Merge remote-tracking branch 'remotes/origin/tmp-0a91e84' into msm-4.14

* remotes/origin/tmp-0a91e84:
  Linux 4.14.20
  scsi: cxlflash: Reset command ioasc
  scsi: lpfc: Fix crash after bad bar setup on driver attachment
  rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
  scsi: core: Ensure that the SCSI error handler gets woken up
  ftrace: Remove incorrect setting of glob search field
  devpts: fix error handling in devpts_mntget()
  mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
  ovl: take mnt_want_write() for removing impure xattr
  ovl: fix failure to fsync lower dir
  acpi, nfit: fix register dimm error handling
  ACPI: sbshc: remove raw pointer from printk() message
  drm/i915: Avoid PPS HW/SW state mismatch due to rounding
  arm64: dts: marvell: add Ethernet aliases
  objtool: Fix switch-table detection
  btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
  lib/ubsan: add type mismatch handler for new GCC/Clang
  lib/ubsan.c: s/missaligned/misaligned/
  clocksource/drivers/stm32: Fix kernel panic with multiple timers
  blk-mq: quiesce queue before freeing queue
  pktcdvd: Fix a recently introduced NULL pointer dereference
  pktcdvd: Fix pkt_setup_dev() error path
  pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
  pinctrl: sx150x: Register pinctrl before adding the gpiochip
  pinctrl: sx150x: Unregister the pinctrl on release
  pinctrl: mcp23s08: fix irq setup order
  pinctrl: intel: Initialize GPIO properly when used through irqchip
  EDAC, octeon: Fix an uninitialized variable warning
  xtensa: fix futex_atomic_cmpxchg_inatomic
  alpha: fix formating of stack content
  alpha: fix reboot on Avanti platform
  alpha: Fix mixed up args in EXC macro in futex operations
  alpha: osf_sys.c: fix put_tv32 regression
  alpha: fix crash if pthread_create races with signal delivery
  signal/sh: Ensure si_signo is initialized in do_divide_error
  signal/openrisc: Fix do_unaligned_access to send the proper signal
  ipmi: use dynamic memory for DMI driver override
  Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
  Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
  Bluetooth: btsdio: Do not bind to non-removable BCM43341
  HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
  pipe: fix off-by-one error when checking buffer limits
  pipe: actually allow root to exceed the pipe buffer limits
  kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
  kernel/async.c: revert "async: simplify lowest_in_progress()"
  fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
  media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
  media: ts2020: avoid integer overflows on 32 bit machines
  media: dvb-frontends: fix i2c access helpers for KASAN
  kasan: rework Kconfig settings
  kasan: don't emit builtin calls when sanitization is off
  Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
  watchdog: imx2_wdt: restore previous timeout after suspend+resume
  ASoC: skl: Fix kernel warning due to zero NHTL entry
  ASoC: rockchip: i2s: fix playback after runtime resume
  KVM: PPC: Book3S PR: Fix broken select due to misspelling
  KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
  KVM: PPC: Book3S HV: Drop locks before reading guest memory
  KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
  KVM: nVMX: Fix bug of injecting L2 exception into L1
  KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
  arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
  crypto: sha512-mb - initialize pending lengths correctly
  crypto: caam - fix endless loop when DECO acquire fails
  media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
  media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
  media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
  media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
  media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
  media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
  media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
  media: v4l2-compat-ioctl32.c: avoid sizeof(type)
  media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
  media: v4l2-compat-ioctl32.c: fix the indentation
  media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
  media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
  media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
  crypto: hash - prevent using keyed hashes without setting key
  crypto: hash - annotate algorithms taking optional key
  crypto: poly1305 - remove ->setkey() method
  crypto: mcryptd - pass through absence of ->setkey()
  crypto: cryptd - pass through absence of ->setkey()
  crypto: hash - introduce crypto_hash_alg_has_setkey()
  ahci: Add Intel Cannon Lake PCH-H PCI ID
  ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
  ahci: Annotate PCI ids for mobile Intel chipsets as such
  kernfs: fix regression in kernfs_fop_write caused by wrong type
  NFS: Fix a race between mmap() and O_DIRECT
  NFS: reject request for id_legacy key without auxdata
  NFS: commit direct writes even if they fail partially
  NFS: Fix nfsstat breakage due to LOOKUPP
  NFS: Add a cond_resched() to nfs_commit_release_pages()
  nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
  nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
  ubifs: free the encrypted symlink target
  ubi: block: Fix locking for idr_alloc/idr_remove
  ubi: fastmap: Erase outdated anchor PEBs during attach
  ubi: Fix race condition between ubi volume creation and udev
  mtd: nand: sunxi: Fix ECC strength choice
  mtd: nand: Fix nand_do_read_oob() return value
