This is the start of the stable review cycle for the 4.9.77 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed Jan 17 12:33:26 UTC 2018. Anything received after that time might be too late.
The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.77-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 4.9.77-rc1
Thomas Gleixner tglx@linutronix.de x86/retpoline: Remove compile time warning
Andy Lutomirski luto@kernel.org selftests/x86: Add test_vsyscall
David Woodhouse dwmw@amazon.co.uk x86/retpoline: Fill return stack buffer on vmexit
Andi Kleen ak@linux.intel.com x86/retpoline/irq32: Convert assembler indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/retpoline/checksum32: Convert assembler indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/retpoline/xen: Convert Xen hypercall indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/retpoline/hyperv: Convert assembler indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/retpoline/entry: Convert entry assembler indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/retpoline/crypto: Convert crypto assembler indirect jumps
David Woodhouse dwmw@amazon.co.uk x86/spectre: Add boot time option to select Spectre v2 mitigation
David Woodhouse dwmw@amazon.co.uk x86/retpoline: Add initial retpoline support
Andrey Ryabinin aryabinin@virtuozzo.com x86/asm: Use register variable to get stack pointer value
Josh Poimboeuf jpoimboe@redhat.com objtool: Allow alternatives to be ignored
Josh Poimboeuf jpoimboe@redhat.com objtool: Detect jumps to retpoline thunks
Josh Poimboeuf jpoimboe@redhat.com objtool, modules: Discard objtool annotation sections for modules
Andy Lutomirski luto@kernel.org x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
David Woodhouse dwmw@amazon.co.uk x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
Borislav Petkov bp@suse.de x86/alternatives: Fix optimize_nops() checking
David Woodhouse dwmw@amazon.co.uk sysfs/cpu: Fix typos in vulnerability documentation
Tom Lendacky thomas.lendacky@amd.com x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
Tom Lendacky thomas.lendacky@amd.com x86/cpu/AMD: Make LFENCE a serializing instruction
Thomas Gleixner tglx@linutronix.de x86/cpu: Implement CPU vulnerabilites sysfs functions
Thomas Gleixner tglx@linutronix.de sysfs/cpu: Add vulnerability folder
Borislav Petkov bp@suse.de x86/cpu: Merge bugs.c and bugs_64.c
David Woodhouse dwmw@amazon.co.uk x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
Thomas Gleixner tglx@linutronix.de x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
Thomas Gleixner tglx@linutronix.de x86/cpufeatures: Add X86_BUG_CPU_INSECURE
Thomas Gleixner tglx@linutronix.de x86/cpufeatures: Make CPU bugs sticky
Andy Lutomirski luto@kernel.org x86/cpu: Factor out application of forced CPU caps
Dave Hansen dave.hansen@linux.intel.com x86/Documentation: Add PTI description
Benjamin Poirier bpoirier@suse.com e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
Icenowy Zheng icenowy@aosc.io uas: ignore UAS for Norelsys NS1068(X) chips
Ben Seri ben@armis.com Bluetooth: Prevent stack info leak from the EFS element.
Viktor Slavkovic viktors@google.com staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
Shuah Khan shuah@kernel.org usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer
Shuah Khan shuah@kernel.org usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input
Shuah Khan shuah@kernel.org usbip: remove kernel addresses from usb device and urb debug msgs
Pete Zaitcev zaitcev@redhat.com USB: fix usbmon BUG trigger
Stefan Agner stefan@agner.ch usb: misc: usb3503: make sure reset is low for at least 100us
Christian Holl cyborgx1@gmail.com USB: serial: cp210x: add new device ID ELV ALC 8xxx
Diego Elio Pettenò flameeyes@flameeyes.eu USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
Daniel Borkmann daniel@iogearbox.net bpf, array: fix overflow in max_entries and undefined behavior in index_mask
Alexei Starovoitov ast@kernel.org bpf: prevent out-of-bounds speculation
Alexei Starovoitov ast@fb.com bpf: refactor fixup_bpf_calls()
