1 |
commit: 1e4d06678c3d3c6bef6c60ef5d05ec227fc8d26d |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 10 11:43:09 2018 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 10 11:43:09 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=1e4d0667 |
7 |
|
8 |
Linux patch 4.14.13 |
9 |
|
10 |
0000_README | 4 + |
11 |
1012_linux-4.14.13.patch | 1518 ++++++++++++++++++++++++++++++++++++++++++++++ |
12 |
2 files changed, 1522 insertions(+) |
13 |
|
14 |
diff --git a/0000_README b/0000_README |
15 |
index af8a1d1..1abd05e 100644 |
16 |
--- a/0000_README |
17 |
+++ b/0000_README |
18 |
@@ -91,6 +91,10 @@ Patch: 1011_linux-4.14.12.patch |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 4.14.12 |
21 |
|
22 |
+Patch: 1012_linux-4.14.13.patch |
23 |
+From: http://www.kernel.org |
24 |
+Desc: Linux 4.14.13 |
25 |
+ |
26 |
Patch: 1500_XATTR_USER_PREFIX.patch |
27 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
28 |
Desc: Support for namespace user.pax.* on tmpfs. |
29 |
|
30 |
diff --git a/1012_linux-4.14.13.patch b/1012_linux-4.14.13.patch |
31 |
new file mode 100644 |
32 |
index 0000000..faee46a |
33 |
--- /dev/null |
34 |
+++ b/1012_linux-4.14.13.patch |
35 |
@@ -0,0 +1,1518 @@ |
36 |
+diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt |
37 |
+index ad41b3813f0a..ea91cb61a602 100644 |
38 |
+--- a/Documentation/x86/x86_64/mm.txt |
39 |
++++ b/Documentation/x86/x86_64/mm.txt |
40 |
+@@ -12,8 +12,9 @@ ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) |
41 |
+ ... unused hole ... |
42 |
+ ffffec0000000000 - fffffbffffffffff (=44 bits) kasan shadow memory (16TB) |
43 |
+ ... unused hole ... |
44 |
+-fffffe0000000000 - fffffe7fffffffff (=39 bits) LDT remap for PTI |
45 |
+-fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping |
46 |
++ vaddr_end for KASLR |
47 |
++fffffe0000000000 - fffffe7fffffffff (=39 bits) cpu_entry_area mapping |
48 |
++fffffe8000000000 - fffffeffffffffff (=39 bits) LDT remap for PTI |
49 |
+ ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks |
50 |
+ ... unused hole ... |
51 |
+ ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space |
52 |
+@@ -37,13 +38,15 @@ ffd4000000000000 - ffd5ffffffffffff (=49 bits) virtual memory map (512TB) |
53 |
+ ... unused hole ... |
54 |
+ ffdf000000000000 - fffffc0000000000 (=53 bits) kasan shadow memory (8PB) |
55 |
+ ... unused hole ... |
56 |
+-fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping |
57 |
++ vaddr_end for KASLR |
58 |
++fffffe0000000000 - fffffe7fffffffff (=39 bits) cpu_entry_area mapping |
59 |
++... unused hole ... |
60 |
+ ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks |
61 |
+ ... unused hole ... |
62 |
+ ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space |
63 |
+ ... unused hole ... |
64 |
+ ffffffff80000000 - ffffffff9fffffff (=512 MB) kernel text mapping, from phys 0 |
65 |
+-ffffffffa0000000 - [fixmap start] (~1526 MB) module mapping space |
66 |
++ffffffffa0000000 - fffffffffeffffff (1520 MB) module mapping space |
67 |
+ [fixmap start] - ffffffffff5fffff kernel-internal fixmap range |
68 |
+ ffffffffff600000 - ffffffffff600fff (=4 kB) legacy vsyscall ABI |
69 |
+ ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole |
70 |
+@@ -67,9 +70,10 @@ memory window (this size is arbitrary, it can be raised later if needed). |
71 |
+ The mappings are not part of any other kernel PGD and are only available |
72 |
+ during EFI runtime calls. |
73 |
+ |
74 |
+-The module mapping space size changes based on the CONFIG requirements for the |
75 |
+-following fixmap section. |
76 |
+- |
77 |
+ Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all |
78 |
+ physical memory, vmalloc/ioremap space and virtual memory map are randomized. |
79 |
+ Their order is preserved but their base will be offset early at boot time. |
80 |
++ |
81 |
++Be very careful vs. KASLR when changing anything here. The KASLR address |
82 |
++range must not overlap with anything except the KASAN shadow area, which is |
83 |
++correct as KASAN disables KASLR. |
84 |
+diff --git a/Makefile b/Makefile |
85 |
+index 20f7d4de0f1c..a67c5179052a 100644 |
86 |
+--- a/Makefile |
87 |
++++ b/Makefile |
88 |
+@@ -1,7 +1,7 @@ |
89 |
+ # SPDX-License-Identifier: GPL-2.0 |
90 |
+ VERSION = 4 |
91 |
+ PATCHLEVEL = 14 |
92 |
+-SUBLEVEL = 12 |
93 |
++SUBLEVEL = 13 |
94 |
+ EXTRAVERSION = |
95 |
+ NAME = Petit Gorille |
96 |
+ |
97 |
+diff --git a/arch/arc/include/asm/uaccess.h b/arch/arc/include/asm/uaccess.h |
98 |
+index f35974ee7264..c9173c02081c 100644 |
99 |
+--- a/arch/arc/include/asm/uaccess.h |
100 |
++++ b/arch/arc/include/asm/uaccess.h |
101 |
+@@ -668,6 +668,7 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count) |
102 |
+ return 0; |
103 |
+ |
104 |
+ __asm__ __volatile__( |
105 |
++ " mov lp_count, %5 \n" |
106 |
+ " lp 3f \n" |
107 |
+ "1: ldb.ab %3, [%2, 1] \n" |
108 |
+ " breq.d %3, 0, 3f \n" |
109 |
+@@ -684,8 +685,8 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count) |
110 |
+ " .word 1b, 4b \n" |
111 |
+ " .previous \n" |
112 |
+ : "+r"(res), "+r"(dst), "+r"(src), "=r"(val) |
113 |
+- : "g"(-EFAULT), "l"(count) |
114 |
+- : "memory"); |
115 |
++ : "g"(-EFAULT), "r"(count) |
116 |
++ : "lp_count", "lp_start", "lp_end", "memory"); |
117 |
+ |
118 |
+ return res; |
119 |
+ } |
120 |
+diff --git a/arch/parisc/include/asm/ldcw.h b/arch/parisc/include/asm/ldcw.h |
121 |
+index dd5a08aaa4da..3eb4bfc1fb36 100644 |
122 |
+--- a/arch/parisc/include/asm/ldcw.h |
123 |
++++ b/arch/parisc/include/asm/ldcw.h |
124 |
+@@ -12,6 +12,7 @@ |
125 |
+ for the semaphore. */ |
126 |
+ |
127 |
+ #define __PA_LDCW_ALIGNMENT 16 |
128 |
++#define __PA_LDCW_ALIGN_ORDER 4 |
129 |
+ #define __ldcw_align(a) ({ \ |
130 |
+ unsigned long __ret = (unsigned long) &(a)->lock[0]; \ |
131 |
+ __ret = (__ret + __PA_LDCW_ALIGNMENT - 1) \ |
132 |
+@@ -29,6 +30,7 @@ |
133 |
+ ldcd). */ |
134 |
+ |
135 |
+ #define __PA_LDCW_ALIGNMENT 4 |
136 |
++#define __PA_LDCW_ALIGN_ORDER 2 |
137 |
+ #define __ldcw_align(a) (&(a)->slock) |
138 |
+ #define __LDCW "ldcw,co" |
139 |
+ |
140 |
+diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S |
141 |
+index f3cecf5117cf..e95207c0565e 100644 |
142 |
+--- a/arch/parisc/kernel/entry.S |
143 |
++++ b/arch/parisc/kernel/entry.S |
144 |
+@@ -35,6 +35,7 @@ |
145 |
+ #include <asm/pgtable.h> |
146 |
+ #include <asm/signal.h> |
147 |
+ #include <asm/unistd.h> |
148 |
++#include <asm/ldcw.h> |
149 |
+ #include <asm/thread_info.h> |
150 |
+ |
151 |
+ #include <linux/linkage.h> |
152 |
+@@ -46,6 +47,14 @@ |
153 |
+ #endif |
154 |
+ |
155 |
+ .import pa_tlb_lock,data |
156 |
++ .macro load_pa_tlb_lock reg |
157 |
++#if __PA_LDCW_ALIGNMENT > 4 |
158 |
++ load32 PA(pa_tlb_lock) + __PA_LDCW_ALIGNMENT-1, \reg |
159 |
++ depi 0,31,__PA_LDCW_ALIGN_ORDER, \reg |
160 |
++#else |
161 |
++ load32 PA(pa_tlb_lock), \reg |
162 |
++#endif |
163 |
++ .endm |
164 |
+ |
165 |
+ /* space_to_prot macro creates a prot id from a space id */ |
166 |
+ |
167 |
+@@ -457,7 +466,7 @@ |
168 |
+ .macro tlb_lock spc,ptp,pte,tmp,tmp1,fault |
169 |
+ #ifdef CONFIG_SMP |
170 |
+ cmpib,COND(=),n 0,\spc,2f |
171 |
+- load32 PA(pa_tlb_lock),\tmp |
172 |
++ load_pa_tlb_lock \tmp |
173 |
+ 1: LDCW 0(\tmp),\tmp1 |
174 |
+ cmpib,COND(=) 0,\tmp1,1b |
175 |
+ nop |
176 |
+@@ -480,7 +489,7 @@ |
177 |
+ /* Release pa_tlb_lock lock. */ |
178 |
+ .macro tlb_unlock1 spc,tmp |
179 |
+ #ifdef CONFIG_SMP |
180 |
+- load32 PA(pa_tlb_lock),\tmp |
181 |
++ load_pa_tlb_lock \tmp |
182 |
+ tlb_unlock0 \spc,\tmp |
183 |
+ #endif |
184 |
+ .endm |
185 |
+diff --git a/arch/parisc/kernel/pacache.S b/arch/parisc/kernel/pacache.S |
186 |
+index adf7187f8951..2d40c4ff3f69 100644 |
187 |
+--- a/arch/parisc/kernel/pacache.S |
188 |
++++ b/arch/parisc/kernel/pacache.S |
189 |
+@@ -36,6 +36,7 @@ |
190 |
+ #include <asm/assembly.h> |
191 |
+ #include <asm/pgtable.h> |
192 |
+ #include <asm/cache.h> |
