Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Wed, 21 Nov 2018 15:02:32
Message-Id: 1542812469.811e116d5209f072b7f2e0ee2a37d1eabcbeaccb.mpagano@gentoo
1 commit: 811e116d5209f072b7f2e0ee2a37d1eabcbeaccb
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Aug 15 16:44:45 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Nov 21 15:01:09 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=811e116d
7
8 Linux patch 4.4.148
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1147_linux-4.4.148.patch | 1873 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1877 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 84033e9..99860c8 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -631,6 +631,10 @@ Patch: 1146_linux-4.4.147.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.4.147
23
24 +Patch: 1147_linux-4.4.148.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.4.148
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1147_linux-4.4.148.patch b/1147_linux-4.4.148.patch
33 new file mode 100644
34 index 0000000..ea24e41
35 --- /dev/null
36 +++ b/1147_linux-4.4.148.patch
37 @@ -0,0 +1,1873 @@
38 +diff --git a/Makefile b/Makefile
39 +index ee92a12e3a4b..9b795164122e 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 4
45 +-SUBLEVEL = 147
46 ++SUBLEVEL = 148
47 + EXTRAVERSION =
48 + NAME = Blurry Fish Butt
49 +
50 +diff --git a/arch/arm/boot/dts/imx6sx.dtsi b/arch/arm/boot/dts/imx6sx.dtsi
51 +index 167f77b3bd43..6963dff815dc 100644
52 +--- a/arch/arm/boot/dts/imx6sx.dtsi
53 ++++ b/arch/arm/boot/dts/imx6sx.dtsi
54 +@@ -1250,7 +1250,7 @@
55 + /* non-prefetchable memory */
56 + 0x82000000 0 0x08000000 0x08000000 0 0x00f00000>;
57 + num-lanes = <1>;
58 +- interrupts = <GIC_SPI 123 IRQ_TYPE_LEVEL_HIGH>;
59 ++ interrupts = <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>;
60 + clocks = <&clks IMX6SX_CLK_PCIE_REF_125M>,
61 + <&clks IMX6SX_CLK_PCIE_AXI>,
62 + <&clks IMX6SX_CLK_LVDS1_OUT>,
63 +diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig
64 +index 729f89163bc3..210b3d675261 100644
65 +--- a/arch/parisc/Kconfig
66 ++++ b/arch/parisc/Kconfig
67 +@@ -177,7 +177,7 @@ config PREFETCH
68 +
69 + config MLONGCALLS
70 + bool "Enable the -mlong-calls compiler option for big kernels"
71 +- def_bool y if (!MODULES)
72 ++ default y
73 + depends on PA8X00
74 + help
75 + If you configure the kernel to include many drivers built-in instead
76 +diff --git a/arch/parisc/include/asm/barrier.h b/arch/parisc/include/asm/barrier.h
77 +new file mode 100644
78 +index 000000000000..dbaaca84f27f
79 +--- /dev/null
80 ++++ b/arch/parisc/include/asm/barrier.h
81 +@@ -0,0 +1,32 @@
82 ++/* SPDX-License-Identifier: GPL-2.0 */
83 ++#ifndef __ASM_BARRIER_H
84 ++#define __ASM_BARRIER_H
85 ++
86 ++#ifndef __ASSEMBLY__
87 ++
88 ++/* The synchronize caches instruction executes as a nop on systems in
89 ++ which all memory references are performed in order. */
90 ++#define synchronize_caches() __asm__ __volatile__ ("sync" : : : "memory")
91 ++
92 ++#if defined(CONFIG_SMP)
93 ++#define mb() do { synchronize_caches(); } while (0)
94 ++#define rmb() mb()
95 ++#define wmb() mb()
96 ++#define dma_rmb() mb()
97 ++#define dma_wmb() mb()
98 ++#else
99 ++#define mb() barrier()
100 ++#define rmb() barrier()
101 ++#define wmb() barrier()
102 ++#define dma_rmb() barrier()
103 ++#define dma_wmb() barrier()
104 ++#endif
105 ++
106 ++#define __smp_mb() mb()
107 ++#define __smp_rmb() mb()
108 ++#define __smp_wmb() mb()
109 ++
110 ++#include <asm-generic/barrier.h>
111 ++
112 ++#endif /* !__ASSEMBLY__ */
113 ++#endif /* __ASM_BARRIER_H */
114 +diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S
115 +index 5dc831955de5..13cb2461fef5 100644
116 +--- a/arch/parisc/kernel/entry.S
117 ++++ b/arch/parisc/kernel/entry.S
118 +@@ -481,6 +481,8 @@
119 + /* Release pa_tlb_lock lock without reloading lock address. */
120 + .macro tlb_unlock0 spc,tmp
121 + #ifdef CONFIG_SMP
122 ++ or,COND(=) %r0,\spc,%r0
123 ++ sync
124 + or,COND(=) %r0,\spc,%r0
125 + stw \spc,0(\tmp)
126 + #endif
127 +diff --git a/arch/parisc/kernel/pacache.S b/arch/parisc/kernel/pacache.S
128 +index 16073f472118..b3434a7fd3c9 100644
129 +--- a/arch/parisc/kernel/pacache.S
130 ++++ b/arch/parisc/kernel/pacache.S
131 +@@ -354,6 +354,7 @@ ENDPROC(flush_data_cache_local)
132 + .macro tlb_unlock la,flags,tmp
133 + #ifdef CONFIG_SMP
134 + ldi 1,\tmp
135 ++ sync
136 + stw \tmp,0(\la)
137 + mtsm \flags
138 + #endif
139 +diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S
140 +index 9f22195b90ed..f68eedc72484 100644
141 +--- a/arch/parisc/kernel/syscall.S
142 ++++ b/arch/parisc/kernel/syscall.S
143 +@@ -631,6 +631,7 @@ cas_action:
144 + sub,<> %r28, %r25, %r0
145 + 2: stw,ma %r24, 0(%r26)
146 + /* Free lock */
147 ++ sync
148 + stw,ma %r20, 0(%sr2,%r20)
149 + #if ENABLE_LWS_DEBUG
150 + /* Clear thread register indicator */
151 +@@ -645,6 +646,7 @@ cas_action:
152 + 3:
153 + /* Error occurred on load or store */
154 + /* Free lock */
155 ++ sync
156 + stw %r20, 0(%sr2,%r20)
157 + #if ENABLE_LWS_DEBUG
158 + stw %r0, 4(%sr2,%r20)
159 +@@ -846,6 +848,7 @@ cas2_action:
160 +
161 + cas2_end:
162 + /* Free lock */
163 ++ sync
164 + stw,ma %r20, 0(%sr2,%r20)
165 + /* Enable interrupts */
166 + ssm PSW_SM_I, %r0
167 +@@ -856,6 +859,7 @@ cas2_end:
168 + 22:
169 + /* Error occurred on load or store */
170 + /* Free lock */
171 ++ sync
172 + stw %r20, 0(%sr2,%r20)
173 + ssm PSW_SM_I, %r0
174 + ldo 1(%r0),%r28
175 +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
176 +index f4b175db70f4..dd2269dcbc47 100644
177 +--- a/arch/x86/include/asm/cpufeatures.h
178 ++++ b/arch/x86/include/asm/cpufeatures.h
179 +@@ -193,12 +193,12 @@
180 + #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
181 + #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
182 +
183 ++#define X86_FEATURE_RETPOLINE ( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */
184 ++#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */
185 ++
186 + #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */
187 + #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */
188 +
189 +-#define X86_FEATURE_RETPOLINE ( 7*32+29) /* "" Generic Retpoline mitigation for Spectre variant 2 */
190 +-#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* "" AMD Retpoline mitigation for Spectre variant 2 */
191 +-
192 + #define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */
193 + #define X86_FEATURE_SSBD ( 7*32+17) /* Speculative Store Bypass Disable */
194 +
195 +@@ -214,7 +214,7 @@
196 + #define X86_FEATURE_IBPB ( 7*32+26) /* Indirect Branch Prediction Barrier */
197 + #define X86_FEATURE_STIBP ( 7*32+27) /* Single Thread Indirect Branch Predictors */
198 + #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
199 +-
200 ++#define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */
201 +
202 + /* Virtualization flags: Linux defined, word 8 */
203 + #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
204 +@@ -310,6 +310,7 @@
205 + #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */
206 + #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */
207 + #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */
208 ++#define X86_FEATURE_FLUSH_L1D (18*32+28) /* Flush L1D cache */
209 + #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
210 + #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */
211 +
212 +@@ -331,5 +332,6 @@
213 + #define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */
214 + #define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */
215 + #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */
216 ++#define X86_BUG_L1TF X86_BUG(18) /* CPU is affected by L1 Terminal Fault */
217 +
218 + #endif /* _ASM_X86_CPUFEATURES_H */
219 +diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
220 +index 0056bc945cd1..cb7f04981c6b 100644
221 +--- a/arch/x86/include/asm/irqflags.h
222 ++++ b/arch/x86/include/asm/irqflags.h
223 +@@ -8,6 +8,8 @@
224 + * Interrupt control:
225 + */
226 +
227 ++/* Declaration required for gcc < 4.9 to prevent -Werror=missing-prototypes */
228 ++extern inline unsigned long native_save_fl(void);
229 + extern inline unsigned long native_save_fl(void)
230 + {
231 + unsigned long flags;
232 +diff --git a/arch/x86/include/asm/page_32_types.h b/arch/x86/include/asm/page_32_types.h
233 +index 3a52ee0e726d..bfceb5cc6347 100644
234 +--- a/arch/x86/include/asm/page_32_types.h
235 ++++ b/arch/x86/include/asm/page_32_types.h
236 +@@ -27,8 +27,13 @@
237 + #define N_EXCEPTION_STACKS 1
238 +
239 + #ifdef CONFIG_X86_PAE
240 +-/* 44=32+12, the limit we can fit into an unsigned long pfn */
241 +-#define __PHYSICAL_MASK_SHIFT 44
242 ++/*
243 ++ * This is beyond the 44 bit limit imposed by the 32bit long pfns,
244 ++ * but we need the full mask to make sure inverted PROT_NONE
245 ++ * entries have all the host bits set in a guest.
246 ++ * The real limit is still 44 bits.