  mtd: nand: brcmnand: Disable prefetch by default
  mtd: cfi: convert inline functions to macros
  arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
  arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
  arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
  arm/arm64: smccc: Make function identifiers an unsigned quantity
  firmware/psci: Expose SMCCC version through psci_ops
  firmware/psci: Expose PSCI conduit
  arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
  arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
  arm/arm64: KVM: Turn kvm_psci_version into a static inline
  arm64: KVM: Make PSCI_VERSION a fast path
  arm/arm64: KVM: Advertise SMCCC v1.1
  arm/arm64: KVM: Implement PSCI 1.0 support
  arm/arm64: KVM: Add smccc accessors to PSCI code
  arm/arm64: KVM: Add PSCI_VERSION helper
  arm/arm64: KVM: Consolidate the PSCI include files
  arm64: KVM: Increment PC after handling an SMC trap
  arm64: Branch predictor hardening for Cavium ThunderX2
  arm64: Implement branch predictor hardening for Falkor
  arm64: Implement branch predictor hardening for affected Cortex-A CPUs
  arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
  arm64: entry: Apply BP hardening for suspicious interrupts from EL0
  arm64: entry: Apply BP hardening for high-priority synchronous exceptions
  arm64: KVM: Use per-CPU vector when BP hardening is enabled
  arm64: Move BP hardening to check_and_switch_context
  arm64: Add skeleton to harden the branch predictor against aliasing attacks
  arm64: Move post_ttbr_update_workaround to C code
  drivers/firmware: Expose psci_get_version through psci_ops structure
  arm64: cpufeature: Pass capability structure to ->enable callback
  arm64: Run enable method for errata work arounds on late CPUs
  arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
  arm64: futex: Mask __user pointers prior to dereference
  arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
  arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
  arm64: uaccess: Prevent speculative use of the current addr_limit
  arm64: entry: Ensure branch through syscall table is bounded under speculation
  arm64: Use pointer masking to limit uaccess speculation
  arm64: Make USER_DS an inclusive limit
  arm64: Implement array_index_mask_nospec()
  arm64: barrier: Add CSDB macros to control data-value prediction
  arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
  arm64: entry: Reword comment about post_ttbr_update_workaround
  arm64: Force KPTI to be disabled on Cavium ThunderX
  arm64: kpti: Add ->enable callback to remap swapper using nG mappings
  arm64: mm: Permit transitioning from Global to Non-Global without BBM
  arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
  arm64: Turn on KPTI only on CPUs that need it
  arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
  arm64: kpti: Fix the interaction between ASID switching and software PAN
  arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
  arm64: capabilities: Handle duplicate entries for a capability
  arm64: Take into account ID_AA64PFR0_EL1.CSV3
  arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
  arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
  arm64: use RET instruction for exiting the trampoline
  arm64: kaslr: Put kernel vectors address in separate data page
  arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
  arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
  arm64: cpu_errata: Add Kryo to Falkor 1003 errata
  arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
  arm64: entry: Hook up entry trampoline to exception vectors
  arm64: entry: Explicitly pass exception level to kernel_ventry macro
  arm64: mm: Map entry trampoline into trampoline and kernel page tables
  arm64: entry: Add exception trampoline page for exceptions from EL0
  arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
  arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
  arm64: mm: Allocate ASIDs in pairs
  arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
  arm64: mm: Rename post_ttbr0_update_workaround
  arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
  arm64: mm: Move ASID from TTBR0 to TTBR1
  arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
  arm64: mm: Use non-global mappings for kernel space
  arm64: move TASK_* definitions to <asm/processor.h>
  media: hdpvr: Fix an error handling path in hdpvr_probe()
  media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
  media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
  dccp: CVE-2017-8824: use-after-free in DCCP code
  drm/i915: Fix deadlock in i830_disable_pipe()
  drm/i915: Redo plane sanitation during readout
  drm/i915: Add .get_hw_state() method for planes
  sched/rt: Up the root domain ref count when passing it around via IPIs
  sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
  KVM MMU: check pending exception before injecting APF
  arm64: Add software workaround for Falkor erratum 1041
  arm64: Define cputype macros for Falkor CPU
  watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
  sched/wait: Fix add_wait_queue() behavioral change
  dmaengine: dmatest: fix container_of member in dmatest_callback
  cpufreq: mediatek: add mediatek related projects into blacklist
  CIFS: zero sensitive data when freeing
  cifs: Fix autonegotiate security settings mismatch
  cifs: Fix missing put_xid in cifs_file_strict_mmap
  powerpc/pseries: include linux/types.h in asm/hvcall.h
  watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
  ANDROID: Fixup 64/32-bit divide confusion for WALT configs

