[SRU,Xenial] Xenial update to 4.4.118 stable release

Message ID 553bb09b-ca2c-6a92-4a5a-99bdf06331ad@canonical.com
State New
Headers show
Series
  • [SRU,Xenial] Xenial update to 4.4.118 stable release
Related show

Pull-request

https://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.118

Message

Juerg Haefliger April 3, 2018, 12:40 p.m.
BugLink: http://bugs.launchpad.net/bugs/1756866

This is a pull request for the Xenial stable update from 4.4.117 to
4.4.118. The most notable change is the replacement of our spectre v1
implementation with upstream's version. Specifically, the following
patches are reverted:

UBUNTU: SAUCE: arm: no osb() implementation yet"
UBUNTU: SAUCE: arm64: no osb() implementation yet"
UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
UBUNTU: SAUCE: powerpc: add osb barrier"
UBUNTU: SAUCE: claim mitigation via observable speculation barrier"
userns: prevent speculative execution"
udf: prevent speculative execution"
net: mpls: prevent speculative execution"
fs: prevent speculative execution"
ipv6: prevent speculative execution"
ipv4: prevent speculative execution"
Thermal/int340x: prevent speculative execution"
qla2xxx: prevent speculative execution"
carl9170: prevent speculative execution"
UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when
JIT is enabled"
x86, bpf, jit: prevent speculative execution when JIT is enabled"
bpf: prevent speculative execution in eBPF interpreter"
locking/barriers: introduce new observable speculation barrier"
UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"

And their functionality is (partially?) replaced by upstream's patchset:

x86/kvm: Update spectre-v1 mitigation
x86/spectre: Report get_user mitigation for spectre_v1
nl80211: Sanitize array index in parse_txq_params
vfs, fdtable: Prevent bounds-check bypass via speculative execution
x86/syscall: Sanitize syscall table de-references under speculation
x86/get_user: Use pointer masking to limit speculation
x86: Introduce barrier_nospec
x86: Implement array_index_mask_nospec
array_index_nospec: Sanitize speculative array de-references
Documentation: Document array_index_nospec

Note that v1 of the patchset submitted upstream [1] was more or less
what we have pulled into Xenial. What's missing from that submittal
compared to what we have are the bpf/jit patches and some of the osb()
sprinkling throughout various subsystems and drivers. There was back and
forth arguing in upstream about whether some of the places that the v1
patchset modified were even user-space controllable and they eventually
got dropped form the final v6 version [2]. Plus they added syscall and
get_user sanitization.

Also, the current upstream implementation is x86 only. PowerPC is in the
works [3] but no s390x as of yet.

[1] https://lkml.org/lkml/2018/1/5/769
[2] https://lkml.org/lkml/2018/1/29/960
[3] https://lkml.org/lkml/2018/3/15/929


Let me know if you think we should bring back some or all of the stuff
that got dropped (powerpc, s390x, bpf).

Compile tested all supported architectures.

...Juerg



The following changes since commit 638103b5a72ff90bead7fb350adb014be934cf35:

  Linux 4.4.117 (2018-03-27 08:40:12 +0200)

are available in the git repository at:

  https://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.118

for you to fetch changes up to 26c747a51753fb263a1107da3e8a07a249aa636a:

  ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (2018-03-28
11:19:22 +0200)

----------------------------------------------------------------
Alexandru Ardelean (1):
      staging: iio: adc: ad7192: fix external frequency setting

Andi Kleen (1):
      module/retpoline: Warn about missing retpoline in module

Andre Przywara (1):
      pinctrl: sunxi: Fix A80 interrupt pin bank

Andy Lutomirski (1):
      dell-wmi, dell-laptop: depends DMI

Arnd Bergmann (77):
      ASoC: ux500: add MODULE_LICENSE tag
      video: fbdev/mmp: add MODULE_LICENSE
      arm64: dts: add #cooling-cells to CPU nodes
      virtio_balloon: prevent uninitialized variable use
      isdn: icn: remove a #warning
      vmxnet3: prevent building with 64K pages
      video: fbdev: via: remove possibly unused variables
      scsi: advansys: fix build warning for PCI=n
      arm64: define BUG() instruction without CONFIG_BUG
      x86/fpu/math-emu: Fix possible uninitialized variable use
      x86/build: Silence the build with "make -s"
      thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
      x86: add MULTIUSER dependency for KVM
      x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
      scsi: advansys: fix uninitialized data access
      ALSA: hda/ca0132 - fix possible NULL pointer use
      reiserfs: avoid a -Wmaybe-uninitialized warning
      ssb: mark ssb_bus_register as __maybe_unused
      thermal: spear: use __maybe_unused for PM functions
      x86/boot: Avoid warning for zero-filling .bss
      profile: hide unused functions when !CONFIG_PROC_FS
      md: avoid warning for 32-bit sector_t
      mtd: ichxrom: maybe-uninitialized with gcc-4.9
      mptfusion: hide unused seq_mpt_print_ioc_summary function
      scsi: fdomain: drop fdomain_pci_tbl when built-in
      staging: ste_rmi4: avoid unused function warnings
      fbdev: sis: enforce selection of at least one backend
      scsi: mvumi: use __maybe_unused to hide pm functions
      SCSI: initio: remove duplicate module device table
      pwc: hide unused label
      usb: musb/ux500: remove duplicate check for dma_is_compatible
      tty: hvc_xen: hide xen_console_remove when unused
      target/user: Fix cast from pointer to phys_addr_t
      driver-core: use 'dev' argument in dev_dbg_ratelimited stub
      fbdev: auo_k190x: avoid unused function warnings
      mtd: sh_flctl: pass FIFO as physical address
      mtd: cfi: enforce valid geometry configuration
      fbdev: s6e8ax0: avoid unused function warnings
      modsign: hide openssl output in silent builds
      fbdev: sm712fb: avoid unused function warnings
      hwrng: exynos - use __maybe_unused to hide pm functions
      USB: cdc_subset: only build when one driver is enabled
      rtlwifi: fix gcc-6 indentation warning
      netfilter: ipvs: avoid unused variable warnings
      ipv4: ipconfig: avoid unused ic_proto_used symbol
      tlan: avoid unused label with PCI=n
      tty: cyclades: cyz_interrupt is only used for PCI
      genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
      ASoC: mediatek: add i2c dependency
      infiniband: cxgb4: use %pR format string for printing resources
      b2c2: flexcop: avoid unused function warnings
      tc358743: fix register i2c_rd/wr functions
      drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
      Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
      KVM: add X86_LOCAL_APIC dependency
      go7007: add MEDIA_CAMERA_SUPPORT dependency
      em28xx: only use mt9v011 if camera support is enabled
      ISDN: eicon: reduce stack size of sig_ind function
      ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
      hdpvr: hide unused variable
      v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
      cw1200: fix bogus maybe-uninitialized warning
      wireless: cw1200: use __maybe_unused to hide pm functions_
      perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
      net: hp100: remove unnecessary #ifdefs
      gpio: xgene: mark PM functions as __maybe_unused
      Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
      power: bq27xxx_battery: mark some symbols __maybe_unused
      isdn: sc: work around type mismatch warning
      binfmt_elf: compat: avoid unused function warning
      idle: i7300: add PCI dependency
      usb: phy: msm add regulator dependency
      ncr5380: shut up gcc indentation warning
      ARM: tegra: select USB_ULPI from EHCI rather than platform
      netlink: fix nla_put_{u8,u16,u32} for KASAN
      kasan: rework Kconfig settings
      ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds

Augusto Mecking Caringi (1):
      gpio: intel-mid: Fix build warning when !CONFIG_PM

Ben Hutchings (1):
      staging: android: ashmem: Fix a race condition in pin ioctls

Borislav Petkov (7):
      platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
      x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
      amd-xgbe: Fix unused suspend handlers build warning
      x86/platform/olpc: Fix resume handler build warning
      x86/microcode/AMD: Change load_microcode_amd()'s param to bool to
fix preemptibility bug
      x86/nospec: Fix header guards names
      x86/bugs: Drop one "mitigation" from dmesg

Cai Li (1):
      clk: fix a panic error caused by accessing NULL pointer

Chris Wilson (1):
      drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all

Christophe JAILLET (1):
      dmaengine: ioat: Fix error handling path

Colin Ian King (3):
      tc1100-wmi: fix build warning when CONFIG_PM not enabled
      iio: adc: axp288: remove redundant duplicate const on
axp288_adc_channels
      x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"

Cong Wang (2):
      xfrm: check id proto in validate_tmpl()
      netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert

Dan Williams (9):
      array_index_nospec: Sanitize speculative array de-references
      x86: Implement array_index_mask_nospec
      x86: Introduce barrier_nospec
      x86/get_user: Use pointer masking to limit speculation
      x86/syscall: Sanitize syscall table de-references under speculation
      vfs, fdtable: Prevent bounds-check bypass via speculative execution
      nl80211: Sanitize array index in parse_txq_params
      x86/spectre: Report get_user mitigation for spectre_v1
      x86/kvm: Update spectre-v1 mitigation

Daniel Wagner (1):
      video: Use bool instead int pointer for get_opt_bool() argument

Darren Kenny (1):
      x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL

Dave Jones (1):
      Make DST_CACHE a silent config option

Dave Young (1):
      mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep

David Hildenbrand (2):
      KVM: nVMX: kmap() can't fail
      KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail

David Howells (1):
      Provide a function to create a NUL-terminated string from
unterminated data

David Woodhouse (1):
      x86/retpoline: Avoid retpolines for built-in __init functions

Dmitry Vyukov (2):
      netfilter: x_tables: fix int overflow in xt_alloc_table_info()
      netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check()

Dou Liyang (1):
      x86/spectre: Check CONFIG_RETPOLINE in command line parser

Eric Biggers (3):
      crypto: x86/twofish-3way - Fix %rbp usage
      binder: check for binder_thread allocation failure in binder_poll()
      509: fix printing uninitialized stack memory when OID is empty

Eric Dumazet (1):
      netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target}

Fabian Frederick (1):
      drivers/net: fix eisa_driver probe section mismatch

Gao Feng (1):
      ipvlan: Add the skb->mark as flow4's member to lookup route

Glen Lee (1):
      staging: wilc1000: fix kbuild test robot error

Greg Kroah-Hartman (1):
      Linux 4.4.118

Gustavo A. R. Silva (1):
      dmaengine: at_hdmac: fix potential NULL pointer dereference in
atc_prep_dma_interleaved

Heikki Krogerus (1):
      serial: 8250_mid: fix broken DMA dependency

Jan Beulich (1):
      xen: XEN_ACPI_PROCESSOR is Dom0-only

Jan Dakinevich (2):
      KVM: VMX: clean up declaration of VPID/EPT invalidation types
      KVM: nVMX: invvpid handling improvements

Jens Axboe (1):
      blktrace: fix unlocked registration of tracepoints

Jia-Ju Bai (1):
      hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close

Jim Mattson (1):
      kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types

Jiri Olsa (1):
      perf top: Fix window dimensions change handling

Johannes Berg (1):
      cfg80211: check dev_set_name() return value

Josh Poimboeuf (2):
      tools build: Add tools tree support for 'make -s'
      x86/paravirt: Remove 'noreplace-paravirt' cmdline option

Juerg Haefliger (22):
      Revert "UBUNTU: SAUCE: arm: no osb() implementation yet"
      Revert "UBUNTU: SAUCE: arm64: no osb() implementation yet"
      Revert "UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
      Revert "UBUNTU: SAUCE: powerpc: add osb barrier"
      Revert "UBUNTU: SAUCE: claim mitigation via observable speculation
barrier"
      Revert "userns: prevent speculative execution"
      Revert "udf: prevent speculative execution"
      Revert "net: mpls: prevent speculative execution"
      Revert "fs: prevent speculative execution"
      Revert "ipv6: prevent speculative execution"
      Revert "ipv4: prevent speculative execution"
      Revert "Thermal/int340x: prevent speculative execution"
      Revert "qla2xxx: prevent speculative execution"
      Revert "carl9170: prevent speculative execution"
      Revert "UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative
execution when JIT is enabled"
      Revert "x86, bpf, jit: prevent speculative execution when JIT is
enabled"
      Revert "bpf: prevent speculative execution in eBPF interpreter"
      Revert "locking/barriers: introduce new observable speculation
barrier"
      Revert "UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
      Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
feature"
      UBUNTU: [Config] updateconfigs after 4.4.118 stable update
      UBUNTU: ppc64el -- Remove vmxnet3 module

Julia Lawall (1):
      mtd: maps: add __init attribute

Jun Nie (1):
      dmaengine: zx: fix build warning

Kamil Konieczny (1):
      crypto: s5p-sss - Fix kernel Oops in AES-ECB mode

KarimAllah Ahmed (1):
      x86/spectre: Simplify spectre_v2 command line parsing

Karol Herbst (1):
      x86/mm/kmmio: Fix mmiotrace for page unaligned addresses

Keerthy (1):
      ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function

Kefeng Wang (1):
      arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set

Luis R. Rodriguez (1):
      i2c: remove __init from i2c_register_board_info()

Mark Rutland (1):
      Documentation: Document array_index_nospec

Mauro Carvalho Chehab (1):
      media: s5k6aa: describe some function parameters

Michal Marek (1):
      genksyms: Fix segfault with invalid declarations

Miklos Szeredi (1):
      ncpfs: fix unused variable warning

Moni Shoua (1):
      RDMA/cma: Make sure that PSN is not over max allowed

Nikolay Borisov (1):
      btrfs: Fix possible off-by-one in btrfs_search_path_in_tree

Nogah Frankel (2):
      net_sched: red: Avoid devision by zero
      net_sched: red: Avoid illegal values

Paolo Abeni (4):
      net: add dst_cache support
      net: replace dst_cache ip6_tunnel implementation with the generic one
      netfilter: on sockopt() acquire sock lock only in the required scope
      dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock

Paul Bolle (1):
      drm/vmwgfx: use *_32_bits() macros

Paul Moore (2):
      selinux: ensure the context is NUL terminated in
security_context_to_sid_core()
      selinux: skip bounded transition processing if the policy isn't loaded

Peter Ujfalusi (1):
      ARM: dts: am4372: Correct the interrupts_properties of McASP

Peter Zijlstra (2):
      KVM: x86: Make indirect calls in emulator speculation safe
      KVM: VMX: Make indirect call speculation safe

Randy Dunlap (2):
      usb: build drivers/usb/common/ when USB_SUPPORT is set
      staging: unisys: visorinput depends on INPUT

Ravi Bangoria (1):
      powerpc/perf: Fix oops when grouping different pmu events

Russell King (1):
      drm/armada: fix leak of crtc structure

Satheesh Rajendran (1):
      perf bench numa: Fixup discontiguous/sparse numa nodes

Shuah Khan (1):
      usbip: keep usbip_device sockfd state in sync with tcp_socket

Stefan Haberland (1):
      s390/dasd: prevent prefix I/O error

Stefan Potyra (1):
      ASoC: rockchip: disable clock on error

Steffen Klassert (2):
      xfrm: Fix stack-out-of-bounds read on socket policy lookup.
      xfrm: Fix stack-out-of-bounds with misconfigured transport mode
policies.

Sudip Mukherjee (4):
      scsi: sim710: fix build warning
      dpt_i2o: fix build warning
      video: fbdev: sis: remove unused variable
      drm/gma500: remove helper function

Takuo Koguchi (1):
      spi: sun4i: disable clocks in the remove function

Tetsuo Handa (1):
      mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
failed.

Thierry Reding (1):
      drm/gma500: Sanity-check pipe index

Thomas Gleixner (1):
      x86/cpu/bugs: Make retpoline module warning conditional

Tobias Jordan (1):
      dmaengine: jz4740: disable/unprepare clk if probe fails

Tony Lindgren (2):
      ARM: OMAP2+: Fix SRAM virt to phys translation for
save_secure_ram_context
      ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen

Vinod Koul (1):
      ASoC: Intel: Kconfig: fix build when ACPI is not enabled

Waiman Long (1):
      x86/retpoline: Remove the esp/rsp thunk

Wanpeng Li (2):
      KVM: x86: fix escape of guest dr6 to the host
      KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
Ready" exceptions simultaneously

Will Deacon (1):
      scripts/kernel-doc: Don't fail with status != 0 if error
encountered with -none

Willem de Bruijn (1):
      net: avoid skb_warn_bad_offload on IS_ERR

Wu Fengguang (1):
      net: dst_cache_per_cpu_dst_set() can be static

Zumeng Chen (1):
      gianfar: fix a flooded alignment reports because of padding issue.