247 ++ */
248 ++#define __PHYSICAL_MASK_SHIFT 52
249 + #define __VIRTUAL_MASK_SHIFT 32
250 +
251 + #else /* !CONFIG_X86_PAE */
252 +diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
253 +index fd74a11959de..89c50332a71e 100644
254 +--- a/arch/x86/include/asm/pgtable-2level.h
255 ++++ b/arch/x86/include/asm/pgtable-2level.h
256 +@@ -77,4 +77,21 @@ static inline unsigned long pte_bitop(unsigned long value, unsigned int rightshi
257 + #define __pte_to_swp_entry(pte) ((swp_entry_t) { (pte).pte_low })
258 + #define __swp_entry_to_pte(x) ((pte_t) { .pte = (x).val })
259 +
260 ++/* No inverted PFNs on 2 level page tables */
261 ++
262 ++static inline u64 protnone_mask(u64 val)
263 ++{
264 ++ return 0;
265 ++}
266 ++
267 ++static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask)
268 ++{
269 ++ return val;
270 ++}
271 ++
272 ++static inline bool __pte_needs_invert(u64 val)
273 ++{
274 ++ return false;
275 ++}
276 ++
277 + #endif /* _ASM_X86_PGTABLE_2LEVEL_H */
278 +diff --git a/arch/x86/include/asm/pgtable-3level.h b/arch/x86/include/asm/pgtable-3level.h
279 +index cdaa58c9b39e..5c686382d84b 100644
280 +--- a/arch/x86/include/asm/pgtable-3level.h
281 ++++ b/arch/x86/include/asm/pgtable-3level.h
282 +@@ -177,11 +177,44 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *pmdp)
283 + #endif
284 +
285 + /* Encode and de-code a swap entry */
286 ++#define SWP_TYPE_BITS 5
287 ++
288 ++#define SWP_OFFSET_FIRST_BIT (_PAGE_BIT_PROTNONE + 1)
289 ++
290 ++/* We always extract/encode the offset by shifting it all the way up, and then down again */
291 ++#define SWP_OFFSET_SHIFT (SWP_OFFSET_FIRST_BIT + SWP_TYPE_BITS)
292 ++
293 + #define MAX_SWAPFILES_CHECK() BUILD_BUG_ON(MAX_SWAPFILES_SHIFT > 5)
294 + #define __swp_type(x) (((x).val) & 0x1f)
295 + #define __swp_offset(x) ((x).val >> 5)
296 + #define __swp_entry(type, offset) ((swp_entry_t){(type) | (offset) << 5})
297 +-#define __pte_to_swp_entry(pte) ((swp_entry_t){ (pte).pte_high })
298 +-#define __swp_entry_to_pte(x) ((pte_t){ { .pte_high = (x).val } })
299 ++
300 ++/*
301 ++ * Normally, __swp_entry() converts from arch-independent swp_entry_t to
302 ++ * arch-dependent swp_entry_t, and __swp_entry_to_pte() just stores the result
303 ++ * to pte. But here we have 32bit swp_entry_t and 64bit pte, and need to use the
304 ++ * whole 64 bits. Thus, we shift the "real" arch-dependent conversion to
305 ++ * __swp_entry_to_pte() through the following helper macro based on 64bit
306 ++ * __swp_entry().
307 ++ */
308 ++#define __swp_pteval_entry(type, offset) ((pteval_t) { \
309 ++ (~(pteval_t)(offset) << SWP_OFFSET_SHIFT >> SWP_TYPE_BITS) \
310 ++ | ((pteval_t)(type) << (64 - SWP_TYPE_BITS)) })
311 ++
312 ++#define __swp_entry_to_pte(x) ((pte_t){ .pte = \
313 ++ __swp_pteval_entry(__swp_type(x), __swp_offset(x)) })
314 ++/*
315 ++ * Analogically, __pte_to_swp_entry() doesn't just extract the arch-dependent
316 ++ * swp_entry_t, but also has to convert it from 64bit to the 32bit
317 ++ * intermediate representation, using the following macros based on 64bit
318 ++ * __swp_type() and __swp_offset().
319 ++ */
320 ++#define __pteval_swp_type(x) ((unsigned long)((x).pte >> (64 - SWP_TYPE_BITS)))
321 ++#define __pteval_swp_offset(x) ((unsigned long)(~((x).pte) << SWP_TYPE_BITS >> SWP_OFFSET_SHIFT))
322 ++
323 ++#define __pte_to_swp_entry(pte) (__swp_entry(__pteval_swp_type(pte), \
324 ++ __pteval_swp_offset(pte)))
325 ++
326 ++#include <asm/pgtable-invert.h>
327 +
328 + #endif /* _ASM_X86_PGTABLE_3LEVEL_H */
329 +diff --git a/arch/x86/include/asm/pgtable-invert.h b/arch/x86/include/asm/pgtable-invert.h
330 +new file mode 100644
331 +index 000000000000..44b1203ece12
332 +--- /dev/null
333 ++++ b/arch/x86/include/asm/pgtable-invert.h
334 +@@ -0,0 +1,32 @@
335 ++/* SPDX-License-Identifier: GPL-2.0 */
336 ++#ifndef _ASM_PGTABLE_INVERT_H
337 ++#define _ASM_PGTABLE_INVERT_H 1
338 ++
339 ++#ifndef __ASSEMBLY__
340 ++
341 ++static inline bool __pte_needs_invert(u64 val)
342 ++{
343 ++ return !(val & _PAGE_PRESENT);
344 ++}
345 ++
346 ++/* Get a mask to xor with the page table entry to get the correct pfn. */
347 ++static inline u64 protnone_mask(u64 val)
348 ++{
349 ++ return __pte_needs_invert(val) ? ~0ull : 0;
350 ++}
351 ++
352 ++static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask)
353 ++{
354 ++ /*
355 ++ * When a PTE transitions from NONE to !NONE or vice-versa
356 ++ * invert the PFN part to stop speculation.
357 ++ * pte_pfn undoes this when needed.
358 ++ */
359 ++ if (__pte_needs_invert(oldval) != __pte_needs_invert(val))
360 ++ val = (val & ~mask) | (~val & mask);
361 ++ return val;
362 ++}
363 ++
364 ++#endif /* __ASSEMBLY__ */
365 ++
366 ++#endif
367 +diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
368 +index 84c62d950023..4de6c282c02a 100644
369 +--- a/arch/x86/include/asm/pgtable.h
370 ++++ b/arch/x86/include/asm/pgtable.h
371 +@@ -148,19 +148,29 @@ static inline int pte_special(pte_t pte)
372 + return pte_flags(pte) & _PAGE_SPECIAL;
373 + }
374 +
375 ++/* Entries that were set to PROT_NONE are inverted */
376 ++
377 ++static inline u64 protnone_mask(u64 val);
378 ++
379 + static inline unsigned long pte_pfn(pte_t pte)
380 + {
381 +- return (pte_val(pte) & PTE_PFN_MASK) >> PAGE_SHIFT;
382 ++ phys_addr_t pfn = pte_val(pte);
383 ++ pfn ^= protnone_mask(pfn);
384 ++ return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT;
385 + }
386 +
387 + static inline unsigned long pmd_pfn(pmd_t pmd)
388 + {
389 +- return (pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;
390 ++ phys_addr_t pfn = pmd_val(pmd);
391 ++ pfn ^= protnone_mask(pfn);
392 ++ return (pfn & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;
393 + }
394 +
395 + static inline unsigned long pud_pfn(pud_t pud)
396 + {
397 +- return (pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT;
398 ++ phys_addr_t pfn = pud_val(pud);
399 ++ pfn ^= protnone_mask(pfn);
400 ++ return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT;
401 + }
402 +
403 + #define pte_page(pte) pfn_to_page(pte_pfn(pte))
404 +@@ -305,11 +315,6 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd)
405 + return pmd_set_flags(pmd, _PAGE_RW);
406 + }
407 +
408 +-static inline pmd_t pmd_mknotpresent(pmd_t pmd)
409 +-{
410 +- return pmd_clear_flags(pmd, _PAGE_PRESENT | _PAGE_PROTNONE);
411 +-}
412 +-
413 + #ifdef CONFIG_HAVE_ARCH_SOFT_DIRTY
414 + static inline int pte_soft_dirty(pte_t pte)
415 + {
416 +@@ -359,19 +364,58 @@ static inline pgprotval_t massage_pgprot(pgprot_t pgprot)
417 +
418 + static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
419 + {
420 +- return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) |
421 +- massage_pgprot(pgprot));
422 ++ phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT;
423 ++ pfn ^= protnone_mask(pgprot_val(pgprot));
424 ++ pfn &= PTE_PFN_MASK;
425 ++ return __pte(pfn | massage_pgprot(pgprot));
426 + }
427 +
428 + static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot)
429 + {
430 +- return __pmd(((phys_addr_t)page_nr << PAGE_SHIFT) |
431 +- massage_pgprot(pgprot));
432 ++ phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT;
433 ++ pfn ^= protnone_mask(pgprot_val(pgprot));
434 ++ pfn &= PHYSICAL_PMD_PAGE_MASK;
435 ++ return __pmd(pfn | massage_pgprot(pgprot));
436 ++}
437 ++
438 ++static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot)
439 ++{
440 ++ phys_addr_t pfn = page_nr << PAGE_SHIFT;
441 ++ pfn ^= protnone_mask(pgprot_val(pgprot));
442 ++ pfn &= PHYSICAL_PUD_PAGE_MASK;
443 ++ return __pud(pfn | massage_pgprot(pgprot));
444 ++}
445 ++
446 ++static inline pmd_t pmd_mknotpresent(pmd_t pmd)
447 ++{
448 ++ return pfn_pmd(pmd_pfn(pmd),
449 ++ __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE)));
450 + }
451 +
452 ++static inline pud_t pud_set_flags(pud_t pud, pudval_t set)
453 ++{
454 ++ pudval_t v = native_pud_val(pud);
455 ++
456 ++ return __pud(v | set);
457 ++}
458 ++
459 ++static inline pud_t pud_clear_flags(pud_t pud, pudval_t clear)
460 ++{
461 ++ pudval_t v = native_pud_val(pud);
462 ++
463 ++ return __pud(v & ~clear);
464 ++}
465 ++
466 ++static inline pud_t pud_mkhuge(pud_t pud)
467 ++{
468 ++ return pud_set_flags(pud, _PAGE_PSE);
469 ++}
470 ++
471 ++static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask);
472 ++
473 + static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
474 + {
475 +- pteval_t val = pte_val(pte);
476 ++ pteval_t val = pte_val(pte), oldval = val;
477 +
478 + /*
479 + * Chop off the NX bit (if present), and add the NX portion of
480 +@@ -379,17 +423,17 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
481 + */
482 + val &= _PAGE_CHG_MASK;
483 + val |= massage_pgprot(newprot) & ~_PAGE_CHG_MASK;
484 +-
485 ++ val = flip_protnone_guard(oldval, val, PTE_PFN_MASK);
486 + return __pte(val);
487 + }
488 +
489 + static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
490 + {
491 +- pmdval_t val = pmd_val(pmd);
492 ++ pmdval_t val = pmd_val(pmd), oldval = val;
493 +
494 + val &= _HPAGE_CHG_MASK;
495 + val |= massage_pgprot(newprot) & ~_HPAGE_CHG_MASK;
496 +-
497 ++ val = flip_protnone_guard(oldval, val, PHYSICAL_PMD_PAGE_MASK);
498 + return __pmd(val);
499 + }
500 +
501 +@@ -926,6 +970,14 @@ static inline pte_t pte_swp_clear_soft_dirty(pte_t pte)
502 + }
503 + #endif
504 +
505 ++#define __HAVE_ARCH_PFN_MODIFY_ALLOWED 1
506 ++extern bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot);
507 ++
508 ++static inline bool arch_has_pfn_modify_check(void)
509 ++{
510 ++ return boot_cpu_has_bug(X86_BUG_L1TF);
511 ++}
512 ++
513 + #include <asm-generic/pgtable.h>
514 + #endif /* __ASSEMBLY__ */
515 +
516 +diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
517 +index c810226e741a..221a32ed1372 100644
518 +--- a/arch/x86/include/asm/pgtable_64.h
519 ++++ b/arch/x86/include/asm/pgtable_64.h
520 +@@ -163,18 +163,52 @@ static inline int pgd_large(pgd_t pgd) { return 0; }
521 + #define pte_offset_map(dir, address) pte_offset_kernel((dir), (address))
522 + #define pte_unmap(pte) ((void)(pte))/* NOP */
523 +
524 +-/* Encode and de-code a swap entry */
525 +-#define SWP_TYPE_BITS 5
526 +-#define SWP_OFFSET_SHIFT (_PAGE_BIT_PROTNONE + 1)
527 ++/*
528 ++ * Encode and de-code a swap entry
529 ++ *
530 ++ * | ... | 11| 10| 9|8|7|6|5| 4| 3|2| 1|0| <- bit number
531 ++ * | ... |SW3|SW2|SW1|G|L|D|A|CD|WT|U| W|P| <- bit names
532 ++ * | TYPE (59-63) | ~OFFSET (9-58) |0|0|X|X| X| X|X|SD|0| <- swp entry
533 ++ *
534 ++ * G (8) is aliased and used as a PROT_NONE indicator for
535 ++ * !present ptes. We need to start storing swap entries above
536 ++ * there. We also need to avoid using A and D because of an
537 ++ * erratum where they can be incorrectly set by hardware on
538 ++ * non-present PTEs.