193 |
++#include <asm/ldcw.h> |
194 |
+ #include <linux/linkage.h> |
195 |
+ |
196 |
+ .text |
197 |
+@@ -333,8 +334,12 @@ ENDPROC_CFI(flush_data_cache_local) |
198 |
+ |
199 |
+ .macro tlb_lock la,flags,tmp |
200 |
+ #ifdef CONFIG_SMP |
201 |
+- ldil L%pa_tlb_lock,%r1 |
202 |
+- ldo R%pa_tlb_lock(%r1),\la |
203 |
++#if __PA_LDCW_ALIGNMENT > 4 |
204 |
++ load32 pa_tlb_lock + __PA_LDCW_ALIGNMENT-1, \la |
205 |
++ depi 0,31,__PA_LDCW_ALIGN_ORDER, \la |
206 |
++#else |
207 |
++ load32 pa_tlb_lock, \la |
208 |
++#endif |
209 |
+ rsm PSW_SM_I,\flags |
210 |
+ 1: LDCW 0(\la),\tmp |
211 |
+ cmpib,<>,n 0,\tmp,3f |
212 |
+diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c |
213 |
+index 30f92391a93e..cad3e8661cd6 100644 |
214 |
+--- a/arch/parisc/kernel/process.c |
215 |
++++ b/arch/parisc/kernel/process.c |
216 |
+@@ -39,6 +39,7 @@ |
217 |
+ #include <linux/kernel.h> |
218 |
+ #include <linux/mm.h> |
219 |
+ #include <linux/fs.h> |
220 |
++#include <linux/cpu.h> |
221 |
+ #include <linux/module.h> |
222 |
+ #include <linux/personality.h> |
223 |
+ #include <linux/ptrace.h> |
224 |
+@@ -183,6 +184,44 @@ int dump_task_fpu (struct task_struct *tsk, elf_fpregset_t *r) |
225 |
+ return 1; |
226 |
+ } |
227 |
+ |
228 |
++/* |
229 |
++ * Idle thread support |
230 |
++ * |
231 |
++ * Detect when running on QEMU with SeaBIOS PDC Firmware and let |
232 |
++ * QEMU idle the host too. |
233 |
++ */ |
234 |
++ |
235 |
++int running_on_qemu __read_mostly; |
236 |
++ |
237 |
++void __cpuidle arch_cpu_idle_dead(void) |
238 |
++{ |
239 |
++ /* nop on real hardware, qemu will offline CPU. */ |
240 |
++ asm volatile("or %%r31,%%r31,%%r31\n":::); |
241 |
++} |
242 |
++ |
243 |
++void __cpuidle arch_cpu_idle(void) |
244 |
++{ |
245 |
++ local_irq_enable(); |
246 |
++ |
247 |
++ /* nop on real hardware, qemu will idle sleep. */ |
248 |
++ asm volatile("or %%r10,%%r10,%%r10\n":::); |
249 |
++} |
250 |
++ |
251 |
++static int __init parisc_idle_init(void) |
252 |
++{ |
253 |
++ const char *marker; |
254 |
++ |
255 |
++ /* check QEMU/SeaBIOS marker in PAGE0 */ |
256 |
++ marker = (char *) &PAGE0->pad0; |
257 |
++ running_on_qemu = (memcmp(marker, "SeaBIOS", 8) == 0); |
258 |
++ |
259 |
++ if (!running_on_qemu) |
260 |
++ cpu_idle_poll_ctrl(1); |
261 |
++ |
262 |
++ return 0; |
263 |
++} |
264 |
++arch_initcall(parisc_idle_init); |
265 |
++ |
266 |
+ /* |
267 |
+ * Copy architecture-specific thread state |
268 |
+ */ |
269 |
+diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c |
270 |
+index 4797d08581ce..6e1e39035380 100644 |
271 |
+--- a/arch/powerpc/mm/fault.c |
272 |
++++ b/arch/powerpc/mm/fault.c |
273 |
+@@ -145,6 +145,11 @@ static noinline int bad_area(struct pt_regs *regs, unsigned long address) |
274 |
+ return __bad_area(regs, address, SEGV_MAPERR); |
275 |
+ } |
276 |
+ |
277 |
++static noinline int bad_access(struct pt_regs *regs, unsigned long address) |
278 |
++{ |
279 |
++ return __bad_area(regs, address, SEGV_ACCERR); |
280 |
++} |
281 |
++ |
282 |
+ static int do_sigbus(struct pt_regs *regs, unsigned long address, |
283 |
+ unsigned int fault) |
284 |
+ { |
285 |
+@@ -490,7 +495,7 @@ static int __do_page_fault(struct pt_regs *regs, unsigned long address, |
286 |
+ |
287 |
+ good_area: |
288 |
+ if (unlikely(access_error(is_write, is_exec, vma))) |
289 |
+- return bad_area(regs, address); |
290 |
++ return bad_access(regs, address); |
291 |
+ |
292 |
+ /* |
293 |
+ * If for any reason at all we couldn't handle the fault, |
294 |
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c |
295 |
+index 40d0a1a97889..b87a930c2201 100644 |
296 |
+--- a/arch/s390/kvm/kvm-s390.c |
297 |
++++ b/arch/s390/kvm/kvm-s390.c |
298 |
+@@ -794,11 +794,12 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm) |
299 |
+ |
300 |
+ if (kvm->arch.use_cmma) { |
301 |
+ /* |
302 |
+- * Get the last slot. They should be sorted by base_gfn, so the |
303 |
+- * last slot is also the one at the end of the address space. |
304 |
+- * We have verified above that at least one slot is present. |
305 |
++ * Get the first slot. They are reverse sorted by base_gfn, so |
306 |
++ * the first slot is also the one at the end of the address |
307 |
++ * space. We have verified above that at least one slot is |
308 |
++ * present. |
309 |
+ */ |
310 |
+- ms = slots->memslots + slots->used_slots - 1; |
311 |
++ ms = slots->memslots; |
312 |
+ /* round up so we only use full longs */ |
313 |
+ ram_pages = roundup(ms->base_gfn + ms->npages, BITS_PER_LONG); |
314 |
+ /* allocate enough bytes to store all the bits */ |
315 |
+diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c |
316 |
+index 5b25287f449b..7bd3a59232f0 100644 |
317 |
+--- a/arch/s390/kvm/priv.c |
318 |
++++ b/arch/s390/kvm/priv.c |
319 |
+@@ -1009,7 +1009,7 @@ static inline int do_essa(struct kvm_vcpu *vcpu, const int orc) |
320 |
+ cbrlo[entries] = gfn << PAGE_SHIFT; |
321 |
+ } |
322 |
+ |
323 |
+- if (orc) { |
324 |
++ if (orc && gfn < ms->bitmap_size) { |
325 |
+ /* increment only if we are really flipping the bit to 1 */ |
326 |
+ if (!test_and_set_bit(gfn, ms->pgste_bitmap)) |
327 |
+ atomic64_inc(&ms->dirty_pages); |
328 |
+diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c |
329 |
+index 8f0aace08b87..8156e47da7ba 100644 |
330 |
+--- a/arch/x86/events/intel/ds.c |
331 |
++++ b/arch/x86/events/intel/ds.c |
332 |
+@@ -5,6 +5,7 @@ |
333 |
+ |
334 |
+ #include <asm/cpu_entry_area.h> |
335 |
+ #include <asm/perf_event.h> |
336 |
++#include <asm/tlbflush.h> |
337 |
+ #include <asm/insn.h> |
338 |
+ |
339 |
+ #include "../perf_event.h" |
340 |
+@@ -283,20 +284,35 @@ static DEFINE_PER_CPU(void *, insn_buffer); |
341 |
+ |
342 |
+ static void ds_update_cea(void *cea, void *addr, size_t size, pgprot_t prot) |
343 |
+ { |
344 |
++ unsigned long start = (unsigned long)cea; |
345 |
+ phys_addr_t pa; |
346 |
+ size_t msz = 0; |
347 |
+ |
348 |
+ pa = virt_to_phys(addr); |
349 |
++ |
350 |
++ preempt_disable(); |
351 |
+ for (; msz < size; msz += PAGE_SIZE, pa += PAGE_SIZE, cea += PAGE_SIZE) |
352 |
+ cea_set_pte(cea, pa, prot); |
353 |
++ |
354 |
++ /* |
355 |
++ * This is a cross-CPU update of the cpu_entry_area, we must shoot down |
356 |
++ * all TLB entries for it. |
357 |
++ */ |
358 |
++ flush_tlb_kernel_range(start, start + size); |
359 |
++ preempt_enable(); |
360 |
+ } |
361 |
+ |
362 |
+ static void ds_clear_cea(void *cea, size_t size) |
363 |
+ { |
364 |
++ unsigned long start = (unsigned long)cea; |
365 |
+ size_t msz = 0; |
366 |
+ |
367 |
++ preempt_disable(); |
368 |
+ for (; msz < size; msz += PAGE_SIZE, cea += PAGE_SIZE) |
369 |
+ cea_set_pte(cea, 0, PAGE_NONE); |
370 |
++ |
371 |
++ flush_tlb_kernel_range(start, start + size); |
372 |
++ preempt_enable(); |
373 |
+ } |
374 |
+ |
375 |
+ static void *dsalloc_pages(size_t size, gfp_t flags, int cpu) |
376 |
+diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h |
377 |
+index dbfd0854651f..cf5961ca8677 100644 |
378 |
+--- a/arch/x86/include/asm/alternative.h |
379 |
++++ b/arch/x86/include/asm/alternative.h |
380 |
+@@ -140,7 +140,7 @@ static inline int alternatives_text_reserved(void *start, void *end) |
381 |
+ ".popsection\n" \ |
382 |
+ ".pushsection .altinstr_replacement, \"ax\"\n" \ |
383 |
+ ALTINSTR_REPLACEMENT(newinstr, feature, 1) \ |
384 |
+- ".popsection" |
385 |
++ ".popsection\n" |
386 |
+ |
387 |
+ #define ALTERNATIVE_2(oldinstr, newinstr1, feature1, newinstr2, feature2)\ |
388 |
+ OLDINSTR_2(oldinstr, 1, 2) \ |
389 |
+@@ -151,7 +151,7 @@ static inline int alternatives_text_reserved(void *start, void *end) |
390 |
+ ".pushsection .altinstr_replacement, \"ax\"\n" \ |
391 |
+ ALTINSTR_REPLACEMENT(newinstr1, feature1, 1) \ |
392 |
+ ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \ |
393 |
+- ".popsection" |
394 |
++ ".popsection\n" |
395 |
+ |
396 |
+ /* |
397 |
+ * Alternative instructions for different CPU types or capabilities. |
