Merge 4.14.43 into android-4.14

Changes in 4.14.43
	usbip: usbip_host: refine probe and disconnect debug msgs to be useful
	usbip: usbip_host: delete device from busid_table after rebind
	usbip: usbip_host: run rebind from exit when module is removed
	usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
	usbip: usbip_host: fix bad unlock balance during stub_probe()
	ALSA: usb: mixer: volume quirk for CM102-A+/102S+
	ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
	ALSA: control: fix a redundant-copy issue
	spi: pxa2xx: Allow 64-bit DMA
	spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
	spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
	KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
	KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
	powerpc: Don't preempt_disable() in show_cpuinfo()
	vfio: ccw: fix cleanup if cp_prefetch fails
	tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
	tee: shm: fix use-after-free via temporarily dropped reference
	netfilter: nf_tables: free set name in error path
	netfilter: nf_tables: can't fail after linking rule into active rule list
	netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
	i2c: designware: fix poll-after-enable regression
	powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
	drm: Match sysfs name in link removal to link creation
	lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
	radix tree: fix multi-order iteration race
	mm: don't allow deferred pages with NEED_PER_CPU_KM
	drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
	s390/qdio: fix access to uninitialized qdio_q fields
	s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
	s390/qdio: don't release memory in qdio_setup_irq()
	s390: remove indirect branch from do_softirq_own_stack
	x86/pkeys: Override pkey when moving away from PROT_EXEC
	x86/pkeys: Do not special case protection key 0
	efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
	ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
	x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
	tick/broadcast: Use for_each_cpu() specially on UP kernels
	ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
	ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
	ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
	Btrfs: fix xattr loss after power failure
	Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
	btrfs: property: Set incompat flag if lzo/zstd compression is set
	btrfs: fix crash when trying to resume balance without the resume flag
	btrfs: Split btrfs_del_delalloc_inode into 2 functions
	btrfs: Fix delalloc inodes invalidation during transaction abort
	btrfs: fix reading stale metadata blocks after degraded raid1 mounts
	x86/nospec: Simplify alternative_msr_write()
	x86/bugs: Concentrate bug detection into a separate function
	x86/bugs: Concentrate bug reporting into a separate function
	x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
	x86/bugs, KVM: Support the combination of guest and host IBRS
	x86/bugs: Expose /sys/../spec_store_bypass
	x86/cpufeatures: Add X86_FEATURE_RDS
	x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
	x86/bugs/intel: Set proper CPU features and setup RDS
	x86/bugs: Whitelist allowed SPEC_CTRL MSR values
	x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
	x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
	x86/speculation: Create spec-ctrl.h to avoid include hell
	prctl: Add speculation control prctls
	x86/process: Allow runtime control of Speculative Store Bypass
	x86/speculation: Add prctl for Speculative Store Bypass mitigation
	nospec: Allow getting/setting on non-current task
	proc: Provide details on speculation flaw mitigations
	seccomp: Enable speculation flaw mitigations
	x86/bugs: Make boot modes __ro_after_init
	prctl: Add force disable speculation
	seccomp: Use PR_SPEC_FORCE_DISABLE
	seccomp: Add filter flag to opt-out of SSB mitigation
	seccomp: Move speculation migitation control to arch code
	x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
	x86/bugs: Rename _RDS to _SSBD
	proc: Use underscores for SSBD in 'status'
	Documentation/spec_ctrl: Do some minor cleanups
	x86/bugs: Fix __ssb_select_mitigation() return type
	x86/bugs: Make cpu_show_common() static
	x86/bugs: Fix the parameters alignment and missing void
	x86/cpu: Make alternative_msr_write work for 32-bit code
	KVM: SVM: Move spec control call after restore of GS
	x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
	x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
	x86/cpufeatures: Disentangle SSBD enumeration
	x86/cpufeatures: Add FEATURE_ZEN
	x86/speculation: Handle HT correctly on AMD
	x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
	x86/speculation: Add virtualized speculative store bypass disable support
	x86/speculation: Rework speculative_store_bypass_update()
	x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
	x86/bugs: Expose x86_spec_ctrl_base directly
	x86/bugs: Remove x86_spec_ctrl_set()
	x86/bugs: Rework spec_ctrl base and mask logic
	x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
	KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
	x86/bugs: Rename SSBD_NO to SSB_NO
	Linux 4.14.43

