Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.19 commit in: /
Date: Thu, 11 Aug 2022 12:32:17
Message-Id: 1660221122.7168afb285a989bf42870f28d2f479e9ddb1bda8.mpagano@gentoo
1 commit: 7168afb285a989bf42870f28d2f479e9ddb1bda8
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Thu Aug 11 12:32:02 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Thu Aug 11 12:32:02 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=7168afb2
7
8 Linux patch 5.19.1
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1000_linux-5.19.1.patch | 754 ++++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 758 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 3d9202d9..6335a155 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -43,6 +43,10 @@ EXPERIMENTAL
21 Individual Patch Descriptions:
22 --------------------------------------------------------------------------
23
24 +Patch: 1000_linux-5.19.1.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 5.19.1
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1000_linux-5.19.1.patch b/1000_linux-5.19.1.patch
33 new file mode 100644
34 index 00000000..24359699
35 --- /dev/null
36 +++ b/1000_linux-5.19.1.patch
37 @@ -0,0 +1,754 @@
38 +diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst
39 +index 9e9556826450b..2ce2a38cdd556 100644
40 +--- a/Documentation/admin-guide/hw-vuln/spectre.rst
41 ++++ b/Documentation/admin-guide/hw-vuln/spectre.rst
42 +@@ -422,6 +422,14 @@ The possible values in this file are:
43 + 'RSB filling' Protection of RSB on context switch enabled
44 + ============= ===========================================
45 +
46 ++ - EIBRS Post-barrier Return Stack Buffer (PBRSB) protection status:
47 ++
48 ++ =========================== =======================================================
49 ++ 'PBRSB-eIBRS: SW sequence' CPU is affected and protection of RSB on VMEXIT enabled
50 ++ 'PBRSB-eIBRS: Vulnerable' CPU is vulnerable
51 ++ 'PBRSB-eIBRS: Not affected' CPU is not affected by PBRSB
52 ++ =========================== =======================================================
53 ++
54 + Full mitigation might require a microcode update from the CPU
55 + vendor. When the necessary microcode is not available, the kernel will
56 + report vulnerability.
57 +diff --git a/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml b/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml
58 +index 5aac094fd2172..58ecafc1b7f90 100644
59 +--- a/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml
60 ++++ b/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml
61 +@@ -23,6 +23,7 @@ properties:
62 + - brcm,bcm4345c5
63 + - brcm,bcm43540-bt
64 + - brcm,bcm4335a0
65 ++ - brcm,bcm4349-bt
66 +
67 + shutdown-gpios:
68 + maxItems: 1
69 +diff --git a/Makefile b/Makefile
70 +index df92892325ae0..3acb329035eb9 100644
71 +--- a/Makefile
72 ++++ b/Makefile
73 +@@ -1,7 +1,7 @@
74 + # SPDX-License-Identifier: GPL-2.0
75 + VERSION = 5
76 + PATCHLEVEL = 19
77 +-SUBLEVEL = 0
78 ++SUBLEVEL = 1
79 + EXTRAVERSION =
80 + NAME = Superb Owl
81 +
82 +diff --git a/arch/arm64/crypto/poly1305-glue.c b/arch/arm64/crypto/poly1305-glue.c
83 +index 9c3d86e397bf3..1fae18ba11ed1 100644
84 +--- a/arch/arm64/crypto/poly1305-glue.c
85 ++++ b/arch/arm64/crypto/poly1305-glue.c
86 +@@ -52,7 +52,7 @@ static void neon_poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src,
87 + {
88 + if (unlikely(!dctx->sset)) {
89 + if (!dctx->rset) {
90 +- poly1305_init_arch(dctx, src);
91 ++ poly1305_init_arm64(&dctx->h, src);
92 + src += POLY1305_BLOCK_SIZE;
93 + len -= POLY1305_BLOCK_SIZE;
94 + dctx->rset = 1;
95 +diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h
96 +index 96dc0f7da258d..a971d462f531c 100644
97 +--- a/arch/arm64/include/asm/kernel-pgtable.h
98 ++++ b/arch/arm64/include/asm/kernel-pgtable.h
99 +@@ -103,8 +103,8 @@
100 + /*
101 + * Initial memory map attributes.