398 |
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
399 |
+index 07cdd1715705..21ac898df2d8 100644 |
400 |
+--- a/arch/x86/include/asm/cpufeatures.h |
401 |
++++ b/arch/x86/include/asm/cpufeatures.h |
402 |
+@@ -341,6 +341,6 @@ |
403 |
+ #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ |
404 |
+ #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ |
405 |
+ #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ |
406 |
+-#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ |
407 |
++#define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ |
408 |
+ |
409 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |
410 |
+diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h |
411 |
+index b97a539bcdee..6b8f73dcbc2c 100644 |
412 |
+--- a/arch/x86/include/asm/pgtable_64_types.h |
413 |
++++ b/arch/x86/include/asm/pgtable_64_types.h |
414 |
+@@ -75,7 +75,13 @@ typedef struct { pteval_t pte; } pte_t; |
415 |
+ #define PGDIR_SIZE (_AC(1, UL) << PGDIR_SHIFT) |
416 |
+ #define PGDIR_MASK (~(PGDIR_SIZE - 1)) |
417 |
+ |
418 |
+-/* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */ |
419 |
++/* |
420 |
++ * See Documentation/x86/x86_64/mm.txt for a description of the memory map. |
421 |
++ * |
422 |
++ * Be very careful vs. KASLR when changing anything here. The KASLR address |
423 |
++ * range must not overlap with anything except the KASAN shadow area, which |
424 |
++ * is correct as KASAN disables KASLR. |
425 |
++ */ |
426 |
+ #define MAXMEM _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL) |
427 |
+ |
428 |
+ #ifdef CONFIG_X86_5LEVEL |
429 |
+@@ -88,7 +94,7 @@ typedef struct { pteval_t pte; } pte_t; |
430 |
+ # define VMALLOC_SIZE_TB _AC(32, UL) |
431 |
+ # define __VMALLOC_BASE _AC(0xffffc90000000000, UL) |
432 |
+ # define __VMEMMAP_BASE _AC(0xffffea0000000000, UL) |
433 |
+-# define LDT_PGD_ENTRY _AC(-4, UL) |
434 |
++# define LDT_PGD_ENTRY _AC(-3, UL) |
435 |
+ # define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) |
436 |
+ #endif |
437 |
+ |
438 |
+@@ -104,13 +110,13 @@ typedef struct { pteval_t pte; } pte_t; |
439 |
+ |
440 |
+ #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) |
441 |
+ /* The module sections ends with the start of the fixmap */ |
442 |
+-#define MODULES_END __fix_to_virt(__end_of_fixed_addresses + 1) |
443 |
++#define MODULES_END _AC(0xffffffffff000000, UL) |
444 |
+ #define MODULES_LEN (MODULES_END - MODULES_VADDR) |
445 |
+ |
446 |
+ #define ESPFIX_PGD_ENTRY _AC(-2, UL) |
447 |
+ #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << P4D_SHIFT) |
448 |
+ |
449 |
+-#define CPU_ENTRY_AREA_PGD _AC(-3, UL) |
450 |
++#define CPU_ENTRY_AREA_PGD _AC(-4, UL) |
451 |
+ #define CPU_ENTRY_AREA_BASE (CPU_ENTRY_AREA_PGD << P4D_SHIFT) |
452 |
+ |
453 |
+ #define EFI_VA_START ( -4 * (_AC(1, UL) << 30)) |
454 |
+diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile |
455 |
+index 90cb82dbba57..570e8bb1f386 100644 |
456 |
+--- a/arch/x86/kernel/cpu/Makefile |
457 |
++++ b/arch/x86/kernel/cpu/Makefile |
458 |
+@@ -22,7 +22,7 @@ obj-y += common.o |
459 |
+ obj-y += rdrand.o |
460 |
+ obj-y += match.o |
461 |
+ obj-y += bugs.o |
462 |
+-obj-$(CONFIG_CPU_FREQ) += aperfmperf.o |
463 |
++obj-y += aperfmperf.o |
464 |
+ obj-y += cpuid-deps.o |
465 |
+ |
466 |
+ obj-$(CONFIG_PROC_FS) += proc.o |
467 |
+diff --git a/arch/x86/kernel/cpu/aperfmperf.c b/arch/x86/kernel/cpu/aperfmperf.c |
468 |
+index 0ee83321a313..7eba34df54c3 100644 |
469 |
+--- a/arch/x86/kernel/cpu/aperfmperf.c |
470 |
++++ b/arch/x86/kernel/cpu/aperfmperf.c |
471 |
+@@ -14,6 +14,8 @@ |
472 |
+ #include <linux/percpu.h> |
473 |
+ #include <linux/smp.h> |
474 |
+ |
475 |
++#include "cpu.h" |
476 |
++ |
477 |
+ struct aperfmperf_sample { |
478 |
+ unsigned int khz; |
479 |
+ ktime_t time; |
480 |
+@@ -24,7 +26,7 @@ struct aperfmperf_sample { |
481 |
+ static DEFINE_PER_CPU(struct aperfmperf_sample, samples); |
482 |
+ |
483 |
+ #define APERFMPERF_CACHE_THRESHOLD_MS 10 |
484 |
+-#define APERFMPERF_REFRESH_DELAY_MS 20 |
485 |
++#define APERFMPERF_REFRESH_DELAY_MS 10 |
486 |
+ #define APERFMPERF_STALE_THRESHOLD_MS 1000 |
487 |
+ |
488 |
+ /* |
489 |
+@@ -38,14 +40,8 @@ static void aperfmperf_snapshot_khz(void *dummy) |
490 |
+ u64 aperf, aperf_delta; |
491 |
+ u64 mperf, mperf_delta; |
492 |
+ struct aperfmperf_sample *s = this_cpu_ptr(&samples); |
493 |
+- ktime_t now = ktime_get(); |
494 |
+- s64 time_delta = ktime_ms_delta(now, s->time); |
495 |
+ unsigned long flags; |
496 |
+ |
497 |
+- /* Don't bother re-computing within the cache threshold time. */ |
498 |
+- if (time_delta < APERFMPERF_CACHE_THRESHOLD_MS) |
499 |
+- return; |
500 |
+- |
501 |
+ local_irq_save(flags); |
502 |
+ rdmsrl(MSR_IA32_APERF, aperf); |
503 |
+ rdmsrl(MSR_IA32_MPERF, mperf); |
504 |
+@@ -61,31 +57,68 @@ static void aperfmperf_snapshot_khz(void *dummy) |
505 |
+ if (mperf_delta == 0) |
506 |
+ return; |
507 |
+ |
508 |
+- s->time = now; |
509 |
++ s->time = ktime_get(); |
510 |
+ s->aperf = aperf; |
511 |
+ s->mperf = mperf; |
512 |
++ s->khz = div64_u64((cpu_khz * aperf_delta), mperf_delta); |
513 |
++} |
514 |
+ |
515 |
+- /* If the previous iteration was too long ago, discard it. */ |
516 |
+- if (time_delta > APERFMPERF_STALE_THRESHOLD_MS) |
517 |
+- s->khz = 0; |
518 |
+- else |
519 |
+- s->khz = div64_u64((cpu_khz * aperf_delta), mperf_delta); |
520 |
++static bool aperfmperf_snapshot_cpu(int cpu, ktime_t now, bool wait) |
521 |
++{ |
522 |
++ s64 time_delta = ktime_ms_delta(now, per_cpu(samples.time, cpu)); |
523 |
++ |
524 |
++ /* Don't bother re-computing within the cache threshold time. */ |
525 |
++ if (time_delta < APERFMPERF_CACHE_THRESHOLD_MS) |
526 |
++ return true; |
527 |
++ |
528 |
++ smp_call_function_single(cpu, aperfmperf_snapshot_khz, NULL, wait); |
529 |
++ |
530 |
++ /* Return false if the previous iteration was too long ago. */ |
531 |
++ return time_delta <= APERFMPERF_STALE_THRESHOLD_MS; |
532 |
+ } |
533 |
+ |
534 |
+-unsigned int arch_freq_get_on_cpu(int cpu) |
535 |
++unsigned int aperfmperf_get_khz(int cpu) |
536 |
+ { |
537 |
+- unsigned int khz; |
538 |
++ if (!cpu_khz) |
539 |
++ return 0; |
540 |
++ |
541 |
++ if (!static_cpu_has(X86_FEATURE_APERFMPERF)) |
542 |
++ return 0; |
543 |
+ |
544 |
++ aperfmperf_snapshot_cpu(cpu, ktime_get(), true); |
545 |
++ return per_cpu(samples.khz, cpu); |
546 |
++} |
547 |
++ |
548 |
++void arch_freq_prepare_all(void) |
549 |
++{ |
550 |
++ ktime_t now = ktime_get(); |
551 |
++ bool wait = false; |
552 |
++ int cpu; |
553 |
++ |
554 |
++ if (!cpu_khz) |
555 |
++ return; |
556 |
++ |
557 |
++ if (!static_cpu_has(X86_FEATURE_APERFMPERF)) |
558 |
++ return; |
559 |
++ |
560 |
++ for_each_online_cpu(cpu) |
561 |
++ if (!aperfmperf_snapshot_cpu(cpu, now, false)) |
562 |
++ wait = true; |
563 |
++ |
564 |
++ if (wait) |
565 |
++ msleep(APERFMPERF_REFRESH_DELAY_MS); |
566 |
++} |
567 |
++ |
568 |
++unsigned int arch_freq_get_on_cpu(int cpu) |
569 |
++{ |
570 |
+ if (!cpu_khz) |
571 |
+ return 0; |
572 |
+ |
573 |
+ if (!static_cpu_has(X86_FEATURE_APERFMPERF)) |
574 |
+ return 0; |
575 |
+ |
576 |
+- smp_call_function_single(cpu, aperfmperf_snapshot_khz, NULL, 1); |
577 |
+- khz = per_cpu(samples.khz, cpu); |
578 |
+- if (khz) |
579 |
+- return khz; |
580 |
++ if (aperfmperf_snapshot_cpu(cpu, ktime_get(), true)) |
581 |
++ return per_cpu(samples.khz, cpu); |
582 |
+ |
583 |
+ msleep(APERFMPERF_REFRESH_DELAY_MS); |
584 |
+ smp_call_function_single(cpu, aperfmperf_snapshot_khz, NULL, 1); |
585 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
586 |
+index b1be494ab4e8..2d3bd2215e5b 100644 |
587 |
+--- a/arch/x86/kernel/cpu/common.c |
588 |
++++ b/arch/x86/kernel/cpu/common.c |
589 |
+@@ -900,7 +900,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) |
590 |
+ setup_force_cpu_cap(X86_FEATURE_ALWAYS); |
591 |
+ |
592 |
+ if (c->x86_vendor != X86_VENDOR_AMD) |
593 |
