Merge 4.4.244 into android-4.4-p

Changes in 4.4.244
	ring-buffer: Fix recursion protection transitions between interrupt context
	gfs2: Wake up when sd_glock_disposal becomes zero
	mm: mempolicy: fix potential pte_unmap_unlock pte error
	time: Prevent undefined behaviour in timespec64_to_ns()
	btrfs: reschedule when cloning lots of extents
	net: xfrm: fix a race condition during allocing spi
	perf tools: Add missing swap for ino_generation
	ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
	can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
	can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
	can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
	can: peak_usb: add range checking in decode operations
	can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
	Btrfs: fix missing error return if writeback for extent buffer never started
	pinctrl: devicetree: Avoid taking direct reference to device name string
	i40e: Wrong truncation from u16 to u8
	i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
	geneve: add transport ports in route lookup for geneve
	ath9k_htc: Use appropriate rs_datalen type
	usb: gadget: goku_udc: fix potential crashes in probe
	gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
	gfs2: check for live vs. read-only file system in gfs2_fitrim
	drm/amdgpu: perform srbm soft reset always on SDMA resume
	mac80211: fix use of skb payload instead of header
	cfg80211: regulatory: Fix inconsistent format argument
	iommu/amd: Increase interrupt remapping table limit to 512 entries
	xfs: fix a missing unlock on error in xfs_fs_map_blocks
	of/address: Fix of_node memory leak in of_dma_is_coherent
	cosa: Add missing kfree in error path of cosa_write
	perf: Fix get_recursion_context()
	ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
	ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
	usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
	mei: protect mei_cl_mtu from null dereference
	ocfs2: initialize ip_next_orphan
	don't dump the threads that had been already exiting when zapped.
	drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
	pinctrl: amd: use higher precision for 512 RtcClk
	pinctrl: amd: fix incorrect way to disable debounce filter
	swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
	IPv6: Set SIT tunnel hard_header_len to zero
	net/af_iucv: fix null pointer dereference on shutdown
	net/x25: Fix null-ptr-deref in x25_connect
	net: Update window_clamp if SOCK_RCVBUF is set
	random32: make prandom_u32() output unpredictable
	x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
	xen/events: avoid removing an event channel while handling it
	xen/events: add a proper barrier to 2-level uevent unmasking
	xen/events: fix race in evtchn_fifo_unmask()
	xen/events: add a new "late EOI" evtchn framework
	xen/blkback: use lateeoi irq binding
	xen/netback: use lateeoi irq binding
	xen/scsiback: use lateeoi irq binding
	xen/pciback: use lateeoi irq binding
	xen/events: switch user event channels to lateeoi model
	xen/events: use a common cpu hotplug hook for event channels
	xen/events: defer eoi in case of excessive number of events
	xen/events: block rogue events for some time
	perf/core: Fix race in the perf_mmap_close() function
	Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
	reboot: fix overflow parsing reboot cpu number
	ext4: fix leaking sysfs kobject after failed mount
	Convert trailing spaces and periods in path components
	Linux 4.4.244

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I70bf4c5ac9248a8ca3383b9b0c4871729606e75e

1 files changed, 33 insertions, 19 deletions

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 2d2631f9a519..2c9a2992863b 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1223,6 +1223,14 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
 	return 0;
 }
 
+static bool is_spec_ib_user_controlled(void)
+{
+	return spectre_v2_user_ibpb == SPECTRE_V2_USER_PRCTL ||
+		spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP ||
+		spectre_v2_user_stibp == SPECTRE_V2_USER_PRCTL ||
+		spectre_v2_user_stibp == SPECTRE_V2_USER_SECCOMP;
+}
+
 static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
 {
 	switch (ctrl) {
@@ -1230,17 +1238,26 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
 		if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE &&
 		    spectre_v2_user_stibp == SPECTRE_V2_USER_NONE)
 			return 0;
-		/*
-		 * Indirect branch speculation is always disabled in strict
-		 * mode. It can neither be enabled if it was force-disabled
-		 * by a  previous prctl call.
 
+		/*
+		 * With strict mode for both IBPB and STIBP, the instruction
+		 * code paths avoid checking this task flag and instead,
+		 * unconditionally run the instruction. However, STIBP and IBPB
+		 * are independent and either can be set to conditionally
+		 * enabled regardless of the mode of the other.
+		 *
+		 * If either is set to conditional, allow the task flag to be
+		 * updated, unless it was force-disabled by a previous prctl
+		 * call. Currently, this is possible on an AMD CPU which has the
+		 * feature X86_FEATURE_AMD_STIBP_ALWAYS_ON. In this case, if the
+		 * kernel is booted with 'spectre_v2_user=seccomp', then
+		 * spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP and
+		 * spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED.
 		 */
-		if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
-		    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
-		    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ||
+		if (!is_spec_ib_user_controlled() ||
 		    task_spec_ib_force_disable(task))
 			return -EPERM;
+
 		task_clear_spec_ib_disable(task);
 		task_update_spec_tif(task);
 		break;
@@ -1253,10 +1270,10 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
 		if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE &&
 		    spectre_v2_user_stibp == SPECTRE_V2_USER_NONE)
 			return -EPERM;
-		if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
-		    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
-		    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
+
+		if (!is_spec_ib_user_controlled())
 			return 0;
+
 		task_set_spec_ib_disable(task);
 		if (ctrl == PR_SPEC_FORCE_DISABLE)
 			task_set_spec_ib_force_disable(task);
@@ -1319,20 +1336,17 @@ static int ib_prctl_get(struct task_struct *task)
 	if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE &&
 	    spectre_v2_user_stibp == SPECTRE_V2_USER_NONE)
 		return PR_SPEC_ENABLE;
-	else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
-	    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
-	    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
-		return PR_SPEC_DISABLE;
-	else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_PRCTL ||
-	    spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP ||
-	    spectre_v2_user_stibp == SPECTRE_V2_USER_PRCTL ||
-	    spectre_v2_user_stibp == SPECTRE_V2_USER_SECCOMP) {
+	else if (is_spec_ib_user_controlled()) {
 		if (task_spec_ib_force_disable(task))
 			return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
 		if (task_spec_ib_disable(task))
 			return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
 		return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
-	} else
+	} else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
+	    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
+	    spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
+		return PR_SPEC_DISABLE;
+	else
 		return PR_SPEC_NOT_AFFECTED;
 }