102 + */
103 +-#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
104 +-#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
105 ++#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN)
106 ++#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PMD_SECT_UXN)
107 +
108 + #if ARM64_KERNEL_USES_PMD_MAPS
109 + #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS)
110 +diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
111 +index 6a98f1a38c29a..8a93a0a7489b2 100644
112 +--- a/arch/arm64/kernel/head.S
113 ++++ b/arch/arm64/kernel/head.S
114 +@@ -285,7 +285,7 @@ SYM_FUNC_START_LOCAL(__create_page_tables)
115 + subs x1, x1, #64
116 + b.ne 1b
117 +
118 +- mov x7, SWAPPER_MM_MMUFLAGS
119 ++ mov_q x7, SWAPPER_MM_MMUFLAGS
120 +
121 + /*
122 + * Create the identity mapping.
123 +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
124 +index a77b915d36a8e..ede8990f3e416 100644
125 +--- a/arch/x86/include/asm/cpufeatures.h
126 ++++ b/arch/x86/include/asm/cpufeatures.h
127 +@@ -303,6 +303,7 @@
128 + #define X86_FEATURE_RETHUNK (11*32+14) /* "" Use REturn THUNK */
129 + #define X86_FEATURE_UNRET (11*32+15) /* "" AMD BTB untrain return */
130 + #define X86_FEATURE_USE_IBPB_FW (11*32+16) /* "" Use IBPB during runtime firmware calls */
131 ++#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+17) /* "" Fill RSB on VM exit when EIBRS is enabled */
132 +
133 + /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
134 + #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */
135 +@@ -456,5 +457,6 @@
136 + #define X86_BUG_SRBDS X86_BUG(24) /* CPU may leak RNG bits if not mitigated */
137 + #define X86_BUG_MMIO_STALE_DATA X86_BUG(25) /* CPU is affected by Processor MMIO Stale Data vulnerabilities */
138 + #define X86_BUG_RETBLEED X86_BUG(26) /* CPU is affected by RETBleed */
139 ++#define X86_BUG_EIBRS_PBRSB X86_BUG(27) /* EIBRS is vulnerable to Post Barrier RSB Predictions */
140 +
141 + #endif /* _ASM_X86_CPUFEATURES_H */
142 +diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
143 +index cc615be27a54b..e057e039173cb 100644
144 +--- a/arch/x86/include/asm/msr-index.h
145 ++++ b/arch/x86/include/asm/msr-index.h
146 +@@ -150,6 +150,10 @@
147 + * are restricted to targets in
148 + * kernel.
149 + */
150 ++#define ARCH_CAP_PBRSB_NO BIT(24) /*
151 ++ * Not susceptible to Post-Barrier
152 ++ * Return Stack Buffer Predictions.
153 ++ */
154 +
155 + #define MSR_IA32_FLUSH_CMD 0x0000010b
156 + #define L1D_FLUSH BIT(0) /*
157 +diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
158 +index 38a3e86e665ef..d3a3cc6772ee1 100644
159 +--- a/arch/x86/include/asm/nospec-branch.h
160 ++++ b/arch/x86/include/asm/nospec-branch.h
161 +@@ -60,7 +60,9 @@
162 + 774: \
163 + add $(BITS_PER_LONG/8) * 2, sp; \
164 + dec reg; \
165 +- jnz 771b;
166 ++ jnz 771b; \
167 ++ /* barrier for jnz misprediction */ \
168 ++ lfence;
169 +
170 + #ifdef __ASSEMBLY__
171 +
172 +@@ -118,13 +120,28 @@
173 + #endif
174 + .endm
175 +
176 ++.macro ISSUE_UNBALANCED_RET_GUARD
177 ++ ANNOTATE_INTRA_FUNCTION_CALL
178 ++ call .Lunbalanced_ret_guard_\@
179 ++ int3
180 ++.Lunbalanced_ret_guard_\@:
181 ++ add $(BITS_PER_LONG/8), %_ASM_SP
182 ++ lfence
183 ++.endm
184 ++
185 + /*
186 + * A simpler FILL_RETURN_BUFFER macro. Don't make people use the CPP
187 + * monstrosity above, manually.
