both STIBP and
- IBPB ]
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.176917199@linutronix.de
-[bwh: Backported to 3.16:
- - Exclude _TIF_SPEC_IB from _TIF_WORK_MASK and _TIF_ALLWORK_MASK
- - Adjust filename, context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/include/asm/spec-ctrl.h
-+++ b/arch/x86/include/asm/spec-ctrl.h
-@@ -53,12 +53,24 @@ static inline u64 ssbd_tif_to_spec_ctrl(
- return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
- }
-
-+static inline u64 stibp_tif_to_spec_ctrl(u64 tifn)
-+{
-+ BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT);
-+ return (tifn & _TIF_SPEC_IB) >> (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT);
-+}
-+
- static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl)
- {
- BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
- return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
- }
-
-+static inline unsigned long stibp_spec_ctrl_to_tif(u64 spec_ctrl)
-+{
-+ BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT);
-+ return (spec_ctrl & SPEC_CTRL_STIBP) << (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT);
-+}
-+
- static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
- {
- return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
---- a/arch/x86/include/asm/thread_info.h
-+++ b/arch/x86/include/asm/thread_info.h
-@@ -76,6 +76,7 @@ struct thread_info {
- #define TIF_SYSCALL_EMU 6 /* syscall emulation active */
- #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */
- #define TIF_SECCOMP 8 /* secure computing */
-+#define TIF_SPEC_IB 9 /* Indirect branch speculation mitigation */
- #define TIF_MCE_NOTIFY 10 /* notify userspace of an MCE */
- #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */
- #define TIF_UPROBE 12 /* breakpointed or singlestepping */
-@@ -102,6 +103,7 @@ struct thread_info {
- #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU)
- #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
- #define _TIF_SECCOMP (1 << TIF_SECCOMP)
-+#define _TIF_SPEC_IB (1 << TIF_SPEC_IB)
- #define _TIF_MCE_NOTIFY (1 << TIF_MCE_NOTIFY)
- #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY)
- #define _TIF_UPROBE (1 << TIF_UPROBE)
-@@ -133,11 +135,12 @@ struct thread_info {
- #define _TIF_WORK_MASK \
- (0x0000FFFF & \
- ~(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT| \
-- _TIF_SINGLESTEP|_TIF_SSBD|_TIF_SECCOMP|_TIF_SYSCALL_EMU))
-+ _TIF_SINGLESTEP|_TIF_SSBD|_TIF_SECCOMP|_TIF_SYSCALL_EMU| \
-+ _TIF_SPEC_IB))
-
- /* work to do on any return to user space */
- #define _TIF_ALLWORK_MASK \
-- ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP)) | \
-+ ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP | _TIF_SPEC_IB)) | \
- _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ)
-
- /* Only used for 64 bit */
-@@ -147,7 +150,8 @@ struct thread_info {
-
- /* flags to check in __switch_to() */
- #define _TIF_WORK_CTXSW \
-- (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD)
-+ (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP| \
-+ _TIF_SSBD|_TIF_SPEC_IB)
-
- #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
- #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW)
---- a/arch/x86/include/uapi/asm/msr-index.h
-+++ b/arch/x86/include/uapi/asm/msr-index.h
-@@ -34,9 +34,10 @@
- /* Intel MSRs. Some also available on other CPUs */
- #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */
- #define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */
--#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */
-+#define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */
-+#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */
- #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */
--#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */
-+#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */
-
- #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */
- #define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -202,6 +202,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl,
- static_cpu_has(X86_FEATURE_AMD_SSBD))
- hostval |= ssbd_tif_to_spec_ctrl(ti->flags);
-
-+ /* Conditional STIBP enabled? */
-+ if (static_branch_unlikely(&switch_to_cond_stibp))
-+ hostval |= stibp_tif_to_spec_ctrl(ti->flags);
-+
- if (hostval != guestval) {
- msrval = setguest ? guestval : hostval;
- wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -344,11 +344,17 @@ static __always_inline void amd_set_ssb_
- static __always_inline void __speculation_ctrl_update(unsigned long tifp,
- unsigned long tifn)
- {
-+ unsigned long tif_diff = tifp ^ tifn;
- u64 msr = x86_spec_ctrl_base;
- bool updmsr = false;
-
-- /* If TIF_SSBD is different, select the proper mitigation method */
-- if ((tifp ^ tifn) & _TIF_SSBD) {
-+ /*
-+ * If TIF_SSBD is different, select the proper mitigation
-+ * method. Note that if SSBD mitigation is disabled or permanentely
-+ * enabled this branch can't be taken because nothing can set
-+ * TIF_SSBD.
-+ */
-+ if (tif_diff & _TIF_SSBD) {
- if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) {
- amd_set_ssb_virt_state(tifn);
- } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
-@@ -360,6 +366,16 @@ static __always_inline void __speculatio
- }
- }
-
-+ /*
-+ * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled,
-+ * otherwise avoid the MSR write.
-+ */
-+ if (IS_ENABLED(CONFIG_SMP) &&
-+ static_branch_unlikely(&switch_to_cond_stibp)) {
-+ updmsr |= !!(tif_diff & _TIF_SPEC_IB);
-+ msr |= stibp_tif_to_spec_ctrl(tifn);
-+ }
-+
- if (updmsr)
- wrmsrl(MSR_IA32_SPEC_CTRL, msr);
- }
diff --git a/queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch b/queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch
deleted file mode 100644
index de3dc7b7..00000000
--- a/queue-3.16/x86-speculation-prevent-stale-spec_ctrl-msr-content.patch
+++ /dev/null
@@ -1,236 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Wed, 28 Nov 2018 10:56:57 +0100
-Subject: x86/speculation: Prevent stale SPEC_CTRL msr content
-
-commit 6d991ba509ebcfcc908e009d1db51972a4f7a064 upstream.
-
-The seccomp speculation control operates on all tasks of a process, but
-only the current task of a process can update the MSR immediately. For the
-other threads the update is deferred to the next context switch.
-
-This creates the following situation with Process A and B:
-
-Process A task 2 and Process B task 1 are pinned on CPU1. Process A task 2
-does not have the speculation control TIF bit set. Process B task 1 has the
-speculation control TIF bit set.
-
-CPU0 CPU1
- MSR bit is set
- ProcB.T1 schedules out
- ProcA.T2 schedules in
- MSR bit is cleared
-ProcA.T1
- seccomp_update()
- set TIF bit on ProcA.T2
- ProcB.T1 schedules in
- MSR is not updated <-- FAIL
-
-This happens because the context switch code tries to avoid the MSR update
-if the speculation control TIF bits of the incoming and the outgoing task
-are the same. In the worst case ProcB.T1 and ProcA.T2 are the only tasks
-scheduling back and forth on CPU1, which keeps the MSR stale forever.
-
-In theory this could be remedied by IPIs, but chasing the remote task which
-could be migrated is complex and full of races.
-
-The straight forward solution is to avoid the asychronous update of the TIF
-bit and defer it to the next context switch. The speculation control state
-is stored in task_struct::atomic_flags by the prctl and seccomp updates
-already.
-
-Add a new TIF_SPEC_FORCE_UPDATE bit and set this after updating the
-atomic_flags. Check the bit on context switch and force a synchronous
-update of the speculation control if set. Use the same mechanism for
-updating the current task.