Conflicts:
	include/trace/events/sched.h
	kernel/sched/sched.h
	lib/ubsan.c
	lib/ubsan.h
	arch/arm64/configs/sdm855_defconfig
	arch/arm64/configs/sdm855-perf_defconfig

Change-Id: I034588046a45f3d8be0615bed40d2ddd334ebd74
Signed-off-by: Isaac J. Manjarres <[email protected]>

Author: Isaac J. Manjarres

Diff for: Documentation/arm64/silicon-errata.txt

@@ -71,6 +71,7 @@ stable kernels.
 | Hisilicon      | Hip0{5,6,7}     | #161010101      | HISILICON_ERRATUM_161010101 |
 | Hisilicon      | Hip0{6,7}       | #161010701      | N/A                         |
 |                |                 |                 |                             |
-| Qualcomm Tech. | Falkor v1       | E1003           | QCOM_FALKOR_ERRATUM_1003    |
+| Qualcomm Tech. | Kryo/Falkor v1  | E1003           | QCOM_FALKOR_ERRATUM_1003    |
 | Qualcomm Tech. | Falkor v1       | E1009           | QCOM_FALKOR_ERRATUM_1009    |
 | Qualcomm Tech. | QDF2400 ITS     | E0065           | QCOM_QDF2400_ERRATUM_0065   |
+| Qualcomm Tech. | Falkor v{1,2}   | E1041           | QCOM_FALKOR_ERRATUM_1041    |

Diff for: Makefile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 VERSION = 4
 PATCHLEVEL = 14
-SUBLEVEL = 19
+SUBLEVEL = 20
 EXTRAVERSION =
 NAME = Petit Gorille
 
@@ -420,7 +420,8 @@ export MAKE AWK GENKSYMS INSTALLKERNEL PERL PYTHON UTS_MACHINE
 export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS
 
 export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS
-export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_KASAN CFLAGS_UBSAN
+export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE
+export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE CFLAGS_UBSAN
 export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE
 export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE
 export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL

Diff for: arch/alpha/include/asm/futex.h

@@ -20,8 +20,8 @@
 	"3:	.subsection 2\n"				\
 	"4:	br	1b\n"					\
 	"	.previous\n"					\
-	EXC(1b,3b,%1,$31)					\
-	EXC(2b,3b,%1,$31)					\
+	EXC(1b,3b,$31,%1)					\
+	EXC(2b,3b,$31,%1)					\
 	:	"=&r" (oldval), "=&r"(ret)			\
 	:	"r" (uaddr), "r"(oparg)				\
 	:	"memory")
@@ -82,8 +82,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
 	"3:	.subsection 2\n"
 	"4:	br	1b\n"
 	"	.previous\n"
-	EXC(1b,3b,%0,$31)
-	EXC(2b,3b,%0,$31)
+	EXC(1b,3b,$31,%0)
+	EXC(2b,3b,$31,%0)
 	:	"+r"(ret), "=&r"(prev), "=&r"(cmp)
 	:	"r"(uaddr), "r"((long)(int)oldval), "r"(newval)
 	:	"memory");