 Documentation/kernel-parameters.txt                |    2 -
 Documentation/speculation.txt                      |   90 ++
 Makefile                                           |    8 +-
 arch/arm/boot/dts/am4372.dtsi                      |    6 +-
 arch/arm/boot/dts/omap4.dtsi                       |    2 -
 arch/arm/include/asm/barrier.h                     |    2 -
 arch/arm/mach-omap2/omap-secure.c                  |   21 +
 arch/arm/mach-omap2/omap-secure.h                  |    4 +
 arch/arm/mach-omap2/pm.h                           |    4 -
 arch/arm/mach-omap2/pm34xx.c                       |   13 +-
 arch/arm/mach-omap2/prm33xx.c                      |   12 -
 arch/arm/mach-omap2/sleep34xx.S                    |   26 +-
 arch/arm/mach-tegra/Kconfig                        |    2 -
 arch/arm64/Kconfig                                 |    2 +-
 arch/arm64/Kconfig.platforms                       |    2 -
 arch/arm64/boot/dts/mediatek/mt8173.dtsi           |    2 +
 arch/arm64/include/asm/barrier.h                   |    2 -
 arch/arm64/include/asm/bug.h                       |   33 +-
 arch/powerpc/include/asm/barrier.h                 |    2 -
 arch/powerpc/perf/core-book3s.c                    |    4 +-
 arch/s390/include/asm/barrier.h                    |   10 -
 arch/x86/Kconfig                                   |    2 +-
 arch/x86/Kconfig.debug                             |    1 +
 arch/x86/boot/Makefile                             |    5 +-
 arch/x86/crypto/twofish-x86_64-asm_64-3way.S       |  112 +-
 arch/x86/entry/common.c                            |    2 +
 arch/x86/events/core.c                             |    4 +-
 arch/x86/include/asm/asm-prototypes.h              |    1 -
 arch/x86/include/asm/barrier.h                     |   30 +-
 arch/x86/include/asm/microcode_amd.h               |    1 -
 arch/x86/include/asm/msr.h                         |    2 +-
 arch/x86/include/asm/nospec-branch.h               |    8 +-
 arch/x86/include/asm/vmx.h                         |    5 +-
 arch/x86/kernel/alternative.c                      |   14 -
 arch/x86/kernel/cpu/bugs.c                         |  132 +-
 arch/x86/kernel/cpu/mcheck/mce-inject.c            |    5 +-
 arch/x86/kernel/cpu/microcode/amd.c                |   17 +-
 arch/x86/kernel/head_32.S                          |    9 +-
 arch/x86/kvm/Kconfig                               |    3 +-
 arch/x86/kvm/emulate.c                             |    9 +-
 arch/x86/kvm/vmx.c                                 |   83 +-
 arch/x86/kvm/x86.c                                 |   40 +-
 arch/x86/lib/getuser.S                             |   10 +
 arch/x86/lib/retpoline.S                           |    1 -
 arch/x86/math-emu/Makefile                         |    4 +-
 arch/x86/math-emu/reg_compare.c                    |   16 +-
 arch/x86/mm/ioremap.c                              |    4 +-
 arch/x86/mm/kmmio.c                                |   12 +-
 arch/x86/net/bpf_jit_comp.c                        |   28 +-
 arch/x86/platform/olpc/olpc-xo15-sci.c             |    2 +
 certs/Makefile                                     |   33 +-
 .../abi/4.4.0-117.141/ppc64el/generic.modules      |    1 -
 debian.master/config/config.common.ubuntu          |    2 +
 debian.master/config/ppc64el/config.common.ppc64el |    1 -
 drivers/Makefile                                   |    1 +
 drivers/android/binder.c                           |    2 +
 drivers/char/hw_random/exynos-rng.c                |   10 +-
 drivers/crypto/s5p-sss.c                           |   13 +-
 drivers/dma/at_hdmac.c                             |    4 +-
 drivers/dma/dma-jz4740.c                           |    4 +-
 drivers/dma/ioat/init.c                            |    2 +-
 drivers/dma/zx296702_dma.c                         |    2 +-
 drivers/gpio/gpio-intel-mid.c                      |    2 +-
 drivers/gpio/gpio-xgene.c                          |   13 +-
 drivers/gpu/drm/armada/armada_crtc.c               |   25 +-
 drivers/gpu/drm/drm_modeset_lock.c                 |    2 +-
 drivers/gpu/drm/gma500/mdfld_dsi_dpi.c             |   10 +-
 drivers/gpu/drm/gma500/mdfld_dsi_output.c          |   12 +-
 drivers/gpu/drm/nouveau/nouveau_gem.c              |    2 +-
 drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c             |    7 +-
 drivers/i2c/i2c-boardinfo.c                        |    4 +-
 drivers/idle/Kconfig                               |    1 +
 drivers/iio/adc/axp288_adc.c                       |    2 +-
 drivers/infiniband/core/cma.c                      |    1 +
 drivers/infiniband/hw/cxgb4/device.c               |    5 +-
 drivers/input/keyboard/tca8418_keypad.c            |   21 +-
 drivers/isdn/hardware/eicon/message.c              |   16 +-
 drivers/isdn/icn/icn.c                             |    2 +-
 drivers/isdn/sc/init.c                             |    7 +-
 drivers/md/md.c                                    |   10 +-
 drivers/media/common/b2c2/flexcop-fe-tuner.c       |    4 +-
 drivers/media/i2c/s5k6aa.c                         |    5 +
 drivers/media/i2c/tc358743.c                       |   46 +-
 drivers/media/usb/em28xx/Kconfig                   |    2 +-
 drivers/media/usb/go7007/Kconfig                   |    2 +-
 drivers/media/usb/hdpvr/hdpvr-core.c               |    2 +
 drivers/media/usb/pwc/pwc-if.c                     |    2 +
 drivers/media/v4l2-core/Kconfig                    |    1 -
 drivers/message/fusion/mptbase.c                   |    2 +
 drivers/mtd/chips/Kconfig                          |    4 +
 drivers/mtd/maps/ck804xrom.c                       |    4 +-
 drivers/mtd/maps/esb2rom.c                         |    4 +-
 drivers/mtd/maps/ichxrom.c                         |   10 +-
 drivers/mtd/nand/sh_flctl.c                        |    5 +-
 drivers/net/Kconfig                                |    3 +
 drivers/net/ethernet/3com/3c509.c                  |    2 +-
 drivers/net/ethernet/3com/3c59x.c                  |    2 +-
 drivers/net/ethernet/amd/xgbe/xgbe-main.c          |    4 +-
 drivers/net/ethernet/dec/tulip/de4x5.c             |    2 +-
 drivers/net/ethernet/freescale/gianfar.c           |    6 +-
 drivers/net/ethernet/hp/hp100.c                    |   20 +-
 drivers/net/ethernet/ti/tlan.c                     |    2 +-
 drivers/net/hippi/rrunner.c                        |    2 +-
 drivers/net/ipvlan/ipvlan_core.c                   |    1 +
 drivers/net/usb/Kconfig                            |   10 +
 drivers/net/usb/Makefile                           |    2 +-
 drivers/net/wireless/ath/carl9170/main.c           |    1 -
 drivers/net/wireless/cw1200/cw1200_spi.c           |    9 +-
 drivers/net/wireless/cw1200/pm.h                   |    9 +-
 drivers/net/wireless/cw1200/wsm.c                  |    8 +-
 .../net/wireless/realtek/rtlwifi/rtl8821ae/dm.c    |    6 +-
 drivers/pinctrl/sunxi/pinctrl-sun9i-a80.c          |    6 +-
 drivers/platform/x86/Kconfig                       |    2 +
 drivers/platform/x86/intel_mid_thermal.c           |    2 +
 drivers/platform/x86/tc1100-wmi.c                  |    2 +
 drivers/power/Kconfig                              |    1 +
 drivers/power/bq27xxx_battery.c                    |    6 +-
 drivers/s390/block/dasd_eckd.c                     |   16 +-
 drivers/scsi/advansys.c                            |   24 +-
 drivers/scsi/dpt_i2o.c                             |    3 +
 drivers/scsi/fdomain.c                             |    2 +-
 drivers/scsi/g_NCR5380.c                           |    5 +-
 drivers/scsi/initio.c                              |   16 -
 drivers/scsi/mvumi.c                               |    4 +-
 drivers/scsi/qla2xxx/qla_mr.c                      |   12 +-
 drivers/scsi/sim710.c                              |    3 +-
 drivers/spi/spi-sun4i.c                            |    2 +-
 drivers/ssb/main.c                                 |    7 +-
 drivers/staging/android/ashmem.c                   |   19 +-
 drivers/staging/iio/adc/ad7192.c                   |   27 +-
 drivers/staging/ste_rmi4/synaptics_i2c_rmi4.c      |    7 +-
 drivers/staging/unisys/visorinput/Kconfig          |    2 +-
 drivers/staging/wilc1000/wilc_wlan_if.h            |    1 +
 drivers/target/target_core_user.c                  |    2 +-
 drivers/thermal/Kconfig                            |    4 +-
 .../thermal/int340x_thermal/int340x_thermal_zone.c |   11 +-
 drivers/thermal/spear_thermal.c                    |    6 +-
 drivers/tty/Kconfig                                |    2 +-
 drivers/tty/hvc/hvc_xen.c                          |    2 +-
 drivers/tty/serial/8250/Kconfig                    |    2 +-
 drivers/usb/host/Kconfig                           |    2 +
 drivers/usb/musb/ux500_dma.c                       |    3 -
 drivers/usb/phy/Kconfig                            |    1 +
 drivers/usb/usbip/stub_dev.c                       |    3 +
 drivers/usb/usbip/vhci_hcd.c                       |    2 +
 drivers/video/fbdev/Kconfig                        |    1 +
 drivers/video/fbdev/auo_k190x.c                    |   11 +-
 drivers/video/fbdev/exynos/s6e8ax0.c               |   13 +-
 drivers/video/fbdev/intelfb/intelfbdrv.c           |    2 +-
 drivers/video/fbdev/mmp/core.c                     |    5 +
 drivers/video/fbdev/sis/init301.c                  |   10 +-
 drivers/video/fbdev/sm712fb.c                      |   16 +-
 drivers/video/fbdev/via/viafbdev.c                 |    8 +-
 drivers/virtio/virtio_balloon.c                    |    2 +
 drivers/xen/Kconfig                                |    2 +-
 fs/btrfs/ioctl.c                                   |    2 +-
 fs/compat_binfmt_elf.c                             |    2 +
 fs/ncpfs/dir.c                                     |    3 +-
 fs/reiserfs/lbalance.c                             |    2 +-
 fs/reiserfs/reiserfs.h                             |    1 -
 fs/udf/misc.c                                      |    6 -
 include/asm-generic/barrier.h                      |   11 -
 include/linux/device.h                             |    7 +-
 include/linux/fdtable.h                            |    3 +-
 include/linux/filter.h                             |   10 -
 include/linux/init.h                               |    9 +-
 include/linux/module.h                             |    9 +
 include/linux/msi.h                                |   11 +-
 include/linux/mtd/sh_flctl.h                       |    1 +
 include/linux/nospec.h                             |   72 +
 include/linux/string.h                             |    1 +
 include/net/dst_cache.h                            |   97 ++
 include/net/ip6_tunnel.h                           |   15 +-
 include/net/netlink.h                              |   73 +-
 include/net/red.h                                  |   13 +-
 include/trace/events/clk.h                         |    4 +-
 kernel/bpf/core.c                                  |    3 -
 kernel/module.c                                    |   11 +
 kernel/profile.c                                   |    4 +-
 kernel/trace/blktrace.c                            |   32 +-
 kernel/user_namespace.c                            |    4 +-
 lib/Kconfig.debug                                  |    2 +-
 lib/oid_registry.c                                 |    8 +-
 mm/early_ioremap.c                                 |    2 +-
 mm/util.c                                          |   24 +
 mm/vmscan.c                                        |    3 +
 net/Kconfig                                        |    4 +
 net/core/Makefile                                  |    1 +
 net/core/dev.c                                     |    2 +-
 net/core/dst_cache.c                               |  168 ++
 net/decnet/af_decnet.c                             |   62 +-
 net/ipv4/ip_sockglue.c                             |   14 +-
 net/ipv4/ipconfig.c                                |    4 +
 net/ipv4/netfilter/ipt_CLUSTERIP.c                 |   16 +-
 net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c     |    6 +-
 net/ipv4/raw.c                                     |    1 -
 net/ipv6/Kconfig                                   |    1 +
 net/ipv6/ip6_gre.c                                 |   12 +-
 net/ipv6/ip6_tunnel.c                              |  149 +-
 net/ipv6/ip6_vti.c                                 |    2 +-
 net/ipv6/ipv6_sockglue.c                           |   17 +-
 net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c     |   18 +-
 net/ipv6/raw.c                                     |    1 -
 net/mpls/af_mpls.c                                 |    2 -
 net/netfilter/ipvs/ip_vs_app.c                     |    8 +-
 net/netfilter/ipvs/ip_vs_ctl.c                     |   15 +-
 net/netfilter/x_tables.c                           |    9 +-
 net/netfilter/xt_RATEEST.c                         |   22 +-
 net/sched/sch_choke.c                              |    3 +
 net/sched/sch_gred.c                               |    3 +
 net/sched/sch_red.c                                |    2 +
 net/sched/sch_sfq.c                                |    3 +
 net/wireless/core.c                                |    8 +-
 net/wireless/nl80211.c                             |    9 +-
 net/xfrm/xfrm_policy.c                             |    8 +-
 net/xfrm/xfrm_user.c                               |   24 +
 scripts/genksyms/parse.tab.c_shipped               | 1682
+++++++++-----------
 scripts/genksyms/parse.tab.h_shipped               |  133 +-
 scripts/genksyms/parse.y                           |    2 -
 scripts/kernel-doc                                 |    2 +-
 scripts/mod/modpost.c                              |    9 +
 security/selinux/ss/services.c                     |   21 +-
 sound/pci/hda/patch_ca0132.c                       |    3 +
 sound/soc/intel/Kconfig                            |    7 +-
 sound/soc/mediatek/Kconfig                         |    4 +-
 sound/soc/rockchip/rockchip_spdif.c                |   22 +-
 sound/soc/ux500/mop500.c                           |    4 +
 sound/soc/ux500/ux500_pcm.c                        |    5 +
 tools/build/Makefile.build                         |   10 +
 tools/perf/bench/numa.c                            |   56 +-
 tools/perf/builtin-top.c                           |   15 +-
 tools/scripts/Makefile.include                     |   12 +-
 232 files changed, 2538 insertions(+), 1977 deletions(-)
 create mode 100644 Documentation/speculation.txt
 create mode 100644 include/linux/nospec.h
 create mode 100644 include/net/dst_cache.h
 create mode 100644 net/core/dst_cache.c

Comments

Kleber Sacilotto de Souza April 4, 2018, 10:20 a.m. | #1
On 04/03/18 14:40, Juerg Haefliger wrote:
> BugLink: http://bugs.launchpad.net/bugs/1756866
> 
> This is a pull request for the Xenial stable update from 4.4.117 to
> 4.4.118. The most notable change is the replacement of our spectre v1
> implementation with upstream's version. Specifically, the following
> patches are reverted:
> 
> UBUNTU: SAUCE: arm: no osb() implementation yet"
> UBUNTU: SAUCE: arm64: no osb() implementation yet"
> UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
> UBUNTU: SAUCE: powerpc: add osb barrier"
> UBUNTU: SAUCE: claim mitigation via observable speculation barrier"
> userns: prevent speculative execution"
> udf: prevent speculative execution"
> net: mpls: prevent speculative execution"
> fs: prevent speculative execution"
> ipv6: prevent speculative execution"
> ipv4: prevent speculative execution"
> Thermal/int340x: prevent speculative execution"
> qla2xxx: prevent speculative execution"
> carl9170: prevent speculative execution"
> UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when
> JIT is enabled"
> x86, bpf, jit: prevent speculative execution when JIT is enabled"
> bpf: prevent speculative execution in eBPF interpreter"
> locking/barriers: introduce new observable speculation barrier"
> UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
> x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
> 
> And their functionality is (partially?) replaced by upstream's patchset:
> 
> x86/kvm: Update spectre-v1 mitigation
> x86/spectre: Report get_user mitigation for spectre_v1
> nl80211: Sanitize array index in parse_txq_params
> vfs, fdtable: Prevent bounds-check bypass via speculative execution
> x86/syscall: Sanitize syscall table de-references under speculation
> x86/get_user: Use pointer masking to limit speculation
> x86: Introduce barrier_nospec
> x86: Implement array_index_mask_nospec
> array_index_nospec: Sanitize speculative array de-references
> Documentation: Document array_index_nospec
> 
> Note that v1 of the patchset submitted upstream [1] was more or less
> what we have pulled into Xenial. What's missing from that submittal
> compared to what we have are the bpf/jit patches and some of the osb()
> sprinkling throughout various subsystems and drivers. There was back and
> forth arguing in upstream about whether some of the places that the v1
> patchset modified were even user-space controllable and they eventually
> got dropped form the final v6 version [2]. Plus they added syscall and
> get_user sanitization.
> 
> Also, the current upstream implementation is x86 only. PowerPC is in the
> works [3] but no s390x as of yet.
> 
> [1] https://lkml.org/lkml/2018/1/5/769
> [2] https://lkml.org/lkml/2018/1/29/960
> [3] https://lkml.org/lkml/2018/3/15/929
> 
> 
> Let me know if you think we should bring back some or all of the stuff
> that got dropped (powerpc, s390x, bpf).

Since the spectre v1 changes from upstream hasn't yet been carefully
reviewed and tested by our team, I will not apply this stable update
(and any subsequent ones) until we are more confident about it.