-
-Reported-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1811272247140.1875@nanos.tec.linutronix.de
-[bwh: Backported to 3.16:
- - Assign the first available thread_info flag
- - Exclude _TIF_SPEC_FORCE_UPDATE from _TIF_WORK_MASK and _TIF_ALLWORK_MASK]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/spec-ctrl.h | 6 +-----
- arch/x86/include/asm/thread_info.h | 4 +++-
- arch/x86/kernel/cpu/bugs.c | 18 +++++++-----------
- arch/x86/kernel/process.c | 30 +++++++++++++++++++++++++++++-
- 4 files changed, 40 insertions(+), 18 deletions(-)
-
---- a/arch/x86/include/asm/spec-ctrl.h
-+++ b/arch/x86/include/asm/spec-ctrl.h
-@@ -83,10 +83,6 @@ static inline void speculative_store_byp
- #endif
-
- extern void speculation_ctrl_update(unsigned long tif);
--
--static inline void speculation_ctrl_update_current(void)
--{
-- speculation_ctrl_update(current_thread_info()->flags);
--}
-+extern void speculation_ctrl_update_current(void);
-
- #endif
---- a/arch/x86/include/asm/thread_info.h
-+++ b/arch/x86/include/asm/thread_info.h
-@@ -80,6 +80,7 @@ struct thread_info {
- #define TIF_MCE_NOTIFY 10 /* notify userspace of an MCE */
- #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */
- #define TIF_UPROBE 12 /* breakpointed or singlestepping */
-+#define TIF_SPEC_FORCE_UPDATE 13 /* Force speculation MSR update in context switch */
- #define TIF_NOTSC 16 /* TSC is not accessible in userland */
- #define TIF_IA32 17 /* IA32 compatibility process */
- #define TIF_FORK 18 /* ret_from_fork */
-@@ -107,6 +108,7 @@ struct thread_info {
- #define _TIF_MCE_NOTIFY (1 << TIF_MCE_NOTIFY)
- #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY)
- #define _TIF_UPROBE (1 << TIF_UPROBE)
-+#define _TIF_SPEC_FORCE_UPDATE (1 << TIF_SPEC_FORCE_UPDATE)
- #define _TIF_NOTSC (1 << TIF_NOTSC)
- #define _TIF_IA32 (1 << TIF_IA32)
- #define _TIF_FORK (1 << TIF_FORK)
-@@ -136,11 +138,12 @@ struct thread_info {
- (0x0000FFFF & \
- ~(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT| \
- _TIF_SINGLESTEP|_TIF_SSBD|_TIF_SECCOMP|_TIF_SYSCALL_EMU| \
-- _TIF_SPEC_IB))
-+ _TIF_SPEC_IB|_TIF_SPEC_FORCE_UPDATE))
-
- /* work to do on any return to user space */
- #define _TIF_ALLWORK_MASK \
-- ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP | _TIF_SPEC_IB)) | \
-+ ((0x0000FFFF & ~(_TIF_SSBD | _TIF_SECCOMP | _TIF_SPEC_IB | \
-+ _TIF_SPEC_FORCE_UPDATE)) | \
- _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ)
-
- /* Only used for 64 bit */
-@@ -151,7 +154,7 @@ struct thread_info {
- /* flags to check in __switch_to() */
- #define _TIF_WORK_CTXSW_BASE \
- (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP| \
-- _TIF_SSBD)
-+ _TIF_SSBD | _TIF_SPEC_FORCE_UPDATE)
-
- /*
- * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated.
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -764,14 +764,10 @@ static void ssb_select_mitigation(void)
- #undef pr_fmt
- #define pr_fmt(fmt) "Speculation prctl: " fmt
-
--static void task_update_spec_tif(struct task_struct *tsk, int tifbit, bool on)
-+static void task_update_spec_tif(struct task_struct *tsk)
- {
-- bool update;
--
-- if (on)
-- update = !test_and_set_tsk_thread_flag(tsk, tifbit);
-- else
-- update = test_and_clear_tsk_thread_flag(tsk, tifbit);
-+ /* Force the update of the real TIF bits */
-+ set_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE);
-
- /*
- * Immediately update the speculation control MSRs for the current
-@@ -781,7 +777,7 @@ static void task_update_spec_tif(struct
- * This can only happen for SECCOMP mitigation. For PRCTL it's
- * always the current task.
- */
-- if (tsk == current && update)
-+ if (tsk == current)
- speculation_ctrl_update_current();
- }
-
-@@ -797,16 +793,16 @@ static int ssb_prctl_set(struct task_str
- if (task_spec_ssb_force_disable(task))
- return -EPERM;
- task_clear_spec_ssb_disable(task);
-- task_update_spec_tif(task, TIF_SSBD, false);
-+ task_update_spec_tif(task);
- break;
- case PR_SPEC_DISABLE:
- task_set_spec_ssb_disable(task);
-- task_update_spec_tif(task, TIF_SSBD, true);
-+ task_update_spec_tif(task);
- break;
- case PR_SPEC_FORCE_DISABLE:
- task_set_spec_ssb_disable(task);
- task_set_spec_ssb_force_disable(task);
-- task_update_spec_tif(task, TIF_SSBD, true);
-+ task_update_spec_tif(task);
- break;
- default:
- return -ERANGE;
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -383,6 +383,18 @@ static __always_inline void __speculatio
- wrmsrl(MSR_IA32_SPEC_CTRL, msr);
- }
-
-+static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk)
-+{
-+ if (test_and_clear_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE)) {
-+ if (task_spec_ssb_disable(tsk))
-+ set_tsk_thread_flag(tsk, TIF_SSBD);
-+ else
-+ clear_tsk_thread_flag(tsk, TIF_SSBD);
-+ }
-+ /* Return the updated threadinfo flags*/
-+ return task_thread_info(tsk)->flags;
-+}
-+
- void speculation_ctrl_update(unsigned long tif)
- {
- /* Forced update. Make sure all relevant TIF flags are different */
-@@ -391,6 +403,14 @@ void speculation_ctrl_update(unsigned lo
- preempt_enable();
- }
-
-+/* Called from seccomp/prctl update */
-+void speculation_ctrl_update_current(void)
-+{
-+ preempt_disable();
-+ speculation_ctrl_update(speculation_ctrl_update_tif(current));
-+ preempt_enable();
-+}
-+
- void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
- {
- struct thread_struct *prev, *next;
-@@ -423,7 +443,15 @@ void __switch_to_xtra(struct task_struct
- hard_enable_TSC();
- }
-
-- __speculation_ctrl_update(tifp, tifn);
-+ if (likely(!((tifp | tifn) & _TIF_SPEC_FORCE_UPDATE))) {
-+ __speculation_ctrl_update(tifp, tifn);
-+ } else {
-+ speculation_ctrl_update_tif(prev_p);
-+ tifn = speculation_ctrl_update_tif(next_p);
-+
-+ /* Enforce MSR update to ensure consistent state */
-+ __speculation_ctrl_update(~tifn, tifn);
-+ }
- }
-
- /*
diff --git a/queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch b/queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch
deleted file mode 100644
index 7299b8cb..00000000
--- a/queue-3.16/x86-speculation-propagate-information-about-rsb-filling-mitigation.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Jiri Kosina <jkosina@suse.cz>
-Date: Tue, 25 Sep 2018 14:39:28 +0200
-Subject: x86/speculation: Propagate information about RSB filling mitigation
- to sysfs
-
-commit bb4b3b7762735cdaba5a40fd94c9303d9ffa147a upstream.
-
-If spectrev2 mitigation has been enabled, RSB is filled on context switch
-in order to protect from various classes of spectrev2 attacks.
-
-If this mitigation is enabled, say so in sysfs for spectrev2.