+- setup_force_cpu_bug(X86_BUG_CPU_INSECURE); |
594 |
++ setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); |
595 |
+ |
596 |
+ fpu__init_system(c); |
597 |
+ |
598 |
+diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h |
599 |
+index f52a370b6c00..e806b11a99af 100644 |
600 |
+--- a/arch/x86/kernel/cpu/cpu.h |
601 |
++++ b/arch/x86/kernel/cpu/cpu.h |
602 |
+@@ -47,4 +47,7 @@ extern const struct cpu_dev *const __x86_cpu_dev_start[], |
603 |
+ |
604 |
+ extern void get_cpu_cap(struct cpuinfo_x86 *c); |
605 |
+ extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c); |
606 |
++ |
607 |
++unsigned int aperfmperf_get_khz(int cpu); |
608 |
++ |
609 |
+ #endif /* ARCH_X86_CPU_H */ |
610 |
+diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c |
611 |
+index c6daec4bdba5..330b8462d426 100644 |
612 |
+--- a/arch/x86/kernel/cpu/microcode/amd.c |
613 |
++++ b/arch/x86/kernel/cpu/microcode/amd.c |
614 |
+@@ -470,6 +470,7 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size, |
615 |
+ #define F14H_MPB_MAX_SIZE 1824 |
616 |
+ #define F15H_MPB_MAX_SIZE 4096 |
617 |
+ #define F16H_MPB_MAX_SIZE 3458 |
618 |
++#define F17H_MPB_MAX_SIZE 3200 |
619 |
+ |
620 |
+ switch (family) { |
621 |
+ case 0x14: |
622 |
+@@ -481,6 +482,9 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size, |
623 |
+ case 0x16: |
624 |
+ max_size = F16H_MPB_MAX_SIZE; |
625 |
+ break; |
626 |
++ case 0x17: |
627 |
++ max_size = F17H_MPB_MAX_SIZE; |
628 |
++ break; |
629 |
+ default: |
630 |
+ max_size = F1XH_MPB_MAX_SIZE; |
631 |
+ break; |
632 |
+diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c |
633 |
+index 6b7e17bf0b71..e7ecedafa1c8 100644 |
634 |
+--- a/arch/x86/kernel/cpu/proc.c |
635 |
++++ b/arch/x86/kernel/cpu/proc.c |
636 |
+@@ -5,6 +5,8 @@ |
637 |
+ #include <linux/seq_file.h> |
638 |
+ #include <linux/cpufreq.h> |
639 |
+ |
640 |
++#include "cpu.h" |
641 |
++ |
642 |
+ /* |
643 |
+ * Get CPU information for use by the procfs. |
644 |
+ */ |
645 |
+@@ -78,8 +80,10 @@ static int show_cpuinfo(struct seq_file *m, void *v) |
646 |
+ seq_printf(m, "microcode\t: 0x%x\n", c->microcode); |
647 |
+ |
648 |
+ if (cpu_has(c, X86_FEATURE_TSC)) { |
649 |
+- unsigned int freq = cpufreq_quick_get(cpu); |
650 |
++ unsigned int freq = aperfmperf_get_khz(cpu); |
651 |
+ |
652 |
++ if (!freq) |
653 |
++ freq = cpufreq_quick_get(cpu); |
654 |
+ if (!freq) |
655 |
+ freq = cpu_khz; |
656 |
+ seq_printf(m, "cpu MHz\t\t: %u.%03u\n", |
657 |
+diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c |
658 |
+index f56902c1f04b..2a4849e92831 100644 |
659 |
+--- a/arch/x86/mm/dump_pagetables.c |
660 |
++++ b/arch/x86/mm/dump_pagetables.c |
661 |
+@@ -61,10 +61,10 @@ enum address_markers_idx { |
662 |
+ KASAN_SHADOW_START_NR, |
663 |
+ KASAN_SHADOW_END_NR, |
664 |
+ #endif |
665 |
++ CPU_ENTRY_AREA_NR, |
666 |
+ #if defined(CONFIG_MODIFY_LDT_SYSCALL) && !defined(CONFIG_X86_5LEVEL) |
667 |
+ LDT_NR, |
668 |
+ #endif |
669 |
+- CPU_ENTRY_AREA_NR, |
670 |
+ #ifdef CONFIG_X86_ESPFIX64 |
671 |
+ ESPFIX_START_NR, |
672 |
+ #endif |
673 |
+diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c |
674 |
+index 80259ad8c386..6b462a472a7b 100644 |
675 |
+--- a/arch/x86/mm/init.c |
676 |
++++ b/arch/x86/mm/init.c |
677 |
+@@ -870,7 +870,7 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) = { |
678 |
+ .next_asid = 1, |
679 |
+ .cr4 = ~0UL, /* fail hard if we screw up cr4 shadow initialization */ |
680 |
+ }; |
681 |
+-EXPORT_SYMBOL_GPL(cpu_tlbstate); |
682 |
++EXPORT_PER_CPU_SYMBOL(cpu_tlbstate); |
683 |
+ |
684 |
+ void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache) |
685 |
+ { |
686 |
+diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c |
687 |
+index 879ef930e2c2..aedebd2ebf1e 100644 |
688 |
+--- a/arch/x86/mm/kaslr.c |
689 |
++++ b/arch/x86/mm/kaslr.c |
690 |
+@@ -34,25 +34,14 @@ |
691 |
+ #define TB_SHIFT 40 |
692 |
+ |
693 |
+ /* |
694 |
+- * Virtual address start and end range for randomization. The end changes base |
695 |
+- * on configuration to have the highest amount of space for randomization. |
696 |
+- * It increases the possible random position for each randomized region. |
697 |
++ * Virtual address start and end range for randomization. |
698 |
+ * |
699 |
+- * You need to add an if/def entry if you introduce a new memory region |
700 |
+- * compatible with KASLR. Your entry must be in logical order with memory |
701 |
+- * layout. For example, ESPFIX is before EFI because its virtual address is |
702 |
+- * before. You also need to add a BUILD_BUG_ON() in kernel_randomize_memory() to |
703 |
+- * ensure that this order is correct and won't be changed. |
704 |
++ * The end address could depend on more configuration options to make the |
705 |
++ * highest amount of space for randomization available, but that's too hard |
706 |
++ * to keep straight and caused issues already. |
707 |
+ */ |
708 |
+ static const unsigned long vaddr_start = __PAGE_OFFSET_BASE; |
709 |
+- |
710 |
+-#if defined(CONFIG_X86_ESPFIX64) |
711 |
+-static const unsigned long vaddr_end = ESPFIX_BASE_ADDR; |
712 |
+-#elif defined(CONFIG_EFI) |
713 |
+-static const unsigned long vaddr_end = EFI_VA_END; |
714 |
+-#else |
715 |
+-static const unsigned long vaddr_end = __START_KERNEL_map; |
716 |
+-#endif |
717 |
++static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; |
718 |
+ |
719 |
+ /* Default values */ |
720 |
+ unsigned long page_offset_base = __PAGE_OFFSET_BASE; |
721 |
+@@ -101,15 +90,12 @@ void __init kernel_randomize_memory(void) |
722 |
+ unsigned long remain_entropy; |
723 |
+ |
724 |
+ /* |
725 |
+- * All these BUILD_BUG_ON checks ensures the memory layout is |
726 |
+- * consistent with the vaddr_start/vaddr_end variables. |
727 |
++ * These BUILD_BUG_ON checks ensure the memory layout is consistent |
728 |
++ * with the vaddr_start/vaddr_end variables. These checks are very |
729 |
++ * limited.... |
730 |
+ */ |
731 |
+ BUILD_BUG_ON(vaddr_start >= vaddr_end); |
732 |
+- BUILD_BUG_ON(IS_ENABLED(CONFIG_X86_ESPFIX64) && |
733 |
+- vaddr_end >= EFI_VA_END); |
734 |
+- BUILD_BUG_ON((IS_ENABLED(CONFIG_X86_ESPFIX64) || |
735 |
+- IS_ENABLED(CONFIG_EFI)) && |
736 |
+- vaddr_end >= __START_KERNEL_map); |
737 |
++ BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); |
738 |
+ BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); |
739 |
+ |
740 |
+ if (!kaslr_memory_enabled()) |
741 |
+diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c |
742 |
+index 2da28ba97508..43d4a4a29037 100644 |
743 |
+--- a/arch/x86/mm/pti.c |
744 |
++++ b/arch/x86/mm/pti.c |
745 |
+@@ -56,13 +56,13 @@ |
746 |
+ |
747 |
+ static void __init pti_print_if_insecure(const char *reason) |
748 |
+ { |
749 |
+- if (boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) |
750 |
++ if (boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) |
751 |
+ pr_info("%s\n", reason); |
752 |
+ } |
753 |
+ |
754 |
+ static void __init pti_print_if_secure(const char *reason) |
755 |
+ { |
756 |
+- if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) |
757 |
++ if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) |
758 |
+ pr_info("%s\n", reason); |
759 |
+ } |
760 |
+ |
761 |
+@@ -96,7 +96,7 @@ void __init pti_check_boottime_disable(void) |
762 |
+ } |
763 |
+ |
764 |
+ autosel: |
765 |
+- if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) |
766 |
++ if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) |
767 |
+ return; |
768 |
+ enable: |
769 |
+ setup_force_cpu_cap(X86_FEATURE_PTI); |
770 |
+diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c |
771 |
+index 8a99a2e96537..5b513ccffde4 100644 |
772 |
+--- a/arch/x86/platform/efi/quirks.c |
773 |
++++ b/arch/x86/platform/efi/quirks.c |
774 |
+@@ -592,7 +592,18 @@ static int qrk_capsule_setup_info(struct capsule_info *cap_info, void **pkbuff, |
775 |
+ /* |
776 |
+ * Update the first page pointer to skip over the CSH header. |