Kleber

> 
> Compile tested all supported architectures.
> 
> ...Juerg
> 
> 
> 
> The following changes since commit 638103b5a72ff90bead7fb350adb014be934cf35:
> 
>   Linux 4.4.117 (2018-03-27 08:40:12 +0200)
> 
> are available in the git repository at:
> 
>   https://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.118
> 
> for you to fetch changes up to 26c747a51753fb263a1107da3e8a07a249aa636a:
> 
>   ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (2018-03-28
> 11:19:22 +0200)
> 
> ----------------------------------------------------------------
> Alexandru Ardelean (1):
>       staging: iio: adc: ad7192: fix external frequency setting
> 
> Andi Kleen (1):
>       module/retpoline: Warn about missing retpoline in module
> 
> Andre Przywara (1):
>       pinctrl: sunxi: Fix A80 interrupt pin bank
> 
> Andy Lutomirski (1):
>       dell-wmi, dell-laptop: depends DMI
> 
> Arnd Bergmann (77):
>       ASoC: ux500: add MODULE_LICENSE tag
>       video: fbdev/mmp: add MODULE_LICENSE
>       arm64: dts: add #cooling-cells to CPU nodes
>       virtio_balloon: prevent uninitialized variable use
>       isdn: icn: remove a #warning
>       vmxnet3: prevent building with 64K pages
>       video: fbdev: via: remove possibly unused variables
>       scsi: advansys: fix build warning for PCI=n
>       arm64: define BUG() instruction without CONFIG_BUG
>       x86/fpu/math-emu: Fix possible uninitialized variable use
>       x86/build: Silence the build with "make -s"
>       thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
>       x86: add MULTIUSER dependency for KVM
>       x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
>       scsi: advansys: fix uninitialized data access
>       ALSA: hda/ca0132 - fix possible NULL pointer use
>       reiserfs: avoid a -Wmaybe-uninitialized warning
>       ssb: mark ssb_bus_register as __maybe_unused
>       thermal: spear: use __maybe_unused for PM functions
>       x86/boot: Avoid warning for zero-filling .bss
>       profile: hide unused functions when !CONFIG_PROC_FS
>       md: avoid warning for 32-bit sector_t
>       mtd: ichxrom: maybe-uninitialized with gcc-4.9
>       mptfusion: hide unused seq_mpt_print_ioc_summary function
>       scsi: fdomain: drop fdomain_pci_tbl when built-in
>       staging: ste_rmi4: avoid unused function warnings
>       fbdev: sis: enforce selection of at least one backend
>       scsi: mvumi: use __maybe_unused to hide pm functions
>       SCSI: initio: remove duplicate module device table
>       pwc: hide unused label
>       usb: musb/ux500: remove duplicate check for dma_is_compatible
>       tty: hvc_xen: hide xen_console_remove when unused
>       target/user: Fix cast from pointer to phys_addr_t
>       driver-core: use 'dev' argument in dev_dbg_ratelimited stub
>       fbdev: auo_k190x: avoid unused function warnings
>       mtd: sh_flctl: pass FIFO as physical address
>       mtd: cfi: enforce valid geometry configuration
>       fbdev: s6e8ax0: avoid unused function warnings
>       modsign: hide openssl output in silent builds
>       fbdev: sm712fb: avoid unused function warnings
>       hwrng: exynos - use __maybe_unused to hide pm functions
>       USB: cdc_subset: only build when one driver is enabled
>       rtlwifi: fix gcc-6 indentation warning
>       netfilter: ipvs: avoid unused variable warnings
>       ipv4: ipconfig: avoid unused ic_proto_used symbol
>       tlan: avoid unused label with PCI=n
>       tty: cyclades: cyz_interrupt is only used for PCI
>       genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
>       ASoC: mediatek: add i2c dependency
>       infiniband: cxgb4: use %pR format string for printing resources
>       b2c2: flexcop: avoid unused function warnings
>       tc358743: fix register i2c_rd/wr functions
>       drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
>       Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
>       KVM: add X86_LOCAL_APIC dependency
>       go7007: add MEDIA_CAMERA_SUPPORT dependency
>       em28xx: only use mt9v011 if camera support is enabled
>       ISDN: eicon: reduce stack size of sig_ind function
>       ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
>       hdpvr: hide unused variable
>       v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
>       cw1200: fix bogus maybe-uninitialized warning
>       wireless: cw1200: use __maybe_unused to hide pm functions_
>       perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
>       net: hp100: remove unnecessary #ifdefs
>       gpio: xgene: mark PM functions as __maybe_unused
>       Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
>       power: bq27xxx_battery: mark some symbols __maybe_unused
>       isdn: sc: work around type mismatch warning
>       binfmt_elf: compat: avoid unused function warning
>       idle: i7300: add PCI dependency
>       usb: phy: msm add regulator dependency
>       ncr5380: shut up gcc indentation warning
>       ARM: tegra: select USB_ULPI from EHCI rather than platform
>       netlink: fix nla_put_{u8,u16,u32} for KASAN
>       kasan: rework Kconfig settings
>       ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
> 
> Augusto Mecking Caringi (1):
>       gpio: intel-mid: Fix build warning when !CONFIG_PM
> 
> Ben Hutchings (1):
>       staging: android: ashmem: Fix a race condition in pin ioctls
> 
> Borislav Petkov (7):
>       platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
>       x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
>       amd-xgbe: Fix unused suspend handlers build warning
>       x86/platform/olpc: Fix resume handler build warning
>       x86/microcode/AMD: Change load_microcode_amd()'s param to bool to
> fix preemptibility bug
>       x86/nospec: Fix header guards names
>       x86/bugs: Drop one "mitigation" from dmesg
> 
> Cai Li (1):
>       clk: fix a panic error caused by accessing NULL pointer
> 
> Chris Wilson (1):
>       drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
> 
> Christophe JAILLET (1):
>       dmaengine: ioat: Fix error handling path
> 
> Colin Ian King (3):
>       tc1100-wmi: fix build warning when CONFIG_PM not enabled
>       iio: adc: axp288: remove redundant duplicate const on
> axp288_adc_channels
>       x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
> 
> Cong Wang (2):
>       xfrm: check id proto in validate_tmpl()
>       netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
> 
> Dan Williams (9):
>       array_index_nospec: Sanitize speculative array de-references
>       x86: Implement array_index_mask_nospec
>       x86: Introduce barrier_nospec
>       x86/get_user: Use pointer masking to limit speculation
>       x86/syscall: Sanitize syscall table de-references under speculation
>       vfs, fdtable: Prevent bounds-check bypass via speculative execution
>       nl80211: Sanitize array index in parse_txq_params
>       x86/spectre: Report get_user mitigation for spectre_v1
>       x86/kvm: Update spectre-v1 mitigation
> 
> Daniel Wagner (1):
>       video: Use bool instead int pointer for get_opt_bool() argument
> 
> Darren Kenny (1):
>       x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
> 
> Dave Jones (1):
>       Make DST_CACHE a silent config option
> 
> Dave Young (1):
>       mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
> 
> David Hildenbrand (2):
>       KVM: nVMX: kmap() can't fail
>       KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
> 
> David Howells (1):
>       Provide a function to create a NUL-terminated string from
> unterminated data
> 
> David Woodhouse (1):
>       x86/retpoline: Avoid retpolines for built-in __init functions
> 
> Dmitry Vyukov (2):
>       netfilter: x_tables: fix int overflow in xt_alloc_table_info()
>       netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
> clusterip_tg_check()
> 
> Dou Liyang (1):
>       x86/spectre: Check CONFIG_RETPOLINE in command line parser
> 
> Eric Biggers (3):
>       crypto: x86/twofish-3way - Fix %rbp usage
>       binder: check for binder_thread allocation failure in binder_poll()
>       509: fix printing uninitialized stack memory when OID is empty
> 
> Eric Dumazet (1):
>       netfilter: x_tables: avoid out-of-bounds reads in
> xt_request_find_{match|target}
> 
> Fabian Frederick (1):
>       drivers/net: fix eisa_driver probe section mismatch
> 
> Gao Feng (1):
>       ipvlan: Add the skb->mark as flow4's member to lookup route
> 
> Glen Lee (1):
>       staging: wilc1000: fix kbuild test robot error
> 
> Greg Kroah-Hartman (1):
>       Linux 4.4.118
> 
> Gustavo A. R. Silva (1):
>       dmaengine: at_hdmac: fix potential NULL pointer dereference in
> atc_prep_dma_interleaved
> 
> Heikki Krogerus (1):
>       serial: 8250_mid: fix broken DMA dependency
> 
> Jan Beulich (1):
>       xen: XEN_ACPI_PROCESSOR is Dom0-only
> 
> Jan Dakinevich (2):
>       KVM: VMX: clean up declaration of VPID/EPT invalidation types
>       KVM: nVMX: invvpid handling improvements
> 
> Jens Axboe (1):
>       blktrace: fix unlocked registration of tracepoints
> 
> Jia-Ju Bai (1):
>       hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
> 
> Jim Mattson (1):
>       kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
> 
> Jiri Olsa (1):
>       perf top: Fix window dimensions change handling
> 
> Johannes Berg (1):
>       cfg80211: check dev_set_name() return value
> 
> Josh Poimboeuf (2):
>       tools build: Add tools tree support for 'make -s'
>       x86/paravirt: Remove 'noreplace-paravirt' cmdline option
> 
> Juerg Haefliger (22):
>       Revert "UBUNTU: SAUCE: arm: no osb() implementation yet"
>       Revert "UBUNTU: SAUCE: arm64: no osb() implementation yet"
>       Revert "UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>       Revert "UBUNTU: SAUCE: powerpc: add osb barrier"
>       Revert "UBUNTU: SAUCE: claim mitigation via observable speculation
> barrier"
>       Revert "userns: prevent speculative execution"
>       Revert "udf: prevent speculative execution"
>       Revert "net: mpls: prevent speculative execution"
>       Revert "fs: prevent speculative execution"
>       Revert "ipv6: prevent speculative execution"
>       Revert "ipv4: prevent speculative execution"
>       Revert "Thermal/int340x: prevent speculative execution"
>       Revert "qla2xxx: prevent speculative execution"
>       Revert "carl9170: prevent speculative execution"
>       Revert "UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative
> execution when JIT is enabled"
>       Revert "x86, bpf, jit: prevent speculative execution when JIT is
> enabled"
>       Revert "bpf: prevent speculative execution in eBPF interpreter"
>       Revert "locking/barriers: introduce new observable speculation
> barrier"
>       Revert "UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>       Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
> feature"
>       UBUNTU: [Config] updateconfigs after 4.4.118 stable update
>       UBUNTU: ppc64el -- Remove vmxnet3 module
> 
> Julia Lawall (1):
>       mtd: maps: add __init attribute
> 
> Jun Nie (1):
>       dmaengine: zx: fix build warning
> 
> Kamil Konieczny (1):
>       crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
> 
> KarimAllah Ahmed (1):
>       x86/spectre: Simplify spectre_v2 command line parsing
> 
> Karol Herbst (1):
>       x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
> 
> Keerthy (1):
>       ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
> 
> Kefeng Wang (1):
>       arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
> 
> Luis R. Rodriguez (1):
>       i2c: remove __init from i2c_register_board_info()
> 
> Mark Rutland (1):
>       Documentation: Document array_index_nospec
> 
> Mauro Carvalho Chehab (1):
>       media: s5k6aa: describe some function parameters
> 
> Michal Marek (1):
>       genksyms: Fix segfault with invalid declarations
> 
> Miklos Szeredi (1):
>       ncpfs: fix unused variable warning
> 
> Moni Shoua (1):
>       RDMA/cma: Make sure that PSN is not over max allowed
> 
> Nikolay Borisov (1):
>       btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
> 
> Nogah Frankel (2):
>       net_sched: red: Avoid devision by zero
>       net_sched: red: Avoid illegal values
> 
> Paolo Abeni (4):
>       net: add dst_cache support
>       net: replace dst_cache ip6_tunnel implementation with the generic one
>       netfilter: on sockopt() acquire sock lock only in the required scope
>       dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
> 
> Paul Bolle (1):
>       drm/vmwgfx: use *_32_bits() macros
> 
> Paul Moore (2):
>       selinux: ensure the context is NUL terminated in
> security_context_to_sid_core()
>       selinux: skip bounded transition processing if the policy isn't loaded
> 
> Peter Ujfalusi (1):
>       ARM: dts: am4372: Correct the interrupts_properties of McASP
> 
> Peter Zijlstra (2):
>       KVM: x86: Make indirect calls in emulator speculation safe
>       KVM: VMX: Make indirect call speculation safe
> 
> Randy Dunlap (2):
>       usb: build drivers/usb/common/ when USB_SUPPORT is set
>       staging: unisys: visorinput depends on INPUT
> 
> Ravi Bangoria (1):
>       powerpc/perf: Fix oops when grouping different pmu events
> 
> Russell King (1):
>       drm/armada: fix leak of crtc structure
> 
> Satheesh Rajendran (1):
>       perf bench numa: Fixup discontiguous/sparse numa nodes
> 
> Shuah Khan (1):
>       usbip: keep usbip_device sockfd state in sync with tcp_socket
> 
> Stefan Haberland (1):
>       s390/dasd: prevent prefix I/O error
> 
> Stefan Potyra (1):
>       ASoC: rockchip: disable clock on error
> 
> Steffen Klassert (2):
>       xfrm: Fix stack-out-of-bounds read on socket policy lookup.
>       xfrm: Fix stack-out-of-bounds with misconfigured transport mode
> policies.
> 
> Sudip Mukherjee (4):
>       scsi: sim710: fix build warning
>       dpt_i2o: fix build warning
>       video: fbdev: sis: remove unused variable
>       drm/gma500: remove helper function
> 
> Takuo Koguchi (1):
>       spi: sun4i: disable clocks in the remove function
> 
> Tetsuo Handa (1):
>       mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
> failed.
> 
> Thierry Reding (1):
>       drm/gma500: Sanity-check pipe index
> 
> Thomas Gleixner (1):
>       x86/cpu/bugs: Make retpoline module warning conditional
> 
> Tobias Jordan (1):
>       dmaengine: jz4740: disable/unprepare clk if probe fails
> 
> Tony Lindgren (2):
>       ARM: OMAP2+: Fix SRAM virt to phys translation for
> save_secure_ram_context
>       ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
> 
> Vinod Koul (1):
>       ASoC: Intel: Kconfig: fix build when ACPI is not enabled
> 
> Waiman Long (1):
>       x86/retpoline: Remove the esp/rsp thunk
> 
> Wanpeng Li (2):
>       KVM: x86: fix escape of guest dr6 to the host
>       KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
> Ready" exceptions simultaneously
> 
> Will Deacon (1):
>       scripts/kernel-doc: Don't fail with status != 0 if error
> encountered with -none
> 
> Willem de Bruijn (1):
>       net: avoid skb_warn_bad_offload on IS_ERR
> 
> Wu Fengguang (1):
>       net: dst_cache_per_cpu_dst_set() can be static
> 
> Zumeng Chen (1):
>       gianfar: fix a flooded alignment reports because of padding issue.
> 
>  Documentation/kernel-parameters.txt                |    2 -
>  Documentation/speculation.txt                      |   90 ++
>  Makefile                                           |    8 +-
>  arch/arm/boot/dts/am4372.dtsi                      |    6 +-
>  arch/arm/boot/dts/omap4.dtsi                       |    2 -
>  arch/arm/include/asm/barrier.h                     |    2 -
>  arch/arm/mach-omap2/omap-secure.c                  |   21 +
>  arch/arm/mach-omap2/omap-secure.h                  |    4 +
>  arch/arm/mach-omap2/pm.h                           |    4 -
>  arch/arm/mach-omap2/pm34xx.c                       |   13 +-
>  arch/arm/mach-omap2/prm33xx.c                      |   12 -
>  arch/arm/mach-omap2/sleep34xx.S                    |   26 +-
>  arch/arm/mach-tegra/Kconfig                        |    2 -
>  arch/arm64/Kconfig                                 |    2 +-
>  arch/arm64/Kconfig.platforms                       |    2 -
>  arch/arm64/boot/dts/mediatek/mt8173.dtsi           |    2 +
>  arch/arm64/include/asm/barrier.h                   |    2 -
>  arch/arm64/include/asm/bug.h                       |   33 +-
>  arch/powerpc/include/asm/barrier.h                 |    2 -
>  arch/powerpc/perf/core-book3s.c                    |    4 +-
>  arch/s390/include/asm/barrier.h                    |   10 -
>  arch/x86/Kconfig                                   |    2 +-
>  arch/x86/Kconfig.debug                             |    1 +
>  arch/x86/boot/Makefile                             |    5 +-
>  arch/x86/crypto/twofish-x86_64-asm_64-3way.S       |  112 +-
>  arch/x86/entry/common.c                            |    2 +
>  arch/x86/events/core.c                             |    4 +-
>  arch/x86/include/asm/asm-prototypes.h              |    1 -
>  arch/x86/include/asm/barrier.h                     |   30 +-
>  arch/x86/include/asm/microcode_amd.h               |    1 -
>  arch/x86/include/asm/msr.h                         |    2 +-
>  arch/x86/include/asm/nospec-branch.h               |    8 +-
>  arch/x86/include/asm/vmx.h                         |    5 +-
>  arch/x86/kernel/alternative.c                      |   14 -
>  arch/x86/kernel/cpu/bugs.c                         |  132 +-
>  arch/x86/kernel/cpu/mcheck/mce-inject.c            |    5 +-
>  arch/x86/kernel/cpu/microcode/amd.c                |   17 +-
>  arch/x86/kernel/head_32.S                          |    9 +-
>  arch/x86/kvm/Kconfig                               |    3 +-
>  arch/x86/kvm/emulate.c                             |    9 +-
>  arch/x86/kvm/vmx.c                                 |   83 +-
>  arch/x86/kvm/x86.c                                 |   40 +-
>  arch/x86/lib/getuser.S                             |   10 +
>  arch/x86/lib/retpoline.S                           |    1 -
>  arch/x86/math-emu/Makefile                         |    4 +-
>  arch/x86/math-emu/reg_compare.c                    |   16 +-
>  arch/x86/mm/ioremap.c                              |    4 +-
>  arch/x86/mm/kmmio.c                                |   12 +-
>  arch/x86/net/bpf_jit_comp.c                        |   28 +-
>  arch/x86/platform/olpc/olpc-xo15-sci.c             |    2 +
>  certs/Makefile                                     |   33 +-
>  .../abi/4.4.0-117.141/ppc64el/generic.modules      |    1 -
>  debian.master/config/config.common.ubuntu          |    2 +
>  debian.master/config/ppc64el/config.common.ppc64el |    1 -
>  drivers/Makefile                                   |    1 +
>  drivers/android/binder.c                           |    2 +
>  drivers/char/hw_random/exynos-rng.c                |   10 +-
>  drivers/crypto/s5p-sss.c                           |   13 +-
>  drivers/dma/at_hdmac.c                             |    4 +-
>  drivers/dma/dma-jz4740.c                           |    4 +-
>  drivers/dma/ioat/init.c                            |    2 +-
>  drivers/dma/zx296702_dma.c                         |    2 +-
>  drivers/gpio/gpio-intel-mid.c                      |    2 +-
>  drivers/gpio/gpio-xgene.c                          |   13 +-
>  drivers/gpu/drm/armada/armada_crtc.c               |   25 +-
>  drivers/gpu/drm/drm_modeset_lock.c                 |    2 +-
>  drivers/gpu/drm/gma500/mdfld_dsi_dpi.c             |   10 +-
>  drivers/gpu/drm/gma500/mdfld_dsi_output.c          |   12 +-
>  drivers/gpu/drm/nouveau/nouveau_gem.c              |    2 +-
>  drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c             |    7 +-
>  drivers/i2c/i2c-boardinfo.c                        |    4 +-
>  drivers/idle/Kconfig                               |    1 +
>  drivers/iio/adc/axp288_adc.c                       |    2 +-
>  drivers/infiniband/core/cma.c                      |    1 +
>  drivers/infiniband/hw/cxgb4/device.c               |    5 +-
>  drivers/input/keyboard/tca8418_keypad.c            |   21 +-
>  drivers/isdn/hardware/eicon/message.c              |   16 +-
>  drivers/isdn/icn/icn.c                             |    2 +-
>  drivers/isdn/sc/init.c                             |    7 +-
>  drivers/md/md.c                                    |   10 +-
>  drivers/media/common/b2c2/flexcop-fe-tuner.c       |    4 +-
>  drivers/media/i2c/s5k6aa.c                         |    5 +
>  drivers/media/i2c/tc358743.c                       |   46 +-
>  drivers/media/usb/em28xx/Kconfig                   |    2 +-
>  drivers/media/usb/go7007/Kconfig                   |    2 +-
>  drivers/media/usb/hdpvr/hdpvr-core.c               |    2 +
>  drivers/media/usb/pwc/pwc-if.c                     |    2 +
>  drivers/media/v4l2-core/Kconfig                    |    1 -
>  drivers/message/fusion/mptbase.c                   |    2 +
>  drivers/mtd/chips/Kconfig                          |    4 +
>  drivers/mtd/maps/ck804xrom.c                       |    4 +-
>  drivers/mtd/maps/esb2rom.c                         |    4 +-
>  drivers/mtd/maps/ichxrom.c                         |   10 +-
>  drivers/mtd/nand/sh_flctl.c                        |    5 +-
>  drivers/net/Kconfig                                |    3 +
>  drivers/net/ethernet/3com/3c509.c                  |    2 +-
>  drivers/net/ethernet/3com/3c59x.c                  |    2 +-
>  drivers/net/ethernet/amd/xgbe/xgbe-main.c          |    4 +-
>  drivers/net/ethernet/dec/tulip/de4x5.c             |    2 +-
>  drivers/net/ethernet/freescale/gianfar.c           |    6 +-
>  drivers/net/ethernet/hp/hp100.c                    |   20 +-
>  drivers/net/ethernet/ti/tlan.c                     |    2 +-
>  drivers/net/hippi/rrunner.c                        |    2 +-
>  drivers/net/ipvlan/ipvlan_core.c                   |    1 +
>  drivers/net/usb/Kconfig                            |   10 +
>  drivers/net/usb/Makefile                           |    2 +-
>  drivers/net/wireless/ath/carl9170/main.c           |    1 -
>  drivers/net/wireless/cw1200/cw1200_spi.c           |    9 +-
>  drivers/net/wireless/cw1200/pm.h                   |    9 +-
>  drivers/net/wireless/cw1200/wsm.c                  |    8 +-
>  .../net/wireless/realtek/rtlwifi/rtl8821ae/dm.c    |    6 +-
>  drivers/pinctrl/sunxi/pinctrl-sun9i-a80.c          |    6 +-
>  drivers/platform/x86/Kconfig                       |    2 +
>  drivers/platform/x86/intel_mid_thermal.c           |    2 +
>  drivers/platform/x86/tc1100-wmi.c                  |    2 +
>  drivers/power/Kconfig                              |    1 +
>  drivers/power/bq27xxx_battery.c                    |    6 +-
>  drivers/s390/block/dasd_eckd.c                     |   16 +-
>  drivers/scsi/advansys.c                            |   24 +-
>  drivers/scsi/dpt_i2o.c                             |    3 +
>  drivers/scsi/fdomain.c                             |    2 +-
>  drivers/scsi/g_NCR5380.c                           |    5 +-
>  drivers/scsi/initio.c                              |   16 -
>  drivers/scsi/mvumi.c                               |    4 +-
>  drivers/scsi/qla2xxx/qla_mr.c                      |   12 +-
>  drivers/scsi/sim710.c                              |    3 +-
>  drivers/spi/spi-sun4i.c                            |    2 +-
>  drivers/ssb/main.c                                 |    7 +-
>  drivers/staging/android/ashmem.c                   |   19 +-
>  drivers/staging/iio/adc/ad7192.c                   |   27 +-
>  drivers/staging/ste_rmi4/synaptics_i2c_rmi4.c      |    7 +-
>  drivers/staging/unisys/visorinput/Kconfig          |    2 +-
>  drivers/staging/wilc1000/wilc_wlan_if.h            |    1 +
>  drivers/target/target_core_user.c                  |    2 +-
>  drivers/thermal/Kconfig                            |    4 +-
>  .../thermal/int340x_thermal/int340x_thermal_zone.c |   11 +-
>  drivers/thermal/spear_thermal.c                    |    6 +-
>  drivers/tty/Kconfig                                |    2 +-
>  drivers/tty/hvc/hvc_xen.c                          |    2 +-
>  drivers/tty/serial/8250/Kconfig                    |    2 +-
>  drivers/usb/host/Kconfig                           |    2 +
>  drivers/usb/musb/ux500_dma.c                       |    3 -
>  drivers/usb/phy/Kconfig                            |    1 +
>  drivers/usb/usbip/stub_dev.c                       |    3 +
>  drivers/usb/usbip/vhci_hcd.c                       |    2 +
>  drivers/video/fbdev/Kconfig                        |    1 +
>  drivers/video/fbdev/auo_k190x.c                    |   11 +-
>  drivers/video/fbdev/exynos/s6e8ax0.c               |   13 +-
>  drivers/video/fbdev/intelfb/intelfbdrv.c           |    2 +-
>  drivers/video/fbdev/mmp/core.c                     |    5 +
>  drivers/video/fbdev/sis/init301.c                  |   10 +-
>  drivers/video/fbdev/sm712fb.c                      |   16 +-
>  drivers/video/fbdev/via/viafbdev.c                 |    8 +-
>  drivers/virtio/virtio_balloon.c                    |    2 +
>  drivers/xen/Kconfig                                |    2 +-
>  fs/btrfs/ioctl.c                                   |    2 +-
>  fs/compat_binfmt_elf.c                             |    2 +
>  fs/ncpfs/dir.c                                     |    3 +-
>  fs/reiserfs/lbalance.c                             |    2 +-
>  fs/reiserfs/reiserfs.h                             |    1 -
>  fs/udf/misc.c                                      |    6 -
>  include/asm-generic/barrier.h                      |   11 -
>  include/linux/device.h                             |    7 +-
>  include/linux/fdtable.h                            |    3 +-
>  include/linux/filter.h                             |   10 -
>  include/linux/init.h                               |    9 +-
>  include/linux/module.h                             |    9 +
>  include/linux/msi.h                                |   11 +-
>  include/linux/mtd/sh_flctl.h                       |    1 +
>  include/linux/nospec.h                             |   72 +
>  include/linux/string.h                             |    1 +
>  include/net/dst_cache.h                            |   97 ++
>  include/net/ip6_tunnel.h                           |   15 +-
>  include/net/netlink.h                              |   73 +-
>  include/net/red.h                                  |   13 +-
>  include/trace/events/clk.h                         |    4 +-
>  kernel/bpf/core.c                                  |    3 -
>  kernel/module.c                                    |   11 +
>  kernel/profile.c                                   |    4 +-
>  kernel/trace/blktrace.c                            |   32 +-
>  kernel/user_namespace.c                            |    4 +-
>  lib/Kconfig.debug                                  |    2 +-
>  lib/oid_registry.c                                 |    8 +-
>  mm/early_ioremap.c                                 |    2 +-
>  mm/util.c                                          |   24 +
>  mm/vmscan.c                                        |    3 +
>  net/Kconfig                                        |    4 +
>  net/core/Makefile                                  |    1 +
>  net/core/dev.c                                     |    2 +-
>  net/core/dst_cache.c                               |  168 ++
>  net/decnet/af_decnet.c                             |   62 +-
>  net/ipv4/ip_sockglue.c                             |   14 +-
>  net/ipv4/ipconfig.c                                |    4 +
>  net/ipv4/netfilter/ipt_CLUSTERIP.c                 |   16 +-
>  net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c     |    6 +-
>  net/ipv4/raw.c                                     |    1 -
>  net/ipv6/Kconfig                                   |    1 +
>  net/ipv6/ip6_gre.c                                 |   12 +-
>  net/ipv6/ip6_tunnel.c                              |  149 +-
>  net/ipv6/ip6_vti.c                                 |    2 +-
>  net/ipv6/ipv6_sockglue.c                           |   17 +-
>  net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c     |   18 +-
>  net/ipv6/raw.c                                     |    1 -
>  net/mpls/af_mpls.c                                 |    2 -
>  net/netfilter/ipvs/ip_vs_app.c                     |    8 +-
>  net/netfilter/ipvs/ip_vs_ctl.c                     |   15 +-
>  net/netfilter/x_tables.c                           |    9 +-
>  net/netfilter/xt_RATEEST.c                         |   22 +-
>  net/sched/sch_choke.c                              |    3 +
>  net/sched/sch_gred.c                               |    3 +
>  net/sched/sch_red.c                                |    2 +
>  net/sched/sch_sfq.c                                |    3 +
>  net/wireless/core.c                                |    8 +-
>  net/wireless/nl80211.c                             |    9 +-
>  net/xfrm/xfrm_policy.c                             |    8 +-
>  net/xfrm/xfrm_user.c                               |   24 +
>  scripts/genksyms/parse.tab.c_shipped               | 1682
> +++++++++-----------
>  scripts/genksyms/parse.tab.h_shipped               |  133 +-
>  scripts/genksyms/parse.y                           |    2 -
>  scripts/kernel-doc                                 |    2 +-
>  scripts/mod/modpost.c                              |    9 +
>  security/selinux/ss/services.c                     |   21 +-
>  sound/pci/hda/patch_ca0132.c                       |    3 +
>  sound/soc/intel/Kconfig                            |    7 +-
>  sound/soc/mediatek/Kconfig                         |    4 +-
>  sound/soc/rockchip/rockchip_spdif.c                |   22 +-
>  sound/soc/ux500/mop500.c                           |    4 +
>  sound/soc/ux500/ux500_pcm.c                        |    5 +
>  tools/build/Makefile.build                         |   10 +
>  tools/perf/bench/numa.c                            |   56 +-
>  tools/perf/builtin-top.c                           |   15 +-
>  tools/scripts/Makefile.include                     |   12 +-
>  232 files changed, 2538 insertions(+), 1977 deletions(-)
>  create mode 100644 Documentation/speculation.txt
>  create mode 100644 include/linux/nospec.h
>  create mode 100644 include/net/dst_cache.h
>  create mode 100644 net/core/dst_cache.c
> 
> 
>
Juerg Haefliger April 4, 2018, 11:40 a.m. | #2
On 04/04/2018 12:20 PM, Kleber Souza wrote:
> On 04/03/18 14:40, Juerg Haefliger wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1756866
>>
>> This is a pull request for the Xenial stable update from 4.4.117 to
>> 4.4.118. The most notable change is the replacement of our spectre v1
>> implementation with upstream's version. Specifically, the following
>> patches are reverted:
>>
>> UBUNTU: SAUCE: arm: no osb() implementation yet"
>> UBUNTU: SAUCE: arm64: no osb() implementation yet"
>> UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>> UBUNTU: SAUCE: powerpc: add osb barrier"
>> UBUNTU: SAUCE: claim mitigation via observable speculation barrier"
>> userns: prevent speculative execution"
>> udf: prevent speculative execution"
>> net: mpls: prevent speculative execution"
>> fs: prevent speculative execution"
>> ipv6: prevent speculative execution"
>> ipv4: prevent speculative execution"
>> Thermal/int340x: prevent speculative execution"
>> qla2xxx: prevent speculative execution"
>> carl9170: prevent speculative execution"
>> UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when
>> JIT is enabled"
>> x86, bpf, jit: prevent speculative execution when JIT is enabled"
>> bpf: prevent speculative execution in eBPF interpreter"
>> locking/barriers: introduce new observable speculation barrier"
>> UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>> x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
>>
>> And their functionality is (partially?) replaced by upstream's patchset:
>>
>> x86/kvm: Update spectre-v1 mitigation
>> x86/spectre: Report get_user mitigation for spectre_v1
>> nl80211: Sanitize array index in parse_txq_params
>> vfs, fdtable: Prevent bounds-check bypass via speculative execution
>> x86/syscall: Sanitize syscall table de-references under speculation
>> x86/get_user: Use pointer masking to limit speculation
>> x86: Introduce barrier_nospec
>> x86: Implement array_index_mask_nospec
>> array_index_nospec: Sanitize speculative array de-references
>> Documentation: Document array_index_nospec
>>
>> Note that v1 of the patchset submitted upstream [1] was more or less
>> what we have pulled into Xenial. What's missing from that submittal
>> compared to what we have are the bpf/jit patches and some of the osb()
>> sprinkling throughout various subsystems and drivers. There was back and
>> forth arguing in upstream about whether some of the places that the v1
>> patchset modified were even user-space controllable and they eventually
>> got dropped form the final v6 version [2]. Plus they added syscall and
>> get_user sanitization.
>>
>> Also, the current upstream implementation is x86 only. PowerPC is in the
>> works [3] but no s390x as of yet.
>>
>> [1] https://lkml.org/lkml/2018/1/5/769
>> [2] https://lkml.org/lkml/2018/1/29/960
>> [3] https://lkml.org/lkml/2018/3/15/929
>>
>>
>> Let me know if you think we should bring back some or all of the stuff
>> that got dropped (powerpc, s390x, bpf).
> 
> Since the spectre v1 changes from upstream hasn't yet been carefully
> reviewed and tested by our team, I will not apply this stable update
> (and any subsequent ones) until we are more confident about it.