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

diff --cc Documentation/admin-guide/kernel-parameters.txt
Simple merge

diff --cc Makefile
Simple merge

diff --cc include/linux/sched.h
Simple merge

diff --cc include/uapi/linux/prctl.h
index 56c0ed196a1f3bb3d197fcb76327eb3e5628d90a,3027f943f4b3374a7e02c809b8dd7813aa088779..a4c0c8e745fce072d67da9d68df66ea300803dc3
--- 1/include/uapi/linux/prctl.h
--- 2/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@@ -198,7 -198,16 +198,19 @@@ struct prctl_mm_map 
  # define PR_CAP_AMBIENT_LOWER         3
  # define PR_CAP_AMBIENT_CLEAR_ALL     4
  
+ /* Per task speculation control */
+ #define PR_GET_SPECULATION_CTRL               52
+ #define PR_SET_SPECULATION_CTRL               53
+ /* Speculation control variants */
+ # define PR_SPEC_STORE_BYPASS         0
+ /* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+ # define PR_SPEC_NOT_AFFECTED         0
+ # define PR_SPEC_PRCTL                        (1UL << 0)
+ # define PR_SPEC_ENABLE                       (1UL << 1)
+ # define PR_SPEC_DISABLE              (1UL << 2)
+ # define PR_SPEC_FORCE_DISABLE                (1UL << 3)
+ 
 +#define PR_SET_VMA            0x53564d41
 +# define PR_SET_VMA_ANON_NAME         0
 +
  #endif /* _LINUX_PRCTL_H */

diff --cc kernel/sys.c
index 745953a1a736ad444b9de43ffde5ab4b84d677de,b5c1bc9e37699d9c69c1b6a260aa1e8b344e84b8..5f72dd590837ae800f62ca92ed1b9e0f83f3995a
--- 1/kernel/sys.c
--- 2/kernel/sys.c
+++ b/kernel/sys.c
@@@ -2186,153 -2186,17 +2188,164 @@@ static int propagate_has_child_subreape
        return 1;
  }
  