777 |
+ */ |
778 |
+- cap_info->pages[0] += csh->headersize; |
779 |
++ cap_info->phys[0] += csh->headersize; |
780 |
++ |
781 |
++ /* |
782 |
++ * cap_info->capsule should point at a virtual mapping of the entire |
783 |
++ * capsule, starting at the capsule header. Our image has the Quark |
784 |
++ * security header prepended, so we cannot rely on the default vmap() |
785 |
++ * mapping created by the generic capsule code. |
786 |
++ * Given that the Quark firmware does not appear to care about the |
787 |
++ * virtual mapping, let's just point cap_info->capsule at our copy |
788 |
++ * of the capsule header. |
789 |
++ */ |
790 |
++ cap_info->capsule = &cap_info->header; |
791 |
+ |
792 |
+ return 1; |
793 |
+ } |
794 |
+diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c |
795 |
+index db1bc3147bc4..600afa99941f 100644 |
796 |
+--- a/crypto/chacha20poly1305.c |
797 |
++++ b/crypto/chacha20poly1305.c |
798 |
+@@ -610,6 +610,11 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, |
799 |
+ algt->mask)); |
800 |
+ if (IS_ERR(poly)) |
801 |
+ return PTR_ERR(poly); |
802 |
++ poly_hash = __crypto_hash_alg_common(poly); |
803 |
++ |
804 |
++ err = -EINVAL; |
805 |
++ if (poly_hash->digestsize != POLY1305_DIGEST_SIZE) |
806 |
++ goto out_put_poly; |
807 |
+ |
808 |
+ err = -ENOMEM; |
809 |
+ inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); |
810 |
+@@ -618,7 +623,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, |
811 |
+ |
812 |
+ ctx = aead_instance_ctx(inst); |
813 |
+ ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize; |
814 |
+- poly_hash = __crypto_hash_alg_common(poly); |
815 |
+ err = crypto_init_ahash_spawn(&ctx->poly, poly_hash, |
816 |
+ aead_crypto_instance(inst)); |
817 |
+ if (err) |
818 |
+diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c |
819 |
+index ee9cfb99fe25..f8ec3d4ba4a8 100644 |
820 |
+--- a/crypto/pcrypt.c |
821 |
++++ b/crypto/pcrypt.c |
822 |
+@@ -254,6 +254,14 @@ static void pcrypt_aead_exit_tfm(struct crypto_aead *tfm) |
823 |
+ crypto_free_aead(ctx->child); |
824 |
+ } |
825 |
+ |
826 |
++static void pcrypt_free(struct aead_instance *inst) |
827 |
++{ |
828 |
++ struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst); |
829 |
++ |
830 |
++ crypto_drop_aead(&ctx->spawn); |
831 |
++ kfree(inst); |
832 |
++} |
833 |
++ |
834 |
+ static int pcrypt_init_instance(struct crypto_instance *inst, |
835 |
+ struct crypto_alg *alg) |
836 |
+ { |
837 |
+@@ -319,6 +327,8 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, |
838 |
+ inst->alg.encrypt = pcrypt_aead_encrypt; |
839 |
+ inst->alg.decrypt = pcrypt_aead_decrypt; |
840 |
+ |
841 |
++ inst->free = pcrypt_free; |
842 |
++ |
843 |
+ err = aead_register_instance(tmpl, inst); |
844 |
+ if (err) |
845 |
+ goto out_drop_aead; |
846 |
+@@ -349,14 +359,6 @@ static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb) |
847 |
+ return -EINVAL; |
848 |
+ } |
849 |
+ |
850 |
+-static void pcrypt_free(struct crypto_instance *inst) |
851 |
+-{ |
852 |
+- struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst); |
853 |
+- |
854 |
+- crypto_drop_aead(&ctx->spawn); |
855 |
+- kfree(inst); |
856 |
+-} |
857 |
+- |
858 |
+ static int pcrypt_cpumask_change_notify(struct notifier_block *self, |
859 |
+ unsigned long val, void *data) |
860 |
+ { |
861 |
+@@ -469,7 +471,6 @@ static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt) |
862 |
+ static struct crypto_template pcrypt_tmpl = { |
863 |
+ .name = "pcrypt", |
864 |
+ .create = pcrypt_create, |
865 |
+- .free = pcrypt_free, |
866 |
+ .module = THIS_MODULE, |
867 |
+ }; |
868 |
+ |
869 |
+diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c |
870 |
+index 328ca93781cf..1b76d9585902 100644 |
871 |
+--- a/drivers/bus/sunxi-rsb.c |
872 |
++++ b/drivers/bus/sunxi-rsb.c |
873 |
+@@ -178,6 +178,7 @@ static struct bus_type sunxi_rsb_bus = { |
874 |
+ .match = sunxi_rsb_device_match, |
875 |
+ .probe = sunxi_rsb_device_probe, |
876 |
+ .remove = sunxi_rsb_device_remove, |
877 |
++ .uevent = of_device_uevent_modalias, |
878 |
+ }; |
879 |
+ |
880 |
+ static void sunxi_rsb_dev_release(struct device *dev) |
881 |
+diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig |
882 |
+index 3e104f5aa0c2..b56b3f711d94 100644 |
883 |
+--- a/drivers/crypto/chelsio/Kconfig |
884 |
++++ b/drivers/crypto/chelsio/Kconfig |
885 |
+@@ -5,6 +5,7 @@ config CRYPTO_DEV_CHELSIO |
886 |
+ select CRYPTO_SHA256 |
887 |
+ select CRYPTO_SHA512 |
888 |
+ select CRYPTO_AUTHENC |
889 |
++ select CRYPTO_GF128MUL |
890 |
+ ---help--- |
891 |
+ The Chelsio Crypto Co-processor driver for T6 adapters. |
892 |
+ |
893 |
+diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c |
894 |
+index a9fd8b9e86cd..699ee5a9a8f9 100644 |
895 |
+--- a/drivers/crypto/n2_core.c |
896 |
++++ b/drivers/crypto/n2_core.c |
897 |
+@@ -1625,6 +1625,7 @@ static int queue_cache_init(void) |
898 |
+ CWQ_ENTRY_SIZE, 0, NULL); |
899 |
+ if (!queue_cache[HV_NCS_QTYPE_CWQ - 1]) { |
900 |
+ kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]); |
901 |
++ queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL; |
902 |
+ return -ENOMEM; |
903 |
+ } |
904 |
+ return 0; |
905 |
+@@ -1634,6 +1635,8 @@ static void queue_cache_destroy(void) |
906 |
+ { |
907 |
+ kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]); |
908 |
+ kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_CWQ - 1]); |
909 |
++ queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL; |
910 |
++ queue_cache[HV_NCS_QTYPE_CWQ - 1] = NULL; |
911 |
+ } |
912 |
+ |
913 |
+ static long spu_queue_register_workfn(void *arg) |
914 |
+diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c |
915 |
+index ec8ac5c4dd84..055e2e8f985a 100644 |
916 |
+--- a/drivers/firmware/efi/capsule-loader.c |
917 |
++++ b/drivers/firmware/efi/capsule-loader.c |
918 |
+@@ -20,10 +20,6 @@ |
919 |
+ |
920 |
+ #define NO_FURTHER_WRITE_ACTION -1 |
921 |
+ |
922 |
+-#ifndef phys_to_page |
923 |
+-#define phys_to_page(x) pfn_to_page((x) >> PAGE_SHIFT) |
924 |
+-#endif |
925 |
+- |
926 |
+ /** |
927 |
+ * efi_free_all_buff_pages - free all previous allocated buffer pages |
928 |
+ * @cap_info: pointer to current instance of capsule_info structure |
929 |
+@@ -35,7 +31,7 @@ |
930 |
+ static void efi_free_all_buff_pages(struct capsule_info *cap_info) |
931 |
+ { |
932 |
+ while (cap_info->index > 0) |
933 |
+- __free_page(phys_to_page(cap_info->pages[--cap_info->index])); |
934 |
++ __free_page(cap_info->pages[--cap_info->index]); |
935 |
+ |
936 |
+ cap_info->index = NO_FURTHER_WRITE_ACTION; |
937 |
+ } |
938 |
+@@ -71,6 +67,14 @@ int __efi_capsule_setup_info(struct capsule_info *cap_info) |
939 |
+ |
940 |
+ cap_info->pages = temp_page; |
941 |
+ |
942 |
++ temp_page = krealloc(cap_info->phys, |
943 |
++ pages_needed * sizeof(phys_addr_t *), |
944 |
++ GFP_KERNEL | __GFP_ZERO); |
945 |
++ if (!temp_page) |
946 |
++ return -ENOMEM; |
947 |
++ |
948 |
++ cap_info->phys = temp_page; |
949 |
++ |
950 |
+ return 0; |
951 |
+ } |
952 |
+ |
953 |
+@@ -105,9 +109,24 @@ int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff, |
954 |
+ **/ |
955 |
+ static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) |
956 |
+ { |
957 |
++ bool do_vunmap = false; |
958 |
+ int ret; |
959 |
+ |
960 |
+- ret = efi_capsule_update(&cap_info->header, cap_info->pages); |
961 |
++ /* |
962 |
++ * cap_info->capsule may have been assigned already by a quirk |
963 |
++ * handler, so only overwrite it if it is NULL |
964 |
++ */ |
965 |
++ if (!cap_info->capsule) { |
966 |
++ cap_info->capsule = vmap(cap_info->pages, cap_info->index, |
967 |
++ VM_MAP, PAGE_KERNEL); |
968 |
++ if (!cap_info->capsule) |
969 |
++ return -ENOMEM; |
970 |
++ do_vunmap = true; |
971 |
++ } |
972 |
++ |
973 |
++ ret = efi_capsule_update(cap_info->capsule, cap_info->phys); |
974 |
++ if (do_vunmap) |
975 |
++ vunmap(cap_info->capsule); |