539 ++ *
540 ++ * SD (1) in swp entry is used to store soft dirty bit, which helps us
541 ++ * remember soft dirty over page migration
542 ++ *
543 ++ * Bit 7 in swp entry should be 0 because pmd_present checks not only P,
544 ++ * but also L and G.
545 ++ *
546 ++ * The offset is inverted by a binary not operation to make the high
547 ++ * physical bits set.
548 ++ */
549 ++#define SWP_TYPE_BITS 5
550 ++
551 ++#define SWP_OFFSET_FIRST_BIT (_PAGE_BIT_PROTNONE + 1)
552 ++
553 ++/* We always extract/encode the offset by shifting it all the way up, and then down again */
554 ++#define SWP_OFFSET_SHIFT (SWP_OFFSET_FIRST_BIT+SWP_TYPE_BITS)
555 +
556 + #define MAX_SWAPFILES_CHECK() BUILD_BUG_ON(MAX_SWAPFILES_SHIFT > SWP_TYPE_BITS)
557 +
558 +-#define __swp_type(x) (((x).val >> (_PAGE_BIT_PRESENT + 1)) \
559 +- & ((1U << SWP_TYPE_BITS) - 1))
560 +-#define __swp_offset(x) ((x).val >> SWP_OFFSET_SHIFT)
561 +-#define __swp_entry(type, offset) ((swp_entry_t) { \
562 +- ((type) << (_PAGE_BIT_PRESENT + 1)) \
563 +- | ((offset) << SWP_OFFSET_SHIFT) })
564 ++/* Extract the high bits for type */
565 ++#define __swp_type(x) ((x).val >> (64 - SWP_TYPE_BITS))
566 ++
567 ++/* Shift up (to get rid of type), then down to get value */
568 ++#define __swp_offset(x) (~(x).val << SWP_TYPE_BITS >> SWP_OFFSET_SHIFT)
569 ++
570 ++/*
571 ++ * Shift the offset up "too far" by TYPE bits, then down again
572 ++ * The offset is inverted by a binary not operation to make the high
573 ++ * physical bits set.
574 ++ */
575 ++#define __swp_entry(type, offset) ((swp_entry_t) { \
576 ++ (~(unsigned long)(offset) << SWP_OFFSET_SHIFT >> SWP_TYPE_BITS) \
577 ++ | ((unsigned long)(type) << (64-SWP_TYPE_BITS)) })
578 ++
579 + #define __pte_to_swp_entry(pte) ((swp_entry_t) { pte_val((pte)) })
580 + #define __swp_entry_to_pte(x) ((pte_t) { .pte = (x).val })
581 +
582 +@@ -201,6 +235,8 @@ extern void cleanup_highmap(void);
583 + extern void init_extra_mapping_uc(unsigned long phys, unsigned long size);
584 + extern void init_extra_mapping_wb(unsigned long phys, unsigned long size);
585 +
586 ++#include <asm/pgtable-invert.h>
587 ++
588 + #endif /* !__ASSEMBLY__ */
589 +
590 + #endif /* _ASM_X86_PGTABLE_64_H */
591 +diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
592 +index 8dba273da25a..7572ce32055e 100644
593 +--- a/arch/x86/include/asm/pgtable_types.h
594 ++++ b/arch/x86/include/asm/pgtable_types.h
595 +@@ -70,15 +70,15 @@
596 + /*
597 + * Tracking soft dirty bit when a page goes to a swap is tricky.
598 + * We need a bit which can be stored in pte _and_ not conflict
599 +- * with swap entry format. On x86 bits 6 and 7 are *not* involved
600 +- * into swap entry computation, but bit 6 is used for nonlinear
601 +- * file mapping, so we borrow bit 7 for soft dirty tracking.
602 ++ * with swap entry format. On x86 bits 1-4 are *not* involved
603 ++ * into swap entry computation, but bit 7 is used for thp migration,
604 ++ * so we borrow bit 1 for soft dirty tracking.
605 + *
606 + * Please note that this bit must be treated as swap dirty page
607 +- * mark if and only if the PTE has present bit clear!
608 ++ * mark if and only if the PTE/PMD has present bit clear!
609 + */
610 + #ifdef CONFIG_MEM_SOFT_DIRTY
611 +-#define _PAGE_SWP_SOFT_DIRTY _PAGE_PSE
612 ++#define _PAGE_SWP_SOFT_DIRTY _PAGE_RW
613 + #else
614 + #define _PAGE_SWP_SOFT_DIRTY (_AT(pteval_t, 0))
615 + #endif
616 +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
617 +index 8e415cf65457..a3a53955f01c 100644
618 +--- a/arch/x86/include/asm/processor.h
619 ++++ b/arch/x86/include/asm/processor.h
620 +@@ -172,6 +172,11 @@ extern const struct seq_operations cpuinfo_op;
621 +
622 + extern void cpu_detect(struct cpuinfo_x86 *c);
623 +
624 ++static inline unsigned long l1tf_pfn_limit(void)
625 ++{
626 ++ return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
627 ++}
628 ++
629 + extern void early_cpu_init(void);
630 + extern void identify_boot_cpu(void);
631 + extern void identify_secondary_cpu(struct cpuinfo_x86 *);
632 +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
633 +index 12a8867071f3..34e4aaaf03d2 100644
634 +--- a/arch/x86/kernel/cpu/bugs.c
635 ++++ b/arch/x86/kernel/cpu/bugs.c
636 +@@ -26,9 +26,11 @@
637 + #include <asm/pgtable.h>
638 + #include <asm/cacheflush.h>
639 + #include <asm/intel-family.h>
640 ++#include <asm/e820.h>
641 +
642 + static void __init spectre_v2_select_mitigation(void);
643 + static void __init ssb_select_mitigation(void);
644 ++static void __init l1tf_select_mitigation(void);
645 +
646 + /*
647 + * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
648 +@@ -80,6 +82,8 @@ void __init check_bugs(void)
649 + */
650 + ssb_select_mitigation();
651 +
652 ++ l1tf_select_mitigation();
653 ++
654 + #ifdef CONFIG_X86_32
655 + /*
656 + * Check whether we are able to run this kernel safely on SMP.
657 +@@ -309,23 +313,6 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
658 + return cmd;
659 + }
660 +
661 +-/* Check for Skylake-like CPUs (for RSB handling) */
662 +-static bool __init is_skylake_era(void)
663 +-{
664 +- if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
665 +- boot_cpu_data.x86 == 6) {
666 +- switch (boot_cpu_data.x86_model) {
667 +- case INTEL_FAM6_SKYLAKE_MOBILE:
668 +- case INTEL_FAM6_SKYLAKE_DESKTOP:
669 +- case INTEL_FAM6_SKYLAKE_X:
670 +- case INTEL_FAM6_KABYLAKE_MOBILE:
671 +- case INTEL_FAM6_KABYLAKE_DESKTOP:
672 +- return true;
673 +- }
674 +- }
675 +- return false;
676 +-}
677 +-
678 + static void __init spectre_v2_select_mitigation(void)
679 + {
680 + enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
681 +@@ -386,22 +373,15 @@ retpoline_auto:
682 + pr_info("%s\n", spectre_v2_strings[mode]);
683 +
684 + /*
685 +- * If neither SMEP nor PTI are available, there is a risk of
686 +- * hitting userspace addresses in the RSB after a context switch
687 +- * from a shallow call stack to a deeper one. To prevent this fill
688 +- * the entire RSB, even when using IBRS.
689 ++ * If spectre v2 protection has been enabled, unconditionally fill
690 ++ * RSB during a context switch; this protects against two independent
691 ++ * issues:
692 + *
693 +- * Skylake era CPUs have a separate issue with *underflow* of the
694 +- * RSB, when they will predict 'ret' targets from the generic BTB.
695 +- * The proper mitigation for this is IBRS. If IBRS is not supported
696 +- * or deactivated in favour of retpolines the RSB fill on context
697 +- * switch is required.