Diff for: arch/alpha/kernel/osf_sys.c

@@ -964,8 +964,8 @@ static inline long
 put_tv32(struct timeval32 __user *o, struct timeval *i)
 {
 	return copy_to_user(o, &(struct timeval32){
-				.tv_sec = o->tv_sec,
-				.tv_usec = o->tv_usec},
+				.tv_sec = i->tv_sec,
+				.tv_usec = i->tv_usec},
 			    sizeof(struct timeval32));
 }
 

Diff for: arch/alpha/kernel/pci_impl.h

@@ -144,7 +144,8 @@ struct pci_iommu_arena
 };
 
 #if defined(CONFIG_ALPHA_SRM) && \
-    (defined(CONFIG_ALPHA_CIA) || defined(CONFIG_ALPHA_LCA))
+    (defined(CONFIG_ALPHA_CIA) || defined(CONFIG_ALPHA_LCA) || \
+     defined(CONFIG_ALPHA_AVANTI))
 # define NEED_SRM_SAVE_RESTORE
 #else
 # undef NEED_SRM_SAVE_RESTORE

Diff for: arch/alpha/kernel/process.c

@@ -269,12 +269,13 @@ copy_thread(unsigned long clone_flags, unsigned long usp,
 	   application calling fork.  */
 	if (clone_flags & CLONE_SETTLS)
 		childti->pcb.unique = regs->r20;
+	else
+		regs->r20 = 0;	/* OSF/1 has some strange fork() semantics.  */
 	childti->pcb.usp = usp ?: rdusp();
 	*childregs = *regs;
 	childregs->r0 = 0;
 	childregs->r19 = 0;
 	childregs->r20 = 1;	/* OSF/1 has some strange fork() semantics.  */
-	regs->r20 = 0;
 	stack = ((struct switch_stack *) regs) - 1;
 	*childstack = *stack;
 	childstack->r26 = (unsigned long) ret_from_fork;

Diff for: arch/alpha/kernel/traps.c

@@ -160,11 +160,16 @@ void show_stack(struct task_struct *task, unsigned long *sp)
 	for(i=0; i < kstack_depth_to_print; i++) {
 		if (((long) stack & (THREAD_SIZE-1)) == 0)
 			break;
-		if (i && ((i % 4) == 0))
-			printk("\n       ");
-		printk("%016lx ", *stack++);
+		if ((i % 4) == 0) {
+			if (i)
+				pr_cont("\n");
+			printk("       ");
+		} else {
+			pr_cont(" ");
+		}
+		pr_cont("%016lx", *stack++);
 	}
-	printk("\n");
+	pr_cont("\n");
 	dik_show_trace(sp);
 }
 

Diff for: arch/arm/crypto/crc32-ce-glue.c

@@ -188,6 +188,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
 	.base.cra_name		= "crc32",
 	.base.cra_driver_name	= "crc32-arm-ce",
 	.base.cra_priority	= 200,
+	.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 	.base.cra_blocksize	= 1,
 	.base.cra_module	= THIS_MODULE,
 }, {
@@ -203,6 +204,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
 	.base.cra_name		= "crc32c",
 	.base.cra_driver_name	= "crc32c-arm-ce",
 	.base.cra_priority	= 200,
+	.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 	.base.cra_blocksize	= 1,
 	.base.cra_module	= THIS_MODULE,
 } };

Diff for: arch/arm/include/asm/kvm_host.h

@@ -293,4 +293,10 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
 int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
 			       struct kvm_device_attr *attr);
 
+static inline bool kvm_arm_harden_branch_predictor(void)
+{
+	/* No way to detect it yet, pretend it is not there. */
+	return false;
+}
+
 #endif /* __ARM_KVM_HOST_H__ */

Diff for: arch/arm/include/asm/kvm_mmu.h

@@ -221,6 +221,16 @@ static inline unsigned int kvm_get_vmid_bits(void)
 	return 8;
 }
 
+static inline void *kvm_get_hyp_vector(void)
+{
+	return kvm_ksym_ref(__kvm_hyp_vector);
+}
+
+static inline int kvm_map_vectors(void)
+{
+	return 0;
+}
+
 #endif	/* !__ASSEMBLY__ */
 
