1 |
commit: 5a7c485603ea79c3f41cc5db9f8206335fc9b819 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Dec 5 20:15:52 2018 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Dec 5 20:15:52 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5a7c4856 |
7 |
|
8 |
proj/linux-patches: Linuxpatch 4.19.7 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1006_linux-4.19.7.patch | 5500 +++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 5504 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index c4c0a77..e91fad4 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -67,6 +67,10 @@ Patch: 1005_linux-4.19.6.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.19.6 |
23 |
|
24 |
+Patch: 1006_linux-4.19.7.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.19.7 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1006_linux-4.19.7.patch b/1006_linux-4.19.7.patch |
33 |
new file mode 100644 |
34 |
index 0000000..0840b0c |
35 |
--- /dev/null |
36 |
+++ b/1006_linux-4.19.7.patch |
37 |
@@ -0,0 +1,5500 @@ |
38 |
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
39 |
+index fa4eec22816d..0c404cda531a 100644 |
40 |
+--- a/Documentation/admin-guide/kernel-parameters.txt |
41 |
++++ b/Documentation/admin-guide/kernel-parameters.txt |
42 |
+@@ -4169,9 +4169,13 @@ |
43 |
+ |
44 |
+ spectre_v2= [X86] Control mitigation of Spectre variant 2 |
45 |
+ (indirect branch speculation) vulnerability. |
46 |
++ The default operation protects the kernel from |
47 |
++ user space attacks. |
48 |
+ |
49 |
+- on - unconditionally enable |
50 |
+- off - unconditionally disable |
51 |
++ on - unconditionally enable, implies |
52 |
++ spectre_v2_user=on |
53 |
++ off - unconditionally disable, implies |
54 |
++ spectre_v2_user=off |
55 |
+ auto - kernel detects whether your CPU model is |
56 |
+ vulnerable |
57 |
+ |
58 |
+@@ -4181,6 +4185,12 @@ |
59 |
+ CONFIG_RETPOLINE configuration option, and the |
60 |
+ compiler with which the kernel was built. |
61 |
+ |
62 |
++ Selecting 'on' will also enable the mitigation |
63 |
++ against user space to user space task attacks. |
64 |
++ |
65 |
++ Selecting 'off' will disable both the kernel and |
66 |
++ the user space protections. |
67 |
++ |
68 |
+ Specific mitigations can also be selected manually: |
69 |
+ |
70 |
+ retpoline - replace indirect branches |
71 |
+@@ -4190,6 +4200,48 @@ |
72 |
+ Not specifying this option is equivalent to |
73 |
+ spectre_v2=auto. |
74 |
+ |
75 |
++ spectre_v2_user= |
76 |
++ [X86] Control mitigation of Spectre variant 2 |
77 |
++ (indirect branch speculation) vulnerability between |
78 |
++ user space tasks |
79 |
++ |
80 |
++ on - Unconditionally enable mitigations. Is |
81 |
++ enforced by spectre_v2=on |
82 |
++ |
83 |
++ off - Unconditionally disable mitigations. Is |
84 |
++ enforced by spectre_v2=off |
85 |
++ |
86 |
++ prctl - Indirect branch speculation is enabled, |
87 |
++ but mitigation can be enabled via prctl |
88 |
++ per thread. The mitigation control state |
89 |
++ is inherited on fork. |
90 |
++ |
91 |
++ prctl,ibpb |
92 |
++ - Like "prctl" above, but only STIBP is |
93 |
++ controlled per thread. IBPB is issued |
94 |
++ always when switching between different user |
95 |
++ space processes. |
96 |
++ |
97 |
++ seccomp |
98 |
++ - Same as "prctl" above, but all seccomp |
99 |
++ threads will enable the mitigation unless |
100 |
++ they explicitly opt out. |
101 |
++ |
102 |
++ seccomp,ibpb |
103 |
++ - Like "seccomp" above, but only STIBP is |
104 |
++ controlled per thread. IBPB is issued |
105 |
++ always when switching between different |
106 |
++ user space processes. |
107 |
++ |
108 |
++ auto - Kernel selects the mitigation depending on |
109 |
++ the available CPU features and vulnerability. |
110 |
++ |
111 |
++ Default mitigation: |
112 |
++ If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" |
113 |
++ |
114 |
++ Not specifying this option is equivalent to |
115 |
++ spectre_v2_user=auto. |
116 |
++ |
117 |
+ spec_store_bypass_disable= |
118 |
+ [HW] Control Speculative Store Bypass (SSB) Disable mitigation |
119 |
+ (Speculative Store Bypass vulnerability) |
120 |
+diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst |
121 |
+index 32f3d55c54b7..c4dbe6f7cdae 100644 |
122 |
+--- a/Documentation/userspace-api/spec_ctrl.rst |
123 |
++++ b/Documentation/userspace-api/spec_ctrl.rst |
124 |
+@@ -92,3 +92,12 @@ Speculation misfeature controls |
125 |
+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); |
126 |
+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); |
127 |
+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); |
128 |
++ |
129 |
++- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes |
130 |
++ (Mitigate Spectre V2 style attacks against user processes) |
131 |
++ |
132 |
++ Invocations: |
133 |
++ * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); |
134 |
++ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); |
135 |
++ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); |
136 |
++ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); |
137 |
+diff --git a/Makefile b/Makefile |
138 |
+index 20cbb8e84650..d2b4efcfb388 100644 |
139 |
+--- a/Makefile |
140 |
++++ b/Makefile |
141 |
+@@ -1,7 +1,7 @@ |
142 |
+ # SPDX-License-Identifier: GPL-2.0 |
143 |
+ VERSION = 4 |
144 |
+ PATCHLEVEL = 19 |
145 |
+-SUBLEVEL = 6 |
146 |
++SUBLEVEL = 7 |
147 |
+ EXTRAVERSION = |
148 |
+ NAME = "People's Front" |
149 |
+ |
150 |
+diff --git a/arch/arm/boot/dts/rk3288-veyron.dtsi b/arch/arm/boot/dts/rk3288-veyron.dtsi |
151 |
+index 2075120cfc4d..d8bf939a3aff 100644 |
152 |
+--- a/arch/arm/boot/dts/rk3288-veyron.dtsi |
153 |
++++ b/arch/arm/boot/dts/rk3288-veyron.dtsi |
154 |
+@@ -10,7 +10,11 @@ |
155 |
+ #include "rk3288.dtsi" |
156 |
+ |
157 |
+ / { |
158 |
+- memory@0 { |
159 |
++ /* |
160 |
++ * The default coreboot on veyron devices ignores memory@0 nodes |
161 |
++ * and would instead create another memory node. |
162 |
++ */ |
163 |
++ memory { |
164 |
+ device_type = "memory"; |
165 |
+ reg = <0x0 0x0 0x0 0x80000000>; |
166 |
+ }; |
167 |
+diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c |
168 |
+index 5617932a83df..ee673c09aa6c 100644 |
169 |
+--- a/arch/arm/kernel/ftrace.c |
170 |
++++ b/arch/arm/kernel/ftrace.c |
171 |
+@@ -227,9 +227,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
172 |
+ unsigned long frame_pointer) |
173 |
+ { |
174 |
+ unsigned long return_hooker = (unsigned long) &return_to_handler; |
175 |
+- struct ftrace_graph_ent trace; |
176 |
+ unsigned long old; |
177 |
+- int err; |
178 |
+ |
179 |
+ if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
180 |
+ return; |
181 |
+@@ -237,21 +235,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
182 |
+ old = *parent; |
183 |
+ *parent = return_hooker; |
184 |
+ |
185 |
+- trace.func = self_addr; |
186 |
+- trace.depth = current->curr_ret_stack + 1; |
187 |
+- |
188 |
+- /* Only trace if the calling function expects to */ |
189 |
+- if (!ftrace_graph_entry(&trace)) { |
190 |
++ if (function_graph_enter(old, self_addr, frame_pointer, NULL)) |
191 |
+ *parent = old; |
192 |
+- return; |
193 |
+- } |
194 |
+- |
195 |
+- err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
196 |
+- frame_pointer, NULL); |
197 |
+- if (err == -EBUSY) { |
198 |
+- *parent = old; |
199 |
+- return; |
200 |
+- } |
201 |
+ } |
202 |
+ |
203 |
+ #ifdef CONFIG_DYNAMIC_FTRACE |
204 |
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts |
205 |
+index e0d64f862322..8ce4a79d9360 100644 |
206 |
+--- a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts |
207 |
++++ b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts |
208 |
+@@ -153,7 +153,7 @@ |
209 |
+ }; |
210 |
+ |
211 |
+ &pcie0 { |
212 |
+- ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_LOW>; |
213 |
++ ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_HIGH>; |
214 |
+ num-lanes = <4>; |
215 |
+ pinctrl-names = "default"; |
216 |
+ pinctrl-0 = <&pcie_clkreqn_cpm>; |
217 |
+diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c |
218 |
+index 50986e388d2b..57e962290df3 100644 |
219 |
+--- a/arch/arm64/kernel/ftrace.c |
220 |
++++ b/arch/arm64/kernel/ftrace.c |
221 |
+@@ -216,8 +216,6 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
222 |
+ { |
223 |
+ unsigned long return_hooker = (unsigned long)&return_to_handler; |
224 |
+ unsigned long old; |
225 |
+- struct ftrace_graph_ent trace; |
226 |
+- int err; |
227 |
+ |
228 |
+ if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
229 |
+ return; |
230 |
+@@ -229,18 +227,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
231 |
+ */ |
232 |
+ old = *parent; |
233 |
+ |
234 |
+- trace.func = self_addr; |
235 |
+- trace.depth = current->curr_ret_stack + 1; |
236 |
+- |
237 |
+- /* Only trace if the calling function expects to */ |
238 |
+- if (!ftrace_graph_entry(&trace)) |
239 |
+- return; |
240 |
+- |
241 |
+- err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
242 |
+- frame_pointer, NULL); |
243 |
+- if (err == -EBUSY) |
244 |
+- return; |
245 |
+- else |
246 |
++ if (!function_graph_enter(old, self_addr, frame_pointer, NULL)) |
247 |
+ *parent = return_hooker; |
248 |
+ } |
249 |
+ |
250 |
+diff --git a/arch/microblaze/kernel/ftrace.c b/arch/microblaze/kernel/ftrace.c |
251 |
+index d57563c58a26..224eea40e1ee 100644 |
252 |
+--- a/arch/microblaze/kernel/ftrace.c |
253 |
++++ b/arch/microblaze/kernel/ftrace.c |
254 |
+@@ -22,8 +22,7 @@ |
255 |
+ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
256 |
+ { |
257 |
+ unsigned long old; |
258 |
+- int faulted, err; |
259 |
+- struct ftrace_graph_ent trace; |
260 |
++ int faulted; |
261 |
+ unsigned long return_hooker = (unsigned long) |
262 |
+ &return_to_handler; |
263 |
+ |
264 |
+@@ -63,18 +62,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
265 |
+ return; |
266 |
+ } |
267 |
+ |
268 |
+- err = ftrace_push_return_trace(old, self_addr, &trace.depth, 0, NULL); |
269 |
+- if (err == -EBUSY) { |
270 |
++ if (function_graph_enter(old, self_addr, 0, NULL)) |
271 |
+ *parent = old; |
272 |
+- return; |
273 |
+- } |
274 |
+- |
275 |
+- trace.func = self_addr; |
276 |
+- /* Only trace if the calling function expects to */ |
277 |
+- if (!ftrace_graph_entry(&trace)) { |
278 |
+- current->curr_ret_stack--; |
279 |
+- *parent = old; |
280 |
+- } |
281 |
+ } |
282 |
+ #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
283 |
+ |
284 |
+diff --git a/arch/mips/kernel/ftrace.c b/arch/mips/kernel/ftrace.c |
285 |
+index 7f3dfdbc3657..b122cbb4aad1 100644 |
286 |
+--- a/arch/mips/kernel/ftrace.c |
287 |
++++ b/arch/mips/kernel/ftrace.c |
288 |
+@@ -322,7 +322,6 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, |
289 |
+ unsigned long fp) |
290 |
+ { |
291 |
+ unsigned long old_parent_ra; |
292 |
+- struct ftrace_graph_ent trace; |
293 |
+ unsigned long return_hooker = (unsigned long) |
294 |
+ &return_to_handler; |
295 |
+ int faulted, insns; |
296 |
+@@ -369,12 +368,6 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, |
297 |
+ if (unlikely(faulted)) |
298 |
+ goto out; |
299 |
+ |
300 |
+- if (ftrace_push_return_trace(old_parent_ra, self_ra, &trace.depth, fp, |
301 |
+- NULL) == -EBUSY) { |
302 |
+- *parent_ra_addr = old_parent_ra; |
303 |
+- return; |
304 |
+- } |
305 |
+- |
306 |
+ /* |
307 |
+ * Get the recorded ip of the current mcount calling site in the |
308 |
+ * __mcount_loc section, which will be used to filter the function |
309 |
+@@ -382,13 +375,10 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, |
310 |
+ */ |
311 |
+ |
312 |
+ insns = core_kernel_text(self_ra) ? 2 : MCOUNT_OFFSET_INSNS + 1; |
313 |
+- trace.func = self_ra - (MCOUNT_INSN_SIZE * insns); |
314 |
++ self_ra -= (MCOUNT_INSN_SIZE * insns); |
315 |
+ |
316 |
+- /* Only trace if the calling function expects to */ |
317 |
+- if (!ftrace_graph_entry(&trace)) { |
318 |
+- current->curr_ret_stack--; |
319 |
++ if (function_graph_enter(old_parent_ra, self_ra, fp, NULL)) |
320 |
+ *parent_ra_addr = old_parent_ra; |
321 |
+- } |
322 |
+ return; |
323 |
+ out: |
324 |
+ ftrace_graph_stop(); |
325 |
+diff --git a/arch/nds32/kernel/ftrace.c b/arch/nds32/kernel/ftrace.c |
326 |
+index a0a9679ad5de..8a41372551ff 100644 |
327 |
+--- a/arch/nds32/kernel/ftrace.c |
328 |
++++ b/arch/nds32/kernel/ftrace.c |
329 |
+@@ -211,29 +211,15 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
330 |
+ unsigned long frame_pointer) |
331 |
+ { |
332 |
+ unsigned long return_hooker = (unsigned long)&return_to_handler; |
333 |
+- struct ftrace_graph_ent trace; |
334 |
+ unsigned long old; |
335 |
+- int err; |
336 |
+ |
337 |
+ if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
338 |
+ return; |
339 |
+ |
340 |
+ old = *parent; |
341 |
+ |
342 |
+- trace.func = self_addr; |
343 |
+- trace.depth = current->curr_ret_stack + 1; |
344 |
+- |
345 |
+- /* Only trace if the calling function expects to */ |
346 |
+- if (!ftrace_graph_entry(&trace)) |
347 |
+- return; |
348 |
+- |
349 |
+- err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
350 |
+- frame_pointer, NULL); |
351 |
+- |
352 |
+- if (err == -EBUSY) |
353 |
+- return; |
354 |
+- |
355 |
+- *parent = return_hooker; |
356 |
++ if (!function_graph_enter(old, self_addr, frame_pointer, NULL)) |
357 |
++ *parent = return_hooker; |
358 |
+ } |
359 |
+ |
360 |
+ noinline void ftrace_graph_caller(void) |
361 |
+diff --git a/arch/parisc/kernel/ftrace.c b/arch/parisc/kernel/ftrace.c |
362 |
+index 6fa8535d3cce..e46a4157a894 100644 |
363 |
+--- a/arch/parisc/kernel/ftrace.c |
364 |
++++ b/arch/parisc/kernel/ftrace.c |
365 |
+@@ -30,7 +30,6 @@ static void __hot prepare_ftrace_return(unsigned long *parent, |
366 |
+ unsigned long self_addr) |
367 |
+ { |
368 |
+ unsigned long old; |
369 |
+- struct ftrace_graph_ent trace; |
370 |
+ extern int parisc_return_to_handler; |
371 |
+ |
372 |
+ if (unlikely(ftrace_graph_is_dead())) |
373 |
+@@ -41,19 +40,9 @@ static void __hot prepare_ftrace_return(unsigned long *parent, |
374 |
+ |
375 |
+ old = *parent; |
376 |
+ |
377 |
+- trace.func = self_addr; |
378 |
+- trace.depth = current->curr_ret_stack + 1; |
379 |
+- |
380 |
+- /* Only trace if the calling function expects to */ |
381 |
+- if (!ftrace_graph_entry(&trace)) |
382 |
+- return; |
383 |
+- |
384 |
+- if (ftrace_push_return_trace(old, self_addr, &trace.depth, |
385 |
+- 0, NULL) == -EBUSY) |
386 |
+- return; |
387 |
+- |
388 |
+- /* activate parisc_return_to_handler() as return point */ |
389 |
+- *parent = (unsigned long) &parisc_return_to_handler; |
390 |
++ if (!function_graph_enter(old, self_addr, 0, NULL)) |
391 |
++ /* activate parisc_return_to_handler() as return point */ |
392 |
++ *parent = (unsigned long) &parisc_return_to_handler; |
393 |
+ } |
394 |
+ #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
395 |
+ |
396 |
+diff --git a/arch/powerpc/kernel/trace/ftrace.c b/arch/powerpc/kernel/trace/ftrace.c |
397 |
+index 4bfbb54dee51..19ef4f5866b6 100644 |
398 |
+--- a/arch/powerpc/kernel/trace/ftrace.c |
399 |
++++ b/arch/powerpc/kernel/trace/ftrace.c |
400 |
+@@ -697,7 +697,6 @@ int ftrace_disable_ftrace_graph_caller(void) |
401 |
+ */ |
402 |
+ unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) |
403 |
+ { |
404 |
+- struct ftrace_graph_ent trace; |
405 |
+ unsigned long return_hooker; |
406 |
+ |
407 |
+ if (unlikely(ftrace_graph_is_dead())) |
408 |
+@@ -708,18 +707,8 @@ unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) |
409 |
+ |
410 |
+ return_hooker = ppc_function_entry(return_to_handler); |
411 |
+ |
412 |
+- trace.func = ip; |
413 |
+- trace.depth = current->curr_ret_stack + 1; |
414 |
+- |
415 |
+- /* Only trace if the calling function expects to */ |
416 |
+- if (!ftrace_graph_entry(&trace)) |
417 |
+- goto out; |
418 |
+- |
419 |
+- if (ftrace_push_return_trace(parent, ip, &trace.depth, 0, |
420 |
+- NULL) == -EBUSY) |
421 |
+- goto out; |
422 |
+- |
423 |
+- parent = return_hooker; |
424 |
++ if (!function_graph_enter(parent, ip, 0, NULL)) |
425 |
++ parent = return_hooker; |
426 |
+ out: |
427 |
+ return parent; |
428 |
+ } |
429 |
+diff --git a/arch/riscv/kernel/ftrace.c b/arch/riscv/kernel/ftrace.c |
430 |
+index 1157b6b52d25..c433f6d3dd64 100644 |
431 |
+--- a/arch/riscv/kernel/ftrace.c |
432 |
++++ b/arch/riscv/kernel/ftrace.c |
433 |
+@@ -132,7 +132,6 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
434 |
+ { |
435 |
+ unsigned long return_hooker = (unsigned long)&return_to_handler; |
436 |
+ unsigned long old; |
437 |
+- struct ftrace_graph_ent trace; |
438 |
+ int err; |
439 |
+ |
440 |
+ if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
441 |
+@@ -144,17 +143,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
442 |
+ */ |
443 |
+ old = *parent; |
444 |
+ |
445 |
+- trace.func = self_addr; |
446 |
+- trace.depth = current->curr_ret_stack + 1; |
447 |
+- |
448 |
+- if (!ftrace_graph_entry(&trace)) |
449 |
+- return; |
450 |
+- |
451 |
+- err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
452 |
+- frame_pointer, parent); |
453 |
+- if (err == -EBUSY) |
454 |
+- return; |
455 |
+- *parent = return_hooker; |
456 |
++ if (function_graph_enter(old, self_addr, frame_pointer, parent)) |
457 |
++ *parent = return_hooker; |
458 |
+ } |
459 |
+ |
460 |
+ #ifdef CONFIG_DYNAMIC_FTRACE |
461 |
+diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c |
462 |
+index 84be7f02d0c2..39b13d71a8fe 100644 |
463 |
+--- a/arch/s390/kernel/ftrace.c |
464 |
++++ b/arch/s390/kernel/ftrace.c |
465 |
+@@ -203,22 +203,13 @@ device_initcall(ftrace_plt_init); |
466 |
+ */ |
467 |
+ unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) |
468 |
+ { |
469 |
+- struct ftrace_graph_ent trace; |
470 |
+- |
471 |
+ if (unlikely(ftrace_graph_is_dead())) |
472 |
+ goto out; |
473 |
+ if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
474 |
+ goto out; |
475 |
+ ip -= MCOUNT_INSN_SIZE; |
476 |
+- trace.func = ip; |
477 |
+- trace.depth = current->curr_ret_stack + 1; |
478 |
+- /* Only trace if the calling function expects to. */ |
479 |
+- if (!ftrace_graph_entry(&trace)) |
480 |
+- goto out; |
481 |
+- if (ftrace_push_return_trace(parent, ip, &trace.depth, 0, |
482 |
+- NULL) == -EBUSY) |
483 |
+- goto out; |
484 |
+- parent = (unsigned long) return_to_handler; |
485 |
++ if (!function_graph_enter(parent, ip, 0, NULL)) |
486 |
++ parent = (unsigned long) return_to_handler; |
487 |
+ out: |
488 |
+ return parent; |
489 |
+ } |
490 |
+diff --git a/arch/sh/kernel/ftrace.c b/arch/sh/kernel/ftrace.c |
491 |
+index 96dd9f7da250..1b04270e5460 100644 |
492 |
+--- a/arch/sh/kernel/ftrace.c |
493 |
++++ b/arch/sh/kernel/ftrace.c |
494 |
+@@ -321,8 +321,7 @@ int ftrace_disable_ftrace_graph_caller(void) |
495 |
+ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
496 |
+ { |
497 |
+ unsigned long old; |
498 |
+- int faulted, err; |
499 |
+- struct ftrace_graph_ent trace; |
500 |
++ int faulted; |
501 |
+ unsigned long return_hooker = (unsigned long)&return_to_handler; |
502 |
+ |
503 |
+ if (unlikely(ftrace_graph_is_dead())) |
504 |
+@@ -365,18 +364,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
505 |
+ return; |
506 |
+ } |
507 |
+ |
508 |
+- err = ftrace_push_return_trace(old, self_addr, &trace.depth, 0, NULL); |
509 |
+- if (err == -EBUSY) { |
510 |
++ if (function_graph_enter(old, self_addr, 0, NULL)) |
511 |
+ __raw_writel(old, parent); |
512 |
+- return; |
513 |
+- } |
514 |
+- |
515 |
+- trace.func = self_addr; |
516 |
+- |
517 |
+- /* Only trace if the calling function expects to */ |
518 |
+- if (!ftrace_graph_entry(&trace)) { |
519 |
+- current->curr_ret_stack--; |
520 |
+- __raw_writel(old, parent); |
521 |
+- } |
522 |
+ } |
523 |
+ #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
524 |
+diff --git a/arch/sparc/kernel/ftrace.c b/arch/sparc/kernel/ftrace.c |
525 |
+index 915dda4ae412..684b84ce397f 100644 |
526 |
+--- a/arch/sparc/kernel/ftrace.c |
527 |
++++ b/arch/sparc/kernel/ftrace.c |
528 |
+@@ -126,20 +126,11 @@ unsigned long prepare_ftrace_return(unsigned long parent, |
529 |
+ unsigned long frame_pointer) |
530 |
+ { |
531 |
+ unsigned long return_hooker = (unsigned long) &return_to_handler; |
532 |
+- struct ftrace_graph_ent trace; |
533 |
+ |
534 |
+ if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
535 |
+ return parent + 8UL; |
536 |
+ |
537 |
+- trace.func = self_addr; |
538 |
+- trace.depth = current->curr_ret_stack + 1; |
539 |
+- |
540 |
+- /* Only trace if the calling function expects to */ |
541 |
+- if (!ftrace_graph_entry(&trace)) |
542 |
+- return parent + 8UL; |
543 |
+- |
544 |
+- if (ftrace_push_return_trace(parent, self_addr, &trace.depth, |
545 |
+- frame_pointer, NULL) == -EBUSY) |
546 |
++ if (function_graph_enter(parent, self_addr, frame_pointer, NULL)) |
547 |
+ return parent + 8UL; |
548 |
+ |
549 |
+ return return_hooker; |
550 |
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
551 |
+index 1a0be022f91d..44c6a82b7ce5 100644 |
552 |
+--- a/arch/x86/Kconfig |
553 |
++++ b/arch/x86/Kconfig |
554 |
+@@ -441,10 +441,6 @@ config RETPOLINE |
555 |
+ branches. Requires a compiler with -mindirect-branch=thunk-extern |
556 |
+ support for full protection. The kernel may run slower. |
557 |
+ |
558 |
+- Without compiler support, at least indirect branches in assembler |
559 |
+- code are eliminated. Since this includes the syscall entry path, |
560 |
+- it is not entirely pointless. |
561 |
+- |
562 |
+ config INTEL_RDT |
563 |
+ bool "Intel Resource Director Technology support" |
564 |
+ default n |
565 |
+@@ -1005,13 +1001,7 @@ config NR_CPUS |
566 |
+ to the kernel image. |
567 |
+ |
568 |
+ config SCHED_SMT |
569 |
+- bool "SMT (Hyperthreading) scheduler support" |
570 |
+- depends on SMP |
571 |
+- ---help--- |
572 |
+- SMT scheduler support improves the CPU scheduler's decision making |
573 |
+- when dealing with Intel Pentium 4 chips with HyperThreading at a |
574 |
+- cost of slightly increased overhead in some places. If unsure say |
575 |
+- N here. |
576 |
++ def_bool y if SMP |
577 |
+ |
578 |
+ config SCHED_MC |
579 |
+ def_bool y |
580 |
+diff --git a/arch/x86/Makefile b/arch/x86/Makefile |
581 |
+index 8f6e7eb8ae9f..9298f0f3817a 100644 |
582 |
+--- a/arch/x86/Makefile |
583 |
++++ b/arch/x86/Makefile |
584 |
+@@ -223,9 +223,10 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables |
585 |
+ |
586 |
+ # Avoid indirect branches in kernel to deal with Spectre |
587 |
+ ifdef CONFIG_RETPOLINE |
588 |
+-ifneq ($(RETPOLINE_CFLAGS),) |
589 |
+- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE |
590 |
++ifeq ($(RETPOLINE_CFLAGS),) |
591 |
++ $(error You are building kernel with non-retpoline compiler, please update your compiler.) |
592 |
+ endif |
593 |
++ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) |
594 |
+ endif |
595 |
+ |
596 |
+ archscripts: scripts_basic |
597 |
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c |
598 |
+index dfb2f7c0d019..c8d08da5b308 100644 |
599 |
+--- a/arch/x86/events/core.c |
600 |
++++ b/arch/x86/events/core.c |
601 |
+@@ -438,26 +438,6 @@ int x86_setup_perfctr(struct perf_event *event) |
602 |
+ if (config == -1LL) |
603 |
+ return -EINVAL; |
604 |
+ |
605 |
+- /* |
606 |
+- * Branch tracing: |
607 |
+- */ |
608 |
+- if (attr->config == PERF_COUNT_HW_BRANCH_INSTRUCTIONS && |
609 |
+- !attr->freq && hwc->sample_period == 1) { |
610 |
+- /* BTS is not supported by this architecture. */ |
611 |
+- if (!x86_pmu.bts_active) |
612 |
+- return -EOPNOTSUPP; |
613 |
+- |
614 |
+- /* BTS is currently only allowed for user-mode. */ |
615 |
+- if (!attr->exclude_kernel) |
616 |
+- return -EOPNOTSUPP; |
617 |
+- |
618 |
+- /* disallow bts if conflicting events are present */ |
619 |
+- if (x86_add_exclusive(x86_lbr_exclusive_lbr)) |
620 |
+- return -EBUSY; |
621 |
+- |
622 |
+- event->destroy = hw_perf_lbr_event_destroy; |
623 |
+- } |
624 |
+- |
625 |
+ hwc->config |= config; |
626 |
+ |
627 |
+ return 0; |
628 |
+diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c |
629 |
+index 035c37481f57..155fa4b53c56 100644 |
630 |
+--- a/arch/x86/events/intel/core.c |
631 |
++++ b/arch/x86/events/intel/core.c |
632 |
+@@ -2358,16 +2358,7 @@ done: |
633 |
+ static struct event_constraint * |
634 |
+ intel_bts_constraints(struct perf_event *event) |
635 |
+ { |
636 |
+- struct hw_perf_event *hwc = &event->hw; |
637 |
+- unsigned int hw_event, bts_event; |
638 |
+- |
639 |
+- if (event->attr.freq) |
640 |
+- return NULL; |
641 |
+- |
642 |
+- hw_event = hwc->config & INTEL_ARCH_EVENT_MASK; |
643 |
+- bts_event = x86_pmu.event_map(PERF_COUNT_HW_BRANCH_INSTRUCTIONS); |
644 |
+- |
645 |
+- if (unlikely(hw_event == bts_event && hwc->sample_period == 1)) |
646 |
++ if (unlikely(intel_pmu_has_bts(event))) |
647 |
+ return &bts_constraint; |
648 |
+ |
649 |
+ return NULL; |
650 |
+@@ -2986,10 +2977,51 @@ static unsigned long intel_pmu_large_pebs_flags(struct perf_event *event) |
651 |
+ return flags; |
652 |
+ } |
653 |
+ |
654 |
++static int intel_pmu_bts_config(struct perf_event *event) |
655 |
++{ |
656 |
++ struct perf_event_attr *attr = &event->attr; |
657 |
++ |
658 |
++ if (unlikely(intel_pmu_has_bts(event))) { |
659 |
++ /* BTS is not supported by this architecture. */ |
660 |
++ if (!x86_pmu.bts_active) |
661 |
++ return -EOPNOTSUPP; |
662 |
++ |
663 |
++ /* BTS is currently only allowed for user-mode. */ |
664 |
++ if (!attr->exclude_kernel) |
665 |
++ return -EOPNOTSUPP; |
666 |
++ |
667 |
++ /* BTS is not allowed for precise events. */ |
668 |
++ if (attr->precise_ip) |
669 |
++ return -EOPNOTSUPP; |
670 |
++ |
671 |
++ /* disallow bts if conflicting events are present */ |
672 |
++ if (x86_add_exclusive(x86_lbr_exclusive_lbr)) |
673 |
++ return -EBUSY; |
674 |
++ |
675 |
++ event->destroy = hw_perf_lbr_event_destroy; |
676 |
++ } |
677 |
++ |
678 |
++ return 0; |
679 |
++} |
680 |
++ |
681 |
++static int core_pmu_hw_config(struct perf_event *event) |
682 |
++{ |
683 |
++ int ret = x86_pmu_hw_config(event); |
684 |
++ |
685 |
++ if (ret) |
686 |
++ return ret; |
687 |
++ |
688 |
++ return intel_pmu_bts_config(event); |
689 |
++} |
690 |
++ |
691 |
+ static int intel_pmu_hw_config(struct perf_event *event) |
692 |
+ { |
693 |
+ int ret = x86_pmu_hw_config(event); |
694 |
+ |
695 |
++ if (ret) |
696 |
++ return ret; |
697 |
++ |
698 |
++ ret = intel_pmu_bts_config(event); |
699 |
+ if (ret) |
700 |
+ return ret; |
701 |
+ |
702 |
+@@ -3015,7 +3047,7 @@ static int intel_pmu_hw_config(struct perf_event *event) |
703 |
+ /* |
704 |
+ * BTS is set up earlier in this path, so don't account twice |
705 |
+ */ |
706 |
+- if (!intel_pmu_has_bts(event)) { |
707 |
++ if (!unlikely(intel_pmu_has_bts(event))) { |
708 |
+ /* disallow lbr if conflicting events are present */ |
709 |
+ if (x86_add_exclusive(x86_lbr_exclusive_lbr)) |
710 |
+ return -EBUSY; |
711 |
+@@ -3478,7 +3510,7 @@ static __initconst const struct x86_pmu core_pmu = { |
712 |
+ .enable_all = core_pmu_enable_all, |
713 |
+ .enable = core_pmu_enable_event, |
714 |
+ .disable = x86_pmu_disable_event, |
715 |
+- .hw_config = x86_pmu_hw_config, |
716 |
++ .hw_config = core_pmu_hw_config, |
717 |
+ .schedule_events = x86_schedule_events, |
718 |
+ .eventsel = MSR_ARCH_PERFMON_EVENTSEL0, |
719 |
+ .perfctr = MSR_ARCH_PERFMON_PERFCTR0, |
720 |
+diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h |
721 |
+index 156286335351..c5ad9cc61f4b 100644 |
722 |
+--- a/arch/x86/events/perf_event.h |
723 |
++++ b/arch/x86/events/perf_event.h |
724 |
+@@ -857,11 +857,16 @@ static inline int amd_pmu_init(void) |
725 |
+ |
726 |
+ static inline bool intel_pmu_has_bts(struct perf_event *event) |
727 |
+ { |
728 |
+- if (event->attr.config == PERF_COUNT_HW_BRANCH_INSTRUCTIONS && |
729 |
+- !event->attr.freq && event->hw.sample_period == 1) |
730 |
+- return true; |
731 |
++ struct hw_perf_event *hwc = &event->hw; |
732 |
++ unsigned int hw_event, bts_event; |
733 |
++ |
734 |
++ if (event->attr.freq) |
735 |
++ return false; |
736 |
++ |
737 |
++ hw_event = hwc->config & INTEL_ARCH_EVENT_MASK; |
738 |
++ bts_event = x86_pmu.event_map(PERF_COUNT_HW_BRANCH_INSTRUCTIONS); |
739 |
+ |
740 |
+- return false; |
741 |
++ return hw_event == bts_event && hwc->sample_period == 1; |
742 |
+ } |
743 |
+ |
744 |
+ int intel_pmu_save_and_restart(struct perf_event *event); |
745 |
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
746 |
+index 1c09a0d1771f..022845ee0c88 100644 |
747 |
+--- a/arch/x86/include/asm/kvm_host.h |
748 |
++++ b/arch/x86/include/asm/kvm_host.h |
749 |
+@@ -1046,7 +1046,8 @@ struct kvm_x86_ops { |
750 |
+ bool (*has_wbinvd_exit)(void); |
751 |
+ |
752 |
+ u64 (*read_l1_tsc_offset)(struct kvm_vcpu *vcpu); |
753 |
+- void (*write_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); |
754 |
++ /* Returns actual tsc_offset set in active VMCS */ |
755 |
