Merge android-4.4.148 (f057ff9) into msm-4.4

* refs/heads/tmp-f057ff9
  Linux 4.4.148
  x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
  x86/init: fix build with CONFIG_SWAP=n
  x86/speculation/l1tf: Fix up CPU feature flags
  x86/mm/kmmio: Make the tracer robust against L1TF
  x86/mm/pat: Make set_memory_np() L1TF safe
  x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
  x86/speculation/l1tf: Invert all not present mappings
  x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
  x86/speculation/l1tf: Protect PAE swap entries against L1TF
  x86/cpufeatures: Add detection of L1D cache flush support.
  x86/speculation/l1tf: Extend 64bit swap file size limit
  x86/bugs: Move the l1tf function and define pr_fmt properly
  x86/speculation/l1tf: Limit swap file size to MAX_PA/2
  x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
  mm: fix cache mode tracking in vm_insert_mixed()
  mm: Add vm_insert_pfn_prot()
  x86/speculation/l1tf: Add sysfs reporting for l1tf
  x86/speculation/l1tf: Make sure the first page is always reserved
  x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
  x86/speculation/l1tf: Protect swap entries against L1TF
  x86/speculation/l1tf: Change order of offset/type in swap entry
  mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
  x86/mm: Fix swap entry comment and macro
  x86/mm: Move swap offset/type up in PTE to work around erratum
  x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
  x86/irqflags: Provide a declaration for native_save_fl
  kprobes/x86: Fix %p uses in error messages
  x86/speculation: Protect against userspace-userspace spectreRSB
  x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
  ARM: dts: imx6sx: fix irq for pcie bridge
  IB/ocrdma: fix out of bounds access to local buffer
  IB/mlx4: Mark user MR as writable if actual virtual memory is writable
  IB/core: Make testing MR flags for writability a static inline function
  fix __legitimize_mnt()/mntput() race
  fix mntput/mntput race
  root dentries need RCU-delayed freeing
  scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
  ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
  xen/netfront: don't cache skb_shinfo()
  parisc: Define mb() and add memory barriers to assembler unlock sequences
  parisc: Enable CONFIG_MLONGCALLS by default
  fork: unconditionally clear stack on fork
  ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
  tpm: fix race condition in tpm_common_write()
  ext4: fix check to prevent initializing reserved inodes
  Linux 4.4.147
  jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  i2c: imx: Fix reinit_completion() use
  ring_buffer: tracing: Inherit the tracing setting to next ring buffer
  ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
  ext4: fix false negatives *and* false positives in ext4_check_descriptors()
  netlink: Don't shift on 64 for ngroups
  netlink: Don't shift with UB on nlk->ngroups
  netlink: Do not subscribe to non-existent groups
  nohz: Fix local_timer_softirq_pending()
  genirq: Make force irq threading setup more robust
  scsi: qla2xxx: Return error when TMF returns
  scsi: qla2xxx: Fix ISP recovery on unload

Conflicts:
	include/linux/swapfile.h

Removed CONFIG_CRYPTO_ECHAINIV from defconfig files since this upmerge is
adding this config to Kconfig file.

Change-Id: Ide96c29f919d76590c2bdccf356d1d464a892fd7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

1 files changed, 49 insertions, 0 deletions

diff --git a/mm/mprotect.c b/mm/mprotect.c
index b8849a3930a0..fcd678c3bd24 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -255,6 +255,42 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
 	return pages;
 }
 
+static int prot_none_pte_entry(pte_t *pte, unsigned long addr,
+			       unsigned long next, struct mm_walk *walk)
+{
+	return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ?
+		0 : -EACCES;
+}
+
+static int prot_none_hugetlb_entry(pte_t *pte, unsigned long hmask,
+				   unsigned long addr, unsigned long next,
+				   struct mm_walk *walk)
+{
+	return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ?
+		0 : -EACCES;
+}
+
+static int prot_none_test(unsigned long addr, unsigned long next,
+			  struct mm_walk *walk)
+{
+	return 0;
+}
+
+static int prot_none_walk(struct vm_area_struct *vma, unsigned long start,
+			   unsigned long end, unsigned long newflags)
+{
+	pgprot_t new_pgprot = vm_get_page_prot(newflags);
+	struct mm_walk prot_none_walk = {
+		.pte_entry = prot_none_pte_entry,
+		.hugetlb_entry = prot_none_hugetlb_entry,
+		.test_walk = prot_none_test,
+		.mm = current->mm,
+		.private = &new_pgprot,
+	};
+
+	return walk_page_range(start, end, &prot_none_walk);
+}
+
 int
 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
 	unsigned long start, unsigned long end, unsigned long newflags)
@@ -273,6 +309,19 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
 	}
 
 	/*
+	 * Do PROT_NONE PFN permission checks here when we can still
+	 * bail out without undoing a lot of state. This is a rather
+	 * uncommon case, so doesn't need to be very optimized.
+	 */
+	if (arch_has_pfn_modify_check() &&
+	    (vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) &&
+	    (newflags & (VM_READ|VM_WRITE|VM_EXEC)) == 0) {
+		error = prot_none_walk(vma, start, end, newflags);
+		if (error)
+			return error;
+	}
+
+	/*
 	 * If we make a private mapping writable we increase our commit;
 	 * but (without finer accounting) cannot reduce our commit if we
 	 * make it unwritable again. hugetlb mapping were accounted for