-
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: "WoodhouseDavid" <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: "SchauflerCasey" <casey.schaufler@intel.com>
-Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251438580.15880@cbobk.fhfr.pm
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -841,10 +841,11 @@ static ssize_t cpu_show_common(struct de
- return sprintf(buf, "Mitigation: __user pointer sanitization\n");
-
- case X86_BUG_SPECTRE_V2:
-- ret = sprintf(buf, "%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-+ ret = sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
- boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
- boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
- (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "",
-+ boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",
- spectre_v2_module_string());
- return ret;
-
diff --git a/queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch b/queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch
deleted file mode 100644
index 90b53d2c..00000000
--- a/queue-3.16/x86-speculation-provide-ibpb-always-command-line-options.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:56 +0100
-Subject: x86/speculation: Provide IBPB always command line options
-
-commit 55a974021ec952ee460dc31ca08722158639de72 upstream.
-
-Provide the possibility to enable IBPB always in combination with 'prctl'
-and 'seccomp'.
-
-Add the extra command line options and rework the IBPB selection to
-evaluate the command instead of the mode selected by the STIPB switch case.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185006.144047038@linutronix.de
-[bwh: Backported to 3.16: adjust filename]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- Documentation/kernel-parameters.txt | 12 +++++++
- arch/x86/kernel/cpu/bugs.c | 34 +++++++++++++------
- 2 files changed, 35 insertions(+), 11 deletions(-)
-
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -3223,11 +3223,23 @@ bytes respectively. Such letter suffixes
- per thread. The mitigation control state
- is inherited on fork.
-
-+ prctl,ibpb
-+ - Like "prctl" above, but only STIBP is
-+ controlled per thread. IBPB is issued
-+ always when switching between different user
-+ space processes.
-+
- seccomp
- - Same as "prctl" above, but all seccomp
- threads will enable the mitigation unless
- they explicitly opt out.
-
-+ seccomp,ibpb
-+ - Like "seccomp" above, but only STIBP is
-+ controlled per thread. IBPB is issued
-+ always when switching between different
-+ user space processes.
-+
- auto - Kernel selects the mitigation depending on
- the available CPU features and vulnerability.
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -308,7 +308,9 @@ enum spectre_v2_user_cmd {
- SPECTRE_V2_USER_CMD_AUTO,
- SPECTRE_V2_USER_CMD_FORCE,
- SPECTRE_V2_USER_CMD_PRCTL,
-+ SPECTRE_V2_USER_CMD_PRCTL_IBPB,
- SPECTRE_V2_USER_CMD_SECCOMP,
-+ SPECTRE_V2_USER_CMD_SECCOMP_IBPB,
- };
-
- static const char * const spectre_v2_user_strings[] = {
-@@ -323,11 +325,13 @@ static const struct {
- enum spectre_v2_user_cmd cmd;
- bool secure;
- } v2_user_options[] __initdata = {
-- { "auto", SPECTRE_V2_USER_CMD_AUTO, false },
-- { "off", SPECTRE_V2_USER_CMD_NONE, false },
-- { "on", SPECTRE_V2_USER_CMD_FORCE, true },
-- { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false },
-- { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false },
-+ { "auto", SPECTRE_V2_USER_CMD_AUTO, false },
-+ { "off", SPECTRE_V2_USER_CMD_NONE, false },
-+ { "on", SPECTRE_V2_USER_CMD_FORCE, true },
-+ { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false },
-+ { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false },
-+ { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false },
-+ { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false },
- };
-
- static void __init spec_v2_user_print_cond(const char *reason, bool secure)
-@@ -373,6 +377,7 @@ spectre_v2_user_select_mitigation(enum s
- {
- enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE;
- bool smt_possible = IS_ENABLED(CONFIG_SMP);
-+ enum spectre_v2_user_cmd cmd;
-
- if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP))
- return;
-@@ -380,17 +385,20 @@ spectre_v2_user_select_mitigation(enum s
- if (!IS_ENABLED(CONFIG_X86_HT))
- smt_possible = false;
-
-- switch (spectre_v2_parse_user_cmdline(v2_cmd)) {
-+ cmd = spectre_v2_parse_user_cmdline(v2_cmd);
-+ switch (cmd) {
- case SPECTRE_V2_USER_CMD_NONE:
- goto set_mode;
- case SPECTRE_V2_USER_CMD_FORCE:
- mode = SPECTRE_V2_USER_STRICT;
- break;
- case SPECTRE_V2_USER_CMD_PRCTL:
-+ case SPECTRE_V2_USER_CMD_PRCTL_IBPB:
- mode = SPECTRE_V2_USER_PRCTL;
- break;
- case SPECTRE_V2_USER_CMD_AUTO:
- case SPECTRE_V2_USER_CMD_SECCOMP:
-+ case SPECTRE_V2_USER_CMD_SECCOMP_IBPB:
- if (IS_ENABLED(CONFIG_SECCOMP))
- mode = SPECTRE_V2_USER_SECCOMP;
- else
-@@ -402,12 +410,15 @@ spectre_v2_user_select_mitigation(enum s
- if (boot_cpu_has(X86_FEATURE_IBPB)) {
- setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
-
-- switch (mode) {
-- case SPECTRE_V2_USER_STRICT:
-+ switch (cmd) {
-+ case SPECTRE_V2_USER_CMD_FORCE:
-+ case SPECTRE_V2_USER_CMD_PRCTL_IBPB:
-+ case SPECTRE_V2_USER_CMD_SECCOMP_IBPB:
- static_branch_enable(&switch_mm_always_ibpb);
- break;
-- case SPECTRE_V2_USER_PRCTL:
-- case SPECTRE_V2_USER_SECCOMP:
-+ case SPECTRE_V2_USER_CMD_PRCTL:
-+ case SPECTRE_V2_USER_CMD_AUTO:
-+ case SPECTRE_V2_USER_CMD_SECCOMP:
- static_branch_enable(&switch_mm_cond_ibpb);
- break;
- default:
-@@ -415,7 +426,8 @@ spectre_v2_user_select_mitigation(enum s
- }
-
- pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",
-- mode == SPECTRE_V2_USER_STRICT ? "always-on" : "conditional");
-+ static_key_enabled(&switch_mm_always_ibpb) ?
-+ "always-on" : "conditional");
- }
-
- /* If enhanced IBRS is enabled no STIPB required */
diff --git a/queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch b/queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch
deleted file mode 100644
index f47c0795..00000000
--- a/queue-3.16/x86-speculation-remove-spectre_v2_ibrs-in-enum-spectre_v2_mitigation.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Jiang Biao <jiang.biao2@zte.com.cn>
-Date: Wed, 18 Jul 2018 08:03:14 +0800
-Subject: x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
-
-commit d9f4426c73002957be5dd39936f44a09498f7560 upstream.
-
-SPECTRE_V2_IBRS in enum spectre_v2_mitigation is never used. Remove it.
