Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2

New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
For these CVEs there are RH and CentOS updates available.

CVE-2018-12126:
Microarchitectural Store Buffer Data Sampling (MSBDS):
Store buffers on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially
enable information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVE-2018-12127:
Microarchitectural Load Port Data Sampling (MLPDS):
Load ports on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVE-2018-12130:
Microarchitectural Fill Buffer Data Sampling (MFBDS):
Fill buffers on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVE-2019-11091:
Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
Uncacheable memory on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

These are from the http://cve.mitre.org website.
These are the MDS security CVEs.

The patch is modified as follows:
1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file,
  because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
  removes the ici_cpuid4_info structure.

2.The build-logic-and-sources-for-TiC.patch version number
  has been modified.

3.In addition to the modifications in the files in 1 and 2,
  other patches only modify the line number.

Closes-Bug: 1830487
Depends-On: https://review.opendev.org/663071
Change-Id: I4cad783311ed4a6c60b4f69bdad75d773d0cd23d
Signed-off-by: zhiguo.zhang <zhiguox.zhang@intel.com>

kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch

@@ -26,13 +26,13 @@ index 1c3a765..f2499b4 100644
  %global distro_build 957
  
  %define rpmversion 3.10.0
--%define pkgrelease 957.1.3.el7
-+%define _pkgrelease 957.1.3
+-%define pkgrelease 957.12.2.el7
++%define _pkgrelease 957.12.2
 +%define pkgrelease %{_pkgrelease}.el7
 +
  
  # allow pkg_release to have configurable %%{?dist} tag
- %define specrelease 957.1.3%{?dist}
+ %define specrelease 957.12.2%{?dist}
  
 -%define pkg_release %{specrelease}%{?buildid}
 +%define pkg_release %{specrelease}%{buildid}
@@ -224,7 +224,7 @@ index 1c3a765..f2499b4 100644
 +%endif
 +
  %changelog
- * Mon Nov 26 2018 CentOS Sources <bugs@centos.org> - 3.10.0-957.1.3.el7
+ * Tue May 14 2019 CentOS Sources <bugs@centos.org> - 3.10.0-957.12.2.el7
  - Apply debranding changes
 -- 
 2.7.4

kernel/kernel-std/centos/patches/Notification-of-death-of-arbitrary-processes.patch

@@ -65,7 +65,7 @@ diff --git a/include/linux/sched.h b/include/linux/sched.h
 index d184652..ba6ae5c 100644
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
-@@ -1649,6 +1649,12 @@ struct task_struct {
+@@ -1653,6 +1653,12 @@ struct task_struct {
  	short il_next;
  	short pref_node_fork;
  #endif

kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch

@@ -47,13 +47,13 @@ This helps in:
 Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
 ---
  Documentation/ABI/testing/sysfs-devices-system-cpu |  65 ++
- arch/x86/kernel/cpu/cacheinfo.c                    | 830 +++++++--------------
+ arch/x86/kernel/cpu/cacheinfo.c                    | 833 +++++++--------------
  drivers/base/Makefile                              |   2 +-
  drivers/base/cacheinfo.c                           | 662 ++++++++++++++++
  drivers/base/cpu.c                                 |  54 ++
  include/linux/cacheinfo.h                          | 104 +++
  include/linux/cpu.h                                |   3 +
- 7 files changed, 1147 insertions(+), 573 deletions(-)
+ 7 files changed, 1147 insertions(+), 576 deletions(-)
  create mode 100644 drivers/base/cacheinfo.c
  create mode 100644 include/linux/cacheinfo.h
 
@@ -461,7 +461,7 @@ index d529019..bf23bd2 100644
 +
 +	if (nb && nb->l3_cache.indices)
 +		init_amd_l3_attrs();
-+
+ 
 +	return &cache_private_group;
 +}
 +
@@ -472,7 +472,7 @@ index d529019..bf23bd2 100644
 +	/* only for L3, and not in virtualized environments */
 +	if (index < 3)
 +		return;
- 
++
 +	node = amd_get_nb_id(smp_processor_id());
 +	this_leaf->nb = node_to_amd_nb(node);
 +	if (this_leaf->nb && !this_leaf->nb->l3_cache.indices)
@@ -798,11 +798,11 @@ index d529019..bf23bd2 100644
 +static int __init_cache_level(unsigned int cpu)
  {
 -	int i;
--
--	for (i = 0; i < num_cache_leaves; i++)
--		cache_remove_shared_cpu_map(cpu, i);
 +	struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
  