976 |
+ if (ret) { |
977 |
+ pr_err("capsule update failed\n"); |
978 |
+ return ret; |
979 |
+@@ -165,10 +184,12 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, |
980 |
+ goto failed; |
981 |
+ } |
982 |
+ |
983 |
+- cap_info->pages[cap_info->index++] = page_to_phys(page); |
984 |
++ cap_info->pages[cap_info->index] = page; |
985 |
++ cap_info->phys[cap_info->index] = page_to_phys(page); |
986 |
+ cap_info->page_bytes_remain = PAGE_SIZE; |
987 |
++ cap_info->index++; |
988 |
+ } else { |
989 |
+- page = phys_to_page(cap_info->pages[cap_info->index - 1]); |
990 |
++ page = cap_info->pages[cap_info->index - 1]; |
991 |
+ } |
992 |
+ |
993 |
+ kbuff = kmap(page); |
994 |
+@@ -252,6 +273,7 @@ static int efi_capsule_release(struct inode *inode, struct file *file) |
995 |
+ struct capsule_info *cap_info = file->private_data; |
996 |
+ |
997 |
+ kfree(cap_info->pages); |
998 |
++ kfree(cap_info->phys); |
999 |
+ kfree(file->private_data); |
1000 |
+ file->private_data = NULL; |
1001 |
+ return 0; |
1002 |
+@@ -281,6 +303,13 @@ static int efi_capsule_open(struct inode *inode, struct file *file) |
1003 |
+ return -ENOMEM; |
1004 |
+ } |
1005 |
+ |
1006 |
++ cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); |
1007 |
++ if (!cap_info->phys) { |
1008 |
++ kfree(cap_info->pages); |
1009 |
++ kfree(cap_info); |
1010 |
++ return -ENOMEM; |
1011 |
++ } |
1012 |
++ |
1013 |
+ file->private_data = cap_info; |
1014 |
+ |
1015 |
+ return 0; |
1016 |
+diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h |
1017 |
+index c9bcc6c45012..ce2ed16f2a30 100644 |
1018 |
+--- a/drivers/gpu/drm/i915/i915_reg.h |
1019 |
++++ b/drivers/gpu/drm/i915/i915_reg.h |
1020 |
+@@ -6944,6 +6944,7 @@ enum { |
1021 |
+ #define RESET_PCH_HANDSHAKE_ENABLE (1<<4) |
1022 |
+ |
1023 |
+ #define GEN8_CHICKEN_DCPR_1 _MMIO(0x46430) |
1024 |
++#define SKL_SELECT_ALTERNATE_DC_EXIT (1<<30) |
1025 |
+ #define MASK_WAKEMEM (1<<13) |
1026 |
+ |
1027 |
+ #define SKL_DFSM _MMIO(0x51000) |
1028 |
+@@ -8475,6 +8476,7 @@ enum skl_power_gate { |
1029 |
+ #define BXT_CDCLK_CD2X_DIV_SEL_2 (2<<22) |
1030 |
+ #define BXT_CDCLK_CD2X_DIV_SEL_4 (3<<22) |
1031 |
+ #define BXT_CDCLK_CD2X_PIPE(pipe) ((pipe)<<20) |
1032 |
++#define CDCLK_DIVMUX_CD_OVERRIDE (1<<19) |
1033 |
+ #define BXT_CDCLK_CD2X_PIPE_NONE BXT_CDCLK_CD2X_PIPE(3) |
1034 |
+ #define BXT_CDCLK_SSA_PRECHARGE_ENABLE (1<<16) |
1035 |
+ #define CDCLK_FREQ_DECIMAL_MASK (0x7ff) |
1036 |
+diff --git a/drivers/gpu/drm/i915/intel_cdclk.c b/drivers/gpu/drm/i915/intel_cdclk.c |
1037 |
+index 1241e5891b29..26a8dcd2c549 100644 |
1038 |
+--- a/drivers/gpu/drm/i915/intel_cdclk.c |
1039 |
++++ b/drivers/gpu/drm/i915/intel_cdclk.c |
1040 |
+@@ -859,16 +859,10 @@ static void skl_set_preferred_cdclk_vco(struct drm_i915_private *dev_priv, |
1041 |
+ |
1042 |
+ static void skl_dpll0_enable(struct drm_i915_private *dev_priv, int vco) |
1043 |
+ { |
1044 |
+- int min_cdclk = skl_calc_cdclk(0, vco); |
1045 |
+ u32 val; |
1046 |
+ |
1047 |
+ WARN_ON(vco != 8100000 && vco != 8640000); |
1048 |
+ |
1049 |
+- /* select the minimum CDCLK before enabling DPLL 0 */ |
1050 |
+- val = CDCLK_FREQ_337_308 | skl_cdclk_decimal(min_cdclk); |
1051 |
+- I915_WRITE(CDCLK_CTL, val); |
1052 |
+- POSTING_READ(CDCLK_CTL); |
1053 |
+- |
1054 |
+ /* |
1055 |
+ * We always enable DPLL0 with the lowest link rate possible, but still |
1056 |
+ * taking into account the VCO required to operate the eDP panel at the |
1057 |
+@@ -922,7 +916,7 @@ static void skl_set_cdclk(struct drm_i915_private *dev_priv, |
1058 |
+ { |
1059 |
+ int cdclk = cdclk_state->cdclk; |
1060 |
+ int vco = cdclk_state->vco; |
1061 |
+- u32 freq_select, pcu_ack; |
1062 |
++ u32 freq_select, pcu_ack, cdclk_ctl; |
1063 |
+ int ret; |
1064 |
+ |
1065 |
+ WARN_ON((cdclk == 24000) != (vco == 0)); |
1066 |
+@@ -939,7 +933,7 @@ static void skl_set_cdclk(struct drm_i915_private *dev_priv, |
1067 |
+ return; |
1068 |
+ } |
1069 |
+ |
1070 |
+- /* set CDCLK_CTL */ |
1071 |
++ /* Choose frequency for this cdclk */ |
1072 |
+ switch (cdclk) { |
1073 |
+ case 450000: |
1074 |
+ case 432000: |
1075 |
+@@ -967,10 +961,33 @@ static void skl_set_cdclk(struct drm_i915_private *dev_priv, |
1076 |
+ dev_priv->cdclk.hw.vco != vco) |
1077 |
+ skl_dpll0_disable(dev_priv); |
1078 |
+ |
1079 |
++ cdclk_ctl = I915_READ(CDCLK_CTL); |
1080 |
++ |
1081 |
++ if (dev_priv->cdclk.hw.vco != vco) { |
1082 |
++ /* Wa Display #1183: skl,kbl,cfl */ |
1083 |
++ cdclk_ctl &= ~(CDCLK_FREQ_SEL_MASK | CDCLK_FREQ_DECIMAL_MASK); |
1084 |
++ cdclk_ctl |= freq_select | skl_cdclk_decimal(cdclk); |
1085 |
++ I915_WRITE(CDCLK_CTL, cdclk_ctl); |
1086 |
++ } |
1087 |
++ |
1088 |
++ /* Wa Display #1183: skl,kbl,cfl */ |
1089 |
++ cdclk_ctl |= CDCLK_DIVMUX_CD_OVERRIDE; |
1090 |
++ I915_WRITE(CDCLK_CTL, cdclk_ctl); |
1091 |
++ POSTING_READ(CDCLK_CTL); |
1092 |
++ |
1093 |
+ if (dev_priv->cdclk.hw.vco != vco) |
1094 |
+ skl_dpll0_enable(dev_priv, vco); |
1095 |
+ |
1096 |
+- I915_WRITE(CDCLK_CTL, freq_select | skl_cdclk_decimal(cdclk)); |
1097 |
++ /* Wa Display #1183: skl,kbl,cfl */ |
1098 |
++ cdclk_ctl &= ~(CDCLK_FREQ_SEL_MASK | CDCLK_FREQ_DECIMAL_MASK); |
1099 |
++ I915_WRITE(CDCLK_CTL, cdclk_ctl); |
1100 |
++ |
1101 |
++ cdclk_ctl |= freq_select | skl_cdclk_decimal(cdclk); |
1102 |
++ I915_WRITE(CDCLK_CTL, cdclk_ctl); |
1103 |
++ |
1104 |
++ /* Wa Display #1183: skl,kbl,cfl */ |
1105 |
++ cdclk_ctl &= ~CDCLK_DIVMUX_CD_OVERRIDE; |
1106 |
++ I915_WRITE(CDCLK_CTL, cdclk_ctl); |
1107 |
+ POSTING_READ(CDCLK_CTL); |
1108 |
+ |
1109 |
+ /* inform PCU of the change */ |
1110 |
+diff --git a/drivers/gpu/drm/i915/intel_runtime_pm.c b/drivers/gpu/drm/i915/intel_runtime_pm.c |
1111 |
+index 49577eba8e7e..51cb5293bf43 100644 |
1112 |
+--- a/drivers/gpu/drm/i915/intel_runtime_pm.c |
1113 |
++++ b/drivers/gpu/drm/i915/intel_runtime_pm.c |
1114 |
+@@ -598,6 +598,11 @@ void gen9_enable_dc5(struct drm_i915_private *dev_priv) |
1115 |
+ |
1116 |
+ DRM_DEBUG_KMS("Enabling DC5\n"); |
1117 |
+ |
1118 |
++ /* Wa Display #1183: skl,kbl,cfl */ |
1119 |
++ if (IS_GEN9_BC(dev_priv)) |
1120 |
++ I915_WRITE(GEN8_CHICKEN_DCPR_1, I915_READ(GEN8_CHICKEN_DCPR_1) | |
1121 |
++ SKL_SELECT_ALTERNATE_DC_EXIT); |
1122 |
++ |
1123 |
+ gen9_set_dc_state(dev_priv, DC_STATE_EN_UPTO_DC5); |
1124 |
+ } |
1125 |
+ |
1126 |
+@@ -625,6 +630,11 @@ void skl_disable_dc6(struct drm_i915_private *dev_priv) |
1127 |
+ { |
1128 |
+ DRM_DEBUG_KMS("Disabling DC6\n"); |
1129 |
+ |
1130 |
++ /* Wa Display #1183: skl,kbl,cfl */ |
1131 |
++ if (IS_GEN9_BC(dev_priv)) |
1132 |
++ I915_WRITE(GEN8_CHICKEN_DCPR_1, I915_READ(GEN8_CHICKEN_DCPR_1) | |
1133 |
++ SKL_SELECT_ALTERNATE_DC_EXIT); |
1134 |
++ |
1135 |
+ gen9_set_dc_state(dev_priv, DC_STATE_DISABLE); |
1136 |
+ } |
1137 |
+ |
1138 |
+@@ -1786,6 +1796,7 @@ void intel_display_power_put(struct drm_i915_private *dev_priv, |
1139 |
+ GLK_DISPLAY_POWERWELL_2_POWER_DOMAINS | \ |
1140 |
+ BIT_ULL(POWER_DOMAIN_MODESET) | \ |
1141 |
+ BIT_ULL(POWER_DOMAIN_AUX_A) | \ |
1142 |
++ BIT_ULL(POWER_DOMAIN_GMBUS) | \ |
1143 |
+ BIT_ULL(POWER_DOMAIN_INIT)) |
1144 |
+ |
1145 |
+ #define CNL_DISPLAY_POWERWELL_2_POWER_DOMAINS ( \ |
1146 |
+diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c |
1147 |
+index b84cd978fce2..a4aaa748e987 100644 |
1148 |
+--- a/drivers/input/mouse/elantech.c |
1149 |
++++ b/drivers/input/mouse/elantech.c |
1150 |
+@@ -1613,7 +1613,7 @@ static int elantech_set_properties(struct elantech_data *etd) |
1151 |
+ case 5: |
1152 |
+ etd->hw_version = 3; |
1153 |
+ break; |
1154 |
+- case 6 ... 14: |
1155 |
++ case 6 ... 15: |
1156 |
+ etd->hw_version = 4; |
1157 |
+ break; |
1158 |
+ default: |
1159 |
+diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c |
1160 |
+index e67ba6c40faf..8f7a3c00b6cf 100644 |
1161 |
+--- a/drivers/iommu/arm-smmu-v3.c |
1162 |
++++ b/drivers/iommu/arm-smmu-v3.c |
1163 |