188 + */
189 +-.macro FILL_RETURN_BUFFER reg:req nr:req ftr:req
190 ++.macro FILL_RETURN_BUFFER reg:req nr:req ftr:req ftr2
191 ++.ifb \ftr2
192 + ALTERNATIVE "jmp .Lskip_rsb_\@", "", \ftr
193 ++.else
194 ++ ALTERNATIVE_2 "jmp .Lskip_rsb_\@", "", \ftr, "jmp .Lunbalanced_\@", \ftr2
195 ++.endif
196 + __FILL_RETURN_BUFFER(\reg,\nr,%_ASM_SP)
197 ++.Lunbalanced_\@:
198 ++ ISSUE_UNBALANCED_RET_GUARD
199 + .Lskip_rsb_\@:
200 + .endm
201 +
202 +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
203 +index 6761668100b9f..9f7e751b91df9 100644
204 +--- a/arch/x86/kernel/cpu/bugs.c
205 ++++ b/arch/x86/kernel/cpu/bugs.c
206 +@@ -1335,6 +1335,53 @@ static void __init spec_ctrl_disable_kernel_rrsba(void)
207 + }
208 + }
209 +
210 ++static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_mitigation mode)
211 ++{
212 ++ /*
213 ++ * Similar to context switches, there are two types of RSB attacks
214 ++ * after VM exit:
215 ++ *
216 ++ * 1) RSB underflow
217 ++ *
218 ++ * 2) Poisoned RSB entry
219 ++ *
220 ++ * When retpoline is enabled, both are mitigated by filling/clearing
221 ++ * the RSB.
222 ++ *
223 ++ * When IBRS is enabled, while #1 would be mitigated by the IBRS branch
224 ++ * prediction isolation protections, RSB still needs to be cleared
225 ++ * because of #2. Note that SMEP provides no protection here, unlike
226 ++ * user-space-poisoned RSB entries.
227 ++ *
228 ++ * eIBRS should protect against RSB poisoning, but if the EIBRS_PBRSB
229 ++ * bug is present then a LITE version of RSB protection is required,
230 ++ * just a single call needs to retire before a RET is executed.
231 ++ */
232 ++ switch (mode) {
233 ++ case SPECTRE_V2_NONE:
234 ++ return;
235 ++
236 ++ case SPECTRE_V2_EIBRS_LFENCE:
237 ++ case SPECTRE_V2_EIBRS:
238 ++ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) {
239 ++ setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT_LITE);
240 ++ pr_info("Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT\n");
241 ++ }
242 ++ return;
243 ++
244 ++ case SPECTRE_V2_EIBRS_RETPOLINE:
245 ++ case SPECTRE_V2_RETPOLINE:
246 ++ case SPECTRE_V2_LFENCE:
247 ++ case SPECTRE_V2_IBRS:
248 ++ setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT);
249 ++ pr_info("Spectre v2 / SpectreRSB : Filling RSB on VMEXIT\n");
250 ++ return;
251 ++ }
252 ++
253 ++ pr_warn_once("Unknown Spectre v2 mode, disabling RSB mitigation at VM exit");
254 ++ dump_stack();
255 ++}
256 ++
257 + static void __init spectre_v2_select_mitigation(void)
258 + {
259 + enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
260 +@@ -1485,28 +1532,7 @@ static void __init spectre_v2_select_mitigation(void)
261 + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
262 + pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
263 +
264 +- /*
265 +- * Similar to context switches, there are two types of RSB attacks
266 +- * after vmexit:
267 +- *
268 +- * 1) RSB underflow
269 +- *
270 +- * 2) Poisoned RSB entry
271 +- *
272 +- * When retpoline is enabled, both are mitigated by filling/clearing
273 +- * the RSB.
274 +- *
275 +- * When IBRS is enabled, while #1 would be mitigated by the IBRS branch
276 +- * prediction isolation protections, RSB still needs to be cleared
277 +- * because of #2. Note that SMEP provides no protection here, unlike
278 +- * user-space-poisoned RSB entries.
279 +- *
280 +- * eIBRS, on the other hand, has RSB-poisoning protections, so it
281 +- * doesn't need RSB clearing after vmexit.