We're falling more and more behind. Upstream is at 4.4.126 now. Would it
make sense to just skip those patches and continue? Assuming we don't
run into issues with future patches because of this.

...Juerg


> Kleber
> 
>>
>> Compile tested all supported architectures.
>>
>> ...Juerg
>>
>>
>>
>> The following changes since commit 638103b5a72ff90bead7fb350adb014be934cf35:
>>
>>   Linux 4.4.117 (2018-03-27 08:40:12 +0200)
>>
>> are available in the git repository at:
>>
>>   https://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.118
>>
>> for you to fetch changes up to 26c747a51753fb263a1107da3e8a07a249aa636a:
>>
>>   ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (2018-03-28
>> 11:19:22 +0200)
>>
>> ----------------------------------------------------------------
>> Alexandru Ardelean (1):
>>       staging: iio: adc: ad7192: fix external frequency setting
>>
>> Andi Kleen (1):
>>       module/retpoline: Warn about missing retpoline in module
>>
>> Andre Przywara (1):
>>       pinctrl: sunxi: Fix A80 interrupt pin bank
>>
>> Andy Lutomirski (1):
>>       dell-wmi, dell-laptop: depends DMI
>>
>> Arnd Bergmann (77):
>>       ASoC: ux500: add MODULE_LICENSE tag
>>       video: fbdev/mmp: add MODULE_LICENSE
>>       arm64: dts: add #cooling-cells to CPU nodes
>>       virtio_balloon: prevent uninitialized variable use
>>       isdn: icn: remove a #warning
>>       vmxnet3: prevent building with 64K pages
>>       video: fbdev: via: remove possibly unused variables
>>       scsi: advansys: fix build warning for PCI=n
>>       arm64: define BUG() instruction without CONFIG_BUG
>>       x86/fpu/math-emu: Fix possible uninitialized variable use
>>       x86/build: Silence the build with "make -s"
>>       thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
>>       x86: add MULTIUSER dependency for KVM
>>       x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
>>       scsi: advansys: fix uninitialized data access
>>       ALSA: hda/ca0132 - fix possible NULL pointer use
>>       reiserfs: avoid a -Wmaybe-uninitialized warning
>>       ssb: mark ssb_bus_register as __maybe_unused
>>       thermal: spear: use __maybe_unused for PM functions
>>       x86/boot: Avoid warning for zero-filling .bss
>>       profile: hide unused functions when !CONFIG_PROC_FS
>>       md: avoid warning for 32-bit sector_t
>>       mtd: ichxrom: maybe-uninitialized with gcc-4.9
>>       mptfusion: hide unused seq_mpt_print_ioc_summary function
>>       scsi: fdomain: drop fdomain_pci_tbl when built-in
>>       staging: ste_rmi4: avoid unused function warnings
>>       fbdev: sis: enforce selection of at least one backend
>>       scsi: mvumi: use __maybe_unused to hide pm functions
>>       SCSI: initio: remove duplicate module device table
>>       pwc: hide unused label
>>       usb: musb/ux500: remove duplicate check for dma_is_compatible
>>       tty: hvc_xen: hide xen_console_remove when unused
>>       target/user: Fix cast from pointer to phys_addr_t
>>       driver-core: use 'dev' argument in dev_dbg_ratelimited stub
>>       fbdev: auo_k190x: avoid unused function warnings
>>       mtd: sh_flctl: pass FIFO as physical address
>>       mtd: cfi: enforce valid geometry configuration
>>       fbdev: s6e8ax0: avoid unused function warnings
>>       modsign: hide openssl output in silent builds
>>       fbdev: sm712fb: avoid unused function warnings
>>       hwrng: exynos - use __maybe_unused to hide pm functions
>>       USB: cdc_subset: only build when one driver is enabled
>>       rtlwifi: fix gcc-6 indentation warning
>>       netfilter: ipvs: avoid unused variable warnings
>>       ipv4: ipconfig: avoid unused ic_proto_used symbol
>>       tlan: avoid unused label with PCI=n
>>       tty: cyclades: cyz_interrupt is only used for PCI
>>       genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
>>       ASoC: mediatek: add i2c dependency
>>       infiniband: cxgb4: use %pR format string for printing resources
>>       b2c2: flexcop: avoid unused function warnings
>>       tc358743: fix register i2c_rd/wr functions
>>       drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
>>       Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
>>       KVM: add X86_LOCAL_APIC dependency
>>       go7007: add MEDIA_CAMERA_SUPPORT dependency
>>       em28xx: only use mt9v011 if camera support is enabled
>>       ISDN: eicon: reduce stack size of sig_ind function
>>       ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
>>       hdpvr: hide unused variable
>>       v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
>>       cw1200: fix bogus maybe-uninitialized warning
>>       wireless: cw1200: use __maybe_unused to hide pm functions_
>>       perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
>>       net: hp100: remove unnecessary #ifdefs
>>       gpio: xgene: mark PM functions as __maybe_unused
>>       Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
>>       power: bq27xxx_battery: mark some symbols __maybe_unused
>>       isdn: sc: work around type mismatch warning
>>       binfmt_elf: compat: avoid unused function warning
>>       idle: i7300: add PCI dependency
>>       usb: phy: msm add regulator dependency
>>       ncr5380: shut up gcc indentation warning
>>       ARM: tegra: select USB_ULPI from EHCI rather than platform
>>       netlink: fix nla_put_{u8,u16,u32} for KASAN
>>       kasan: rework Kconfig settings
>>       ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
>>
>> Augusto Mecking Caringi (1):
>>       gpio: intel-mid: Fix build warning when !CONFIG_PM
>>
>> Ben Hutchings (1):
>>       staging: android: ashmem: Fix a race condition in pin ioctls
>>
>> Borislav Petkov (7):
>>       platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
>>       x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
>>       amd-xgbe: Fix unused suspend handlers build warning
>>       x86/platform/olpc: Fix resume handler build warning
>>       x86/microcode/AMD: Change load_microcode_amd()'s param to bool to
>> fix preemptibility bug
>>       x86/nospec: Fix header guards names
>>       x86/bugs: Drop one "mitigation" from dmesg
>>
>> Cai Li (1):
>>       clk: fix a panic error caused by accessing NULL pointer
>>
>> Chris Wilson (1):
>>       drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
>>
>> Christophe JAILLET (1):
>>       dmaengine: ioat: Fix error handling path
>>
>> Colin Ian King (3):
>>       tc1100-wmi: fix build warning when CONFIG_PM not enabled
>>       iio: adc: axp288: remove redundant duplicate const on
>> axp288_adc_channels
>>       x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
>>
>> Cong Wang (2):
>>       xfrm: check id proto in validate_tmpl()
>>       netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
>>
>> Dan Williams (9):
>>       array_index_nospec: Sanitize speculative array de-references
>>       x86: Implement array_index_mask_nospec
>>       x86: Introduce barrier_nospec
>>       x86/get_user: Use pointer masking to limit speculation
>>       x86/syscall: Sanitize syscall table de-references under speculation
>>       vfs, fdtable: Prevent bounds-check bypass via speculative execution
>>       nl80211: Sanitize array index in parse_txq_params
>>       x86/spectre: Report get_user mitigation for spectre_v1
>>       x86/kvm: Update spectre-v1 mitigation
>>
>> Daniel Wagner (1):
>>       video: Use bool instead int pointer for get_opt_bool() argument
>>
>> Darren Kenny (1):
>>       x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
>>
>> Dave Jones (1):
>>       Make DST_CACHE a silent config option
>>
>> Dave Young (1):
>>       mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
>>
>> David Hildenbrand (2):
>>       KVM: nVMX: kmap() can't fail
>>       KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
>>
>> David Howells (1):
>>       Provide a function to create a NUL-terminated string from
>> unterminated data
>>
>> David Woodhouse (1):
>>       x86/retpoline: Avoid retpolines for built-in __init functions
>>
>> Dmitry Vyukov (2):
>>       netfilter: x_tables: fix int overflow in xt_alloc_table_info()
>>       netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
>> clusterip_tg_check()
>>
>> Dou Liyang (1):
>>       x86/spectre: Check CONFIG_RETPOLINE in command line parser
>>
>> Eric Biggers (3):
>>       crypto: x86/twofish-3way - Fix %rbp usage
>>       binder: check for binder_thread allocation failure in binder_poll()
>>       509: fix printing uninitialized stack memory when OID is empty
>>
>> Eric Dumazet (1):
>>       netfilter: x_tables: avoid out-of-bounds reads in
>> xt_request_find_{match|target}
>>
>> Fabian Frederick (1):
>>       drivers/net: fix eisa_driver probe section mismatch
>>
>> Gao Feng (1):
>>       ipvlan: Add the skb->mark as flow4's member to lookup route
>>
>> Glen Lee (1):
>>       staging: wilc1000: fix kbuild test robot error
>>
>> Greg Kroah-Hartman (1):
>>       Linux 4.4.118
>>
>> Gustavo A. R. Silva (1):
>>       dmaengine: at_hdmac: fix potential NULL pointer dereference in
>> atc_prep_dma_interleaved
>>
>> Heikki Krogerus (1):
>>       serial: 8250_mid: fix broken DMA dependency
>>
>> Jan Beulich (1):
>>       xen: XEN_ACPI_PROCESSOR is Dom0-only
>>
>> Jan Dakinevich (2):
>>       KVM: VMX: clean up declaration of VPID/EPT invalidation types
>>       KVM: nVMX: invvpid handling improvements
>>
>> Jens Axboe (1):
>>       blktrace: fix unlocked registration of tracepoints
>>
>> Jia-Ju Bai (1):
>>       hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
>>
>> Jim Mattson (1):
>>       kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
>>
>> Jiri Olsa (1):
>>       perf top: Fix window dimensions change handling
>>
>> Johannes Berg (1):
>>       cfg80211: check dev_set_name() return value
>>
>> Josh Poimboeuf (2):
>>       tools build: Add tools tree support for 'make -s'
>>       x86/paravirt: Remove 'noreplace-paravirt' cmdline option
>>
>> Juerg Haefliger (22):
>>       Revert "UBUNTU: SAUCE: arm: no osb() implementation yet"
>>       Revert "UBUNTU: SAUCE: arm64: no osb() implementation yet"
>>       Revert "UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>>       Revert "UBUNTU: SAUCE: powerpc: add osb barrier"
>>       Revert "UBUNTU: SAUCE: claim mitigation via observable speculation
>> barrier"
>>       Revert "userns: prevent speculative execution"
>>       Revert "udf: prevent speculative execution"
>>       Revert "net: mpls: prevent speculative execution"
>>       Revert "fs: prevent speculative execution"
>>       Revert "ipv6: prevent speculative execution"
>>       Revert "ipv4: prevent speculative execution"
>>       Revert "Thermal/int340x: prevent speculative execution"
>>       Revert "qla2xxx: prevent speculative execution"
>>       Revert "carl9170: prevent speculative execution"
>>       Revert "UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative
>> execution when JIT is enabled"
>>       Revert "x86, bpf, jit: prevent speculative execution when JIT is
>> enabled"
>>       Revert "bpf: prevent speculative execution in eBPF interpreter"
>>       Revert "locking/barriers: introduce new observable speculation
>> barrier"
>>       Revert "UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>>       Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
>> feature"
>>       UBUNTU: [Config] updateconfigs after 4.4.118 stable update
>>       UBUNTU: ppc64el -- Remove vmxnet3 module
>>
>> Julia Lawall (1):
>>       mtd: maps: add __init attribute
>>
>> Jun Nie (1):
>>       dmaengine: zx: fix build warning
>>
>> Kamil Konieczny (1):
>>       crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
>>
>> KarimAllah Ahmed (1):
>>       x86/spectre: Simplify spectre_v2 command line parsing
>>
>> Karol Herbst (1):
>>       x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
>>
>> Keerthy (1):
>>       ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
>>
>> Kefeng Wang (1):
>>       arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
>>
>> Luis R. Rodriguez (1):
>>       i2c: remove __init from i2c_register_board_info()
>>
>> Mark Rutland (1):
>>       Documentation: Document array_index_nospec
>>
>> Mauro Carvalho Chehab (1):
>>       media: s5k6aa: describe some function parameters
>>
>> Michal Marek (1):
>>       genksyms: Fix segfault with invalid declarations
>>
>> Miklos Szeredi (1):
>>       ncpfs: fix unused variable warning
>>
>> Moni Shoua (1):
>>       RDMA/cma: Make sure that PSN is not over max allowed
>>
>> Nikolay Borisov (1):
>>       btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
>>
>> Nogah Frankel (2):
>>       net_sched: red: Avoid devision by zero
>>       net_sched: red: Avoid illegal values
>>
>> Paolo Abeni (4):
>>       net: add dst_cache support
>>       net: replace dst_cache ip6_tunnel implementation with the generic one
>>       netfilter: on sockopt() acquire sock lock only in the required scope
>>       dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
>>
>> Paul Bolle (1):
>>       drm/vmwgfx: use *_32_bits() macros
>>
>> Paul Moore (2):
>>       selinux: ensure the context is NUL terminated in
>> security_context_to_sid_core()
>>       selinux: skip bounded transition processing if the policy isn't loaded
>>
>> Peter Ujfalusi (1):
>>       ARM: dts: am4372: Correct the interrupts_properties of McASP
>>
>> Peter Zijlstra (2):
>>       KVM: x86: Make indirect calls in emulator speculation safe
>>       KVM: VMX: Make indirect call speculation safe
>>
>> Randy Dunlap (2):
>>       usb: build drivers/usb/common/ when USB_SUPPORT is set
>>       staging: unisys: visorinput depends on INPUT
>>
>> Ravi Bangoria (1):
>>       powerpc/perf: Fix oops when grouping different pmu events
>>
>> Russell King (1):
>>       drm/armada: fix leak of crtc structure
>>
>> Satheesh Rajendran (1):
>>       perf bench numa: Fixup discontiguous/sparse numa nodes
>>
>> Shuah Khan (1):
>>       usbip: keep usbip_device sockfd state in sync with tcp_socket
>>
>> Stefan Haberland (1):
>>       s390/dasd: prevent prefix I/O error
>>
>> Stefan Potyra (1):
>>       ASoC: rockchip: disable clock on error
>>
>> Steffen Klassert (2):
>>       xfrm: Fix stack-out-of-bounds read on socket policy lookup.
>>       xfrm: Fix stack-out-of-bounds with misconfigured transport mode
>> policies.
>>
>> Sudip Mukherjee (4):
>>       scsi: sim710: fix build warning
>>       dpt_i2o: fix build warning
>>       video: fbdev: sis: remove unused variable
>>       drm/gma500: remove helper function
>>
>> Takuo Koguchi (1):
>>       spi: sun4i: disable clocks in the remove function
>>
>> Tetsuo Handa (1):
>>       mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
>> failed.
>>
>> Thierry Reding (1):
>>       drm/gma500: Sanity-check pipe index
>>
>> Thomas Gleixner (1):
>>       x86/cpu/bugs: Make retpoline module warning conditional
>>
>> Tobias Jordan (1):
>>       dmaengine: jz4740: disable/unprepare clk if probe fails
>>
>> Tony Lindgren (2):
>>       ARM: OMAP2+: Fix SRAM virt to phys translation for
>> save_secure_ram_context
>>       ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
>>
>> Vinod Koul (1):
>>       ASoC: Intel: Kconfig: fix build when ACPI is not enabled
>>
>> Waiman Long (1):
>>       x86/retpoline: Remove the esp/rsp thunk
>>
>> Wanpeng Li (2):
>>       KVM: x86: fix escape of guest dr6 to the host
>>       KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
>> Ready" exceptions simultaneously
>>
>> Will Deacon (1):
>>       scripts/kernel-doc: Don't fail with status != 0 if error
>> encountered with -none
>>
>> Willem de Bruijn (1):
>>       net: avoid skb_warn_bad_offload on IS_ERR
>>
>> Wu Fengguang (1):
>>       net: dst_cache_per_cpu_dst_set() can be static
>>
>> Zumeng Chen (1):
>>       gianfar: fix a flooded alignment reports because of padding issue.
>>
>>  Documentation/kernel-parameters.txt                |    2 -
>>  Documentation/speculation.txt                      |   90 ++
>>  Makefile                                           |    8 +-
>>  arch/arm/boot/dts/am4372.dtsi                      |    6 +-
>>  arch/arm/boot/dts/omap4.dtsi                       |    2 -
>>  arch/arm/include/asm/barrier.h                     |    2 -
>>  arch/arm/mach-omap2/omap-secure.c                  |   21 +
>>  arch/arm/mach-omap2/omap-secure.h                  |    4 +
>>  arch/arm/mach-omap2/pm.h                           |    4 -
>>  arch/arm/mach-omap2/pm34xx.c                       |   13 +-
>>  arch/arm/mach-omap2/prm33xx.c                      |   12 -
>>  arch/arm/mach-omap2/sleep34xx.S                    |   26 +-
>>  arch/arm/mach-tegra/Kconfig                        |    2 -
>>  arch/arm64/Kconfig                                 |    2 +-
>>  arch/arm64/Kconfig.platforms                       |    2 -
>>  arch/arm64/boot/dts/mediatek/mt8173.dtsi           |    2 +
>>  arch/arm64/include/asm/barrier.h                   |    2 -
>>  arch/arm64/include/asm/bug.h                       |   33 +-
>>  arch/powerpc/include/asm/barrier.h                 |    2 -
>>  arch/powerpc/perf/core-book3s.c                    |    4 +-
>>  arch/s390/include/asm/barrier.h                    |   10 -
>>  arch/x86/Kconfig                                   |    2 +-
>>  arch/x86/Kconfig.debug                             |    1 +