+-	for (i = 0; i < num_cache_leaves; i++)
+-		cache_remove_shared_cpu_map(cpu, i);
+-
 -	kfree(per_cpu(ici_cpuid4_info, cpu));
 -	per_cpu(ici_cpuid4_info, cpu) = NULL;
 +	if (!num_cache_leaves)
@@ -815,17 +815,20 @@ index d529019..bf23bd2 100644
  }
  
  /*
-@@ -925,411 +985,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs)
+@@ -925,414 +985,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs)
  int get_cpu_cache_id(int cpu, int level)
  {
  	int i;
 +	struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
  
--	for (i = 0; i < num_cache_leaves; i++) {
--		struct _cpuid4_info *this_leaf = CPUID4_INFO_IDX(cpu, i);
+-	if (!per_cpu(ici_cpuid4_info, cpu))
+-		return -1;
 +	for (i = 0; i < this_cpu_ci->num_leaves; i++) {
 +		struct cacheinfo *this_leaf = this_cpu_ci->info_list + i;
  
+-	for (i = 0; i < num_cache_leaves; i++) {
+-		struct _cpuid4_info *this_leaf = CPUID4_INFO_IDX(cpu, i);
+-
 -		if (this_leaf->base.eax.split.level == level)
 -			return this_leaf->base.id;
 +		if (this_leaf->level == level)
@@ -836,13 +839,18 @@ index d529019..bf23bd2 100644
  }
  
 -static void get_cpu_leaves(void *_retval)
--{
++static int __populate_cache_leaves(unsigned int cpu)
+ {
 -	int j, *retval = _retval, cpu = smp_processor_id();
 -
 -	/* Do cpuid and store the results */
 -	for (j = 0; j < num_cache_leaves; j++) {
 -		struct _cpuid4_info *this_leaf = CPUID4_INFO_IDX(cpu, j);
--
++	unsigned int idx, ret;
++	struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
++	struct cacheinfo *this_leaf = this_cpu_ci->info_list;
++	struct _cpuid4_info_regs id4_regs = {};
+ 
 -		*retval = cpuid4_cache_lookup_regs(j, &this_leaf->base);
 -		if (unlikely(*retval < 0)) {
 -			int i;
@@ -853,13 +861,21 @@ index d529019..bf23bd2 100644
 -		}
 -		cache_shared_cpu_map_setup(cpu, j);
 -		get_cache_id(cpu, &this_leaf->base);
--	}
++	for (idx = 0; idx < this_cpu_ci->num_leaves; idx++) {
++		ret = cpuid4_cache_lookup_regs(idx, &id4_regs);
++		if (ret)
++			return ret;
++		get_cache_id(cpu, &id4_regs);
++		ci_leaf_init(this_leaf++, &id4_regs);
++		__cache_cpumap_setup(cpu, idx, &id4_regs);
+ 	}
 -}
 -
 -static int detect_cache_attributes(unsigned int cpu)
 -{
 -	int			retval;
--
++	this_cpu_ci->cpu_map_populated = true;
+ 
 -	if (num_cache_leaves == 0)
 -		return -ENOENT;
 -
@@ -1116,8 +1132,7 @@ index d529019..bf23bd2 100644
 -
 -/* Add/Remove cache interface for CPU device */
 -static int cache_add_dev(struct device *dev)
-+static int __populate_cache_leaves(unsigned int cpu)
- {
+-{
 -	unsigned int cpu = dev->id;
 -	unsigned long i, j;
 -	struct _index_kobject *this_object;
@@ -1140,11 +1155,7 @@ index d529019..bf23bd2 100644
 -		this_object = INDEX_KOBJECT_PTR(cpu, i);
 -		this_object->cpu = cpu;
 -		this_object->index = i;
-+	unsigned int idx, ret;
-+	struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
-+	struct cacheinfo *this_leaf = this_cpu_ci->info_list;
-+	struct _cpuid4_info_regs id4_regs = {};
- 
+-
 -		this_leaf = CPUID4_INFO_IDX(cpu, i);
 -
 -		ktype_cache.default_attrs = default_attrs;
@@ -1164,17 +1175,9 @@ index d529019..bf23bd2 100644
 -			return retval;
 -		}
 -		kobject_uevent(&(this_object->kobj), KOBJ_ADD);
-+	for (idx = 0; idx < this_cpu_ci->num_leaves; idx++) {
-+		ret = cpuid4_cache_lookup_regs(idx, &id4_regs);
-+		if (ret)
-+			return ret;
-+		get_cache_id(cpu, &id4_regs);
-+		ci_leaf_init(this_leaf++, &id4_regs);
-+		__cache_cpumap_setup(cpu, idx, &id4_regs);
- 	}
+-	}
 -	cpumask_set_cpu(cpu, to_cpumask(cache_dev_map));
-+	this_cpu_ci->cpu_map_populated = true;
- 
+-
 -	kobject_uevent(per_cpu(ici_cache_kobject, cpu), KOBJ_ADD);
  	return 0;
  }
@@ -2107,9 +2110,9 @@ diff --git a/include/linux/cpu.h b/include/linux/cpu.h
 index 82180fe..434d92c 100644
 --- a/include/linux/cpu.h
 +++ b/include/linux/cpu.h
-@@ -49,6 +49,9 @@ extern ssize_t cpu_show_spec_store_bypass(struct device *dev,
- extern ssize_t cpu_show_l1tf(struct device *dev,
- 			     struct device_attribute *attr, char *buf);
+@@ -51,6 +51,9 @@ extern ssize_t cpu_show_l1tf(struct device *dev,
+ extern ssize_t cpu_show_mds(struct device *dev,
+ 			    struct device_attribute *attr, char *buf);
  