282 +- */
283 +- if (boot_cpu_has(X86_FEATURE_RETPOLINE) ||
284 +- boot_cpu_has(X86_FEATURE_KERNEL_IBRS))
285 +- setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT);
286 ++ spectre_v2_determine_rsb_fill_type_at_vmexit(mode);
287 +
288 + /*
289 + * Retpoline protects the kernel, but doesn't protect firmware. IBRS
290 +@@ -2292,6 +2318,19 @@ static char *ibpb_state(void)
291 + return "";
292 + }
293 +
294 ++static char *pbrsb_eibrs_state(void)
295 ++{
296 ++ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) {
297 ++ if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) ||
298 ++ boot_cpu_has(X86_FEATURE_RSB_VMEXIT))
299 ++ return ", PBRSB-eIBRS: SW sequence";
300 ++ else
301 ++ return ", PBRSB-eIBRS: Vulnerable";
302 ++ } else {
303 ++ return ", PBRSB-eIBRS: Not affected";
304 ++ }
305 ++}
306 ++
307 + static ssize_t spectre_v2_show_state(char *buf)
308 + {
309 + if (spectre_v2_enabled == SPECTRE_V2_LFENCE)
310 +@@ -2304,12 +2343,13 @@ static ssize_t spectre_v2_show_state(char *buf)
311 + spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE)
312 + return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n");
313 +
314 +- return sprintf(buf, "%s%s%s%s%s%s\n",
315 ++ return sprintf(buf, "%s%s%s%s%s%s%s\n",
316 + spectre_v2_strings[spectre_v2_enabled],
317 + ibpb_state(),
318 + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
319 + stibp_state(),
320 + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",
321 ++ pbrsb_eibrs_state(),
322 + spectre_v2_module_string());
323 + }
324 +
325 +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
326 +index 736262a76a12b..64a73f415f036 100644
327 +--- a/arch/x86/kernel/cpu/common.c
328 ++++ b/arch/x86/kernel/cpu/common.c
329 +@@ -1135,6 +1135,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
330 + #define NO_SWAPGS BIT(6)
331 + #define NO_ITLB_MULTIHIT BIT(7)
332 + #define NO_SPECTRE_V2 BIT(8)
333 ++#define NO_EIBRS_PBRSB BIT(9)
334 +
335 + #define VULNWL(vendor, family, model, whitelist) \
336 + X86_MATCH_VENDOR_FAM_MODEL(vendor, family, model, whitelist)
337 +@@ -1177,7 +1178,7 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
338 +
339 + VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT),
340 + VULNWL_INTEL(ATOM_GOLDMONT_D, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT),
341 +- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT),
342 ++ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB),
343 +
344 + /*
345 + * Technically, swapgs isn't serializing on AMD (despite it previously
346 +@@ -1187,7 +1188,9 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
347 + * good enough for our purposes.
348 + */
349 +
350 +- VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT),
351 ++ VULNWL_INTEL(ATOM_TREMONT, NO_EIBRS_PBRSB),
352 ++ VULNWL_INTEL(ATOM_TREMONT_L, NO_EIBRS_PBRSB),
353 ++ VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB),
354 +
355 + /* AMD Family 0xf - 0x12 */
356 + VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
357 +@@ -1365,6 +1368,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
358 + setup_force_cpu_bug(X86_BUG_RETBLEED);
359 + }
360 +
361 ++ if (cpu_has(c, X86_FEATURE_IBRS_ENHANCED) &&
362 ++ !cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) &&
363 ++ !(ia32_cap & ARCH_CAP_PBRSB_NO))
364 ++ setup_force_cpu_bug(X86_BUG_EIBRS_PBRSB);
365 ++
366 + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
367 + return;
368 +
369 +diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S
370 +index 4182c7ffc9091..6de96b9438044 100644
371 +--- a/arch/x86/kvm/vmx/vmenter.S
372 ++++ b/arch/x86/kvm/vmx/vmenter.S
373 +@@ -227,11 +227,13 @@ SYM_INNER_LABEL(vmx_vmexit, SYM_L_GLOBAL)
374 + * entries and (in some cases) RSB underflow.
375 + *
376 + * eIBRS has its own protection against poisoned RSB, so it doesn't
377 +- * need the RSB filling sequence. But it does need to be enabled
378 +- * before the first unbalanced RET.
379 ++ * need the RSB filling sequence. But it does need to be enabled, and a
380 ++ * single call to retire, before the first unbalanced RET.