++ u64 (*write_l1_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); |
756 |
+ |
757 |
+ void (*get_exit_info)(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2); |
758 |
+ |
759 |
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h |
760 |
+index 4731f0cf97c5..b3486c8b570a 100644 |
761 |
+--- a/arch/x86/include/asm/msr-index.h |
762 |
++++ b/arch/x86/include/asm/msr-index.h |
763 |
+@@ -41,9 +41,10 @@ |
764 |
+ |
765 |
+ #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ |
766 |
+ #define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ |
767 |
+-#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */ |
768 |
++#define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */ |
769 |
++#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ |
770 |
+ #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ |
771 |
+-#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ |
772 |
++#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ |
773 |
+ |
774 |
+ #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ |
775 |
+ #define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ |
776 |
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
777 |
+index fd2a8c1b88bc..032b6009baab 100644 |
778 |
+--- a/arch/x86/include/asm/nospec-branch.h |
779 |
++++ b/arch/x86/include/asm/nospec-branch.h |
780 |
+@@ -3,6 +3,8 @@ |
781 |
+ #ifndef _ASM_X86_NOSPEC_BRANCH_H_ |
782 |
+ #define _ASM_X86_NOSPEC_BRANCH_H_ |
783 |
+ |
784 |
++#include <linux/static_key.h> |
785 |
++ |
786 |
+ #include <asm/alternative.h> |
787 |
+ #include <asm/alternative-asm.h> |
788 |
+ #include <asm/cpufeatures.h> |
789 |
+@@ -162,29 +164,35 @@ |
790 |
+ _ASM_PTR " 999b\n\t" \ |
791 |
+ ".popsection\n\t" |
792 |
+ |
793 |
+-#if defined(CONFIG_X86_64) && defined(RETPOLINE) |
794 |
++#ifdef CONFIG_RETPOLINE |
795 |
++#ifdef CONFIG_X86_64 |
796 |
+ |
797 |
+ /* |
798 |
+- * Since the inline asm uses the %V modifier which is only in newer GCC, |
799 |
+- * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE. |
800 |
++ * Inline asm uses the %V modifier which is only in newer GCC |
801 |
++ * which is ensured when CONFIG_RETPOLINE is defined. |
802 |
+ */ |
803 |
+ # define CALL_NOSPEC \ |
804 |
+ ANNOTATE_NOSPEC_ALTERNATIVE \ |
805 |
+- ALTERNATIVE( \ |
806 |
++ ALTERNATIVE_2( \ |
807 |
+ ANNOTATE_RETPOLINE_SAFE \ |
808 |
+ "call *%[thunk_target]\n", \ |
809 |
+ "call __x86_indirect_thunk_%V[thunk_target]\n", \ |
810 |
+- X86_FEATURE_RETPOLINE) |
811 |
++ X86_FEATURE_RETPOLINE, \ |
812 |
++ "lfence;\n" \ |
813 |
++ ANNOTATE_RETPOLINE_SAFE \ |
814 |
++ "call *%[thunk_target]\n", \ |
815 |
++ X86_FEATURE_RETPOLINE_AMD) |
816 |
+ # define THUNK_TARGET(addr) [thunk_target] "r" (addr) |
817 |
+ |
818 |
+-#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE) |
819 |
++#else /* CONFIG_X86_32 */ |
820 |
+ /* |
821 |
+ * For i386 we use the original ret-equivalent retpoline, because |
822 |
+ * otherwise we'll run out of registers. We don't care about CET |
823 |
+ * here, anyway. |
824 |
+ */ |
825 |
+ # define CALL_NOSPEC \ |
826 |
+- ALTERNATIVE( \ |
827 |
++ ANNOTATE_NOSPEC_ALTERNATIVE \ |
828 |
++ ALTERNATIVE_2( \ |
829 |
+ ANNOTATE_RETPOLINE_SAFE \ |
830 |
+ "call *%[thunk_target]\n", \ |
831 |
+ " jmp 904f;\n" \ |
832 |
+@@ -199,9 +207,14 @@ |
833 |
+ " ret;\n" \ |
834 |
+ " .align 16\n" \ |
835 |
+ "904: call 901b;\n", \ |
836 |
+- X86_FEATURE_RETPOLINE) |
837 |
++ X86_FEATURE_RETPOLINE, \ |
838 |
++ "lfence;\n" \ |
839 |
++ ANNOTATE_RETPOLINE_SAFE \ |
840 |
++ "call *%[thunk_target]\n", \ |
841 |
++ X86_FEATURE_RETPOLINE_AMD) |
842 |
+ |
843 |
+ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) |
844 |
++#endif |
845 |
+ #else /* No retpoline for C / inline asm */ |
846 |
+ # define CALL_NOSPEC "call *%[thunk_target]\n" |
847 |
+ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) |
848 |
+@@ -210,13 +223,19 @@ |
849 |
+ /* The Spectre V2 mitigation variants */ |
850 |
+ enum spectre_v2_mitigation { |
851 |
+ SPECTRE_V2_NONE, |
852 |
+- SPECTRE_V2_RETPOLINE_MINIMAL, |
853 |
+- SPECTRE_V2_RETPOLINE_MINIMAL_AMD, |
854 |
+ SPECTRE_V2_RETPOLINE_GENERIC, |
855 |
+ SPECTRE_V2_RETPOLINE_AMD, |
856 |
+ SPECTRE_V2_IBRS_ENHANCED, |
857 |
+ }; |
858 |
+ |
859 |
++/* The indirect branch speculation control variants */ |
860 |
++enum spectre_v2_user_mitigation { |
861 |
++ SPECTRE_V2_USER_NONE, |
862 |
++ SPECTRE_V2_USER_STRICT, |
863 |
++ SPECTRE_V2_USER_PRCTL, |
864 |
++ SPECTRE_V2_USER_SECCOMP, |
865 |
++}; |
866 |
++ |
867 |
+ /* The Speculative Store Bypass disable variants */ |
868 |
+ enum ssb_mitigation { |
869 |
+ SPEC_STORE_BYPASS_NONE, |
870 |
+@@ -294,6 +313,10 @@ do { \ |
871 |
+ preempt_enable(); \ |
872 |
+ } while (0) |
873 |
+ |
874 |
++DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp); |
875 |
++DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); |
876 |
++DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); |
877 |
++ |
878 |
+ #endif /* __ASSEMBLY__ */ |
879 |
+ |
880 |
+ /* |
881 |
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h |
882 |
+index ae7c2c5cd7f0..5393babc0598 100644 |
883 |
+--- a/arch/x86/include/asm/spec-ctrl.h |
884 |
++++ b/arch/x86/include/asm/spec-ctrl.h |
885 |
+@@ -53,12 +53,24 @@ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn) |
886 |
+ return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); |
887 |
+ } |
888 |
+ |
889 |
++static inline u64 stibp_tif_to_spec_ctrl(u64 tifn) |
890 |
++{ |
891 |
++ BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); |
892 |
++ return (tifn & _TIF_SPEC_IB) >> (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); |
893 |
++} |
894 |
++ |
895 |
+ static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl) |
896 |
+ { |
897 |
+ BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); |
898 |
+ return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); |
899 |
+ } |
900 |
+ |
901 |
++static inline unsigned long stibp_spec_ctrl_to_tif(u64 spec_ctrl) |
902 |
++{ |
903 |
++ BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); |
904 |
++ return (spec_ctrl & SPEC_CTRL_STIBP) << (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); |
905 |
++} |
906 |
++ |
907 |
+ static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn) |
908 |
+ { |
909 |
+ return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL; |
910 |
+@@ -70,11 +82,7 @@ extern void speculative_store_bypass_ht_init(void); |
911 |
+ static inline void speculative_store_bypass_ht_init(void) { } |
912 |
+ #endif |
913 |
+ |
914 |
+-extern void speculative_store_bypass_update(unsigned long tif); |
915 |
+- |
916 |
+-static inline void speculative_store_bypass_update_current(void) |
917 |
+-{ |
918 |
+- speculative_store_bypass_update(current_thread_info()->flags); |
919 |
+-} |
920 |
++extern void speculation_ctrl_update(unsigned long tif); |
921 |
++extern void speculation_ctrl_update_current(void); |
922 |
+ |
923 |
+ #endif |
924 |
+diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h |
925 |
+index 36bd243843d6..7cf1a270d891 100644 |
926 |
+--- a/arch/x86/include/asm/switch_to.h |
927 |
++++ b/arch/x86/include/asm/switch_to.h |
928 |
+@@ -11,9 +11,6 @@ struct task_struct *__switch_to_asm(struct task_struct *prev, |
929 |
+ |
930 |
+ __visible struct task_struct *__switch_to(struct task_struct *prev, |
931 |
+ struct task_struct *next); |
932 |
+-struct tss_struct; |
933 |
+-void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
934 |
+- struct tss_struct *tss); |
935 |
+ |
936 |
+ /* This runs runs on the previous thread's stack. */ |
937 |
+ static inline void prepare_switch_to(struct task_struct *next) |
938 |
+diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h |
939 |
+index 2ff2a30a264f..82b73b75d67c 100644 |
940 |
+--- a/arch/x86/include/asm/thread_info.h |
941 |
++++ b/arch/x86/include/asm/thread_info.h |
942 |
+@@ -79,10 +79,12 @@ struct thread_info { |
943 |
+ #define TIF_SIGPENDING 2 /* signal pending */ |
944 |
+ #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ |
945 |
+ #define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/ |
946 |
+-#define TIF_SSBD 5 /* Reduced data speculation */ |
947 |
++#define TIF_SSBD 5 /* Speculative store bypass disable */ |
948 |
+ #define TIF_SYSCALL_EMU 6 /* syscall emulation active */ |
949 |
+ #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ |
950 |
+ #define TIF_SECCOMP 8 /* secure computing */ |
951 |
++#define TIF_SPEC_IB 9 /* Indirect branch speculation mitigation */ |
952 |
++#define TIF_SPEC_FORCE_UPDATE 10 /* Force speculation MSR update in context switch */ |
953 |
+ #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */ |
954 |
+ #define TIF_UPROBE 12 /* breakpointed or singlestepping */ |
955 |
+ #define TIF_PATCH_PENDING 13 /* pending live patching update */ |
956 |
+@@ -110,6 +112,8 @@ struct thread_info { |
957 |
+ #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) |
958 |
+ #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) |
959 |
+ #define _TIF_SECCOMP (1 << TIF_SECCOMP) |
960 |
++#define _TIF_SPEC_IB (1 << TIF_SPEC_IB) |
961 |
++#define _TIF_SPEC_FORCE_UPDATE (1 << TIF_SPEC_FORCE_UPDATE) |
962 |
+ #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY) |
963 |
+ #define _TIF_UPROBE (1 << TIF_UPROBE) |
964 |
+ #define _TIF_PATCH_PENDING (1 << TIF_PATCH_PENDING) |
965 |
+@@ -145,8 +149,18 @@ struct thread_info { |
966 |
+ _TIF_FSCHECK) |
967 |
+ |
968 |
+ /* flags to check in __switch_to() */ |
969 |
+-#define _TIF_WORK_CTXSW \ |
970 |
+- (_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD) |
971 |
++#define _TIF_WORK_CTXSW_BASE \ |
972 |
++ (_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP| \ |
973 |
++ _TIF_SSBD | _TIF_SPEC_FORCE_UPDATE) |
974 |
++ |
975 |
++/* |
976 |
++ * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated. |
977 |
++ */ |
978 |
++#ifdef CONFIG_SMP |
979 |
++# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE | _TIF_SPEC_IB) |
980 |
++#else |
981 |
++# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE) |
982 |
++#endif |
983 |
+ |
984 |
+ #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) |
985 |
+ #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) |
986 |
+diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h |
987 |
+index 0e2130d8d6b1..79ec7add5f98 100644 |
988 |
+--- a/arch/x86/include/asm/tlbflush.h |
989 |
++++ b/arch/x86/include/asm/tlbflush.h |
990 |
+@@ -185,10 +185,14 @@ struct tlb_state { |
991 |
+ |
992 |
+ #define LOADED_MM_SWITCHING ((struct mm_struct *)1) |
993 |
+ |
994 |
++ /* Last user mm for optimizing IBPB */ |
995 |
++ union { |
996 |
++ struct mm_struct *last_user_mm; |
997 |
++ unsigned long last_user_mm_ibpb; |
998 |
++ }; |
999 |
++ |
1000 |
+ u16 loaded_mm_asid; |
1001 |
+ u16 next_asid; |
1002 |
+- /* last user mm's ctx id */ |
1003 |
+- u64 last_ctx_id; |
1004 |
+ |
1005 |
+ /* |
1006 |
+ * We can be in one of several states: |
1007 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
1008 |
+index 40bdaea97fe7..78928f56cf72 100644 |
1009 |
+--- a/arch/x86/kernel/cpu/bugs.c |
1010 |
++++ b/arch/x86/kernel/cpu/bugs.c |
1011 |
+@@ -14,6 +14,7 @@ |
1012 |
+ #include <linux/module.h> |
1013 |
+ #include <linux/nospec.h> |
1014 |
+ #include <linux/prctl.h> |
1015 |
++#include <linux/sched/smt.h> |
1016 |
+ |
1017 |
+ #include <asm/spec-ctrl.h> |
1018 |
+ #include <asm/cmdline.h> |
1019 |
+@@ -35,12 +36,10 @@ static void __init spectre_v2_select_mitigation(void); |
1020 |
+ static void __init ssb_select_mitigation(void); |
1021 |
+ static void __init l1tf_select_mitigation(void); |
1022 |
+ |
1023 |
+-/* |
1024 |
+- * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any |
1025 |
+- * writes to SPEC_CTRL contain whatever reserved bits have been set. |
1026 |
+- */ |
1027 |
+-u64 __ro_after_init x86_spec_ctrl_base; |
1028 |
++/* The base value of the SPEC_CTRL MSR that always has to be preserved. */ |
1029 |
++u64 x86_spec_ctrl_base; |
1030 |
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); |
1031 |
++static DEFINE_MUTEX(spec_ctrl_mutex); |
1032 |
+ |
1033 |
+ /* |
1034 |
+ * The vendor and possibly platform specific bits which can be modified in |
1035 |
+@@ -55,6 +54,13 @@ static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS; |
1036 |
+ u64 __ro_after_init x86_amd_ls_cfg_base; |
1037 |
+ u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask; |
1038 |
+ |
1039 |
++/* Control conditional STIPB in switch_to() */ |
1040 |
++DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp); |
1041 |
++/* Control conditional IBPB in switch_mm() */ |
1042 |
++DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); |
1043 |
++/* Control unconditional IBPB in switch_mm() */ |
1044 |
++DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb); |
1045 |
++ |
1046 |
+ void __init check_bugs(void) |
1047 |
+ { |
1048 |
+ identify_boot_cpu(); |
1049 |
+@@ -125,31 +131,6 @@ void __init check_bugs(void) |
1050 |
+ #endif |
1051 |
+ } |
1052 |
+ |
1053 |
+-/* The kernel command line selection */ |
1054 |
+-enum spectre_v2_mitigation_cmd { |
1055 |
+- SPECTRE_V2_CMD_NONE, |
1056 |
+- SPECTRE_V2_CMD_AUTO, |
1057 |
+- SPECTRE_V2_CMD_FORCE, |
1058 |
+- SPECTRE_V2_CMD_RETPOLINE, |
1059 |
+- SPECTRE_V2_CMD_RETPOLINE_GENERIC, |
1060 |
+- SPECTRE_V2_CMD_RETPOLINE_AMD, |
1061 |
+-}; |
1062 |
+- |
1063 |
+-static const char *spectre_v2_strings[] = { |
1064 |
+- [SPECTRE_V2_NONE] = "Vulnerable", |
1065 |
+- [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", |
1066 |
+- [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", |
1067 |
+- [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", |
1068 |
+- [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", |
1069 |
+- [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", |
1070 |
+-}; |
1071 |
+- |
1072 |
+-#undef pr_fmt |
1073 |
+-#define pr_fmt(fmt) "Spectre V2 : " fmt |
1074 |
+- |
1075 |
+-static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = |
1076 |
+- SPECTRE_V2_NONE; |
1077 |
+- |
1078 |
+ void |
1079 |
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1080 |
+ { |
1081 |
+@@ -171,6 +152,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1082 |
+ static_cpu_has(X86_FEATURE_AMD_SSBD)) |
1083 |
+ hostval |= ssbd_tif_to_spec_ctrl(ti->flags); |
1084 |
+ |
1085 |
++ /* Conditional STIBP enabled? */ |
1086 |
++ if (static_branch_unlikely(&switch_to_cond_stibp)) |
1087 |
++ hostval |= stibp_tif_to_spec_ctrl(ti->flags); |
1088 |
++ |
1089 |
+ if (hostval != guestval) { |
1090 |
+ msrval = setguest ? guestval : hostval; |
1091 |
+ wrmsrl(MSR_IA32_SPEC_CTRL, msrval); |
1092 |
+@@ -204,7 +189,7 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1093 |
+ tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) : |
1094 |
+ ssbd_spec_ctrl_to_tif(hostval); |
1095 |
+ |
1096 |
+- speculative_store_bypass_update(tif); |
1097 |
++ speculation_ctrl_update(tif); |
1098 |
+ } |
1099 |
+ } |
1100 |
+ EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl); |
1101 |
+@@ -219,6 +204,15 @@ static void x86_amd_ssb_disable(void) |
1102 |
+ wrmsrl(MSR_AMD64_LS_CFG, msrval); |
1103 |
+ } |
1104 |
+ |
1105 |
++#undef pr_fmt |
1106 |
++#define pr_fmt(fmt) "Spectre V2 : " fmt |
1107 |
++ |
1108 |
++static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = |
1109 |
++ SPECTRE_V2_NONE; |
1110 |
++ |
1111 |
++static enum spectre_v2_user_mitigation spectre_v2_user __ro_after_init = |
1112 |
++ SPECTRE_V2_USER_NONE; |
1113 |
++ |
1114 |
+ #ifdef RETPOLINE |
1115 |
+ static bool spectre_v2_bad_module; |
1116 |
+ |
1117 |
+@@ -240,67 +234,217 @@ static inline const char *spectre_v2_module_string(void) |
1118 |
+ static inline const char *spectre_v2_module_string(void) { return ""; } |
1119 |
+ #endif |
1120 |
+ |
1121 |
+-static void __init spec2_print_if_insecure(const char *reason) |
1122 |
++static inline bool match_option(const char *arg, int arglen, const char *opt) |
1123 |
+ { |
1124 |
+- if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1125 |
+- pr_info("%s selected on command line.\n", reason); |
1126 |
++ int len = strlen(opt); |
1127 |
++ |
1128 |
++ return len == arglen && !strncmp(arg, opt, len); |
1129 |
+ } |
1130 |
+ |
1131 |
+-static void __init spec2_print_if_secure(const char *reason) |
1132 |
++/* The kernel command line selection for spectre v2 */ |
1133 |
++enum spectre_v2_mitigation_cmd { |
1134 |
++ SPECTRE_V2_CMD_NONE, |
1135 |
++ SPECTRE_V2_CMD_AUTO, |
1136 |
++ SPECTRE_V2_CMD_FORCE, |
1137 |
++ SPECTRE_V2_CMD_RETPOLINE, |
1138 |
++ SPECTRE_V2_CMD_RETPOLINE_GENERIC, |
1139 |
++ SPECTRE_V2_CMD_RETPOLINE_AMD, |
1140 |
++}; |
1141 |
++ |
1142 |
++enum spectre_v2_user_cmd { |
1143 |
++ SPECTRE_V2_USER_CMD_NONE, |
1144 |
++ SPECTRE_V2_USER_CMD_AUTO, |
1145 |
++ SPECTRE_V2_USER_CMD_FORCE, |
1146 |
++ SPECTRE_V2_USER_CMD_PRCTL, |
1147 |
++ SPECTRE_V2_USER_CMD_PRCTL_IBPB, |
1148 |
++ SPECTRE_V2_USER_CMD_SECCOMP, |
1149 |
++ SPECTRE_V2_USER_CMD_SECCOMP_IBPB, |
1150 |
++}; |
1151 |
++ |
1152 |
++static const char * const spectre_v2_user_strings[] = { |
1153 |
++ [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", |
1154 |
++ [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", |
1155 |
++ [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", |
1156 |
++ [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl", |
1157 |
++}; |
1158 |
++ |
1159 |
++static const struct { |
1160 |
++ const char *option; |
1161 |
++ enum spectre_v2_user_cmd cmd; |
1162 |
++ bool secure; |
1163 |
++} v2_user_options[] __initdata = { |
1164 |
++ { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, |
1165 |
++ { "off", SPECTRE_V2_USER_CMD_NONE, false }, |
1166 |
++ { "on", SPECTRE_V2_USER_CMD_FORCE, true }, |
1167 |
++ { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, |
1168 |
++ { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, |
1169 |
++ { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, |
1170 |
++ { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, |
1171 |
++}; |
1172 |
++ |
1173 |
++static void __init spec_v2_user_print_cond(const char *reason, bool secure) |
1174 |
+ { |
1175 |
+- if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1176 |
+- pr_info("%s selected on command line.\n", reason); |
1177 |
++ if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) |
1178 |
++ pr_info("spectre_v2_user=%s forced on command line.\n", reason); |
1179 |
+ } |
1180 |
+ |
1181 |
+-static inline bool retp_compiler(void) |
1182 |
++static enum spectre_v2_user_cmd __init |
1183 |
++spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd) |
1184 |
+ { |
1185 |
+- return __is_defined(RETPOLINE); |
1186 |
++ char arg[20]; |
1187 |
++ int ret, i; |
1188 |
++ |
1189 |
++ switch (v2_cmd) { |
1190 |
++ case SPECTRE_V2_CMD_NONE: |
1191 |
++ return SPECTRE_V2_USER_CMD_NONE; |
1192 |
++ case SPECTRE_V2_CMD_FORCE: |
1193 |
++ return SPECTRE_V2_USER_CMD_FORCE; |
1194 |
++ default: |
1195 |
++ break; |
1196 |
++ } |
1197 |
++ |
1198 |
++ ret = cmdline_find_option(boot_command_line, "spectre_v2_user", |
1199 |
++ arg, sizeof(arg)); |
1200 |
++ if (ret < 0) |
1201 |
++ return SPECTRE_V2_USER_CMD_AUTO; |
1202 |
++ |
1203 |
++ for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { |
1204 |
++ if (match_option(arg, ret, v2_user_options[i].option)) { |
1205 |
++ spec_v2_user_print_cond(v2_user_options[i].option, |
1206 |
++ v2_user_options[i].secure); |
1207 |
++ return v2_user_options[i].cmd; |
1208 |
++ } |
1209 |
++ } |
1210 |
++ |
1211 |
++ pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg); |
1212 |
++ return SPECTRE_V2_USER_CMD_AUTO; |
1213 |
+ } |
1214 |
+ |
1215 |
+-static inline bool match_option(const char *arg, int arglen, const char *opt) |
1216 |
++static void __init |
1217 |
++spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) |
1218 |
+ { |
1219 |
+- int len = strlen(opt); |
1220 |
++ enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; |
1221 |
++ bool smt_possible = IS_ENABLED(CONFIG_SMP); |
1222 |
++ enum spectre_v2_user_cmd cmd; |
1223 |
+ |
1224 |
+- return len == arglen && !strncmp(arg, opt, len); |
1225 |
++ if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) |
1226 |
++ return; |
1227 |
++ |
1228 |
++ if (cpu_smt_control == CPU_SMT_FORCE_DISABLED || |
1229 |
++ cpu_smt_control == CPU_SMT_NOT_SUPPORTED) |
1230 |
++ smt_possible = false; |
1231 |
++ |
1232 |
++ cmd = spectre_v2_parse_user_cmdline(v2_cmd); |
1233 |
++ switch (cmd) { |
1234 |
++ case SPECTRE_V2_USER_CMD_NONE: |
1235 |
++ goto set_mode; |
1236 |
++ case SPECTRE_V2_USER_CMD_FORCE: |
1237 |
++ mode = SPECTRE_V2_USER_STRICT; |
1238 |
++ break; |
1239 |
++ case SPECTRE_V2_USER_CMD_PRCTL: |
1240 |
++ case SPECTRE_V2_USER_CMD_PRCTL_IBPB: |
1241 |
++ mode = SPECTRE_V2_USER_PRCTL; |
1242 |
++ break; |
1243 |
++ case SPECTRE_V2_USER_CMD_AUTO: |
1244 |
++ case SPECTRE_V2_USER_CMD_SECCOMP: |
1245 |
++ case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: |
1246 |
++ if (IS_ENABLED(CONFIG_SECCOMP)) |
1247 |
++ mode = SPECTRE_V2_USER_SECCOMP; |
1248 |
++ else |
1249 |
++ mode = SPECTRE_V2_USER_PRCTL; |
1250 |
++ break; |
1251 |
++ } |
1252 |
++ |
1253 |
++ /* Initialize Indirect Branch Prediction Barrier */ |
1254 |
++ if (boot_cpu_has(X86_FEATURE_IBPB)) { |
1255 |
++ setup_force_cpu_cap(X86_FEATURE_USE_IBPB); |
1256 |
++ |
1257 |
++ switch (cmd) { |
1258 |
++ case SPECTRE_V2_USER_CMD_FORCE: |
1259 |
++ case SPECTRE_V2_USER_CMD_PRCTL_IBPB: |
1260 |
++ case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: |
1261 |
++ static_branch_enable(&switch_mm_always_ibpb); |
1262 |
++ break; |
1263 |
++ case SPECTRE_V2_USER_CMD_PRCTL: |
1264 |
++ case SPECTRE_V2_USER_CMD_AUTO: |
1265 |
++ case SPECTRE_V2_USER_CMD_SECCOMP: |
1266 |
++ static_branch_enable(&switch_mm_cond_ibpb); |
1267 |
++ break; |
1268 |
++ default: |
1269 |
++ break; |
1270 |
++ } |
1271 |
++ |
1272 |
++ pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", |
1273 |
++ static_key_enabled(&switch_mm_always_ibpb) ? |
1274 |
++ "always-on" : "conditional"); |
1275 |
++ } |
1276 |
++ |
1277 |
++ /* If enhanced IBRS is enabled no STIPB required */ |
1278 |
++ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) |
1279 |
++ return; |
1280 |
++ |
1281 |
++ /* |
1282 |
++ * If SMT is not possible or STIBP is not available clear the STIPB |
1283 |
++ * mode. |
1284 |
++ */ |
1285 |
++ if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP)) |
1286 |
++ mode = SPECTRE_V2_USER_NONE; |
1287 |
++set_mode: |
1288 |
++ spectre_v2_user = mode; |
1289 |
++ /* Only print the STIBP mode when SMT possible */ |
1290 |
++ if (smt_possible) |
1291 |
++ pr_info("%s\n", spectre_v2_user_strings[mode]); |
1292 |
+ } |
1293 |
+ |
1294 |
++static const char * const spectre_v2_strings[] = { |
1295 |
++ [SPECTRE_V2_NONE] = "Vulnerable", |
1296 |
++ [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", |
1297 |
++ [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", |
1298 |
++ [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", |
1299 |
++}; |
1300 |
++ |
1301 |
+ static const struct { |
1302 |
+ const char *option; |
1303 |
+ enum spectre_v2_mitigation_cmd cmd; |
1304 |
+ bool secure; |
1305 |
+-} mitigation_options[] = { |
1306 |
+- { "off", SPECTRE_V2_CMD_NONE, false }, |
1307 |
+- { "on", SPECTRE_V2_CMD_FORCE, true }, |
1308 |
+- { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, |
1309 |
+- { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, |
1310 |
+- { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, |
1311 |
+- { "auto", SPECTRE_V2_CMD_AUTO, false }, |
1312 |
++} mitigation_options[] __initdata = { |
1313 |
++ { "off", SPECTRE_V2_CMD_NONE, false }, |
1314 |
++ { "on", SPECTRE_V2_CMD_FORCE, true }, |
1315 |
++ { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, |
1316 |
++ { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, |
1317 |
++ { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, |
1318 |
++ { "auto", SPECTRE_V2_CMD_AUTO, false }, |
1319 |
+ }; |
1320 |
+ |
1321 |
++static void __init spec_v2_print_cond(const char *reason, bool secure) |
1322 |
++{ |
1323 |
++ if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) |
1324 |
++ pr_info("%s selected on command line.\n", reason); |
1325 |
++} |
1326 |
++ |
1327 |
+ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
1328 |
+ { |
1329 |
++ enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; |
1330 |
+ char arg[20]; |
1331 |
+ int ret, i; |
1332 |
+- enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; |
1333 |
+ |
1334 |
+ if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) |
1335 |
+ return SPECTRE_V2_CMD_NONE; |
1336 |
+- else { |
1337 |
+- ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); |
1338 |
+- if (ret < 0) |
1339 |
+- return SPECTRE_V2_CMD_AUTO; |
1340 |
+ |
1341 |
+- for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { |
1342 |
+- if (!match_option(arg, ret, mitigation_options[i].option)) |
1343 |
+- continue; |
1344 |
+- cmd = mitigation_options[i].cmd; |
1345 |
+- break; |
1346 |
+- } |
1347 |
++ ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); |
1348 |
++ if (ret < 0) |
1349 |
++ return SPECTRE_V2_CMD_AUTO; |
1350 |
+ |
1351 |
+- if (i >= ARRAY_SIZE(mitigation_options)) { |
1352 |
+- pr_err("unknown option (%s). Switching to AUTO select\n", arg); |
1353 |
+- return SPECTRE_V2_CMD_AUTO; |
1354 |
+- } |
1355 |
++ for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { |
1356 |
++ if (!match_option(arg, ret, mitigation_options[i].option)) |
1357 |
++ continue; |
1358 |
++ cmd = mitigation_options[i].cmd; |
1359 |
++ break; |
1360 |
++ } |
1361 |
++ |
1362 |
++ if (i >= ARRAY_SIZE(mitigation_options)) { |
1363 |
++ pr_err("unknown option (%s). Switching to AUTO select\n", arg); |
1364 |
++ return SPECTRE_V2_CMD_AUTO; |
1365 |
+ } |
1366 |
+ |
1367 |
+ if ((cmd == SPECTRE_V2_CMD_RETPOLINE || |
1368 |
+@@ -317,11 +461,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
1369 |
+ return SPECTRE_V2_CMD_AUTO; |
1370 |
+ } |
1371 |
+ |
1372 |
+- if (mitigation_options[i].secure) |
1373 |
+- spec2_print_if_secure(mitigation_options[i].option); |
1374 |
+- else |
1375 |
+- spec2_print_if_insecure(mitigation_options[i].option); |
1376 |
+- |
1377 |
++ spec_v2_print_cond(mitigation_options[i].option, |
1378 |
++ mitigation_options[i].secure); |
1379 |
+ return cmd; |
1380 |
+ } |
1381 |
+ |
1382 |
+@@ -377,14 +518,12 @@ retpoline_auto: |
1383 |
+ pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n"); |
1384 |
+ goto retpoline_generic; |
1385 |
+ } |
1386 |
+- mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : |
1387 |
+- SPECTRE_V2_RETPOLINE_MINIMAL_AMD; |
1388 |
++ mode = SPECTRE_V2_RETPOLINE_AMD; |
1389 |
+ setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); |
1390 |
+ setup_force_cpu_cap(X86_FEATURE_RETPOLINE); |
1391 |
+ } else { |
1392 |
+ retpoline_generic: |
1393 |
+- mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : |
1394 |
+- SPECTRE_V2_RETPOLINE_MINIMAL; |
1395 |
++ mode = SPECTRE_V2_RETPOLINE_GENERIC; |
1396 |
+ setup_force_cpu_cap(X86_FEATURE_RETPOLINE); |
1397 |
+ } |
1398 |
+ |
1399 |
+@@ -403,12 +542,6 @@ specv2_set_mode: |
1400 |
+ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
1401 |
+ pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); |
1402 |
+ |
1403 |
+- /* Initialize Indirect Branch Prediction Barrier if supported */ |
1404 |
+- if (boot_cpu_has(X86_FEATURE_IBPB)) { |
1405 |
+- setup_force_cpu_cap(X86_FEATURE_USE_IBPB); |
1406 |
+- pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); |
1407 |
+- } |
1408 |
+- |
1409 |
+ /* |
1410 |
+ * Retpoline means the kernel is safe because it has no indirect |
1411 |
+ * branches. Enhanced IBRS protects firmware too, so, enable restricted |
1412 |
+@@ -424,6 +557,66 @@ specv2_set_mode: |
1413 |
+ setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); |
1414 |
+ pr_info("Enabling Restricted Speculation for firmware calls\n"); |
1415 |
+ } |
1416 |
++ |
1417 |
++ /* Set up IBPB and STIBP depending on the general spectre V2 command */ |
1418 |
++ spectre_v2_user_select_mitigation(cmd); |
1419 |
++ |
1420 |
++ /* Enable STIBP if appropriate */ |
1421 |
++ arch_smt_update(); |
1422 |
++} |
1423 |
++ |
1424 |
++static void update_stibp_msr(void * __unused) |
1425 |
++{ |
1426 |
++ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); |
1427 |
++} |
1428 |
++ |
1429 |
++/* Update x86_spec_ctrl_base in case SMT state changed. */ |
1430 |
++static void update_stibp_strict(void) |
1431 |
++{ |
1432 |
++ u64 mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; |
1433 |
++ |
1434 |
++ if (sched_smt_active()) |
1435 |
++ mask |= SPEC_CTRL_STIBP; |
1436 |
++ |
1437 |
++ if (mask == x86_spec_ctrl_base) |
1438 |
++ return; |
1439 |
++ |
1440 |
++ pr_info("Update user space SMT mitigation: STIBP %s\n", |
1441 |
++ mask & SPEC_CTRL_STIBP ? "always-on" : "off"); |
1442 |
++ x86_spec_ctrl_base = mask; |
1443 |