 +extern struct device *cpu_device_create(struct device *parent, void *drvdata,
 +					const struct attribute_group **groups,

kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch

@@ -229,7 +229,7 @@ diff --git a/security/security.c b/security/security.c
 index f069482..646a0e3 100644
 --- a/security/security.c
 +++ b/security/security.c
-@@ -157,6 +157,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier);
+@@ -161,6 +161,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier);
  
  /* Security operations */
  
@@ -340,7 +340,7 @@ index f069482..646a0e3 100644
  int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
  {
  #ifdef CONFIG_SECURITY_YAMA_STACKED
-@@ -716,8 +820,11 @@ EXPORT_SYMBOL(security_inode_listsecurity);
+@@ -720,8 +824,11 @@ EXPORT_SYMBOL(security_inode_listsecurity);
  
  void security_inode_getsecid(struct inode *inode, u32 *secid)
  {
@@ -353,7 +353,7 @@ index f069482..646a0e3 100644
  
  int security_inode_copy_up(struct dentry *src, struct cred **new)
  {
-@@ -1526,6 +1633,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
+@@ -1530,6 +1637,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
  {
  	return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
  }
@@ -361,7 +361,7 @@ index f069482..646a0e3 100644
  
  int security_audit_rule_known(struct audit_krule *krule)
  {
-@@ -1542,6 +1650,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
+@@ -1546,6 +1654,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
  {
  	return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
  }

kernel/kernel-std/centos/patches/affine-compute-kernel-threads.patch

@@ -107,7 +107,7 @@ diff --git a/kernel/cpu.c b/kernel/cpu.c
 index 0d9e250..6c156bd 100644
 --- a/kernel/cpu.c
 +++ b/kernel/cpu.c
-@@ -991,6 +991,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly;
+@@ -1012,6 +1012,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly;
  const struct cpumask *const cpu_active_mask = to_cpumask(cpu_active_bits);
  EXPORT_SYMBOL(cpu_active_mask);
  

kernel/kernel-std/centos/patches/fix-compilation-issues.patch

@@ -82,7 +82,7 @@ diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
 index 26ec982..45af11b 100644
 --- a/include/linux/huge_mm.h
 +++ b/include/linux/huge_mm.h
-@@ -362,7 +362,7 @@ static inline int pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma,
+@@ -365,7 +365,7 @@ static inline int pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma,
  	return 0;
  }
  

kernel/kernel-std/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch

@@ -99,7 +99,7 @@ index 260597e..6c16b68 100644
  		} else if (!strncmp(str, "strict", 6)) {
  			pr_info("Disable batched IOTLB flush\n");
  			intel_iommu_strict = 1;
-@@ -2779,6 +2789,15 @@ static bool device_is_rmrr_locked(struct device *dev)
+@@ -2820,6 +2830,15 @@ static bool device_is_rmrr_locked(struct device *dev)
  
  		if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
  			return false;

kernel/kernel-std/centos/srpm_path

@@ -1,2 +1,2 @@
-mirror:Source/kernel-3.10.0-957.1.3.el7.src.rpm
+mirror:Source/kernel-3.10.0-957.12.2.el7.src.rpm