+@@ -1611,13 +1611,15 @@ static int arm_smmu_domain_finalise(struct iommu_domain *domain) |
1164 |
+ domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap; |
1165 |
+ domain->geometry.aperture_end = (1UL << ias) - 1; |
1166 |
+ domain->geometry.force_aperture = true; |
1167 |
+- smmu_domain->pgtbl_ops = pgtbl_ops; |
1168 |
+ |
1169 |
+ ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg); |
1170 |
+- if (ret < 0) |
1171 |
++ if (ret < 0) { |
1172 |
+ free_io_pgtable_ops(pgtbl_ops); |
1173 |
++ return ret; |
1174 |
++ } |
1175 |
+ |
1176 |
+- return ret; |
1177 |
++ smmu_domain->pgtbl_ops = pgtbl_ops; |
1178 |
++ return 0; |
1179 |
+ } |
1180 |
+ |
1181 |
+ static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid) |
1182 |
+@@ -1644,7 +1646,7 @@ static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid) |
1183 |
+ |
1184 |
+ static void arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec) |
1185 |
+ { |
1186 |
+- int i; |
1187 |
++ int i, j; |
1188 |
+ struct arm_smmu_master_data *master = fwspec->iommu_priv; |
1189 |
+ struct arm_smmu_device *smmu = master->smmu; |
1190 |
+ |
1191 |
+@@ -1652,6 +1654,13 @@ static void arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec) |
1192 |
+ u32 sid = fwspec->ids[i]; |
1193 |
+ __le64 *step = arm_smmu_get_step_for_sid(smmu, sid); |
1194 |
+ |
1195 |
++ /* Bridged PCI devices may end up with duplicated IDs */ |
1196 |
++ for (j = 0; j < i; j++) |
1197 |
++ if (fwspec->ids[j] == sid) |
1198 |
++ break; |
1199 |
++ if (j < i) |
1200 |
++ continue; |
1201 |
++ |
1202 |
+ arm_smmu_write_strtab_ent(smmu, sid, step, &master->ste); |
1203 |
+ } |
1204 |
+ } |
1205 |
+diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c |
1206 |
+index 85cff68643e0..125b744c9c28 100644 |
1207 |
+--- a/drivers/mtd/nand/pxa3xx_nand.c |
1208 |
++++ b/drivers/mtd/nand/pxa3xx_nand.c |
1209 |
+@@ -950,6 +950,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command) |
1210 |
+ |
1211 |
+ switch (command) { |
1212 |
+ case NAND_CMD_READ0: |
1213 |
++ case NAND_CMD_READOOB: |
1214 |
+ case NAND_CMD_PAGEPROG: |
1215 |
+ info->use_ecc = 1; |
1216 |
+ break; |
1217 |
+diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c |
1218 |
+index 19e4ad2f3f2e..0c4b690cf761 100644 |
1219 |
+--- a/fs/btrfs/delayed-inode.c |
1220 |
++++ b/fs/btrfs/delayed-inode.c |
1221 |
+@@ -87,6 +87,7 @@ static struct btrfs_delayed_node *btrfs_get_delayed_node( |
1222 |
+ |
1223 |
+ spin_lock(&root->inode_lock); |
1224 |
+ node = radix_tree_lookup(&root->delayed_nodes_tree, ino); |
1225 |
++ |
1226 |
+ if (node) { |
1227 |
+ if (btrfs_inode->delayed_node) { |
1228 |
+ refcount_inc(&node->refs); /* can be accessed */ |
1229 |
+@@ -94,9 +95,30 @@ static struct btrfs_delayed_node *btrfs_get_delayed_node( |
1230 |
+ spin_unlock(&root->inode_lock); |
1231 |
+ return node; |
1232 |
+ } |
1233 |
+- btrfs_inode->delayed_node = node; |
1234 |
+- /* can be accessed and cached in the inode */ |
1235 |
+- refcount_add(2, &node->refs); |
1236 |
++ |
1237 |
++ /* |
1238 |
++ * It's possible that we're racing into the middle of removing |
1239 |
++ * this node from the radix tree. In this case, the refcount |
1240 |
++ * was zero and it should never go back to one. Just return |
1241 |
++ * NULL like it was never in the radix at all; our release |
1242 |
++ * function is in the process of removing it. |
1243 |
++ * |
1244 |
++ * Some implementations of refcount_inc refuse to bump the |
1245 |
++ * refcount once it has hit zero. If we don't do this dance |
1246 |
++ * here, refcount_inc() may decide to just WARN_ONCE() instead |
1247 |
++ * of actually bumping the refcount. |
1248 |
++ * |
1249 |
++ * If this node is properly in the radix, we want to bump the |
1250 |
++ * refcount twice, once for the inode and once for this get |
1251 |
++ * operation. |
1252 |
++ */ |
1253 |
++ if (refcount_inc_not_zero(&node->refs)) { |
1254 |
++ refcount_inc(&node->refs); |
1255 |
++ btrfs_inode->delayed_node = node; |
1256 |
++ } else { |
1257 |
++ node = NULL; |
1258 |
++ } |
1259 |
++ |
1260 |
+ spin_unlock(&root->inode_lock); |
1261 |
+ return node; |
1262 |
+ } |
1263 |
+@@ -254,17 +276,18 @@ static void __btrfs_release_delayed_node( |
1264 |
+ mutex_unlock(&delayed_node->mutex); |
1265 |
+ |
1266 |
+ if (refcount_dec_and_test(&delayed_node->refs)) { |
1267 |
+- bool free = false; |
1268 |
+ struct btrfs_root *root = delayed_node->root; |
1269 |
++ |
1270 |
+ spin_lock(&root->inode_lock); |
1271 |
+- if (refcount_read(&delayed_node->refs) == 0) { |
1272 |
+- radix_tree_delete(&root->delayed_nodes_tree, |
1273 |
+- delayed_node->inode_id); |
1274 |
+- free = true; |
1275 |
+- } |
1276 |
++ /* |
1277 |
++ * Once our refcount goes to zero, nobody is allowed to bump it |
1278 |
++ * back up. We can delete it now. |
1279 |
++ */ |
1280 |
++ ASSERT(refcount_read(&delayed_node->refs) == 0); |
1281 |
++ radix_tree_delete(&root->delayed_nodes_tree, |
1282 |
++ delayed_node->inode_id); |
1283 |
+ spin_unlock(&root->inode_lock); |
1284 |
+- if (free) |
1285 |
+- kmem_cache_free(delayed_node_cache, delayed_node); |
1286 |
++ kmem_cache_free(delayed_node_cache, delayed_node); |
1287 |
+ } |
1288 |
+ } |
1289 |
+ |
1290 |
+diff --git a/fs/proc/cpuinfo.c b/fs/proc/cpuinfo.c |
1291 |
+index e0f867cd8553..96f1087e372c 100644 |
1292 |
+--- a/fs/proc/cpuinfo.c |
1293 |
++++ b/fs/proc/cpuinfo.c |
1294 |
+@@ -1,12 +1,18 @@ |
1295 |
+ // SPDX-License-Identifier: GPL-2.0 |
1296 |
++#include <linux/cpufreq.h> |
1297 |
+ #include <linux/fs.h> |
1298 |
+ #include <linux/init.h> |
1299 |
+ #include <linux/proc_fs.h> |
1300 |
+ #include <linux/seq_file.h> |
1301 |
+ |
1302 |
++__weak void arch_freq_prepare_all(void) |
1303 |
++{ |
1304 |
++} |
1305 |
++ |
1306 |
+ extern const struct seq_operations cpuinfo_op; |
1307 |
+ static int cpuinfo_open(struct inode *inode, struct file *file) |
1308 |
+ { |
1309 |
++ arch_freq_prepare_all(); |
1310 |
+ return seq_open(file, &cpuinfo_op); |
1311 |
+ } |
1312 |
+ |
1313 |
+diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c |
1314 |
+index 1c713fd5b3e6..5aa392eae1c3 100644 |
1315 |
+--- a/fs/userfaultfd.c |
1316 |
++++ b/fs/userfaultfd.c |
1317 |
+@@ -570,11 +570,14 @@ int handle_userfault(struct vm_fault *vmf, unsigned long reason) |
1318 |
+ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, |
1319 |
+ struct userfaultfd_wait_queue *ewq) |
1320 |
+ { |
1321 |
++ struct userfaultfd_ctx *release_new_ctx; |
1322 |
++ |
1323 |
+ if (WARN_ON_ONCE(current->flags & PF_EXITING)) |
1324 |
+ goto out; |
1325 |
+ |
1326 |
+ ewq->ctx = ctx; |
1327 |
+ init_waitqueue_entry(&ewq->wq, current); |
1328 |
++ release_new_ctx = NULL; |
1329 |
+ |
1330 |
+ spin_lock(&ctx->event_wqh.lock); |
1331 |
+ /* |
1332 |
+@@ -601,8 +604,7 @@ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, |
1333 |
+ new = (struct userfaultfd_ctx *) |
1334 |
+ (unsigned long) |
1335 |
+ ewq->msg.arg.reserved.reserved1; |
1336 |
+- |
1337 |
+- userfaultfd_ctx_put(new); |
1338 |
++ release_new_ctx = new; |
1339 |
+ } |
1340 |
+ break; |
1341 |
+ } |
1342 |
+@@ -617,6 +619,20 @@ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, |
1343 |
+ __set_current_state(TASK_RUNNING); |
1344 |
+ spin_unlock(&ctx->event_wqh.lock); |
1345 |
+ |
1346 |
++ if (release_new_ctx) { |
1347 |
++ struct vm_area_struct *vma; |
1348 |
++ struct mm_struct *mm = release_new_ctx->mm; |
1349 |
++ |
1350 |
++ /* the various vma->vm_userfaultfd_ctx still points to it */ |
1351 |
++ down_write(&mm->mmap_sem); |
1352 |
++ for (vma = mm->mmap; vma; vma = vma->vm_next) |
1353 |
++ if (vma->vm_userfaultfd_ctx.ctx == release_new_ctx) |
1354 |
++ vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; |
1355 |
++ up_write(&mm->mmap_sem); |
1356 |
++ |
1357 |
++ userfaultfd_ctx_put(release_new_ctx); |
1358 |
++ } |
1359 |
++ |
1360 |
+ /* |
1361 |
+ * ctx may go away after this if the userfault pseudo fd is |
1362 |