698 ++ * - RSB underflow (and switch to BTB) on Skylake+
699 ++ * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs
700 + */
701 +- if ((!boot_cpu_has(X86_FEATURE_KAISER) &&
702 +- !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) {
703 +- setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
704 +- pr_info("Spectre v2 mitigation: Filling RSB on context switch\n");
705 +- }
706 ++ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
707 ++ pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
708 +
709 + /* Initialize Indirect Branch Prediction Barrier if supported */
710 + if (boot_cpu_has(X86_FEATURE_IBPB)) {
711 +@@ -652,6 +632,35 @@ void x86_spec_ctrl_setup_ap(void)
712 + x86_amd_ssb_disable();
713 + }
714 +
715 ++#undef pr_fmt
716 ++#define pr_fmt(fmt) "L1TF: " fmt
717 ++static void __init l1tf_select_mitigation(void)
718 ++{
719 ++ u64 half_pa;
720 ++
721 ++ if (!boot_cpu_has_bug(X86_BUG_L1TF))
722 ++ return;
723 ++
724 ++#if CONFIG_PGTABLE_LEVELS == 2
725 ++ pr_warn("Kernel not compiled for PAE. No mitigation for L1TF\n");
726 ++ return;
727 ++#endif
728 ++
729 ++ /*
730 ++ * This is extremely unlikely to happen because almost all
731 ++ * systems have far more MAX_PA/2 than RAM can be fit into
732 ++ * DIMM slots.
733 ++ */
734 ++ half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT;
735 ++ if (e820_any_mapped(half_pa, ULLONG_MAX - half_pa, E820_RAM)) {
736 ++ pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n");
737 ++ return;
738 ++ }
739 ++
740 ++ setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV);
741 ++}
742 ++#undef pr_fmt
743 ++
744 + #ifdef CONFIG_SYSFS
745 +
746 + static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
747 +@@ -679,6 +688,11 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
748 + case X86_BUG_SPEC_STORE_BYPASS:
749 + return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
750 +
751 ++ case X86_BUG_L1TF:
752 ++ if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV))
753 ++ return sprintf(buf, "Mitigation: Page Table Inversion\n");
754 ++ break;
755 ++
756 + default:
757 + break;
758 + }
759 +@@ -705,4 +719,9 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *
760 + {
761 + return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS);
762 + }
763 ++
764 ++ssize_t cpu_show_l1tf(struct device *dev, struct device_attribute *attr, char *buf)
765 ++{
766 ++ return cpu_show_common(dev, attr, buf, X86_BUG_L1TF);
767 ++}
768 + #endif
769 +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
770 +index 3d21b28f9826..4d3fa79c0f09 100644
771 +--- a/arch/x86/kernel/cpu/common.c
772 ++++ b/arch/x86/kernel/cpu/common.c
773 +@@ -880,6 +880,21 @@ static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
774 + {}
775 + };
776 +
777 ++static const __initconst struct x86_cpu_id cpu_no_l1tf[] = {
778 ++ /* in addition to cpu_no_speculation */
779 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 },
780 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 },
781 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
782 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD },
783 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MOOREFIELD },
784 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT },
785 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_DENVERTON },
786 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GEMINI_LAKE },
787 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
788 ++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
789 ++ {}
790 ++};
791 ++
792 + static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
793 + {
794 + u64 ia32_cap = 0;
795 +@@ -905,6 +920,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
796 + return;
797 +
798 + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
799 ++
800 ++ if (x86_match_cpu(cpu_no_l1tf))
801 ++ return;
802 ++
803 ++ setup_force_cpu_bug(X86_BUG_L1TF);
804 + }
805 +
806 + /*
807 +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
808 +index 1f5c47a49e35..c6f466d6cc57 100644
809 +--- a/arch/x86/kernel/kprobes/core.c
810 ++++ b/arch/x86/kernel/kprobes/core.c
811 +@@ -393,7 +393,6 @@ int __copy_instruction(u8 *dest, u8 *src)
812 + newdisp = (u8 *) src + (s64) insn.displacement.value - (u8 *) dest;
813 + if ((s64) (s32) newdisp != newdisp) {
814 + pr_err("Kprobes error: new displacement does not fit into s32 (%llx)\n", newdisp);
815 +- pr_err("\tSrc: %p, Dest: %p, old disp: %x\n", src, dest, insn.displacement.value);
816 + return 0;
817 + }
818 + disp = (u8 *) dest + insn_offset_displacement(&insn);
819 +@@ -609,8 +608,7 @@ static int reenter_kprobe(struct kprobe *p, struct pt_regs *regs,
820 + * Raise a BUG or we'll continue in an endless reentering loop
821 + * and eventually a stack overflow.
822 + */
823 +- printk(KERN_WARNING "Unrecoverable kprobe detected at %p.\n",
824 +- p->addr);
825 ++ pr_err("Unrecoverable kprobe detected.\n");
826 + dump_kprobe(p);
827 + BUG();
828 + default:
829 +diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
830 +index f534a0e3af53..632195b41688 100644
831 +--- a/arch/x86/kernel/paravirt.c
832 ++++ b/arch/x86/kernel/paravirt.c
833 +@@ -97,10 +97,12 @@ unsigned paravirt_patch_call(void *insnbuf,
834 + struct branch *b = insnbuf;
835 + unsigned long delta = (unsigned long)target - (addr+5);
836 +
837 +- if (tgt_clobbers & ~site_clobbers)
838 +- return len; /* target would clobber too much for this site */
839 +- if (len < 5)
840 ++ if (len < 5) {
841 ++#ifdef CONFIG_RETPOLINE
842 ++ WARN_ONCE("Failing to patch indirect CALL in %ps\n", (void *)addr);
843 ++#endif
844 + return len; /* call too long for patch site */
845 ++ }
846 +
847 + b->opcode = 0xe8; /* call */
848 + b->delta = delta;
849 +@@ -115,8 +117,12 @@ unsigned paravirt_patch_jmp(void *insnbuf, const void *target,
850 + struct branch *b = insnbuf;
851 + unsigned long delta = (unsigned long)target - (addr+5);
852 +
853 +- if (len < 5)
854 ++ if (len < 5) {
855 ++#ifdef CONFIG_RETPOLINE
856 ++ WARN_ONCE("Failing to patch indirect JMP in %ps\n", (void *)addr);
857 ++#endif
858 + return len; /* call too long for patch site */
859 ++ }
860 +
861 + b->opcode = 0xe9; /* jmp */
862 + b->delta = delta;
863 +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
864 +index bbaae4cf9e8e..31c4bc0d3372 100644
865 +--- a/arch/x86/kernel/setup.c
866 ++++ b/arch/x86/kernel/setup.c
867 +@@ -851,6 +851,12 @@ void __init setup_arch(char **cmdline_p)
868 + memblock_reserve(__pa_symbol(_text),
869 + (unsigned long)__bss_stop - (unsigned long)_text);
870 +
871 ++ /*
872 ++ * Make sure page 0 is always reserved because on systems with
873 ++ * L1TF its contents can be leaked to user processes.
874 ++ */
875 ++ memblock_reserve(0, PAGE_SIZE);
876 ++
877 + early_reserve_initrd();
878 +
879 + /*
880 +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
881 +index 151fd33e9043..4954a6cef50a 100644
882 +--- a/arch/x86/mm/init.c
883 ++++ b/arch/x86/mm/init.c
884 +@@ -4,6 +4,8 @@
885 + #include <linux/swap.h>
886 + #include <linux/memblock.h>
887 + #include <linux/bootmem.h> /* for max_low_pfn */
888 ++#include <linux/swapfile.h>
889 ++#include <linux/swapops.h>
890 +
891 + #include <asm/cacheflush.h>
892 + #include <asm/e820.h>
893 +@@ -767,3 +769,26 @@ void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache)
894 + __cachemode2pte_tbl[cache] = __cm_idx2pte(entry);
895 + __pte2cachemode_tbl[entry] = cache;
896 + }
897 ++
898 ++#ifdef CONFIG_SWAP
899 ++unsigned long max_swapfile_size(void)
900 ++{
901 ++ unsigned long pages;
902 ++
903 ++ pages = generic_max_swapfile_size();
904 ++
905 ++ if (boot_cpu_has_bug(X86_BUG_L1TF)) {
906 ++ /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
907 ++ unsigned long l1tf_limit = l1tf_pfn_limit() + 1;
908 ++ /*
909 ++ * We encode swap offsets also with 3 bits below those for pfn
910 ++ * which makes the usable limit higher.
911 ++ */
912 ++#if CONFIG_PGTABLE_LEVELS > 2
913 ++ l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT;
914 ++#endif
915 ++ pages = min_t(unsigned long, l1tf_limit, pages);
916 ++ }
917 ++ return pages;
918 ++}
919 ++#endif
920 +diff --git a/arch/x86/mm/kmmio.c b/arch/x86/mm/kmmio.c
921 +index 76604c8a2a48..7bf14e74fc8f 100644
922 +--- a/arch/x86/mm/kmmio.c
923 ++++ b/arch/x86/mm/kmmio.c
924 +@@ -125,24 +125,29 @@ static struct kmmio_fault_page *get_kmmio_fault_page(unsigned long addr)
925 +
926 + static void clear_pmd_presence(pmd_t *pmd, bool clear, pmdval_t *old)
927 + {
928 ++ pmd_t new_pmd;
929 + pmdval_t v = pmd_val(*pmd);
930 + if (clear) {
931 +- *old = v & _PAGE_PRESENT;
932 +- v &= ~_PAGE_PRESENT;
933 +- } else /* presume this has been called with clear==true previously */
934 +- v |= *old;
935 +- set_pmd(pmd, __pmd(v));
936 ++ *old = v;
937 ++ new_pmd = pmd_mknotpresent(*pmd);
938 ++ } else {
939 ++ /* Presume this has been called with clear==true previously */
940 ++ new_pmd = __pmd(*old);
941 ++ }
942 ++ set_pmd(pmd, new_pmd);
943 + }
944 +
945 + static void clear_pte_presence(pte_t *pte, bool clear, pteval_t *old)
946 + {
947 + pteval_t v = pte_val(*pte);
948 + if (clear) {
949 +- *old = v & _PAGE_PRESENT;
950 +- v &= ~_PAGE_PRESENT;
951 +- } else /* presume this has been called with clear==true previously */
952 +- v |= *old;
953 +- set_pte_atomic(pte, __pte(v));
954 ++ *old = v;
955 ++ /* Nothing should care about address */
956 ++ pte_clear(&init_mm, 0, pte);
957 ++ } else {
958 ++ /* Presume this has been called with clear==true previously */
959 ++ set_pte_atomic(pte, __pte(*old));
960 ++ }
961 + }
962 +
963 + static int clear_page_presence(struct kmmio_fault_page *f, bool clear)
964 +diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
965 +index 307f60ecfc6d..9a055ea279eb 100644
966 +--- a/arch/x86/mm/mmap.c
967 ++++ b/arch/x86/mm/mmap.c
968 +@@ -121,3 +121,24 @@ const char *arch_vma_name(struct vm_area_struct *vma)
969 + return "[mpx]";
970 + return NULL;
971 + }
972 ++
973 ++/*
974 ++ * Only allow root to set high MMIO mappings to PROT_NONE.