++ on_each_cpu(update_stibp_msr, NULL, 1); |
1444 |
++} |
1445 |
++ |
1446 |
++/* Update the static key controlling the evaluation of TIF_SPEC_IB */ |
1447 |
++static void update_indir_branch_cond(void) |
1448 |
++{ |
1449 |
++ if (sched_smt_active()) |
1450 |
++ static_branch_enable(&switch_to_cond_stibp); |
1451 |
++ else |
1452 |
++ static_branch_disable(&switch_to_cond_stibp); |
1453 |
++} |
1454 |
++ |
1455 |
++void arch_smt_update(void) |
1456 |
++{ |
1457 |
++ /* Enhanced IBRS implies STIBP. No update required. */ |
1458 |
++ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) |
1459 |
++ return; |
1460 |
++ |
1461 |
++ mutex_lock(&spec_ctrl_mutex); |
1462 |
++ |
1463 |
++ switch (spectre_v2_user) { |
1464 |
++ case SPECTRE_V2_USER_NONE: |
1465 |
++ break; |
1466 |
++ case SPECTRE_V2_USER_STRICT: |
1467 |
++ update_stibp_strict(); |
1468 |
++ break; |
1469 |
++ case SPECTRE_V2_USER_PRCTL: |
1470 |
++ case SPECTRE_V2_USER_SECCOMP: |
1471 |
++ update_indir_branch_cond(); |
1472 |
++ break; |
1473 |
++ } |
1474 |
++ |
1475 |
++ mutex_unlock(&spec_ctrl_mutex); |
1476 |
+ } |
1477 |
+ |
1478 |
+ #undef pr_fmt |
1479 |
+@@ -440,7 +633,7 @@ enum ssb_mitigation_cmd { |
1480 |
+ SPEC_STORE_BYPASS_CMD_SECCOMP, |
1481 |
+ }; |
1482 |
+ |
1483 |
+-static const char *ssb_strings[] = { |
1484 |
++static const char * const ssb_strings[] = { |
1485 |
+ [SPEC_STORE_BYPASS_NONE] = "Vulnerable", |
1486 |
+ [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled", |
1487 |
+ [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl", |
1488 |
+@@ -450,7 +643,7 @@ static const char *ssb_strings[] = { |
1489 |
+ static const struct { |
1490 |
+ const char *option; |
1491 |
+ enum ssb_mitigation_cmd cmd; |
1492 |
+-} ssb_mitigation_options[] = { |
1493 |
++} ssb_mitigation_options[] __initdata = { |
1494 |
+ { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ |
1495 |
+ { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ |
1496 |
+ { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ |
1497 |
+@@ -561,10 +754,25 @@ static void ssb_select_mitigation(void) |
1498 |
+ #undef pr_fmt |
1499 |
+ #define pr_fmt(fmt) "Speculation prctl: " fmt |
1500 |
+ |
1501 |
+-static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1502 |
++static void task_update_spec_tif(struct task_struct *tsk) |
1503 |
+ { |
1504 |
+- bool update; |
1505 |
++ /* Force the update of the real TIF bits */ |
1506 |
++ set_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE); |
1507 |
+ |
1508 |
++ /* |
1509 |
++ * Immediately update the speculation control MSRs for the current |
1510 |
++ * task, but for a non-current task delay setting the CPU |
1511 |
++ * mitigation until it is scheduled next. |
1512 |
++ * |
1513 |
++ * This can only happen for SECCOMP mitigation. For PRCTL it's |
1514 |
++ * always the current task. |
1515 |
++ */ |
1516 |
++ if (tsk == current) |
1517 |
++ speculation_ctrl_update_current(); |
1518 |
++} |
1519 |
++ |
1520 |
++static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1521 |
++{ |
1522 |
+ if (ssb_mode != SPEC_STORE_BYPASS_PRCTL && |
1523 |
+ ssb_mode != SPEC_STORE_BYPASS_SECCOMP) |
1524 |
+ return -ENXIO; |
1525 |
+@@ -575,28 +783,56 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1526 |
+ if (task_spec_ssb_force_disable(task)) |
1527 |
+ return -EPERM; |
1528 |
+ task_clear_spec_ssb_disable(task); |
1529 |
+- update = test_and_clear_tsk_thread_flag(task, TIF_SSBD); |
1530 |
++ task_update_spec_tif(task); |
1531 |
+ break; |
1532 |
+ case PR_SPEC_DISABLE: |
1533 |
+ task_set_spec_ssb_disable(task); |
1534 |
+- update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); |
1535 |
++ task_update_spec_tif(task); |
1536 |
+ break; |
1537 |
+ case PR_SPEC_FORCE_DISABLE: |
1538 |
+ task_set_spec_ssb_disable(task); |
1539 |
+ task_set_spec_ssb_force_disable(task); |
1540 |
+- update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); |
1541 |
++ task_update_spec_tif(task); |
1542 |
+ break; |
1543 |
+ default: |
1544 |
+ return -ERANGE; |
1545 |
+ } |
1546 |
++ return 0; |
1547 |
++} |
1548 |
+ |
1549 |
+- /* |
1550 |
+- * If being set on non-current task, delay setting the CPU |
1551 |
+- * mitigation until it is next scheduled. |
1552 |
+- */ |
1553 |
+- if (task == current && update) |
1554 |
+- speculative_store_bypass_update_current(); |
1555 |
+- |
1556 |
++static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) |
1557 |
++{ |
1558 |
++ switch (ctrl) { |
1559 |
++ case PR_SPEC_ENABLE: |
1560 |
++ if (spectre_v2_user == SPECTRE_V2_USER_NONE) |
1561 |
++ return 0; |
1562 |
++ /* |
1563 |
++ * Indirect branch speculation is always disabled in strict |
1564 |
++ * mode. |
1565 |
++ */ |
1566 |
++ if (spectre_v2_user == SPECTRE_V2_USER_STRICT) |
1567 |
++ return -EPERM; |
1568 |
++ task_clear_spec_ib_disable(task); |
1569 |
++ task_update_spec_tif(task); |
1570 |
++ break; |
1571 |
++ case PR_SPEC_DISABLE: |
1572 |
++ case PR_SPEC_FORCE_DISABLE: |
1573 |
++ /* |
1574 |
++ * Indirect branch speculation is always allowed when |
1575 |
++ * mitigation is force disabled. |
1576 |
++ */ |
1577 |
++ if (spectre_v2_user == SPECTRE_V2_USER_NONE) |
1578 |
++ return -EPERM; |
1579 |
++ if (spectre_v2_user == SPECTRE_V2_USER_STRICT) |
1580 |
++ return 0; |
1581 |
++ task_set_spec_ib_disable(task); |
1582 |
++ if (ctrl == PR_SPEC_FORCE_DISABLE) |
1583 |
++ task_set_spec_ib_force_disable(task); |
1584 |
++ task_update_spec_tif(task); |
1585 |
++ break; |
1586 |
++ default: |
1587 |
++ return -ERANGE; |
1588 |
++ } |
1589 |
+ return 0; |
1590 |
+ } |
1591 |
+ |
1592 |
+@@ -606,6 +842,8 @@ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, |
1593 |
+ switch (which) { |
1594 |
+ case PR_SPEC_STORE_BYPASS: |
1595 |
+ return ssb_prctl_set(task, ctrl); |
1596 |
++ case PR_SPEC_INDIRECT_BRANCH: |
1597 |
++ return ib_prctl_set(task, ctrl); |
1598 |
+ default: |
1599 |
+ return -ENODEV; |
1600 |
+ } |
1601 |
+@@ -616,6 +854,8 @@ void arch_seccomp_spec_mitigate(struct task_struct *task) |
1602 |
+ { |
1603 |
+ if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP) |
1604 |
+ ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); |
1605 |
++ if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP) |
1606 |
++ ib_prctl_set(task, PR_SPEC_FORCE_DISABLE); |
1607 |
+ } |
1608 |
+ #endif |
1609 |
+ |
1610 |
+@@ -638,11 +878,35 @@ static int ssb_prctl_get(struct task_struct *task) |
1611 |
+ } |
1612 |
+ } |
1613 |
+ |
1614 |
++static int ib_prctl_get(struct task_struct *task) |
1615 |
++{ |
1616 |
++ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1617 |
++ return PR_SPEC_NOT_AFFECTED; |
1618 |
++ |
1619 |
++ switch (spectre_v2_user) { |
1620 |
++ case SPECTRE_V2_USER_NONE: |
1621 |
++ return PR_SPEC_ENABLE; |
1622 |
++ case SPECTRE_V2_USER_PRCTL: |
1623 |
++ case SPECTRE_V2_USER_SECCOMP: |
1624 |
++ if (task_spec_ib_force_disable(task)) |
1625 |
++ return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; |
1626 |
++ if (task_spec_ib_disable(task)) |
1627 |
++ return PR_SPEC_PRCTL | PR_SPEC_DISABLE; |
1628 |
++ return PR_SPEC_PRCTL | PR_SPEC_ENABLE; |
1629 |
++ case SPECTRE_V2_USER_STRICT: |
1630 |
++ return PR_SPEC_DISABLE; |
1631 |
++ default: |
1632 |
++ return PR_SPEC_NOT_AFFECTED; |
1633 |
++ } |
1634 |
++} |
1635 |
++ |
1636 |
+ int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) |
1637 |
+ { |
1638 |
+ switch (which) { |
1639 |
+ case PR_SPEC_STORE_BYPASS: |
1640 |
+ return ssb_prctl_get(task); |
1641 |
++ case PR_SPEC_INDIRECT_BRANCH: |
1642 |
++ return ib_prctl_get(task); |
1643 |
+ default: |
1644 |
+ return -ENODEV; |
1645 |
+ } |
1646 |
+@@ -780,7 +1044,7 @@ early_param("l1tf", l1tf_cmdline); |
1647 |
+ #define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion" |
1648 |
+ |
1649 |
+ #if IS_ENABLED(CONFIG_KVM_INTEL) |
1650 |
+-static const char *l1tf_vmx_states[] = { |
1651 |
++static const char * const l1tf_vmx_states[] = { |
1652 |
+ [VMENTER_L1D_FLUSH_AUTO] = "auto", |
1653 |
+ [VMENTER_L1D_FLUSH_NEVER] = "vulnerable", |
1654 |
+ [VMENTER_L1D_FLUSH_COND] = "conditional cache flushes", |
1655 |
+@@ -796,13 +1060,14 @@ static ssize_t l1tf_show_state(char *buf) |
1656 |
+ |
1657 |
+ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || |
1658 |
+ (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && |
1659 |
+- cpu_smt_control == CPU_SMT_ENABLED)) |
1660 |
++ sched_smt_active())) { |
1661 |
+ return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, |
1662 |
+ l1tf_vmx_states[l1tf_vmx_mitigation]); |
1663 |
++ } |
1664 |
+ |
1665 |
+ return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, |
1666 |
+ l1tf_vmx_states[l1tf_vmx_mitigation], |
1667 |
+- cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled"); |
1668 |
++ sched_smt_active() ? "vulnerable" : "disabled"); |
1669 |
+ } |
1670 |
+ #else |
1671 |
+ static ssize_t l1tf_show_state(char *buf) |
1672 |
+@@ -811,6 +1076,36 @@ static ssize_t l1tf_show_state(char *buf) |
1673 |
+ } |
1674 |
+ #endif |
1675 |
+ |
1676 |
++static char *stibp_state(void) |
1677 |
++{ |
1678 |
++ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) |
1679 |
++ return ""; |
1680 |
++ |
1681 |
++ switch (spectre_v2_user) { |
1682 |
++ case SPECTRE_V2_USER_NONE: |
1683 |
++ return ", STIBP: disabled"; |
1684 |
++ case SPECTRE_V2_USER_STRICT: |
1685 |
++ return ", STIBP: forced"; |
1686 |
++ case SPECTRE_V2_USER_PRCTL: |
1687 |
++ case SPECTRE_V2_USER_SECCOMP: |
1688 |
++ if (static_key_enabled(&switch_to_cond_stibp)) |
1689 |
++ return ", STIBP: conditional"; |
1690 |
++ } |
1691 |
++ return ""; |
1692 |
++} |
1693 |
++ |
1694 |
++static char *ibpb_state(void) |
1695 |
++{ |
1696 |
++ if (boot_cpu_has(X86_FEATURE_IBPB)) { |
1697 |
++ if (static_key_enabled(&switch_mm_always_ibpb)) |
1698 |
++ return ", IBPB: always-on"; |
1699 |
++ if (static_key_enabled(&switch_mm_cond_ibpb)) |
1700 |
++ return ", IBPB: conditional"; |
1701 |
++ return ", IBPB: disabled"; |
1702 |
++ } |
1703 |
++ return ""; |
1704 |
++} |
1705 |
++ |
1706 |
+ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, |
1707 |
+ char *buf, unsigned int bug) |
1708 |
+ { |
1709 |
+@@ -831,9 +1126,11 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr |
1710 |
+ return sprintf(buf, "Mitigation: __user pointer sanitization\n"); |
1711 |
+ |
1712 |
+ case X86_BUG_SPECTRE_V2: |
1713 |
+- return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
1714 |
+- boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", |
1715 |
++ return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
1716 |
++ ibpb_state(), |
1717 |
+ boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", |
1718 |
++ stibp_state(), |
1719 |
++ boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", |
1720 |
+ spectre_v2_module_string()); |
1721 |
+ |
1722 |
+ case X86_BUG_SPEC_STORE_BYPASS: |
1723 |
+diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
1724 |
+index dd33c357548f..e12454e21b8a 100644 |
1725 |
+--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c |
1726 |
++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
1727 |
+@@ -56,7 +56,7 @@ |
1728 |
+ /* Threshold LVT offset is at MSR0xC0000410[15:12] */ |
1729 |
+ #define SMCA_THR_LVT_OFF 0xF000 |
1730 |
+ |
1731 |
+-static bool thresholding_en; |
1732 |
++static bool thresholding_irq_en; |
1733 |
+ |
1734 |
+ static const char * const th_names[] = { |
1735 |
+ "load_store", |
1736 |
+@@ -534,9 +534,8 @@ prepare_threshold_block(unsigned int bank, unsigned int block, u32 addr, |
1737 |
+ |
1738 |
+ set_offset: |
1739 |
+ offset = setup_APIC_mce_threshold(offset, new); |
1740 |
+- |
1741 |
+- if ((offset == new) && (mce_threshold_vector != amd_threshold_interrupt)) |
1742 |
+- mce_threshold_vector = amd_threshold_interrupt; |
1743 |
++ if (offset == new) |
1744 |
++ thresholding_irq_en = true; |
1745 |
+ |
1746 |
+ done: |
1747 |
+ mce_threshold_block_init(&b, offset); |
1748 |
+@@ -1357,9 +1356,6 @@ int mce_threshold_remove_device(unsigned int cpu) |
1749 |
+ { |
1750 |
+ unsigned int bank; |
1751 |
+ |
1752 |
+- if (!thresholding_en) |
1753 |
+- return 0; |
1754 |
+- |
1755 |
+ for (bank = 0; bank < mca_cfg.banks; ++bank) { |
1756 |
+ if (!(per_cpu(bank_map, cpu) & (1 << bank))) |
1757 |
+ continue; |
1758 |
+@@ -1377,9 +1373,6 @@ int mce_threshold_create_device(unsigned int cpu) |
1759 |
+ struct threshold_bank **bp; |
1760 |
+ int err = 0; |
1761 |
+ |
1762 |
+- if (!thresholding_en) |
1763 |
+- return 0; |
1764 |
+- |
1765 |
+ bp = per_cpu(threshold_banks, cpu); |
1766 |
+ if (bp) |
1767 |
+ return 0; |
1768 |
+@@ -1408,9 +1401,6 @@ static __init int threshold_init_device(void) |
1769 |
+ { |
1770 |
+ unsigned lcpu = 0; |
1771 |
+ |
1772 |
+- if (mce_threshold_vector == amd_threshold_interrupt) |
1773 |
+- thresholding_en = true; |
1774 |
+- |
1775 |
+ /* to hit CPUs online before the notifier is up */ |
1776 |
+ for_each_online_cpu(lcpu) { |
1777 |
+ int err = mce_threshold_create_device(lcpu); |
1778 |
+@@ -1419,6 +1409,9 @@ static __init int threshold_init_device(void) |
1779 |
+ return err; |
1780 |
+ } |
1781 |
+ |
1782 |
++ if (thresholding_irq_en) |
1783 |
++ mce_threshold_vector = amd_threshold_interrupt; |
1784 |
++ |
1785 |
+ return 0; |
1786 |
+ } |
1787 |
+ /* |
1788 |
+diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c |
1789 |
+index 61a949d84dfa..d99a8ee9e185 100644 |
1790 |
+--- a/arch/x86/kernel/fpu/signal.c |
1791 |
++++ b/arch/x86/kernel/fpu/signal.c |
1792 |
+@@ -344,10 +344,10 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size) |
1793 |
+ sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); |
1794 |
+ } |
1795 |
+ |
1796 |
++ local_bh_disable(); |
1797 |
+ fpu->initialized = 1; |
1798 |
+- preempt_disable(); |
1799 |
+ fpu__restore(fpu); |
1800 |
+- preempt_enable(); |
1801 |
++ local_bh_enable(); |
1802 |
+ |
1803 |
+ return err; |
1804 |
+ } else { |
1805 |
+diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c |
1806 |
+index 01ebcb6f263e..7ee8067cbf45 100644 |
1807 |
+--- a/arch/x86/kernel/ftrace.c |
1808 |
++++ b/arch/x86/kernel/ftrace.c |
1809 |
+@@ -994,7 +994,6 @@ void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, |
1810 |
+ { |
1811 |
+ unsigned long old; |
1812 |
+ int faulted; |
1813 |
+- struct ftrace_graph_ent trace; |
1814 |
+ unsigned long return_hooker = (unsigned long) |
1815 |
+ &return_to_handler; |
1816 |
+ |
1817 |
+@@ -1046,19 +1045,7 @@ void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, |
1818 |
+ return; |
1819 |
+ } |
1820 |
+ |
1821 |
+- trace.func = self_addr; |
1822 |
+- trace.depth = current->curr_ret_stack + 1; |
1823 |
+- |
1824 |
+- /* Only trace if the calling function expects to */ |
1825 |
+- if (!ftrace_graph_entry(&trace)) { |
1826 |
++ if (function_graph_enter(old, self_addr, frame_pointer, parent)) |
1827 |
+ *parent = old; |
1828 |
+- return; |
1829 |
+- } |
1830 |
+- |
1831 |
+- if (ftrace_push_return_trace(old, self_addr, &trace.depth, |
1832 |
+- frame_pointer, parent) == -EBUSY) { |
1833 |
+- *parent = old; |
1834 |
+- return; |
1835 |
+- } |
1836 |
+ } |
1837 |
+ #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
1838 |
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c |
1839 |
+index c93fcfdf1673..7d31192296a8 100644 |
1840 |
+--- a/arch/x86/kernel/process.c |
1841 |
++++ b/arch/x86/kernel/process.c |
1842 |
+@@ -40,6 +40,8 @@ |
1843 |
+ #include <asm/prctl.h> |
1844 |
+ #include <asm/spec-ctrl.h> |
1845 |
+ |
1846 |
++#include "process.h" |
1847 |
++ |
1848 |
+ /* |
1849 |
+ * per-CPU TSS segments. Threads are completely 'soft' on Linux, |
1850 |
+ * no more per-task TSS's. The TSS size is kept cacheline-aligned |
1851 |
+@@ -252,11 +254,12 @@ void arch_setup_new_exec(void) |
1852 |
+ enable_cpuid(); |
1853 |
+ } |
1854 |
+ |
1855 |
+-static inline void switch_to_bitmap(struct tss_struct *tss, |
1856 |
+- struct thread_struct *prev, |
1857 |
++static inline void switch_to_bitmap(struct thread_struct *prev, |
1858 |
+ struct thread_struct *next, |
1859 |
+ unsigned long tifp, unsigned long tifn) |
1860 |
+ { |
1861 |
++ struct tss_struct *tss = this_cpu_ptr(&cpu_tss_rw); |
1862 |
++ |
1863 |
+ if (tifn & _TIF_IO_BITMAP) { |
1864 |
+ /* |
1865 |
+ * Copy the relevant range of the IO bitmap. |
1866 |
+@@ -395,32 +398,85 @@ static __always_inline void amd_set_ssb_virt_state(unsigned long tifn) |
1867 |
+ wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); |
1868 |
+ } |
1869 |
+ |
1870 |
+-static __always_inline void intel_set_ssb_state(unsigned long tifn) |
1871 |
++/* |
1872 |
++ * Update the MSRs managing speculation control, during context switch. |
1873 |
++ * |
1874 |
++ * tifp: Previous task's thread flags |
1875 |
++ * tifn: Next task's thread flags |
1876 |
++ */ |
1877 |
++static __always_inline void __speculation_ctrl_update(unsigned long tifp, |
1878 |
++ unsigned long tifn) |
1879 |
+ { |
1880 |
+- u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); |
1881 |
++ unsigned long tif_diff = tifp ^ tifn; |
1882 |
++ u64 msr = x86_spec_ctrl_base; |
1883 |
++ bool updmsr = false; |
1884 |
++ |
1885 |
++ /* |
1886 |
++ * If TIF_SSBD is different, select the proper mitigation |
1887 |
++ * method. Note that if SSBD mitigation is disabled or permanentely |
1888 |
++ * enabled this branch can't be taken because nothing can set |
1889 |
++ * TIF_SSBD. |
1890 |
++ */ |
1891 |
++ if (tif_diff & _TIF_SSBD) { |
1892 |
++ if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) { |
1893 |
++ amd_set_ssb_virt_state(tifn); |
1894 |
++ } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) { |
1895 |
++ amd_set_core_ssb_state(tifn); |
1896 |
++ } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) || |
1897 |
++ static_cpu_has(X86_FEATURE_AMD_SSBD)) { |
1898 |
++ msr |= ssbd_tif_to_spec_ctrl(tifn); |
1899 |
++ updmsr = true; |
1900 |
++ } |
1901 |
++ } |
1902 |
++ |
1903 |
++ /* |
1904 |
++ * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled, |
1905 |
++ * otherwise avoid the MSR write. |
1906 |
++ */ |
1907 |
++ if (IS_ENABLED(CONFIG_SMP) && |
1908 |
++ static_branch_unlikely(&switch_to_cond_stibp)) { |
1909 |
++ updmsr |= !!(tif_diff & _TIF_SPEC_IB); |
1910 |
++ msr |= stibp_tif_to_spec_ctrl(tifn); |
1911 |
++ } |
1912 |
+ |
1913 |
+- wrmsrl(MSR_IA32_SPEC_CTRL, msr); |
1914 |
++ if (updmsr) |
1915 |
++ wrmsrl(MSR_IA32_SPEC_CTRL, msr); |
1916 |
+ } |
1917 |
+ |
1918 |
+-static __always_inline void __speculative_store_bypass_update(unsigned long tifn) |
1919 |
++static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk) |
1920 |
+ { |
1921 |
+- if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) |
1922 |
+- amd_set_ssb_virt_state(tifn); |
1923 |
+- else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) |
1924 |
+- amd_set_core_ssb_state(tifn); |
1925 |
+- else |
1926 |
+- intel_set_ssb_state(tifn); |
1927 |
++ if (test_and_clear_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE)) { |
1928 |
++ if (task_spec_ssb_disable(tsk)) |
1929 |
++ set_tsk_thread_flag(tsk, TIF_SSBD); |
1930 |
++ else |
1931 |
++ clear_tsk_thread_flag(tsk, TIF_SSBD); |
1932 |
++ |
1933 |
++ if (task_spec_ib_disable(tsk)) |
1934 |
++ set_tsk_thread_flag(tsk, TIF_SPEC_IB); |
1935 |
++ else |
1936 |
++ clear_tsk_thread_flag(tsk, TIF_SPEC_IB); |
1937 |
++ } |
1938 |
++ /* Return the updated threadinfo flags*/ |
1939 |
++ return task_thread_info(tsk)->flags; |
1940 |
+ } |
1941 |
+ |
1942 |
+-void speculative_store_bypass_update(unsigned long tif) |
1943 |
++void speculation_ctrl_update(unsigned long tif) |
1944 |
+ { |
1945 |
++ /* Forced update. Make sure all relevant TIF flags are different */ |
1946 |
+ preempt_disable(); |
1947 |
+- __speculative_store_bypass_update(tif); |
1948 |
++ __speculation_ctrl_update(~tif, tif); |
1949 |
+ preempt_enable(); |
1950 |
+ } |
1951 |
+ |
1952 |
+-void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1953 |
+- struct tss_struct *tss) |
1954 |
++/* Called from seccomp/prctl update */ |
1955 |
++void speculation_ctrl_update_current(void) |
1956 |
++{ |
1957 |
++ preempt_disable(); |
1958 |
++ speculation_ctrl_update(speculation_ctrl_update_tif(current)); |
1959 |
++ preempt_enable(); |
1960 |
++} |
1961 |
++ |
1962 |
++void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p) |
1963 |
+ { |
1964 |
+ struct thread_struct *prev, *next; |
1965 |
+ unsigned long tifp, tifn; |
1966 |
+@@ -430,7 +486,7 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1967 |
+ |
1968 |
+ tifn = READ_ONCE(task_thread_info(next_p)->flags); |
1969 |
+ tifp = READ_ONCE(task_thread_info(prev_p)->flags); |
1970 |
+- switch_to_bitmap(tss, prev, next, tifp, tifn); |
1971 |
++ switch_to_bitmap(prev, next, tifp, tifn); |
1972 |
+ |
1973 |
+ propagate_user_return_notify(prev_p, next_p); |
1974 |
+ |
1975 |
+@@ -451,8 +507,15 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1976 |
+ if ((tifp ^ tifn) & _TIF_NOCPUID) |
1977 |
+ set_cpuid_faulting(!!(tifn & _TIF_NOCPUID)); |
1978 |
+ |
1979 |
+- if ((tifp ^ tifn) & _TIF_SSBD) |
1980 |
+- __speculative_store_bypass_update(tifn); |
1981 |
++ if (likely(!((tifp | tifn) & _TIF_SPEC_FORCE_UPDATE))) { |
1982 |
++ __speculation_ctrl_update(tifp, tifn); |
1983 |
++ } else { |
1984 |
++ speculation_ctrl_update_tif(prev_p); |
1985 |
++ tifn = speculation_ctrl_update_tif(next_p); |
1986 |
++ |
1987 |
++ /* Enforce MSR update to ensure consistent state */ |
1988 |
++ __speculation_ctrl_update(~tifn, tifn); |
1989 |
++ } |
1990 |
+ } |
1991 |
+ |
1992 |
+ /* |
1993 |
+diff --git a/arch/x86/kernel/process.h b/arch/x86/kernel/process.h |
1994 |
+new file mode 100644 |
1995 |
+index 000000000000..898e97cf6629 |
1996 |
+--- /dev/null |
1997 |
++++ b/arch/x86/kernel/process.h |
1998 |
+@@ -0,0 +1,39 @@ |
1999 |
++// SPDX-License-Identifier: GPL-2.0 |
2000 |
++// |
2001 |
++// Code shared between 32 and 64 bit |
2002 |
++ |
2003 |
++#include <asm/spec-ctrl.h> |
2004 |
++ |
2005 |
++void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p); |
2006 |
++ |
2007 |
++/* |
2008 |
++ * This needs to be inline to optimize for the common case where no extra |
2009 |
++ * work needs to be done. |
2010 |
++ */ |
2011 |
++static inline void switch_to_extra(struct task_struct *prev, |
2012 |
++ struct task_struct *next) |
2013 |
++{ |
2014 |
++ unsigned long next_tif = task_thread_info(next)->flags; |
2015 |
++ unsigned long prev_tif = task_thread_info(prev)->flags; |
2016 |
++ |
2017 |
++ if (IS_ENABLED(CONFIG_SMP)) { |
2018 |
++ /* |
2019 |
++ * Avoid __switch_to_xtra() invocation when conditional |
2020 |
++ * STIPB is disabled and the only different bit is |
2021 |
++ * TIF_SPEC_IB. For CONFIG_SMP=n TIF_SPEC_IB is not |
2022 |
++ * in the TIF_WORK_CTXSW masks. |
2023 |
++ */ |
2024 |
++ if (!static_branch_likely(&switch_to_cond_stibp)) { |
2025 |
++ prev_tif &= ~_TIF_SPEC_IB; |
2026 |
++ next_tif &= ~_TIF_SPEC_IB; |
2027 |
++ } |
2028 |
++ } |
2029 |
++ |
2030 |
++ /* |
2031 |
++ * __switch_to_xtra() handles debug registers, i/o bitmaps, |
2032 |
++ * speculation mitigations etc. |
2033 |
++ */ |
2034 |
++ if (unlikely(next_tif & _TIF_WORK_CTXSW_NEXT || |
2035 |
++ prev_tif & _TIF_WORK_CTXSW_PREV)) |
2036 |
++ __switch_to_xtra(prev, next); |
2037 |
++} |
2038 |
+diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c |
2039 |
+index 5046a3c9dec2..d3e593eb189f 100644 |
2040 |
+--- a/arch/x86/kernel/process_32.c |
2041 |
++++ b/arch/x86/kernel/process_32.c |
2042 |
+@@ -59,6 +59,8 @@ |
2043 |
+ #include <asm/intel_rdt_sched.h> |
2044 |
+ #include <asm/proto.h> |
2045 |
+ |
2046 |
++#include "process.h" |
2047 |
++ |
2048 |
+ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) |
2049 |
+ { |
2050 |
+ unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; |
2051 |
+@@ -232,7 +234,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2052 |
+ struct fpu *prev_fpu = &prev->fpu; |
2053 |
+ struct fpu *next_fpu = &next->fpu; |
2054 |
+ int cpu = smp_processor_id(); |
2055 |
+- struct tss_struct *tss = &per_cpu(cpu_tss_rw, cpu); |
2056 |
+ |
2057 |
+ /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ |
2058 |
+ |
2059 |
+@@ -264,12 +265,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2060 |
+ if (get_kernel_rpl() && unlikely(prev->iopl != next->iopl)) |
2061 |
+ set_iopl_mask(next->iopl); |
2062 |
+ |
2063 |
+- /* |
2064 |
+- * Now maybe handle debug registers and/or IO bitmaps |
2065 |
+- */ |
2066 |
+- if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV || |
2067 |
+- task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT)) |
2068 |
+- __switch_to_xtra(prev_p, next_p, tss); |
2069 |
++ switch_to_extra(prev_p, next_p); |
2070 |
+ |
2071 |
+ /* |
2072 |
+ * Leave lazy mode, flushing any hypercalls made here. |
2073 |
+diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
2074 |
+index ea5ea850348d..a0854f283efd 100644 |
2075 |
+--- a/arch/x86/kernel/process_64.c |
2076 |
++++ b/arch/x86/kernel/process_64.c |
2077 |
+@@ -59,6 +59,8 @@ |
2078 |
+ #include <asm/unistd_32_ia32.h> |
2079 |
+ #endif |
2080 |
+ |
2081 |
++#include "process.h" |
2082 |
++ |
2083 |
+ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); |
2084 |
+ |
2085 |
+ /* Prints also some state that isn't saved in the pt_regs */ |
2086 |
+@@ -422,7 +424,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2087 |
+ struct fpu *prev_fpu = &prev->fpu; |
2088 |
+ struct fpu *next_fpu = &next->fpu; |
2089 |
+ int cpu = smp_processor_id(); |
2090 |
+- struct tss_struct *tss = &per_cpu(cpu_tss_rw, cpu); |
2091 |
+ |
2092 |
+ WARN_ON_ONCE(IS_ENABLED(CONFIG_DEBUG_ENTRY) && |
2093 |
+ this_cpu_read(irq_count) != -1); |
2094 |
+@@ -489,12 +490,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2095 |
+ /* Reload sp0. */ |
2096 |
+ update_task_stack(next_p); |
2097 |
+ |
2098 |
+- /* |
2099 |
+- * Now maybe reload the debug registers and handle I/O bitmaps |
2100 |
+- */ |
2101 |
+- if (unlikely(task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT || |
2102 |
+- task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV)) |
2103 |
+- __switch_to_xtra(prev_p, next_p, tss); |
2104 |
++ switch_to_extra(prev_p, next_p); |
2105 |
+ |
2106 |
+ #ifdef CONFIG_XEN_PV |
2107 |
+ /* |
2108 |
+diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
2109 |
+index fbb0e6df121b..2216d21e955d 100644 |
2110 |
+--- a/arch/x86/kvm/lapic.c |
2111 |
++++ b/arch/x86/kvm/lapic.c |
2112 |
+@@ -571,6 +571,11 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low, |
2113 |
+ rcu_read_lock(); |
2114 |
+ map = rcu_dereference(kvm->arch.apic_map); |
2115 |
+ |
2116 |
++ if (unlikely(!map)) { |
2117 |
++ count = -EOPNOTSUPP; |
2118 |
++ goto out; |
2119 |
++ } |
2120 |
++ |
2121 |
+ if (min > map->max_apic_id) |
2122 |
+ goto out; |
2123 |
+ /* Bits above cluster_size are masked in the caller. */ |
2124 |
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c |
2125 |
+index 51b953ad9d4e..1b82bc7c3cca 100644 |
2126 |
+--- a/arch/x86/kvm/mmu.c |
2127 |
++++ b/arch/x86/kvm/mmu.c |
2128 |
+@@ -5013,9 +5013,9 @@ static bool need_remote_flush(u64 old, u64 new) |
2129 |
+ } |
2130 |
+ |
2131 |
+ static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, |
2132 |
+- const u8 *new, int *bytes) |
2133 |
++ int *bytes) |
2134 |
+ { |
2135 |
+- u64 gentry; |
2136 |
++ u64 gentry = 0; |
2137 |
+ int r; |
2138 |
+ |
2139 |
+ /* |
2140 |
+@@ -5027,22 +5027,12 @@ static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, |
2141 |
+ /* Handle a 32-bit guest writing two halves of a 64-bit gpte */ |
2142 |
+ *gpa &= ~(gpa_t)7; |
2143 |
+ *bytes = 8; |
2144 |
+- r = kvm_vcpu_read_guest(vcpu, *gpa, &gentry, 8); |
2145 |
+- if (r) |
2146 |
+- gentry = 0; |
2147 |
+- new = (const u8 *)&gentry; |
2148 |
+ } |
2149 |
+ |
2150 |
+- switch (*bytes) { |
2151 |
+- case 4: |
2152 |
+- gentry = *(const u32 *)new; |
2153 |
+- break; |
2154 |
+- case 8: |
2155 |
+- gentry = *(const u64 *)new; |
2156 |
+- break; |
2157 |
+- default: |
2158 |
+- gentry = 0; |
2159 |
+- break; |
2160 |
++ if (*bytes == 4 || *bytes == 8) { |
2161 |
++ r = kvm_vcpu_read_guest_atomic(vcpu, *gpa, &gentry, *bytes); |
2162 |
++ if (r) |
2163 |
++ gentry = 0; |
2164 |
+ } |
2165 |
+ |
2166 |
+ return gentry; |
2167 |
+@@ -5146,8 +5136,6 @@ static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, |
2168 |
+ |
2169 |
+ pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); |
2170 |
+ |
2171 |
+- gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, new, &bytes); |
2172 |
+- |
2173 |
+ /* |
2174 |
+ * No need to care whether allocation memory is successful |
2175 |
+ * or not since pte prefetch is skiped if it does not have |
2176 |
+@@ -5156,6 +5144,9 @@ static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, |
2177 |
+ mmu_topup_memory_caches(vcpu); |
2178 |
+ |
2179 |
+ spin_lock(&vcpu->kvm->mmu_lock); |
2180 |
++ |
2181 |
++ gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, &bytes); |
2182 |
++ |
2183 |
+ ++vcpu->kvm->stat.mmu_pte_write; |