381 + */
382 +
383 +- FILL_RETURN_BUFFER %_ASM_CX, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT
384 ++ FILL_RETURN_BUFFER %_ASM_CX, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT,\
385 ++ X86_FEATURE_RSB_VMEXIT_LITE
386 ++
387 +
388 + pop %_ASM_ARG2 /* @flags */
389 + pop %_ASM_ARG1 /* @vmx */
390 +diff --git a/block/blk-ioc.c b/block/blk-ioc.c
391 +index df9cfe4ca5328..63fc020424082 100644
392 +--- a/block/blk-ioc.c
393 ++++ b/block/blk-ioc.c
394 +@@ -247,6 +247,8 @@ static struct io_context *alloc_io_context(gfp_t gfp_flags, int node)
395 + INIT_HLIST_HEAD(&ioc->icq_list);
396 + INIT_WORK(&ioc->release_work, ioc_release_fn);
397 + #endif
398 ++ ioc->ioprio = IOPRIO_DEFAULT;
399 ++
400 + return ioc;
401 + }
402 +
403 +diff --git a/block/ioprio.c b/block/ioprio.c
404 +index 2fe068fcaad58..2a34cbca18aed 100644
405 +--- a/block/ioprio.c
406 ++++ b/block/ioprio.c
407 +@@ -157,9 +157,9 @@ out:
408 + int ioprio_best(unsigned short aprio, unsigned short bprio)
409 + {
410 + if (!ioprio_valid(aprio))
411 +- aprio = IOPRIO_DEFAULT;
412 ++ aprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_BE_NORM);
413 + if (!ioprio_valid(bprio))
414 +- bprio = IOPRIO_DEFAULT;
415 ++ bprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_BE_NORM);
416 +
417 + return min(aprio, bprio);
418 + }
419 +diff --git a/drivers/acpi/apei/bert.c b/drivers/acpi/apei/bert.c
420 +index 598fd19b65fa4..45973aa6e06d4 100644
421 +--- a/drivers/acpi/apei/bert.c
422 ++++ b/drivers/acpi/apei/bert.c
423 +@@ -29,16 +29,26 @@
424 +
425 + #undef pr_fmt
426 + #define pr_fmt(fmt) "BERT: " fmt
427 ++
428 ++#define ACPI_BERT_PRINT_MAX_RECORDS 5
429 + #define ACPI_BERT_PRINT_MAX_LEN 1024
430 +
431 + static int bert_disable;
432 +
433 ++/*
434 ++ * Print "all" the error records in the BERT table, but avoid huge spam to
435 ++ * the console if the BIOS included oversize records, or too many records.
436 ++ * Skipping some records here does not lose anything because the full
437 ++ * data is available to user tools in:
438 ++ * /sys/firmware/acpi/tables/data/BERT
439 ++ */
440 + static void __init bert_print_all(struct acpi_bert_region *region,
441 + unsigned int region_len)
442 + {
443 + struct acpi_hest_generic_status *estatus =
444 + (struct acpi_hest_generic_status *)region;
445 + int remain = region_len;
446 ++ int printed = 0, skipped = 0;
447 + u32 estatus_len;
448 +
449 + while (remain >= sizeof(struct acpi_bert_region)) {
450 +@@ -46,24 +56,26 @@ static void __init bert_print_all(struct acpi_bert_region *region,
451 + if (remain < estatus_len) {
452 + pr_err(FW_BUG "Truncated status block (length: %u).\n",
453 + estatus_len);
454 +- return;
455 ++ break;
456 + }
457 +
458 + /* No more error records. */
459 + if (!estatus->block_status)
460 +- return;
461 ++ break;
462 +
463 + if (cper_estatus_check(estatus)) {
464 + pr_err(FW_BUG "Invalid error record.\n");
465 +- return;
466 ++ break;
467 + }
468 +
469 +- pr_info_once("Error records from previous boot:\n");
470 +- if (region_len < ACPI_BERT_PRINT_MAX_LEN)
471 ++ if (estatus_len < ACPI_BERT_PRINT_MAX_LEN &&
472 ++ printed < ACPI_BERT_PRINT_MAX_RECORDS) {
473 ++ pr_info_once("Error records from previous boot:\n");
474 + cper_estatus_print(KERN_INFO HW_ERR, estatus);
475 +- else
476 +- pr_info_once("Max print length exceeded, table data is available at:\n"
477 +- "/sys/firmware/acpi/tables/data/BERT");
478 ++ printed++;
479 ++ } else {
480 ++ skipped++;
481 ++ }
482 +
483 + /*
484 + * Because the boot error source is "one-time polled" type,
485 +@@ -75,6 +87,9 @@ static void __init bert_print_all(struct acpi_bert_region *region,
486 + estatus = (void *)estatus + estatus_len;
487 + remain -= estatus_len;
488 + }
489 ++
490 ++ if (skipped)
491 ++ pr_info(HW_ERR "Skipped %d error records\n", skipped);
492 + }
493 +
494 + static int __init setup_bert_disable(char *str)
495 +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
496 +index becc198e4c224..6615f59ab7fd2 100644
497 +--- a/drivers/acpi/video_detect.c
498 ++++ b/drivers/acpi/video_detect.c
499 +@@ -430,7 +430,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
500 + .callback = video_detect_force_native,
501 + .ident = "Clevo NL5xRU",
502 + .matches = {
503 +- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
504 + DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"),
505 + },
506 + },
507 +@@ -438,59 +437,75 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
508 + .callback = video_detect_force_native,
509 + .ident = "Clevo NL5xRU",
510 + .matches = {
511 +- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"),
512 +- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"),
513 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
514 ++ DMI_MATCH(DMI_BOARD_NAME, "AURA1501"),
515 + },
516 + },
517 + {
518 + .callback = video_detect_force_native,
519 + .ident = "Clevo NL5xRU",
520 + .matches = {
521 +- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"),
522 +- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"),
523 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
524 ++ DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"),
525 + },
526 + },
527 + {
528 + .callback = video_detect_force_native,
529 +- .ident = "Clevo NL5xRU",
530 ++ .ident = "Clevo NL5xNU",
531 + .matches = {
532 +- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
533 +- DMI_MATCH(DMI_BOARD_NAME, "AURA1501"),
534 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
535 + },
536 + },
537 ++ /*
538 ++ * The TongFang PF5PU1G, PF4NU1F, PF5NU1G, and PF5LUXG/TUXEDO BA15 Gen10,
539 ++ * Pulse 14/15 Gen1, and Pulse 15 Gen2 have the same problem as the Clevo
540 ++ * NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2. See the description
541 ++ * above.