-
-Signed-off-by: Jiang Biao <jiang.biao2@zte.com.cn>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: hpa@zytor.com
-Cc: dwmw2@amazon.co.uk
-Cc: konrad.wilk@oracle.com
-Cc: bp@suse.de
-Cc: zhong.weidong@zte.com.cn
-Link: https://lkml.kernel.org/r/1531872194-39207-1-git-send-email-jiang.biao2@zte.com.cn
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/nospec-branch.h | 1 -
- 1 file changed, 1 deletion(-)
-
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -169,7 +169,6 @@ enum spectre_v2_mitigation {
- SPECTRE_V2_RETPOLINE_MINIMAL_AMD,
- SPECTRE_V2_RETPOLINE_GENERIC,
- SPECTRE_V2_RETPOLINE_AMD,
-- SPECTRE_V2_IBRS,
- SPECTRE_V2_IBRS_ENHANCED,
- };
-
diff --git a/queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch b/queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch
deleted file mode 100644
index 7ba3880f..00000000
--- a/queue-3.16/x86-speculation-remove-unnecessary-ret-variable-in-cpu_show_common.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:31 +0100
-Subject: x86/speculation: Remove unnecessary ret variable in cpu_show_common()
-
-commit b86bda0426853bfe8a3506c7d2a5b332760ae46b upstream.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185003.783903657@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -824,8 +824,6 @@ static void __init l1tf_select_mitigatio
- static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
- char *buf, unsigned int bug)
- {
-- int ret;
--
- if (!boot_cpu_has_bug(bug))
- return sprintf(buf, "Not affected\n");
-
-@@ -840,13 +838,12 @@ static ssize_t cpu_show_common(struct de
- return sprintf(buf, "Mitigation: __user pointer sanitization\n");
-
- case X86_BUG_SPECTRE_V2:
-- ret = sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-+ return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
- boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
- boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
- (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "",
- boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",
- spectre_v2_module_string());
-- return ret;
-
- case X86_BUG_SPEC_STORE_BYPASS:
- return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
diff --git a/queue-3.16/x86-speculation-rename-ssbd-update-functions.patch b/queue-3.16/x86-speculation-rename-ssbd-update-functions.patch
deleted file mode 100644
index 84f8b19a..00000000
--- a/queue-3.16/x86-speculation-rename-ssbd-update-functions.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:34 +0100
-Subject: x86/speculation: Rename SSBD update functions
-
-commit 26c4d75b234040c11728a8acb796b3a85ba7507c upstream.
-
-During context switch, the SSBD bit in SPEC_CTRL MSR is updated according
-to changes of the TIF_SSBD flag in the current and next running task.
-
-Currently, only the bit controlling speculative store bypass disable in
-SPEC_CTRL MSR is updated and the related update functions all have
-"speculative_store" or "ssb" in their names.
-
-For enhanced mitigation control other bits in SPEC_CTRL MSR need to be
-updated as well, which makes the SSB names inadequate.
-
-Rename the "speculative_store*" functions to a more generic name. No
-functional change.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.058866968@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/spec-ctrl.h | 6 +++---
- arch/x86/kernel/cpu/bugs.c | 4 ++--
- arch/x86/kernel/process.c | 12 ++++++------
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
---- a/arch/x86/include/asm/spec-ctrl.h
-+++ b/arch/x86/include/asm/spec-ctrl.h
-@@ -70,11 +70,11 @@ extern void speculative_store_bypass_ht_
- static inline void speculative_store_bypass_ht_init(void) { }
- #endif
-
--extern void speculative_store_bypass_update(unsigned long tif);
-+extern void speculation_ctrl_update(unsigned long tif);
-
--static inline void speculative_store_bypass_update_current(void)
-+static inline void speculation_ctrl_update_current(void)
- {
-- speculative_store_bypass_update(current_thread_info()->flags);
-+ speculation_ctrl_update(current_thread_info()->flags);
- }
-
- #endif
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -255,7 +255,7 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl,
- tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) :
- ssbd_spec_ctrl_to_tif(hostval);
-
-- speculative_store_bypass_update(tif);
-+ speculation_ctrl_update(tif);
- }
- }
- EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
-@@ -692,7 +692,7 @@ static int ssb_prctl_set(struct task_str
- * mitigation until it is next scheduled.
- */
- if (task == current && update)
-- speculative_store_bypass_update_current();
-+ speculation_ctrl_update_current();
-
- return 0;
- }
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -335,27 +335,27 @@ static __always_inline void amd_set_ssb_
- wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn));
- }
-
--static __always_inline void intel_set_ssb_state(unsigned long tifn)
-+static __always_inline void spec_ctrl_update_msr(unsigned long tifn)
- {
- u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
-
- wrmsrl(MSR_IA32_SPEC_CTRL, msr);
- }
-
--static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
-+static __always_inline void __speculation_ctrl_update(unsigned long tifn)
- {
- if (static_cpu_has(X86_FEATURE_VIRT_SSBD))
- amd_set_ssb_virt_state(tifn);
- else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
- amd_set_core_ssb_state(tifn);
- else
-- intel_set_ssb_state(tifn);
-+ spec_ctrl_update_msr(tifn);
- }
-
--void speculative_store_bypass_update(unsigned long tif)
-+void speculation_ctrl_update(unsigned long tif)
- {
- preempt_disable();
-- __speculative_store_bypass_update(tif);
-+ __speculation_ctrl_update(tif);
- preempt_enable();
- }
-
-@@ -393,7 +393,7 @@ void __switch_to_xtra(struct task_struct
- }
-
- if ((tifp ^ tifn) & _TIF_SSBD)
-- __speculative_store_bypass_update(tifn);
-+ __speculation_ctrl_update(tifn);
- }
-
- /*
diff --git a/queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch b/queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch
deleted file mode 100644
index fec2f64a..00000000
--- a/queue-3.16/x86-speculation-reorder-the-spec_v2-code.patch
+++ /dev/null
@@ -1,257 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:41 +0100
-Subject: x86/speculation: Reorder the spec_v2 code
-
-commit 15d6b7aab0793b2de8a05d8a828777dd24db424e upstream.
-
-Reorder the code so it is better grouped. No functional change.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.707122879@linutronix.de
-[bwh: Backported to 3.16:
- - We still have the minimal mitigation modes
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -178,30 +178,6 @@ void __init check_bugs(void)
- #endif
- }
-
--/* The kernel command line selection */
--enum spectre_v2_mitigation_cmd {
-- SPECTRE_V2_CMD_NONE,
-- SPECTRE_V2_CMD_AUTO,
-- SPECTRE_V2_CMD_FORCE,
-- SPECTRE_V2_CMD_RETPOLINE,
-- SPECTRE_V2_CMD_RETPOLINE_GENERIC,
-- SPECTRE_V2_CMD_RETPOLINE_AMD,
--};
--
--static const char *spectre_v2_strings[] = {
-- [SPECTRE_V2_NONE] = "Vulnerable",
-- [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline",
-- [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline",
-- [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline",
-- [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline",
-- [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS",
--};
--
--#undef pr_fmt
--#define pr_fmt(fmt) "Spectre V2 : " fmt
--
--static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
--
- void
- x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
- {
-@@ -271,6 +247,11 @@ static void x86_amd_ssb_disable(void)
- wrmsrl(MSR_AMD64_LS_CFG, msrval);
- }
-
-+#undef pr_fmt
-+#define pr_fmt(fmt) "Spectre V2 : " fmt
-+
-+static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
-+
- #ifdef RETPOLINE
- static bool spectre_v2_bad_module;
-
-@@ -292,6 +273,45 @@ static inline const char *spectre_v2_mod
- static inline const char *spectre_v2_module_string(void) { return ""; }
- #endif
-
-+static inline bool match_option(const char *arg, int arglen, const char *opt)
-+{
-+ int len = strlen(opt);
-+
-+ return len == arglen && !strncmp(arg, opt, len);
-+}
-+
-+/* The kernel command line selection for spectre v2 */
-+enum spectre_v2_mitigation_cmd {
-+ SPECTRE_V2_CMD_NONE,
-+ SPECTRE_V2_CMD_AUTO,
-+ SPECTRE_V2_CMD_FORCE,