2184 |
+ kvm_mmu_audit(vcpu, AUDIT_PRE_PTE_WRITE); |
2185 |
+ |
2186 |
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
2187 |
+index 61ccfb13899e..4397fa0c448f 100644 |
2188 |
+--- a/arch/x86/kvm/svm.c |
2189 |
++++ b/arch/x86/kvm/svm.c |
2190 |
+@@ -1444,7 +1444,7 @@ static u64 svm_read_l1_tsc_offset(struct kvm_vcpu *vcpu) |
2191 |
+ return vcpu->arch.tsc_offset; |
2192 |
+ } |
2193 |
+ |
2194 |
+-static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2195 |
++static u64 svm_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2196 |
+ { |
2197 |
+ struct vcpu_svm *svm = to_svm(vcpu); |
2198 |
+ u64 g_tsc_offset = 0; |
2199 |
+@@ -1462,6 +1462,7 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2200 |
+ svm->vmcb->control.tsc_offset = offset + g_tsc_offset; |
2201 |
+ |
2202 |
+ mark_dirty(svm->vmcb, VMCB_INTERCEPTS); |
2203 |
++ return svm->vmcb->control.tsc_offset; |
2204 |
+ } |
2205 |
+ |
2206 |
+ static void avic_init_vmcb(struct vcpu_svm *svm) |
2207 |
+@@ -2187,21 +2188,31 @@ out: |
2208 |
+ return ERR_PTR(err); |
2209 |
+ } |
2210 |
+ |
2211 |
++static void svm_clear_current_vmcb(struct vmcb *vmcb) |
2212 |
++{ |
2213 |
++ int i; |
2214 |
++ |
2215 |
++ for_each_online_cpu(i) |
2216 |
++ cmpxchg(&per_cpu(svm_data, i)->current_vmcb, vmcb, NULL); |
2217 |
++} |
2218 |
++ |
2219 |
+ static void svm_free_vcpu(struct kvm_vcpu *vcpu) |
2220 |
+ { |
2221 |
+ struct vcpu_svm *svm = to_svm(vcpu); |
2222 |
+ |
2223 |
++ /* |
2224 |
++ * The vmcb page can be recycled, causing a false negative in |
2225 |
++ * svm_vcpu_load(). So, ensure that no logical CPU has this |
2226 |
++ * vmcb page recorded as its current vmcb. |
2227 |
++ */ |
2228 |
++ svm_clear_current_vmcb(svm->vmcb); |
2229 |
++ |
2230 |
+ __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT)); |
2231 |
+ __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER); |
2232 |
+ __free_page(virt_to_page(svm->nested.hsave)); |
2233 |
+ __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER); |
2234 |
+ kvm_vcpu_uninit(vcpu); |
2235 |
+ kmem_cache_free(kvm_vcpu_cache, svm); |
2236 |
+- /* |
2237 |
+- * The vmcb page can be recycled, causing a false negative in |
2238 |
+- * svm_vcpu_load(). So do a full IBPB now. |
2239 |
+- */ |
2240 |
+- indirect_branch_prediction_barrier(); |
2241 |
+ } |
2242 |
+ |
2243 |
+ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) |
2244 |
+@@ -7145,7 +7156,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { |
2245 |
+ .has_wbinvd_exit = svm_has_wbinvd_exit, |
2246 |
+ |
2247 |
+ .read_l1_tsc_offset = svm_read_l1_tsc_offset, |
2248 |
+- .write_tsc_offset = svm_write_tsc_offset, |
2249 |
++ .write_l1_tsc_offset = svm_write_l1_tsc_offset, |
2250 |
+ |
2251 |
+ .set_tdp_cr3 = set_tdp_cr3, |
2252 |
+ |
2253 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
2254 |
+index 9f3def7baa6d..e55f7a90d4b2 100644 |
2255 |
+--- a/arch/x86/kvm/vmx.c |
2256 |
++++ b/arch/x86/kvm/vmx.c |
2257 |
+@@ -170,6 +170,7 @@ module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO); |
2258 |
+ * refer SDM volume 3b section 21.6.13 & 22.1.3. |
2259 |
+ */ |
2260 |
+ static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP; |
2261 |
++module_param(ple_gap, uint, 0444); |
2262 |
+ |
2263 |
+ static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW; |
2264 |
+ module_param(ple_window, uint, 0444); |
2265 |
+@@ -3433,11 +3434,9 @@ static u64 vmx_read_l1_tsc_offset(struct kvm_vcpu *vcpu) |
2266 |
+ return vcpu->arch.tsc_offset; |
2267 |
+ } |
2268 |
+ |
2269 |
+-/* |
2270 |
+- * writes 'offset' into guest's timestamp counter offset register |
2271 |
+- */ |
2272 |
+-static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2273 |
++static u64 vmx_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2274 |
+ { |
2275 |
++ u64 active_offset = offset; |
2276 |
+ if (is_guest_mode(vcpu)) { |
2277 |
+ /* |
2278 |
+ * We're here if L1 chose not to trap WRMSR to TSC. According |
2279 |
+@@ -3445,17 +3444,16 @@ static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2280 |
+ * set for L2 remains unchanged, and still needs to be added |
2281 |
+ * to the newly set TSC to get L2's TSC. |
2282 |
+ */ |
2283 |
+- struct vmcs12 *vmcs12; |
2284 |
+- /* recalculate vmcs02.TSC_OFFSET: */ |
2285 |
+- vmcs12 = get_vmcs12(vcpu); |
2286 |
+- vmcs_write64(TSC_OFFSET, offset + |
2287 |
+- (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETING) ? |
2288 |
+- vmcs12->tsc_offset : 0)); |
2289 |
++ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); |
2290 |
++ if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETING)) |
2291 |
++ active_offset += vmcs12->tsc_offset; |
2292 |
+ } else { |
2293 |
+ trace_kvm_write_tsc_offset(vcpu->vcpu_id, |
2294 |
+ vmcs_read64(TSC_OFFSET), offset); |
2295 |
+- vmcs_write64(TSC_OFFSET, offset); |
2296 |
+ } |
2297 |
++ |
2298 |
++ vmcs_write64(TSC_OFFSET, active_offset); |
2299 |
++ return active_offset; |
2300 |
+ } |
2301 |
+ |
2302 |
+ /* |
2303 |
+@@ -14203,7 +14201,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { |
2304 |
+ .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit, |
2305 |
+ |
2306 |
+ .read_l1_tsc_offset = vmx_read_l1_tsc_offset, |
2307 |
+- .write_tsc_offset = vmx_write_tsc_offset, |
2308 |
++ .write_l1_tsc_offset = vmx_write_l1_tsc_offset, |
2309 |
+ |
2310 |
+ .set_tdp_cr3 = vmx_set_cr3, |
2311 |
+ |
2312 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
2313 |
+index ca717737347e..68b53f05a420 100644 |
2314 |
+--- a/arch/x86/kvm/x86.c |
2315 |
++++ b/arch/x86/kvm/x86.c |
2316 |
+@@ -1582,8 +1582,7 @@ EXPORT_SYMBOL_GPL(kvm_read_l1_tsc); |
2317 |
+ |
2318 |
+ static void kvm_vcpu_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2319 |
+ { |
2320 |
+- kvm_x86_ops->write_tsc_offset(vcpu, offset); |
2321 |
+- vcpu->arch.tsc_offset = offset; |
2322 |
++ vcpu->arch.tsc_offset = kvm_x86_ops->write_l1_tsc_offset(vcpu, offset); |
2323 |
+ } |
2324 |
+ |
2325 |
+ static inline bool kvm_check_tsc_unstable(void) |
2326 |
+@@ -1711,7 +1710,8 @@ EXPORT_SYMBOL_GPL(kvm_write_tsc); |
2327 |
+ static inline void adjust_tsc_offset_guest(struct kvm_vcpu *vcpu, |
2328 |
+ s64 adjustment) |
2329 |
+ { |
2330 |
+- kvm_vcpu_write_tsc_offset(vcpu, vcpu->arch.tsc_offset + adjustment); |
2331 |
++ u64 tsc_offset = kvm_x86_ops->read_l1_tsc_offset(vcpu); |
2332 |
++ kvm_vcpu_write_tsc_offset(vcpu, tsc_offset + adjustment); |
2333 |
+ } |
2334 |
+ |
2335 |
+ static inline void adjust_tsc_offset_host(struct kvm_vcpu *vcpu, s64 adjustment) |
2336 |
+@@ -6788,6 +6788,7 @@ static int kvm_pv_clock_pairing(struct kvm_vcpu *vcpu, gpa_t paddr, |
2337 |
+ clock_pairing.nsec = ts.tv_nsec; |
2338 |
+ clock_pairing.tsc = kvm_read_l1_tsc(vcpu, cycle); |
2339 |
+ clock_pairing.flags = 0; |
2340 |
++ memset(&clock_pairing.pad, 0, sizeof(clock_pairing.pad)); |
2341 |
+ |
2342 |
+ ret = 0; |
2343 |
+ if (kvm_write_guest(vcpu->kvm, paddr, &clock_pairing, |
2344 |
+@@ -7313,7 +7314,8 @@ static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu) |
2345 |
+ else { |
2346 |
+ if (vcpu->arch.apicv_active) |
2347 |
+ kvm_x86_ops->sync_pir_to_irr(vcpu); |
2348 |
+- kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors); |
2349 |
++ if (ioapic_in_kernel(vcpu->kvm)) |
2350 |
++ kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors); |
2351 |
+ } |
2352 |
+ |
2353 |
+ if (is_guest_mode(vcpu)) |
2354 |
+diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c |
2355 |
+index e96b99eb800c..a6d1b0241aea 100644 |
2356 |
+--- a/arch/x86/mm/tlb.c |
2357 |
++++ b/arch/x86/mm/tlb.c |
2358 |
+@@ -29,6 +29,12 @@ |
2359 |
+ * Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi |
2360 |
+ */ |
2361 |
+ |
2362 |
++/* |
2363 |
++ * Use bit 0 to mangle the TIF_SPEC_IB state into the mm pointer which is |
2364 |
++ * stored in cpu_tlb_state.last_user_mm_ibpb. |
2365 |
++ */ |
2366 |
++#define LAST_USER_MM_IBPB 0x1UL |
2367 |
++ |
2368 |
+ /* |
2369 |
+ * We get here when we do something requiring a TLB invalidation |
2370 |
+ * but could not go invalidate all of the contexts. We do the |
2371 |
+@@ -180,6 +186,89 @@ static void sync_current_stack_to_mm(struct mm_struct *mm) |
2372 |
+ } |
2373 |
+ } |
2374 |
+ |
2375 |
++static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next) |
2376 |
++{ |
2377 |
++ unsigned long next_tif = task_thread_info(next)->flags; |
2378 |
++ unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB; |
2379 |
++ |
2380 |
++ return (unsigned long)next->mm | ibpb; |
2381 |
++} |
2382 |
++ |
2383 |
++static void cond_ibpb(struct task_struct *next) |
2384 |
++{ |
2385 |
++ if (!next || !next->mm) |
2386 |
++ return; |
2387 |
++ |
2388 |
++ /* |
2389 |
++ * Both, the conditional and the always IBPB mode use the mm |
2390 |
++ * pointer to avoid the IBPB when switching between tasks of the |
2391 |
++ * same process. Using the mm pointer instead of mm->context.ctx_id |
2392 |
++ * opens a hypothetical hole vs. mm_struct reuse, which is more or |
2393 |
++ * less impossible to control by an attacker. Aside of that it |
2394 |
++ * would only affect the first schedule so the theoretically |
2395 |
++ * exposed data is not really interesting. |
2396 |
++ */ |
2397 |
++ if (static_branch_likely(&switch_mm_cond_ibpb)) { |
2398 |
++ unsigned long prev_mm, next_mm; |
2399 |
++ |
2400 |
++ /* |
2401 |
++ * This is a bit more complex than the always mode because |
2402 |
++ * it has to handle two cases: |
2403 |
++ * |
2404 |
++ * 1) Switch from a user space task (potential attacker) |
2405 |
++ * which has TIF_SPEC_IB set to a user space task |
2406 |
++ * (potential victim) which has TIF_SPEC_IB not set. |
2407 |
++ * |
2408 |
++ * 2) Switch from a user space task (potential attacker) |
2409 |
++ * which has TIF_SPEC_IB not set to a user space task |
2410 |
++ * (potential victim) which has TIF_SPEC_IB set. |
2411 |
++ * |
2412 |
++ * This could be done by unconditionally issuing IBPB when |
2413 |
++ * a task which has TIF_SPEC_IB set is either scheduled in |
2414 |
++ * or out. Though that results in two flushes when: |
2415 |
++ * |
2416 |
++ * - the same user space task is scheduled out and later |
2417 |
++ * scheduled in again and only a kernel thread ran in |
2418 |
++ * between. |
2419 |
++ * |
2420 |
++ * - a user space task belonging to the same process is |
2421 |
++ * scheduled in after a kernel thread ran in between |
2422 |
++ * |
2423 |
++ * - a user space task belonging to the same process is |
2424 |
++ * scheduled in immediately. |
2425 |
++ * |
2426 |
++ * Optimize this with reasonably small overhead for the |
2427 |
++ * above cases. Mangle the TIF_SPEC_IB bit into the mm |
2428 |
++ * pointer of the incoming task which is stored in |
2429 |
++ * cpu_tlbstate.last_user_mm_ibpb for comparison. |
2430 |
++ */ |
2431 |
++ next_mm = mm_mangle_tif_spec_ib(next); |
2432 |
++ prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_ibpb); |
2433 |
++ |
2434 |
++ /* |
2435 |
++ * Issue IBPB only if the mm's are different and one or |
2436 |
++ * both have the IBPB bit set. |
2437 |
++ */ |
2438 |
++ if (next_mm != prev_mm && |
2439 |
++ (next_mm | prev_mm) & LAST_USER_MM_IBPB) |
2440 |
++ indirect_branch_prediction_barrier(); |
2441 |
++ |
2442 |
++ this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, next_mm); |
2443 |
++ } |
2444 |
++ |
2445 |
++ if (static_branch_unlikely(&switch_mm_always_ibpb)) { |
2446 |
++ /* |
2447 |
++ * Only flush when switching to a user space task with a |
2448 |
++ * different context than the user space task which ran |
2449 |
++ * last on this CPU. |
2450 |
++ */ |
2451 |
++ if (this_cpu_read(cpu_tlbstate.last_user_mm) != next->mm) { |
2452 |
++ indirect_branch_prediction_barrier(); |
2453 |
++ this_cpu_write(cpu_tlbstate.last_user_mm, next->mm); |
2454 |
++ } |
2455 |
++ } |
2456 |
++} |
2457 |
++ |
2458 |
+ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
2459 |
+ struct task_struct *tsk) |
2460 |
+ { |
2461 |
+@@ -254,27 +343,13 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
2462 |
+ } else { |
2463 |
+ u16 new_asid; |
2464 |
+ bool need_flush; |
2465 |
+- u64 last_ctx_id = this_cpu_read(cpu_tlbstate.last_ctx_id); |
2466 |
+ |
2467 |
+ /* |
2468 |
+ * Avoid user/user BTB poisoning by flushing the branch |
2469 |
+ * predictor when switching between processes. This stops |
2470 |
+ * one process from doing Spectre-v2 attacks on another. |
2471 |
+- * |
2472 |
+- * As an optimization, flush indirect branches only when |
2473 |
+- * switching into processes that disable dumping. This |
2474 |
+- * protects high value processes like gpg, without having |
2475 |
+- * too high performance overhead. IBPB is *expensive*! |
2476 |
+- * |
2477 |
+- * This will not flush branches when switching into kernel |
2478 |
+- * threads. It will also not flush if we switch to idle |
2479 |
+- * thread and back to the same process. It will flush if we |
2480 |
+- * switch to a different non-dumpable process. |
2481 |
+ */ |
2482 |
+- if (tsk && tsk->mm && |
2483 |
+- tsk->mm->context.ctx_id != last_ctx_id && |
2484 |
+- get_dumpable(tsk->mm) != SUID_DUMP_USER) |
2485 |
+- indirect_branch_prediction_barrier(); |
2486 |
++ cond_ibpb(tsk); |
2487 |
+ |
2488 |
+ if (IS_ENABLED(CONFIG_VMAP_STACK)) { |
2489 |
+ /* |
2490 |
+@@ -331,14 +406,6 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
2491 |
+ trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, 0); |
2492 |
+ } |
2493 |
+ |
2494 |
+- /* |
2495 |
+- * Record last user mm's context id, so we can avoid |
2496 |
+- * flushing branch buffer with IBPB if we switch back |
2497 |
+- * to the same user. |
2498 |
+- */ |
2499 |
+- if (next != &init_mm) |
2500 |
+- this_cpu_write(cpu_tlbstate.last_ctx_id, next->context.ctx_id); |
2501 |
+- |
2502 |
+ /* Make sure we write CR3 before loaded_mm. */ |
2503 |
+ barrier(); |
2504 |
+ |
2505 |
+@@ -419,7 +486,7 @@ void initialize_tlbstate_and_flush(void) |
2506 |
+ write_cr3(build_cr3(mm->pgd, 0)); |
2507 |
+ |
2508 |
+ /* Reinitialize tlbstate. */ |
2509 |
+- this_cpu_write(cpu_tlbstate.last_ctx_id, mm->context.ctx_id); |
2510 |
++ this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, LAST_USER_MM_IBPB); |
2511 |
+ this_cpu_write(cpu_tlbstate.loaded_mm_asid, 0); |
2512 |
+ this_cpu_write(cpu_tlbstate.next_asid, 1); |
2513 |
+ this_cpu_write(cpu_tlbstate.ctxs[0].ctx_id, mm->context.ctx_id); |
2514 |
+diff --git a/arch/xtensa/kernel/asm-offsets.c b/arch/xtensa/kernel/asm-offsets.c |
2515 |
+index 67904f55f188..120dd746a147 100644 |
2516 |
+--- a/arch/xtensa/kernel/asm-offsets.c |
2517 |
++++ b/arch/xtensa/kernel/asm-offsets.c |
2518 |
+@@ -94,14 +94,14 @@ int main(void) |
2519 |
+ DEFINE(THREAD_SP, offsetof (struct task_struct, thread.sp)); |
2520 |
+ DEFINE(THREAD_CPENABLE, offsetof (struct thread_info, cpenable)); |
2521 |
+ #if XTENSA_HAVE_COPROCESSORS |
2522 |
+- DEFINE(THREAD_XTREGS_CP0, offsetof (struct thread_info, xtregs_cp)); |
2523 |
+- DEFINE(THREAD_XTREGS_CP1, offsetof (struct thread_info, xtregs_cp)); |
2524 |
+- DEFINE(THREAD_XTREGS_CP2, offsetof (struct thread_info, xtregs_cp)); |
2525 |
+- DEFINE(THREAD_XTREGS_CP3, offsetof (struct thread_info, xtregs_cp)); |
2526 |
+- DEFINE(THREAD_XTREGS_CP4, offsetof (struct thread_info, xtregs_cp)); |
2527 |
+- DEFINE(THREAD_XTREGS_CP5, offsetof (struct thread_info, xtregs_cp)); |
2528 |
+- DEFINE(THREAD_XTREGS_CP6, offsetof (struct thread_info, xtregs_cp)); |
2529 |
+- DEFINE(THREAD_XTREGS_CP7, offsetof (struct thread_info, xtregs_cp)); |
2530 |
++ DEFINE(THREAD_XTREGS_CP0, offsetof(struct thread_info, xtregs_cp.cp0)); |
2531 |
++ DEFINE(THREAD_XTREGS_CP1, offsetof(struct thread_info, xtregs_cp.cp1)); |
2532 |
++ DEFINE(THREAD_XTREGS_CP2, offsetof(struct thread_info, xtregs_cp.cp2)); |
2533 |
++ DEFINE(THREAD_XTREGS_CP3, offsetof(struct thread_info, xtregs_cp.cp3)); |
2534 |
++ DEFINE(THREAD_XTREGS_CP4, offsetof(struct thread_info, xtregs_cp.cp4)); |
2535 |
++ DEFINE(THREAD_XTREGS_CP5, offsetof(struct thread_info, xtregs_cp.cp5)); |
2536 |
++ DEFINE(THREAD_XTREGS_CP6, offsetof(struct thread_info, xtregs_cp.cp6)); |
2537 |
++ DEFINE(THREAD_XTREGS_CP7, offsetof(struct thread_info, xtregs_cp.cp7)); |
2538 |
+ #endif |
2539 |
+ DEFINE(THREAD_XTREGS_USER, offsetof (struct thread_info, xtregs_user)); |
2540 |
+ DEFINE(XTREGS_USER_SIZE, sizeof(xtregs_user_t)); |
2541 |
+diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c |
2542 |
+index 483dcfb6e681..4bb68133a72a 100644 |
2543 |
+--- a/arch/xtensa/kernel/process.c |
2544 |
++++ b/arch/xtensa/kernel/process.c |
2545 |
+@@ -94,18 +94,21 @@ void coprocessor_release_all(struct thread_info *ti) |
2546 |
+ |
2547 |
+ void coprocessor_flush_all(struct thread_info *ti) |
2548 |
+ { |
2549 |
+- unsigned long cpenable; |
2550 |
++ unsigned long cpenable, old_cpenable; |
2551 |
+ int i; |
2552 |
+ |
2553 |
+ preempt_disable(); |
2554 |
+ |
2555 |
++ RSR_CPENABLE(old_cpenable); |
2556 |
+ cpenable = ti->cpenable; |
2557 |
++ WSR_CPENABLE(cpenable); |
2558 |
+ |
2559 |
+ for (i = 0; i < XCHAL_CP_MAX; i++) { |
2560 |
+ if ((cpenable & 1) != 0 && coprocessor_owner[i] == ti) |
2561 |
+ coprocessor_flush(ti, i); |
2562 |
+ cpenable >>= 1; |
2563 |
+ } |
2564 |
++ WSR_CPENABLE(old_cpenable); |
2565 |
+ |
2566 |
+ preempt_enable(); |
2567 |
+ } |
2568 |
+diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c |
2569 |
+index c0845cb1cbb9..d9541be0605a 100644 |
2570 |
+--- a/arch/xtensa/kernel/ptrace.c |
2571 |
++++ b/arch/xtensa/kernel/ptrace.c |
2572 |
+@@ -127,12 +127,37 @@ static int ptrace_setregs(struct task_struct *child, void __user *uregs) |
2573 |
+ } |
2574 |
+ |
2575 |
+ |
2576 |
++#if XTENSA_HAVE_COPROCESSORS |
2577 |
++#define CP_OFFSETS(cp) \ |
2578 |
++ { \ |
2579 |
++ .elf_xtregs_offset = offsetof(elf_xtregs_t, cp), \ |
2580 |
++ .ti_offset = offsetof(struct thread_info, xtregs_cp.cp), \ |
2581 |
++ .sz = sizeof(xtregs_ ## cp ## _t), \ |
2582 |
++ } |
2583 |
++ |
2584 |
++static const struct { |
2585 |
++ size_t elf_xtregs_offset; |
2586 |
++ size_t ti_offset; |
2587 |
++ size_t sz; |
2588 |
++} cp_offsets[] = { |
2589 |
++ CP_OFFSETS(cp0), |
2590 |
++ CP_OFFSETS(cp1), |
2591 |
++ CP_OFFSETS(cp2), |
2592 |
++ CP_OFFSETS(cp3), |
2593 |
++ CP_OFFSETS(cp4), |
2594 |
++ CP_OFFSETS(cp5), |
2595 |
++ CP_OFFSETS(cp6), |
2596 |
++ CP_OFFSETS(cp7), |
2597 |
++}; |
2598 |
++#endif |
2599 |
++ |
2600 |
+ static int ptrace_getxregs(struct task_struct *child, void __user *uregs) |
2601 |
+ { |
2602 |
+ struct pt_regs *regs = task_pt_regs(child); |
2603 |
+ struct thread_info *ti = task_thread_info(child); |
2604 |
+ elf_xtregs_t __user *xtregs = uregs; |
2605 |
+ int ret = 0; |
2606 |
++ int i __maybe_unused; |
2607 |
+ |
2608 |
+ if (!access_ok(VERIFY_WRITE, uregs, sizeof(elf_xtregs_t))) |
2609 |
+ return -EIO; |
2610 |
+@@ -140,8 +165,13 @@ static int ptrace_getxregs(struct task_struct *child, void __user *uregs) |
2611 |
+ #if XTENSA_HAVE_COPROCESSORS |
2612 |
+ /* Flush all coprocessor registers to memory. */ |
2613 |
+ coprocessor_flush_all(ti); |
2614 |
+- ret |= __copy_to_user(&xtregs->cp0, &ti->xtregs_cp, |
2615 |
+- sizeof(xtregs_coprocessor_t)); |
2616 |
++ |
2617 |
++ for (i = 0; i < ARRAY_SIZE(cp_offsets); ++i) |
2618 |
++ ret |= __copy_to_user((char __user *)xtregs + |
2619 |
++ cp_offsets[i].elf_xtregs_offset, |
2620 |
++ (const char *)ti + |
2621 |
++ cp_offsets[i].ti_offset, |
2622 |
++ cp_offsets[i].sz); |
2623 |
+ #endif |
2624 |
+ ret |= __copy_to_user(&xtregs->opt, ®s->xtregs_opt, |
2625 |
+ sizeof(xtregs->opt)); |
2626 |
+@@ -157,6 +187,7 @@ static int ptrace_setxregs(struct task_struct *child, void __user *uregs) |
2627 |
+ struct pt_regs *regs = task_pt_regs(child); |
2628 |
+ elf_xtregs_t *xtregs = uregs; |
2629 |
+ int ret = 0; |
2630 |
++ int i __maybe_unused; |
2631 |
+ |
2632 |
+ if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t))) |
2633 |
+ return -EFAULT; |
2634 |
+@@ -166,8 +197,11 @@ static int ptrace_setxregs(struct task_struct *child, void __user *uregs) |
2635 |
+ coprocessor_flush_all(ti); |
2636 |
+ coprocessor_release_all(ti); |
2637 |
+ |
2638 |
+- ret |= __copy_from_user(&ti->xtregs_cp, &xtregs->cp0, |
2639 |
+- sizeof(xtregs_coprocessor_t)); |
2640 |
++ for (i = 0; i < ARRAY_SIZE(cp_offsets); ++i) |
2641 |
++ ret |= __copy_from_user((char *)ti + cp_offsets[i].ti_offset, |
2642 |
++ (const char __user *)xtregs + |
2643 |
++ cp_offsets[i].elf_xtregs_offset, |
2644 |
++ cp_offsets[i].sz); |
2645 |
+ #endif |
2646 |
+ ret |= __copy_from_user(®s->xtregs_opt, &xtregs->opt, |
2647 |
+ sizeof(xtregs->opt)); |
2648 |
+diff --git a/drivers/android/binder.c b/drivers/android/binder.c |
2649 |
+index d58763b6b009..ce0e4d317d24 100644 |
2650 |
+--- a/drivers/android/binder.c |
2651 |
++++ b/drivers/android/binder.c |
2652 |
+@@ -2971,7 +2971,6 @@ static void binder_transaction(struct binder_proc *proc, |
2653 |
+ t->buffer = NULL; |
2654 |
+ goto err_binder_alloc_buf_failed; |
2655 |
+ } |
2656 |
+- t->buffer->allow_user_free = 0; |
2657 |
+ t->buffer->debug_id = t->debug_id; |
2658 |
+ t->buffer->transaction = t; |
2659 |
+ t->buffer->target_node = target_node; |
2660 |
+@@ -3465,14 +3464,18 @@ static int binder_thread_write(struct binder_proc *proc, |
2661 |
+ |
2662 |
+ buffer = binder_alloc_prepare_to_free(&proc->alloc, |
2663 |
+ data_ptr); |
2664 |
+- if (buffer == NULL) { |
2665 |
+- binder_user_error("%d:%d BC_FREE_BUFFER u%016llx no match\n", |
2666 |
+- proc->pid, thread->pid, (u64)data_ptr); |
2667 |
+- break; |
2668 |
+- } |
2669 |
+- if (!buffer->allow_user_free) { |
2670 |
+- binder_user_error("%d:%d BC_FREE_BUFFER u%016llx matched unreturned buffer\n", |
2671 |
+- proc->pid, thread->pid, (u64)data_ptr); |
2672 |
++ if (IS_ERR_OR_NULL(buffer)) { |
2673 |
++ if (PTR_ERR(buffer) == -EPERM) { |
2674 |
++ binder_user_error( |
2675 |
++ "%d:%d BC_FREE_BUFFER u%016llx matched unreturned or currently freeing buffer\n", |
2676 |
++ proc->pid, thread->pid, |
2677 |
++ (u64)data_ptr); |
2678 |
++ } else { |
2679 |
++ binder_user_error( |
2680 |
++ "%d:%d BC_FREE_BUFFER u%016llx no match\n", |
2681 |
++ proc->pid, thread->pid, |
2682 |
++ (u64)data_ptr); |
2683 |
++ } |
2684 |
+ break; |
2685 |
+ } |
2686 |
+ binder_debug(BINDER_DEBUG_FREE_BUFFER, |
2687 |
+diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c |
2688 |
+index 64fd96eada31..030c98f35cca 100644 |
2689 |
+--- a/drivers/android/binder_alloc.c |
2690 |
++++ b/drivers/android/binder_alloc.c |
2691 |
+@@ -151,16 +151,12 @@ static struct binder_buffer *binder_alloc_prepare_to_free_locked( |
2692 |
+ else { |
2693 |
+ /* |
2694 |
+ * Guard against user threads attempting to |
2695 |
+- * free the buffer twice |
2696 |
++ * free the buffer when in use by kernel or |
2697 |
++ * after it's already been freed. |
2698 |
+ */ |
2699 |
+- if (buffer->free_in_progress) { |
2700 |
+- binder_alloc_debug(BINDER_DEBUG_USER_ERROR, |
2701 |
+- "%d:%d FREE_BUFFER u%016llx user freed buffer twice\n", |
2702 |
+- alloc->pid, current->pid, |
2703 |
+- (u64)user_ptr); |
2704 |
+- return NULL; |
2705 |
+- } |
2706 |
+- buffer->free_in_progress = 1; |
2707 |
++ if (!buffer->allow_user_free) |
2708 |
++ return ERR_PTR(-EPERM); |
2709 |
++ buffer->allow_user_free = 0; |
2710 |
+ return buffer; |
2711 |
+ } |
2712 |
+ } |
2713 |
+@@ -500,7 +496,7 @@ static struct binder_buffer *binder_alloc_new_buf_locked( |
2714 |
+ |
2715 |
+ rb_erase(best_fit, &alloc->free_buffers); |
2716 |
+ buffer->free = 0; |
2717 |
+- buffer->free_in_progress = 0; |
2718 |
++ buffer->allow_user_free = 0; |
2719 |
+ binder_insert_allocated_buffer_locked(alloc, buffer); |
2720 |
+ binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC, |
2721 |
+ "%d: binder_alloc_buf size %zd got %pK\n", |
2722 |
+diff --git a/drivers/android/binder_alloc.h b/drivers/android/binder_alloc.h |
2723 |
+index 9ef64e563856..fb3238c74c8a 100644 |
2724 |
+--- a/drivers/android/binder_alloc.h |
2725 |
++++ b/drivers/android/binder_alloc.h |
2726 |
+@@ -50,8 +50,7 @@ struct binder_buffer { |
2727 |
+ unsigned free:1; |
2728 |
+ unsigned allow_user_free:1; |
2729 |
+ unsigned async_transaction:1; |
2730 |
+- unsigned free_in_progress:1; |
2731 |
+- unsigned debug_id:28; |
2732 |
++ unsigned debug_id:29; |
2733 |
+ |
2734 |
+ struct binder_transaction *transaction; |
2735 |
+ |
2736 |
+diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c |
2737 |
+index 75f38d19fcbe..dbc51154f122 100644 |
2738 |
+--- a/drivers/dma/at_hdmac.c |
2739 |
++++ b/drivers/dma/at_hdmac.c |
2740 |
+@@ -1641,6 +1641,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) |
2741 |
+ atchan->descs_allocated = 0; |
2742 |
+ atchan->status = 0; |
2743 |
+ |
2744 |
++ /* |
2745 |
++ * Free atslave allocated in at_dma_xlate() |
2746 |
++ */ |
2747 |
++ kfree(chan->private); |
2748 |
++ chan->private = NULL; |
2749 |
++ |
2750 |
+ dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); |
2751 |
+ } |
2752 |
+ |
2753 |
+@@ -1675,7 +1681,7 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, |
2754 |
+ dma_cap_zero(mask); |
2755 |
+ dma_cap_set(DMA_SLAVE, mask); |
2756 |
+ |
2757 |
+- atslave = devm_kzalloc(&dmac_pdev->dev, sizeof(*atslave), GFP_KERNEL); |
2758 |
++ atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); |
2759 |
+ if (!atslave) |
2760 |
+ return NULL; |
2761 |
+ |
2762 |
+@@ -2000,6 +2006,8 @@ static int at_dma_remove(struct platform_device *pdev) |
2763 |
+ struct resource *io; |
2764 |
+ |
2765 |
+ at_dma_off(atdma); |
2766 |
++ if (pdev->dev.of_node) |
2767 |
++ of_dma_controller_free(pdev->dev.of_node); |
2768 |
+ dma_async_device_unregister(&atdma->dma_common); |
2769 |
+ |
2770 |
+ dma_pool_destroy(atdma->memset_pool); |
2771 |
+diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c |
2772 |
+index e8a114157f87..bb012bc032e0 100644 |
2773 |
+--- a/drivers/hid/hid-sensor-custom.c |
2774 |
++++ b/drivers/hid/hid-sensor-custom.c |
2775 |
+@@ -358,7 +358,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, |
2776 |
+ sensor_inst->hsdev, |
2777 |
+ sensor_inst->hsdev->usage, |
2778 |
+ usage, report_id, |
2779 |
+- SENSOR_HUB_SYNC); |
2780 |
++ SENSOR_HUB_SYNC, false); |
2781 |
+ } else if (!strncmp(name, "units", strlen("units"))) |
2782 |
+ value = sensor_inst->fields[field_index].attribute.units; |
2783 |
+ else if (!strncmp(name, "unit-expo", strlen("unit-expo"))) |
2784 |
+diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c |
2785 |
+index 2b63487057c2..4256fdc5cd6d 100644 |
2786 |
+--- a/drivers/hid/hid-sensor-hub.c |
2787 |
++++ b/drivers/hid/hid-sensor-hub.c |
2788 |
+@@ -299,7 +299,8 @@ EXPORT_SYMBOL_GPL(sensor_hub_get_feature); |
2789 |
+ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, |
2790 |
+ u32 usage_id, |
2791 |
+ u32 attr_usage_id, u32 report_id, |
2792 |
+- enum sensor_hub_read_flags flag) |
2793 |
++ enum sensor_hub_read_flags flag, |
2794 |
++ bool is_signed) |
2795 |
+ { |
2796 |
+ struct sensor_hub_data *data = hid_get_drvdata(hsdev->hdev); |
2797 |
+ unsigned long flags; |
2798 |
+@@ -331,10 +332,16 @@ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, |
2799 |
+ &hsdev->pending.ready, HZ*5); |
2800 |
+ switch (hsdev->pending.raw_size) { |
2801 |
+ case 1: |
2802 |
+- ret_val = *(u8 *)hsdev->pending.raw_data; |
2803 |
++ if (is_signed) |
2804 |
++ ret_val = *(s8 *)hsdev->pending.raw_data; |
2805 |
++ else |
2806 |
++ ret_val = *(u8 *)hsdev->pending.raw_data; |
2807 |
+ break; |
2808 |
+ case 2: |
2809 |
+- ret_val = *(u16 *)hsdev->pending.raw_data; |
2810 |
++ if (is_signed) |
2811 |
++ ret_val = *(s16 *)hsdev->pending.raw_data; |
2812 |
++ else |
2813 |
++ ret_val = *(u16 *)hsdev->pending.raw_data; |
2814 |
+ break; |
2815 |
+ case 4: |
2816 |
+ ret_val = *(u32 *)hsdev->pending.raw_data; |
2817 |
+diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c |
2818 |
+index 741857d80da1..2f164bd74687 100644 |
2819 |
+--- a/drivers/hv/channel.c |
2820 |
++++ b/drivers/hv/channel.c |
2821 |
+@@ -482,6 +482,14 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, |
2822 |
+ } |
2823 |
+ wait_for_completion(&msginfo->waitevent); |
2824 |
+ |
2825 |
++ if (msginfo->response.gpadl_created.creation_status != 0) { |
2826 |
++ pr_err("Failed to establish GPADL: err = 0x%x\n", |
2827 |
++ msginfo->response.gpadl_created.creation_status); |
2828 |
++ |
2829 |
++ ret = -EDQUOT; |
2830 |
++ goto cleanup; |
2831 |
++ } |
2832 |
++ |
2833 |
+ if (channel->rescind) { |
2834 |
+ ret = -ENODEV; |
2835 |
+ goto cleanup; |
2836 |
+diff --git a/drivers/iio/accel/hid-sensor-accel-3d.c b/drivers/iio/accel/hid-sensor-accel-3d.c |
2837 |
+index 41d97faf5013..38ff374a3ca4 100644 |
2838 |
+--- a/drivers/iio/accel/hid-sensor-accel-3d.c |
2839 |
++++ b/drivers/iio/accel/hid-sensor-accel-3d.c |
2840 |
+@@ -149,6 +149,7 @@ static int accel_3d_read_raw(struct iio_dev *indio_dev, |
2841 |
+ int report_id = -1; |
2842 |
+ u32 address; |
2843 |
+ int ret_type; |