Alexei Starovoitov ast@fb.com bpf: move fixup_bpf_calls() function
Nicholas Bellinger nab@linux-iscsi.org target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
Nicholas Bellinger nab@linux-iscsi.org iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
Lepton Wu ytht.net@gmail.com kaiser: Set _PAGE_NX only if supported
Dan Carpenter dan.carpenter@oracle.com drm/vmwgfx: Potential off by one in vmw_view_add()
Andrew Honig ahonig@google.com KVM: x86: Add memory barrier on vmcs field lookup
Jia Zhang qianyue.zj@alibaba-inc.com x86/microcode/intel: Extend BDW late-loading with a revision check
Ilya Dryomov idryomov@gmail.com rbd: set max_segments to USHRT_MAX
Eric Biggers ebiggers@google.com crypto: algapi - fix NULL dereference in crypto_remove_spawns()
Roi Dayan roid@mellanox.com net/sched: Fix update of lastuse in act modules implementing stats_update
Ido Schimmel idosch@mellanox.com mlxsw: spectrum_router: Fix NULL pointer deref
Stephen Hemminger stephen@networkplumber.org ethtool: do not print warning for applications using legacy API
Eric Dumazet edumazet@google.com ipv6: fix possible mem leaks in ipv6_make_skb()
Jerome Brunet jbrunet@baylibre.com net: stmmac: enable EEE in MII, GMII or RGMII only
Sergei Shtylyov sergei.shtylyov@cogentembedded.com sh_eth: fix SH7757 GEther initialization
Sergei Shtylyov sergei.shtylyov@cogentembedded.com sh_eth: fix TSU resource handling
Mohamed Ghannam simo.ghannam@gmail.com RDS: null pointer dereference in rds_atomic_free_op
Mohamed Ghannam simo.ghannam@gmail.com RDS: Heap OOB write in rds_message_alloc_sgs()
Andrii Vladyka tulup@mail.ru net: core: fix module type in sock_diag_bind
Eli Cooper elicooper@gmx.com ip6_tunnel: disable dst caching if tunnel is dual-stack
Cong Wang xiyou.wangcong@gmail.com 8021q: fix a memory leak for VLAN 0 device
Ben Hutchings ben.hutchings@codethink.co.uk xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
Eric Dumazet edumazet@google.com cx82310_eth: use skb_cow_head() to deal with cloned skbs
Eric Dumazet edumazet@google.com smsc75xx: use skb_cow_head() to deal with cloned skbs
Eric Dumazet edumazet@google.com sr9700: use skb_cow_head() to deal with cloned skbs
Eric Dumazet edumazet@google.com lan78xx: use skb_cow_head() to deal with cloned skbs
Dan Streetman ddstreet@ieee.org zswap: don't param_set_charp while holding spinlock
Vikas C Sajjan vikas.cha.sajjan@hpe.com x86/acpi: Reduce code duplication in mp_override_legacy_irq()
Takashi Iwai tiwai@suse.de ALSA: aloop: Fix racy hw constraints adjustment
Takashi Iwai tiwai@suse.de ALSA: aloop: Fix inconsistent format due to incomplete rule
Takashi Iwai tiwai@suse.de ALSA: aloop: Release cable upon open error path
Takashi Iwai tiwai@suse.de ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
Takashi Iwai tiwai@suse.de ALSA: pcm: Abort properly at pending signal in OSS read/write loops
Takashi Iwai tiwai@suse.de ALSA: pcm: Add missing error checks in OSS emulation plugin builder
Takashi Iwai tiwai@suse.de ALSA: pcm: Remove incorrect snd_BUG_ON() usages
Vikas C Sajjan vikas.cha.sajjan@hpe.com x86/acpi: Handle SCI interrupts above legacy space gracefully
Rafael J. Wysocki rafael.j.wysocki@intel.com platform/x86: wmi: Call acpi_wmi_init() later
Jim Mattson jmattson@google.com kvm: vmx: Scrub hardware GPRs at VM-exit
Maciej W. Rozycki macro@mips.com MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
Maciej W. Rozycki macro@mips.com MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
Maciej W. Rozycki macro@mips.com MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
Maciej W. Rozycki macro@mips.com MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
Maciej W. Rozycki macro@mips.com MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
Maciej W. Rozycki macro@mips.com MIPS: Factor out NT_PRFPREG regset access helpers
Maciej W. Rozycki macro@mips.com MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
Bart Van Assche bart.vanassche@wdc.com IB/srpt: Disable RDMA access by the initiator