-+ SPECTRE_V2_CMD_RETPOLINE,
-+ SPECTRE_V2_CMD_RETPOLINE_GENERIC,
-+ SPECTRE_V2_CMD_RETPOLINE_AMD,
-+};
-+
-+static const char *spectre_v2_strings[] = {
-+ [SPECTRE_V2_NONE] = "Vulnerable",
-+ [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline",
-+ [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline",
-+ [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline",
-+ [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline",
-+ [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS",
-+};
-+
-+static const struct {
-+ const char *option;
-+ enum spectre_v2_mitigation_cmd cmd;
-+ bool secure;
-+} mitigation_options[] = {
-+ { "off", SPECTRE_V2_CMD_NONE, false },
-+ { "on", SPECTRE_V2_CMD_FORCE, true },
-+ { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false },
-+ { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false },
-+ { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
-+ { "auto", SPECTRE_V2_CMD_AUTO, false },
-+};
-+
- static void __init spec2_print_if_insecure(const char *reason)
- {
- if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
-@@ -309,31 +329,11 @@ static inline bool retp_compiler(void)
- return __is_defined(RETPOLINE);
- }
-
--static inline bool match_option(const char *arg, int arglen, const char *opt)
--{
-- int len = strlen(opt);
--
-- return len == arglen && !strncmp(arg, opt, len);
--}
--
--static const struct {
-- const char *option;
-- enum spectre_v2_mitigation_cmd cmd;
-- bool secure;
--} mitigation_options[] = {
-- { "off", SPECTRE_V2_CMD_NONE, false },
-- { "on", SPECTRE_V2_CMD_FORCE, true },
-- { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false },
-- { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false },
-- { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
-- { "auto", SPECTRE_V2_CMD_AUTO, false },
--};
--
- static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
- {
-+ enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO;
- char arg[20];
- int ret, i;
-- enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO;
-
- if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
- return SPECTRE_V2_CMD_NONE;
-@@ -376,48 +376,6 @@ static enum spectre_v2_mitigation_cmd __
- return cmd;
- }
-
--static bool stibp_needed(void)
--{
-- if (spectre_v2_enabled == SPECTRE_V2_NONE)
-- return false;
--
-- /* Enhanced IBRS makes using STIBP unnecessary. */
-- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-- return false;
--
-- if (!boot_cpu_has(X86_FEATURE_STIBP))
-- return false;
--
-- return true;
--}
--
--static void update_stibp_msr(void *info)
--{
-- wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
--}
--
--void arch_smt_update(void)
--{
-- u64 mask;
--
-- if (!stibp_needed())
-- return;
--
-- mutex_lock(&spec_ctrl_mutex);
--
-- mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP;
-- if (sched_smt_active())
-- mask |= SPEC_CTRL_STIBP;
--
-- if (mask != x86_spec_ctrl_base) {
-- pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
-- mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling");
-- x86_spec_ctrl_base = mask;
-- on_each_cpu(update_stibp_msr, NULL, 1);
-- }
-- mutex_unlock(&spec_ctrl_mutex);
--}
--
- static void __init spectre_v2_select_mitigation(void)
- {
- enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
-@@ -522,6 +480,48 @@ specv2_set_mode:
- arch_smt_update();
- }
-
-+static bool stibp_needed(void)
-+{
-+ if (spectre_v2_enabled == SPECTRE_V2_NONE)
-+ return false;
-+
-+ /* Enhanced IBRS makes using STIBP unnecessary. */
-+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
-+ return false;
-+
-+ if (!boot_cpu_has(X86_FEATURE_STIBP))
-+ return false;
-+
-+ return true;
-+}
-+
-+static void update_stibp_msr(void *info)
-+{
-+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
-+}
-+
-+void arch_smt_update(void)
-+{
-+ u64 mask;
-+
-+ if (!stibp_needed())
-+ return;
-+
-+ mutex_lock(&spec_ctrl_mutex);
-+
-+ mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP;
-+ if (sched_smt_active())
-+ mask |= SPEC_CTRL_STIBP;
-+
-+ if (mask != x86_spec_ctrl_base) {
-+ pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
-+ mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling");
-+ x86_spec_ctrl_base = mask;
-+ on_each_cpu(update_stibp_msr, NULL, 1);
-+ }
-+ mutex_unlock(&spec_ctrl_mutex);
-+}
-+
- #undef pr_fmt
- #define pr_fmt(fmt) "Speculative Store Bypass: " fmt
-
diff --git a/queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch b/queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch
deleted file mode 100644
index 358eea14..00000000
--- a/queue-3.16/x86-speculation-reorganize-speculation-control-msrs-update.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:35 +0100
-Subject: x86/speculation: Reorganize speculation control MSRs update
-
-commit 01daf56875ee0cd50ed496a09b20eb369b45dfa5 upstream.
-
-The logic to detect whether there's a change in the previous and next
-task's flag relevant to update speculation control MSRs is spread out
-across multiple functions.
-
-Consolidate all checks needed for updating speculation control MSRs into
-the new __speculation_ctrl_update() helper function.
-
-This makes it easy to pick the right speculation control MSR and the bits
-in MSR_IA32_SPEC_CTRL that need updating based on TIF flags changes.
-
-Originally-by: Thomas Lendacky <Thomas.Lendacky@amd.com>
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.151077005@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/process.c | 46 ++++++++++++++++++++++++---------------
- 1 file changed, 29 insertions(+), 17 deletions(-)
-
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -335,27 +335,40 @@ static __always_inline void amd_set_ssb_
- wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn));
- }
-
--static __always_inline void spec_ctrl_update_msr(unsigned long tifn)
-+/*
-+ * Update the MSRs managing speculation control, during context switch.
-+ *
-+ * tifp: Previous task's thread flags
-+ * tifn: Next task's thread flags
-+ */
-+static __always_inline void __speculation_ctrl_update(unsigned long tifp,
-+ unsigned long tifn)
- {
-- u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
-+ u64 msr = x86_spec_ctrl_base;
-+ bool updmsr = false;
-
-- wrmsrl(MSR_IA32_SPEC_CTRL, msr);
--}
-+ /* If TIF_SSBD is different, select the proper mitigation method */
-+ if ((tifp ^ tifn) & _TIF_SSBD) {
-+ if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) {
-+ amd_set_ssb_virt_state(tifn);
-+ } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
-+ amd_set_core_ssb_state(tifn);
-+ } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
-+ static_cpu_has(X86_FEATURE_AMD_SSBD)) {
-+ msr |= ssbd_tif_to_spec_ctrl(tifn);
-+ updmsr = true;
-+ }
-+ }
-
--static __always_inline void __speculation_ctrl_update(unsigned long tifn)
--{
-- if (static_cpu_has(X86_FEATURE_VIRT_SSBD))
-- amd_set_ssb_virt_state(tifn);
-- else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
-- amd_set_core_ssb_state(tifn);
-- else
-- spec_ctrl_update_msr(tifn);
-+ if (updmsr)
-+ wrmsrl(MSR_IA32_SPEC_CTRL, msr);
- }
-
- void speculation_ctrl_update(unsigned long tif)
- {
-+ /* Forced update. Make sure all relevant TIF flags are different */
- preempt_disable();
-- __speculation_ctrl_update(tif);
-+ __speculation_ctrl_update(~tif, tif);
- preempt_enable();
- }
-
-@@ -392,8 +405,7 @@ void __switch_to_xtra(struct task_struct
- hard_enable_TSC();
- }
-
-- if ((tifp ^ tifn) & _TIF_SSBD)
-- __speculation_ctrl_update(tifn);
-+ __speculation_ctrl_update(tifp, tifn);
- }
-
- /*
diff --git a/queue-3.16/x86-speculation-rework-smt-state-change.patch b/queue-3.16/x86-speculation-rework-smt-state-change.patch
deleted file mode 100644
index ad92d088..00000000
--- a/queue-3.16/x86-speculation-rework-smt-state-change.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:39 +0100
-Subject: x86/speculation: Rework SMT state change
-
-commit a74cfffb03b73d41e08f84c2e5c87dec0ce3db9f upstream.
-
-arch_smt_update() is only called when the sysfs SMT control knob is
-changed. This means that when SMT is enabled in the sysfs control knob the
-system is considered to have SMT active even if all siblings are offline.
-
-To allow finegrained control of the speculation mitigations, the actual SMT
-state is more interesting than the fact that siblings could be enabled.
