Merge android-4.4.131 (d5d6526) into msm-4.4

* refs/heads/tmp-d5d6526
  Linux 4.4.131
  serial: mctrl_gpio: Add missing module license
  serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
  x86/smpboot: Don't use mwait_play_dead() on AMD systems
  x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
  libceph: validate con->state at the top of try_write()
  ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
  ARM: amba: Don't read past the end of sysfs "driver_override" buffer
  ARM: amba: Fix race condition with driver_override
  ARM: amba: Make driver_override output consistent with other buses
  scsi: sd: Defer spinning up drive while SANITIZE is in progress
  kobject: don't use WARN for registration failures
  mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
  mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
  mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
  ALSA: hda/realtek - Add some fixes for ALC233
  ALSA: hda: Hardening for potential Spectre v1
  ALSA: seq: oss: Hardening for potential Spectre v1
  ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
  ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
  ALSA: control: Hardening for potential Spectre v1
  ALSA: rme9652: Hardening for potential Spectre v1
  ALSA: hdspm: Hardening for potential Spectre v1
  ALSA: asihpi: Hardening for potential Spectre v1
  ALSA: opl3: Hardening for potential Spectre v1
  tty: Use __GFP_NOFAIL for tty_ldisc_get()
  tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
  tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
  tty: Don't call panic() at tty_ldisc_init()
  drm/virtio: fix vq wait_event condition
  virtio_console: free buffers after reset
  virtio: add ability to iterate over vqs
  ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
  USB: Increment wakeup count on remote wakeup.
  usb: core: Add quirk for HP v222w 16GB Mini
  USB: serial: cp210x: add ID for NI USB serial console
  USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
  USB: serial: simple: add libtransistor console
  usbip: vhci_hcd: Fix usb device and sockfd leaks
  usbip: usbip_host: fix to hold parent lock for device_attach() calls
  ext4: fix bitmap position validation
  ext4: add validity checks for bitmap block numbers
  ext4: set h_journal if there is a failure starting a reserved handle
  ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
  goldfish: pipe: ANDROID: Allocate memory with GFP_KERNEL.
  goldfish: pipe: ANDROID: Do not crash
  goldfish: pipe: ANDROID: remove redundant casting
  goldfish: pipe: ANDROID: Add 'pipe' to pipe functions
  goldfish: pipe: ANDROID: fix whitespace
  goldfish: pipe: ANDROID: rename global variables
  goldfish: pipe: ANDROID: remove a redundant target
  goldfish: pipe: ANDROID: add blank lines
  goldfish: pipe: ANDROID: replace 'BUG_ON' with 'BUILD_BUG_ON'
  goldfish: pipe: ANDROID: use the 'BIT' macro for wakeup flags
  goldfish: pipe: ANDROID: fix logging format strings
  Linux 4.4.130
  s390/uprobes: implement arch_uretprobe_is_alive()
  s390/cio: update chpid descriptor after resource accessibility event
  cdrom: information leak in cdrom_ioctl_media_changed()
  scsi: mptsas: Disable WRITE SAME
  ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
  net: af_packet: fix race in PACKET_{R|T}X_RING
  tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
  net: fix deadlock while clearing neighbor proxy table
  tipc: add policy for TIPC_NLA_NET_ADDR
  llc: fix NULL pointer deref for SOCK_ZAPPED
  llc: hold llc_sap before release_sock()
  sctp: do not check port in sctp_inet6_cmp_addr
  vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
  pppoe: check sockaddr length in pppoe_connect()
  packet: fix bitfield update race
  team: fix netconsole setup over team
  team: avoid adding twice the same option to the event list
  tcp: don't read out-of-bounds opsize
  llc: delete timers synchronously in llc_sk_free()
  net: validate attribute sizes in neigh_dump_table()
  l2tp: check sockaddr length in pppol2tp_connect()
  KEYS: DNS: limit the length of option strings
  bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave
  s390: correct module section names for expoline code revert
  s390: correct nospec auto detection init order
  s390: add sysfs attributes for spectre
  s390: report spectre mitigation via syslog
  s390: add automatic detection of the spectre defense
  s390: move nobp parameter functions to nospec-branch.c
  s390/entry.S: fix spurious zeroing of r0
  s390: do not bypass BPENTER for interrupt system calls
  s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
  s390: introduce execute-trampolines for branches
  s390: run user space and KVM guests with modified branch prediction
  s390: add options to change branch prediction behaviour for the kernel
  s390/alternative: use a copy of the facility bit mask
  s390: add optimized array_index_mask_nospec
  s390: scrub registers on kernel entry and KVM exit
  KVM: s390: wire up bpb feature
  s390: enable CPU alternatives unconditionally
  s390: introduce CPU alternatives
  Revert "ath10k: send (re)assoc peer command when NSS changed"
  jbd2: fix use after free in kjournald2()
  ath9k_hw: check if the chip failed to wake up
  Input: drv260x - fix initializing overdrive voltage
  r8152: add Linksys USB3GIGV1 id
  staging: ion : Donnot wakeup kswapd in ion system alloc
  perf: Return proper values for user stack errors
  x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
  cifs: do not allow creating sockets except with SMB1 posix exensions
  UPSTREAM: tracing: always define trace_{irq,preempt}_{enable_disable}
  ANDROID: staging: ion: Obey kptr_restrict
  ANDROID: sdcardfs: Set s_root to NULL after putting
  ANDROID: sdcardfs: d_make_root calls iput
  ANDROID: sdcardfs: Check for private data earlier

