Merge 4.4.157 into android-4.4

Changes in 4.4.157
	i2c: xiic: Make the start and the byte count write atomic
	i2c: i801: fix DNV's SMBCTRL register offset
	ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
	cfq: Give a chance for arming slice idle timer in case of group_idle
	kthread: Fix use-after-free if kthread fork fails
	kthread: fix boot hang (regression) on MIPS/OpenRISC
	staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
	staging/rts5208: Fix read overflow in memcpy
	block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
	locking/rwsem-xadd: Fix missed wakeup due to reordering of load
	selinux: use GFP_NOWAIT in the AVC kmem_caches
	locking/osq_lock: Fix osq_lock queue corruption
	ARC: [plat-axs*]: Enable SWAP
	misc: mic: SCIF Fix scif_get_new_port() error handling
	ethtool: Remove trailing semicolon for static inline
	Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
	gpio: tegra: Move driver registration to subsys_init level
	scsi: target: fix __transport_register_session locking
	md/raid5: fix data corruption of replacements after originals dropped
	misc: ti-st: Fix memory leak in the error path of probe()
	uio: potential double frees if __uio_register_device() fails
	tty: rocket: Fix possible buffer overwrite on register_PCI
	f2fs: do not set free of current section
	perf tools: Allow overriding MAX_NR_CPUS at compile time
	NFSv4.0 fix client reference leak in callback
	macintosh/via-pmu: Add missing mmio accessors
	ath10k: prevent active scans on potential unusable channels
	MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
	ata: libahci: Correct setting of DEVSLP register
	scsi: 3ware: fix return 0 on the error path of probe
	ath10k: disable bundle mgmt tx completion event support
	Bluetooth: hidp: Fix handling of strncpy for hid->name information
	x86/mm: Remove in_nmi() warning from vmalloc_fault()
	gpio: ml-ioh: Fix buffer underwrite on probe error path
	net: mvneta: fix mtu change on port without link
	MIPS: Octeon: add missing of_node_put()
	net: dcb: For wild-card lookups, use priority -1, not 0
	Input: atmel_mxt_ts - only use first T9 instance
	partitions/aix: append null character to print data from disk
	partitions/aix: fix usage of uninitialized lv_info and lvname structures
	iommu/ipmmu-vmsa: Fix allocation in atomic context
	mfd: ti_am335x_tscadc: Fix struct clk memory leak
	f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
	MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
	RDMA/cma: Do not ignore net namespace for unbound cm_id
	xhci: Fix use-after-free in xhci_free_virt_device
	vmw_balloon: include asm/io.h
	netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
	drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config
	net: ethernet: ti: cpsw: fix mdio device reference leak
	ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle
	crypto: vmx - Fix sleep-in-atomic bugs
	mtd: ubi: wl: Fix error return code in ubi_wl_init()
	autofs: fix autofs_sbi() does not check super block type
	x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
	mm: get rid of vmacache_flush_all() entirely
	Linux 4.4.157

Change-Id: I30fc9e099e9065aff5e53c648d822c405525bb07
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

1 files changed, 42 insertions, 5 deletions

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index b9e6b60df148..621bc6561189 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -634,6 +634,46 @@ void x86_spec_ctrl_setup_ap(void)
 
 #undef pr_fmt
 #define pr_fmt(fmt)	"L1TF: " fmt
+
+/*
+ * These CPUs all support 44bits physical address space internally in the
+ * cache but CPUID can report a smaller number of physical address bits.
+ *
+ * The L1TF mitigation uses the top most address bit for the inversion of
+ * non present PTEs. When the installed memory reaches into the top most
+ * address bit due to memory holes, which has been observed on machines
+ * which report 36bits physical address bits and have 32G RAM installed,
+ * then the mitigation range check in l1tf_select_mitigation() triggers.
+ * This is a false positive because the mitigation is still possible due to
+ * the fact that the cache uses 44bit internally. Use the cache bits
+ * instead of the reported physical bits and adjust them on the affected
+ * machines to 44bit if the reported bits are less than 44.
+ */
+static void override_cache_bits(struct cpuinfo_x86 *c)
+{
+	if (c->x86 != 6)
+		return;
+
+	switch (c->x86_model) {
+	case INTEL_FAM6_NEHALEM:
+	case INTEL_FAM6_WESTMERE:
+	case INTEL_FAM6_SANDYBRIDGE:
+	case INTEL_FAM6_IVYBRIDGE:
+	case INTEL_FAM6_HASWELL_CORE:
+	case INTEL_FAM6_HASWELL_ULT:
+	case INTEL_FAM6_HASWELL_GT3E:
+	case INTEL_FAM6_BROADWELL_CORE:
+	case INTEL_FAM6_BROADWELL_GT3E:
+	case INTEL_FAM6_SKYLAKE_MOBILE:
+	case INTEL_FAM6_SKYLAKE_DESKTOP:
+	case INTEL_FAM6_KABYLAKE_MOBILE:
+	case INTEL_FAM6_KABYLAKE_DESKTOP:
+		if (c->x86_cache_bits < 44)
+			c->x86_cache_bits = 44;
+		break;
+	}
+}
+
 static void __init l1tf_select_mitigation(void)
 {
 	u64 half_pa;
@@ -641,16 +681,13 @@ static void __init l1tf_select_mitigation(void)
 	if (!boot_cpu_has_bug(X86_BUG_L1TF))
 		return;
 
+	override_cache_bits(&boot_cpu_data);
+
 #if CONFIG_PGTABLE_LEVELS == 2
 	pr_warn("Kernel not compiled for PAE. No mitigation for L1TF\n");
 	return;
 #endif
 
-	/*
-	 * This is extremely unlikely to happen because almost all
-	 * systems have far more MAX_PA/2 than RAM can be fit into
-	 * DIMM slots.
-	 */
 	half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT;
 	if (e820_any_mapped(half_pa, ULLONG_MAX - half_pa, E820_RAM)) {
 		pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n");