>>  arch/x86/boot/Makefile                             |    5 +-
>>  arch/x86/crypto/twofish-x86_64-asm_64-3way.S       |  112 +-
>>  arch/x86/entry/common.c                            |    2 +
>>  arch/x86/events/core.c                             |    4 +-
>>  arch/x86/include/asm/asm-prototypes.h              |    1 -
>>  arch/x86/include/asm/barrier.h                     |   30 +-
>>  arch/x86/include/asm/microcode_amd.h               |    1 -
>>  arch/x86/include/asm/msr.h                         |    2 +-
>>  arch/x86/include/asm/nospec-branch.h               |    8 +-
>>  arch/x86/include/asm/vmx.h                         |    5 +-
>>  arch/x86/kernel/alternative.c                      |   14 -
>>  arch/x86/kernel/cpu/bugs.c                         |  132 +-
>>  arch/x86/kernel/cpu/mcheck/mce-inject.c            |    5 +-
>>  arch/x86/kernel/cpu/microcode/amd.c                |   17 +-
>>  arch/x86/kernel/head_32.S                          |    9 +-
>>  arch/x86/kvm/Kconfig                               |    3 +-
>>  arch/x86/kvm/emulate.c                             |    9 +-
>>  arch/x86/kvm/vmx.c                                 |   83 +-
>>  arch/x86/kvm/x86.c                                 |   40 +-
>>  arch/x86/lib/getuser.S                             |   10 +
>>  arch/x86/lib/retpoline.S                           |    1 -
>>  arch/x86/math-emu/Makefile                         |    4 +-
>>  arch/x86/math-emu/reg_compare.c                    |   16 +-
>>  arch/x86/mm/ioremap.c                              |    4 +-
>>  arch/x86/mm/kmmio.c                                |   12 +-
>>  arch/x86/net/bpf_jit_comp.c                        |   28 +-
>>  arch/x86/platform/olpc/olpc-xo15-sci.c             |    2 +
>>  certs/Makefile                                     |   33 +-
>>  .../abi/4.4.0-117.141/ppc64el/generic.modules      |    1 -
>>  debian.master/config/config.common.ubuntu          |    2 +
>>  debian.master/config/ppc64el/config.common.ppc64el |    1 -
>>  drivers/Makefile                                   |    1 +
>>  drivers/android/binder.c                           |    2 +
>>  drivers/char/hw_random/exynos-rng.c                |   10 +-
>>  drivers/crypto/s5p-sss.c                           |   13 +-
>>  drivers/dma/at_hdmac.c                             |    4 +-
>>  drivers/dma/dma-jz4740.c                           |    4 +-
>>  drivers/dma/ioat/init.c                            |    2 +-
>>  drivers/dma/zx296702_dma.c                         |    2 +-
>>  drivers/gpio/gpio-intel-mid.c                      |    2 +-
>>  drivers/gpio/gpio-xgene.c                          |   13 +-
>>  drivers/gpu/drm/armada/armada_crtc.c               |   25 +-
>>  drivers/gpu/drm/drm_modeset_lock.c                 |    2 +-
>>  drivers/gpu/drm/gma500/mdfld_dsi_dpi.c             |   10 +-
>>  drivers/gpu/drm/gma500/mdfld_dsi_output.c          |   12 +-
>>  drivers/gpu/drm/nouveau/nouveau_gem.c              |    2 +-
>>  drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c             |    7 +-
>>  drivers/i2c/i2c-boardinfo.c                        |    4 +-
>>  drivers/idle/Kconfig                               |    1 +
>>  drivers/iio/adc/axp288_adc.c                       |    2 +-
>>  drivers/infiniband/core/cma.c                      |    1 +
>>  drivers/infiniband/hw/cxgb4/device.c               |    5 +-
>>  drivers/input/keyboard/tca8418_keypad.c            |   21 +-
>>  drivers/isdn/hardware/eicon/message.c              |   16 +-
>>  drivers/isdn/icn/icn.c                             |    2 +-
>>  drivers/isdn/sc/init.c                             |    7 +-
>>  drivers/md/md.c                                    |   10 +-
>>  drivers/media/common/b2c2/flexcop-fe-tuner.c       |    4 +-
>>  drivers/media/i2c/s5k6aa.c                         |    5 +
>>  drivers/media/i2c/tc358743.c                       |   46 +-
>>  drivers/media/usb/em28xx/Kconfig                   |    2 +-
>>  drivers/media/usb/go7007/Kconfig                   |    2 +-
>>  drivers/media/usb/hdpvr/hdpvr-core.c               |    2 +
>>  drivers/media/usb/pwc/pwc-if.c                     |    2 +
>>  drivers/media/v4l2-core/Kconfig                    |    1 -
>>  drivers/message/fusion/mptbase.c                   |    2 +
>>  drivers/mtd/chips/Kconfig                          |    4 +
>>  drivers/mtd/maps/ck804xrom.c                       |    4 +-
>>  drivers/mtd/maps/esb2rom.c                         |    4 +-
>>  drivers/mtd/maps/ichxrom.c                         |   10 +-
>>  drivers/mtd/nand/sh_flctl.c                        |    5 +-
>>  drivers/net/Kconfig                                |    3 +
>>  drivers/net/ethernet/3com/3c509.c                  |    2 +-
>>  drivers/net/ethernet/3com/3c59x.c                  |    2 +-
>>  drivers/net/ethernet/amd/xgbe/xgbe-main.c          |    4 +-
>>  drivers/net/ethernet/dec/tulip/de4x5.c             |    2 +-
>>  drivers/net/ethernet/freescale/gianfar.c           |    6 +-
>>  drivers/net/ethernet/hp/hp100.c                    |   20 +-
>>  drivers/net/ethernet/ti/tlan.c                     |    2 +-
>>  drivers/net/hippi/rrunner.c                        |    2 +-
>>  drivers/net/ipvlan/ipvlan_core.c                   |    1 +
>>  drivers/net/usb/Kconfig                            |   10 +
>>  drivers/net/usb/Makefile                           |    2 +-
>>  drivers/net/wireless/ath/carl9170/main.c           |    1 -
>>  drivers/net/wireless/cw1200/cw1200_spi.c           |    9 +-
>>  drivers/net/wireless/cw1200/pm.h                   |    9 +-
>>  drivers/net/wireless/cw1200/wsm.c                  |    8 +-
>>  .../net/wireless/realtek/rtlwifi/rtl8821ae/dm.c    |    6 +-
>>  drivers/pinctrl/sunxi/pinctrl-sun9i-a80.c          |    6 +-
>>  drivers/platform/x86/Kconfig                       |    2 +
>>  drivers/platform/x86/intel_mid_thermal.c           |    2 +
>>  drivers/platform/x86/tc1100-wmi.c                  |    2 +
>>  drivers/power/Kconfig                              |    1 +
>>  drivers/power/bq27xxx_battery.c                    |    6 +-
>>  drivers/s390/block/dasd_eckd.c                     |   16 +-
>>  drivers/scsi/advansys.c                            |   24 +-
>>  drivers/scsi/dpt_i2o.c                             |    3 +
>>  drivers/scsi/fdomain.c                             |    2 +-
>>  drivers/scsi/g_NCR5380.c                           |    5 +-
>>  drivers/scsi/initio.c                              |   16 -
>>  drivers/scsi/mvumi.c                               |    4 +-
>>  drivers/scsi/qla2xxx/qla_mr.c                      |   12 +-
>>  drivers/scsi/sim710.c                              |    3 +-
>>  drivers/spi/spi-sun4i.c                            |    2 +-
>>  drivers/ssb/main.c                                 |    7 +-
>>  drivers/staging/android/ashmem.c                   |   19 +-
>>  drivers/staging/iio/adc/ad7192.c                   |   27 +-
>>  drivers/staging/ste_rmi4/synaptics_i2c_rmi4.c      |    7 +-
>>  drivers/staging/unisys/visorinput/Kconfig          |    2 +-
>>  drivers/staging/wilc1000/wilc_wlan_if.h            |    1 +
>>  drivers/target/target_core_user.c                  |    2 +-
>>  drivers/thermal/Kconfig                            |    4 +-
>>  .../thermal/int340x_thermal/int340x_thermal_zone.c |   11 +-
>>  drivers/thermal/spear_thermal.c                    |    6 +-
>>  drivers/tty/Kconfig                                |    2 +-
>>  drivers/tty/hvc/hvc_xen.c                          |    2 +-
>>  drivers/tty/serial/8250/Kconfig                    |    2 +-
>>  drivers/usb/host/Kconfig                           |    2 +
>>  drivers/usb/musb/ux500_dma.c                       |    3 -
>>  drivers/usb/phy/Kconfig                            |    1 +
>>  drivers/usb/usbip/stub_dev.c                       |    3 +
>>  drivers/usb/usbip/vhci_hcd.c                       |    2 +
>>  drivers/video/fbdev/Kconfig                        |    1 +
>>  drivers/video/fbdev/auo_k190x.c                    |   11 +-
>>  drivers/video/fbdev/exynos/s6e8ax0.c               |   13 +-
>>  drivers/video/fbdev/intelfb/intelfbdrv.c           |    2 +-
>>  drivers/video/fbdev/mmp/core.c                     |    5 +
>>  drivers/video/fbdev/sis/init301.c                  |   10 +-
>>  drivers/video/fbdev/sm712fb.c                      |   16 +-
>>  drivers/video/fbdev/via/viafbdev.c                 |    8 +-
>>  drivers/virtio/virtio_balloon.c                    |    2 +
>>  drivers/xen/Kconfig                                |    2 +-
>>  fs/btrfs/ioctl.c                                   |    2 +-
>>  fs/compat_binfmt_elf.c                             |    2 +
>>  fs/ncpfs/dir.c                                     |    3 +-
>>  fs/reiserfs/lbalance.c                             |    2 +-
>>  fs/reiserfs/reiserfs.h                             |    1 -
>>  fs/udf/misc.c                                      |    6 -
>>  include/asm-generic/barrier.h                      |   11 -
>>  include/linux/device.h                             |    7 +-
>>  include/linux/fdtable.h                            |    3 +-
>>  include/linux/filter.h                             |   10 -
>>  include/linux/init.h                               |    9 +-
>>  include/linux/module.h                             |    9 +
>>  include/linux/msi.h                                |   11 +-
>>  include/linux/mtd/sh_flctl.h                       |    1 +
>>  include/linux/nospec.h                             |   72 +
>>  include/linux/string.h                             |    1 +
>>  include/net/dst_cache.h                            |   97 ++
>>  include/net/ip6_tunnel.h                           |   15 +-
>>  include/net/netlink.h                              |   73 +-
>>  include/net/red.h                                  |   13 +-
>>  include/trace/events/clk.h                         |    4 +-
>>  kernel/bpf/core.c                                  |    3 -
>>  kernel/module.c                                    |   11 +
>>  kernel/profile.c                                   |    4 +-
>>  kernel/trace/blktrace.c                            |   32 +-
>>  kernel/user_namespace.c                            |    4 +-
>>  lib/Kconfig.debug                                  |    2 +-
>>  lib/oid_registry.c                                 |    8 +-
>>  mm/early_ioremap.c                                 |    2 +-
>>  mm/util.c                                          |   24 +
>>  mm/vmscan.c                                        |    3 +
>>  net/Kconfig                                        |    4 +
>>  net/core/Makefile                                  |    1 +
>>  net/core/dev.c                                     |    2 +-
>>  net/core/dst_cache.c                               |  168 ++
>>  net/decnet/af_decnet.c                             |   62 +-
>>  net/ipv4/ip_sockglue.c                             |   14 +-
>>  net/ipv4/ipconfig.c                                |    4 +
>>  net/ipv4/netfilter/ipt_CLUSTERIP.c                 |   16 +-
>>  net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c     |    6 +-
>>  net/ipv4/raw.c                                     |    1 -
>>  net/ipv6/Kconfig                                   |    1 +
>>  net/ipv6/ip6_gre.c                                 |   12 +-
>>  net/ipv6/ip6_tunnel.c                              |  149 +-
>>  net/ipv6/ip6_vti.c                                 |    2 +-
>>  net/ipv6/ipv6_sockglue.c                           |   17 +-
>>  net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c     |   18 +-
>>  net/ipv6/raw.c                                     |    1 -
>>  net/mpls/af_mpls.c                                 |    2 -
>>  net/netfilter/ipvs/ip_vs_app.c                     |    8 +-
>>  net/netfilter/ipvs/ip_vs_ctl.c                     |   15 +-
>>  net/netfilter/x_tables.c                           |    9 +-
>>  net/netfilter/xt_RATEEST.c                         |   22 +-
>>  net/sched/sch_choke.c                              |    3 +
>>  net/sched/sch_gred.c                               |    3 +
>>  net/sched/sch_red.c                                |    2 +
>>  net/sched/sch_sfq.c                                |    3 +
>>  net/wireless/core.c                                |    8 +-
>>  net/wireless/nl80211.c                             |    9 +-
>>  net/xfrm/xfrm_policy.c                             |    8 +-
>>  net/xfrm/xfrm_user.c                               |   24 +
>>  scripts/genksyms/parse.tab.c_shipped               | 1682
>> +++++++++-----------
>>  scripts/genksyms/parse.tab.h_shipped               |  133 +-
>>  scripts/genksyms/parse.y                           |    2 -
>>  scripts/kernel-doc                                 |    2 +-
>>  scripts/mod/modpost.c                              |    9 +
>>  security/selinux/ss/services.c                     |   21 +-
>>  sound/pci/hda/patch_ca0132.c                       |    3 +
>>  sound/soc/intel/Kconfig                            |    7 +-
>>  sound/soc/mediatek/Kconfig                         |    4 +-
>>  sound/soc/rockchip/rockchip_spdif.c                |   22 +-
>>  sound/soc/ux500/mop500.c                           |    4 +
>>  sound/soc/ux500/ux500_pcm.c                        |    5 +
>>  tools/build/Makefile.build                         |   10 +
>>  tools/perf/bench/numa.c                            |   56 +-
>>  tools/perf/builtin-top.c                           |   15 +-
>>  tools/scripts/Makefile.include                     |   12 +-
>>  232 files changed, 2538 insertions(+), 1977 deletions(-)
>>  create mode 100644 Documentation/speculation.txt
>>  create mode 100644 include/linux/nospec.h
>>  create mode 100644 include/net/dst_cache.h
>>  create mode 100644 net/core/dst_cache.c
>>
>>
>>
Stefan Bader April 4, 2018, 12:21 p.m. | #3
On 04.04.2018 13:40, Juerg Haefliger wrote:
> On 04/04/2018 12:20 PM, Kleber Souza wrote:
>> On 04/03/18 14:40, Juerg Haefliger wrote:
>>> BugLink: http://bugs.launchpad.net/bugs/1756866
>>>
>>> This is a pull request for the Xenial stable update from 4.4.117 to
>>> 4.4.118. The most notable change is the replacement of our spectre v1
>>> implementation with upstream's version. Specifically, the following
>>> patches are reverted:
>>>
>>> UBUNTU: SAUCE: arm: no osb() implementation yet"
>>> UBUNTU: SAUCE: arm64: no osb() implementation yet"
>>> UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>>> UBUNTU: SAUCE: powerpc: add osb barrier"
>>> UBUNTU: SAUCE: claim mitigation via observable speculation barrier"
>>> userns: prevent speculative execution"
>>> udf: prevent speculative execution"
>>> net: mpls: prevent speculative execution"
>>> fs: prevent speculative execution"
>>> ipv6: prevent speculative execution"
>>> ipv4: prevent speculative execution"
>>> Thermal/int340x: prevent speculative execution"
>>> qla2xxx: prevent speculative execution"
>>> carl9170: prevent speculative execution"
>>> UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when
>>> JIT is enabled"
>>> x86, bpf, jit: prevent speculative execution when JIT is enabled"
>>> bpf: prevent speculative execution in eBPF interpreter"
>>> locking/barriers: introduce new observable speculation barrier"
>>> UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>>> x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
>>>
>>> And their functionality is (partially?) replaced by upstream's patchset:
>>>
>>> x86/kvm: Update spectre-v1 mitigation
>>> x86/spectre: Report get_user mitigation for spectre_v1
>>> nl80211: Sanitize array index in parse_txq_params
>>> vfs, fdtable: Prevent bounds-check bypass via speculative execution
>>> x86/syscall: Sanitize syscall table de-references under speculation
>>> x86/get_user: Use pointer masking to limit speculation
>>> x86: Introduce barrier_nospec
>>> x86: Implement array_index_mask_nospec
>>> array_index_nospec: Sanitize speculative array de-references
>>> Documentation: Document array_index_nospec
>>>
>>> Note that v1 of the patchset submitted upstream [1] was more or less
>>> what we have pulled into Xenial. What's missing from that submittal
>>> compared to what we have are the bpf/jit patches and some of the osb()
>>> sprinkling throughout various subsystems and drivers. There was back and
>>> forth arguing in upstream about whether some of the places that the v1
>>> patchset modified were even user-space controllable and they eventually
>>> got dropped form the final v6 version [2]. Plus they added syscall and
>>> get_user sanitization.
>>>
>>> Also, the current upstream implementation is x86 only. PowerPC is in the
>>> works [3] but no s390x as of yet.
>>>
>>> [1] https://lkml.org/lkml/2018/1/5/769
>>> [2] https://lkml.org/lkml/2018/1/29/960
>>> [3] https://lkml.org/lkml/2018/3/15/929
>>>
>>>
>>> Let me know if you think we should bring back some or all of the stuff
>>> that got dropped (powerpc, s390x, bpf).
>>
>> Since the spectre v1 changes from upstream hasn't yet been carefully
>> reviewed and tested by our team, I will not apply this stable update
>> (and any subsequent ones) until we are more confident about it.
> 
> We're falling more and more behind. Upstream is at 4.4.126 now. Would it
> make sense to just skip those patches and continue? Assuming we don't
> run into issues with future patches because of this.