+ * already released. |
1363 |
+diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h |
1364 |
+index 537ff842ff73..cbf85c4c745f 100644 |
1365 |
+--- a/include/linux/cpufreq.h |
1366 |
++++ b/include/linux/cpufreq.h |
1367 |
+@@ -917,6 +917,7 @@ static inline bool policy_has_boost_freq(struct cpufreq_policy *policy) |
1368 |
+ } |
1369 |
+ #endif |
1370 |
+ |
1371 |
++extern void arch_freq_prepare_all(void); |
1372 |
+ extern unsigned int arch_freq_get_on_cpu(int cpu); |
1373 |
+ |
1374 |
+ /* the following are really really optional */ |
1375 |
+diff --git a/include/linux/efi.h b/include/linux/efi.h |
1376 |
+index d813f7b04da7..29fdf8029cf6 100644 |
1377 |
+--- a/include/linux/efi.h |
1378 |
++++ b/include/linux/efi.h |
1379 |
+@@ -140,11 +140,13 @@ struct efi_boot_memmap { |
1380 |
+ |
1381 |
+ struct capsule_info { |
1382 |
+ efi_capsule_header_t header; |
1383 |
++ efi_capsule_header_t *capsule; |
1384 |
+ int reset_type; |
1385 |
+ long index; |
1386 |
+ size_t count; |
1387 |
+ size_t total_size; |
1388 |
+- phys_addr_t *pages; |
1389 |
++ struct page **pages; |
1390 |
++ phys_addr_t *phys; |
1391 |
+ size_t page_bytes_remain; |
1392 |
+ }; |
1393 |
+ |
1394 |
+diff --git a/include/linux/fscache.h b/include/linux/fscache.h |
1395 |
+index f4ff47d4a893..fe0c349684fa 100644 |
1396 |
+--- a/include/linux/fscache.h |
1397 |
++++ b/include/linux/fscache.h |
1398 |
+@@ -755,7 +755,7 @@ bool fscache_maybe_release_page(struct fscache_cookie *cookie, |
1399 |
+ { |
1400 |
+ if (fscache_cookie_valid(cookie) && PageFsCache(page)) |
1401 |
+ return __fscache_maybe_release_page(cookie, page, gfp); |
1402 |
+- return false; |
1403 |
++ return true; |
1404 |
+ } |
1405 |
+ |
1406 |
+ /** |
1407 |
+diff --git a/kernel/acct.c b/kernel/acct.c |
1408 |
+index 6670fbd3e466..354578d253d5 100644 |
1409 |
+--- a/kernel/acct.c |
1410 |
++++ b/kernel/acct.c |
1411 |
+@@ -102,7 +102,7 @@ static int check_free_space(struct bsd_acct_struct *acct) |
1412 |
+ { |
1413 |
+ struct kstatfs sbuf; |
1414 |
+ |
1415 |
+- if (time_is_before_jiffies(acct->needcheck)) |
1416 |
++ if (time_is_after_jiffies(acct->needcheck)) |
1417 |
+ goto out; |
1418 |
+ |
1419 |
+ /* May block */ |
1420 |
+diff --git a/kernel/signal.c b/kernel/signal.c |
1421 |
+index 8dcd8825b2de..1facff1dbbae 100644 |
1422 |
+--- a/kernel/signal.c |
1423 |
++++ b/kernel/signal.c |
1424 |
+@@ -78,7 +78,7 @@ static int sig_task_ignored(struct task_struct *t, int sig, bool force) |
1425 |
+ handler = sig_handler(t, sig); |
1426 |
+ |
1427 |
+ if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) && |
1428 |
+- handler == SIG_DFL && !force) |
1429 |
++ handler == SIG_DFL && !(force && sig_kernel_only(sig))) |
1430 |
+ return 1; |
1431 |
+ |
1432 |
+ return sig_handler_ignored(handler, sig); |
1433 |
+@@ -94,13 +94,15 @@ static int sig_ignored(struct task_struct *t, int sig, bool force) |
1434 |
+ if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig)) |
1435 |
+ return 0; |
1436 |
+ |
1437 |
+- if (!sig_task_ignored(t, sig, force)) |
1438 |
+- return 0; |
1439 |
+- |
1440 |
+ /* |
1441 |
+- * Tracers may want to know about even ignored signals. |
1442 |
++ * Tracers may want to know about even ignored signal unless it |
1443 |
++ * is SIGKILL which can't be reported anyway but can be ignored |
1444 |
++ * by SIGNAL_UNKILLABLE task. |
1445 |
+ */ |
1446 |
+- return !t->ptrace; |
1447 |
++ if (t->ptrace && sig != SIGKILL) |
1448 |
++ return 0; |
1449 |
++ |
1450 |
++ return sig_task_ignored(t, sig, force); |
1451 |
+ } |
1452 |
+ |
1453 |
+ /* |
1454 |
+@@ -929,9 +931,9 @@ static void complete_signal(int sig, struct task_struct *p, int group) |
1455 |
+ * then start taking the whole group down immediately. |
1456 |
+ */ |
1457 |
+ if (sig_fatal(p, sig) && |
1458 |
+- !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) && |
1459 |
++ !(signal->flags & SIGNAL_GROUP_EXIT) && |
1460 |
+ !sigismember(&t->real_blocked, sig) && |
1461 |
+- (sig == SIGKILL || !t->ptrace)) { |
1462 |
++ (sig == SIGKILL || !p->ptrace)) { |
1463 |
+ /* |
1464 |
+ * This signal will be fatal to the whole group. |
1465 |
+ */ |
1466 |
+diff --git a/mm/mprotect.c b/mm/mprotect.c |
1467 |
+index ec39f730a0bf..58b629bb70de 100644 |
1468 |
+--- a/mm/mprotect.c |
1469 |
++++ b/mm/mprotect.c |
1470 |
+@@ -166,7 +166,7 @@ static inline unsigned long change_pmd_range(struct vm_area_struct *vma, |
1471 |
+ next = pmd_addr_end(addr, end); |
1472 |
+ if (!is_swap_pmd(*pmd) && !pmd_trans_huge(*pmd) && !pmd_devmap(*pmd) |
1473 |
+ && pmd_none_or_clear_bad(pmd)) |
1474 |
+- continue; |
1475 |
++ goto next; |
1476 |
+ |
1477 |
+ /* invoke the mmu notifier if the pmd is populated */ |
1478 |
+ if (!mni_start) { |
1479 |
+@@ -188,7 +188,7 @@ static inline unsigned long change_pmd_range(struct vm_area_struct *vma, |
1480 |
+ } |
1481 |
+ |
1482 |
+ /* huge pmd was handled */ |
1483 |
+- continue; |
1484 |
++ goto next; |
1485 |
+ } |
1486 |
+ } |
1487 |
+ /* fall through, the trans huge pmd just split */ |
1488 |
+@@ -196,6 +196,8 @@ static inline unsigned long change_pmd_range(struct vm_area_struct *vma, |
1489 |
+ this_pages = change_pte_range(vma, pmd, addr, next, newprot, |
1490 |
+ dirty_accountable, prot_numa); |
1491 |
+ pages += this_pages; |
1492 |
++next: |
1493 |
++ cond_resched(); |
1494 |
+ } while (pmd++, addr = next, addr != end); |
1495 |
+ |
1496 |
+ if (mni_start) |
1497 |
+diff --git a/mm/sparse.c b/mm/sparse.c |
1498 |
+index 60805abf98af..30e56a100ee8 100644 |
1499 |
+--- a/mm/sparse.c |
1500 |
++++ b/mm/sparse.c |
1501 |
+@@ -211,7 +211,7 @@ void __init memory_present(int nid, unsigned long start, unsigned long end) |
1502 |
+ if (unlikely(!mem_section)) { |
1503 |
+ unsigned long size, align; |
1504 |
+ |
1505 |
+- size = sizeof(struct mem_section) * NR_SECTION_ROOTS; |
1506 |
++ size = sizeof(struct mem_section*) * NR_SECTION_ROOTS; |
1507 |
+ align = 1 << (INTERNODE_CACHE_SHIFT); |
1508 |
+ mem_section = memblock_virt_alloc(size, align); |
1509 |
+ } |
1510 |
+diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c |
1511 |
+index 82a64b58041d..e395137ecff1 100644 |
1512 |
+--- a/security/apparmor/mount.c |
1513 |
++++ b/security/apparmor/mount.c |
1514 |
+@@ -330,6 +330,9 @@ static int match_mnt_path_str(struct aa_profile *profile, |
1515 |
+ AA_BUG(!mntpath); |
1516 |
+ AA_BUG(!buffer); |
1517 |
+ |
1518 |
++ if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) |
1519 |
++ return 0; |
1520 |
++ |
1521 |
+ error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer, |
1522 |
+ &mntpnt, &info, profile->disconnected); |
1523 |
+ if (error) |
1524 |
+@@ -381,6 +384,9 @@ static int match_mnt(struct aa_profile *profile, const struct path *path, |
1525 |
+ AA_BUG(!profile); |
1526 |
+ AA_BUG(devpath && !devbuffer); |
1527 |
+ |
1528 |
++ if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) |
1529 |
++ return 0; |
1530 |
++ |
1531 |
+ if (devpath) { |
1532 |
+ error = aa_path_name(devpath, path_flags(profile, devpath), |
1533 |
+ devbuffer, &devname, &info, |
1534 |
+@@ -559,6 +565,9 @@ static int profile_umount(struct aa_profile *profile, struct path *path, |
1535 |
+ AA_BUG(!profile); |
1536 |
+ AA_BUG(!path); |
1537 |
+ |
1538 |
++ if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) |
1539 |
++ return 0; |
1540 |
++ |
1541 |
+ error = aa_path_name(path, path_flags(profile, path), buffer, &name, |
1542 |
+ &info, profile->disconnected); |
1543 |
+ if (error) |
1544 |
+@@ -614,7 +623,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile, |
1545 |
+ AA_BUG(!new_path); |
1546 |
+ AA_BUG(!old_path); |
1547 |
+ |
1548 |
+- if (profile_unconfined(profile)) |
1549 |
++ if (profile_unconfined(profile) || |
1550 |
++ !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) |
1551 |
+ return aa_get_newest_label(&profile->label); |
1552 |
+ |
1553 |
+ error = aa_path_name(old_path, path_flags(profile, old_path), |