 #endif /* __ARM_KVM_MMU_H__ */

Diff for: arch/arm/include/asm/kvm_psci.h

@@ -21,7 +21,7 @@
 #include <asm/kvm_emulate.h>
 #include <asm/kvm_coproc.h>
 #include <asm/kvm_mmu.h>
-#include <asm/kvm_psci.h>
+#include <kvm/arm_psci.h>
 #include <trace/events/kvm.h>
 
 #include "trace.h"
@@ -36,9 +36,9 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run)
 		      kvm_vcpu_hvc_get_imm(vcpu));
 	vcpu->stat.hvc_exit_stat++;
 
-	ret = kvm_psci_call(vcpu);
+	ret = kvm_hvc_call_handler(vcpu);
 	if (ret < 0) {
-		kvm_inject_undefined(vcpu);
+		vcpu_set_reg(vcpu, 0, ~0UL);
 		return 1;
 	}
 
@@ -47,7 +47,16 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run)
 
 static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run)
 {
-	kvm_inject_undefined(vcpu);
+	/*
+	 * "If an SMC instruction executed at Non-secure EL1 is
+	 * trapped to EL2 because HCR_EL2.TSC is 1, the exception is a
+	 * Trap exception, not a Secure Monitor Call exception [...]"
+	 *
+	 * We need to advance the PC after the trap, as it would
+	 * otherwise return to the same address...
+	 */
+	vcpu_set_reg(vcpu, 0, ~0UL);
+	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));
 	return 1;
 }
 

Diff for: arch/arm/kvm/handle_exit.c

@@ -504,20 +504,13 @@ config CAVIUM_ERRATUM_30115
 config QCOM_FALKOR_ERRATUM_1003
 	bool "Falkor E1003: Incorrect translation due to ASID change"
 	default y
-	select ARM64_PAN if ARM64_SW_TTBR0_PAN
 	help
 	  On Falkor v1, an incorrect ASID may be cached in the TLB when ASID
-	  and BADDR are changed together in TTBRx_EL1. The workaround for this
-	  issue is to use a reserved ASID in cpu_do_switch_mm() before
-	  switching to the new ASID. Saying Y here selects ARM64_PAN if
-	  ARM64_SW_TTBR0_PAN is selected. This is done because implementing and
-	  maintaining the E1003 workaround in the software PAN emulation code
-	  would be an unnecessary complication. The affected Falkor v1 CPU
-	  implements ARMv8.1 hardware PAN support and using hardware PAN
-	  support versus software PAN emulation is mutually exclusive at
-	  runtime.
-
-	  If unsure, say Y.
+	  and BADDR are changed together in TTBRx_EL1. Since we keep the ASID
+	  in TTBR1_EL1, this situation only occurs in the entry trampoline and
+	  then only for entries in the walk cache, since the leaf translation
+	  is unchanged. Work around the erratum by invalidating the walk cache
+	  entries for the trampoline before entering the kernel proper.
 
 config QCOM_FALKOR_ERRATUM_1009
 	bool "Falkor E1009: Prematurely complete a DSB after a TLBI"
@@ -539,6 +532,16 @@ config QCOM_QDF2400_ERRATUM_0065
 
 	  If unsure, say Y.
 
+config QCOM_FALKOR_ERRATUM_E1041
+	bool "Falkor E1041: Speculative instruction fetches might cause errant memory access"
+	default y
+	help
+	  Falkor CPU may speculatively fetch instructions from an improper
+	  memory location when MMU translation is changed from SCTLR_ELn[M]=1
+	  to SCTLR_ELn[M]=0. Prefix an ISB instruction to fix the problem.
+
+	  If unsure, say Y.
+
 endmenu
 
 
@@ -846,6 +849,35 @@ config FORCE_MAX_ZONEORDER
 	  However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
 	  4M allocations matching the default size used by generic code.
 