2844 |
++ s32 min; |
2845 |
+ struct hid_sensor_hub_device *hsdev = |
2846 |
+ accel_state->common_attributes.hsdev; |
2847 |
+ |
2848 |
+@@ -158,12 +159,14 @@ static int accel_3d_read_raw(struct iio_dev *indio_dev, |
2849 |
+ case IIO_CHAN_INFO_RAW: |
2850 |
+ hid_sensor_power_state(&accel_state->common_attributes, true); |
2851 |
+ report_id = accel_state->accel[chan->scan_index].report_id; |
2852 |
++ min = accel_state->accel[chan->scan_index].logical_minimum; |
2853 |
+ address = accel_3d_addresses[chan->scan_index]; |
2854 |
+ if (report_id >= 0) |
2855 |
+ *val = sensor_hub_input_attr_get_raw_value( |
2856 |
+ accel_state->common_attributes.hsdev, |
2857 |
+ hsdev->usage, address, report_id, |
2858 |
+- SENSOR_HUB_SYNC); |
2859 |
++ SENSOR_HUB_SYNC, |
2860 |
++ min < 0); |
2861 |
+ else { |
2862 |
+ *val = 0; |
2863 |
+ hid_sensor_power_state(&accel_state->common_attributes, |
2864 |
+diff --git a/drivers/iio/gyro/hid-sensor-gyro-3d.c b/drivers/iio/gyro/hid-sensor-gyro-3d.c |
2865 |
+index 36941e69f959..88e857c4baf4 100644 |
2866 |
+--- a/drivers/iio/gyro/hid-sensor-gyro-3d.c |
2867 |
++++ b/drivers/iio/gyro/hid-sensor-gyro-3d.c |
2868 |
+@@ -111,6 +111,7 @@ static int gyro_3d_read_raw(struct iio_dev *indio_dev, |
2869 |
+ int report_id = -1; |
2870 |
+ u32 address; |
2871 |
+ int ret_type; |
2872 |
++ s32 min; |
2873 |
+ |
2874 |
+ *val = 0; |
2875 |
+ *val2 = 0; |
2876 |
+@@ -118,13 +119,15 @@ static int gyro_3d_read_raw(struct iio_dev *indio_dev, |
2877 |
+ case IIO_CHAN_INFO_RAW: |
2878 |
+ hid_sensor_power_state(&gyro_state->common_attributes, true); |
2879 |
+ report_id = gyro_state->gyro[chan->scan_index].report_id; |
2880 |
++ min = gyro_state->gyro[chan->scan_index].logical_minimum; |
2881 |
+ address = gyro_3d_addresses[chan->scan_index]; |
2882 |
+ if (report_id >= 0) |
2883 |
+ *val = sensor_hub_input_attr_get_raw_value( |
2884 |
+ gyro_state->common_attributes.hsdev, |
2885 |
+ HID_USAGE_SENSOR_GYRO_3D, address, |
2886 |
+ report_id, |
2887 |
+- SENSOR_HUB_SYNC); |
2888 |
++ SENSOR_HUB_SYNC, |
2889 |
++ min < 0); |
2890 |
+ else { |
2891 |
+ *val = 0; |
2892 |
+ hid_sensor_power_state(&gyro_state->common_attributes, |
2893 |
+diff --git a/drivers/iio/humidity/hid-sensor-humidity.c b/drivers/iio/humidity/hid-sensor-humidity.c |
2894 |
+index beab6d6fd6e1..4bc95f31c730 100644 |
2895 |
+--- a/drivers/iio/humidity/hid-sensor-humidity.c |
2896 |
++++ b/drivers/iio/humidity/hid-sensor-humidity.c |
2897 |
+@@ -75,7 +75,8 @@ static int humidity_read_raw(struct iio_dev *indio_dev, |
2898 |
+ HID_USAGE_SENSOR_HUMIDITY, |
2899 |
+ HID_USAGE_SENSOR_ATMOSPHERIC_HUMIDITY, |
2900 |
+ humid_st->humidity_attr.report_id, |
2901 |
+- SENSOR_HUB_SYNC); |
2902 |
++ SENSOR_HUB_SYNC, |
2903 |
++ humid_st->humidity_attr.logical_minimum < 0); |
2904 |
+ hid_sensor_power_state(&humid_st->common_attributes, false); |
2905 |
+ |
2906 |
+ return IIO_VAL_INT; |
2907 |
+diff --git a/drivers/iio/light/hid-sensor-als.c b/drivers/iio/light/hid-sensor-als.c |
2908 |
+index 406caaee9a3c..94f33250ba5a 100644 |
2909 |
+--- a/drivers/iio/light/hid-sensor-als.c |
2910 |
++++ b/drivers/iio/light/hid-sensor-als.c |
2911 |
+@@ -93,6 +93,7 @@ static int als_read_raw(struct iio_dev *indio_dev, |
2912 |
+ int report_id = -1; |
2913 |
+ u32 address; |
2914 |
+ int ret_type; |
2915 |
++ s32 min; |
2916 |
+ |
2917 |
+ *val = 0; |
2918 |
+ *val2 = 0; |
2919 |
+@@ -102,8 +103,8 @@ static int als_read_raw(struct iio_dev *indio_dev, |
2920 |
+ case CHANNEL_SCAN_INDEX_INTENSITY: |
2921 |
+ case CHANNEL_SCAN_INDEX_ILLUM: |
2922 |
+ report_id = als_state->als_illum.report_id; |
2923 |
+- address = |
2924 |
+- HID_USAGE_SENSOR_LIGHT_ILLUM; |
2925 |
++ min = als_state->als_illum.logical_minimum; |
2926 |
++ address = HID_USAGE_SENSOR_LIGHT_ILLUM; |
2927 |
+ break; |
2928 |
+ default: |
2929 |
+ report_id = -1; |
2930 |
+@@ -116,7 +117,8 @@ static int als_read_raw(struct iio_dev *indio_dev, |
2931 |
+ als_state->common_attributes.hsdev, |
2932 |
+ HID_USAGE_SENSOR_ALS, address, |
2933 |
+ report_id, |
2934 |
+- SENSOR_HUB_SYNC); |
2935 |
++ SENSOR_HUB_SYNC, |
2936 |
++ min < 0); |
2937 |
+ hid_sensor_power_state(&als_state->common_attributes, |
2938 |
+ false); |
2939 |
+ } else { |
2940 |
+diff --git a/drivers/iio/light/hid-sensor-prox.c b/drivers/iio/light/hid-sensor-prox.c |
2941 |
+index 45107f7537b5..cf5a0c242609 100644 |
2942 |
+--- a/drivers/iio/light/hid-sensor-prox.c |
2943 |
++++ b/drivers/iio/light/hid-sensor-prox.c |
2944 |
+@@ -73,6 +73,7 @@ static int prox_read_raw(struct iio_dev *indio_dev, |
2945 |
+ int report_id = -1; |
2946 |
+ u32 address; |
2947 |
+ int ret_type; |
2948 |
++ s32 min; |
2949 |
+ |
2950 |
+ *val = 0; |
2951 |
+ *val2 = 0; |
2952 |
+@@ -81,8 +82,8 @@ static int prox_read_raw(struct iio_dev *indio_dev, |
2953 |
+ switch (chan->scan_index) { |
2954 |
+ case CHANNEL_SCAN_INDEX_PRESENCE: |
2955 |
+ report_id = prox_state->prox_attr.report_id; |
2956 |
+- address = |
2957 |
+- HID_USAGE_SENSOR_HUMAN_PRESENCE; |
2958 |
++ min = prox_state->prox_attr.logical_minimum; |
2959 |
++ address = HID_USAGE_SENSOR_HUMAN_PRESENCE; |
2960 |
+ break; |
2961 |
+ default: |
2962 |
+ report_id = -1; |
2963 |
+@@ -95,7 +96,8 @@ static int prox_read_raw(struct iio_dev *indio_dev, |
2964 |
+ prox_state->common_attributes.hsdev, |
2965 |
+ HID_USAGE_SENSOR_PROX, address, |
2966 |
+ report_id, |
2967 |
+- SENSOR_HUB_SYNC); |
2968 |
++ SENSOR_HUB_SYNC, |
2969 |
++ min < 0); |
2970 |
+ hid_sensor_power_state(&prox_state->common_attributes, |
2971 |
+ false); |
2972 |
+ } else { |
2973 |
+diff --git a/drivers/iio/magnetometer/hid-sensor-magn-3d.c b/drivers/iio/magnetometer/hid-sensor-magn-3d.c |
2974 |
+index d55c4885211a..f3c0d41e5a8c 100644 |
2975 |
+--- a/drivers/iio/magnetometer/hid-sensor-magn-3d.c |
2976 |
++++ b/drivers/iio/magnetometer/hid-sensor-magn-3d.c |
2977 |
+@@ -163,21 +163,23 @@ static int magn_3d_read_raw(struct iio_dev *indio_dev, |
2978 |
+ int report_id = -1; |
2979 |
+ u32 address; |
2980 |
+ int ret_type; |
2981 |
++ s32 min; |
2982 |
+ |
2983 |
+ *val = 0; |
2984 |
+ *val2 = 0; |
2985 |
+ switch (mask) { |
2986 |
+ case IIO_CHAN_INFO_RAW: |
2987 |
+ hid_sensor_power_state(&magn_state->magn_flux_attributes, true); |
2988 |
+- report_id = |
2989 |
+- magn_state->magn[chan->address].report_id; |
2990 |
++ report_id = magn_state->magn[chan->address].report_id; |
2991 |
++ min = magn_state->magn[chan->address].logical_minimum; |
2992 |
+ address = magn_3d_addresses[chan->address]; |
2993 |
+ if (report_id >= 0) |
2994 |
+ *val = sensor_hub_input_attr_get_raw_value( |
2995 |
+ magn_state->magn_flux_attributes.hsdev, |
2996 |
+ HID_USAGE_SENSOR_COMPASS_3D, address, |
2997 |
+ report_id, |
2998 |
+- SENSOR_HUB_SYNC); |
2999 |
++ SENSOR_HUB_SYNC, |
3000 |
++ min < 0); |
3001 |
+ else { |
3002 |
+ *val = 0; |
3003 |
+ hid_sensor_power_state( |
3004 |
+diff --git a/drivers/iio/magnetometer/st_magn_buffer.c b/drivers/iio/magnetometer/st_magn_buffer.c |
3005 |
+index 0a9e8fadfa9d..37ab30566464 100644 |
3006 |
+--- a/drivers/iio/magnetometer/st_magn_buffer.c |
3007 |
++++ b/drivers/iio/magnetometer/st_magn_buffer.c |
3008 |
+@@ -30,11 +30,6 @@ int st_magn_trig_set_state(struct iio_trigger *trig, bool state) |
3009 |
+ return st_sensors_set_dataready_irq(indio_dev, state); |
3010 |
+ } |
3011 |
+ |
3012 |
+-static int st_magn_buffer_preenable(struct iio_dev *indio_dev) |
3013 |
+-{ |
3014 |
+- return st_sensors_set_enable(indio_dev, true); |
3015 |
+-} |
3016 |
+- |
3017 |
+ static int st_magn_buffer_postenable(struct iio_dev *indio_dev) |
3018 |
+ { |
3019 |
+ int err; |
3020 |
+@@ -50,7 +45,7 @@ static int st_magn_buffer_postenable(struct iio_dev *indio_dev) |
3021 |
+ if (err < 0) |
3022 |
+ goto st_magn_buffer_postenable_error; |
3023 |
+ |
3024 |
+- return err; |
3025 |
++ return st_sensors_set_enable(indio_dev, true); |
3026 |
+ |
3027 |
+ st_magn_buffer_postenable_error: |
3028 |
+ kfree(mdata->buffer_data); |
3029 |
+@@ -63,11 +58,11 @@ static int st_magn_buffer_predisable(struct iio_dev *indio_dev) |
3030 |
+ int err; |
3031 |
+ struct st_sensor_data *mdata = iio_priv(indio_dev); |
3032 |
+ |
3033 |
+- err = iio_triggered_buffer_predisable(indio_dev); |
3034 |
++ err = st_sensors_set_enable(indio_dev, false); |
3035 |
+ if (err < 0) |
3036 |
+ goto st_magn_buffer_predisable_error; |
3037 |
+ |
3038 |
+- err = st_sensors_set_enable(indio_dev, false); |
3039 |
++ err = iio_triggered_buffer_predisable(indio_dev); |
3040 |
+ |
3041 |
+ st_magn_buffer_predisable_error: |
3042 |
+ kfree(mdata->buffer_data); |
3043 |
+@@ -75,7 +70,6 @@ st_magn_buffer_predisable_error: |
3044 |
+ } |
3045 |
+ |
3046 |
+ static const struct iio_buffer_setup_ops st_magn_buffer_setup_ops = { |
3047 |
+- .preenable = &st_magn_buffer_preenable, |
3048 |
+ .postenable = &st_magn_buffer_postenable, |
3049 |
+ .predisable = &st_magn_buffer_predisable, |
3050 |
+ }; |
3051 |
+diff --git a/drivers/iio/orientation/hid-sensor-incl-3d.c b/drivers/iio/orientation/hid-sensor-incl-3d.c |
3052 |
+index 1e5451d1ff88..bdc5e4554ee4 100644 |
3053 |
+--- a/drivers/iio/orientation/hid-sensor-incl-3d.c |
3054 |
++++ b/drivers/iio/orientation/hid-sensor-incl-3d.c |
3055 |
+@@ -111,21 +111,23 @@ static int incl_3d_read_raw(struct iio_dev *indio_dev, |
3056 |
+ int report_id = -1; |
3057 |
+ u32 address; |
3058 |
+ int ret_type; |
3059 |
++ s32 min; |
3060 |
+ |
3061 |
+ *val = 0; |
3062 |
+ *val2 = 0; |
3063 |
+ switch (mask) { |
3064 |
+ case IIO_CHAN_INFO_RAW: |
3065 |
+ hid_sensor_power_state(&incl_state->common_attributes, true); |
3066 |
+- report_id = |
3067 |
+- incl_state->incl[chan->scan_index].report_id; |
3068 |
++ report_id = incl_state->incl[chan->scan_index].report_id; |
3069 |
++ min = incl_state->incl[chan->scan_index].logical_minimum; |
3070 |
+ address = incl_3d_addresses[chan->scan_index]; |
3071 |
+ if (report_id >= 0) |
3072 |
+ *val = sensor_hub_input_attr_get_raw_value( |
3073 |
+ incl_state->common_attributes.hsdev, |
3074 |
+ HID_USAGE_SENSOR_INCLINOMETER_3D, address, |
3075 |
+ report_id, |
3076 |
+- SENSOR_HUB_SYNC); |
3077 |
++ SENSOR_HUB_SYNC, |
3078 |
++ min < 0); |
3079 |
+ else { |
3080 |
+ hid_sensor_power_state(&incl_state->common_attributes, |
3081 |
+ false); |
3082 |
+diff --git a/drivers/iio/pressure/hid-sensor-press.c b/drivers/iio/pressure/hid-sensor-press.c |
3083 |
+index 4c437918f1d2..d7b1c00ceb4d 100644 |
3084 |
+--- a/drivers/iio/pressure/hid-sensor-press.c |
3085 |
++++ b/drivers/iio/pressure/hid-sensor-press.c |
3086 |
+@@ -77,6 +77,7 @@ static int press_read_raw(struct iio_dev *indio_dev, |
3087 |
+ int report_id = -1; |
3088 |
+ u32 address; |
3089 |
+ int ret_type; |
3090 |
++ s32 min; |
3091 |
+ |
3092 |
+ *val = 0; |
3093 |
+ *val2 = 0; |
3094 |
+@@ -85,8 +86,8 @@ static int press_read_raw(struct iio_dev *indio_dev, |
3095 |
+ switch (chan->scan_index) { |
3096 |
+ case CHANNEL_SCAN_INDEX_PRESSURE: |
3097 |
+ report_id = press_state->press_attr.report_id; |
3098 |
+- address = |
3099 |
+- HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE; |
3100 |
++ min = press_state->press_attr.logical_minimum; |
3101 |
++ address = HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE; |
3102 |
+ break; |
3103 |
+ default: |
3104 |
+ report_id = -1; |
3105 |
+@@ -99,7 +100,8 @@ static int press_read_raw(struct iio_dev *indio_dev, |
3106 |
+ press_state->common_attributes.hsdev, |
3107 |
+ HID_USAGE_SENSOR_PRESSURE, address, |
3108 |
+ report_id, |
3109 |
+- SENSOR_HUB_SYNC); |
3110 |
++ SENSOR_HUB_SYNC, |
3111 |
++ min < 0); |
3112 |
+ hid_sensor_power_state(&press_state->common_attributes, |
3113 |
+ false); |
3114 |
+ } else { |
3115 |
+diff --git a/drivers/iio/temperature/hid-sensor-temperature.c b/drivers/iio/temperature/hid-sensor-temperature.c |
3116 |
+index beaf6fd3e337..b592fc4f007e 100644 |
3117 |
+--- a/drivers/iio/temperature/hid-sensor-temperature.c |
3118 |
++++ b/drivers/iio/temperature/hid-sensor-temperature.c |
3119 |
+@@ -76,7 +76,8 @@ static int temperature_read_raw(struct iio_dev *indio_dev, |
3120 |
+ HID_USAGE_SENSOR_TEMPERATURE, |
3121 |
+ HID_USAGE_SENSOR_DATA_ENVIRONMENTAL_TEMPERATURE, |
3122 |
+ temp_st->temperature_attr.report_id, |
3123 |
+- SENSOR_HUB_SYNC); |
3124 |
++ SENSOR_HUB_SYNC, |
3125 |
++ temp_st->temperature_attr.logical_minimum < 0); |
3126 |
+ hid_sensor_power_state( |
3127 |
+ &temp_st->common_attributes, |
3128 |
+ false); |
3129 |
+diff --git a/drivers/misc/mic/scif/scif_rma.c b/drivers/misc/mic/scif/scif_rma.c |
3130 |
+index c824329f7012..0e4193cb08cf 100644 |
3131 |
+--- a/drivers/misc/mic/scif/scif_rma.c |
3132 |
++++ b/drivers/misc/mic/scif/scif_rma.c |
3133 |
+@@ -416,7 +416,7 @@ static int scif_create_remote_lookup(struct scif_dev *remote_dev, |
3134 |
+ if (err) |
3135 |
+ goto error_window; |
3136 |
+ err = scif_map_page(&window->num_pages_lookup.lookup[j], |
3137 |
+- vmalloc_dma_phys ? |
3138 |
++ vmalloc_num_pages ? |
3139 |
+ vmalloc_to_page(&window->num_pages[i]) : |
3140 |
+ virt_to_page(&window->num_pages[i]), |
3141 |
+ remote_dev); |
3142 |
+diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_main.c b/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
3143 |
+index 768f584f8392..88f8a8fa93cd 100644 |
3144 |
+--- a/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
3145 |
++++ b/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
3146 |
+@@ -1784,6 +1784,7 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) |
3147 |
+ bool if_up = netif_running(nic->netdev); |
3148 |
+ struct bpf_prog *old_prog; |
3149 |
+ bool bpf_attached = false; |
3150 |
++ int ret = 0; |
3151 |
+ |
3152 |
+ /* For now just support only the usual MTU sized frames */ |
3153 |
+ if (prog && (dev->mtu > 1500)) { |
3154 |
+@@ -1817,8 +1818,12 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) |
3155 |
+ if (nic->xdp_prog) { |
3156 |
+ /* Attach BPF program */ |
3157 |
+ nic->xdp_prog = bpf_prog_add(nic->xdp_prog, nic->rx_queues - 1); |
3158 |
+- if (!IS_ERR(nic->xdp_prog)) |
3159 |
++ if (!IS_ERR(nic->xdp_prog)) { |
3160 |
+ bpf_attached = true; |
3161 |
++ } else { |
3162 |
++ ret = PTR_ERR(nic->xdp_prog); |
3163 |
++ nic->xdp_prog = NULL; |
3164 |
++ } |
3165 |
+ } |
3166 |
+ |
3167 |
+ /* Calculate Tx queues needed for XDP and network stack */ |
3168 |
+@@ -1830,7 +1835,7 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) |
3169 |
+ netif_trans_update(nic->netdev); |
3170 |
+ } |
3171 |
+ |
3172 |
+- return 0; |
3173 |
++ return ret; |
3174 |
+ } |
3175 |
+ |
3176 |
+ static int nicvf_xdp(struct net_device *netdev, struct netdev_bpf *xdp) |
3177 |
+diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c |
3178 |
+index 187a249ff2d1..fcaf18fa3904 100644 |
3179 |
+--- a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c |
3180 |
++++ b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c |
3181 |
+@@ -585,10 +585,12 @@ static void nicvf_free_snd_queue(struct nicvf *nic, struct snd_queue *sq) |
3182 |
+ if (!sq->dmem.base) |
3183 |
+ return; |
3184 |
+ |
3185 |
+- if (sq->tso_hdrs) |
3186 |
++ if (sq->tso_hdrs) { |
3187 |
+ dma_free_coherent(&nic->pdev->dev, |
3188 |
+ sq->dmem.q_len * TSO_HEADER_SIZE, |
3189 |
+ sq->tso_hdrs, sq->tso_hdrs_phys); |
3190 |
++ sq->tso_hdrs = NULL; |
3191 |
++ } |
3192 |
+ |
3193 |
+ /* Free pending skbs in the queue */ |
3194 |
+ smp_rmb(); |
3195 |
+diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c |
3196 |
+index 1c9ad3630c77..dfd1ad0b1cb9 100644 |
3197 |
+--- a/drivers/net/ethernet/cortina/gemini.c |
3198 |
++++ b/drivers/net/ethernet/cortina/gemini.c |
3199 |
+@@ -661,7 +661,7 @@ static void gmac_clean_txq(struct net_device *netdev, struct gmac_txq *txq, |
3200 |
+ |
3201 |
+ u64_stats_update_begin(&port->tx_stats_syncp); |
3202 |
+ port->tx_frag_stats[nfrags]++; |
3203 |
+- u64_stats_update_end(&port->ir_stats_syncp); |
3204 |
++ u64_stats_update_end(&port->tx_stats_syncp); |
3205 |
+ } |
3206 |
+ } |
3207 |
+ |
3208 |
+diff --git a/drivers/net/ethernet/microchip/lan743x_main.c b/drivers/net/ethernet/microchip/lan743x_main.c |
3209 |
+index 001b5f714c1b..aaedf1072460 100644 |
3210 |
+--- a/drivers/net/ethernet/microchip/lan743x_main.c |
3211 |
++++ b/drivers/net/ethernet/microchip/lan743x_main.c |
3212 |
+@@ -1675,7 +1675,7 @@ static int lan743x_tx_napi_poll(struct napi_struct *napi, int weight) |
3213 |
+ netif_wake_queue(adapter->netdev); |
3214 |
+ } |
3215 |
+ |
3216 |
+- if (!napi_complete_done(napi, weight)) |
3217 |
++ if (!napi_complete(napi)) |
3218 |
+ goto done; |
3219 |
+ |
3220 |
+ /* enable isr */ |
3221 |
+@@ -1684,7 +1684,7 @@ static int lan743x_tx_napi_poll(struct napi_struct *napi, int weight) |
3222 |
+ lan743x_csr_read(adapter, INT_STS); |
3223 |
+ |
3224 |
+ done: |
3225 |
+- return weight; |
3226 |
++ return 0; |
3227 |
+ } |
3228 |
+ |
3229 |
+ static void lan743x_tx_ring_cleanup(struct lan743x_tx *tx) |
3230 |
+@@ -1873,9 +1873,9 @@ static int lan743x_tx_open(struct lan743x_tx *tx) |
3231 |
+ tx->vector_flags = lan743x_intr_get_vector_flags(adapter, |
3232 |
+ INT_BIT_DMA_TX_ |
3233 |
+ (tx->channel_number)); |
3234 |
+- netif_napi_add(adapter->netdev, |
3235 |
+- &tx->napi, lan743x_tx_napi_poll, |
3236 |
+- tx->ring_size - 1); |
3237 |
++ netif_tx_napi_add(adapter->netdev, |
3238 |
++ &tx->napi, lan743x_tx_napi_poll, |
3239 |
++ tx->ring_size - 1); |
3240 |
+ napi_enable(&tx->napi); |
3241 |
+ |
3242 |
+ data = 0; |
3243 |
+@@ -3020,6 +3020,7 @@ static const struct dev_pm_ops lan743x_pm_ops = { |
3244 |
+ |
3245 |
+ static const struct pci_device_id lan743x_pcidev_tbl[] = { |
3246 |
+ { PCI_DEVICE(PCI_VENDOR_ID_SMSC, PCI_DEVICE_ID_SMSC_LAN7430) }, |
3247 |
++ { PCI_DEVICE(PCI_VENDOR_ID_SMSC, PCI_DEVICE_ID_SMSC_LAN7431) }, |
3248 |
+ { 0, } |
3249 |
+ }; |
3250 |
+ |
3251 |
+diff --git a/drivers/net/ethernet/microchip/lan743x_main.h b/drivers/net/ethernet/microchip/lan743x_main.h |
3252 |
+index 0e82b6368798..2d6eea18973e 100644 |
3253 |
+--- a/drivers/net/ethernet/microchip/lan743x_main.h |
3254 |
++++ b/drivers/net/ethernet/microchip/lan743x_main.h |
3255 |
+@@ -548,6 +548,7 @@ struct lan743x_adapter; |
3256 |
+ /* SMSC acquired EFAR late 1990's, MCHP acquired SMSC 2012 */ |
3257 |
+ #define PCI_VENDOR_ID_SMSC PCI_VENDOR_ID_EFAR |
3258 |
+ #define PCI_DEVICE_ID_SMSC_LAN7430 (0x7430) |
3259 |
++#define PCI_DEVICE_ID_SMSC_LAN7431 (0x7431) |
3260 |
+ |
3261 |
+ #define PCI_CONFIG_LENGTH (0x1000) |
3262 |
+ |
3263 |
+diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c |
3264 |
+index 19ab8a7d1e48..733e35b7c4bb 100644 |
3265 |
+--- a/drivers/net/phy/phy_device.c |
3266 |
++++ b/drivers/net/phy/phy_device.c |
3267 |
+@@ -1930,6 +1930,14 @@ int phy_driver_register(struct phy_driver *new_driver, struct module *owner) |
3268 |
+ new_driver->mdiodrv.driver.remove = phy_remove; |
3269 |
+ new_driver->mdiodrv.driver.owner = owner; |
3270 |
+ |
3271 |
++ /* The following works around an issue where the PHY driver doesn't bind |
3272 |
++ * to the device, resulting in the genphy driver being used instead of |
3273 |
++ * the dedicated driver. The root cause of the issue isn't known yet |
3274 |
++ * and seems to be in the base driver core. Once this is fixed we may |
3275 |
++ * remove this workaround. |
3276 |
++ */ |
3277 |
++ new_driver->mdiodrv.driver.probe_type = PROBE_FORCE_SYNCHRONOUS; |
3278 |
++ |
3279 |
+ retval = driver_register(&new_driver->mdiodrv.driver); |
3280 |
+ if (retval) { |
3281 |
+ pr_err("%s: Error %d in registering driver\n", |
3282 |
+diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c |
3283 |
+index e9f101c9bae2..bfbb39f93554 100644 |
3284 |
+--- a/drivers/net/rionet.c |
3285 |
++++ b/drivers/net/rionet.c |
3286 |
+@@ -216,9 +216,9 @@ static int rionet_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
3287 |
+ * it just report sending a packet to the target |
3288 |
+ * (without actual packet transfer). |
3289 |
+ */ |
3290 |
+- dev_kfree_skb_any(skb); |
3291 |
+ ndev->stats.tx_packets++; |
3292 |
+ ndev->stats.tx_bytes += skb->len; |
3293 |
++ dev_kfree_skb_any(skb); |
3294 |
+ } |
3295 |
+ } |
3296 |
+ |
3297 |
+diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c |
3298 |
+index 7275761a1177..3d8a70d3ea9b 100644 |
3299 |
+--- a/drivers/net/usb/ipheth.c |
3300 |
++++ b/drivers/net/usb/ipheth.c |
3301 |
+@@ -140,7 +140,6 @@ struct ipheth_device { |
3302 |
+ struct usb_device *udev; |
3303 |
+ struct usb_interface *intf; |
3304 |
+ struct net_device *net; |
3305 |
+- struct sk_buff *tx_skb; |
3306 |
+ struct urb *tx_urb; |
3307 |
+ struct urb *rx_urb; |
3308 |
+ unsigned char *tx_buf; |
3309 |
+@@ -230,6 +229,7 @@ static void ipheth_rcvbulk_callback(struct urb *urb) |
3310 |
+ case -ENOENT: |
3311 |
+ case -ECONNRESET: |
3312 |
+ case -ESHUTDOWN: |
3313 |
++ case -EPROTO: |
3314 |
+ return; |
3315 |
+ case 0: |
3316 |
+ break; |
3317 |
+@@ -281,7 +281,6 @@ static void ipheth_sndbulk_callback(struct urb *urb) |
3318 |
+ dev_err(&dev->intf->dev, "%s: urb status: %d\n", |
3319 |
+ __func__, status); |
3320 |
+ |
3321 |
+- dev_kfree_skb_irq(dev->tx_skb); |
3322 |
+ if (status == 0) |
3323 |
+ netif_wake_queue(dev->net); |
3324 |
+ else |
3325 |
+@@ -423,7 +422,7 @@ static int ipheth_tx(struct sk_buff *skb, struct net_device *net) |
3326 |
+ if (skb->len > IPHETH_BUF_SIZE) { |
3327 |
+ WARN(1, "%s: skb too large: %d bytes\n", __func__, skb->len); |
3328 |
+ dev->net->stats.tx_dropped++; |
3329 |
+- dev_kfree_skb_irq(skb); |
3330 |
++ dev_kfree_skb_any(skb); |
3331 |
+ return NETDEV_TX_OK; |
3332 |
+ } |
3333 |
+ |
3334 |
+@@ -443,12 +442,11 @@ static int ipheth_tx(struct sk_buff *skb, struct net_device *net) |
3335 |
+ dev_err(&dev->intf->dev, "%s: usb_submit_urb: %d\n", |
3336 |
+ __func__, retval); |
3337 |
+ dev->net->stats.tx_errors++; |
3338 |
+- dev_kfree_skb_irq(skb); |
3339 |
++ dev_kfree_skb_any(skb); |
3340 |
+ } else { |
3341 |
+- dev->tx_skb = skb; |
3342 |
+- |
3343 |
+ dev->net->stats.tx_packets++; |
3344 |
+ dev->net->stats.tx_bytes += skb->len; |
3345 |
++ dev_consume_skb_any(skb); |
3346 |
+ netif_stop_queue(net); |
3347 |
+ } |
3348 |
+ |
3349 |
+diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c |
3350 |
+index ddfa3f24204c..c2ca6cd3fbe0 100644 |
3351 |
+--- a/drivers/net/virtio_net.c |
3352 |
++++ b/drivers/net/virtio_net.c |
3353 |
+@@ -70,7 +70,8 @@ static const unsigned long guest_offloads[] = { |
3354 |
+ VIRTIO_NET_F_GUEST_TSO4, |
3355 |
+ VIRTIO_NET_F_GUEST_TSO6, |
3356 |
+ VIRTIO_NET_F_GUEST_ECN, |
3357 |
+- VIRTIO_NET_F_GUEST_UFO |
3358 |
++ VIRTIO_NET_F_GUEST_UFO, |
3359 |
++ VIRTIO_NET_F_GUEST_CSUM |
3360 |
+ }; |
3361 |
+ |
3362 |
+ struct virtnet_stat_desc { |
3363 |
+@@ -2285,9 +2286,6 @@ static int virtnet_clear_guest_offloads(struct virtnet_info *vi) |
3364 |
+ if (!vi->guest_offloads) |
3365 |
+ return 0; |
3366 |
+ |
3367 |
+- if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM)) |
3368 |
+- offloads = 1ULL << VIRTIO_NET_F_GUEST_CSUM; |
3369 |
+- |
3370 |
+ return virtnet_set_guest_offloads(vi, offloads); |
3371 |
+ } |
3372 |
+ |
3373 |
+@@ -2297,8 +2295,6 @@ static int virtnet_restore_guest_offloads(struct virtnet_info *vi) |
3374 |
+ |
3375 |
+ if (!vi->guest_offloads) |
3376 |
+ return 0; |
3377 |
+- if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM)) |
3378 |
+- offloads |= 1ULL << VIRTIO_NET_F_GUEST_CSUM; |
3379 |
+ |
3380 |
+ return virtnet_set_guest_offloads(vi, offloads); |
3381 |
+ } |
3382 |
+@@ -2316,8 +2312,9 @@ static int virtnet_xdp_set(struct net_device *dev, struct bpf_prog *prog, |
3383 |
+ && (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_TSO4) || |
3384 |
+ virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_TSO6) || |
3385 |
+ virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_ECN) || |
3386 |
+- virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_UFO))) { |
3387 |
+- NL_SET_ERR_MSG_MOD(extack, "Can't set XDP while host is implementing LRO, disable LRO first"); |
3388 |
++ virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_UFO) || |
3389 |
++ virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM))) { |
3390 |
++ NL_SET_ERR_MSG_MOD(extack, "Can't set XDP while host is implementing LRO/CSUM, disable LRO/CSUM first"); |
3391 |
+ return -EOPNOTSUPP; |
3392 |
+ } |
3393 |
+ |
3394 |
+diff --git a/drivers/pci/controller/dwc/pci-layerscape.c b/drivers/pci/controller/dwc/pci-layerscape.c |
3395 |
+index 3724d3ef7008..7aa9a82b7ebd 100644 |
3396 |
+--- a/drivers/pci/controller/dwc/pci-layerscape.c |
3397 |
++++ b/drivers/pci/controller/dwc/pci-layerscape.c |
3398 |
+@@ -88,7 +88,7 @@ static void ls_pcie_disable_outbound_atus(struct ls_pcie *pcie) |
3399 |
+ int i; |
3400 |
+ |
3401 |
+ for (i = 0; i < PCIE_IATU_NUM; i++) |
3402 |
+- dw_pcie_disable_atu(pcie->pci, DW_PCIE_REGION_OUTBOUND, i); |
3403 |
++ dw_pcie_disable_atu(pcie->pci, i, DW_PCIE_REGION_OUTBOUND); |
3404 |
+ } |
3405 |
+ |
3406 |
+ static int ls1021_pcie_link_up(struct dw_pcie *pci) |
3407 |
+diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c |
3408 |
+index 1e7b02221eac..de8635af4cde 100644 |
3409 |
+--- a/drivers/pci/controller/dwc/pcie-designware-ep.c |
3410 |
++++ b/drivers/pci/controller/dwc/pcie-designware-ep.c |
3411 |
+@@ -440,7 +440,6 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, |
3412 |
+ tbl_offset = dw_pcie_readl_dbi(pci, reg); |
3413 |
+ bir = (tbl_offset & PCI_MSIX_TABLE_BIR); |
3414 |
+ tbl_offset &= PCI_MSIX_TABLE_OFFSET; |
3415 |
+- tbl_offset >>= 3; |
3416 |
+ |
3417 |
+ reg = PCI_BASE_ADDRESS_0 + (4 * bir); |
3418 |
+ bar_addr_upper = 0; |
3419 |
+diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c |
3420 |
+index 51b6c81671c1..afc4680c584f 100644 |
3421 |
+--- a/drivers/pci/pci.c |
3422 |
++++ b/drivers/pci/pci.c |
3423 |
+@@ -5473,9 +5473,13 @@ enum pci_bus_speed pcie_get_speed_cap(struct pci_dev *dev) |
3424 |
+ u32 lnkcap2, lnkcap; |
3425 |
+ |
3426 |
+ /* |
3427 |
+- * PCIe r4.0 sec 7.5.3.18 recommends using the Supported Link |
3428 |
+- * Speeds Vector in Link Capabilities 2 when supported, falling |
3429 |
+- * back to Max Link Speed in Link Capabilities otherwise. |
3430 |
++ * Link Capabilities 2 was added in PCIe r3.0, sec 7.8.18. The |
3431 |
++ * implementation note there recommends using the Supported Link |
3432 |
++ * Speeds Vector in Link Capabilities 2 when supported. |
3433 |
++ * |
3434 |
++ * Without Link Capabilities 2, i.e., prior to PCIe r3.0, software |
3435 |
++ * should use the Supported Link Speeds field in Link Capabilities, |
3436 |
++ * where only 2.5 GT/s and 5.0 GT/s speeds were defined. |
3437 |
+ */ |
3438 |
+ pcie_capability_read_dword(dev, PCI_EXP_LNKCAP2, &lnkcap2); |
3439 |
+ if (lnkcap2) { /* PCIe r3.0-compliant */ |
3440 |
+@@ -5491,16 +5495,10 @@ enum pci_bus_speed pcie_get_speed_cap(struct pci_dev *dev) |
3441 |
+ } |
3442 |
+ |
3443 |
+ pcie_capability_read_dword(dev, PCI_EXP_LNKCAP, &lnkcap); |
3444 |
+- if (lnkcap) { |
3445 |
+- if (lnkcap & PCI_EXP_LNKCAP_SLS_16_0GB) |
3446 |
+- return PCIE_SPEED_16_0GT; |
3447 |
+- else if (lnkcap & PCI_EXP_LNKCAP_SLS_8_0GB) |
3448 |
+- return PCIE_SPEED_8_0GT; |
3449 |
+- else if (lnkcap & PCI_EXP_LNKCAP_SLS_5_0GB) |
3450 |
+- return PCIE_SPEED_5_0GT; |
3451 |
+- else if (lnkcap & PCI_EXP_LNKCAP_SLS_2_5GB) |
3452 |
+- return PCIE_SPEED_2_5GT; |
3453 |
+- } |
3454 |
++ if ((lnkcap & PCI_EXP_LNKCAP_SLS) == PCI_EXP_LNKCAP_SLS_5_0GB) |
3455 |
++ return PCIE_SPEED_5_0GT; |
3456 |
++ else if ((lnkcap & PCI_EXP_LNKCAP_SLS) == PCI_EXP_LNKCAP_SLS_2_5GB) |
3457 |
++ return PCIE_SPEED_2_5GT; |
3458 |
+ |
3459 |
+ return PCI_SPEED_UNKNOWN; |
3460 |
+ } |
3461 |
+diff --git a/drivers/rtc/rtc-hid-sensor-time.c b/drivers/rtc/rtc-hid-sensor-time.c |
3462 |
+index 2751dba850c6..3e1abb455472 100644 |
3463 |
+--- a/drivers/rtc/rtc-hid-sensor-time.c |
3464 |
++++ b/drivers/rtc/rtc-hid-sensor-time.c |
3465 |
+@@ -213,7 +213,7 @@ static int hid_rtc_read_time(struct device *dev, struct rtc_time *tm) |
3466 |
+ /* get a report with all values through requesting one value */ |
3467 |
+ sensor_hub_input_attr_get_raw_value(time_state->common_attributes.hsdev, |
3468 |
+ HID_USAGE_SENSOR_TIME, hid_time_addresses[0], |
3469 |
+- time_state->info[0].report_id, SENSOR_HUB_SYNC); |
3470 |
++ time_state->info[0].report_id, SENSOR_HUB_SYNC, false); |
3471 |
+ /* wait for all values (event) */ |
3472 |
+ ret = wait_for_completion_killable_timeout( |
3473 |
+ &time_state->comp_last_time, HZ*6); |
3474 |
+diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c |
3475 |
+index ffce6f39828a..b03515d43745 100644 |
3476 |
+--- a/drivers/s390/net/qeth_core_main.c |
3477 |
++++ b/drivers/s390/net/qeth_core_main.c |
3478 |
+@@ -4524,8 +4524,8 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3479 |
+ { |
3480 |
+ struct qeth_ipa_cmd *cmd; |
3481 |
+ struct qeth_arp_query_info *qinfo; |
3482 |
+- struct qeth_snmp_cmd *snmp; |
3483 |
+ unsigned char *data; |