 +#ifdef CONFIG_MMU
 +static int prctl_update_vma_anon_name(struct vm_area_struct *vma,
 +              struct vm_area_struct **prev,
 +              unsigned long start, unsigned long end,
 +              const char __user *name_addr)
 +{
 +      struct mm_struct *mm = vma->vm_mm;
 +      int error = 0;
 +      pgoff_t pgoff;
 +
 +      if (name_addr == vma_get_anon_name(vma)) {
 +              *prev = vma;
 +              goto out;
 +      }
 +
 +      pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
 +      *prev = vma_merge(mm, *prev, start, end, vma->vm_flags, vma->anon_vma,
 +                              vma->vm_file, pgoff, vma_policy(vma),
 +                              vma->vm_userfaultfd_ctx, name_addr);
 +      if (*prev) {
 +              vma = *prev;
 +              goto success;
 +      }
 +
 +      *prev = vma;
 +
 +      if (start != vma->vm_start) {
 +              error = split_vma(mm, vma, start, 1);
 +              if (error)
 +                      goto out;
 +      }
 +
 +      if (end != vma->vm_end) {
 +              error = split_vma(mm, vma, end, 0);
 +              if (error)
 +                      goto out;
 +      }
 +
 +success:
 +      if (!vma->vm_file)
 +              vma->anon_name = name_addr;
 +
 +out:
 +      if (error == -ENOMEM)
 +              error = -EAGAIN;
 +      return error;
 +}
 +
 +static int prctl_set_vma_anon_name(unsigned long start, unsigned long end,
 +                      unsigned long arg)
 +{
 +      unsigned long tmp;
 +      struct vm_area_struct *vma, *prev;
 +      int unmapped_error = 0;
 +      int error = -EINVAL;
 +
 +      /*
 +       * If the interval [start,end) covers some unmapped address
 +       * ranges, just ignore them, but return -ENOMEM at the end.
 +       * - this matches the handling in madvise.
 +       */
 +      vma = find_vma_prev(current->mm, start, &prev);
 +      if (vma && start > vma->vm_start)
 +              prev = vma;
 +
 +      for (;;) {
 +              /* Still start < end. */
 +              error = -ENOMEM;
 +              if (!vma)
 +                      return error;
 +
 +              /* Here start < (end|vma->vm_end). */
 +              if (start < vma->vm_start) {
 +                      unmapped_error = -ENOMEM;
 +                      start = vma->vm_start;
 +                      if (start >= end)
 +                              return error;
 +              }
 +
 +              /* Here vma->vm_start <= start < (end|vma->vm_end) */
 +              tmp = vma->vm_end;
 +              if (end < tmp)
 +                      tmp = end;
 +
 +              /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */
 +              error = prctl_update_vma_anon_name(vma, &prev, start, tmp,
 +                              (const char __user *)arg);
 +              if (error)
 +                      return error;
 +              start = tmp;
 +              if (prev && start < prev->vm_end)
 +                      start = prev->vm_end;
 +              error = unmapped_error;
 +              if (start >= end)
 +                      return error;
 +              if (prev)
 +                      vma = prev->vm_next;
 +              else    /* madvise_remove dropped mmap_sem */
 +                      vma = find_vma(current->mm, start);
 +      }
 +}
 +
 +static int prctl_set_vma(unsigned long opt, unsigned long start,
 +              unsigned long len_in, unsigned long arg)
 +{
 +      struct mm_struct *mm = current->mm;
 +      int error;
 +      unsigned long len;
 +      unsigned long end;
 +
 +      if (start & ~PAGE_MASK)
 +              return -EINVAL;
 +      len = (len_in + ~PAGE_MASK) & PAGE_MASK;
 +
 +      /* Check to see whether len was rounded up from small -ve to zero */
 +      if (len_in && !len)
 +              return -EINVAL;
 +
 +      end = start + len;
 +      if (end < start)
 +              return -EINVAL;
 +
 +      if (end == start)
 +              return 0;
 +
 +      down_write(&mm->mmap_sem);
 +
 +      switch (opt) {
 +      case PR_SET_VMA_ANON_NAME:
 +              error = prctl_set_vma_anon_name(start, end, arg);
 +              break;
 +      default:
 +              error = -EINVAL;
 +      }
 +
 +      up_write(&mm->mmap_sem);
 +
 +      return error;
 +}
 +#else /* CONFIG_MMU */
 +static int prctl_set_vma(unsigned long opt, unsigned long start,
 +              unsigned long len_in, unsigned long arg)
 +{
 +      return -EINVAL;
 +}
 +#endif
 +
+ int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which)
+ {
+       return -EINVAL;
+ }
+ 
+ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which,
+                                   unsigned long ctrl)
+ {
+       return -EINVAL;
+ }
+ 
  SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
                unsigned long, arg4, unsigned long, arg5)
  {
@@@ -2535,9 -2399,16 +2548,19 @@@
        case PR_GET_FP_MODE:
                error = GET_FP_MODE(me);
                break;
+       case PR_GET_SPECULATION_CTRL:
+               if (arg3 || arg4 || arg5)
+                       return -EINVAL;
+               error = arch_prctl_spec_ctrl_get(me, arg2);
+               break;
+       case PR_SET_SPECULATION_CTRL:
+               if (arg4 || arg5)
+                       return -EINVAL;
+               error = arch_prctl_spec_ctrl_set(me, arg2, arg3);
+               break;
 +      case PR_SET_VMA:
 +              error = prctl_set_vma(arg2, arg3, arg4, arg5);
 +              break;
        default:
                error = -EINVAL;
                break;

diff --cc net/ipv4/netfilter/nf_socket_ipv4.c
Simple merge

diff --cc net/ipv6/netfilter/nf_socket_ipv6.c
Simple merge