975 ++ * This prevents an unpriv. user to set them to PROT_NONE and invert
976 ++ * them, then pointing to valid memory for L1TF speculation.
977 ++ *
978 ++ * Note: for locked down kernels may want to disable the root override.
979 ++ */
980 ++bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot)
981 ++{
982 ++ if (!boot_cpu_has_bug(X86_BUG_L1TF))
983 ++ return true;
984 ++ if (!__pte_needs_invert(pgprot_val(prot)))
985 ++ return true;
986 ++ /* If it's real memory always allow */
987 ++ if (pfn_valid(pfn))
988 ++ return true;
989 ++ if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
990 ++ return false;
991 ++ return true;
992 ++}
993 +diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
994 +index 79377e2a7bcd..27610c2d1821 100644
995 +--- a/arch/x86/mm/pageattr.c
996 ++++ b/arch/x86/mm/pageattr.c
997 +@@ -1006,8 +1006,8 @@ static int populate_pmd(struct cpa_data *cpa,
998 +
999 + pmd = pmd_offset(pud, start);
1000 +
1001 +- set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE |
1002 +- massage_pgprot(pmd_pgprot)));
1003 ++ set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn,
1004 ++ canon_pgprot(pmd_pgprot))));
1005 +
1006 + start += PMD_SIZE;
1007 + cpa->pfn += PMD_SIZE;
1008 +@@ -1079,8 +1079,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
1009 + * Map everything starting from the Gb boundary, possibly with 1G pages
1010 + */
1011 + while (end - start >= PUD_SIZE) {
1012 +- set_pud(pud, __pud(cpa->pfn | _PAGE_PSE |
1013 +- massage_pgprot(pud_pgprot)));
1014 ++ set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn,
1015 ++ canon_pgprot(pud_pgprot))));
1016 +
1017 + start += PUD_SIZE;
1018 + cpa->pfn += PUD_SIZE;
1019 +diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c
1020 +index f9e0d09f7c66..8a0f77fb5181 100644
1021 +--- a/drivers/acpi/acpi_lpss.c
1022 ++++ b/drivers/acpi/acpi_lpss.c
1023 +@@ -154,10 +154,12 @@ static const struct lpss_device_desc lpt_sdio_dev_desc = {
1024 +
1025 + static const struct lpss_device_desc byt_pwm_dev_desc = {
1026 + .flags = LPSS_SAVE_CTX,
1027 ++ .prv_offset = 0x800,
1028 + };
1029 +
1030 + static const struct lpss_device_desc bsw_pwm_dev_desc = {
1031 + .flags = LPSS_SAVE_CTX | LPSS_NO_D3_DELAY,
1032 ++ .prv_offset = 0x800,
1033 + };
1034 +
1035 + static const struct lpss_device_desc byt_uart_dev_desc = {
1036 +diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
1037 +index 143edea1076f..41090ef5facb 100644
1038 +--- a/drivers/base/cpu.c
1039 ++++ b/drivers/base/cpu.c
1040 +@@ -524,16 +524,24 @@ ssize_t __weak cpu_show_spec_store_bypass(struct device *dev,
1041 + return sprintf(buf, "Not affected\n");
1042 + }
1043 +
1044 ++ssize_t __weak cpu_show_l1tf(struct device *dev,
1045 ++ struct device_attribute *attr, char *buf)
1046 ++{
1047 ++ return sprintf(buf, "Not affected\n");
1048 ++}
1049 ++
1050 + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
1051 + static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
1052 + static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
1053 + static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
1054 ++static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
1055 +
1056 + static struct attribute *cpu_root_vulnerabilities_attrs[] = {
1057 + &dev_attr_meltdown.attr,
1058 + &dev_attr_spectre_v1.attr,
1059 + &dev_attr_spectre_v2.attr,
1060 + &dev_attr_spec_store_bypass.attr,
1061 ++ &dev_attr_l1tf.attr,
1062 + NULL
1063 + };
1064 +
1065 +diff --git a/drivers/char/tpm/tpm-dev.c b/drivers/char/tpm/tpm-dev.c
1066 +index 912ad30be585..4719aa781bf2 100644
1067 +--- a/drivers/char/tpm/tpm-dev.c
1068 ++++ b/drivers/char/tpm/tpm-dev.c
1069 +@@ -25,7 +25,7 @@ struct file_priv {
1070 + struct tpm_chip *chip;
1071 +
1072 + /* Data passed to and from the tpm via the read/write calls */
1073 +- atomic_t data_pending;
1074 ++ size_t data_pending;
1075 + struct mutex buffer_mutex;
1076 +
1077 + struct timer_list user_read_timer; /* user needs to claim result */
1078 +@@ -46,7 +46,7 @@ static void timeout_work(struct work_struct *work)
1079 + struct file_priv *priv = container_of(work, struct file_priv, work);
1080 +
1081 + mutex_lock(&priv->buffer_mutex);
1082 +- atomic_set(&priv->data_pending, 0);
1083 ++ priv->data_pending = 0;
1084 + memset(priv->data_buffer, 0, sizeof(priv->data_buffer));
1085 + mutex_unlock(&priv->buffer_mutex);
1086 + }
1087 +@@ -72,7 +72,6 @@ static int tpm_open(struct inode *inode, struct file *file)
1088 + }
1089 +
1090 + priv->chip = chip;
1091 +- atomic_set(&priv->data_pending, 0);
1092 + mutex_init(&priv->buffer_mutex);
1093 + setup_timer(&priv->user_read_timer, user_reader_timeout,
1094 + (unsigned long)priv);
1095 +@@ -86,28 +85,24 @@ static ssize_t tpm_read(struct file *file, char __user *buf,
1096 + size_t size, loff_t *off)
1097 + {
1098 + struct file_priv *priv = file->private_data;
1099 +- ssize_t ret_size;
1100 ++ ssize_t ret_size = 0;
1101 + int rc;
1102 +
1103 + del_singleshot_timer_sync(&priv->user_read_timer);
1104 + flush_work(&priv->work);
1105 +- ret_size = atomic_read(&priv->data_pending);
1106 +- if (ret_size > 0) { /* relay data */
1107 +- ssize_t orig_ret_size = ret_size;
1108 +- if (size < ret_size)
1109 +- ret_size = size;
1110 ++ mutex_lock(&priv->buffer_mutex);
1111 +
1112 +- mutex_lock(&priv->buffer_mutex);
1113 ++ if (priv->data_pending) {
1114 ++ ret_size = min_t(ssize_t, size, priv->data_pending);
1115 + rc = copy_to_user(buf, priv->data_buffer, ret_size);
1116 +- memset(priv->data_buffer, 0, orig_ret_size);
1117 ++ memset(priv->data_buffer, 0, priv->data_pending);
1118 + if (rc)
1119 + ret_size = -EFAULT;
1120 +
1121 +- mutex_unlock(&priv->buffer_mutex);
1122 ++ priv->data_pending = 0;
1123 + }
1124 +
1125 +- atomic_set(&priv->data_pending, 0);
1126 +-
1127 ++ mutex_unlock(&priv->buffer_mutex);
1128 + return ret_size;
1129 + }
1130 +
1131 +@@ -118,18 +113,20 @@ static ssize_t tpm_write(struct file *file, const char __user *buf,
1132 + size_t in_size = size;
1133 + ssize_t out_size;
1134 +
1135 +- /* cannot perform a write until the read has cleared
1136 +- either via tpm_read or a user_read_timer timeout.
1137 +- This also prevents splitted buffered writes from blocking here.
1138 +- */
1139 +- if (atomic_read(&priv->data_pending) != 0)
1140 +- return -EBUSY;
1141 +-
1142 + if (in_size > TPM_BUFSIZE)
1143 + return -E2BIG;
1144 +
1145 + mutex_lock(&priv->buffer_mutex);
1146 +
1147 ++ /* Cannot perform a write until the read has cleared either via
1148 ++ * tpm_read or a user_read_timer timeout. This also prevents split
1149 ++ * buffered writes from blocking here.
1150 ++ */
1151 ++ if (priv->data_pending != 0) {
1152 ++ mutex_unlock(&priv->buffer_mutex);
1153 ++ return -EBUSY;
1154 ++ }
1155 ++
1156 + if (copy_from_user
1157 + (priv->data_buffer, (void __user *) buf, in_size)) {
1158 + mutex_unlock(&priv->buffer_mutex);
1159 +@@ -153,7 +150,7 @@ static ssize_t tpm_write(struct file *file, const char __user *buf,
1160 + return out_size;
1161 + }
1162 +
1163 +- atomic_set(&priv->data_pending, out_size);
1164 ++ priv->data_pending = out_size;
1165 + mutex_unlock(&priv->buffer_mutex);
1166 +
1167 + /* Set a timeout by which the reader must come claim the result */
1168 +@@ -172,7 +169,7 @@ static int tpm_release(struct inode *inode, struct file *file)
1169 + del_singleshot_timer_sync(&priv->user_read_timer);
1170 + flush_work(&priv->work);
1171 + file->private_data = NULL;
1172 +- atomic_set(&priv->data_pending, 0);
1173 ++ priv->data_pending = 0;
1174 + clear_bit(0, &priv->chip->is_open);
1175 + kfree(priv);
1176 + return 0;
1177 +diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
1178 +index 6790ebb366dd..98fd9a594841 100644
1179 +--- a/drivers/infiniband/core/umem.c
1180 ++++ b/drivers/infiniband/core/umem.c
1181 +@@ -122,16 +122,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
1182 + umem->address = addr;
1183 + umem->page_size = PAGE_SIZE;
1184 + umem->pid = get_task_pid(current, PIDTYPE_PID);
1185 +- /*
1186 +- * We ask for writable memory if any of the following
1187 +- * access flags are set. "Local write" and "remote write"
1188 +- * obviously require write access. "Remote atomic" can do
1189 +- * things like fetch and add, which will modify memory, and
1190 +- * "MW bind" can change permissions by binding a window.