542 ++ */
543 + {
544 + .callback = video_detect_force_native,
545 +- .ident = "Clevo NL5xRU",
546 ++ .ident = "TongFang PF5PU1G",
547 + .matches = {
548 +- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
549 +- DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"),
550 ++ DMI_MATCH(DMI_BOARD_NAME, "PF5PU1G"),
551 + },
552 + },
553 + {
554 + .callback = video_detect_force_native,
555 +- .ident = "Clevo NL5xNU",
556 ++ .ident = "TongFang PF4NU1F",
557 ++ .matches = {
558 ++ DMI_MATCH(DMI_BOARD_NAME, "PF4NU1F"),
559 ++ },
560 ++ },
561 ++ {
562 ++ .callback = video_detect_force_native,
563 ++ .ident = "TongFang PF4NU1F",
564 + .matches = {
565 + DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
566 +- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
567 ++ DMI_MATCH(DMI_BOARD_NAME, "PULSE1401"),
568 + },
569 + },
570 + {
571 + .callback = video_detect_force_native,
572 +- .ident = "Clevo NL5xNU",
573 ++ .ident = "TongFang PF5NU1G",
574 + .matches = {
575 +- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"),
576 +- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
577 ++ DMI_MATCH(DMI_BOARD_NAME, "PF5NU1G"),
578 + },
579 + },
580 + {
581 + .callback = video_detect_force_native,
582 +- .ident = "Clevo NL5xNU",
583 ++ .ident = "TongFang PF5NU1G",
584 + .matches = {
585 +- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"),
586 +- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
587 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
588 ++ DMI_MATCH(DMI_BOARD_NAME, "PULSE1501"),
589 ++ },
590 ++ },
591 ++ {
592 ++ .callback = video_detect_force_native,
593 ++ .ident = "TongFang PF5LUXG",
594 ++ .matches = {
595 ++ DMI_MATCH(DMI_BOARD_NAME, "PF5LUXG"),
596 + },
597 + },
598 +-
599 + /*
600 + * Desktops which falsely report a backlight and which our heuristics
601 + * for this do not catch.
602 +diff --git a/drivers/ata/sata_mv.c b/drivers/ata/sata_mv.c
603 +index de5bd02cad447..e3cff01201b80 100644
604 +--- a/drivers/ata/sata_mv.c
605 ++++ b/drivers/ata/sata_mv.c
606 +@@ -4057,7 +4057,7 @@ static int mv_platform_probe(struct platform_device *pdev)
607 + /*
608 + * Simple resource validation ..