3484 |
++ void *snmp_data; |
3485 |
+ __u16 data_len; |
3486 |
+ |
3487 |
+ QETH_CARD_TEXT(card, 3, "snpcmdcb"); |
3488 |
+@@ -4533,7 +4533,6 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3489 |
+ cmd = (struct qeth_ipa_cmd *) sdata; |
3490 |
+ data = (unsigned char *)((char *)cmd - reply->offset); |
3491 |
+ qinfo = (struct qeth_arp_query_info *) reply->param; |
3492 |
+- snmp = &cmd->data.setadapterparms.data.snmp; |
3493 |
+ |
3494 |
+ if (cmd->hdr.return_code) { |
3495 |
+ QETH_CARD_TEXT_(card, 4, "scer1%x", cmd->hdr.return_code); |
3496 |
+@@ -4546,10 +4545,15 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3497 |
+ return 0; |
3498 |
+ } |
3499 |
+ data_len = *((__u16 *)QETH_IPA_PDU_LEN_PDU1(data)); |
3500 |
+- if (cmd->data.setadapterparms.hdr.seq_no == 1) |
3501 |
+- data_len -= (__u16)((char *)&snmp->data - (char *)cmd); |
3502 |
+- else |
3503 |
+- data_len -= (__u16)((char *)&snmp->request - (char *)cmd); |
3504 |
++ if (cmd->data.setadapterparms.hdr.seq_no == 1) { |
3505 |
++ snmp_data = &cmd->data.setadapterparms.data.snmp; |
3506 |
++ data_len -= offsetof(struct qeth_ipa_cmd, |
3507 |
++ data.setadapterparms.data.snmp); |
3508 |
++ } else { |
3509 |
++ snmp_data = &cmd->data.setadapterparms.data.snmp.request; |
3510 |
++ data_len -= offsetof(struct qeth_ipa_cmd, |
3511 |
++ data.setadapterparms.data.snmp.request); |
3512 |
++ } |
3513 |
+ |
3514 |
+ /* check if there is enough room in userspace */ |
3515 |
+ if ((qinfo->udata_len - qinfo->udata_offset) < data_len) { |
3516 |
+@@ -4562,16 +4566,9 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3517 |
+ QETH_CARD_TEXT_(card, 4, "sseqn%i", |
3518 |
+ cmd->data.setadapterparms.hdr.seq_no); |
3519 |
+ /*copy entries to user buffer*/ |
3520 |
+- if (cmd->data.setadapterparms.hdr.seq_no == 1) { |
3521 |
+- memcpy(qinfo->udata + qinfo->udata_offset, |
3522 |
+- (char *)snmp, |
3523 |
+- data_len + offsetof(struct qeth_snmp_cmd, data)); |
3524 |
+- qinfo->udata_offset += offsetof(struct qeth_snmp_cmd, data); |
3525 |
+- } else { |
3526 |
+- memcpy(qinfo->udata + qinfo->udata_offset, |
3527 |
+- (char *)&snmp->request, data_len); |
3528 |
+- } |
3529 |
++ memcpy(qinfo->udata + qinfo->udata_offset, snmp_data, data_len); |
3530 |
+ qinfo->udata_offset += data_len; |
3531 |
++ |
3532 |
+ /* check if all replies received ... */ |
3533 |
+ QETH_CARD_TEXT_(card, 4, "srtot%i", |
3534 |
+ cmd->data.setadapterparms.hdr.used_total); |
3535 |
+diff --git a/drivers/staging/most/core.c b/drivers/staging/most/core.c |
3536 |
+index f4c464625a67..52ad62722996 100644 |
3537 |
+--- a/drivers/staging/most/core.c |
3538 |
++++ b/drivers/staging/most/core.c |
3539 |
+@@ -351,7 +351,7 @@ static ssize_t set_datatype_show(struct device *dev, |
3540 |
+ |
3541 |
+ for (i = 0; i < ARRAY_SIZE(ch_data_type); i++) { |
3542 |
+ if (c->cfg.data_type & ch_data_type[i].most_ch_data_type) |
3543 |
+- return snprintf(buf, PAGE_SIZE, ch_data_type[i].name); |
3544 |
++ return snprintf(buf, PAGE_SIZE, "%s", ch_data_type[i].name); |
3545 |
+ } |
3546 |
+ return snprintf(buf, PAGE_SIZE, "unconfigured\n"); |
3547 |
+ } |
3548 |
+diff --git a/drivers/staging/mt7621-dma/mtk-hsdma.c b/drivers/staging/mt7621-dma/mtk-hsdma.c |
3549 |
+index df6ebf41bdea..5831f816c17b 100644 |
3550 |
+--- a/drivers/staging/mt7621-dma/mtk-hsdma.c |
3551 |
++++ b/drivers/staging/mt7621-dma/mtk-hsdma.c |
3552 |
+@@ -335,6 +335,8 @@ static int mtk_hsdma_start_transfer(struct mtk_hsdam_engine *hsdma, |
3553 |
+ /* tx desc */ |
3554 |
+ src = sg->src_addr; |
3555 |
+ for (i = 0; i < chan->desc->num_sgs; i++) { |
3556 |
++ tx_desc = &chan->tx_ring[chan->tx_idx]; |
3557 |
++ |
3558 |
+ if (len > HSDMA_MAX_PLEN) |
3559 |
+ tlen = HSDMA_MAX_PLEN; |
3560 |
+ else |
3561 |
+@@ -344,7 +346,6 @@ static int mtk_hsdma_start_transfer(struct mtk_hsdam_engine *hsdma, |
3562 |
+ tx_desc->addr1 = src; |
3563 |
+ tx_desc->flags |= HSDMA_DESC_PLEN1(tlen); |
3564 |
+ } else { |
3565 |
+- tx_desc = &chan->tx_ring[chan->tx_idx]; |
3566 |
+ tx_desc->addr0 = src; |
3567 |
+ tx_desc->flags = HSDMA_DESC_PLEN0(tlen); |
3568 |
+ |
3569 |
+diff --git a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c |
3570 |
+index b8566ed898f1..aa98fbb17013 100644 |
3571 |
+--- a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c |
3572 |
++++ b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c |
3573 |
+@@ -82,7 +82,7 @@ static int rt2880_pinctrl_dt_node_to_map(struct pinctrl_dev *pctrldev, |
3574 |
+ struct property *prop; |
3575 |
+ const char *function_name, *group_name; |
3576 |
+ int ret; |
3577 |
+- int ngroups; |
3578 |
++ int ngroups = 0; |
3579 |
+ unsigned int reserved_maps = 0; |
3580 |
+ |
3581 |
+ for_each_node_with_property(np_config, "group") |
3582 |
+diff --git a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c |
3583 |
+index 85077947b9b8..85aba8a503cd 100644 |
3584 |
+--- a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c |
3585 |
++++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c |
3586 |
+@@ -109,12 +109,12 @@ static void update_recvframe_phyinfo(union recv_frame *precvframe, |
3587 |
+ rx_bssid = get_hdr_bssid(wlanhdr); |
3588 |
+ pkt_info.bssid_match = ((!IsFrameTypeCtrl(wlanhdr)) && |
3589 |
+ !pattrib->icv_err && !pattrib->crc_err && |
3590 |
+- !ether_addr_equal(rx_bssid, my_bssid)); |
3591 |
++ ether_addr_equal(rx_bssid, my_bssid)); |
3592 |
+ |
3593 |
+ rx_ra = get_ra(wlanhdr); |
3594 |
+ my_hwaddr = myid(&padapter->eeprompriv); |
3595 |
+ pkt_info.to_self = pkt_info.bssid_match && |
3596 |
+- !ether_addr_equal(rx_ra, my_hwaddr); |
3597 |
++ ether_addr_equal(rx_ra, my_hwaddr); |
3598 |
+ |
3599 |
+ |
3600 |
+ pkt_info.is_beacon = pkt_info.bssid_match && |
3601 |
+diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c |
3602 |
+index af2234798fa8..db553f2e4c0b 100644 |
3603 |
+--- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c |
3604 |
++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c |
3605 |
+@@ -1277,7 +1277,7 @@ static int cfg80211_rtw_get_station(struct wiphy *wiphy, |
3606 |
+ |
3607 |
+ sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS); |
3608 |
+ sinfo->tx_packets = psta->sta_stats.tx_pkts; |
3609 |
+- |
3610 |
++ sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED); |
3611 |
+ } |
3612 |
+ |
3613 |
+ /* for Ad-Hoc/AP mode */ |
3614 |
+diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c |
3615 |
+index bc05c69383b8..fe431302a030 100644 |
3616 |
+--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c |
3617 |
++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c |
3618 |
+@@ -1787,6 +1787,7 @@ vchiq_compat_ioctl_await_completion(struct file *file, |
3619 |
+ struct vchiq_await_completion32 args32; |
3620 |
+ struct vchiq_completion_data32 completion32; |
3621 |
+ unsigned int *msgbufcount32; |
3622 |
++ unsigned int msgbufcount_native; |
3623 |
+ compat_uptr_t msgbuf32; |
3624 |
+ void *msgbuf; |
3625 |
+ void **msgbufptr; |
3626 |
+@@ -1898,7 +1899,11 @@ vchiq_compat_ioctl_await_completion(struct file *file, |
3627 |
+ sizeof(completion32))) |
3628 |
+ return -EFAULT; |
3629 |
+ |
3630 |
+- args32.msgbufcount--; |
3631 |
++ if (get_user(msgbufcount_native, &args->msgbufcount)) |
3632 |
++ return -EFAULT; |
3633 |
++ |
3634 |
++ if (!msgbufcount_native) |
3635 |
++ args32.msgbufcount--; |
3636 |
+ |
3637 |
+ msgbufcount32 = |
3638 |
+ &((struct vchiq_await_completion32 __user *)arg)->msgbufcount; |
3639 |
+diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c |
3640 |
+index f9ff03e6af93..0690fcff0ea2 100644 |
3641 |
+--- a/drivers/usb/core/quirks.c |
3642 |
++++ b/drivers/usb/core/quirks.c |
3643 |
+@@ -209,6 +209,9 @@ static const struct usb_device_id usb_quirk_list[] = { |
3644 |
+ /* Microsoft LifeCam-VX700 v2.0 */ |
3645 |
+ { USB_DEVICE(0x045e, 0x0770), .driver_info = USB_QUIRK_RESET_RESUME }, |
3646 |
+ |
3647 |
++ /* Cherry Stream G230 2.0 (G85-231) and 3.0 (G85-232) */ |
3648 |
++ { USB_DEVICE(0x046a, 0x0023), .driver_info = USB_QUIRK_RESET_RESUME }, |
3649 |
++ |
3650 |
+ /* Logitech HD Pro Webcams C920, C920-C, C925e and C930e */ |
3651 |
+ { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, |
3652 |
+ { USB_DEVICE(0x046d, 0x0841), .driver_info = USB_QUIRK_DELAY_INIT }, |
3653 |
+diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c |
3654 |
+index 2de1a3971a26..558949b826d0 100644 |
3655 |
+--- a/drivers/usb/dwc3/gadget.c |
3656 |
++++ b/drivers/usb/dwc3/gadget.c |
3657 |
+@@ -1461,9 +1461,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) |
3658 |
+ unsigned transfer_in_flight; |
3659 |
+ unsigned started; |
3660 |
+ |
3661 |
+- if (dep->flags & DWC3_EP_STALL) |
3662 |
+- return 0; |
3663 |
+- |
3664 |
+ if (dep->number > 1) |
3665 |
+ trb = dwc3_ep_prev_trb(dep, dep->trb_enqueue); |
3666 |
+ else |
3667 |
+@@ -1485,8 +1482,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) |
3668 |
+ else |
3669 |
+ dep->flags |= DWC3_EP_STALL; |
3670 |
+ } else { |
3671 |
+- if (!(dep->flags & DWC3_EP_STALL)) |
3672 |
+- return 0; |
3673 |
+ |
3674 |
+ ret = dwc3_send_clear_stall_ep_cmd(dep); |
3675 |
+ if (ret) |
3676 |
+diff --git a/drivers/usb/storage/unusual_realtek.h b/drivers/usb/storage/unusual_realtek.h |
3677 |
+index d17cd95b55bb..6b2140f966ef 100644 |
3678 |
+--- a/drivers/usb/storage/unusual_realtek.h |
3679 |
++++ b/drivers/usb/storage/unusual_realtek.h |
3680 |
+@@ -27,4 +27,14 @@ UNUSUAL_DEV(0x0bda, 0x0159, 0x0000, 0x9999, |
3681 |
+ "USB Card Reader", |
3682 |
+ USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), |
3683 |
+ |
3684 |
++UNUSUAL_DEV(0x0bda, 0x0177, 0x0000, 0x9999, |
3685 |
++ "Realtek", |
3686 |
++ "USB Card Reader", |
3687 |
++ USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), |
3688 |
++ |
3689 |
++UNUSUAL_DEV(0x0bda, 0x0184, 0x0000, 0x9999, |
3690 |
++ "Realtek", |
3691 |
++ "USB Card Reader", |
3692 |
++ USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), |
3693 |
++ |
3694 |
+ #endif /* defined(CONFIG_USB_STORAGE_REALTEK) || ... */ |
3695 |
+diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
3696 |
+index dc52ce5e495f..834a3f5ef642 100644 |
3697 |
+--- a/fs/btrfs/disk-io.c |
3698 |
++++ b/fs/btrfs/disk-io.c |
3699 |
+@@ -477,9 +477,9 @@ static int btree_read_extent_buffer_pages(struct btrfs_fs_info *fs_info, |
3700 |
+ int mirror_num = 0; |
3701 |
+ int failed_mirror = 0; |
3702 |
+ |
3703 |
+- clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); |
3704 |
+ io_tree = &BTRFS_I(fs_info->btree_inode)->io_tree; |
3705 |
+ while (1) { |
3706 |
++ clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); |
3707 |
+ ret = read_extent_buffer_pages(io_tree, eb, WAIT_COMPLETE, |
3708 |
+ mirror_num); |
3709 |
+ if (!ret) { |
3710 |
+@@ -493,15 +493,6 @@ static int btree_read_extent_buffer_pages(struct btrfs_fs_info *fs_info, |
3711 |
+ break; |
3712 |
+ } |
3713 |
+ |
3714 |
+- /* |
3715 |
+- * This buffer's crc is fine, but its contents are corrupted, so |
3716 |
+- * there is no reason to read the other copies, they won't be |
3717 |
+- * any less wrong. |
3718 |
+- */ |
3719 |
+- if (test_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags) || |
3720 |
+- ret == -EUCLEAN) |
3721 |
+- break; |
3722 |
+- |
3723 |
+ num_copies = btrfs_num_copies(fs_info, |
3724 |
+ eb->start, eb->len); |
3725 |
+ if (num_copies == 1) |
3726 |
+diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c |
3727 |
+index 7d81cc415264..ca4902c66dc4 100644 |
3728 |
+--- a/fs/btrfs/file.c |
3729 |
++++ b/fs/btrfs/file.c |
3730 |
+@@ -2088,6 +2088,30 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) |
3731 |
+ |
3732 |
+ atomic_inc(&root->log_batch); |
3733 |
+ |
3734 |
++ /* |
3735 |
++ * Before we acquired the inode's lock, someone may have dirtied more |
3736 |
++ * pages in the target range. We need to make sure that writeback for |
3737 |
++ * any such pages does not start while we are logging the inode, because |
3738 |
++ * if it does, any of the following might happen when we are not doing a |
3739 |
++ * full inode sync: |
3740 |
++ * |
3741 |
++ * 1) We log an extent after its writeback finishes but before its |
3742 |
++ * checksums are added to the csum tree, leading to -EIO errors |
3743 |
++ * when attempting to read the extent after a log replay. |
3744 |
++ * |
3745 |
++ * 2) We can end up logging an extent before its writeback finishes. |
3746 |
++ * Therefore after the log replay we will have a file extent item |
3747 |
++ * pointing to an unwritten extent (and no data checksums as well). |
3748 |
++ * |
3749 |
++ * So trigger writeback for any eventual new dirty pages and then we |
3750 |
++ * wait for all ordered extents to complete below. |
3751 |
++ */ |
3752 |
++ ret = start_ordered_ops(inode, start, end); |
3753 |
++ if (ret) { |
3754 |
++ inode_unlock(inode); |
3755 |
++ goto out; |
3756 |
++ } |
3757 |
++ |
3758 |
+ /* |
3759 |
+ * We have to do this here to avoid the priority inversion of waiting on |
3760 |
+ * IO of a lower priority task while holding a transaciton open. |
3761 |
+diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c |
3762 |
+index b070401406be..ff434663d65b 100644 |
3763 |
+--- a/fs/btrfs/qgroup.c |
3764 |
++++ b/fs/btrfs/qgroup.c |
3765 |
+@@ -2244,7 +2244,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, |
3766 |
+ int i; |
3767 |
+ u64 *i_qgroups; |
3768 |
+ struct btrfs_fs_info *fs_info = trans->fs_info; |
3769 |
+- struct btrfs_root *quota_root = fs_info->quota_root; |
3770 |
++ struct btrfs_root *quota_root; |
3771 |
+ struct btrfs_qgroup *srcgroup; |
3772 |
+ struct btrfs_qgroup *dstgroup; |
3773 |
+ u32 level_size = 0; |
3774 |
+@@ -2254,6 +2254,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, |
3775 |
+ if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags)) |
3776 |
+ goto out; |
3777 |
+ |
3778 |
++ quota_root = fs_info->quota_root; |
3779 |
+ if (!quota_root) { |
3780 |
+ ret = -EINVAL; |
3781 |
+ goto out; |
3782 |
+diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c |
3783 |
+index 60bf8dfe7df4..0526b6c473c7 100644 |
3784 |
+--- a/fs/btrfs/relocation.c |
3785 |
++++ b/fs/btrfs/relocation.c |
3786 |
+@@ -3963,6 +3963,7 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) |
3787 |
+ restart: |
3788 |
+ if (update_backref_cache(trans, &rc->backref_cache)) { |
3789 |
+ btrfs_end_transaction(trans); |
3790 |
++ trans = NULL; |
3791 |
+ continue; |
3792 |
+ } |
3793 |
+ |
3794 |
+diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c |
3795 |
+index 6601c9aa5e35..8ad145820ea8 100644 |
3796 |
+--- a/fs/btrfs/super.c |
3797 |
++++ b/fs/btrfs/super.c |
3798 |
+@@ -2235,6 +2235,7 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd, |
3799 |
+ vol = memdup_user((void __user *)arg, sizeof(*vol)); |
3800 |
+ if (IS_ERR(vol)) |
3801 |
+ return PTR_ERR(vol); |
3802 |
++ vol->name[BTRFS_PATH_NAME_MAX] = '\0'; |
3803 |
+ |
3804 |
+ switch (cmd) { |
3805 |
+ case BTRFS_IOC_SCAN_DEV: |
3806 |
+diff --git a/fs/direct-io.c b/fs/direct-io.c |
3807 |
+index 093fb54cd316..199146036093 100644 |
3808 |
+--- a/fs/direct-io.c |
3809 |
++++ b/fs/direct-io.c |
3810 |
+@@ -325,8 +325,8 @@ static ssize_t dio_complete(struct dio *dio, ssize_t ret, unsigned int flags) |
3811 |
+ */ |
3812 |
+ dio->iocb->ki_pos += transferred; |
3813 |
+ |
3814 |
+- if (dio->op == REQ_OP_WRITE) |
3815 |
+- ret = generic_write_sync(dio->iocb, transferred); |
3816 |
++ if (ret > 0 && dio->op == REQ_OP_WRITE) |
3817 |
++ ret = generic_write_sync(dio->iocb, ret); |
3818 |
+ dio->iocb->ki_complete(dio->iocb, ret, 0); |
3819 |
+ } |
3820 |
+ |
3821 |
+diff --git a/fs/ext2/super.c b/fs/ext2/super.c |
3822 |
+index 73bd58fa13de..0c38e31ec938 100644 |
3823 |
+--- a/fs/ext2/super.c |
3824 |
++++ b/fs/ext2/super.c |
3825 |
+@@ -895,6 +895,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent) |
3826 |
+ if (sb->s_magic != EXT2_SUPER_MAGIC) |
3827 |
+ goto cantfind_ext2; |
3828 |
+ |
3829 |
++ opts.s_mount_opt = 0; |
3830 |
+ /* Set defaults before we parse the mount options */ |
3831 |
+ def_mount_opts = le32_to_cpu(es->s_default_mount_opts); |
3832 |
+ if (def_mount_opts & EXT2_DEFM_DEBUG) |
3833 |
+diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c |
3834 |
+index 62d9a659a8ff..dd8f10db82e9 100644 |
3835 |
+--- a/fs/ext2/xattr.c |
3836 |
++++ b/fs/ext2/xattr.c |
3837 |
+@@ -612,9 +612,9 @@ skip_replace: |
3838 |
+ } |
3839 |
+ |
3840 |
+ cleanup: |
3841 |
+- brelse(bh); |
3842 |
+ if (!(bh && header == HDR(bh))) |
3843 |
+ kfree(header); |
3844 |
++ brelse(bh); |
3845 |
+ up_write(&EXT2_I(inode)->xattr_sem); |
3846 |
+ |
3847 |
+ return error; |
3848 |
+diff --git a/fs/udf/super.c b/fs/udf/super.c |
3849 |
+index b997e3116e37..c495db7165ae 100644 |
3850 |
+--- a/fs/udf/super.c |
3851 |
++++ b/fs/udf/super.c |
3852 |
+@@ -831,16 +831,20 @@ static int udf_load_pvoldesc(struct super_block *sb, sector_t block) |
3853 |
+ |
3854 |
+ |
3855 |
+ ret = udf_dstrCS0toChar(sb, outstr, 31, pvoldesc->volIdent, 32); |
3856 |
+- if (ret < 0) |
3857 |
+- goto out_bh; |
3858 |
+- |
3859 |
+- strncpy(UDF_SB(sb)->s_volume_ident, outstr, ret); |
3860 |
++ if (ret < 0) { |
3861 |
++ strcpy(UDF_SB(sb)->s_volume_ident, "InvalidName"); |
3862 |
++ pr_warn("incorrect volume identification, setting to " |
3863 |
++ "'InvalidName'\n"); |
3864 |
++ } else { |
3865 |
++ strncpy(UDF_SB(sb)->s_volume_ident, outstr, ret); |
3866 |
++ } |
3867 |
+ udf_debug("volIdent[] = '%s'\n", UDF_SB(sb)->s_volume_ident); |
3868 |
+ |
3869 |
+ ret = udf_dstrCS0toChar(sb, outstr, 127, pvoldesc->volSetIdent, 128); |
3870 |
+- if (ret < 0) |
3871 |
++ if (ret < 0) { |
3872 |
++ ret = 0; |
3873 |
+ goto out_bh; |
3874 |
+- |
3875 |
++ } |
3876 |
+ outstr[ret] = 0; |
3877 |
+ udf_debug("volSetIdent[] = '%s'\n", outstr); |
3878 |
+ |
3879 |
+diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c |
3880 |
+index 45234791fec2..5fcfa96463eb 100644 |
3881 |
+--- a/fs/udf/unicode.c |
3882 |
++++ b/fs/udf/unicode.c |
3883 |
+@@ -351,6 +351,11 @@ try_again: |
3884 |
+ return u_len; |
3885 |
+ } |
3886 |
+ |
3887 |
++/* |
3888 |
++ * Convert CS0 dstring to output charset. Warning: This function may truncate |
3889 |
++ * input string if it is too long as it is used for informational strings only |
3890 |
++ * and it is better to truncate the string than to refuse mounting a media. |
3891 |
++ */ |
3892 |
+ int udf_dstrCS0toChar(struct super_block *sb, uint8_t *utf_o, int o_len, |
3893 |
+ const uint8_t *ocu_i, int i_len) |
3894 |
+ { |
3895 |
+@@ -359,9 +364,12 @@ int udf_dstrCS0toChar(struct super_block *sb, uint8_t *utf_o, int o_len, |
3896 |
+ if (i_len > 0) { |
3897 |
+ s_len = ocu_i[i_len - 1]; |
3898 |
+ if (s_len >= i_len) { |
3899 |
+- pr_err("incorrect dstring lengths (%d/%d)\n", |
3900 |
+- s_len, i_len); |
3901 |
+- return -EINVAL; |
3902 |
++ pr_warn("incorrect dstring lengths (%d/%d)," |
3903 |
++ " truncating\n", s_len, i_len); |
3904 |
++ s_len = i_len - 1; |
3905 |
++ /* 2-byte encoding? Need to round properly... */ |
3906 |
++ if (ocu_i[0] == 16) |
3907 |
++ s_len -= (s_len - 1) & 2; |
3908 |
+ } |
3909 |
+ } |
3910 |
+ |
3911 |
+diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c |
3912 |
+index 356d2b8568c1..cd58939dc977 100644 |
3913 |
+--- a/fs/userfaultfd.c |
3914 |
++++ b/fs/userfaultfd.c |
3915 |
+@@ -1361,6 +1361,19 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, |
3916 |
+ ret = -EINVAL; |
3917 |
+ if (!vma_can_userfault(cur)) |
3918 |
+ goto out_unlock; |
3919 |
++ |
3920 |
++ /* |
3921 |
++ * UFFDIO_COPY will fill file holes even without |
3922 |
++ * PROT_WRITE. This check enforces that if this is a |
3923 |
++ * MAP_SHARED, the process has write permission to the backing |
3924 |
++ * file. If VM_MAYWRITE is set it also enforces that on a |
3925 |
++ * MAP_SHARED vma: there is no F_WRITE_SEAL and no further |
3926 |
++ * F_WRITE_SEAL can be taken until the vma is destroyed. |
3927 |
++ */ |
3928 |
++ ret = -EPERM; |
3929 |
++ if (unlikely(!(cur->vm_flags & VM_MAYWRITE))) |
3930 |
++ goto out_unlock; |
3931 |
++ |
3932 |
+ /* |
3933 |
+ * If this vma contains ending address, and huge pages |
3934 |
+ * check alignment. |
3935 |
+@@ -1406,6 +1419,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, |
3936 |
+ BUG_ON(!vma_can_userfault(vma)); |
3937 |
+ BUG_ON(vma->vm_userfaultfd_ctx.ctx && |
3938 |
+ vma->vm_userfaultfd_ctx.ctx != ctx); |
3939 |
++ WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); |
3940 |
+ |
3941 |
+ /* |
3942 |
+ * Nothing to do: this vma is already registered into this |
3943 |
+@@ -1552,6 +1566,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, |
3944 |
+ cond_resched(); |
3945 |
+ |
3946 |
+ BUG_ON(!vma_can_userfault(vma)); |
3947 |
++ WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); |
3948 |
+ |
3949 |
+ /* |
3950 |
+ * Nothing to do: this vma is already registered into this |
3951 |
+diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h |
3952 |
+index a397907e8d72..dd16e8218db3 100644 |
3953 |
+--- a/include/linux/ftrace.h |
3954 |
++++ b/include/linux/ftrace.h |
3955 |
+@@ -777,8 +777,8 @@ struct ftrace_ret_stack { |
3956 |
+ extern void return_to_handler(void); |
3957 |
+ |
3958 |
+ extern int |
3959 |
+-ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, |
3960 |
+- unsigned long frame_pointer, unsigned long *retp); |
3961 |
++function_graph_enter(unsigned long ret, unsigned long func, |
3962 |
++ unsigned long frame_pointer, unsigned long *retp); |
3963 |
+ |
3964 |
+ unsigned long ftrace_graph_ret_addr(struct task_struct *task, int *idx, |
3965 |
+ unsigned long ret, unsigned long *retp); |
3966 |
+diff --git a/include/linux/hid-sensor-hub.h b/include/linux/hid-sensor-hub.h |
3967 |
+index 331dc377c275..dc12f5c4b076 100644 |
3968 |
+--- a/include/linux/hid-sensor-hub.h |
3969 |
++++ b/include/linux/hid-sensor-hub.h |
3970 |
+@@ -177,6 +177,7 @@ int sensor_hub_input_get_attribute_info(struct hid_sensor_hub_device *hsdev, |
3971 |
+ * @attr_usage_id: Attribute usage id as per spec |
3972 |
+ * @report_id: Report id to look for |
3973 |
+ * @flag: Synchronous or asynchronous read |
3974 |
++* @is_signed: If true then fields < 32 bits will be sign-extended |
3975 |
+ * |
3976 |
+ * Issues a synchronous or asynchronous read request for an input attribute. |
3977 |
+ * Returns data upto 32 bits. |
3978 |
+@@ -190,7 +191,8 @@ enum sensor_hub_read_flags { |
3979 |
+ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, |
3980 |
+ u32 usage_id, |
3981 |
+ u32 attr_usage_id, u32 report_id, |
3982 |
+- enum sensor_hub_read_flags flag |
3983 |
++ enum sensor_hub_read_flags flag, |
3984 |
++ bool is_signed |
3985 |
+ ); |
3986 |
+ |
3987 |
+ /** |
3988 |
+diff --git a/include/linux/net_dim.h b/include/linux/net_dim.h |
3989 |
+index c79e859408e6..fd458389f7d1 100644 |
3990 |
+--- a/include/linux/net_dim.h |
3991 |
++++ b/include/linux/net_dim.h |
3992 |
+@@ -406,6 +406,8 @@ static inline void net_dim(struct net_dim *dim, |
3993 |
+ } |
3994 |
+ /* fall through */ |
3995 |
+ case NET_DIM_START_MEASURE: |
3996 |
++ net_dim_sample(end_sample.event_ctr, end_sample.pkt_ctr, end_sample.byte_ctr, |
3997 |
++ &dim->start_sample); |
3998 |
+ dim->state = NET_DIM_MEASURE_IN_PROGRESS; |
3999 |
+ break; |
4000 |
+ case NET_DIM_APPLY_NEW_PROFILE: |
4001 |
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
4002 |
+index 4f36431c380b..561feb560619 100644 |
4003 |
+--- a/include/linux/ptrace.h |
4004 |
++++ b/include/linux/ptrace.h |
4005 |
+@@ -62,8 +62,8 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead); |
4006 |
+ #define PTRACE_MODE_READ 0x01 |
4007 |
+ #define PTRACE_MODE_ATTACH 0x02 |
4008 |
+ #define PTRACE_MODE_NOAUDIT 0x04 |
4009 |
+-#define PTRACE_MODE_FSCREDS 0x08 |
4010 |
+-#define PTRACE_MODE_REALCREDS 0x10 |
4011 |
++#define PTRACE_MODE_FSCREDS 0x08 |
4012 |
++#define PTRACE_MODE_REALCREDS 0x10 |
4013 |
+ |
4014 |
+ /* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */ |
4015 |
+ #define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS) |
4016 |
+diff --git a/include/linux/sched.h b/include/linux/sched.h |
4017 |
+index 977cb57d7bc9..4abb5bd74b04 100644 |
4018 |
+--- a/include/linux/sched.h |
4019 |
++++ b/include/linux/sched.h |
4020 |
+@@ -1108,6 +1108,7 @@ struct task_struct { |
4021 |
+ #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
4022 |
+ /* Index of current stored address in ret_stack: */ |
4023 |
+ int curr_ret_stack; |
4024 |
++ int curr_ret_depth; |
4025 |
+ |
4026 |
+ /* Stack of return addresses for return function tracing: */ |
4027 |
+ struct ftrace_ret_stack *ret_stack; |
4028 |
+@@ -1439,6 +1440,8 @@ static inline bool is_percpu_thread(void) |
4029 |
+ #define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */ |
4030 |
+ #define PFA_SPEC_SSB_DISABLE 3 /* Speculative Store Bypass disabled */ |
4031 |
+ #define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/ |
4032 |
++#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */ |
4033 |
++#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */ |
4034 |
+ |
4035 |
+ #define TASK_PFA_TEST(name, func) \ |
4036 |
+ static inline bool task_##func(struct task_struct *p) \ |
4037 |
+@@ -1470,6 +1473,13 @@ TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable) |
4038 |
+ TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) |
4039 |
+ TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) |
4040 |
+ |
4041 |
++TASK_PFA_TEST(SPEC_IB_DISABLE, spec_ib_disable) |
4042 |
++TASK_PFA_SET(SPEC_IB_DISABLE, spec_ib_disable) |
4043 |
++TASK_PFA_CLEAR(SPEC_IB_DISABLE, spec_ib_disable) |
4044 |
++ |
4045 |
++TASK_PFA_TEST(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) |
4046 |
++TASK_PFA_SET(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) |
4047 |
++ |
4048 |
+ static inline void |
4049 |
+ current_restore_flags(unsigned long orig_flags, unsigned long flags) |
4050 |
+ { |
4051 |
+diff --git a/include/linux/sched/smt.h b/include/linux/sched/smt.h |
4052 |
+new file mode 100644 |
4053 |
+index 000000000000..59d3736c454c |
4054 |
+--- /dev/null |
4055 |
++++ b/include/linux/sched/smt.h |
4056 |
+@@ -0,0 +1,20 @@ |
4057 |
++/* SPDX-License-Identifier: GPL-2.0 */ |
4058 |
++#ifndef _LINUX_SCHED_SMT_H |
4059 |
++#define _LINUX_SCHED_SMT_H |
4060 |
++ |
4061 |
++#include <linux/static_key.h> |
4062 |
++ |
4063 |
++#ifdef CONFIG_SCHED_SMT |
4064 |
++extern struct static_key_false sched_smt_present; |
4065 |
++ |
4066 |
++static __always_inline bool sched_smt_active(void) |
4067 |
++{ |
4068 |
++ return static_branch_likely(&sched_smt_present); |
4069 |
++} |
4070 |
++#else |
4071 |
++static inline bool sched_smt_active(void) { return false; } |
4072 |
++#endif |
4073 |
++ |
4074 |
++void arch_smt_update(void); |
4075 |
++ |
4076 |
++#endif |
4077 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
4078 |
+index 17a13e4785fc..e6ef9cc05e60 100644 |
4079 |
+--- a/include/linux/skbuff.h |
4080 |
++++ b/include/linux/skbuff.h |
4081 |
+@@ -1311,6 +1311,22 @@ static inline void skb_zcopy_set(struct sk_buff *skb, struct ubuf_info *uarg) |
4082 |
+ } |
4083 |
+ } |
4084 |
+ |
4085 |
++static inline void skb_zcopy_set_nouarg(struct sk_buff *skb, void *val) |
4086 |
++{ |
4087 |
++ skb_shinfo(skb)->destructor_arg = (void *)((uintptr_t) val | 0x1UL); |
4088 |
++ skb_shinfo(skb)->tx_flags |= SKBTX_ZEROCOPY_FRAG; |
4089 |
++} |
4090 |
++ |
4091 |
++static inline bool skb_zcopy_is_nouarg(struct sk_buff *skb) |
4092 |
++{ |
4093 |
++ return (uintptr_t) skb_shinfo(skb)->destructor_arg & 0x1UL; |
4094 |
++} |
4095 |
++ |
4096 |
++static inline void *skb_zcopy_get_nouarg(struct sk_buff *skb) |
4097 |
++{ |
4098 |
++ return (void *)((uintptr_t) skb_shinfo(skb)->destructor_arg & ~0x1UL); |
4099 |
++} |
4100 |
++ |
4101 |
+ /* Release a reference on a zerocopy structure */ |
4102 |
+ static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy) |
4103 |
+ { |
4104 |
+@@ -1320,7 +1336,7 @@ static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy) |
4105 |
+ if (uarg->callback == sock_zerocopy_callback) { |
4106 |
+ uarg->zerocopy = uarg->zerocopy && zerocopy; |
4107 |
+ sock_zerocopy_put(uarg); |
4108 |
+- } else { |
4109 |
++ } else if (!skb_zcopy_is_nouarg(skb)) { |
4110 |
+ uarg->callback(uarg, zerocopy); |
4111 |
+ } |
4112 |
+ |
4113 |
+diff --git a/include/linux/tcp.h b/include/linux/tcp.h |
4114 |
+index 263e37271afd..d2c8f280e48f 100644 |
4115 |
+--- a/include/linux/tcp.h |
4116 |
++++ b/include/linux/tcp.h |
4117 |
+@@ -196,6 +196,7 @@ struct tcp_sock { |
4118 |
+ u32 rcv_tstamp; /* timestamp of last received ACK (for keepalives) */ |
4119 |
+ u32 lsndtime; /* timestamp of last sent data packet (for restart window) */ |
4120 |
+ u32 last_oow_ack_time; /* timestamp of last out-of-window ACK */ |
4121 |
++ u32 compressed_ack_rcv_nxt; |
4122 |
+ |
4123 |
+ u32 tsoffset; /* timestamp offset */ |
4124 |
+ |
4125 |
+diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h |