1191 +- */
1192 +- umem->writable = !!(access &
1193 +- (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE |
1194 +- IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND));
1195 ++ umem->writable = ib_access_writable(access);
1196 +
1197 + if (access & IB_ACCESS_ON_DEMAND) {
1198 + put_pid(umem->pid);
1199 +diff --git a/drivers/infiniband/hw/mlx4/mr.c b/drivers/infiniband/hw/mlx4/mr.c
1200 +index ce87e9cc7eff..bf52e35dd506 100644
1201 +--- a/drivers/infiniband/hw/mlx4/mr.c
1202 ++++ b/drivers/infiniband/hw/mlx4/mr.c
1203 +@@ -130,6 +130,40 @@ out:
1204 + return err;
1205 + }
1206 +
1207 ++static struct ib_umem *mlx4_get_umem_mr(struct ib_ucontext *context, u64 start,
1208 ++ u64 length, u64 virt_addr,
1209 ++ int access_flags)
1210 ++{
1211 ++ /*
1212 ++ * Force registering the memory as writable if the underlying pages
1213 ++ * are writable. This is so rereg can change the access permissions
1214 ++ * from readable to writable without having to run through ib_umem_get
1215 ++ * again
1216 ++ */
1217 ++ if (!ib_access_writable(access_flags)) {
1218 ++ struct vm_area_struct *vma;
1219 ++
1220 ++ down_read(&current->mm->mmap_sem);
1221 ++ /*
1222 ++ * FIXME: Ideally this would iterate over all the vmas that
1223 ++ * cover the memory, but for now it requires a single vma to
1224 ++ * entirely cover the MR to support RO mappings.
1225 ++ */
1226 ++ vma = find_vma(current->mm, start);
1227 ++ if (vma && vma->vm_end >= start + length &&
1228 ++ vma->vm_start <= start) {
1229 ++ if (vma->vm_flags & VM_WRITE)
1230 ++ access_flags |= IB_ACCESS_LOCAL_WRITE;
1231 ++ } else {
1232 ++ access_flags |= IB_ACCESS_LOCAL_WRITE;
1233 ++ }
1234 ++
1235 ++ up_read(&current->mm->mmap_sem);
1236 ++ }
1237 ++
1238 ++ return ib_umem_get(context, start, length, access_flags, 0);
1239 ++}
1240 ++
1241 + struct ib_mr *mlx4_ib_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
1242 + u64 virt_addr, int access_flags,
1243 + struct ib_udata *udata)
1244 +@@ -144,10 +178,8 @@ struct ib_mr *mlx4_ib_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
1245 + if (!mr)
1246 + return ERR_PTR(-ENOMEM);
1247 +
1248 +- /* Force registering the memory as writable. */
1249 +- /* Used for memory re-registeration. HCA protects the access */
1250 +- mr->umem = ib_umem_get(pd->uobject->context, start, length,
1251 +- access_flags | IB_ACCESS_LOCAL_WRITE, 0);
1252 ++ mr->umem = mlx4_get_umem_mr(pd->uobject->context, start, length,
1253 ++ virt_addr, access_flags);
1254 + if (IS_ERR(mr->umem)) {
1255 + err = PTR_ERR(mr->umem);
1256 + goto err_free;
1257 +@@ -214,6 +246,9 @@ int mlx4_ib_rereg_user_mr(struct ib_mr *mr, int flags,
1258 + }
1259 +
1260 + if (flags & IB_MR_REREG_ACCESS) {
1261 ++ if (ib_access_writable(mr_access_flags) && !mmr->umem->writable)
1262 ++ return -EPERM;
1263 ++
1264 + err = mlx4_mr_hw_change_access(dev->dev, *pmpt_entry,
1265 + convert_access(mr_access_flags));
1266 +
1267 +@@ -227,10 +262,9 @@ int mlx4_ib_rereg_user_mr(struct ib_mr *mr, int flags,
1268 +
1269 + mlx4_mr_rereg_mem_cleanup(dev->dev, &mmr->mmr);
1270 + ib_umem_release(mmr->umem);
1271 +- mmr->umem = ib_umem_get(mr->uobject->context, start, length,
1272 +- mr_access_flags |
1273 +- IB_ACCESS_LOCAL_WRITE,
1274 +- 0);
1275 ++ mmr->umem =
1276 ++ mlx4_get_umem_mr(mr->uobject->context, start, length,
1277 ++ virt_addr, mr_access_flags);
1278 + if (IS_ERR(mmr->umem)) {
1279 + err = PTR_ERR(mmr->umem);
1280 + /* Prevent mlx4_ib_dereg_mr from free'ing invalid pointer */
1281 +diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
1282 +index 748b63b86cbc..40242ead096f 100644
1283 +--- a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
1284 ++++ b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
1285 +@@ -643,7 +643,7 @@ static ssize_t ocrdma_dbgfs_ops_write(struct file *filp,
1286 + struct ocrdma_stats *pstats = filp->private_data;
1287 + struct ocrdma_dev *dev = pstats->dev;
1288 +
1289 +- if (count > 32)
1290 ++ if (*ppos != 0 || count == 0 || count > sizeof(tmp_str))
1291 + goto err;
1292 +
1293 + if (copy_from_user(tmp_str, buffer, count))
1294 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
1295 +index bec9f099573b..68d0a5c9d437 100644
1296 +--- a/drivers/net/xen-netfront.c
1297 ++++ b/drivers/net/xen-netfront.c
1298 +@@ -879,7 +879,6 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue,
1299 + struct sk_buff *skb,
1300 + struct sk_buff_head *list)
1301 + {
1302 +- struct skb_shared_info *shinfo = skb_shinfo(skb);
1303 + RING_IDX cons = queue->rx.rsp_cons;
1304 + struct sk_buff *nskb;
1305 +
1306 +@@ -888,15 +887,16 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue,
1307 + RING_GET_RESPONSE(&queue->rx, ++cons);
1308 + skb_frag_t *nfrag = &skb_shinfo(nskb)->frags[0];
1309 +
1310 +- if (shinfo->nr_frags == MAX_SKB_FRAGS) {
1311 ++ if (skb_shinfo(skb)->nr_frags == MAX_SKB_FRAGS) {
1312 + unsigned int pull_to = NETFRONT_SKB_CB(skb)->pull_to;
1313 +
1314 + BUG_ON(pull_to <= skb_headlen(skb));
1315 + __pskb_pull_tail(skb, pull_to - skb_headlen(skb));
1316 + }
1317 +- BUG_ON(shinfo->nr_frags >= MAX_SKB_FRAGS);
1318 ++ BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS);
1319 +
1320 +- skb_add_rx_frag(skb, shinfo->nr_frags, skb_frag_page(nfrag),
1321 ++ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
1322 ++ skb_frag_page(nfrag),
1323 + rx->offset, rx->status, PAGE_SIZE);
1324 +
1325 + skb_shinfo(nskb)->nr_frags = 0;
1326 +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
1327 +index de53c9694b68..5dc288fecace 100644
1328 +--- a/drivers/scsi/sr.c
1329 ++++ b/drivers/scsi/sr.c
1330 +@@ -520,18 +520,26 @@ static int sr_init_command(struct scsi_cmnd *SCpnt)
1331 + static int sr_block_open(struct block_device *bdev, fmode_t mode)
1332 + {
1333 + struct scsi_cd *cd;
1334 ++ struct scsi_device *sdev;
1335 + int ret = -ENXIO;
1336 +
1337 ++ cd = scsi_cd_get(bdev->bd_disk);
1338 ++ if (!cd)
1339 ++ goto out;
1340 ++
1341 ++ sdev = cd->device;
1342 ++ scsi_autopm_get_device(sdev);
1343 + check_disk_change(bdev);
1344 +
1345 + mutex_lock(&sr_mutex);
1346 +- cd = scsi_cd_get(bdev->bd_disk);
1347 +- if (cd) {
1348 +- ret = cdrom_open(&cd->cdi, bdev, mode);
1349 +- if (ret)
1350 +- scsi_cd_put(cd);
1351 +- }
1352 ++ ret = cdrom_open(&cd->cdi, bdev, mode);
1353 + mutex_unlock(&sr_mutex);
1354 ++
1355 ++ scsi_autopm_put_device(sdev);
1356 ++ if (ret)
1357 ++ scsi_cd_put(cd);
1358 ++
1359 ++out:
1360 + return ret;
1361 + }
1362 +
1363 +@@ -559,6 +567,8 @@ static int sr_block_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd,
1364 + if (ret)
1365 + goto out;
1366 +
1367 ++ scsi_autopm_get_device(sdev);
1368 ++
1369 + /*
1370 + * Send SCSI addressing ioctls directly to mid level, send other
1371 + * ioctls to cdrom/block level.
1372 +@@ -567,15 +577,18 @@ static int sr_block_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd,
1373 + case SCSI_IOCTL_GET_IDLUN:
1374 + case SCSI_IOCTL_GET_BUS_NUMBER:
1375 + ret = scsi_ioctl(sdev, cmd, argp);
1376 +- goto out;
1377 ++ goto put;
1378 + }
1379 +
1380 + ret = cdrom_ioctl(&cd->cdi, bdev, mode, cmd, arg);
1381 + if (ret != -ENOSYS)
1382 +- goto out;
1383 ++ goto put;
1384 +
1385 + ret = scsi_ioctl(sdev, cmd, argp);
1386 +
1387 ++put:
1388 ++ scsi_autopm_put_device(sdev);
1389 ++
1390 + out:
1391 + mutex_unlock(&sr_mutex);
1392 + return ret;
1393 +diff --git a/fs/dcache.c b/fs/dcache.c
1394 +index 250c1222e30c..807efaab838e 100644
1395 +--- a/fs/dcache.c
1396 ++++ b/fs/dcache.c
1397 +@@ -1954,10 +1954,12 @@ struct dentry *d_make_root(struct inode *root_inode)
1398 + static const struct qstr name = QSTR_INIT("/", 1);
1399 +
1400 + res = __d_alloc(root_inode->i_sb, &name);
1401 +- if (res)
1402 ++ if (res) {
1403 ++ res->d_flags |= DCACHE_RCUACCESS;
1404 + d_instantiate(res, root_inode);
1405 +- else
1406 ++ } else {
1407 + iput(root_inode);
1408 ++ }
1409 + }
1410 + return res;
1411 + }
1412 +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
1413 +index 041117fd8fd7..0963213e9cd3 100644
1414 +--- a/fs/ext4/ialloc.c
1415 ++++ b/fs/ext4/ialloc.c
1416 +@@ -1308,7 +1308,10 @@ int ext4_init_inode_table(struct super_block *sb, ext4_group_t group,
1417 + ext4_itable_unused_count(sb, gdp)),
1418 + sbi->s_inodes_per_block);
1419 +
1420 +- if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group)) {
1421 ++ if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group) ||
1422 ++ ((group == 0) && ((EXT4_INODES_PER_GROUP(sb) -
1423 ++ ext4_itable_unused_count(sb, gdp)) <
1424 ++ EXT4_FIRST_INO(sb)))) {
1425 + ext4_error(sb, "Something is wrong with group %u: "
1426 + "used itable blocks: %d; "
1427 + "itable unused count: %u",
1428 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
1429 +index 3e4d8ac1974e..8d18f6142da5 100644
1430 +--- a/fs/ext4/super.c
1431 ++++ b/fs/ext4/super.c
1432 +@@ -2875,14 +2875,8 @@ static ext4_group_t ext4_has_uninit_itable(struct super_block *sb)
1433 + if (!gdp)
1434 + continue;
1435 +
1436 +- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))
1437 +- continue;
1438 +- if (group != 0)
1439 ++ if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)))
1440 + break;
1441 +- ext4_error(sb, "Inode table for bg 0 marked as "
1442 +- "needing zeroing");
1443 +- if (sb->s_flags & MS_RDONLY)
1444 +- return ngroups;
1445 + }
1446 +
1447 + return group;
1448 +diff --git a/fs/namespace.c b/fs/namespace.c
1449 +index a879560ea144..b56b50e3da11 100644
1450 +--- a/fs/namespace.c
1451 ++++ b/fs/namespace.c
1452 +@@ -603,12 +603,21 @@ int __legitimize_mnt(struct vfsmount *bastard, unsigned seq)
1453 + return 0;
1454 + mnt = real_mount(bastard);
1455 + mnt_add_count(mnt, 1);
1456 ++ smp_mb(); // see mntput_no_expire()
1457 + if (likely(!read_seqretry(&mount_lock, seq)))
1458 + return 0;
1459 + if (bastard->mnt_flags & MNT_SYNC_UMOUNT) {
1460 + mnt_add_count(mnt, -1);
1461 + return 1;
1462 + }
1463 ++ lock_mount_hash();
1464 ++ if (unlikely(bastard->mnt_flags & MNT_DOOMED)) {
1465 ++ mnt_add_count(mnt, -1);
1466 ++ unlock_mount_hash();
1467 ++ return 1;
1468 ++ }
1469 ++ unlock_mount_hash();
1470 ++ /* caller will mntput() */
1471 + return -1;
1472 + }
1473 +
1474 +@@ -1124,12 +1133,27 @@ static DECLARE_DELAYED_WORK(delayed_mntput_work, delayed_mntput);
1475 + static void mntput_no_expire(struct mount *mnt)
1476 + {
1477 + rcu_read_lock();
1478 +- mnt_add_count(mnt, -1);
1479 +- if (likely(mnt->mnt_ns)) { /* shouldn't be the last one */
1480 ++ if (likely(READ_ONCE(mnt->mnt_ns))) {
1481 ++ /*
1482 ++ * Since we don't do lock_mount_hash() here,
1483 ++ * ->mnt_ns can change under us. However, if it's
1484 ++ * non-NULL, then there's a reference that won't
1485 ++ * be dropped until after an RCU delay done after
1486 ++ * turning ->mnt_ns NULL. So if we observe it
1487 ++ * non-NULL under rcu_read_lock(), the reference
1488 ++ * we are dropping is not the final one.