+config UNMAP_KERNEL_AT_EL0
+	bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
+	default y
+	help
+	  Speculation attacks against some high-performance processors can
+	  be used to bypass MMU permission checks and leak kernel data to
+	  userspace. This can be defended against by unmapping the kernel
+	  when running in userspace, mapping it back in on exception entry
+	  via a trampoline page in the vector table.
+
+	  If unsure, say Y.
+
+config HARDEN_BRANCH_PREDICTOR
+	bool "Harden the branch predictor against aliasing attacks" if EXPERT
+	default y
+	help
+	  Speculation attacks against some high-performance processors rely on
+	  being able to manipulate the branch predictor for a victim context by
+	  executing aliasing branches in the attacker context.  Such attacks
+	  can be partially mitigated against by clearing internal branch
+	  predictor state and limiting the prediction logic in some situations.
+
+	  This config option will take CPU-specific actions to harden the
+	  branch predictor against aliasing attacks and may rely on specific
+	  instruction sequences or control bits being set by the system
+	  firmware.
+
+	  If unsure, say Y.
+
 menuconfig ARMV8_DEPRECATED
 	bool "Emulate deprecated/obsolete ARMv8 instructions"
 	depends on COMPAT

Diff for: arch/arm64/Kconfig

@@ -61,6 +61,12 @@
 		reg = <0x0 0x0 0x0 0x80000000>;
 	};
 
+	aliases {
+		ethernet0 = &cpm_eth0;
+		ethernet1 = &cpm_eth1;
+		ethernet2 = &cpm_eth2;
+	};
+
 	cpm_reg_usb3_0_vbus: cpm-usb3-0-vbus {
 		compatible = "regulator-fixed";
 		regulator-name = "usb3h0-vbus";

Diff for: arch/arm64/boot/dts/marvell/armada-7040-db.dts

@@ -61,6 +61,13 @@
 		reg = <0x0 0x0 0x0 0x80000000>;
 	};
 
+	aliases {
+		ethernet0 = &cpm_eth0;
+		ethernet1 = &cpm_eth2;
+		ethernet2 = &cps_eth0;
+		ethernet3 = &cps_eth1;
+	};
+
 	cpm_reg_usb3_0_vbus: cpm-usb3-0-vbus {
 		compatible = "regulator-fixed";
 		regulator-name = "cpm-usb3h0-vbus";

Diff for: arch/arm64/boot/dts/marvell/armada-8040-db.dts

@@ -62,6 +62,12 @@
 		reg = <0x0 0x0 0x0 0x80000000>;
 	};
 
+	aliases {
+		ethernet0 = &cpm_eth0;
+		ethernet1 = &cps_eth0;
+		ethernet2 = &cps_eth1;
+	};
+
 	/* Regulator labels correspond with schematics */
 	v_3_3: regulator-3-3v {
 		compatible = "regulator-fixed";

Diff for: arch/arm64/boot/dts/marvell/armada-8040-mcbin.dts

@@ -60,6 +60,8 @@ CONFIG_HZ_100=y
 CONFIG_CMA=y
 CONFIG_ZSMALLOC=y
 CONFIG_SECCOMP=y
+# CONFIG_UNMAP_KERNEL_AT_EL0 is not set
+# CONFIG_HARDEN_BRANCH_PREDICTOR is not set
 CONFIG_ARMV8_DEPRECATED=y
 CONFIG_SWP_EMULATION=y
 # CONFIG_ARM64_VHE is not set

Diff for: arch/arm64/configs/sdm855-perf_defconfig

@@ -63,6 +63,8 @@ CONFIG_CLEANCACHE=y
 CONFIG_CMA=y
 CONFIG_ZSMALLOC=y
 CONFIG_SECCOMP=y
+# CONFIG_UNMAP_KERNEL_AT_EL0 is not set
+# CONFIG_HARDEN_BRANCH_PREDICTOR is not set
 CONFIG_ARMV8_DEPRECATED=y
 CONFIG_SWP_EMULATION=y
 CONFIG_CP15_BARRIER_EMULATION=y

Diff for: arch/arm64/configs/sdm855_defconfig

@@ -185,6 +185,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
 	.base.cra_name		= "crc32",
 	.base.cra_driver_name	= "crc32-arm64-ce",
 	.base.cra_priority	= 200,
+	.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 	.base.cra_blocksize	= 1,
 	.base.cra_module	= THIS_MODULE,
 }, {
@@ -200,6 +201,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
 	.base.cra_name		= "crc32c",
 	.base.cra_driver_name	= "crc32c-arm64-ce",
 	.base.cra_priority	= 200,
+	.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 	.base.cra_blocksize	= 1,
 	.base.cra_module	= THIS_MODULE,
 } };