4126 |
+index c0d7ea0bf5b6..b17201edfa09 100644 |
4127 |
+--- a/include/uapi/linux/prctl.h |
4128 |
++++ b/include/uapi/linux/prctl.h |
4129 |
+@@ -212,6 +212,7 @@ struct prctl_mm_map { |
4130 |
+ #define PR_SET_SPECULATION_CTRL 53 |
4131 |
+ /* Speculation control variants */ |
4132 |
+ # define PR_SPEC_STORE_BYPASS 0 |
4133 |
++# define PR_SPEC_INDIRECT_BRANCH 1 |
4134 |
+ /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ |
4135 |
+ # define PR_SPEC_NOT_AFFECTED 0 |
4136 |
+ # define PR_SPEC_PRCTL (1UL << 0) |
4137 |
+diff --git a/kernel/cpu.c b/kernel/cpu.c |
4138 |
+index 0097acec1c71..1699ff68c412 100644 |
4139 |
+--- a/kernel/cpu.c |
4140 |
++++ b/kernel/cpu.c |
4141 |
+@@ -10,6 +10,7 @@ |
4142 |
+ #include <linux/sched/signal.h> |
4143 |
+ #include <linux/sched/hotplug.h> |
4144 |
+ #include <linux/sched/task.h> |
4145 |
++#include <linux/sched/smt.h> |
4146 |
+ #include <linux/unistd.h> |
4147 |
+ #include <linux/cpu.h> |
4148 |
+ #include <linux/oom.h> |
4149 |
+@@ -346,6 +347,12 @@ void cpu_hotplug_enable(void) |
4150 |
+ EXPORT_SYMBOL_GPL(cpu_hotplug_enable); |
4151 |
+ #endif /* CONFIG_HOTPLUG_CPU */ |
4152 |
+ |
4153 |
++/* |
4154 |
++ * Architectures that need SMT-specific errata handling during SMT hotplug |
4155 |
++ * should override this. |
4156 |
++ */ |
4157 |
++void __weak arch_smt_update(void) { } |
4158 |
++ |
4159 |
+ #ifdef CONFIG_HOTPLUG_SMT |
4160 |
+ enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; |
4161 |
+ EXPORT_SYMBOL_GPL(cpu_smt_control); |
4162 |
+@@ -982,6 +989,7 @@ out: |
4163 |
+ * concurrent CPU hotplug via cpu_add_remove_lock. |
4164 |
+ */ |
4165 |
+ lockup_detector_cleanup(); |
4166 |
++ arch_smt_update(); |
4167 |
+ return ret; |
4168 |
+ } |
4169 |
+ |
4170 |
+@@ -1110,6 +1118,7 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen, enum cpuhp_state target) |
4171 |
+ ret = cpuhp_up_callbacks(cpu, st, target); |
4172 |
+ out: |
4173 |
+ cpus_write_unlock(); |
4174 |
++ arch_smt_update(); |
4175 |
+ return ret; |
4176 |
+ } |
4177 |
+ |
4178 |
+@@ -2052,8 +2061,10 @@ static int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval) |
4179 |
+ */ |
4180 |
+ cpuhp_offline_cpu_device(cpu); |
4181 |
+ } |
4182 |
+- if (!ret) |
4183 |
++ if (!ret) { |
4184 |
+ cpu_smt_control = ctrlval; |
4185 |
++ arch_smt_update(); |
4186 |
++ } |
4187 |
+ cpu_maps_update_done(); |
4188 |
+ return ret; |
4189 |
+ } |
4190 |
+@@ -2064,6 +2075,7 @@ static int cpuhp_smt_enable(void) |
4191 |
+ |
4192 |
+ cpu_maps_update_begin(); |
4193 |
+ cpu_smt_control = CPU_SMT_ENABLED; |
4194 |
++ arch_smt_update(); |
4195 |
+ for_each_present_cpu(cpu) { |
4196 |
+ /* Skip online CPUs and CPUs on offline nodes */ |
4197 |
+ if (cpu_online(cpu) || !node_online(cpu_to_node(cpu))) |
4198 |
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
4199 |
+index 35551110d277..2beda4b726e2 100644 |
4200 |
+--- a/kernel/sched/core.c |
4201 |
++++ b/kernel/sched/core.c |
4202 |
+@@ -5741,15 +5741,10 @@ int sched_cpu_activate(unsigned int cpu) |
4203 |
+ |
4204 |
+ #ifdef CONFIG_SCHED_SMT |
4205 |
+ /* |
4206 |
+- * The sched_smt_present static key needs to be evaluated on every |
4207 |
+- * hotplug event because at boot time SMT might be disabled when |
4208 |
+- * the number of booted CPUs is limited. |
4209 |
+- * |
4210 |
+- * If then later a sibling gets hotplugged, then the key would stay |
4211 |
+- * off and SMT scheduling would never be functional. |
4212 |
++ * When going up, increment the number of cores with SMT present. |
4213 |
+ */ |
4214 |
+- if (cpumask_weight(cpu_smt_mask(cpu)) > 1) |
4215 |
+- static_branch_enable_cpuslocked(&sched_smt_present); |
4216 |
++ if (cpumask_weight(cpu_smt_mask(cpu)) == 2) |
4217 |
++ static_branch_inc_cpuslocked(&sched_smt_present); |
4218 |
+ #endif |
4219 |
+ set_cpu_active(cpu, true); |
4220 |
+ |
4221 |
+@@ -5793,6 +5788,14 @@ int sched_cpu_deactivate(unsigned int cpu) |
4222 |
+ */ |
4223 |
+ synchronize_rcu_mult(call_rcu, call_rcu_sched); |
4224 |
+ |
4225 |
++#ifdef CONFIG_SCHED_SMT |
4226 |
++ /* |
4227 |
++ * When going down, decrement the number of cores with SMT present. |
4228 |
++ */ |
4229 |
++ if (cpumask_weight(cpu_smt_mask(cpu)) == 2) |
4230 |
++ static_branch_dec_cpuslocked(&sched_smt_present); |
4231 |
++#endif |
4232 |
++ |
4233 |
+ if (!sched_smp_initialized) |
4234 |
+ return 0; |
4235 |
+ |
4236 |
+diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h |
4237 |
+index 9683f458aec7..6c25bbe87bd3 100644 |
4238 |
+--- a/kernel/sched/sched.h |
4239 |
++++ b/kernel/sched/sched.h |
4240 |
+@@ -23,6 +23,7 @@ |
4241 |
+ #include <linux/sched/prio.h> |
4242 |
+ #include <linux/sched/rt.h> |
4243 |
+ #include <linux/sched/signal.h> |
4244 |
++#include <linux/sched/smt.h> |
4245 |
+ #include <linux/sched/stat.h> |
4246 |
+ #include <linux/sched/sysctl.h> |
4247 |
+ #include <linux/sched/task.h> |
4248 |
+@@ -930,9 +931,6 @@ static inline int cpu_of(struct rq *rq) |
4249 |
+ |
4250 |
+ |
4251 |
+ #ifdef CONFIG_SCHED_SMT |
4252 |
+- |
4253 |
+-extern struct static_key_false sched_smt_present; |
4254 |
+- |
4255 |
+ extern void __update_idle_core(struct rq *rq); |
4256 |
+ |
4257 |
+ static inline void update_idle_core(struct rq *rq) |
4258 |
+diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
4259 |
+index f536f601bd46..77734451cb05 100644 |
4260 |
+--- a/kernel/trace/ftrace.c |
4261 |
++++ b/kernel/trace/ftrace.c |
4262 |
+@@ -817,7 +817,7 @@ function_profile_call(unsigned long ip, unsigned long parent_ip, |
4263 |
+ #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
4264 |
+ static int profile_graph_entry(struct ftrace_graph_ent *trace) |
4265 |
+ { |
4266 |
+- int index = trace->depth; |
4267 |
++ int index = current->curr_ret_stack; |
4268 |
+ |
4269 |
+ function_profile_call(trace->func, 0, NULL, NULL); |
4270 |
+ |
4271 |
+@@ -852,7 +852,7 @@ static void profile_graph_return(struct ftrace_graph_ret *trace) |
4272 |
+ if (!fgraph_graph_time) { |
4273 |
+ int index; |
4274 |
+ |
4275 |
+- index = trace->depth; |
4276 |
++ index = current->curr_ret_stack; |
4277 |
+ |
4278 |
+ /* Append this call time to the parent time to subtract */ |
4279 |
+ if (index) |
4280 |
+@@ -6814,6 +6814,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) |
4281 |
+ atomic_set(&t->tracing_graph_pause, 0); |
4282 |
+ atomic_set(&t->trace_overrun, 0); |
4283 |
+ t->curr_ret_stack = -1; |
4284 |
++ t->curr_ret_depth = -1; |
4285 |
+ /* Make sure the tasks see the -1 first: */ |
4286 |
+ smp_wmb(); |
4287 |
+ t->ret_stack = ret_stack_list[start++]; |
4288 |
+@@ -7038,6 +7039,7 @@ graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack) |
4289 |
+ void ftrace_graph_init_idle_task(struct task_struct *t, int cpu) |
4290 |
+ { |
4291 |
+ t->curr_ret_stack = -1; |
4292 |
++ t->curr_ret_depth = -1; |
4293 |
+ /* |
4294 |
+ * The idle task has no parent, it either has its own |
4295 |
+ * stack or no stack at all. |
4296 |
+@@ -7068,6 +7070,7 @@ void ftrace_graph_init_task(struct task_struct *t) |
4297 |
+ /* Make sure we do not use the parent ret_stack */ |
4298 |
+ t->ret_stack = NULL; |
4299 |
+ t->curr_ret_stack = -1; |
4300 |
++ t->curr_ret_depth = -1; |
4301 |
+ |
4302 |
+ if (ftrace_graph_active) { |
4303 |
+ struct ftrace_ret_stack *ret_stack; |
4304 |
+diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c |
4305 |
+index 169b3c44ee97..2561460d7baf 100644 |
4306 |
+--- a/kernel/trace/trace_functions_graph.c |
4307 |
++++ b/kernel/trace/trace_functions_graph.c |
4308 |
+@@ -118,8 +118,8 @@ print_graph_duration(struct trace_array *tr, unsigned long long duration, |
4309 |
+ struct trace_seq *s, u32 flags); |
4310 |
+ |
4311 |
+ /* Add a function return address to the trace stack on thread info.*/ |
4312 |
+-int |
4313 |
+-ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, |
4314 |
++static int |
4315 |
++ftrace_push_return_trace(unsigned long ret, unsigned long func, |
4316 |
+ unsigned long frame_pointer, unsigned long *retp) |
4317 |
+ { |
4318 |
+ unsigned long long calltime; |
4319 |
+@@ -177,9 +177,31 @@ ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, |
4320 |
+ #ifdef HAVE_FUNCTION_GRAPH_RET_ADDR_PTR |
4321 |
+ current->ret_stack[index].retp = retp; |
4322 |
+ #endif |
4323 |
+- *depth = current->curr_ret_stack; |
4324 |
++ return 0; |
4325 |
++} |
4326 |
++ |
4327 |
++int function_graph_enter(unsigned long ret, unsigned long func, |
4328 |
++ unsigned long frame_pointer, unsigned long *retp) |
4329 |
++{ |
4330 |
++ struct ftrace_graph_ent trace; |
4331 |
++ |
4332 |
++ trace.func = func; |
4333 |
++ trace.depth = ++current->curr_ret_depth; |
4334 |
++ |
4335 |
++ if (ftrace_push_return_trace(ret, func, |
4336 |
++ frame_pointer, retp)) |
4337 |
++ goto out; |
4338 |
++ |
4339 |
++ /* Only trace if the calling function expects to */ |
4340 |
++ if (!ftrace_graph_entry(&trace)) |
4341 |
++ goto out_ret; |
4342 |
+ |
4343 |
+ return 0; |
4344 |
++ out_ret: |
4345 |
++ current->curr_ret_stack--; |
4346 |
++ out: |
4347 |
++ current->curr_ret_depth--; |
4348 |
++ return -EBUSY; |
4349 |
+ } |
4350 |
+ |
4351 |
+ /* Retrieve a function return address to the trace stack on thread info.*/ |
4352 |
+@@ -241,7 +263,13 @@ ftrace_pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret, |
4353 |
+ trace->func = current->ret_stack[index].func; |
4354 |
+ trace->calltime = current->ret_stack[index].calltime; |
4355 |
+ trace->overrun = atomic_read(¤t->trace_overrun); |
4356 |
+- trace->depth = index; |
4357 |
++ trace->depth = current->curr_ret_depth--; |
4358 |
++ /* |
4359 |
++ * We still want to trace interrupts coming in if |
4360 |
++ * max_depth is set to 1. Make sure the decrement is |
4361 |
++ * seen before ftrace_graph_return. |
4362 |
++ */ |
4363 |
++ barrier(); |
4364 |
+ } |
4365 |
+ |
4366 |
+ /* |
4367 |
+@@ -255,6 +283,12 @@ unsigned long ftrace_return_to_handler(unsigned long frame_pointer) |
4368 |
+ |
4369 |
+ ftrace_pop_return_trace(&trace, &ret, frame_pointer); |
4370 |
+ trace.rettime = trace_clock_local(); |
4371 |
++ ftrace_graph_return(&trace); |
4372 |
++ /* |
4373 |
++ * The ftrace_graph_return() may still access the current |
4374 |
++ * ret_stack structure, we need to make sure the update of |
4375 |
++ * curr_ret_stack is after that. |
4376 |
++ */ |
4377 |
+ barrier(); |
4378 |
+ current->curr_ret_stack--; |
4379 |
+ /* |
4380 |
+@@ -267,13 +301,6 @@ unsigned long ftrace_return_to_handler(unsigned long frame_pointer) |
4381 |
+ return ret; |
4382 |
+ } |
4383 |
+ |
4384 |
+- /* |
4385 |
+- * The trace should run after decrementing the ret counter |
4386 |
+- * in case an interrupt were to come in. We don't want to |
4387 |
+- * lose the interrupt if max_depth is set. |
4388 |
+- */ |
4389 |
+- ftrace_graph_return(&trace); |
4390 |
+- |
4391 |
+ if (unlikely(!ret)) { |
4392 |
+ ftrace_graph_stop(); |
4393 |
+ WARN_ON(1); |
4394 |
+diff --git a/lib/test_kmod.c b/lib/test_kmod.c |
4395 |
+index e3ddd836491f..d82d022111e0 100644 |
4396 |
+--- a/lib/test_kmod.c |
4397 |
++++ b/lib/test_kmod.c |
4398 |
+@@ -1214,7 +1214,6 @@ void unregister_test_dev_kmod(struct kmod_test_device *test_dev) |
4399 |
+ |
4400 |
+ dev_info(test_dev->dev, "removing interface\n"); |
4401 |
+ misc_deregister(&test_dev->misc_dev); |
4402 |
+- kfree(&test_dev->misc_dev.name); |
4403 |
+ |
4404 |
+ mutex_unlock(&test_dev->config_mutex); |
4405 |
+ mutex_unlock(&test_dev->trigger_mutex); |
4406 |
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
4407 |
+index deed97fba979..15310f14c25e 100644 |
4408 |
+--- a/mm/huge_memory.c |
4409 |
++++ b/mm/huge_memory.c |
4410 |
+@@ -2322,7 +2322,7 @@ void vma_adjust_trans_huge(struct vm_area_struct *vma, |
4411 |
+ } |
4412 |
+ } |
4413 |
+ |
4414 |
+-static void freeze_page(struct page *page) |
4415 |
++static void unmap_page(struct page *page) |
4416 |
+ { |
4417 |
+ enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS | |
4418 |
+ TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD; |
4419 |
+@@ -2337,7 +2337,7 @@ static void freeze_page(struct page *page) |
4420 |
+ VM_BUG_ON_PAGE(!unmap_success, page); |
4421 |
+ } |
4422 |
+ |
4423 |
+-static void unfreeze_page(struct page *page) |
4424 |
++static void remap_page(struct page *page) |
4425 |
+ { |
4426 |
+ int i; |
4427 |
+ if (PageTransHuge(page)) { |
4428 |
+@@ -2373,6 +2373,12 @@ static void __split_huge_page_tail(struct page *head, int tail, |
4429 |
+ (1L << PG_unevictable) | |
4430 |
+ (1L << PG_dirty))); |
4431 |
+ |
4432 |
++ /* ->mapping in first tail page is compound_mapcount */ |
4433 |
++ VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, |
4434 |
++ page_tail); |
4435 |
++ page_tail->mapping = head->mapping; |
4436 |
++ page_tail->index = head->index + tail; |
4437 |
++ |
4438 |
+ /* Page flags must be visible before we make the page non-compound. */ |
4439 |
+ smp_wmb(); |
4440 |
+ |
4441 |
+@@ -2393,12 +2399,6 @@ static void __split_huge_page_tail(struct page *head, int tail, |
4442 |
+ if (page_is_idle(head)) |
4443 |
+ set_page_idle(page_tail); |
4444 |
+ |
4445 |
+- /* ->mapping in first tail page is compound_mapcount */ |
4446 |
+- VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, |
4447 |
+- page_tail); |
4448 |
+- page_tail->mapping = head->mapping; |
4449 |
+- |
4450 |
+- page_tail->index = head->index + tail; |
4451 |
+ page_cpupid_xchg_last(page_tail, page_cpupid_last(head)); |
4452 |
+ |
4453 |
+ /* |
4454 |
+@@ -2410,12 +2410,11 @@ static void __split_huge_page_tail(struct page *head, int tail, |
4455 |
+ } |
4456 |
+ |
4457 |
+ static void __split_huge_page(struct page *page, struct list_head *list, |
4458 |
+- unsigned long flags) |
4459 |
++ pgoff_t end, unsigned long flags) |
4460 |
+ { |
4461 |
+ struct page *head = compound_head(page); |
4462 |
+ struct zone *zone = page_zone(head); |
4463 |
+ struct lruvec *lruvec; |
4464 |
+- pgoff_t end = -1; |
4465 |
+ int i; |
4466 |
+ |
4467 |
+ lruvec = mem_cgroup_page_lruvec(head, zone->zone_pgdat); |
4468 |
+@@ -2423,9 +2422,6 @@ static void __split_huge_page(struct page *page, struct list_head *list, |
4469 |
+ /* complete memcg works before add pages to LRU */ |
4470 |
+ mem_cgroup_split_huge_fixup(head); |
4471 |
+ |
4472 |
+- if (!PageAnon(page)) |
4473 |
+- end = DIV_ROUND_UP(i_size_read(head->mapping->host), PAGE_SIZE); |
4474 |
+- |
4475 |
+ for (i = HPAGE_PMD_NR - 1; i >= 1; i--) { |
4476 |
+ __split_huge_page_tail(head, i, lruvec, list); |
4477 |
+ /* Some pages can be beyond i_size: drop them from page cache */ |
4478 |
+@@ -2454,7 +2450,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, |
4479 |
+ |
4480 |
+ spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); |
4481 |
+ |
4482 |
+- unfreeze_page(head); |
4483 |
++ remap_page(head); |
4484 |
+ |
4485 |
+ for (i = 0; i < HPAGE_PMD_NR; i++) { |
4486 |
+ struct page *subpage = head + i; |
4487 |
+@@ -2597,6 +2593,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4488 |
+ int count, mapcount, extra_pins, ret; |
4489 |
+ bool mlocked; |
4490 |
+ unsigned long flags; |
4491 |
++ pgoff_t end; |
4492 |
+ |
4493 |
+ VM_BUG_ON_PAGE(is_huge_zero_page(page), page); |
4494 |
+ VM_BUG_ON_PAGE(!PageLocked(page), page); |
4495 |
+@@ -2619,6 +2616,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4496 |
+ ret = -EBUSY; |
4497 |
+ goto out; |
4498 |
+ } |
4499 |
++ end = -1; |
4500 |
+ mapping = NULL; |
4501 |
+ anon_vma_lock_write(anon_vma); |
4502 |
+ } else { |
4503 |
+@@ -2632,10 +2630,19 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4504 |
+ |
4505 |
+ anon_vma = NULL; |
4506 |
+ i_mmap_lock_read(mapping); |
4507 |
++ |
4508 |
++ /* |
4509 |
++ *__split_huge_page() may need to trim off pages beyond EOF: |
4510 |
++ * but on 32-bit, i_size_read() takes an irq-unsafe seqlock, |
4511 |
++ * which cannot be nested inside the page tree lock. So note |
4512 |
++ * end now: i_size itself may be changed at any moment, but |
4513 |
++ * head page lock is good enough to serialize the trimming. |
4514 |
++ */ |
4515 |
++ end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); |
4516 |
+ } |
4517 |
+ |
4518 |
+ /* |
4519 |
+- * Racy check if we can split the page, before freeze_page() will |
4520 |
++ * Racy check if we can split the page, before unmap_page() will |
4521 |
+ * split PMDs |
4522 |
+ */ |
4523 |
+ if (!can_split_huge_page(head, &extra_pins)) { |
4524 |
+@@ -2644,7 +2651,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4525 |
+ } |
4526 |
+ |
4527 |
+ mlocked = PageMlocked(page); |
4528 |
+- freeze_page(head); |
4529 |
++ unmap_page(head); |
4530 |
+ VM_BUG_ON_PAGE(compound_mapcount(head), head); |
4531 |
+ |
4532 |
+ /* Make sure the page is not on per-CPU pagevec as it takes pin */ |
4533 |
+@@ -2681,7 +2688,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4534 |
+ if (mapping) |
4535 |
+ __dec_node_page_state(page, NR_SHMEM_THPS); |
4536 |
+ spin_unlock(&pgdata->split_queue_lock); |
4537 |
+- __split_huge_page(page, list, flags); |
4538 |
++ __split_huge_page(page, list, end, flags); |
4539 |
+ if (PageSwapCache(head)) { |
4540 |
+ swp_entry_t entry = { .val = page_private(head) }; |
4541 |
+ |
4542 |
+@@ -2701,7 +2708,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4543 |
+ fail: if (mapping) |
4544 |
+ xa_unlock(&mapping->i_pages); |
4545 |
+ spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); |
4546 |
+- unfreeze_page(head); |
4547 |
++ remap_page(head); |
4548 |
+ ret = -EBUSY; |
4549 |
+ } |
4550 |
+ |
4551 |
+diff --git a/mm/khugepaged.c b/mm/khugepaged.c |
4552 |
+index a31d740e6cd1..fde5820be24d 100644 |
4553 |
+--- a/mm/khugepaged.c |
4554 |
++++ b/mm/khugepaged.c |
4555 |
+@@ -1287,7 +1287,7 @@ static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff) |
4556 |
+ * collapse_shmem - collapse small tmpfs/shmem pages into huge one. |
4557 |
+ * |
4558 |
+ * Basic scheme is simple, details are more complex: |
4559 |
+- * - allocate and freeze a new huge page; |
4560 |
++ * - allocate and lock a new huge page; |
4561 |
+ * - scan over radix tree replacing old pages the new one |
4562 |
+ * + swap in pages if necessary; |
4563 |
+ * + fill in gaps; |
4564 |
+@@ -1295,11 +1295,11 @@ static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff) |
4565 |
+ * - if replacing succeed: |
4566 |
+ * + copy data over; |
4567 |
+ * + free old pages; |
4568 |
+- * + unfreeze huge page; |
4569 |
++ * + unlock huge page; |
4570 |
+ * - if replacing failed; |
4571 |
+ * + put all pages back and unfreeze them; |
4572 |
+ * + restore gaps in the radix-tree; |
4573 |
+- * + free huge page; |
4574 |
++ * + unlock and free huge page; |
4575 |
+ */ |
4576 |
+ static void collapse_shmem(struct mm_struct *mm, |
4577 |
+ struct address_space *mapping, pgoff_t start, |
4578 |
+@@ -1330,18 +1330,15 @@ static void collapse_shmem(struct mm_struct *mm, |
4579 |
+ goto out; |
4580 |
+ } |
4581 |
+ |
4582 |
++ __SetPageLocked(new_page); |
4583 |
++ __SetPageSwapBacked(new_page); |
4584 |
+ new_page->index = start; |
4585 |
+ new_page->mapping = mapping; |
4586 |
+- __SetPageSwapBacked(new_page); |
4587 |
+- __SetPageLocked(new_page); |
4588 |
+- BUG_ON(!page_ref_freeze(new_page, 1)); |
4589 |
+- |
4590 |
+ |
4591 |
+ /* |
4592 |
+- * At this point the new_page is 'frozen' (page_count() is zero), locked |
4593 |
+- * and not up-to-date. It's safe to insert it into radix tree, because |
4594 |
+- * nobody would be able to map it or use it in other way until we |
4595 |
+- * unfreeze it. |
4596 |
++ * At this point the new_page is locked and not up-to-date. |
4597 |
++ * It's safe to insert it into the page cache, because nobody would |
4598 |
++ * be able to map it or use it in another way until we unlock it. |
4599 |
+ */ |
4600 |
+ |
4601 |
+ index = start; |
4602 |
+@@ -1349,19 +1346,29 @@ static void collapse_shmem(struct mm_struct *mm, |
4603 |
+ radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) { |
4604 |
+ int n = min(iter.index, end) - index; |
4605 |
+ |
4606 |
++ /* |
4607 |
++ * Stop if extent has been hole-punched, and is now completely |
4608 |
++ * empty (the more obvious i_size_read() check would take an |
4609 |
++ * irq-unsafe seqlock on 32-bit). |
4610 |
++ */ |
4611 |
++ if (n >= HPAGE_PMD_NR) { |
4612 |
++ result = SCAN_TRUNCATED; |
4613 |
++ goto tree_locked; |
4614 |
++ } |
4615 |
++ |
4616 |
+ /* |
4617 |
+ * Handle holes in the radix tree: charge it from shmem and |
4618 |
+ * insert relevant subpage of new_page into the radix-tree. |
4619 |
+ */ |
4620 |
+ if (n && !shmem_charge(mapping->host, n)) { |
4621 |
+ result = SCAN_FAIL; |
4622 |
+- break; |
4623 |
++ goto tree_locked; |
4624 |
+ } |
4625 |
+- nr_none += n; |
4626 |
+ for (; index < min(iter.index, end); index++) { |
4627 |
+ radix_tree_insert(&mapping->i_pages, index, |
4628 |
+ new_page + (index % HPAGE_PMD_NR)); |
4629 |
+ } |
4630 |
++ nr_none += n; |
4631 |
+ |
4632 |
+ /* We are done. */ |
4633 |
+ if (index >= end) |
4634 |
+@@ -1377,12 +1384,12 @@ static void collapse_shmem(struct mm_struct *mm, |
4635 |
+ result = SCAN_FAIL; |
4636 |
+ goto tree_unlocked; |
4637 |
+ } |
4638 |
+- xa_lock_irq(&mapping->i_pages); |
4639 |
+ } else if (trylock_page(page)) { |
4640 |
+ get_page(page); |
4641 |
++ xa_unlock_irq(&mapping->i_pages); |
4642 |
+ } else { |
4643 |
+ result = SCAN_PAGE_LOCK; |
4644 |
+- break; |
4645 |
++ goto tree_locked; |
4646 |
+ } |
4647 |
+ |
4648 |
+ /* |
4649 |
+@@ -1391,17 +1398,24 @@ static void collapse_shmem(struct mm_struct *mm, |
4650 |
+ */ |
4651 |
+ VM_BUG_ON_PAGE(!PageLocked(page), page); |
4652 |
+ VM_BUG_ON_PAGE(!PageUptodate(page), page); |
4653 |
+- VM_BUG_ON_PAGE(PageTransCompound(page), page); |
4654 |
++ |
4655 |
++ /* |
4656 |
++ * If file was truncated then extended, or hole-punched, before |
4657 |
++ * we locked the first page, then a THP might be there already. |
4658 |
++ */ |
4659 |
++ if (PageTransCompound(page)) { |
4660 |
++ result = SCAN_PAGE_COMPOUND; |
4661 |
++ goto out_unlock; |
4662 |
++ } |
4663 |
+ |
4664 |
+ if (page_mapping(page) != mapping) { |
4665 |
+ result = SCAN_TRUNCATED; |
4666 |
+ goto out_unlock; |
4667 |
+ } |
4668 |
+- xa_unlock_irq(&mapping->i_pages); |
4669 |
+ |
4670 |
+ if (isolate_lru_page(page)) { |
4671 |
+ result = SCAN_DEL_PAGE_LRU; |
4672 |
+- goto out_isolate_failed; |
4673 |
++ goto out_unlock; |
4674 |
+ } |
4675 |
+ |
4676 |
+ if (page_mapped(page)) |
4677 |
+@@ -1422,7 +1436,9 @@ static void collapse_shmem(struct mm_struct *mm, |
4678 |
+ */ |
4679 |
+ if (!page_ref_freeze(page, 3)) { |
4680 |
+ result = SCAN_PAGE_COUNT; |
4681 |
+- goto out_lru; |
4682 |
++ xa_unlock_irq(&mapping->i_pages); |
4683 |
++ putback_lru_page(page); |
4684 |
++ goto out_unlock; |
4685 |
+ } |
4686 |
+ |
4687 |
+ /* |
4688 |
+@@ -1438,17 +1454,10 @@ static void collapse_shmem(struct mm_struct *mm, |
4689 |
+ slot = radix_tree_iter_resume(slot, &iter); |
4690 |
+ index++; |
4691 |
+ continue; |
4692 |
+-out_lru: |
4693 |
+- xa_unlock_irq(&mapping->i_pages); |
4694 |
+- putback_lru_page(page); |
4695 |
+-out_isolate_failed: |
4696 |
+- unlock_page(page); |
4697 |
+- put_page(page); |
4698 |
+- goto tree_unlocked; |
4699 |
+ out_unlock: |
4700 |
+ unlock_page(page); |
4701 |
+ put_page(page); |
4702 |
+- break; |
4703 |
++ goto tree_unlocked; |
4704 |
+ } |
4705 |
+ |
4706 |
+ /* |
4707 |
+@@ -1456,14 +1465,18 @@ out_unlock: |
4708 |
+ * This code only triggers if there's nothing in radix tree |
4709 |
+ * beyond 'end'. |
4710 |
+ */ |
4711 |
+- if (result == SCAN_SUCCEED && index < end) { |
4712 |
++ if (index < end) { |
4713 |
+ int n = end - index; |
4714 |
+ |
4715 |
++ /* Stop if extent has been truncated, and is now empty */ |
4716 |
++ if (n >= HPAGE_PMD_NR) { |
4717 |
++ result = SCAN_TRUNCATED; |
4718 |
++ goto tree_locked; |
4719 |
++ } |
4720 |
+ if (!shmem_charge(mapping->host, n)) { |
4721 |
+ result = SCAN_FAIL; |
4722 |
+ goto tree_locked; |
4723 |
+ } |
4724 |
+- |
4725 |
+ for (; index < end; index++) { |
4726 |
+ radix_tree_insert(&mapping->i_pages, index, |
4727 |
+ new_page + (index % HPAGE_PMD_NR)); |
4728 |
+@@ -1471,59 +1484,64 @@ out_unlock: |
4729 |
+ nr_none += n; |
4730 |
+ } |
4731 |
+ |
4732 |
++ __inc_node_page_state(new_page, NR_SHMEM_THPS); |
4733 |
++ if (nr_none) { |
4734 |
++ struct zone *zone = page_zone(new_page); |
4735 |
++ |
4736 |
++ __mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none); |
4737 |
++ __mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none); |
4738 |
++ } |
4739 |
++ |
4740 |
+ tree_locked: |
4741 |
+ xa_unlock_irq(&mapping->i_pages); |
4742 |
+ tree_unlocked: |
4743 |
+ |
4744 |
+ if (result == SCAN_SUCCEED) { |
4745 |
+- unsigned long flags; |
4746 |
+- struct zone *zone = page_zone(new_page); |
4747 |
+- |
4748 |
+ /* |
4749 |
+ * Replacing old pages with new one has succeed, now we need to |
4750 |
+ * copy the content and free old pages. |
4751 |
+ */ |
4752 |
++ index = start; |
4753 |
+ list_for_each_entry_safe(page, tmp, &pagelist, lru) { |
4754 |
++ while (index < page->index) { |
4755 |
++ clear_highpage(new_page + (index % HPAGE_PMD_NR)); |
4756 |
++ index++; |
4757 |
++ } |
4758 |
+ copy_highpage(new_page + (page->index % HPAGE_PMD_NR), |
4759 |
+ page); |
4760 |
+ list_del(&page->lru); |
4761 |
+- unlock_page(page); |
4762 |
+- page_ref_unfreeze(page, 1); |
4763 |
+ page->mapping = NULL; |
4764 |
++ page_ref_unfreeze(page, 1); |
4765 |
+ ClearPageActive(page); |
4766 |
+ ClearPageUnevictable(page); |
4767 |
++ unlock_page(page); |
4768 |
+ put_page(page); |
4769 |
++ index++; |
4770 |
+ } |
4771 |
+- |
4772 |
+- local_irq_save(flags); |
4773 |
+- __inc_node_page_state(new_page, NR_SHMEM_THPS); |
4774 |
+- if (nr_none) { |
4775 |
+- __mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none); |
4776 |
+- __mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none); |
4777 |
++ while (index < end) { |
4778 |
++ clear_highpage(new_page + (index % HPAGE_PMD_NR)); |
4779 |
++ index++; |
4780 |
+ } |
4781 |
+- local_irq_restore(flags); |
4782 |
+ |
4783 |
+- /* |
4784 |
+- * Remove pte page tables, so we can re-faulti |
4785 |
+- * the page as huge. |
4786 |
+- */ |
4787 |
+- retract_page_tables(mapping, start); |
4788 |
+- |
4789 |
+- /* Everything is ready, let's unfreeze the new_page */ |
4790 |
+- set_page_dirty(new_page); |
4791 |
+ SetPageUptodate(new_page); |
4792 |
+- page_ref_unfreeze(new_page, HPAGE_PMD_NR); |
4793 |
++ page_ref_add(new_page, HPAGE_PMD_NR - 1); |
4794 |
++ set_page_dirty(new_page); |
4795 |
+ mem_cgroup_commit_charge(new_page, memcg, false, true); |
4796 |
+ lru_cache_add_anon(new_page); |
4797 |
+- unlock_page(new_page); |
4798 |
+ |
4799 |
++ /* |
4800 |
++ * Remove pte page tables, so we can re-fault the page as huge. |
4801 |
++ */ |
4802 |
++ retract_page_tables(mapping, start); |
4803 |
+ *hpage = NULL; |
4804 |
+ |
4805 |
+ khugepaged_pages_collapsed++; |
4806 |
+ } else { |
4807 |
+ /* Something went wrong: rollback changes to the radix-tree */ |
4808 |
+- shmem_uncharge(mapping->host, nr_none); |
4809 |
+ xa_lock_irq(&mapping->i_pages); |
4810 |
++ mapping->nrpages -= nr_none; |
4811 |
++ shmem_uncharge(mapping->host, nr_none); |
4812 |
++ |
4813 |
+ radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) { |
4814 |
+ if (iter.index >= end) |
4815 |
+ break; |
4816 |
+@@ -1546,19 +1564,18 @@ tree_unlocked: |
4817 |
+ radix_tree_replace_slot(&mapping->i_pages, slot, page); |
4818 |
+ slot = radix_tree_iter_resume(slot, &iter); |
4819 |
+ xa_unlock_irq(&mapping->i_pages); |
4820 |
+- putback_lru_page(page); |
4821 |
+ unlock_page(page); |
4822 |
++ putback_lru_page(page); |
4823 |
+ xa_lock_irq(&mapping->i_pages); |
4824 |
+ } |
4825 |
+ VM_BUG_ON(nr_none); |
4826 |
+ xa_unlock_irq(&mapping->i_pages); |
4827 |
+ |
4828 |
+- /* Unfreeze new_page, caller would take care about freeing it */ |
4829 |
+- page_ref_unfreeze(new_page, 1); |
4830 |
+ mem_cgroup_cancel_charge(new_page, memcg, true); |
4831 |
+- unlock_page(new_page); |
4832 |
+ new_page->mapping = NULL; |
4833 |
+ } |
4834 |
++ |
4835 |
++ unlock_page(new_page); |
4836 |
+ out: |
4837 |
+ VM_BUG_ON(!list_empty(&pagelist)); |
4838 |
+ /* TODO: tracepoints */ |
4839 |
+diff --git a/mm/rmap.c b/mm/rmap.c |
4840 |
+index 1e79fac3186b..85b7f9423352 100644 |
4841 |
+--- a/mm/rmap.c |
4842 |
++++ b/mm/rmap.c |
4843 |
+@@ -1627,16 +1627,9 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, |
4844 |
+ address + PAGE_SIZE); |
4845 |
+ } else { |
4846 |
+ /* |
4847 |
+- * We should not need to notify here as we reach this |
4848 |
+- * case only from freeze_page() itself only call from |
4849 |
+- * split_huge_page_to_list() so everything below must |
4850 |
+- * be true: |
4851 |
+- * - page is not anonymous |
4852 |
+- * - page is locked |
4853 |
+- * |
4854 |
+- * So as it is a locked file back page thus it can not |
4855 |
+- * be remove from the page cache and replace by a new |