1489 ++ */
1490 ++ mnt_add_count(mnt, -1);
1491 + rcu_read_unlock();
1492 + return;
1493 + }
1494 + lock_mount_hash();
1495 ++ /*
1496 ++ * make sure that if __legitimize_mnt() has not seen us grab
1497 ++ * mount_lock, we'll see their refcount increment here.
1498 ++ */
1499 ++ smp_mb();
1500 ++ mnt_add_count(mnt, -1);
1501 + if (mnt_get_count(mnt)) {
1502 + rcu_read_unlock();
1503 + unlock_mount_hash();
1504 +diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
1505 +index 25b793325b09..dabecb661264 100644
1506 +--- a/include/asm-generic/pgtable.h
1507 ++++ b/include/asm-generic/pgtable.h
1508 +@@ -799,6 +799,18 @@ static inline int pmd_free_pte_page(pmd_t *pmd)
1509 + }
1510 + #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */
1511 +
1512 ++#ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED
1513 ++static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot)
1514 ++{
1515 ++ return true;
1516 ++}
1517 ++
1518 ++static inline bool arch_has_pfn_modify_check(void)
1519 ++{
1520 ++ return false;
1521 ++}
1522 ++#endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */
1523 ++
1524 + #endif /* !__ASSEMBLY__ */
1525 +
1526 + #ifndef io_remap_pfn_range
1527 +diff --git a/include/linux/cpu.h b/include/linux/cpu.h
1528 +index 2f9d12022100..063c73ed6d78 100644
1529 +--- a/include/linux/cpu.h
1530 ++++ b/include/linux/cpu.h
1531 +@@ -48,6 +48,8 @@ extern ssize_t cpu_show_spectre_v2(struct device *dev,
1532 + struct device_attribute *attr, char *buf);
1533 + extern ssize_t cpu_show_spec_store_bypass(struct device *dev,
1534 + struct device_attribute *attr, char *buf);
1535 ++extern ssize_t cpu_show_l1tf(struct device *dev,
1536 ++ struct device_attribute *attr, char *buf);
1537 +
1538 + extern __printf(4, 5)
1539 + struct device *cpu_device_create(struct device *parent, void *drvdata,
1540 +diff --git a/include/linux/mm.h b/include/linux/mm.h
1541 +index a100946607a5..1f4366567e7d 100644
1542 +--- a/include/linux/mm.h
1543 ++++ b/include/linux/mm.h
1544 +@@ -2083,6 +2083,8 @@ int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
1545 + int vm_insert_page(struct vm_area_struct *, unsigned long addr, struct page *);
1546 + int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
1547 + unsigned long pfn);
1548 ++int vm_insert_pfn_prot(struct vm_area_struct *vma, unsigned long addr,
1549 ++ unsigned long pfn, pgprot_t pgprot);
1550 + int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
1551 + unsigned long pfn);
1552 + int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len);
1553 +diff --git a/include/linux/swapfile.h b/include/linux/swapfile.h
1554 +index 388293a91e8c..e4594de79bc4 100644
1555 +--- a/include/linux/swapfile.h
1556 ++++ b/include/linux/swapfile.h
1557 +@@ -9,5 +9,7 @@ extern spinlock_t swap_lock;
1558 + extern struct plist_head swap_active_head;
1559 + extern struct swap_info_struct *swap_info[];
1560 + extern int try_to_unuse(unsigned int, bool, unsigned long);
1561 ++extern unsigned long generic_max_swapfile_size(void);
1562 ++extern unsigned long max_swapfile_size(void);
1563 +
1564 + #endif /* _LINUX_SWAPFILE_H */
1565 +diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
1566 +index ff307b548ed3..646891f3bc1e 100644
1567 +--- a/include/linux/thread_info.h
1568 ++++ b/include/linux/thread_info.h
1569 +@@ -55,11 +55,7 @@ extern long do_no_restart_syscall(struct restart_block *parm);
1570 +
1571 + #ifdef __KERNEL__
1572 +
1573 +-#ifdef CONFIG_DEBUG_STACK_USAGE
1574 +-# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO)
1575 +-#else
1576 +-# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK)
1577 +-#endif
1578 ++#define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO)
1579 +
1580 + /*
1581 + * flag set/clear/test wrappers
1582 +diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
1583 +index 120da1d7f57e..10fefb0dc640 100644
1584 +--- a/include/rdma/ib_verbs.h
1585 ++++ b/include/rdma/ib_verbs.h
1586 +@@ -3007,6 +3007,20 @@ static inline int ib_check_mr_access(int flags)
1587 + return 0;
1588 + }
1589 +
1590 ++static inline bool ib_access_writable(int access_flags)
1591 ++{
1592 ++ /*
1593 ++ * We have writable memory backing the MR if any of the following
1594 ++ * access flags are set. "Local write" and "remote write" obviously
1595 ++ * require write access. "Remote atomic" can do things like fetch and
1596 ++ * add, which will modify memory, and "MW bind" can change permissions
1597 ++ * by binding a window.
1598 ++ */
1599 ++ return access_flags &
1600 ++ (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE |
1601 ++ IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND);
1602 ++}
1603 ++
1604 + /**
1605 + * ib_check_mr_status: lightweight check of MR status.
1606 + * This routine may provide status checks on a selected
1607 +diff --git a/mm/memory.c b/mm/memory.c
1608 +index 177cb7d111a9..d5bb1465d30c 100644
1609 +--- a/mm/memory.c
1610 ++++ b/mm/memory.c
1611 +@@ -1604,9 +1604,30 @@ out:
1612 + */
1613 + int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
1614 + unsigned long pfn)
1615 ++{
1616 ++ return vm_insert_pfn_prot(vma, addr, pfn, vma->vm_page_prot);
1617 ++}
1618 ++EXPORT_SYMBOL(vm_insert_pfn);
1619 ++
1620 ++/**
1621 ++ * vm_insert_pfn_prot - insert single pfn into user vma with specified pgprot
1622 ++ * @vma: user vma to map to
1623 ++ * @addr: target user address of this page
1624 ++ * @pfn: source kernel pfn
1625 ++ * @pgprot: pgprot flags for the inserted page
1626 ++ *
1627 ++ * This is exactly like vm_insert_pfn, except that it allows drivers to
1628 ++ * to override pgprot on a per-page basis.
1629 ++ *
1630 ++ * This only makes sense for IO mappings, and it makes no sense for
1631 ++ * cow mappings. In general, using multiple vmas is preferable;
1632 ++ * vm_insert_pfn_prot should only be used if using multiple VMAs is
1633 ++ * impractical.