609 + */
610 +- if (unlikely(pdev->num_resources != 2)) {
611 ++ if (unlikely(pdev->num_resources != 1)) {
612 + dev_err(&pdev->dev, "invalid number of resources\n");
613 + return -EINVAL;
614 + }
615 +diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c
616 +index 76fbb046bdbe8..c9cda681c691e 100644
617 +--- a/drivers/bluetooth/btbcm.c
618 ++++ b/drivers/bluetooth/btbcm.c
619 +@@ -454,6 +454,8 @@ static const struct bcm_subver_table bcm_uart_subver_table[] = {
620 + { 0x6606, "BCM4345C5" }, /* 003.006.006 */
621 + { 0x230f, "BCM4356A2" }, /* 001.003.015 */
622 + { 0x220e, "BCM20702A1" }, /* 001.002.014 */
623 ++ { 0x420d, "BCM4349B1" }, /* 002.002.013 */
624 ++ { 0x420e, "BCM4349B1" }, /* 002.002.014 */
625 + { 0x4217, "BCM4329B1" }, /* 002.002.023 */
626 + { 0x6106, "BCM4359C0" }, /* 003.001.006 */
627 + { 0x4106, "BCM4335A0" }, /* 002.001.006 */
628 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
629 +index e25fcd49db702..aaba2d7371781 100644
630 +--- a/drivers/bluetooth/btusb.c
631 ++++ b/drivers/bluetooth/btusb.c
632 +@@ -427,6 +427,18 @@ static const struct usb_device_id blacklist_table[] = {
633 + { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK |
634 + BTUSB_WIDEBAND_SPEECH },
635 +
636 ++ /* Realtek 8852CE Bluetooth devices */
637 ++ { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK |
638 ++ BTUSB_WIDEBAND_SPEECH },
639 ++ { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK |
640 ++ BTUSB_WIDEBAND_SPEECH },
641 ++ { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK |
642 ++ BTUSB_WIDEBAND_SPEECH },
643 ++ { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK |
644 ++ BTUSB_WIDEBAND_SPEECH },
645 ++ { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK |
646 ++ BTUSB_WIDEBAND_SPEECH },
647 ++
648 + /* Realtek Bluetooth devices */
649 + { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
650 + .driver_info = BTUSB_REALTEK },
651 +@@ -477,6 +489,9 @@ static const struct usb_device_id blacklist_table[] = {
652 + { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK |
653 + BTUSB_WIDEBAND_SPEECH |
654 + BTUSB_VALID_LE_STATES },
655 ++ { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK |
656 ++ BTUSB_WIDEBAND_SPEECH |
657 ++ BTUSB_VALID_LE_STATES },
658 +
659 + /* Additional Realtek 8723AE Bluetooth devices */
660 + { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
661 +diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
662 +index 785f445dd60d5..49bed66b8c84e 100644
663 +--- a/drivers/bluetooth/hci_bcm.c
664 ++++ b/drivers/bluetooth/hci_bcm.c
665 +@@ -1544,8 +1544,10 @@ static const struct of_device_id bcm_bluetooth_of_match[] = {
666 + { .compatible = "brcm,bcm43430a0-bt" },
667 + { .compatible = "brcm,bcm43430a1-bt" },
668 + { .compatible = "brcm,bcm43438-bt", .data = &bcm43438_device_data },
669 ++ { .compatible = "brcm,bcm4349-bt", .data = &bcm43438_device_data },
670 + { .compatible = "brcm,bcm43540-bt", .data = &bcm4354_device_data },
671 + { .compatible = "brcm,bcm4335a0" },
672 ++ { .compatible = "infineon,cyw55572-bt" },
673 + { },
674 + };
675 + MODULE_DEVICE_TABLE(of, bcm_bluetooth_of_match);
676 +diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
677 +index eab34e24d9446..8df11016fd51b 100644
678 +--- a/drivers/bluetooth/hci_qca.c
679 ++++ b/drivers/bluetooth/hci_qca.c
680 +@@ -1588,7 +1588,7 @@ static bool qca_wakeup(struct hci_dev *hdev)
681 + wakeup = device_may_wakeup(hu->serdev->ctrl->dev.parent);
682 + bt_dev_dbg(hu->hdev, "wakeup status : %d", wakeup);
683 +
684 +- return !wakeup;
685 ++ return wakeup;
686 + }
687 +
688 + static int qca_regulator_init(struct hci_uart *hu)
689 +diff --git a/drivers/macintosh/adb.c b/drivers/macintosh/adb.c
690 +index 439fab4eaa850..1bbb9ca08d40f 100644
691 +--- a/drivers/macintosh/adb.c
692 ++++ b/drivers/macintosh/adb.c
693 +@@ -647,7 +647,7 @@ do_adb_query(struct adb_request *req)
694 +
695 + switch(req->data[1]) {
696 + case ADB_QUERY_GETDEVINFO:
697 +- if (req->nbytes < 3)
698 ++ if (req->nbytes < 3 || req->data[2] >= 16)
699 + break;
700 + mutex_lock(&adb_handler_mutex);
701 + req->reply[0] = adb_handler[req->data[2]].original_address;
702 +diff --git a/include/linux/ioprio.h b/include/linux/ioprio.h
703 +index 3f53bc27a19bf..3d088a88f8320 100644
704 +--- a/include/linux/ioprio.h
705 ++++ b/include/linux/ioprio.h
706 +@@ -11,7 +11,7 @@
707 + /*
708 + * Default IO priority.