4856 |
+- * page before mmu_notifier_invalidate_range_end so no |
4857 |
++ * This is a locked file-backed page, thus it cannot |
4858 |
++ * be removed from the page cache and replaced by a new |
4859 |
++ * page before mmu_notifier_invalidate_range_end, so no |
4860 |
+ * concurrent thread might update its page table to |
4861 |
+ * point at new page while a device still is using this |
4862 |
+ * page. |
4863 |
+diff --git a/mm/shmem.c b/mm/shmem.c |
4864 |
+index 38d228a30fdc..0b02b539072e 100644 |
4865 |
+--- a/mm/shmem.c |
4866 |
++++ b/mm/shmem.c |
4867 |
+@@ -297,12 +297,14 @@ bool shmem_charge(struct inode *inode, long pages) |
4868 |
+ if (!shmem_inode_acct_block(inode, pages)) |
4869 |
+ return false; |
4870 |
+ |
4871 |
++ /* nrpages adjustment first, then shmem_recalc_inode() when balanced */ |
4872 |
++ inode->i_mapping->nrpages += pages; |
4873 |
++ |
4874 |
+ spin_lock_irqsave(&info->lock, flags); |
4875 |
+ info->alloced += pages; |
4876 |
+ inode->i_blocks += pages * BLOCKS_PER_PAGE; |
4877 |
+ shmem_recalc_inode(inode); |
4878 |
+ spin_unlock_irqrestore(&info->lock, flags); |
4879 |
+- inode->i_mapping->nrpages += pages; |
4880 |
+ |
4881 |
+ return true; |
4882 |
+ } |
4883 |
+@@ -312,6 +314,8 @@ void shmem_uncharge(struct inode *inode, long pages) |
4884 |
+ struct shmem_inode_info *info = SHMEM_I(inode); |
4885 |
+ unsigned long flags; |
4886 |
+ |
4887 |
++ /* nrpages adjustment done by __delete_from_page_cache() or caller */ |
4888 |
++ |
4889 |
+ spin_lock_irqsave(&info->lock, flags); |
4890 |
+ info->alloced -= pages; |
4891 |
+ inode->i_blocks -= pages * BLOCKS_PER_PAGE; |
4892 |
+@@ -1547,11 +1551,13 @@ static int shmem_replace_page(struct page **pagep, gfp_t gfp, |
4893 |
+ { |
4894 |
+ struct page *oldpage, *newpage; |
4895 |
+ struct address_space *swap_mapping; |
4896 |
++ swp_entry_t entry; |
4897 |
+ pgoff_t swap_index; |
4898 |
+ int error; |
4899 |
+ |
4900 |
+ oldpage = *pagep; |
4901 |
+- swap_index = page_private(oldpage); |
4902 |
++ entry.val = page_private(oldpage); |
4903 |
++ swap_index = swp_offset(entry); |
4904 |
+ swap_mapping = page_mapping(oldpage); |
4905 |
+ |
4906 |
+ /* |
4907 |
+@@ -1570,7 +1576,7 @@ static int shmem_replace_page(struct page **pagep, gfp_t gfp, |
4908 |
+ __SetPageLocked(newpage); |
4909 |
+ __SetPageSwapBacked(newpage); |
4910 |
+ SetPageUptodate(newpage); |
4911 |
+- set_page_private(newpage, swap_index); |
4912 |
++ set_page_private(newpage, entry.val); |
4913 |
+ SetPageSwapCache(newpage); |
4914 |
+ |
4915 |
+ /* |
4916 |
+diff --git a/mm/truncate.c b/mm/truncate.c |
4917 |
+index 1d2fb2dca96f..71b65aab8077 100644 |
4918 |
+--- a/mm/truncate.c |
4919 |
++++ b/mm/truncate.c |
4920 |
+@@ -520,9 +520,13 @@ void truncate_inode_pages_final(struct address_space *mapping) |
4921 |
+ */ |
4922 |
+ xa_lock_irq(&mapping->i_pages); |
4923 |
+ xa_unlock_irq(&mapping->i_pages); |
4924 |
+- |
4925 |
+- truncate_inode_pages(mapping, 0); |
4926 |
+ } |
4927 |
++ |
4928 |
++ /* |
4929 |
++ * Cleancache needs notification even if there are no pages or shadow |
4930 |
++ * entries. |
4931 |
++ */ |
4932 |
++ truncate_inode_pages(mapping, 0); |
4933 |
+ } |
4934 |
+ EXPORT_SYMBOL(truncate_inode_pages_final); |
4935 |
+ |
4936 |
+diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c |
4937 |
+index 5029f241908f..f0af11b1cdf3 100644 |
4938 |
+--- a/mm/userfaultfd.c |
4939 |
++++ b/mm/userfaultfd.c |
4940 |
+@@ -205,8 +205,9 @@ retry: |
4941 |
+ if (!dst_vma || !is_vm_hugetlb_page(dst_vma)) |
4942 |
+ goto out_unlock; |
4943 |
+ /* |
4944 |
+- * Only allow __mcopy_atomic_hugetlb on userfaultfd |
4945 |
+- * registered ranges. |
4946 |
++ * Check the vma is registered in uffd, this is |
4947 |
++ * required to enforce the VM_MAYWRITE check done at |
4948 |
++ * uffd registration time. |
4949 |
+ */ |
4950 |
+ if (!dst_vma->vm_userfaultfd_ctx.ctx) |
4951 |
+ goto out_unlock; |
4952 |
+@@ -449,13 +450,9 @@ retry: |
4953 |
+ if (!dst_vma) |
4954 |
+ goto out_unlock; |
4955 |
+ /* |
4956 |
+- * Be strict and only allow __mcopy_atomic on userfaultfd |
4957 |
+- * registered ranges to prevent userland errors going |
4958 |
+- * unnoticed. As far as the VM consistency is concerned, it |
4959 |
+- * would be perfectly safe to remove this check, but there's |
4960 |
+- * no useful usage for __mcopy_atomic ouside of userfaultfd |
4961 |
+- * registered ranges. This is after all why these are ioctls |
4962 |
+- * belonging to the userfaultfd and not syscalls. |
4963 |
++ * Check the vma is registered in uffd, this is required to |
4964 |
++ * enforce the VM_MAYWRITE check done at uffd registration |
4965 |
++ * time. |
4966 |
+ */ |
4967 |
+ if (!dst_vma->vm_userfaultfd_ctx.ctx) |
4968 |
+ goto out_unlock; |
4969 |
+diff --git a/net/core/dev.c b/net/core/dev.c |
4970 |
+index 097c02101450..22af88c47756 100644 |
4971 |
+--- a/net/core/dev.c |
4972 |
++++ b/net/core/dev.c |
4973 |
+@@ -5945,11 +5945,14 @@ bool napi_complete_done(struct napi_struct *n, int work_done) |
4974 |
+ if (work_done) |
4975 |
+ timeout = n->dev->gro_flush_timeout; |
4976 |
+ |
4977 |
++ /* When the NAPI instance uses a timeout and keeps postponing |
4978 |
++ * it, we need to bound somehow the time packets are kept in |
4979 |
++ * the GRO layer |
4980 |
++ */ |
4981 |
++ napi_gro_flush(n, !!timeout); |
4982 |
+ if (timeout) |
4983 |
+ hrtimer_start(&n->timer, ns_to_ktime(timeout), |
4984 |
+ HRTIMER_MODE_REL_PINNED); |
4985 |
+- else |
4986 |
+- napi_gro_flush(n, false); |
4987 |
+ } |
4988 |
+ if (unlikely(!list_empty(&n->poll_list))) { |
4989 |
+ /* If n->poll_list is not empty, we need to mask irqs */ |
4990 |
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
4991 |
+index f817f336595d..abbbd7fd17fe 100644 |
4992 |
+--- a/net/core/skbuff.c |
4993 |
++++ b/net/core/skbuff.c |
4994 |
+@@ -4912,6 +4912,11 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) |
4995 |
+ nf_reset(skb); |
4996 |
+ nf_reset_trace(skb); |
4997 |
+ |
4998 |
++#ifdef CONFIG_NET_SWITCHDEV |
4999 |
++ skb->offload_fwd_mark = 0; |
5000 |
++ skb->offload_mr_fwd_mark = 0; |
5001 |
++#endif |
5002 |
++ |
5003 |
+ if (!xnet) |
5004 |
+ return; |
5005 |
+ |
5006 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
5007 |
+index 72898cbef43d..664fa7d8f7d9 100644 |
5008 |
+--- a/net/ipv4/tcp_input.c |
5009 |
++++ b/net/ipv4/tcp_input.c |
5010 |
+@@ -4276,7 +4276,7 @@ static void tcp_sack_new_ofo_skb(struct sock *sk, u32 seq, u32 end_seq) |
5011 |
+ * If the sack array is full, forget about the last one. |
5012 |
+ */ |
5013 |
+ if (this_sack >= TCP_NUM_SACKS) { |
5014 |
+- if (tp->compressed_ack) |
5015 |
++ if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) |
5016 |
+ tcp_send_ack(sk); |
5017 |
+ this_sack--; |
5018 |
+ tp->rx_opt.num_sacks--; |
5019 |
+@@ -5196,7 +5196,17 @@ send_now: |
5020 |
+ if (!tcp_is_sack(tp) || |
5021 |
+ tp->compressed_ack >= sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr) |
5022 |
+ goto send_now; |
5023 |
+- tp->compressed_ack++; |
5024 |
++ |
5025 |
++ if (tp->compressed_ack_rcv_nxt != tp->rcv_nxt) { |
5026 |
++ tp->compressed_ack_rcv_nxt = tp->rcv_nxt; |
5027 |
++ if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) |
5028 |
++ NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, |
5029 |
++ tp->compressed_ack - TCP_FASTRETRANS_THRESH); |
5030 |
++ tp->compressed_ack = 0; |
5031 |
++ } |
5032 |
++ |
5033 |
++ if (++tp->compressed_ack <= TCP_FASTRETRANS_THRESH) |
5034 |
++ goto send_now; |
5035 |
+ |
5036 |
+ if (hrtimer_is_queued(&tp->compressed_ack_timer)) |
5037 |
+ return; |
5038 |
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
5039 |
+index 597dbd749f05..68f65ddf9e3c 100644 |
5040 |
+--- a/net/ipv4/tcp_output.c |
5041 |
++++ b/net/ipv4/tcp_output.c |
5042 |
+@@ -165,10 +165,10 @@ static inline void tcp_event_ack_sent(struct sock *sk, unsigned int pkts, |
5043 |
+ { |
5044 |
+ struct tcp_sock *tp = tcp_sk(sk); |
5045 |
+ |
5046 |
+- if (unlikely(tp->compressed_ack)) { |
5047 |
++ if (unlikely(tp->compressed_ack > TCP_FASTRETRANS_THRESH)) { |
5048 |
+ NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, |
5049 |
+- tp->compressed_ack); |
5050 |
+- tp->compressed_ack = 0; |
5051 |
++ tp->compressed_ack - TCP_FASTRETRANS_THRESH); |
5052 |
++ tp->compressed_ack = TCP_FASTRETRANS_THRESH; |
5053 |
+ if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1) |
5054 |
+ __sock_put(sk); |
5055 |
+ } |
5056 |
+diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c |
5057 |
+index 7fdf222a0bdf..57eae8d70ba1 100644 |
5058 |
+--- a/net/ipv4/tcp_timer.c |
5059 |
++++ b/net/ipv4/tcp_timer.c |
5060 |
+@@ -740,7 +740,7 @@ static enum hrtimer_restart tcp_compressed_ack_kick(struct hrtimer *timer) |
5061 |
+ |
5062 |
+ bh_lock_sock(sk); |
5063 |
+ if (!sock_owned_by_user(sk)) { |
5064 |
+- if (tp->compressed_ack) |
5065 |
++ if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) |
5066 |
+ tcp_send_ack(sk); |
5067 |
+ } else { |
5068 |
+ if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, |
5069 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
5070 |
+index d6e94dc7e290..6477b131e809 100644 |
5071 |
+--- a/net/packet/af_packet.c |
5072 |
++++ b/net/packet/af_packet.c |
5073 |
+@@ -2394,7 +2394,7 @@ static void tpacket_destruct_skb(struct sk_buff *skb) |
5074 |
+ void *ph; |
5075 |
+ __u32 ts; |
5076 |
+ |
5077 |
+- ph = skb_shinfo(skb)->destructor_arg; |
5078 |
++ ph = skb_zcopy_get_nouarg(skb); |
5079 |
+ packet_dec_pending(&po->tx_ring); |
5080 |
+ |
5081 |
+ ts = __packet_set_timestamp(po, ph, skb); |
5082 |
+@@ -2461,7 +2461,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, |
5083 |
+ skb->mark = po->sk.sk_mark; |
5084 |
+ skb->tstamp = sockc->transmit_time; |
5085 |
+ sock_tx_timestamp(&po->sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags); |
5086 |
+- skb_shinfo(skb)->destructor_arg = ph.raw; |
5087 |
++ skb_zcopy_set_nouarg(skb, ph.raw); |
5088 |
+ |
5089 |
+ skb_reserve(skb, hlen); |
5090 |
+ skb_reset_network_header(skb); |
5091 |
+diff --git a/net/tipc/node.c b/net/tipc/node.c |
5092 |
+index 2afc4f8c37a7..488019766433 100644 |
5093 |
+--- a/net/tipc/node.c |
5094 |
++++ b/net/tipc/node.c |
5095 |
+@@ -584,12 +584,15 @@ static void tipc_node_clear_links(struct tipc_node *node) |
5096 |
+ /* tipc_node_cleanup - delete nodes that does not |
5097 |
+ * have active links for NODE_CLEANUP_AFTER time |
5098 |
+ */ |
5099 |
+-static int tipc_node_cleanup(struct tipc_node *peer) |
5100 |
++static bool tipc_node_cleanup(struct tipc_node *peer) |
5101 |
+ { |
5102 |
+ struct tipc_net *tn = tipc_net(peer->net); |
5103 |
+ bool deleted = false; |
5104 |
+ |
5105 |
+- spin_lock_bh(&tn->node_list_lock); |
5106 |
++ /* If lock held by tipc_node_stop() the node will be deleted anyway */ |
5107 |
++ if (!spin_trylock_bh(&tn->node_list_lock)) |
5108 |
++ return false; |
5109 |
++ |
5110 |
+ tipc_node_write_lock(peer); |
5111 |
+ |
5112 |
+ if (!node_is_up(peer) && time_after(jiffies, peer->delete_at)) { |
5113 |
+diff --git a/scripts/Makefile.build b/scripts/Makefile.build |
5114 |
+index 54da4b070db3..64fac0ad32d6 100644 |
5115 |
+--- a/scripts/Makefile.build |
5116 |
++++ b/scripts/Makefile.build |
5117 |
+@@ -248,10 +248,8 @@ ifdef CONFIG_GCOV_KERNEL |
5118 |
+ objtool_args += --no-unreachable |
5119 |
+ endif |
5120 |
+ ifdef CONFIG_RETPOLINE |
5121 |
+-ifneq ($(RETPOLINE_CFLAGS),) |
5122 |
+ objtool_args += --retpoline |
5123 |
+ endif |
5124 |
+-endif |
5125 |
+ |
5126 |
+ |
5127 |
+ ifdef CONFIG_MODVERSIONS |
5128 |
+diff --git a/sound/core/control.c b/sound/core/control.c |
5129 |
+index 9aa15bfc7936..649d3217590e 100644 |
5130 |
+--- a/sound/core/control.c |
5131 |
++++ b/sound/core/control.c |
5132 |
+@@ -348,6 +348,40 @@ static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) |
5133 |
+ return 0; |
5134 |
+ } |
5135 |
+ |
5136 |
++/* add a new kcontrol object; call with card->controls_rwsem locked */ |
5137 |
++static int __snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) |
5138 |
++{ |
5139 |
++ struct snd_ctl_elem_id id; |
5140 |
++ unsigned int idx; |
5141 |
++ unsigned int count; |
5142 |
++ |
5143 |
++ id = kcontrol->id; |
5144 |
++ if (id.index > UINT_MAX - kcontrol->count) |
5145 |
++ return -EINVAL; |
5146 |
++ |
5147 |
++ if (snd_ctl_find_id(card, &id)) { |
5148 |
++ dev_err(card->dev, |
5149 |
++ "control %i:%i:%i:%s:%i is already present\n", |
5150 |
++ id.iface, id.device, id.subdevice, id.name, id.index); |
5151 |
++ return -EBUSY; |
5152 |
++ } |
5153 |
++ |
5154 |
++ if (snd_ctl_find_hole(card, kcontrol->count) < 0) |
5155 |
++ return -ENOMEM; |
5156 |
++ |
5157 |
++ list_add_tail(&kcontrol->list, &card->controls); |
5158 |
++ card->controls_count += kcontrol->count; |
5159 |
++ kcontrol->id.numid = card->last_numid + 1; |
5160 |
++ card->last_numid += kcontrol->count; |
5161 |
++ |
5162 |
++ id = kcontrol->id; |
5163 |
++ count = kcontrol->count; |
5164 |
++ for (idx = 0; idx < count; idx++, id.index++, id.numid++) |
5165 |
++ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); |
5166 |
++ |
5167 |
++ return 0; |
5168 |
++} |
5169 |
++ |
5170 |
+ /** |
5171 |
+ * snd_ctl_add - add the control instance to the card |
5172 |
+ * @card: the card instance |
5173 |
+@@ -364,45 +398,18 @@ static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) |
5174 |
+ */ |
5175 |
+ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) |
5176 |
+ { |
5177 |
+- struct snd_ctl_elem_id id; |
5178 |
+- unsigned int idx; |
5179 |
+- unsigned int count; |
5180 |
+ int err = -EINVAL; |
5181 |
+ |
5182 |
+ if (! kcontrol) |
5183 |
+ return err; |
5184 |
+ if (snd_BUG_ON(!card || !kcontrol->info)) |
5185 |
+ goto error; |
5186 |
+- id = kcontrol->id; |
5187 |
+- if (id.index > UINT_MAX - kcontrol->count) |
5188 |
+- goto error; |
5189 |
+ |
5190 |
+ down_write(&card->controls_rwsem); |
5191 |
+- if (snd_ctl_find_id(card, &id)) { |
5192 |
+- up_write(&card->controls_rwsem); |
5193 |
+- dev_err(card->dev, "control %i:%i:%i:%s:%i is already present\n", |
5194 |
+- id.iface, |
5195 |
+- id.device, |
5196 |
+- id.subdevice, |
5197 |
+- id.name, |
5198 |
+- id.index); |
5199 |
+- err = -EBUSY; |
5200 |
+- goto error; |
5201 |
+- } |
5202 |
+- if (snd_ctl_find_hole(card, kcontrol->count) < 0) { |
5203 |
+- up_write(&card->controls_rwsem); |
5204 |
+- err = -ENOMEM; |
5205 |
+- goto error; |
5206 |
+- } |
5207 |
+- list_add_tail(&kcontrol->list, &card->controls); |
5208 |
+- card->controls_count += kcontrol->count; |
5209 |
+- kcontrol->id.numid = card->last_numid + 1; |
5210 |
+- card->last_numid += kcontrol->count; |
5211 |
+- id = kcontrol->id; |
5212 |
+- count = kcontrol->count; |
5213 |
++ err = __snd_ctl_add(card, kcontrol); |
5214 |
+ up_write(&card->controls_rwsem); |
5215 |
+- for (idx = 0; idx < count; idx++, id.index++, id.numid++) |
5216 |
+- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); |
5217 |
++ if (err < 0) |
5218 |
++ goto error; |
5219 |
+ return 0; |
5220 |
+ |
5221 |
+ error: |
5222 |
+@@ -1361,9 +1368,12 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, |
5223 |
+ kctl->tlv.c = snd_ctl_elem_user_tlv; |
5224 |
+ |
5225 |
+ /* This function manage to free the instance on failure. */ |
5226 |
+- err = snd_ctl_add(card, kctl); |
5227 |
+- if (err < 0) |
5228 |
+- return err; |
5229 |
++ down_write(&card->controls_rwsem); |
5230 |
++ err = __snd_ctl_add(card, kctl); |
5231 |
++ if (err < 0) { |
5232 |
++ snd_ctl_free_one(kctl); |
5233 |
++ goto unlock; |
5234 |
++ } |
5235 |
+ offset = snd_ctl_get_ioff(kctl, &info->id); |
5236 |
+ snd_ctl_build_ioff(&info->id, kctl, offset); |
5237 |
+ /* |
5238 |
+@@ -1374,10 +1384,10 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, |
5239 |
+ * which locks the element. |
5240 |
+ */ |
5241 |
+ |
5242 |
+- down_write(&card->controls_rwsem); |
5243 |
+ card->user_ctl_count++; |
5244 |
+- up_write(&card->controls_rwsem); |
5245 |
+ |
5246 |
++ unlock: |
5247 |
++ up_write(&card->controls_rwsem); |
5248 |
+ return 0; |
5249 |
+ } |
5250 |
+ |
5251 |
+diff --git a/sound/isa/wss/wss_lib.c b/sound/isa/wss/wss_lib.c |
5252 |
+index 32453f81b95a..3a5008837576 100644 |
5253 |
+--- a/sound/isa/wss/wss_lib.c |
5254 |
++++ b/sound/isa/wss/wss_lib.c |
5255 |
+@@ -1531,7 +1531,6 @@ static int snd_wss_playback_open(struct snd_pcm_substream *substream) |
5256 |
+ if (err < 0) { |
5257 |
+ if (chip->release_dma) |
5258 |
+ chip->release_dma(chip, chip->dma_private_data, chip->dma1); |
5259 |
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5260 |
+ return err; |
5261 |
+ } |
5262 |
+ chip->playback_substream = substream; |
5263 |
+@@ -1572,7 +1571,6 @@ static int snd_wss_capture_open(struct snd_pcm_substream *substream) |
5264 |
+ if (err < 0) { |
5265 |
+ if (chip->release_dma) |
5266 |
+ chip->release_dma(chip, chip->dma_private_data, chip->dma2); |
5267 |
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5268 |
+ return err; |
5269 |
+ } |
5270 |
+ chip->capture_substream = substream; |
5271 |
+diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c |
5272 |
+index f4459d1a9d67..27b468f057dd 100644 |
5273 |
+--- a/sound/pci/ac97/ac97_codec.c |
5274 |
++++ b/sound/pci/ac97/ac97_codec.c |
5275 |
+@@ -824,7 +824,7 @@ static int snd_ac97_put_spsa(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_ |
5276 |
+ { |
5277 |
+ struct snd_ac97 *ac97 = snd_kcontrol_chip(kcontrol); |
5278 |
+ int reg = kcontrol->private_value & 0xff; |
5279 |
+- int shift = (kcontrol->private_value >> 8) & 0xff; |
5280 |
++ int shift = (kcontrol->private_value >> 8) & 0x0f; |
5281 |
+ int mask = (kcontrol->private_value >> 16) & 0xff; |
5282 |
+ // int invert = (kcontrol->private_value >> 24) & 0xff; |
5283 |
+ unsigned short value, old, new; |
5284 |
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c |
5285 |
+index 625cb6c7b7d6..5810be2c6c34 100644 |
5286 |
+--- a/sound/pci/hda/hda_intel.c |
5287 |
++++ b/sound/pci/hda/hda_intel.c |
5288 |
+@@ -2256,6 +2256,8 @@ static struct snd_pci_quirk power_save_blacklist[] = { |
5289 |
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5290 |
+ SND_PCI_QUIRK(0x1849, 0xc892, "Asrock B85M-ITX", 0), |
5291 |
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5292 |
++ SND_PCI_QUIRK(0x1849, 0x0397, "Asrock N68C-S UCC", 0), |
5293 |
++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5294 |
+ SND_PCI_QUIRK(0x1849, 0x7662, "Asrock H81M-HDS", 0), |
5295 |
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5296 |
+ SND_PCI_QUIRK(0x1043, 0x8733, "Asus Prime X370-Pro", 0), |
5297 |
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
5298 |
+index e58537e13ad3..cf5d26642bcd 100644 |
5299 |
+--- a/sound/pci/hda/patch_realtek.c |
5300 |
++++ b/sound/pci/hda/patch_realtek.c |
5301 |
+@@ -388,6 +388,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) |
5302 |
+ case 0x10ec0285: |
5303 |
+ case 0x10ec0298: |
5304 |
+ case 0x10ec0289: |
5305 |
++ case 0x10ec0300: |
5306 |
+ alc_update_coef_idx(codec, 0x10, 1<<9, 0); |
5307 |
+ break; |
5308 |
+ case 0x10ec0275: |
5309 |
+@@ -2830,6 +2831,7 @@ enum { |
5310 |
+ ALC269_TYPE_ALC215, |
5311 |
+ ALC269_TYPE_ALC225, |
5312 |
+ ALC269_TYPE_ALC294, |
5313 |
++ ALC269_TYPE_ALC300, |
5314 |
+ ALC269_TYPE_ALC700, |
5315 |
+ }; |
5316 |
+ |
5317 |
+@@ -2864,6 +2866,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) |
5318 |
+ case ALC269_TYPE_ALC215: |
5319 |
+ case ALC269_TYPE_ALC225: |
5320 |
+ case ALC269_TYPE_ALC294: |
5321 |
++ case ALC269_TYPE_ALC300: |
5322 |
+ case ALC269_TYPE_ALC700: |
5323 |
+ ssids = alc269_ssids; |
5324 |
+ break; |
5325 |
+@@ -5358,6 +5361,16 @@ static void alc274_fixup_bind_dacs(struct hda_codec *codec, |
5326 |
+ spec->gen.preferred_dacs = preferred_pairs; |
5327 |
+ } |
5328 |
+ |
5329 |
++/* The DAC of NID 0x3 will introduce click/pop noise on headphones, so invalidate it */ |
5330 |
++static void alc285_fixup_invalidate_dacs(struct hda_codec *codec, |
5331 |
++ const struct hda_fixup *fix, int action) |
5332 |
++{ |
5333 |
++ if (action != HDA_FIXUP_ACT_PRE_PROBE) |
5334 |
++ return; |
5335 |
++ |
5336 |
++ snd_hda_override_wcaps(codec, 0x03, 0); |
5337 |
++} |
5338 |
++ |
5339 |
+ /* for hda_fixup_thinkpad_acpi() */ |
5340 |
+ #include "thinkpad_helper.c" |
5341 |
+ |
5342 |
+@@ -5495,6 +5508,8 @@ enum { |
5343 |
+ ALC255_FIXUP_DELL_HEADSET_MIC, |
5344 |
+ ALC295_FIXUP_HP_X360, |
5345 |
+ ALC221_FIXUP_HP_HEADSET_MIC, |
5346 |
++ ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, |
5347 |
++ ALC295_FIXUP_HP_AUTO_MUTE, |
5348 |
+ }; |
5349 |
+ |
5350 |
+ static const struct hda_fixup alc269_fixups[] = { |
5351 |
+@@ -5659,6 +5674,8 @@ static const struct hda_fixup alc269_fixups[] = { |
5352 |
+ [ALC269_FIXUP_HP_MUTE_LED_MIC3] = { |
5353 |
+ .type = HDA_FIXUP_FUNC, |
5354 |
+ .v.func = alc269_fixup_hp_mute_led_mic3, |
5355 |
++ .chained = true, |
5356 |
++ .chain_id = ALC295_FIXUP_HP_AUTO_MUTE |
5357 |
+ }, |
5358 |
+ [ALC269_FIXUP_HP_GPIO_LED] = { |
5359 |
+ .type = HDA_FIXUP_FUNC, |
5360 |
+@@ -6362,6 +6379,14 @@ static const struct hda_fixup alc269_fixups[] = { |
5361 |
+ .chained = true, |
5362 |
+ .chain_id = ALC269_FIXUP_HEADSET_MIC |
5363 |
+ }, |
5364 |
++ [ALC285_FIXUP_LENOVO_HEADPHONE_NOISE] = { |
5365 |
++ .type = HDA_FIXUP_FUNC, |
5366 |
++ .v.func = alc285_fixup_invalidate_dacs, |
5367 |
++ }, |
5368 |
++ [ALC295_FIXUP_HP_AUTO_MUTE] = { |
5369 |
++ .type = HDA_FIXUP_FUNC, |
5370 |
++ .v.func = alc_fixup_auto_mute_via_amp, |
5371 |
++ }, |
5372 |
+ }; |
5373 |
+ |
5374 |
+ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
5375 |
+@@ -6532,6 +6557,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
5376 |
+ SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8), |
5377 |
+ SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC), |
5378 |
+ SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC), |
5379 |
++ SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC), |
5380 |
+ SND_PCI_QUIRK(0x17aa, 0x1036, "Lenovo P520", ALC233_FIXUP_LENOVO_MULTI_CODECS), |
5381 |
+ SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE), |
5382 |
+ SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE), |
5383 |
+@@ -7034,6 +7060,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { |
5384 |
+ {0x12, 0x90a60130}, |
5385 |
+ {0x19, 0x03a11020}, |
5386 |
+ {0x21, 0x0321101f}), |
5387 |
++ SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, |
5388 |
++ {0x12, 0x90a60130}, |
5389 |
++ {0x14, 0x90170110}, |
5390 |
++ {0x19, 0x04a11040}, |
5391 |
++ {0x21, 0x04211020}), |
5392 |
+ SND_HDA_PIN_QUIRK(0x10ec0288, 0x1028, "Dell", ALC288_FIXUP_DELL1_MIC_NO_PRESENCE, |
5393 |
+ {0x12, 0x90a60120}, |
5394 |
+ {0x14, 0x90170110}, |
5395 |
+@@ -7295,6 +7326,10 @@ static int patch_alc269(struct hda_codec *codec) |
5396 |
+ spec->gen.mixer_nid = 0; /* ALC2x4 does not have any loopback mixer path */ |
5397 |
+ alc_update_coef_idx(codec, 0x6b, 0x0018, (1<<4) | (1<<3)); /* UAJ MIC Vref control by verb */ |
5398 |
+ break; |
5399 |
++ case 0x10ec0300: |
5400 |
++ spec->codec_variant = ALC269_TYPE_ALC300; |
5401 |
++ spec->gen.mixer_nid = 0; /* no loopback on ALC300 */ |
5402 |
++ break; |
5403 |
+ case 0x10ec0700: |
5404 |
+ case 0x10ec0701: |
5405 |
+ case 0x10ec0703: |
5406 |
+@@ -8404,6 +8439,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = { |
5407 |
+ HDA_CODEC_ENTRY(0x10ec0295, "ALC295", patch_alc269), |
5408 |
+ HDA_CODEC_ENTRY(0x10ec0298, "ALC298", patch_alc269), |
5409 |
+ HDA_CODEC_ENTRY(0x10ec0299, "ALC299", patch_alc269), |
5410 |
++ HDA_CODEC_ENTRY(0x10ec0300, "ALC300", patch_alc269), |
5411 |
+ HDA_CODEC_REV_ENTRY(0x10ec0861, 0x100340, "ALC660", patch_alc861), |
5412 |
+ HDA_CODEC_ENTRY(0x10ec0660, "ALC660-VD", patch_alc861vd), |
5413 |
+ HDA_CODEC_ENTRY(0x10ec0861, "ALC861", patch_alc861), |
5414 |
+diff --git a/sound/soc/codecs/pcm186x.h b/sound/soc/codecs/pcm186x.h |
5415 |
+index 2c6ba55bf394..bb3f0c42a1cd 100644 |
5416 |
+--- a/sound/soc/codecs/pcm186x.h |
5417 |
++++ b/sound/soc/codecs/pcm186x.h |
5418 |
+@@ -139,7 +139,7 @@ enum pcm186x_type { |
5419 |
+ #define PCM186X_MAX_REGISTER PCM186X_CURR_TRIM_CTRL |
5420 |
+ |
5421 |
+ /* PCM186X_PAGE */ |
5422 |
+-#define PCM186X_RESET 0xff |
5423 |
++#define PCM186X_RESET 0xfe |
5424 |
+ |
5425 |
+ /* PCM186X_ADCX_INPUT_SEL_X */ |
5426 |
+ #define PCM186X_ADC_INPUT_SEL_POL BIT(7) |
5427 |
+diff --git a/sound/soc/intel/boards/cht_bsw_max98090_ti.c b/sound/soc/intel/boards/cht_bsw_max98090_ti.c |
5428 |
+index db6976f4ddaa..9d9f6e41d81c 100644 |
5429 |
+--- a/sound/soc/intel/boards/cht_bsw_max98090_ti.c |
5430 |
++++ b/sound/soc/intel/boards/cht_bsw_max98090_ti.c |
5431 |
+@@ -19,6 +19,7 @@ |
5432 |
+ * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
5433 |
+ */ |
5434 |
+ |
5435 |
++#include <linux/dmi.h> |
5436 |
+ #include <linux/module.h> |
5437 |
+ #include <linux/platform_device.h> |
5438 |
+ #include <linux/slab.h> |
5439 |
+@@ -35,6 +36,8 @@ |
5440 |
+ #define CHT_PLAT_CLK_3_HZ 19200000 |
5441 |
+ #define CHT_CODEC_DAI "HiFi" |
5442 |
+ |
5443 |
++#define QUIRK_PMC_PLT_CLK_0 0x01 |
5444 |
++ |
5445 |
+ struct cht_mc_private { |
5446 |
+ struct clk *mclk; |
5447 |
+ struct snd_soc_jack jack; |
5448 |
+@@ -385,11 +388,29 @@ static struct snd_soc_card snd_soc_card_cht = { |
5449 |
+ .num_controls = ARRAY_SIZE(cht_mc_controls), |
5450 |
+ }; |
5451 |
+ |
5452 |
++static const struct dmi_system_id cht_max98090_quirk_table[] = { |
5453 |
++ { |
5454 |
++ /* Swanky model Chromebook (Toshiba Chromebook 2) */ |
5455 |
++ .matches = { |
5456 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "Swanky"), |
5457 |
++ }, |
5458 |
++ .driver_data = (void *)QUIRK_PMC_PLT_CLK_0, |
5459 |
++ }, |
5460 |
++ {} |
5461 |
++}; |
5462 |
++ |
5463 |
+ static int snd_cht_mc_probe(struct platform_device *pdev) |
5464 |
+ { |
5465 |
++ const struct dmi_system_id *dmi_id; |
5466 |
+ struct device *dev = &pdev->dev; |
5467 |
+ int ret_val = 0; |
5468 |
+ struct cht_mc_private *drv; |
5469 |
++ const char *mclk_name; |
5470 |
++ int quirks = 0; |
5471 |
++ |
5472 |
++ dmi_id = dmi_first_match(cht_max98090_quirk_table); |
5473 |
++ if (dmi_id) |
5474 |
++ quirks = (unsigned long)dmi_id->driver_data; |
5475 |
+ |
5476 |
+ drv = devm_kzalloc(&pdev->dev, sizeof(*drv), GFP_KERNEL); |
5477 |
+ if (!drv) |
5478 |
+@@ -411,11 +432,16 @@ static int snd_cht_mc_probe(struct platform_device *pdev) |
5479 |
+ snd_soc_card_cht.dev = &pdev->dev; |
5480 |
+ snd_soc_card_set_drvdata(&snd_soc_card_cht, drv); |
5481 |
+ |
5482 |
+- drv->mclk = devm_clk_get(&pdev->dev, "pmc_plt_clk_3"); |
5483 |
++ if (quirks & QUIRK_PMC_PLT_CLK_0) |
5484 |
++ mclk_name = "pmc_plt_clk_0"; |
5485 |
++ else |
5486 |
++ mclk_name = "pmc_plt_clk_3"; |
5487 |
++ |
5488 |
++ drv->mclk = devm_clk_get(&pdev->dev, mclk_name); |
5489 |
+ if (IS_ERR(drv->mclk)) { |
5490 |
+ dev_err(&pdev->dev, |
5491 |
+- "Failed to get MCLK from pmc_plt_clk_3: %ld\n", |
5492 |
+- PTR_ERR(drv->mclk)); |
5493 |
++ "Failed to get MCLK from %s: %ld\n", |
5494 |
++ mclk_name, PTR_ERR(drv->mclk)); |
5495 |
+ return PTR_ERR(drv->mclk); |
5496 |
+ } |
5497 |
+ |
5498 |
+diff --git a/sound/sparc/cs4231.c b/sound/sparc/cs4231.c |
5499 |
+index e73c962590eb..079063d8038d 100644 |
5500 |
+--- a/sound/sparc/cs4231.c |
5501 |
++++ b/sound/sparc/cs4231.c |
5502 |
+@@ -1146,10 +1146,8 @@ static int snd_cs4231_playback_open(struct snd_pcm_substream *substream) |
5503 |
+ runtime->hw = snd_cs4231_playback; |
5504 |
+ |
5505 |
+ err = snd_cs4231_open(chip, CS4231_MODE_PLAY); |
5506 |
+- if (err < 0) { |
5507 |
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5508 |
++ if (err < 0) |
5509 |
+ return err; |
5510 |
+- } |
5511 |
+ chip->playback_substream = substream; |
5512 |
+ chip->p_periods_sent = 0; |
5513 |
+ snd_pcm_set_sync(substream); |
5514 |
+@@ -1167,10 +1165,8 @@ static int snd_cs4231_capture_open(struct snd_pcm_substream *substream) |
5515 |
+ runtime->hw = snd_cs4231_capture; |
5516 |
+ |
5517 |
+ err = snd_cs4231_open(chip, CS4231_MODE_RECORD); |
5518 |
+- if (err < 0) { |
5519 |
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5520 |
++ if (err < 0) |
5521 |
+ return err; |
5522 |
+- } |
5523 |
+ chip->capture_substream = substream; |
5524 |
+ chip->c_periods_sent = 0; |
5525 |
+ snd_pcm_set_sync(substream); |
5526 |
+diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h |
5527 |
+index c0d7ea0bf5b6..b17201edfa09 100644 |
5528 |
+--- a/tools/include/uapi/linux/prctl.h |
5529 |
++++ b/tools/include/uapi/linux/prctl.h |
5530 |
+@@ -212,6 +212,7 @@ struct prctl_mm_map { |
5531 |
+ #define PR_SET_SPECULATION_CTRL 53 |
5532 |
+ /* Speculation control variants */ |
5533 |
+ # define PR_SPEC_STORE_BYPASS 0 |
5534 |
++# define PR_SPEC_INDIRECT_BRANCH 1 |
5535 |
+ /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ |
5536 |
+ # define PR_SPEC_NOT_AFFECTED 0 |
5537 |
+ # define PR_SPEC_PRCTL (1UL << 0) |