-
-Rework the code, so arch_smt_update() is invoked from each individual CPU
-hotplug function, and simplify the update function while at it.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.521974984@linutronix.de
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 11 +++++------
- include/linux/sched/smt.h | 2 ++
- kernel/cpu.c | 15 +++++++++------
- 3 files changed, 16 insertions(+), 12 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -13,6 +13,7 @@
- #include <linux/module.h>
- #include <linux/nospec.h>
- #include <linux/prctl.h>
-+#include <linux/sched/smt.h>
-
- #include <asm/spec-ctrl.h>
- #include <asm/cmdline.h>
-@@ -403,16 +404,14 @@ void arch_smt_update(void)
- return;
-
- mutex_lock(&spec_ctrl_mutex);
-- mask = x86_spec_ctrl_base;
-- if (IS_ENABLED(CONFIG_X86_HT))
-+
-+ mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP;
-+ if (sched_smt_active())
- mask |= SPEC_CTRL_STIBP;
-- else
-- mask &= ~SPEC_CTRL_STIBP;
-
- if (mask != x86_spec_ctrl_base) {
- pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
-- IS_ENABLED(CONFIG_X86_HT) ?
-- "Enabling" : "Disabling");
-+ mask & SPEC_CTRL_STIBP ? "Enabling" : "Disabling");
- x86_spec_ctrl_base = mask;
- on_each_cpu(update_stibp_msr, NULL, 1);
- }
---- a/include/linux/sched/smt.h
-+++ b/include/linux/sched/smt.h
-@@ -15,4 +15,6 @@ static __always_inline bool sched_smt_ac
- static inline bool sched_smt_active(void) { return false; }
- #endif
-
-+void arch_smt_update(void);
-+
- #endif
---- a/kernel/cpu.c
-+++ b/kernel/cpu.c
-@@ -8,6 +8,7 @@
- #include <linux/init.h>
- #include <linux/notifier.h>
- #include <linux/sched.h>
-+#include <linux/sched/smt.h>
- #include <linux/unistd.h>
- #include <linux/cpu.h>
- #include <linux/oom.h>
-@@ -179,6 +180,12 @@ void cpu_hotplug_enable(void)
-
- #endif /* CONFIG_HOTPLUG_CPU */
-
-+/*
-+ * Architectures that need SMT-specific errata handling during SMT hotplug
-+ * should override this.
-+ */
-+void __weak arch_smt_update(void) { }
-+
- /* Need to know about CPUs going up/down? */
- int __ref register_cpu_notifier(struct notifier_block *nb)
- {
-@@ -394,6 +401,7 @@ out_release:
- cpu_hotplug_done();
- if (!err)
- cpu_notify_nofail(CPU_POST_DEAD | mod, hcpu);
-+ arch_smt_update();
- return err;
- }
-
-@@ -495,7 +503,7 @@ out_notify:
- __cpu_notify(CPU_UP_CANCELED | mod, hcpu, nr_calls, NULL);
- out:
- cpu_hotplug_done();
--
-+ arch_smt_update();
- return ret;
- }
-
diff --git a/queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch b/queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch
deleted file mode 100644
index d28bae09..00000000
--- a/queue-3.16/x86-speculation-simplify-the-cpu-bug-detection-logic.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: Dominik Brodowski <linux@dominikbrodowski.net>
-Date: Tue, 22 May 2018 11:05:39 +0200
-Subject: x86/speculation: Simplify the CPU bug detection logic
-
-commit 8ecc4979b1bd9c94168e6fc92960033b7a951336 upstream.
-
-Only CPUs which speculate can speculate. Therefore, it seems prudent
-to test for cpu_no_speculation first and only then determine whether
-a specific speculating CPU is susceptible to store bypass speculation.
-This is underlined by all CPUs currently listed in cpu_no_speculation
-were present in cpu_no_spec_store_bypass as well.
-
-Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: bp@suse.de
-Cc: konrad.wilk@oracle.com
-Link: https://lkml.kernel.org/r/20180522090539.GA24668@light.dominikbrodowski.net
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/common.c | 22 +++++++---------------
- 1 file changed, 7 insertions(+), 15 deletions(-)
-
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -825,12 +825,8 @@ static const __initconst struct x86_cpu_
- {}
- };
-
-+/* Only list CPUs which speculate but are non susceptible to SSB */
- static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW },
-- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 },
-@@ -838,14 +834,10 @@ static const __initconst struct x86_cpu_
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
-- { X86_VENDOR_CENTAUR, 5, },
-- { X86_VENDOR_INTEL, 5, },
-- { X86_VENDOR_NSC, 5, },
- { X86_VENDOR_AMD, 0x12, },
- { X86_VENDOR_AMD, 0x11, },
- { X86_VENDOR_AMD, 0x10, },
- { X86_VENDOR_AMD, 0xf, },
-- { X86_VENDOR_ANY, 4, },
- {}
- };
-
-@@ -868,6 +860,12 @@ static void __init cpu_set_bug_bits(stru
- {
- u64 ia32_cap = 0;
-
-+ if (x86_match_cpu(cpu_no_speculation))
-+ return;
-+
-+ setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
-+ setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
-+
- if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
- rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
-
-@@ -876,12 +874,6 @@ static void __init cpu_set_bug_bits(stru
- !cpu_has(c, X86_FEATURE_AMD_SSB_NO))
- setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
-
-- if (x86_match_cpu(cpu_no_speculation))
-- return;
--
-- setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
-- setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
--
- if (ia32_cap & ARCH_CAP_IBRS_ALL)
- setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
-
diff --git a/queue-3.16/x86-speculation-split-out-tif-update.patch b/queue-3.16/x86-speculation-split-out-tif-update.patch
deleted file mode 100644
index 586f3819..00000000
--- a/queue-3.16/x86-speculation-split-out-tif-update.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:51 +0100
-Subject: x86/speculation: Split out TIF update
-
-commit e6da8bb6f9abb2628381904b24163c770e630bac upstream.
-
-The update of the TIF_SSBD flag and the conditional speculation control MSR
-update is done in the ssb_prctl_set() function directly. The upcoming prctl
-support for controlling indirect branch speculation via STIBP needs the
-same mechanism.
-
-Split the code out and make it reusable. Reword the comment about updates
-for other tasks.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185005.652305076@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 35 +++++++++++++++++++++++------------
- 1 file changed, 23 insertions(+), 12 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -760,10 +760,29 @@ static void ssb_select_mitigation(void)
- #undef pr_fmt
- #define pr_fmt(fmt) "Speculation prctl: " fmt
-
--static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
-+static void task_update_spec_tif(struct task_struct *tsk, int tifbit, bool on)
- {
- bool update;
-
-+ if (on)
-+ update = !test_and_set_tsk_thread_flag(tsk, tifbit);
-+ else
-+ update = test_and_clear_tsk_thread_flag(tsk, tifbit);
-+
-+ /*
-+ * Immediately update the speculation control MSRs for the current
-+ * task, but for a non-current task delay setting the CPU
-+ * mitigation until it is scheduled next.
-+ *
-+ * This can only happen for SECCOMP mitigation. For PRCTL it's
-+ * always the current task.