It would be good to catch up. But for that we need to rework 4.4.118 to skip
over the related patches (plus some document which carries what has been skipped
in total). And then continue from there, hoping for no issues.
That doc I imagine to contain everything skipped (oneline format?) because of
being spectre related grouped by stable version. Then whomever has to do that
final review can work with that? What do the others think?

Just for the current cycle I sadly cannot see us getting more done than up to
4.4.117.

-Stefan

> 
> ...Juerg
> 
> 
>> Kleber
>>
>>>
>>> Compile tested all supported architectures.
>>>
>>> ...Juerg
>>>
>>>
>>>
>>> The following changes since commit 638103b5a72ff90bead7fb350adb014be934cf35:
>>>
>>>   Linux 4.4.117 (2018-03-27 08:40:12 +0200)
>>>
>>> are available in the git repository at:
>>>
>>>   https://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.118
>>>
>>> for you to fetch changes up to 26c747a51753fb263a1107da3e8a07a249aa636a:
>>>
>>>   ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (2018-03-28
>>> 11:19:22 +0200)
>>>
>>> ----------------------------------------------------------------
>>> Alexandru Ardelean (1):
>>>       staging: iio: adc: ad7192: fix external frequency setting
>>>
>>> Andi Kleen (1):
>>>       module/retpoline: Warn about missing retpoline in module
>>>
>>> Andre Przywara (1):
>>>       pinctrl: sunxi: Fix A80 interrupt pin bank
>>>
>>> Andy Lutomirski (1):
>>>       dell-wmi, dell-laptop: depends DMI
>>>
>>> Arnd Bergmann (77):
>>>       ASoC: ux500: add MODULE_LICENSE tag
>>>       video: fbdev/mmp: add MODULE_LICENSE
>>>       arm64: dts: add #cooling-cells to CPU nodes
>>>       virtio_balloon: prevent uninitialized variable use
>>>       isdn: icn: remove a #warning
>>>       vmxnet3: prevent building with 64K pages
>>>       video: fbdev: via: remove possibly unused variables
>>>       scsi: advansys: fix build warning for PCI=n
>>>       arm64: define BUG() instruction without CONFIG_BUG
>>>       x86/fpu/math-emu: Fix possible uninitialized variable use
>>>       x86/build: Silence the build with "make -s"
>>>       thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
>>>       x86: add MULTIUSER dependency for KVM
>>>       x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
>>>       scsi: advansys: fix uninitialized data access
>>>       ALSA: hda/ca0132 - fix possible NULL pointer use
>>>       reiserfs: avoid a -Wmaybe-uninitialized warning
>>>       ssb: mark ssb_bus_register as __maybe_unused
>>>       thermal: spear: use __maybe_unused for PM functions
>>>       x86/boot: Avoid warning for zero-filling .bss
>>>       profile: hide unused functions when !CONFIG_PROC_FS
>>>       md: avoid warning for 32-bit sector_t
>>>       mtd: ichxrom: maybe-uninitialized with gcc-4.9
>>>       mptfusion: hide unused seq_mpt_print_ioc_summary function
>>>       scsi: fdomain: drop fdomain_pci_tbl when built-in
>>>       staging: ste_rmi4: avoid unused function warnings
>>>       fbdev: sis: enforce selection of at least one backend
>>>       scsi: mvumi: use __maybe_unused to hide pm functions
>>>       SCSI: initio: remove duplicate module device table
>>>       pwc: hide unused label
>>>       usb: musb/ux500: remove duplicate check for dma_is_compatible
>>>       tty: hvc_xen: hide xen_console_remove when unused
>>>       target/user: Fix cast from pointer to phys_addr_t
>>>       driver-core: use 'dev' argument in dev_dbg_ratelimited stub
>>>       fbdev: auo_k190x: avoid unused function warnings
>>>       mtd: sh_flctl: pass FIFO as physical address
>>>       mtd: cfi: enforce valid geometry configuration
>>>       fbdev: s6e8ax0: avoid unused function warnings
>>>       modsign: hide openssl output in silent builds
>>>       fbdev: sm712fb: avoid unused function warnings
>>>       hwrng: exynos - use __maybe_unused to hide pm functions
>>>       USB: cdc_subset: only build when one driver is enabled
>>>       rtlwifi: fix gcc-6 indentation warning
>>>       netfilter: ipvs: avoid unused variable warnings
>>>       ipv4: ipconfig: avoid unused ic_proto_used symbol
>>>       tlan: avoid unused label with PCI=n
>>>       tty: cyclades: cyz_interrupt is only used for PCI
>>>       genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
>>>       ASoC: mediatek: add i2c dependency
>>>       infiniband: cxgb4: use %pR format string for printing resources
>>>       b2c2: flexcop: avoid unused function warnings
>>>       tc358743: fix register i2c_rd/wr functions
>>>       drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
>>>       Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
>>>       KVM: add X86_LOCAL_APIC dependency
>>>       go7007: add MEDIA_CAMERA_SUPPORT dependency
>>>       em28xx: only use mt9v011 if camera support is enabled
>>>       ISDN: eicon: reduce stack size of sig_ind function
>>>       ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
>>>       hdpvr: hide unused variable
>>>       v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
>>>       cw1200: fix bogus maybe-uninitialized warning
>>>       wireless: cw1200: use __maybe_unused to hide pm functions_
>>>       perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
>>>       net: hp100: remove unnecessary #ifdefs
>>>       gpio: xgene: mark PM functions as __maybe_unused
>>>       Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
>>>       power: bq27xxx_battery: mark some symbols __maybe_unused
>>>       isdn: sc: work around type mismatch warning
>>>       binfmt_elf: compat: avoid unused function warning
>>>       idle: i7300: add PCI dependency
>>>       usb: phy: msm add regulator dependency
>>>       ncr5380: shut up gcc indentation warning
>>>       ARM: tegra: select USB_ULPI from EHCI rather than platform
>>>       netlink: fix nla_put_{u8,u16,u32} for KASAN
>>>       kasan: rework Kconfig settings
>>>       ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
>>>
>>> Augusto Mecking Caringi (1):
>>>       gpio: intel-mid: Fix build warning when !CONFIG_PM
>>>
>>> Ben Hutchings (1):
>>>       staging: android: ashmem: Fix a race condition in pin ioctls
>>>
>>> Borislav Petkov (7):
>>>       platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
>>>       x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
>>>       amd-xgbe: Fix unused suspend handlers build warning
>>>       x86/platform/olpc: Fix resume handler build warning
>>>       x86/microcode/AMD: Change load_microcode_amd()'s param to bool to
>>> fix preemptibility bug
>>>       x86/nospec: Fix header guards names
>>>       x86/bugs: Drop one "mitigation" from dmesg
>>>
>>> Cai Li (1):
>>>       clk: fix a panic error caused by accessing NULL pointer
>>>
>>> Chris Wilson (1):
>>>       drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
>>>
>>> Christophe JAILLET (1):
>>>       dmaengine: ioat: Fix error handling path
>>>
>>> Colin Ian King (3):
>>>       tc1100-wmi: fix build warning when CONFIG_PM not enabled
>>>       iio: adc: axp288: remove redundant duplicate const on
>>> axp288_adc_channels
>>>       x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
>>>
>>> Cong Wang (2):
>>>       xfrm: check id proto in validate_tmpl()
>>>       netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
>>>
>>> Dan Williams (9):
>>>       array_index_nospec: Sanitize speculative array de-references
>>>       x86: Implement array_index_mask_nospec
>>>       x86: Introduce barrier_nospec
>>>       x86/get_user: Use pointer masking to limit speculation
>>>       x86/syscall: Sanitize syscall table de-references under speculation
>>>       vfs, fdtable: Prevent bounds-check bypass via speculative execution
>>>       nl80211: Sanitize array index in parse_txq_params
>>>       x86/spectre: Report get_user mitigation for spectre_v1
>>>       x86/kvm: Update spectre-v1 mitigation
>>>
>>> Daniel Wagner (1):
>>>       video: Use bool instead int pointer for get_opt_bool() argument
>>>
>>> Darren Kenny (1):
>>>       x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
>>>
>>> Dave Jones (1):
>>>       Make DST_CACHE a silent config option
>>>
>>> Dave Young (1):
>>>       mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
>>>
>>> David Hildenbrand (2):
>>>       KVM: nVMX: kmap() can't fail
>>>       KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
>>>
>>> David Howells (1):
>>>       Provide a function to create a NUL-terminated string from
>>> unterminated data
>>>
>>> David Woodhouse (1):
>>>       x86/retpoline: Avoid retpolines for built-in __init functions
>>>
>>> Dmitry Vyukov (2):
>>>       netfilter: x_tables: fix int overflow in xt_alloc_table_info()
>>>       netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
>>> clusterip_tg_check()
>>>
>>> Dou Liyang (1):
>>>       x86/spectre: Check CONFIG_RETPOLINE in command line parser
>>>
>>> Eric Biggers (3):
>>>       crypto: x86/twofish-3way - Fix %rbp usage
>>>       binder: check for binder_thread allocation failure in binder_poll()
>>>       509: fix printing uninitialized stack memory when OID is empty
>>>
>>> Eric Dumazet (1):
>>>       netfilter: x_tables: avoid out-of-bounds reads in
>>> xt_request_find_{match|target}
>>>
>>> Fabian Frederick (1):
>>>       drivers/net: fix eisa_driver probe section mismatch
>>>
>>> Gao Feng (1):
>>>       ipvlan: Add the skb->mark as flow4's member to lookup route
>>>
>>> Glen Lee (1):
>>>       staging: wilc1000: fix kbuild test robot error
>>>
>>> Greg Kroah-Hartman (1):
>>>       Linux 4.4.118
>>>
>>> Gustavo A. R. Silva (1):
>>>       dmaengine: at_hdmac: fix potential NULL pointer dereference in
>>> atc_prep_dma_interleaved
>>>
>>> Heikki Krogerus (1):
>>>       serial: 8250_mid: fix broken DMA dependency
>>>
>>> Jan Beulich (1):
>>>       xen: XEN_ACPI_PROCESSOR is Dom0-only
>>>
>>> Jan Dakinevich (2):
>>>       KVM: VMX: clean up declaration of VPID/EPT invalidation types
>>>       KVM: nVMX: invvpid handling improvements
>>>
>>> Jens Axboe (1):
>>>       blktrace: fix unlocked registration of tracepoints
>>>
>>> Jia-Ju Bai (1):
>>>       hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
>>>
>>> Jim Mattson (1):
>>>       kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
>>>
>>> Jiri Olsa (1):
>>>       perf top: Fix window dimensions change handling
>>>
>>> Johannes Berg (1):
>>>       cfg80211: check dev_set_name() return value
>>>
>>> Josh Poimboeuf (2):
>>>       tools build: Add tools tree support for 'make -s'
>>>       x86/paravirt: Remove 'noreplace-paravirt' cmdline option
>>>
>>> Juerg Haefliger (22):
>>>       Revert "UBUNTU: SAUCE: arm: no osb() implementation yet"
>>>       Revert "UBUNTU: SAUCE: arm64: no osb() implementation yet"
>>>       Revert "UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>>>       Revert "UBUNTU: SAUCE: powerpc: add osb barrier"
>>>       Revert "UBUNTU: SAUCE: claim mitigation via observable speculation
>>> barrier"
>>>       Revert "userns: prevent speculative execution"
>>>       Revert "udf: prevent speculative execution"
>>>       Revert "net: mpls: prevent speculative execution"
>>>       Revert "fs: prevent speculative execution"
>>>       Revert "ipv6: prevent speculative execution"
>>>       Revert "ipv4: prevent speculative execution"
>>>       Revert "Thermal/int340x: prevent speculative execution"
>>>       Revert "qla2xxx: prevent speculative execution"
>>>       Revert "carl9170: prevent speculative execution"
>>>       Revert "UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative
>>> execution when JIT is enabled"
>>>       Revert "x86, bpf, jit: prevent speculative execution when JIT is
>>> enabled"
>>>       Revert "bpf: prevent speculative execution in eBPF interpreter"
>>>       Revert "locking/barriers: introduce new observable speculation
>>> barrier"
>>>       Revert "UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>>>       Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
>>> feature"
>>>       UBUNTU: [Config] updateconfigs after 4.4.118 stable update
>>>       UBUNTU: ppc64el -- Remove vmxnet3 module
>>>
>>> Julia Lawall (1):
>>>       mtd: maps: add __init attribute
>>>
>>> Jun Nie (1):
>>>       dmaengine: zx: fix build warning
>>>
>>> Kamil Konieczny (1):
>>>       crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
>>>
>>> KarimAllah Ahmed (1):
>>>       x86/spectre: Simplify spectre_v2 command line parsing
>>>
>>> Karol Herbst (1):
>>>       x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
>>>
>>> Keerthy (1):
>>>       ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
>>>
>>> Kefeng Wang (1):
>>>       arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
>>>
>>> Luis R. Rodriguez (1):
>>>       i2c: remove __init from i2c_register_board_info()
>>>
>>> Mark Rutland (1):
>>>       Documentation: Document array_index_nospec
>>>
>>> Mauro Carvalho Chehab (1):
>>>       media: s5k6aa: describe some function parameters
>>>
>>> Michal Marek (1):
>>>       genksyms: Fix segfault with invalid declarations
>>>
>>> Miklos Szeredi (1):
>>>       ncpfs: fix unused variable warning
>>>
>>> Moni Shoua (1):
>>>       RDMA/cma: Make sure that PSN is not over max allowed
>>>
>>> Nikolay Borisov (1):
>>>       btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
>>>
>>> Nogah Frankel (2):
>>>       net_sched: red: Avoid devision by zero
>>>       net_sched: red: Avoid illegal values
>>>
>>> Paolo Abeni (4):
>>>       net: add dst_cache support
>>>       net: replace dst_cache ip6_tunnel implementation with the generic one
>>>       netfilter: on sockopt() acquire sock lock only in the required scope
>>>       dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
>>>
>>> Paul Bolle (1):
>>>       drm/vmwgfx: use *_32_bits() macros
>>>
>>> Paul Moore (2):
>>>       selinux: ensure the context is NUL terminated in
>>> security_context_to_sid_core()
>>>       selinux: skip bounded transition processing if the policy isn't loaded
>>>
>>> Peter Ujfalusi (1):
>>>       ARM: dts: am4372: Correct the interrupts_properties of McASP
>>>
>>> Peter Zijlstra (2):
>>>       KVM: x86: Make indirect calls in emulator speculation safe
>>>       KVM: VMX: Make indirect call speculation safe
>>>
>>> Randy Dunlap (2):
>>>       usb: build drivers/usb/common/ when USB_SUPPORT is set
>>>       staging: unisys: visorinput depends on INPUT
>>>
>>> Ravi Bangoria (1):
>>>       powerpc/perf: Fix oops when grouping different pmu events
>>>
>>> Russell King (1):
>>>       drm/armada: fix leak of crtc structure
>>>
>>> Satheesh Rajendran (1):
>>>       perf bench numa: Fixup discontiguous/sparse numa nodes
>>>
>>> Shuah Khan (1):
>>>       usbip: keep usbip_device sockfd state in sync with tcp_socket
>>>
>>> Stefan Haberland (1):
>>>       s390/dasd: prevent prefix I/O error
>>>
>>> Stefan Potyra (1):
>>>       ASoC: rockchip: disable clock on error
>>>
>>> Steffen Klassert (2):
>>>       xfrm: Fix stack-out-of-bounds read on socket policy lookup.
>>>       xfrm: Fix stack-out-of-bounds with misconfigured transport mode
>>> policies.
>>>
>>> Sudip Mukherjee (4):
>>>       scsi: sim710: fix build warning
>>>       dpt_i2o: fix build warning
>>>       video: fbdev: sis: remove unused variable
>>>       drm/gma500: remove helper function
>>>
>>> Takuo Koguchi (1):
>>>       spi: sun4i: disable clocks in the remove function
>>>
>>> Tetsuo Handa (1):
>>>       mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
>>> failed.
>>>
>>> Thierry Reding (1):
>>>       drm/gma500: Sanity-check pipe index
>>>
>>> Thomas Gleixner (1):
>>>       x86/cpu/bugs: Make retpoline module warning conditional
>>>
>>> Tobias Jordan (1):
>>>       dmaengine: jz4740: disable/unprepare clk if probe fails
>>>
>>> Tony Lindgren (2):
>>>       ARM: OMAP2+: Fix SRAM virt to phys translation for
>>> save_secure_ram_context
>>>       ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
>>>
>>> Vinod Koul (1):
>>>       ASoC: Intel: Kconfig: fix build when ACPI is not enabled
>>>
>>> Waiman Long (1):
>>>       x86/retpoline: Remove the esp/rsp thunk
>>>
>>> Wanpeng Li (2):
>>>       KVM: x86: fix escape of guest dr6 to the host
>>>       KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
>>> Ready" exceptions simultaneously
>>>
>>> Will Deacon (1):
>>>       scripts/kernel-doc: Don't fail with status != 0 if error
>>> encountered with -none
>>>
>>> Willem de Bruijn (1):
>>>       net: avoid skb_warn_bad_offload on IS_ERR
>>>
>>> Wu Fengguang (1):
>>>       net: dst_cache_per_cpu_dst_set() can be static
>>>
>>> Zumeng Chen (1):
>>>       gianfar: fix a flooded alignment reports because of padding issue.
>>>
>>>  Documentation/kernel-parameters.txt                |    2 -
>>>  Documentation/speculation.txt                      |   90 ++
>>>  Makefile                                           |    8 +-
>>>  arch/arm/boot/dts/am4372.dtsi                      |    6 +-
>>>  arch/arm/boot/dts/omap4.dtsi                       |    2 -
>>>  arch/arm/include/asm/barrier.h                     |    2 -
>>>  arch/arm/mach-omap2/omap-secure.c                  |   21 +
>>>  arch/arm/mach-omap2/omap-secure.h                  |    4 +
>>>  arch/arm/mach-omap2/pm.h                           |    4 -
>>>  arch/arm/mach-omap2/pm34xx.c                       |   13 +-
>>>  arch/arm/mach-omap2/prm33xx.c                      |   12 -
>>>  arch/arm/mach-omap2/sleep34xx.S                    |   26 +-
>>>  arch/arm/mach-tegra/Kconfig                        |    2 -
>>>  arch/arm64/Kconfig                                 |    2 +-
>>>  arch/arm64/Kconfig.platforms                       |    2 -
>>>  arch/arm64/boot/dts/mediatek/mt8173.dtsi           |    2 +
>>>  arch/arm64/include/asm/barrier.h                   |    2 -
>>>  arch/arm64/include/asm/bug.h                       |   33 +-
>>>  arch/powerpc/include/asm/barrier.h                 |    2 -
>>>  arch/powerpc/perf/core-book3s.c                    |    4 +-
>>>  arch/s390/include/asm/barrier.h                    |   10 -