Wolfgang Grandegger wg@grandegger.com can: gs_usb: fix return value of the "set_bittiming" callback
Wanpeng Li wanpeng.li@hotmail.com KVM: Fix stack-out-of-bounds read in write_mmio
Vasanthakumar Thiagarajan vthiagar@qti.qualcomm.com ath10k: rebuild crypto header in rx data frames
David Spinadel david.spinadel@intel.com mac80211: Add RX flag to indicate ICV stripped
Suren Baghdasaryan surenb@google.com dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 16 + Documentation/kernel-parameters.txt | 49 +- Documentation/x86/pti.txt | 186 ++++++++ Makefile | 4 +- arch/arm/kvm/mmio.c | 6 +- arch/mips/kernel/process.c | 12 + arch/mips/kernel/ptrace.c | 147 ++++-- arch/x86/Kconfig | 14 + arch/x86/Makefile | 8 + arch/x86/crypto/aesni-intel_asm.S | 5 +- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +- arch/x86/entry/entry_32.S | 10 +- arch/x86/entry/entry_64.S | 10 +- arch/x86/include/asm/alternative.h | 4 +- arch/x86/include/asm/asm-prototypes.h | 25 ++ arch/x86/include/asm/asm.h | 11 + arch/x86/include/asm/cpufeature.h | 2 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/msr-index.h | 3 + arch/x86/include/asm/nospec-branch.h | 214 +++++++++ arch/x86/include/asm/processor.h | 4 +- arch/x86/include/asm/thread_info.h | 11 - arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/acpi/boot.c | 61 ++- arch/x86/kernel/alternative.c | 7 +- arch/x86/kernel/cpu/Makefile | 4 +- arch/x86/kernel/cpu/amd.c | 28 +- arch/x86/kernel/cpu/bugs.c | 219 ++++++++- arch/x86/kernel/cpu/bugs_64.c | 33 -- arch/x86/kernel/cpu/common.c | 39 +- arch/x86/kernel/cpu/microcode/intel.c | 13 +- arch/x86/kernel/irq_32.c | 15 +- arch/x86/kernel/mcount_64.S | 7 +- arch/x86/kernel/traps.c | 2 +- arch/x86/kvm/svm.c | 23 + arch/x86/kvm/vmx.c | 30 +- arch/x86/kvm/x86.c | 8 +- arch/x86/lib/Makefile | 1 + arch/x86/lib/checksum_32.S | 7 +- arch/x86/lib/retpoline.S | 48 ++ arch/x86/mm/kaiser.c | 2 + arch/x86/mm/tlb.c | 2 +- crypto/algapi.c | 12 + drivers/base/Kconfig | 3 + drivers/base/cpu.c | 48 ++ drivers/block/rbd.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 + drivers/hv/hv.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/md/dm-bufio.c | 7 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 4 +- drivers/net/ethernet/renesas/sh_eth.c | 29 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 + drivers/net/usb/cx82310_eth.c | 7 +- drivers/net/usb/lan78xx.c | 9 +- drivers/net/usb/smsc75xx.c | 8 +- drivers/net/usb/sr9700.c | 9 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 105 ++++- drivers/net/wireless/ath/ath10k/rx_desc.h | 3 + drivers/platform/x86/wmi.c | 2 +- drivers/staging/android/ashmem.c | 2 + drivers/target/iscsi/iscsi_target.c | 20 +- drivers/target/target_core_tmr.c | 9 + drivers/target/target_core_transport.c | 2 + drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/misc/usb3503.c | 2 + drivers/usb/mon/mon_bin.c | 8 +- drivers/usb/serial/cp210x.c | 2 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/usbip/usbip_common.c | 17 +- drivers/usb/usbip/vudc_rx.c | 19 + drivers/usb/usbip/vudc_tx.c | 11 +- include/linux/bpf.h | 2 + include/linux/bpf_verifier.h | 5 +- include/linux/cpu.h | 7 + include/linux/frame.h | 2 +- include/linux/phy.h | 11 + include/linux/sh_eth.h | 1 - include/net/mac80211.h | 5 +- include/target/target_core_base.h | 1 + include/trace/events/kvm.h | 7 +- kernel/bpf/arraymap.c | 45 +- kernel/bpf/syscall.c | 54 --- kernel/bpf/verifier.c | 89 +++- mm/zswap.c | 12 +- net/8021q/vlan.c | 7 +- net/bluetooth/l2cap_core.c | 20 +- net/core/ethtool.c | 15 +- net/core/sock_diag.c | 2 +- net/ipv6/ip6_output.c | 5 +- net/ipv6/ip6_tunnel.c | 9 +- net/mac80211/wep.c | 3 +- net/mac80211/wpa.c | 3 +- net/rds/rdma.c | 4 + net/sched/act_gact.c | 2 +- net/sched/act_mirred.c | 2 +- scripts/mod/modpost.c | 1 + scripts/module-common.lds | 5 +- sound/core/oss/pcm_oss.c | 41 +- sound/core/oss/pcm_plugin.c | 14 +- sound/core/pcm_lib.c | 4 +- sound/drivers/aloop.c | 98 ++-- tools/objtool/builtin-check.c | 73 ++- tools/testing/selftests/x86/test_vsyscall.c | 500 +++++++++++++++++++++ 108 files changed, 2286 insertions(+), 458 deletions(-)