-+ */
-+ if (tsk == current && update)
-+ speculation_ctrl_update_current();
-+}
-+
-+static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
-+{
- if (ssb_mode != SPEC_STORE_BYPASS_PRCTL &&
- ssb_mode != SPEC_STORE_BYPASS_SECCOMP)
- return -ENXIO;
-@@ -774,28 +793,20 @@ static int ssb_prctl_set(struct task_str
- if (task_spec_ssb_force_disable(task))
- return -EPERM;
- task_clear_spec_ssb_disable(task);
-- update = test_and_clear_tsk_thread_flag(task, TIF_SSBD);
-+ task_update_spec_tif(task, TIF_SSBD, false);
- break;
- case PR_SPEC_DISABLE:
- task_set_spec_ssb_disable(task);
-- update = !test_and_set_tsk_thread_flag(task, TIF_SSBD);
-+ task_update_spec_tif(task, TIF_SSBD, true);
- break;
- case PR_SPEC_FORCE_DISABLE:
- task_set_spec_ssb_disable(task);
- task_set_spec_ssb_force_disable(task);
-- update = !test_and_set_tsk_thread_flag(task, TIF_SSBD);
-+ task_update_spec_tif(task, TIF_SSBD, true);
- break;
- default:
- return -ERANGE;
- }
--
-- /*
-- * If being set on non-current task, delay setting the CPU
-- * mitigation until it is next scheduled.
-- */
-- if (task == current && update)
-- speculation_ctrl_update_current();
--
- return 0;
- }
-
diff --git a/queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch b/queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch
deleted file mode 100644
index f6e83838..00000000
--- a/queue-3.16/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From: Sai Praneeth <sai.praneeth.prakhya@intel.com>
-Date: Wed, 1 Aug 2018 11:42:25 -0700
-Subject: x86/speculation: Support Enhanced IBRS on future CPUs
-
-commit 706d51681d636a0c4a5ef53395ec3b803e45ed4d upstream.
-
-Future Intel processors will support "Enhanced IBRS" which is an "always
-on" mode i.e. IBRS bit in SPEC_CTRL MSR is enabled once and never
-disabled.
-
-From the specification [1]:
-
- "With enhanced IBRS, the predicted targets of indirect branches
- executed cannot be controlled by software that was executed in a less
- privileged predictor mode or on another logical processor. As a
- result, software operating on a processor with enhanced IBRS need not
- use WRMSR to set IA32_SPEC_CTRL.IBRS after every transition to a more
- privileged predictor mode. Software can isolate predictor modes
- effectively simply by setting the bit once. Software need not disable
- enhanced IBRS prior to entering a sleep state such as MWAIT or HLT."
-
-If Enhanced IBRS is supported by the processor then use it as the
-preferred spectre v2 mitigation mechanism instead of Retpoline. Intel's
-Retpoline white paper [2] states:
-
- "Retpoline is known to be an effective branch target injection (Spectre
- variant 2) mitigation on Intel processors belonging to family 6
- (enumerated by the CPUID instruction) that do not have support for
- enhanced IBRS. On processors that support enhanced IBRS, it should be
- used for mitigation instead of retpoline."
-
-The reason why Enhanced IBRS is the recommended mitigation on processors
-which support it is that these processors also support CET which
-provides a defense against ROP attacks. Retpoline is very similar to ROP
-techniques and might trigger false positives in the CET defense.
-
-If Enhanced IBRS is selected as the mitigation technique for spectre v2,
-the IBRS bit in SPEC_CTRL MSR is set once at boot time and never
-cleared. Kernel also has to make sure that IBRS bit remains set after
-VMEXIT because the guest might have cleared the bit. This is already
-covered by the existing x86_spec_ctrl_set_guest() and
-x86_spec_ctrl_restore_host() speculation control functions.
-
-Enhanced IBRS still requires IBPB for full mitigation.
-
-[1] Speculative-Execution-Side-Channel-Mitigations.pdf
-[2] Retpoline-A-Branch-Target-Injection-Mitigation.pdf
-Both documents are available at:
-https://bugzilla.kernel.org/show_bug.cgi?id=199511
-
-Originally-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Tim C Chen <tim.c.chen@intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Ravi Shankar <ravi.v.shankar@intel.com>
-Link: https://lkml.kernel.org/r/1533148945-24095-1-git-send-email-sai.praneeth.prakhya@intel.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-[bwh: Backported to 3.16:
- - Use the first available bit from word 7
- - Adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/cpufeatures.h | 1 +
- arch/x86/include/asm/nospec-branch.h | 1 +
- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++++--
- arch/x86/kernel/cpu/common.c | 3 +++
- 4 files changed, 23 insertions(+), 2 deletions(-)
-
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -196,6 +196,7 @@
- #define X86_FEATURE_SSBD ( 7*32+20) /* Speculative Store Bypass Disable */
- #define X86_FEATURE_ZEN ( 7*32+21) /* "" CPU is AMD family 0x17 (Zen) */
- #define X86_FEATURE_L1TF_PTEINV ( 7*32+22) /* "" L1TF workaround PTE inversion */
-+#define X86_FEATURE_IBRS_ENHANCED ( 7*32+23) /* Enhanced IBRS */
- #define X86_FEATURE_RETPOLINE ( 7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */
- #define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */
- /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
---- a/arch/x86/include/asm/nospec-branch.h
-+++ b/arch/x86/include/asm/nospec-branch.h
-@@ -170,6 +170,7 @@ enum spectre_v2_mitigation {
- SPECTRE_V2_RETPOLINE_GENERIC,
- SPECTRE_V2_RETPOLINE_AMD,
- SPECTRE_V2_IBRS,
-+ SPECTRE_V2_IBRS_ENHANCED,
- };
-
- /* The Speculative Store Bypass disable variants */
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -195,6 +195,7 @@ static const char *spectre_v2_strings[]
- [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline",
- [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline",
- [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline",
-+ [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS",
- };
-
- #undef pr_fmt
-@@ -396,6 +397,13 @@ static void __init spectre_v2_select_mit
-
- case SPECTRE_V2_CMD_FORCE:
- case SPECTRE_V2_CMD_AUTO:
-+ if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
-+ mode = SPECTRE_V2_IBRS_ENHANCED;
-+ /* Force it so VMEXIT will restore correctly */
-+ x86_spec_ctrl_base |= SPEC_CTRL_IBRS;
-+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
-+ goto specv2_set_mode;
-+ }
- if (IS_ENABLED(CONFIG_RETPOLINE))
- goto retpoline_auto;
- break;
-@@ -433,6 +441,7 @@ retpoline_auto:
- setup_force_cpu_cap(X86_FEATURE_RETPOLINE);
- }
-
-+specv2_set_mode:
- spectre_v2_enabled = mode;
- pr_info("%s\n", spectre_v2_strings[mode]);
-
-@@ -455,9 +464,16 @@ retpoline_auto:
-
- /*
- * Retpoline means the kernel is safe because it has no indirect
-- * branches. But firmware isn't, so use IBRS to protect that.
-+ * branches. Enhanced IBRS protects firmware too, so, enable restricted
-+ * speculation around firmware calls only when Enhanced IBRS isn't
-+ * supported.
-+ *
-+ * Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because
-+ * the user might select retpoline on the kernel command line and if
-+ * the CPU supports Enhanced IBRS, kernel might un-intentionally not
-+ * enable IBRS around firmware calls.
- */
-- if (boot_cpu_has(X86_FEATURE_IBRS)) {
-+ if (boot_cpu_has(X86_FEATURE_IBRS) && mode != SPECTRE_V2_IBRS_ENHANCED) {
- setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW);
- pr_info("Enabling Restricted Speculation for firmware calls\n");
- }
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -882,6 +882,9 @@ static void __init cpu_set_bug_bits(stru
- setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
- setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
-
-+ if (ia32_cap & ARCH_CAP_IBRS_ALL)
-+ setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
-+
- if (x86_match_cpu(cpu_no_meltdown))
- return;
-
diff --git a/queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch b/queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch
deleted file mode 100644
index 95c5ff12..00000000
--- a/queue-3.16/x86-speculation-support-mitigations-cmdline-option.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From: Josh Poimboeuf <jpoimboe@redhat.com>
-Date: Fri, 12 Apr 2019 15:39:29 -0500
-Subject: x86/speculation: Support 'mitigations=' cmdline option
-
-commit d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812 upstream.