709 + */
710 +-#define IOPRIO_DEFAULT IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_BE_NORM)
711 ++#define IOPRIO_DEFAULT IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, 0)
712 +
713 + /*
714 + * Check that a priority value has a valid class.
715 +diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h
716 +index a77b915d36a8e..8323ac5b7eee5 100644
717 +--- a/tools/arch/x86/include/asm/cpufeatures.h
718 ++++ b/tools/arch/x86/include/asm/cpufeatures.h
719 +@@ -303,6 +303,7 @@
720 + #define X86_FEATURE_RETHUNK (11*32+14) /* "" Use REturn THUNK */
721 + #define X86_FEATURE_UNRET (11*32+15) /* "" AMD BTB untrain return */
722 + #define X86_FEATURE_USE_IBPB_FW (11*32+16) /* "" Use IBPB during runtime firmware calls */
723 ++#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+17) /* "" Fill RSB on VM-Exit when EIBRS is enabled */
724 +
725 + /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
726 + #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */
727 +diff --git a/tools/arch/x86/include/asm/msr-index.h b/tools/arch/x86/include/asm/msr-index.h
728 +index cc615be27a54b..e057e039173cb 100644
729 +--- a/tools/arch/x86/include/asm/msr-index.h
730 ++++ b/tools/arch/x86/include/asm/msr-index.h
731 +@@ -150,6 +150,10 @@
732 + * are restricted to targets in
733 + * kernel.
734 + */
735 ++#define ARCH_CAP_PBRSB_NO BIT(24) /*
736 ++ * Not susceptible to Post-Barrier
737 ++ * Return Stack Buffer Predictions.
738 ++ */
739 +
740 + #define MSR_IA32_FLUSH_CMD 0x0000010b
741 + #define L1D_FLUSH BIT(0) /*
742 +diff --git a/tools/vm/slabinfo.c b/tools/vm/slabinfo.c
743 +index 9b68658b6bb85..5b98f3ee58a58 100644
744 +--- a/tools/vm/slabinfo.c
745 ++++ b/tools/vm/slabinfo.c
746 +@@ -233,6 +233,24 @@ static unsigned long read_slab_obj(struct slabinfo *s, const char *name)
747 + return l;
748 + }
749 +
750 ++static unsigned long read_debug_slab_obj(struct slabinfo *s, const char *name)
751 ++{
752 ++ char x[128];
753 ++ FILE *f;
754 ++ size_t l;
755 ++
756 ++ snprintf(x, 128, "/sys/kernel/debug/slab/%s/%s", s->name, name);
757 ++ f = fopen(x, "r");
758 ++ if (!f) {
759 ++ buffer[0] = 0;
760 ++ l = 0;
761 ++ } else {
762 ++ l = fread(buffer, 1, sizeof(buffer), f);
763 ++ buffer[l] = 0;
764 ++ fclose(f);
765 ++ }
766 ++ return l;
767 ++}
768 +
769 + /*
770 + * Put a size string together
771 +@@ -409,14 +427,18 @@ static void show_tracking(struct slabinfo *s)
772 + {
773 + printf("\n%s: Kernel object allocation\n", s->name);
774 + printf("-----------------------------------------------------------------------\n");
775 +- if (read_slab_obj(s, "alloc_calls"))
776 ++ if (read_debug_slab_obj(s, "alloc_traces"))
777 ++ printf("%s", buffer);
778 ++ else if (read_slab_obj(s, "alloc_calls"))
779 + printf("%s", buffer);
780 + else
781 + printf("No Data\n");
782 +
783 + printf("\n%s: Kernel object freeing\n", s->name);
784 + printf("------------------------------------------------------------------------\n");
785 +- if (read_slab_obj(s, "free_calls"))
786 ++ if (read_debug_slab_obj(s, "free_traces"))
787 ++ printf("%s", buffer);
788 ++ else if (read_slab_obj(s, "free_calls"))
789 + printf("%s", buffer);
790 + else
791 + printf("No Data\n");
Report Message
Find on MARC Find on Google Groups