1634 ++ */
1635 ++int vm_insert_pfn_prot(struct vm_area_struct *vma, unsigned long addr,
1636 ++ unsigned long pfn, pgprot_t pgprot)
1637 + {
1638 + int ret;
1639 +- pgprot_t pgprot = vma->vm_page_prot;
1640 + /*
1641 + * Technically, architectures with pte_special can avoid all these
1642 + * restrictions (same for remap_pfn_range). However we would like
1643 +@@ -1624,19 +1645,29 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
1644 + if (track_pfn_insert(vma, &pgprot, pfn))
1645 + return -EINVAL;
1646 +
1647 ++ if (!pfn_modify_allowed(pfn, pgprot))
1648 ++ return -EACCES;
1649 ++
1650 + ret = insert_pfn(vma, addr, pfn, pgprot);
1651 +
1652 + return ret;
1653 + }
1654 +-EXPORT_SYMBOL(vm_insert_pfn);
1655 ++EXPORT_SYMBOL(vm_insert_pfn_prot);
1656 +
1657 + int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
1658 + unsigned long pfn)
1659 + {
1660 ++ pgprot_t pgprot = vma->vm_page_prot;
1661 ++
1662 + BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
1663 +
1664 + if (addr < vma->vm_start || addr >= vma->vm_end)
1665 + return -EFAULT;
1666 ++ if (track_pfn_insert(vma, &pgprot, pfn))
1667 ++ return -EINVAL;
1668 ++
1669 ++ if (!pfn_modify_allowed(pfn, pgprot))
1670 ++ return -EACCES;
1671 +
1672 + /*
1673 + * If we don't have pte special, then we have to use the pfn_valid()
1674 +@@ -1649,9 +1680,9 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
1675 + struct page *page;
1676 +
1677 + page = pfn_to_page(pfn);
1678 +- return insert_page(vma, addr, page, vma->vm_page_prot);
1679 ++ return insert_page(vma, addr, page, pgprot);
1680 + }
1681 +- return insert_pfn(vma, addr, pfn, vma->vm_page_prot);
1682 ++ return insert_pfn(vma, addr, pfn, pgprot);
1683 + }
1684 + EXPORT_SYMBOL(vm_insert_mixed);
1685 +
1686 +@@ -1666,6 +1697,7 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd,
1687 + {
1688 + pte_t *pte;
1689 + spinlock_t *ptl;
1690 ++ int err = 0;
1691 +
1692 + pte = pte_alloc_map_lock(mm, pmd, addr, &ptl);
1693 + if (!pte)
1694 +@@ -1673,12 +1705,16 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd,
1695 + arch_enter_lazy_mmu_mode();
1696 + do {
1697 + BUG_ON(!pte_none(*pte));
1698 ++ if (!pfn_modify_allowed(pfn, prot)) {
1699 ++ err = -EACCES;
1700 ++ break;
1701 ++ }
1702 + set_pte_at(mm, addr, pte, pte_mkspecial(pfn_pte(pfn, prot)));
1703 + pfn++;
1704 + } while (pte++, addr += PAGE_SIZE, addr != end);
1705 + arch_leave_lazy_mmu_mode();
1706 + pte_unmap_unlock(pte - 1, ptl);
1707 +- return 0;
1708 ++ return err;
1709 + }
1710 +
1711 + static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud,
1712 +@@ -1687,6 +1723,7 @@ static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud,
1713 + {
1714 + pmd_t *pmd;
1715 + unsigned long next;
1716 ++ int err;
1717 +
1718 + pfn -= addr >> PAGE_SHIFT;
1719 + pmd = pmd_alloc(mm, pud, addr);
1720 +@@ -1695,9 +1732,10 @@ static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud,
1721 + VM_BUG_ON(pmd_trans_huge(*pmd));
1722 + do {
1723 + next = pmd_addr_end(addr, end);
1724 +- if (remap_pte_range(mm, pmd, addr, next,
1725 +- pfn + (addr >> PAGE_SHIFT), prot))
1726 +- return -ENOMEM;
1727 ++ err = remap_pte_range(mm, pmd, addr, next,
1728 ++ pfn + (addr >> PAGE_SHIFT), prot);
1729 ++ if (err)
1730 ++ return err;
1731 + } while (pmd++, addr = next, addr != end);
1732 + return 0;
1733 + }
1734 +@@ -1708,6 +1746,7 @@ static inline int remap_pud_range(struct mm_struct *mm, pgd_t *pgd,
1735 + {
1736 + pud_t *pud;
1737 + unsigned long next;
1738 ++ int err;
1739 +
1740 + pfn -= addr >> PAGE_SHIFT;
1741 + pud = pud_alloc(mm, pgd, addr);
1742 +@@ -1715,9 +1754,10 @@ static inline int remap_pud_range(struct mm_struct *mm, pgd_t *pgd,
1743 + return -ENOMEM;
1744 + do {
1745 + next = pud_addr_end(addr, end);
1746 +- if (remap_pmd_range(mm, pud, addr, next,
1747 +- pfn + (addr >> PAGE_SHIFT), prot))
1748 +- return -ENOMEM;
1749 ++ err = remap_pmd_range(mm, pud, addr, next,
1750 ++ pfn + (addr >> PAGE_SHIFT), prot);
1751 ++ if (err)
1752 ++ return err;
1753 + } while (pud++, addr = next, addr != end);
1754 + return 0;
1755 + }
1756 +diff --git a/mm/mprotect.c b/mm/mprotect.c
1757 +index c0b4b2a49462..a277f3412a5d 100644
1758 +--- a/mm/mprotect.c
1759 ++++ b/mm/mprotect.c
1760 +@@ -255,6 +255,42 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
1761 + return pages;
1762 + }
1763 +
1764 ++static int prot_none_pte_entry(pte_t *pte, unsigned long addr,
1765 ++ unsigned long next, struct mm_walk *walk)
1766 ++{
1767 ++ return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ?
1768 ++ 0 : -EACCES;
1769 ++}
1770 ++
1771 ++static int prot_none_hugetlb_entry(pte_t *pte, unsigned long hmask,
1772 ++ unsigned long addr, unsigned long next,
1773 ++ struct mm_walk *walk)
1774 ++{
1775 ++ return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ?
1776 ++ 0 : -EACCES;
1777 ++}
1778 ++
1779 ++static int prot_none_test(unsigned long addr, unsigned long next,
1780 ++ struct mm_walk *walk)
1781 ++{
1782 ++ return 0;
1783 ++}
1784 ++
1785 ++static int prot_none_walk(struct vm_area_struct *vma, unsigned long start,
1786 ++ unsigned long end, unsigned long newflags)
1787 ++{
1788 ++ pgprot_t new_pgprot = vm_get_page_prot(newflags);
1789 ++ struct mm_walk prot_none_walk = {
1790 ++ .pte_entry = prot_none_pte_entry,
1791 ++ .hugetlb_entry = prot_none_hugetlb_entry,
1792 ++ .test_walk = prot_none_test,
1793 ++ .mm = current->mm,
1794 ++ .private = &new_pgprot,
1795 ++ };
1796 ++
1797 ++ return walk_page_range(start, end, &prot_none_walk);
1798 ++}
1799 ++
1800 + int
1801 + mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1802 + unsigned long start, unsigned long end, unsigned long newflags)
1803 +@@ -272,6 +308,19 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1804 + return 0;
1805 + }
1806 +
1807 ++ /*
1808 ++ * Do PROT_NONE PFN permission checks here when we can still
1809 ++ * bail out without undoing a lot of state. This is a rather
1810 ++ * uncommon case, so doesn't need to be very optimized.
1811 ++ */
1812 ++ if (arch_has_pfn_modify_check() &&
1813 ++ (vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) &&
1814 ++ (newflags & (VM_READ|VM_WRITE|VM_EXEC)) == 0) {
1815 ++ error = prot_none_walk(vma, start, end, newflags);
1816 ++ if (error)
1817 ++ return error;
1818 ++ }
1819 ++
1820 + /*
1821 + * If we make a private mapping writable we increase our commit;
1822 + * but (without finer accounting) cannot reduce our commit if we
1823 +diff --git a/mm/swapfile.c b/mm/swapfile.c
1824 +index 674bf177ce44..8e25ff2b693a 100644
1825 +--- a/mm/swapfile.c
1826 ++++ b/mm/swapfile.c
1827 +@@ -2206,6 +2206,35 @@ static int claim_swapfile(struct swap_info_struct *p, struct inode *inode)
1828 + return 0;
1829 + }
1830 +
1831 ++
1832 ++/*
1833 ++ * Find out how many pages are allowed for a single swap device. There
1834 ++ * are two limiting factors:
1835 ++ * 1) the number of bits for the swap offset in the swp_entry_t type, and
1836 ++ * 2) the number of bits in the swap pte, as defined by the different
1837 ++ * architectures.
1838 ++ *
1839 ++ * In order to find the largest possible bit mask, a swap entry with
1840 ++ * swap type 0 and swap offset ~0UL is created, encoded to a swap pte,
1841 ++ * decoded to a swp_entry_t again, and finally the swap offset is
1842 ++ * extracted.
1843 ++ *
1844 ++ * This will mask all the bits from the initial ~0UL mask that can't
1845 ++ * be encoded in either the swp_entry_t or the architecture definition
1846 ++ * of a swap pte.
1847 ++ */
1848 ++unsigned long generic_max_swapfile_size(void)
1849 ++{
1850 ++ return swp_offset(pte_to_swp_entry(
1851 ++ swp_entry_to_pte(swp_entry(0, ~0UL)))) + 1;
1852 ++}
1853 ++
1854 ++/* Can be overridden by an architecture for additional checks. */
1855 ++__weak unsigned long max_swapfile_size(void)
1856 ++{
1857 ++ return generic_max_swapfile_size();
1858 ++}
1859 ++
1860 + static unsigned long read_swap_header(struct swap_info_struct *p,
1861 + union swap_header *swap_header,
1862 + struct inode *inode)
1863 +@@ -2241,22 +2270,7 @@ static unsigned long read_swap_header(struct swap_info_struct *p,
1864 + p->cluster_next = 1;
1865 + p->cluster_nr = 0;
1866 +
1867 +- /*
1868 +- * Find out how many pages are allowed for a single swap
1869 +- * device. There are two limiting factors: 1) the number
1870 +- * of bits for the swap offset in the swp_entry_t type, and
1871 +- * 2) the number of bits in the swap pte as defined by the
1872 +- * different architectures. In order to find the
1873 +- * largest possible bit mask, a swap entry with swap type 0
1874 +- * and swap offset ~0UL is created, encoded to a swap pte,
1875 +- * decoded to a swp_entry_t again, and finally the swap
1876 +- * offset is extracted. This will mask all the bits from
1877 +- * the initial ~0UL mask that can't be encoded in either
1878 +- * the swp_entry_t or the architecture definition of a
1879 +- * swap pte.
1880 +- */
1881 +- maxpages = swp_offset(pte_to_swp_entry(
1882 +- swp_entry_to_pte(swp_entry(0, ~0UL)))) + 1;
1883 ++ maxpages = max_swapfile_size();
1884 + last_page = swap_header->info.last_page;
1885 + if (!last_page) {
1886 + pr_warn("Empty swap-file\n");
1887 +diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
1888 +index 93581bba8643..09d6c4a6b53d 100644
1889 +--- a/net/ipv4/Kconfig
1890 ++++ b/net/ipv4/Kconfig
1891 +@@ -354,6 +354,7 @@ config INET_ESP
1892 + select CRYPTO_CBC
1893 + select CRYPTO_SHA1
1894 + select CRYPTO_DES
1895 ++ select CRYPTO_ECHAINIV
1896 + ---help---
1897 + Support for IPsec ESP.
1898 +
1899 +diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
1900 +index 851d5c9e3ecc..0f50248bad17 100644
1901 +--- a/net/ipv6/Kconfig
1902 ++++ b/net/ipv6/Kconfig
1903 +@@ -69,6 +69,7 @@ config INET6_ESP
1904 + select CRYPTO_CBC
1905 + select CRYPTO_SHA1
1906 + select CRYPTO_DES
1907 ++ select CRYPTO_ECHAINIV
1908 + ---help---
1909 + Support for IPsec ESP.
1910 +
Report Message
Find on MARC Find on Google Groups