-
-Configure x86 runtime CPU speculation bug mitigations in accordance with
-the 'mitigations=' cmdline option. This affects Meltdown, Spectre v2,
-Speculative Store Bypass, and L1TF.
-
-The default behavior is unchanged.
-
-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
-Reviewed-by: Jiri Kosina <jkosina@suse.cz>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: "H . Peter Anvin" <hpa@zytor.com>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Jiri Kosina <jikos@kernel.org>
-Cc: Waiman Long <longman@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-Cc: Paul Mackerras <paulus@samba.org>
-Cc: Michael Ellerman <mpe@ellerman.id.au>
-Cc: linuxppc-dev@lists.ozlabs.org
-Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
-Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
-Cc: linux-s390@vger.kernel.org
-Cc: Catalin Marinas <catalin.marinas@arm.com>
-Cc: Will Deacon <will.deacon@arm.com>
-Cc: linux-arm-kernel@lists.infradead.org
-Cc: linux-arch@vger.kernel.org
-Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Cc: Tyler Hicks <tyhicks@canonical.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Randy Dunlap <rdunlap@infradead.org>
-Cc: Steven Price <steven.price@arm.com>
-Cc: Phil Auld <pauld@redhat.com>
-Link: https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com
-[bwh: Backported to 3.16:
- - Drop the auto,nosmt option and the l1tf mitigation selection, which we can't
- support
- - Adjust filenames, context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -1907,15 +1907,19 @@ bytes respectively. Such letter suffixes
- http://repo.or.cz/w/linux-2.6/mini2440.git
-
- mitigations=
-- Control optional mitigations for CPU vulnerabilities.
-- This is a set of curated, arch-independent options, each
-- of which is an aggregation of existing arch-specific
-- options.
-+ [X86] Control optional mitigations for CPU
-+ vulnerabilities. This is a set of curated,
-+ arch-independent options, each of which is an
-+ aggregation of existing arch-specific options.
-
- off
- Disable all optional CPU mitigations. This
- improves system performance, but it may also
- expose users to several CPU vulnerabilities.
-+ Equivalent to: nopti [X86]
-+ nospectre_v2 [X86]
-+ spectre_v2_user=off [X86]
-+ spec_store_bypass_disable=off [X86]
-
- auto (default)
- Mitigate all CPU vulnerabilities, but leave SMT
-@@ -1923,7 +1927,7 @@ bytes respectively. Such letter suffixes
- users who don't want to be surprised by SMT
- getting disabled across kernel upgrades, or who
- have other ways of avoiding SMT-based attacks.
-- This is the default behavior.
-+ Equivalent to: (default behavior)
-
- mminit_loglevel=
- [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -545,7 +545,8 @@ static enum spectre_v2_mitigation_cmd __
- char arg[20];
- int ret, i;
-
-- if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
-+ if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") ||
-+ cpu_mitigations_off())
- return SPECTRE_V2_CMD_NONE;
-
- ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
-@@ -809,7 +810,8 @@ static enum ssb_mitigation_cmd __init ss
- char arg[20];
- int ret, i;
-
-- if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
-+ if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") ||
-+ cpu_mitigations_off()) {
- return SPEC_STORE_BYPASS_CMD_NONE;
- } else {
- ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
---- a/arch/x86/mm/kaiser.c
-+++ b/arch/x86/mm/kaiser.c
-@@ -10,6 +10,7 @@
- #include <linux/mm.h>
- #include <linux/uaccess.h>
- #include <linux/ftrace.h>
-+#include <linux/cpu.h>
- #include <xen/xen.h>
-
- #undef pr_fmt
-@@ -294,7 +295,8 @@ void __init kaiser_check_boottime_disabl
- goto skip;
- }
-
-- if (cmdline_find_option_bool(boot_command_line, "nopti"))
-+ if (cmdline_find_option_bool(boot_command_line, "nopti") ||
-+ cpu_mitigations_off())
- goto disable;
-
- skip:
diff --git a/queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch b/queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch
deleted file mode 100644
index 94f20990..00000000
--- a/queue-3.16/x86-speculation-unify-conditional-spectre-v2-print-functions.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Sun, 25 Nov 2018 19:33:44 +0100
-Subject: x86/speculation: Unify conditional spectre v2 print functions
-
-commit 495d470e9828500e0155027f230449ac5e29c025 upstream.
-
-There is no point in having two functions and a conditional at the call
-site.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185004.986890749@linutronix.de
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/kernel/cpu/bugs.c | 17 ++++-------------
- 1 file changed, 4 insertions(+), 13 deletions(-)
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -312,15 +312,9 @@ static const struct {
- { "auto", SPECTRE_V2_CMD_AUTO, false },
- };
-
--static void __init spec2_print_if_insecure(const char *reason)
-+static void __init spec_v2_print_cond(const char *reason, bool secure)
- {
-- if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
-- pr_info("%s selected on command line.\n", reason);
--}
--
--static void __init spec2_print_if_secure(const char *reason)
--{
-- if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
-+ if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
- pr_info("%s selected on command line.\n", reason);
- }
-
-@@ -368,11 +362,8 @@ static enum spectre_v2_mitigation_cmd __
- return SPECTRE_V2_CMD_AUTO;
- }
-
-- if (mitigation_options[i].secure)
-- spec2_print_if_secure(mitigation_options[i].option);
-- else
-- spec2_print_if_insecure(mitigation_options[i].option);
--
-+ spec_v2_print_cond(mitigation_options[i].option,
-+ mitigation_options[i].secure);
- return cmd;
- }
-
diff --git a/queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch b/queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch
deleted file mode 100644
index 33053dfd..00000000
--- a/queue-3.16/x86-speculation-update-the-tif_ssbd-comment.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Tim Chen <tim.c.chen@linux.intel.com>
-Date: Sun, 25 Nov 2018 19:33:29 +0100
-Subject: x86/speculation: Update the TIF_SSBD comment
-
-commit 8eb729b77faf83ac4c1f363a9ad68d042415f24c upstream.
-
-"Reduced Data Speculation" is an obsolete term. The correct new name is
-"Speculative store bypass disable" - which is abbreviated into SSBD.
-
-Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Ingo Molnar <mingo@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Jiri Kosina <jkosina@suse.cz>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Andrea Arcangeli <aarcange@redhat.com>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Dave Hansen <dave.hansen@intel.com>
-Cc: Casey Schaufler <casey.schaufler@intel.com>
-Cc: Asit Mallick <asit.k.mallick@intel.com>
-Cc: Arjan van de Ven <arjan@linux.intel.com>
-Cc: Jon Masters <jcm@redhat.com>
-Cc: Waiman Long <longman9394@gmail.com>
-Cc: Greg KH <gregkh@linuxfoundation.org>
-Cc: Dave Stewart <david.c.stewart@intel.com>
-Cc: Kees Cook <keescook@chromium.org>
-Link: https://lkml.kernel.org/r/20181125185003.593893901@linutronix.de
-[bwh: Backported to 3.16: adjust context]
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
----
- arch/x86/include/asm/thread_info.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/include/asm/thread_info.h
-+++ b/arch/x86/include/asm/thread_info.h
-@@ -72,7 +72,7 @@ struct thread_info {
- #define TIF_SIGPENDING 2 /* signal pending */
- #define TIF_NEED_RESCHED 3 /* rescheduling necessary */
- #define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/
--#define TIF_SSBD 5 /* Reduced data speculation */
-+#define TIF_SSBD 5 /* Speculative store bypass disable */
- #define TIF_SYSCALL_EMU 6 /* syscall emulation active */
- #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */
- #define TIF_SECCOMP 8 /* secure computing */
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-31 05:44:54 +0000