Conflicts:
	drivers/staging/android/ion/ion.c
	drivers/staging/android/ion/ion_cma_heap.c
	drivers/staging/android/ion/ion_system_heap.c

Change-Id: I8155103b3787bb800f85291cc7378a8e29a8436f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

1 files changed, 61 insertions, 4 deletions

diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
index 0c1a679314dd..9bd1933848b8 100644
--- a/arch/s390/kernel/module.c
+++ b/arch/s390/kernel/module.c
@@ -31,6 +31,9 @@
 #include <linux/kernel.h>
 #include <linux/moduleloader.h>
 #include <linux/bug.h>
+#include <asm/alternative.h>
+#include <asm/nospec-branch.h>
+#include <asm/facility.h>
 
 #if 0
 #define DEBUGP printk
@@ -163,7 +166,11 @@ int module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
 	me->arch.got_offset = me->core_size;
 	me->core_size += me->arch.got_size;
 	me->arch.plt_offset = me->core_size;
-	me->core_size += me->arch.plt_size;
+	if (me->arch.plt_size) {
+		if (IS_ENABLED(CONFIG_EXPOLINE) && !nospec_disable)
+			me->arch.plt_size += PLT_ENTRY_SIZE;
+		me->core_size += me->arch.plt_size;
+	}
 	return 0;
 }
 
@@ -317,9 +324,20 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
 			unsigned int *ip;
 			ip = me->module_core + me->arch.plt_offset +
 				info->plt_offset;
-			ip[0] = 0x0d10e310; /* basr 1,0; lg 1,10(1); br 1 */
-			ip[1] = 0x100a0004;
-			ip[2] = 0x07f10000;
+			ip[0] = 0x0d10e310;	/* basr 1,0  */
+			ip[1] = 0x100a0004;	/* lg	1,10(1) */
+			if (IS_ENABLED(CONFIG_EXPOLINE) && !nospec_disable) {
+				unsigned int *ij;
+				ij = me->module_core +
+					me->arch.plt_offset +
+					me->arch.plt_size - PLT_ENTRY_SIZE;
+				ip[2] = 0xa7f40000 +	/* j __jump_r1 */
+					(unsigned int)(u16)
+					(((unsigned long) ij - 8 -
+					  (unsigned long) ip) / 2);
+			} else {
+				ip[2] = 0x07f10000;	/* br %r1 */
+			}
 			ip[3] = (unsigned int) (val >> 32);
 			ip[4] = (unsigned int) val;
 			info->plt_initialized = 1;
@@ -424,6 +442,45 @@ int module_finalize(const Elf_Ehdr *hdr,
 		    const Elf_Shdr *sechdrs,
 		    struct module *me)
 {
+	const Elf_Shdr *s;
+	char *secstrings, *secname;
+	void *aseg;
+
+	if (IS_ENABLED(CONFIG_EXPOLINE) &&
+	    !nospec_disable && me->arch.plt_size) {
+		unsigned int *ij;
+
+		ij = me->module_core + me->arch.plt_offset +
+			me->arch.plt_size - PLT_ENTRY_SIZE;
+		if (test_facility(35)) {
+			ij[0] = 0xc6000000;	/* exrl	%r0,.+10	*/
+			ij[1] = 0x0005a7f4;	/* j	.		*/
+			ij[2] = 0x000007f1;	/* br	%r1		*/
+		} else {
+			ij[0] = 0x44000000 | (unsigned int)
+				offsetof(struct _lowcore, br_r1_trampoline);
+			ij[1] = 0xa7f40000;	/* j	.		*/
+		}
+	}
+
+	secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
+	for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) {
+		aseg = (void *) s->sh_addr;
+		secname = secstrings + s->sh_name;
+
+		if (!strcmp(".altinstructions", secname))
+			/* patch .altinstructions */
+			apply_alternatives(aseg, aseg + s->sh_size);
+
+		if (IS_ENABLED(CONFIG_EXPOLINE) &&
+		    (!strncmp(".s390_indirect", secname, 14)))
+			nospec_revert(aseg, aseg + s->sh_size);
+
+		if (IS_ENABLED(CONFIG_EXPOLINE) &&
+		    (!strncmp(".s390_return", secname, 12)))
+			nospec_revert(aseg, aseg + s->sh_size);
+	}
+
 	jump_label_apply_nops(me);
 	vfree(me->arch.syminfo);
 	me->arch.syminfo = NULL;