>>>  arch/x86/Kconfig                                   |    2 +-
>>>  arch/x86/Kconfig.debug                             |    1 +
>>>  arch/x86/boot/Makefile                             |    5 +-
>>>  arch/x86/crypto/twofish-x86_64-asm_64-3way.S       |  112 +-
>>>  arch/x86/entry/common.c                            |    2 +
>>>  arch/x86/events/core.c                             |    4 +-
>>>  arch/x86/include/asm/asm-prototypes.h              |    1 -
>>>  arch/x86/include/asm/barrier.h                     |   30 +-
>>>  arch/x86/include/asm/microcode_amd.h               |    1 -
>>>  arch/x86/include/asm/msr.h                         |    2 +-
>>>  arch/x86/include/asm/nospec-branch.h               |    8 +-
>>>  arch/x86/include/asm/vmx.h                         |    5 +-
>>>  arch/x86/kernel/alternative.c                      |   14 -
>>>  arch/x86/kernel/cpu/bugs.c                         |  132 +-
>>>  arch/x86/kernel/cpu/mcheck/mce-inject.c            |    5 +-
>>>  arch/x86/kernel/cpu/microcode/amd.c                |   17 +-
>>>  arch/x86/kernel/head_32.S                          |    9 +-
>>>  arch/x86/kvm/Kconfig                               |    3 +-
>>>  arch/x86/kvm/emulate.c                             |    9 +-
>>>  arch/x86/kvm/vmx.c                                 |   83 +-
>>>  arch/x86/kvm/x86.c                                 |   40 +-
>>>  arch/x86/lib/getuser.S                             |   10 +
>>>  arch/x86/lib/retpoline.S                           |    1 -
>>>  arch/x86/math-emu/Makefile                         |    4 +-
>>>  arch/x86/math-emu/reg_compare.c                    |   16 +-
>>>  arch/x86/mm/ioremap.c                              |    4 +-
>>>  arch/x86/mm/kmmio.c                                |   12 +-
>>>  arch/x86/net/bpf_jit_comp.c                        |   28 +-
>>>  arch/x86/platform/olpc/olpc-xo15-sci.c             |    2 +
>>>  certs/Makefile                                     |   33 +-
>>>  .../abi/4.4.0-117.141/ppc64el/generic.modules      |    1 -
>>>  debian.master/config/config.common.ubuntu          |    2 +
>>>  debian.master/config/ppc64el/config.common.ppc64el |    1 -
>>>  drivers/Makefile                                   |    1 +
>>>  drivers/android/binder.c                           |    2 +
>>>  drivers/char/hw_random/exynos-rng.c                |   10 +-
>>>  drivers/crypto/s5p-sss.c                           |   13 +-
>>>  drivers/dma/at_hdmac.c                             |    4 +-
>>>  drivers/dma/dma-jz4740.c                           |    4 +-
>>>  drivers/dma/ioat/init.c                            |    2 +-
>>>  drivers/dma/zx296702_dma.c                         |    2 +-
>>>  drivers/gpio/gpio-intel-mid.c                      |    2 +-
>>>  drivers/gpio/gpio-xgene.c                          |   13 +-
>>>  drivers/gpu/drm/armada/armada_crtc.c               |   25 +-
>>>  drivers/gpu/drm/drm_modeset_lock.c                 |    2 +-
>>>  drivers/gpu/drm/gma500/mdfld_dsi_dpi.c             |   10 +-
>>>  drivers/gpu/drm/gma500/mdfld_dsi_output.c          |   12 +-
>>>  drivers/gpu/drm/nouveau/nouveau_gem.c              |    2 +-
>>>  drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c             |    7 +-
>>>  drivers/i2c/i2c-boardinfo.c                        |    4 +-
>>>  drivers/idle/Kconfig                               |    1 +
>>>  drivers/iio/adc/axp288_adc.c                       |    2 +-
>>>  drivers/infiniband/core/cma.c                      |    1 +
>>>  drivers/infiniband/hw/cxgb4/device.c               |    5 +-
>>>  drivers/input/keyboard/tca8418_keypad.c            |   21 +-
>>>  drivers/isdn/hardware/eicon/message.c              |   16 +-
>>>  drivers/isdn/icn/icn.c                             |    2 +-
>>>  drivers/isdn/sc/init.c                             |    7 +-
>>>  drivers/md/md.c                                    |   10 +-
>>>  drivers/media/common/b2c2/flexcop-fe-tuner.c       |    4 +-
>>>  drivers/media/i2c/s5k6aa.c                         |    5 +
>>>  drivers/media/i2c/tc358743.c                       |   46 +-
>>>  drivers/media/usb/em28xx/Kconfig                   |    2 +-
>>>  drivers/media/usb/go7007/Kconfig                   |    2 +-
>>>  drivers/media/usb/hdpvr/hdpvr-core.c               |    2 +
>>>  drivers/media/usb/pwc/pwc-if.c                     |    2 +
>>>  drivers/media/v4l2-core/Kconfig                    |    1 -
>>>  drivers/message/fusion/mptbase.c                   |    2 +
>>>  drivers/mtd/chips/Kconfig                          |    4 +
>>>  drivers/mtd/maps/ck804xrom.c                       |    4 +-
>>>  drivers/mtd/maps/esb2rom.c                         |    4 +-
>>>  drivers/mtd/maps/ichxrom.c                         |   10 +-
>>>  drivers/mtd/nand/sh_flctl.c                        |    5 +-
>>>  drivers/net/Kconfig                                |    3 +
>>>  drivers/net/ethernet/3com/3c509.c                  |    2 +-
>>>  drivers/net/ethernet/3com/3c59x.c                  |    2 +-
>>>  drivers/net/ethernet/amd/xgbe/xgbe-main.c          |    4 +-
>>>  drivers/net/ethernet/dec/tulip/de4x5.c             |    2 +-
>>>  drivers/net/ethernet/freescale/gianfar.c           |    6 +-
>>>  drivers/net/ethernet/hp/hp100.c                    |   20 +-
>>>  drivers/net/ethernet/ti/tlan.c                     |    2 +-
>>>  drivers/net/hippi/rrunner.c                        |    2 +-
>>>  drivers/net/ipvlan/ipvlan_core.c                   |    1 +
>>>  drivers/net/usb/Kconfig                            |   10 +
>>>  drivers/net/usb/Makefile                           |    2 +-
>>>  drivers/net/wireless/ath/carl9170/main.c           |    1 -
>>>  drivers/net/wireless/cw1200/cw1200_spi.c           |    9 +-
>>>  drivers/net/wireless/cw1200/pm.h                   |    9 +-
>>>  drivers/net/wireless/cw1200/wsm.c                  |    8 +-
>>>  .../net/wireless/realtek/rtlwifi/rtl8821ae/dm.c    |    6 +-
>>>  drivers/pinctrl/sunxi/pinctrl-sun9i-a80.c          |    6 +-
>>>  drivers/platform/x86/Kconfig                       |    2 +
>>>  drivers/platform/x86/intel_mid_thermal.c           |    2 +
>>>  drivers/platform/x86/tc1100-wmi.c                  |    2 +
>>>  drivers/power/Kconfig                              |    1 +
>>>  drivers/power/bq27xxx_battery.c                    |    6 +-
>>>  drivers/s390/block/dasd_eckd.c                     |   16 +-
>>>  drivers/scsi/advansys.c                            |   24 +-
>>>  drivers/scsi/dpt_i2o.c                             |    3 +
>>>  drivers/scsi/fdomain.c                             |    2 +-
>>>  drivers/scsi/g_NCR5380.c                           |    5 +-
>>>  drivers/scsi/initio.c                              |   16 -
>>>  drivers/scsi/mvumi.c                               |    4 +-
>>>  drivers/scsi/qla2xxx/qla_mr.c                      |   12 +-
>>>  drivers/scsi/sim710.c                              |    3 +-
>>>  drivers/spi/spi-sun4i.c                            |    2 +-
>>>  drivers/ssb/main.c                                 |    7 +-
>>>  drivers/staging/android/ashmem.c                   |   19 +-
>>>  drivers/staging/iio/adc/ad7192.c                   |   27 +-
>>>  drivers/staging/ste_rmi4/synaptics_i2c_rmi4.c      |    7 +-
>>>  drivers/staging/unisys/visorinput/Kconfig          |    2 +-
>>>  drivers/staging/wilc1000/wilc_wlan_if.h            |    1 +
>>>  drivers/target/target_core_user.c                  |    2 +-
>>>  drivers/thermal/Kconfig                            |    4 +-
>>>  .../thermal/int340x_thermal/int340x_thermal_zone.c |   11 +-
>>>  drivers/thermal/spear_thermal.c                    |    6 +-
>>>  drivers/tty/Kconfig                                |    2 +-
>>>  drivers/tty/hvc/hvc_xen.c                          |    2 +-
>>>  drivers/tty/serial/8250/Kconfig                    |    2 +-
>>>  drivers/usb/host/Kconfig                           |    2 +
>>>  drivers/usb/musb/ux500_dma.c                       |    3 -
>>>  drivers/usb/phy/Kconfig                            |    1 +
>>>  drivers/usb/usbip/stub_dev.c                       |    3 +
>>>  drivers/usb/usbip/vhci_hcd.c                       |    2 +
>>>  drivers/video/fbdev/Kconfig                        |    1 +
>>>  drivers/video/fbdev/auo_k190x.c                    |   11 +-
>>>  drivers/video/fbdev/exynos/s6e8ax0.c               |   13 +-
>>>  drivers/video/fbdev/intelfb/intelfbdrv.c           |    2 +-
>>>  drivers/video/fbdev/mmp/core.c                     |    5 +
>>>  drivers/video/fbdev/sis/init301.c                  |   10 +-
>>>  drivers/video/fbdev/sm712fb.c                      |   16 +-
>>>  drivers/video/fbdev/via/viafbdev.c                 |    8 +-
>>>  drivers/virtio/virtio_balloon.c                    |    2 +
>>>  drivers/xen/Kconfig                                |    2 +-
>>>  fs/btrfs/ioctl.c                                   |    2 +-
>>>  fs/compat_binfmt_elf.c                             |    2 +
>>>  fs/ncpfs/dir.c                                     |    3 +-
>>>  fs/reiserfs/lbalance.c                             |    2 +-
>>>  fs/reiserfs/reiserfs.h                             |    1 -
>>>  fs/udf/misc.c                                      |    6 -
>>>  include/asm-generic/barrier.h                      |   11 -
>>>  include/linux/device.h                             |    7 +-
>>>  include/linux/fdtable.h                            |    3 +-
>>>  include/linux/filter.h                             |   10 -
>>>  include/linux/init.h                               |    9 +-
>>>  include/linux/module.h                             |    9 +
>>>  include/linux/msi.h                                |   11 +-
>>>  include/linux/mtd/sh_flctl.h                       |    1 +
>>>  include/linux/nospec.h                             |   72 +
>>>  include/linux/string.h                             |    1 +
>>>  include/net/dst_cache.h                            |   97 ++
>>>  include/net/ip6_tunnel.h                           |   15 +-
>>>  include/net/netlink.h                              |   73 +-
>>>  include/net/red.h                                  |   13 +-
>>>  include/trace/events/clk.h                         |    4 +-
>>>  kernel/bpf/core.c                                  |    3 -
>>>  kernel/module.c                                    |   11 +
>>>  kernel/profile.c                                   |    4 +-
>>>  kernel/trace/blktrace.c                            |   32 +-
>>>  kernel/user_namespace.c                            |    4 +-
>>>  lib/Kconfig.debug                                  |    2 +-
>>>  lib/oid_registry.c                                 |    8 +-
>>>  mm/early_ioremap.c                                 |    2 +-
>>>  mm/util.c                                          |   24 +
>>>  mm/vmscan.c                                        |    3 +
>>>  net/Kconfig                                        |    4 +
>>>  net/core/Makefile                                  |    1 +
>>>  net/core/dev.c                                     |    2 +-
>>>  net/core/dst_cache.c                               |  168 ++
>>>  net/decnet/af_decnet.c                             |   62 +-
>>>  net/ipv4/ip_sockglue.c                             |   14 +-
>>>  net/ipv4/ipconfig.c                                |    4 +
>>>  net/ipv4/netfilter/ipt_CLUSTERIP.c                 |   16 +-
>>>  net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c     |    6 +-
>>>  net/ipv4/raw.c                                     |    1 -
>>>  net/ipv6/Kconfig                                   |    1 +
>>>  net/ipv6/ip6_gre.c                                 |   12 +-
>>>  net/ipv6/ip6_tunnel.c                              |  149 +-
>>>  net/ipv6/ip6_vti.c                                 |    2 +-
>>>  net/ipv6/ipv6_sockglue.c                           |   17 +-
>>>  net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c     |   18 +-
>>>  net/ipv6/raw.c                                     |    1 -
>>>  net/mpls/af_mpls.c                                 |    2 -
>>>  net/netfilter/ipvs/ip_vs_app.c                     |    8 +-
>>>  net/netfilter/ipvs/ip_vs_ctl.c                     |   15 +-
>>>  net/netfilter/x_tables.c                           |    9 +-
>>>  net/netfilter/xt_RATEEST.c                         |   22 +-
>>>  net/sched/sch_choke.c                              |    3 +
>>>  net/sched/sch_gred.c                               |    3 +
>>>  net/sched/sch_red.c                                |    2 +
>>>  net/sched/sch_sfq.c                                |    3 +
>>>  net/wireless/core.c                                |    8 +-
>>>  net/wireless/nl80211.c                             |    9 +-
>>>  net/xfrm/xfrm_policy.c                             |    8 +-
>>>  net/xfrm/xfrm_user.c                               |   24 +
>>>  scripts/genksyms/parse.tab.c_shipped               | 1682
>>> +++++++++-----------
>>>  scripts/genksyms/parse.tab.h_shipped               |  133 +-
>>>  scripts/genksyms/parse.y                           |    2 -
>>>  scripts/kernel-doc                                 |    2 +-
>>>  scripts/mod/modpost.c                              |    9 +
>>>  security/selinux/ss/services.c                     |   21 +-
>>>  sound/pci/hda/patch_ca0132.c                       |    3 +
>>>  sound/soc/intel/Kconfig                            |    7 +-
>>>  sound/soc/mediatek/Kconfig                         |    4 +-
>>>  sound/soc/rockchip/rockchip_spdif.c                |   22 +-
>>>  sound/soc/ux500/mop500.c                           |    4 +
>>>  sound/soc/ux500/ux500_pcm.c                        |    5 +
>>>  tools/build/Makefile.build                         |   10 +
>>>  tools/perf/bench/numa.c                            |   56 +-
>>>  tools/perf/builtin-top.c                           |   15 +-
>>>  tools/scripts/Makefile.include                     |   12 +-
>>>  232 files changed, 2538 insertions(+), 1977 deletions(-)
>>>  create mode 100644 Documentation/speculation.txt
>>>  create mode 100644 include/linux/nospec.h
>>>  create mode 100644 include/net/dst_cache.h
>>>  create mode 100644 net/core/dst_cache.c
>>>
>>>
>>>
> 
>
Juerg Haefliger April 4, 2018, 12:47 p.m. | #4
On 04/04/2018 02:21 PM, Stefan Bader wrote:
> On 04.04.2018 13:40, Juerg Haefliger wrote:
>> On 04/04/2018 12:20 PM, Kleber Souza wrote:
>>> On 04/03/18 14:40, Juerg Haefliger wrote:
>>>> BugLink: http://bugs.launchpad.net/bugs/1756866
>>>>
>>>> This is a pull request for the Xenial stable update from 4.4.117 to
>>>> 4.4.118. The most notable change is the replacement of our spectre v1
>>>> implementation with upstream's version. Specifically, the following
>>>> patches are reverted:
>>>>
>>>> UBUNTU: SAUCE: arm: no osb() implementation yet"
>>>> UBUNTU: SAUCE: arm64: no osb() implementation yet"
>>>> UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>>>> UBUNTU: SAUCE: powerpc: add osb barrier"
>>>> UBUNTU: SAUCE: claim mitigation via observable speculation barrier"
>>>> userns: prevent speculative execution"
>>>> udf: prevent speculative execution"
>>>> net: mpls: prevent speculative execution"
>>>> fs: prevent speculative execution"
>>>> ipv6: prevent speculative execution"
>>>> ipv4: prevent speculative execution"
>>>> Thermal/int340x: prevent speculative execution"
>>>> qla2xxx: prevent speculative execution"
>>>> carl9170: prevent speculative execution"
>>>> UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when
>>>> JIT is enabled"
>>>> x86, bpf, jit: prevent speculative execution when JIT is enabled"
>>>> bpf: prevent speculative execution in eBPF interpreter"
>>>> locking/barriers: introduce new observable speculation barrier"
>>>> UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>>>> x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
>>>>
>>>> And their functionality is (partially?) replaced by upstream's patchset:
>>>>
>>>> x86/kvm: Update spectre-v1 mitigation
>>>> x86/spectre: Report get_user mitigation for spectre_v1
>>>> nl80211: Sanitize array index in parse_txq_params
>>>> vfs, fdtable: Prevent bounds-check bypass via speculative execution
>>>> x86/syscall: Sanitize syscall table de-references under speculation
>>>> x86/get_user: Use pointer masking to limit speculation
>>>> x86: Introduce barrier_nospec
>>>> x86: Implement array_index_mask_nospec
>>>> array_index_nospec: Sanitize speculative array de-references
>>>> Documentation: Document array_index_nospec
>>>>
>>>> Note that v1 of the patchset submitted upstream [1] was more or less
>>>> what we have pulled into Xenial. What's missing from that submittal
>>>> compared to what we have are the bpf/jit patches and some of the osb()
>>>> sprinkling throughout various subsystems and drivers. There was back and
>>>> forth arguing in upstream about whether some of the places that the v1
>>>> patchset modified were even user-space controllable and they eventually
>>>> got dropped form the final v6 version [2]. Plus they added syscall and
>>>> get_user sanitization.
>>>>
>>>> Also, the current upstream implementation is x86 only. PowerPC is in the
>>>> works [3] but no s390x as of yet.
>>>>
>>>> [1] https://lkml.org/lkml/2018/1/5/769
>>>> [2] https://lkml.org/lkml/2018/1/29/960
>>>> [3] https://lkml.org/lkml/2018/3/15/929
>>>>
>>>>
>>>> Let me know if you think we should bring back some or all of the stuff
>>>> that got dropped (powerpc, s390x, bpf).
>>>
>>> Since the spectre v1 changes from upstream hasn't yet been carefully
>>> reviewed and tested by our team, I will not apply this stable update
>>> (and any subsequent ones) until we are more confident about it.
>>
>> We're falling more and more behind. Upstream is at 4.4.126 now. Would it
>> make sense to just skip those patches and continue? Assuming we don't
>> run into issues with future patches because of this.
> 
> It would be good to catch up. But for that we need to rework 4.4.118 to skip
> over the related patches (plus some document which carries what has been skipped
> in total).

I can add the list of skipped patches to the tracking bug. Probably with
a note that we need to revisit this.


> And then continue from there, hoping for no issues.
> That doc I imagine to contain everything skipped (oneline format?) because of
> being spectre related grouped by stable version. Then whomever has to do that
> final review can work with that? What do the others think?
> 
> Just for the current cycle I sadly cannot see us getting more done than up to
> 4.4.117.

I think those are pretty isolated patches so skipping them should be
easy. I can work on a new 4.4.118 today. When's the deadline for this cycle?

...Juerg


> -Stefan
> 
>>
>> ...Juerg
Stefan Bader April 4, 2018, 12:51 p.m. | #5
On 04.04.2018 14:47, Juerg Haefliger wrote:
> On 04/04/2018 02:21 PM, Stefan Bader wrote:
>> On 04.04.2018 13:40, Juerg Haefliger wrote:
>>> On 04/04/2018 12:20 PM, Kleber Souza wrote:
>>>> On 04/03/18 14:40, Juerg Haefliger wrote:
>>>>> BugLink: http://bugs.launchpad.net/bugs/1756866
>>>>>
>>>>> This is a pull request for the Xenial stable update from 4.4.117 to
>>>>> 4.4.118. The most notable change is the replacement of our spectre v1
>>>>> implementation with upstream's version. Specifically, the following
>>>>> patches are reverted:
>>>>>
>>>>> UBUNTU: SAUCE: arm: no osb() implementation yet"
>>>>> UBUNTU: SAUCE: arm64: no osb() implementation yet"
>>>>> UBUNTU: SAUCE: s390/spinlock: add osb memory barrier"
>>>>> UBUNTU: SAUCE: powerpc: add osb barrier"
>>>>> UBUNTU: SAUCE: claim mitigation via observable speculation barrier"
>>>>> userns: prevent speculative execution"
>>>>> udf: prevent speculative execution"
>>>>> net: mpls: prevent speculative execution"
>>>>> fs: prevent speculative execution"
>>>>> ipv6: prevent speculative execution"
>>>>> ipv4: prevent speculative execution"
>>>>> Thermal/int340x: prevent speculative execution"
>>>>> qla2xxx: prevent speculative execution"
>>>>> carl9170: prevent speculative execution"
>>>>> UBUNTU: SAUCE: FIX: x86, bpf, jit: prevent speculative execution when
>>>>> JIT is enabled"
>>>>> x86, bpf, jit: prevent speculative execution when JIT is enabled"
>>>>> bpf: prevent speculative execution in eBPF interpreter"
>>>>> locking/barriers: introduce new observable speculation barrier"
>>>>> UBUNTU: SAUCE: reinstate MFENCE_RDTSC feature definition"
>>>>> x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
>>>>>
>>>>> And their functionality is (partially?) replaced by upstream's patchset:
>>>>>
>>>>> x86/kvm: Update spectre-v1 mitigation
>>>>> x86/spectre: Report get_user mitigation for spectre_v1
>>>>> nl80211: Sanitize array index in parse_txq_params
>>>>> vfs, fdtable: Prevent bounds-check bypass via speculative execution
>>>>> x86/syscall: Sanitize syscall table de-references under speculation
>>>>> x86/get_user: Use pointer masking to limit speculation
>>>>> x86: Introduce barrier_nospec
>>>>> x86: Implement array_index_mask_nospec
>>>>> array_index_nospec: Sanitize speculative array de-references
>>>>> Documentation: Document array_index_nospec
>>>>>
>>>>> Note that v1 of the patchset submitted upstream [1] was more or less
>>>>> what we have pulled into Xenial. What's missing from that submittal
>>>>> compared to what we have are the bpf/jit patches and some of the osb()
>>>>> sprinkling throughout various subsystems and drivers. There was back and
>>>>> forth arguing in upstream about whether some of the places that the v1
>>>>> patchset modified were even user-space controllable and they eventually
>>>>> got dropped form the final v6 version [2]. Plus they added syscall and
>>>>> get_user sanitization.
>>>>>
>>>>> Also, the current upstream implementation is x86 only. PowerPC is in the
>>>>> works [3] but no s390x as of yet.
>>>>>
>>>>> [1] https://lkml.org/lkml/2018/1/5/769
>>>>> [2] https://lkml.org/lkml/2018/1/29/960
>>>>> [3] https://lkml.org/lkml/2018/3/15/929
>>>>>
>>>>>
>>>>> Let me know if you think we should bring back some or all of the stuff
>>>>> that got dropped (powerpc, s390x, bpf).
>>>>
>>>> Since the spectre v1 changes from upstream hasn't yet been carefully
>>>> reviewed and tested by our team, I will not apply this stable update
>>>> (and any subsequent ones) until we are more confident about it.
>>>
>>> We're falling more and more behind. Upstream is at 4.4.126 now. Would it
>>> make sense to just skip those patches and continue? Assuming we don't
>>> run into issues with future patches because of this.
>>
>> It would be good to catch up. But for that we need to rework 4.4.118 to skip
>> over the related patches (plus some document which carries what has been skipped
>> in total).
> 
> I can add the list of skipped patches to the tracking bug. Probably with
> a note that we need to revisit this.
> 
> 
>> And then continue from there, hoping for no issues.
>> That doc I imagine to contain everything skipped (oneline format?) because of
>> being spectre related grouped by stable version. Then whomever has to do that
>> final review can work with that? What do the others think?
>>
>> Just for the current cycle I sadly cannot see us getting more done than up to
>> 4.4.117.
> 
> I think those are pretty isolated patches so skipping them should be
> easy. I can work on a new 4.4.118 today. When's the deadline for this cycle?

Last Friday? :-P

> 
> ...Juerg
> 
> 
>> -Stefan
>>
>>>
>>> ...Juerg
Juerg Haefliger April 9, 2018, 2:23 p.m. | #6
Will resend a new PR without the Spectre v1 changes.

...Juerg